QA: keep matrix plugin installable

2026-05-06 13:50:49 +00:00 · 2026-04-14 14:03:55 -04:00
parent eb64a8a60d
commit ff1c6298db
2 changed files with 32 additions and 26 deletions
--- a/extensions/qa-matrix/src/docker-runtime.ts
+++ b/extensions/qa-matrix/src/docker-runtime.ts
@@ -1,5 +1,5 @@
-import { execFile } from "node:child_process";
 import { createServer } from "node:net";
+import { runExec } from "openclaw/plugin-sdk/process-runtime";
 import { fetchWithSsrFGuard } from "openclaw/plugin-sdk/ssrf-runtime";

 export type RunCommand = (
@@ -85,32 +85,23 @@ function trimCommandOutput(output: string) {
 }

 export async function execCommand(command: string, args: string[], cwd: string) {
-  return await new Promise<{ stdout: string; stderr: string }>((resolve, reject) => {
-    execFile(
-      command,
-      args,
-      { cwd, encoding: "utf8", maxBuffer: 10 * 1024 * 1024 },
-      (error, stdout, stderr) => {
-        if (error) {
-          const renderedStdout = trimCommandOutput(stdout);
-          const renderedStderr = trimCommandOutput(stderr);
-          reject(
-            new Error(
-              [
-                `Command failed: ${[command, ...args].join(" ")}`,
-                renderedStderr ? `stderr:\n${renderedStderr}` : "",
-                renderedStdout ? `stdout:\n${renderedStdout}` : "",
-              ]
-                .filter(Boolean)
-                .join("\n\n"),
-            ),
-          );
-          return;
-        }
-        resolve({ stdout, stderr });
-      },
+  try {
+    return await runExec(command, args, { cwd, maxBuffer: 10 * 1024 * 1024 });
+  } catch (error) {
+    const failedProcess = error as Error & { stdout?: string; stderr?: string };
+    const renderedStdout = trimCommandOutput(failedProcess.stdout ?? "");
+    const renderedStderr = trimCommandOutput(failedProcess.stderr ?? "");
+    throw new Error(
+      [
+        `Command failed: ${[command, ...args].join(" ")}`,
+        renderedStderr ? `stderr:\n${renderedStderr}` : "",
+        renderedStdout ? `stdout:\n${renderedStdout}` : "",
+      ]
+        .filter(Boolean)
+        .join("\n\n"),
+      { cause: error },
    );
-  });
+  }
 }

 export async function waitForHealth(
--- a/src/plugins/install.test.ts
+++ b/src/plugins/install.test.ts
@@ -1427,6 +1427,21 @@ describe("installPluginFromArchive", () => {
    ).toBe(true);
  });

+  it("does not flag the real qa-matrix plugin as dangerous install code", async () => {
+    const pluginDir = path.resolve(process.cwd(), "extensions", "qa-matrix");
+
+    const scanResult = await installSecurityScan.scanPackageInstallSource({
+      extensions: ["./index.ts"],
+      logger: { warn: vi.fn() },
+      packageDir: pluginDir,
+      pluginId: "qa-matrix",
+      packageName: "@openclaw/qa-matrix",
+      manifestId: "qa-matrix",
+    });
+
+    expect(scanResult?.blocked).toBeUndefined();
+  });
+
  it("keeps blocked dependency package checks active when forced unsafe install is set", async () => {
    const { pluginDir, extensionsDir } = setupPluginInstallDirs();