mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-29 19:01:44 +00:00
7cc86e9685
* fix(plugins): resolve sdk alias from import.meta.url for external plugins When a plugin is installed outside the openclaw package (e.g. ~/.openclaw/extensions/), resolveLoaderPluginSdkPackageRoot() fails to locate the openclaw root via cwd or argv1 hints, resulting in an empty alias map. Jiti then cannot resolve openclaw/plugin-sdk/* imports and the plugin fails to load with "Cannot find module". Since sdk-alias.ts is always compiled into the openclaw package itself, import.meta.url reliably points inside the installation directory. Add it as an unconditional fallback in resolveLoaderPluginSdkPackageRoot() so external plugins can always resolve the plugin SDK. Fixes: Error: Cannot find module 'openclaw/plugin-sdk/plugin-entry' * fix(plugins): pass loader moduleUrl to resolve sdk alias for external plugins The previous approach of adding import.meta.url as an unconditional fallback inside resolveLoaderPluginSdkPackageRoot() broke test isolation: tests that expected null from untrusted fixtures started finding the real openclaw root. Revert that and instead thread an optional moduleUrl through buildPluginLoaderAliasMap → resolvePluginSdkScopedAliasMap → listPluginSdkExportedSubpaths → resolveLoaderPluginSdkPackageRoot. loader.ts passes its own import.meta.url as the hint, which is always inside the openclaw installation. This guarantees the sdk alias map is built correctly even when argv1 does not resolve to the openclaw root (e.g. single-binary distributions, custom launchers, or Docker images where the binary wrapper is not a standard npm symlink). Tests that call sdk-alias helpers directly without moduleUrl are unaffected and continue to enforce the existing isolation semantics. A new test covers the moduleUrl resolution path explicitly. * fix(plugins): use existing fixture file for moduleUrl hint in test The previous test pointed loaderModuleUrl to dist/plugins/loader.js which is not created by createPluginSdkAliasFixture, causing resolution to fall back to the real openclaw root instead of the fixture root. Use fixture.root/openclaw.mjs (created by the bin+marker fixture) so the moduleUrl hint reliably resolves to the fixture package root. * fix(test): use fixture.root as cwd in external plugin alias test When process.cwd() is mocked to the external plugin dir, the findNearestPluginSdkPackageRoot(process.cwd()) fallback resolves to the real openclaw repo root in the CI test runner, making the test resolve the wrong aliases. Using fixture.root as cwd ensures all resolution paths consistently point to the fixture. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(release): add plugin-sdk:check-exports to release:check plugin-sdk subpath exports (e.g. openclaw/plugin-sdk/plugin-entry, openclaw/plugin-sdk/provider-auth) were missing from the published package.json, causing external plugins to fail at load time with 'Cannot find module openclaw/plugin-sdk/plugin-entry'. Root cause: sync-plugin-sdk-exports.mjs syncs plugin-sdk-entrypoints.json into package.json exports, but this sync was never validated in the release:check pipeline. As a result, any drift between plugin-sdk-entrypoints.json and the published package.json goes undetected until users hit the runtime error. Fix: add plugin-sdk:check-exports to release:check so the CI gate fails loudly if the exports are out of sync before publishing. * fix(test): isolate moduleUrl hint test from process.cwd() fallback Use externalPluginRoot as cwd instead of fixture.root, so only the moduleUrl hint can resolve the openclaw package root. Previously, withCwd(fixture.root) allowed the process.cwd() fallback to also resolve the fixture root, making the moduleUrl path untested. Spotted by greptile-apps review on #54283. * fix(test): use empty string to disable argv1 in moduleUrl hint test Passing undefined for argv1 in buildPluginLoaderAliasMap triggers the STARTUP_ARGV1 default (process.argv[1], the vitest runner binary inside the openclaw repo). resolveTrustedOpenClawRootFromArgvHint then resolves to the real openclaw root before the moduleUrl hint is checked, making the test resolve wrong aliases. Pass "" instead: falsy so the hint is skipped, but does not trigger the default parameter value. Only the moduleUrl can bridge the gap. Made-with: Cursor * fix(plugins): thread moduleUrl through SDK alias resolution for external plugins (#54283) Thanks @xieyongliang --------- Co-authored-by: bojsun <bojie.sun@bytedance.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Jerry <jerry@JerrydeMacBook-Air-2.local> Co-authored-by: yongliang.xie <yongliang.xie@bytedance.com> Co-authored-by: George Zhang <georgezhangtj97@gmail.com>
1290 lines
42 KiB
TypeScript
1290 lines
42 KiB
TypeScript
import fs from "node:fs";
|
|
import path from "node:path";
|
|
import { createJiti } from "jiti";
|
|
import type { ChannelPlugin } from "../channels/plugins/types.js";
|
|
import { isChannelConfigured } from "../config/channel-configured.js";
|
|
import type { OpenClawConfig } from "../config/config.js";
|
|
import type { PluginInstallRecord } from "../config/types.plugins.js";
|
|
import type { GatewayRequestHandler } from "../gateway/server-methods/types.js";
|
|
import { openBoundaryFileSync } from "../infra/boundary-file-read.js";
|
|
import { createSubsystemLogger } from "../logging/subsystem.js";
|
|
import {
|
|
clearMemoryPromptSection,
|
|
getMemoryPromptSectionBuilder,
|
|
restoreMemoryPromptSection,
|
|
} from "../memory/prompt-section.js";
|
|
import { resolveUserPath } from "../utils.js";
|
|
import { inspectBundleMcpRuntimeSupport } from "./bundle-mcp.js";
|
|
import { clearPluginCommands } from "./command-registry-state.js";
|
|
import {
|
|
applyTestPluginDefaults,
|
|
normalizePluginsConfig,
|
|
resolveEffectiveEnableState,
|
|
resolveMemorySlotDecision,
|
|
type NormalizedPluginsConfig,
|
|
} from "./config-state.js";
|
|
import { discoverOpenClawPlugins } from "./discovery.js";
|
|
import { initializeGlobalHookRunner } from "./hook-runner-global.js";
|
|
import { clearPluginInteractiveHandlers } from "./interactive.js";
|
|
import { loadPluginManifestRegistry } from "./manifest-registry.js";
|
|
import { isPathInside, safeStatSync } from "./path-safety.js";
|
|
import { createPluginRegistry, type PluginRecord, type PluginRegistry } from "./registry.js";
|
|
import { resolvePluginCacheInputs } from "./roots.js";
|
|
import { setActivePluginRegistry } from "./runtime.js";
|
|
import type { CreatePluginRuntimeOptions } from "./runtime/index.js";
|
|
import type { PluginRuntime } from "./runtime/types.js";
|
|
import { validateJsonSchemaValue } from "./schema-validator.js";
|
|
import {
|
|
buildPluginLoaderAliasMap,
|
|
buildPluginLoaderJitiOptions,
|
|
listPluginSdkAliasCandidates,
|
|
listPluginSdkExportedSubpaths,
|
|
resolveExtensionApiAlias,
|
|
resolvePluginSdkAliasCandidateOrder,
|
|
resolvePluginSdkAliasFile,
|
|
resolvePluginRuntimeModulePath,
|
|
resolvePluginSdkScopedAliasMap,
|
|
shouldPreferNativeJiti,
|
|
} from "./sdk-alias.js";
|
|
import type {
|
|
OpenClawPluginDefinition,
|
|
OpenClawPluginModule,
|
|
PluginDiagnostic,
|
|
PluginBundleFormat,
|
|
PluginFormat,
|
|
PluginLogger,
|
|
} from "./types.js";
|
|
|
|
export type PluginLoadResult = PluginRegistry;
|
|
|
|
export type PluginLoadOptions = {
|
|
config?: OpenClawConfig;
|
|
workspaceDir?: string;
|
|
// Allows callers to resolve plugin roots and load paths against an explicit env
|
|
// instead of the process-global environment.
|
|
env?: NodeJS.ProcessEnv;
|
|
logger?: PluginLogger;
|
|
coreGatewayHandlers?: Record<string, GatewayRequestHandler>;
|
|
runtimeOptions?: CreatePluginRuntimeOptions;
|
|
cache?: boolean;
|
|
mode?: "full" | "validate";
|
|
onlyPluginIds?: string[];
|
|
includeSetupOnlyChannelPlugins?: boolean;
|
|
/**
|
|
* Prefer `setupEntry` for configured channel plugins that explicitly opt in
|
|
* via package metadata because their setup entry covers the pre-listen startup surface.
|
|
*/
|
|
preferSetupRuntimeForChannelPlugins?: boolean;
|
|
activate?: boolean;
|
|
throwOnLoadError?: boolean;
|
|
};
|
|
|
|
export class PluginLoadFailureError extends Error {
|
|
readonly pluginIds: string[];
|
|
readonly registry: PluginRegistry;
|
|
|
|
constructor(registry: PluginRegistry) {
|
|
const failedPlugins = registry.plugins.filter((entry) => entry.status === "error");
|
|
const summary = failedPlugins
|
|
.map((entry) => `${entry.id}: ${entry.error ?? "unknown plugin load error"}`)
|
|
.join("; ");
|
|
super(`plugin load failed: ${summary}`);
|
|
this.name = "PluginLoadFailureError";
|
|
this.pluginIds = failedPlugins.map((entry) => entry.id);
|
|
this.registry = registry;
|
|
}
|
|
}
|
|
|
|
type CachedPluginState = {
|
|
registry: PluginRegistry;
|
|
memoryPromptBuilder: ReturnType<typeof getMemoryPromptSectionBuilder>;
|
|
};
|
|
|
|
const MAX_PLUGIN_REGISTRY_CACHE_ENTRIES = 128;
|
|
let pluginRegistryCacheEntryCap = MAX_PLUGIN_REGISTRY_CACHE_ENTRIES;
|
|
const registryCache = new Map<string, CachedPluginState>();
|
|
const openAllowlistWarningCache = new Set<string>();
|
|
const LAZY_RUNTIME_REFLECTION_KEYS = [
|
|
"version",
|
|
"config",
|
|
"agent",
|
|
"subagent",
|
|
"system",
|
|
"media",
|
|
"tts",
|
|
"stt",
|
|
"tools",
|
|
"channel",
|
|
"events",
|
|
"logging",
|
|
"state",
|
|
"modelAuth",
|
|
] as const satisfies readonly (keyof PluginRuntime)[];
|
|
|
|
export function clearPluginLoaderCache(): void {
|
|
registryCache.clear();
|
|
openAllowlistWarningCache.clear();
|
|
clearMemoryPromptSection();
|
|
}
|
|
|
|
const defaultLogger = () => createSubsystemLogger("plugins");
|
|
|
|
export const __testing = {
|
|
buildPluginLoaderJitiOptions,
|
|
buildPluginLoaderAliasMap,
|
|
listPluginSdkAliasCandidates,
|
|
listPluginSdkExportedSubpaths,
|
|
resolveExtensionApiAlias,
|
|
resolvePluginSdkScopedAliasMap,
|
|
resolvePluginSdkAliasCandidateOrder,
|
|
resolvePluginSdkAliasFile,
|
|
resolvePluginRuntimeModulePath,
|
|
shouldPreferNativeJiti,
|
|
get maxPluginRegistryCacheEntries() {
|
|
return pluginRegistryCacheEntryCap;
|
|
},
|
|
setMaxPluginRegistryCacheEntriesForTest(value?: number) {
|
|
pluginRegistryCacheEntryCap =
|
|
typeof value === "number" && Number.isFinite(value) && value > 0
|
|
? Math.max(1, Math.floor(value))
|
|
: MAX_PLUGIN_REGISTRY_CACHE_ENTRIES;
|
|
},
|
|
};
|
|
|
|
function getCachedPluginRegistry(cacheKey: string): CachedPluginState | undefined {
|
|
const cached = registryCache.get(cacheKey);
|
|
if (!cached) {
|
|
return undefined;
|
|
}
|
|
// Refresh insertion order so frequently reused registries survive eviction.
|
|
registryCache.delete(cacheKey);
|
|
registryCache.set(cacheKey, cached);
|
|
return cached;
|
|
}
|
|
|
|
function setCachedPluginRegistry(cacheKey: string, state: CachedPluginState): void {
|
|
if (registryCache.has(cacheKey)) {
|
|
registryCache.delete(cacheKey);
|
|
}
|
|
registryCache.set(cacheKey, state);
|
|
while (registryCache.size > pluginRegistryCacheEntryCap) {
|
|
const oldestKey = registryCache.keys().next().value;
|
|
if (!oldestKey) {
|
|
break;
|
|
}
|
|
registryCache.delete(oldestKey);
|
|
}
|
|
}
|
|
|
|
function buildCacheKey(params: {
|
|
workspaceDir?: string;
|
|
plugins: NormalizedPluginsConfig;
|
|
installs?: Record<string, PluginInstallRecord>;
|
|
env: NodeJS.ProcessEnv;
|
|
onlyPluginIds?: string[];
|
|
includeSetupOnlyChannelPlugins?: boolean;
|
|
preferSetupRuntimeForChannelPlugins?: boolean;
|
|
runtimeSubagentMode?: "default" | "explicit" | "gateway-bindable";
|
|
}): string {
|
|
const { roots, loadPaths } = resolvePluginCacheInputs({
|
|
workspaceDir: params.workspaceDir,
|
|
loadPaths: params.plugins.loadPaths,
|
|
env: params.env,
|
|
});
|
|
const installs = Object.fromEntries(
|
|
Object.entries(params.installs ?? {}).map(([pluginId, install]) => [
|
|
pluginId,
|
|
{
|
|
...install,
|
|
installPath:
|
|
typeof install.installPath === "string"
|
|
? resolveUserPath(install.installPath, params.env)
|
|
: install.installPath,
|
|
sourcePath:
|
|
typeof install.sourcePath === "string"
|
|
? resolveUserPath(install.sourcePath, params.env)
|
|
: install.sourcePath,
|
|
},
|
|
]),
|
|
);
|
|
const scopeKey = JSON.stringify(params.onlyPluginIds ?? []);
|
|
const setupOnlyKey = params.includeSetupOnlyChannelPlugins === true ? "setup-only" : "runtime";
|
|
const startupChannelMode =
|
|
params.preferSetupRuntimeForChannelPlugins === true ? "prefer-setup" : "full";
|
|
return `${roots.workspace ?? ""}::${roots.global ?? ""}::${roots.stock ?? ""}::${JSON.stringify({
|
|
...params.plugins,
|
|
installs,
|
|
loadPaths,
|
|
})}::${scopeKey}::${setupOnlyKey}::${startupChannelMode}::${params.runtimeSubagentMode ?? "default"}`;
|
|
}
|
|
|
|
function normalizeScopedPluginIds(ids?: string[]): string[] | undefined {
|
|
if (!ids) {
|
|
return undefined;
|
|
}
|
|
const normalized = Array.from(new Set(ids.map((id) => id.trim()).filter(Boolean))).toSorted();
|
|
return normalized.length > 0 ? normalized : undefined;
|
|
}
|
|
|
|
function validatePluginConfig(params: {
|
|
schema?: Record<string, unknown>;
|
|
cacheKey?: string;
|
|
value?: unknown;
|
|
}): { ok: boolean; value?: Record<string, unknown>; errors?: string[] } {
|
|
const schema = params.schema;
|
|
if (!schema) {
|
|
return { ok: true, value: params.value as Record<string, unknown> | undefined };
|
|
}
|
|
const cacheKey = params.cacheKey ?? JSON.stringify(schema);
|
|
const result = validateJsonSchemaValue({
|
|
schema,
|
|
cacheKey,
|
|
value: params.value ?? {},
|
|
});
|
|
if (result.ok) {
|
|
return { ok: true, value: params.value as Record<string, unknown> | undefined };
|
|
}
|
|
return { ok: false, errors: result.errors.map((error) => error.text) };
|
|
}
|
|
|
|
function resolvePluginModuleExport(moduleExport: unknown): {
|
|
definition?: OpenClawPluginDefinition;
|
|
register?: OpenClawPluginDefinition["register"];
|
|
} {
|
|
const resolved =
|
|
moduleExport &&
|
|
typeof moduleExport === "object" &&
|
|
"default" in (moduleExport as Record<string, unknown>)
|
|
? (moduleExport as { default: unknown }).default
|
|
: moduleExport;
|
|
if (typeof resolved === "function") {
|
|
return {
|
|
register: resolved as OpenClawPluginDefinition["register"],
|
|
};
|
|
}
|
|
if (resolved && typeof resolved === "object") {
|
|
const def = resolved as OpenClawPluginDefinition;
|
|
const register = def.register ?? def.activate;
|
|
return { definition: def, register };
|
|
}
|
|
return {};
|
|
}
|
|
|
|
function resolveSetupChannelRegistration(moduleExport: unknown): {
|
|
plugin?: ChannelPlugin;
|
|
} {
|
|
const resolved =
|
|
moduleExport &&
|
|
typeof moduleExport === "object" &&
|
|
"default" in (moduleExport as Record<string, unknown>)
|
|
? (moduleExport as { default: unknown }).default
|
|
: moduleExport;
|
|
if (!resolved || typeof resolved !== "object") {
|
|
return {};
|
|
}
|
|
const setup = resolved as {
|
|
plugin?: unknown;
|
|
};
|
|
if (!setup.plugin || typeof setup.plugin !== "object") {
|
|
return {};
|
|
}
|
|
return {
|
|
plugin: setup.plugin as ChannelPlugin,
|
|
};
|
|
}
|
|
|
|
function shouldLoadChannelPluginInSetupRuntime(params: {
|
|
manifestChannels: string[];
|
|
setupSource?: string;
|
|
startupDeferConfiguredChannelFullLoadUntilAfterListen?: boolean;
|
|
cfg: OpenClawConfig;
|
|
env: NodeJS.ProcessEnv;
|
|
preferSetupRuntimeForChannelPlugins?: boolean;
|
|
}): boolean {
|
|
if (!params.setupSource || params.manifestChannels.length === 0) {
|
|
return false;
|
|
}
|
|
if (
|
|
params.preferSetupRuntimeForChannelPlugins &&
|
|
params.startupDeferConfiguredChannelFullLoadUntilAfterListen === true
|
|
) {
|
|
return true;
|
|
}
|
|
return !params.manifestChannels.some((channelId) =>
|
|
isChannelConfigured(params.cfg, channelId, params.env),
|
|
);
|
|
}
|
|
|
|
function createPluginRecord(params: {
|
|
id: string;
|
|
name?: string;
|
|
description?: string;
|
|
version?: string;
|
|
format?: PluginFormat;
|
|
bundleFormat?: PluginBundleFormat;
|
|
bundleCapabilities?: string[];
|
|
source: string;
|
|
rootDir?: string;
|
|
origin: PluginRecord["origin"];
|
|
workspaceDir?: string;
|
|
enabled: boolean;
|
|
configSchema: boolean;
|
|
}): PluginRecord {
|
|
return {
|
|
id: params.id,
|
|
name: params.name ?? params.id,
|
|
description: params.description,
|
|
version: params.version,
|
|
format: params.format ?? "openclaw",
|
|
bundleFormat: params.bundleFormat,
|
|
bundleCapabilities: params.bundleCapabilities,
|
|
source: params.source,
|
|
rootDir: params.rootDir,
|
|
origin: params.origin,
|
|
workspaceDir: params.workspaceDir,
|
|
enabled: params.enabled,
|
|
status: params.enabled ? "loaded" : "disabled",
|
|
toolNames: [],
|
|
hookNames: [],
|
|
channelIds: [],
|
|
providerIds: [],
|
|
speechProviderIds: [],
|
|
mediaUnderstandingProviderIds: [],
|
|
imageGenerationProviderIds: [],
|
|
webSearchProviderIds: [],
|
|
gatewayMethods: [],
|
|
cliCommands: [],
|
|
services: [],
|
|
commands: [],
|
|
httpRoutes: 0,
|
|
hookCount: 0,
|
|
configSchema: params.configSchema,
|
|
configUiHints: undefined,
|
|
configJsonSchema: undefined,
|
|
};
|
|
}
|
|
|
|
function recordPluginError(params: {
|
|
logger: PluginLogger;
|
|
registry: PluginRegistry;
|
|
record: PluginRecord;
|
|
seenIds: Map<string, PluginRecord["origin"]>;
|
|
pluginId: string;
|
|
origin: PluginRecord["origin"];
|
|
error: unknown;
|
|
logPrefix: string;
|
|
diagnosticMessagePrefix: string;
|
|
}) {
|
|
const errorText =
|
|
process.env.OPENCLAW_PLUGIN_LOADER_DEBUG_STACKS === "1" &&
|
|
params.error instanceof Error &&
|
|
typeof params.error.stack === "string"
|
|
? params.error.stack
|
|
: String(params.error);
|
|
const deprecatedApiHint =
|
|
errorText.includes("api.registerHttpHandler") && errorText.includes("is not a function")
|
|
? "deprecated api.registerHttpHandler(...) was removed; use api.registerHttpRoute(...) for plugin-owned routes or registerPluginHttpRoute(...) for dynamic lifecycle routes"
|
|
: null;
|
|
const displayError = deprecatedApiHint ? `${deprecatedApiHint} (${errorText})` : errorText;
|
|
params.logger.error(`${params.logPrefix}${displayError}`);
|
|
params.record.status = "error";
|
|
params.record.error = displayError;
|
|
params.registry.plugins.push(params.record);
|
|
params.seenIds.set(params.pluginId, params.origin);
|
|
params.registry.diagnostics.push({
|
|
level: "error",
|
|
pluginId: params.record.id,
|
|
source: params.record.source,
|
|
message: `${params.diagnosticMessagePrefix}${displayError}`,
|
|
});
|
|
}
|
|
|
|
function pushDiagnostics(diagnostics: PluginDiagnostic[], append: PluginDiagnostic[]) {
|
|
diagnostics.push(...append);
|
|
}
|
|
|
|
function maybeThrowOnPluginLoadError(
|
|
registry: PluginRegistry,
|
|
throwOnLoadError: boolean | undefined,
|
|
): void {
|
|
if (!throwOnLoadError) {
|
|
return;
|
|
}
|
|
if (!registry.plugins.some((entry) => entry.status === "error")) {
|
|
return;
|
|
}
|
|
throw new PluginLoadFailureError(registry);
|
|
}
|
|
|
|
type PathMatcher = {
|
|
exact: Set<string>;
|
|
dirs: string[];
|
|
};
|
|
|
|
type InstallTrackingRule = {
|
|
trackedWithoutPaths: boolean;
|
|
matcher: PathMatcher;
|
|
};
|
|
|
|
type PluginProvenanceIndex = {
|
|
loadPathMatcher: PathMatcher;
|
|
installRules: Map<string, InstallTrackingRule>;
|
|
};
|
|
|
|
function createPathMatcher(): PathMatcher {
|
|
return { exact: new Set<string>(), dirs: [] };
|
|
}
|
|
|
|
function addPathToMatcher(
|
|
matcher: PathMatcher,
|
|
rawPath: string,
|
|
env: NodeJS.ProcessEnv = process.env,
|
|
): void {
|
|
const trimmed = rawPath.trim();
|
|
if (!trimmed) {
|
|
return;
|
|
}
|
|
const resolved = resolveUserPath(trimmed, env);
|
|
if (!resolved) {
|
|
return;
|
|
}
|
|
if (matcher.exact.has(resolved) || matcher.dirs.includes(resolved)) {
|
|
return;
|
|
}
|
|
const stat = safeStatSync(resolved);
|
|
if (stat?.isDirectory()) {
|
|
matcher.dirs.push(resolved);
|
|
return;
|
|
}
|
|
matcher.exact.add(resolved);
|
|
}
|
|
|
|
function matchesPathMatcher(matcher: PathMatcher, sourcePath: string): boolean {
|
|
if (matcher.exact.has(sourcePath)) {
|
|
return true;
|
|
}
|
|
return matcher.dirs.some((dirPath) => isPathInside(dirPath, sourcePath));
|
|
}
|
|
|
|
function buildProvenanceIndex(params: {
|
|
config: OpenClawConfig;
|
|
normalizedLoadPaths: string[];
|
|
env: NodeJS.ProcessEnv;
|
|
}): PluginProvenanceIndex {
|
|
const loadPathMatcher = createPathMatcher();
|
|
for (const loadPath of params.normalizedLoadPaths) {
|
|
addPathToMatcher(loadPathMatcher, loadPath, params.env);
|
|
}
|
|
|
|
const installRules = new Map<string, InstallTrackingRule>();
|
|
const installs = params.config.plugins?.installs ?? {};
|
|
for (const [pluginId, install] of Object.entries(installs)) {
|
|
const rule: InstallTrackingRule = {
|
|
trackedWithoutPaths: false,
|
|
matcher: createPathMatcher(),
|
|
};
|
|
const trackedPaths = [install.installPath, install.sourcePath]
|
|
.map((entry) => (typeof entry === "string" ? entry.trim() : ""))
|
|
.filter(Boolean);
|
|
if (trackedPaths.length === 0) {
|
|
rule.trackedWithoutPaths = true;
|
|
} else {
|
|
for (const trackedPath of trackedPaths) {
|
|
addPathToMatcher(rule.matcher, trackedPath, params.env);
|
|
}
|
|
}
|
|
installRules.set(pluginId, rule);
|
|
}
|
|
|
|
return { loadPathMatcher, installRules };
|
|
}
|
|
|
|
function isTrackedByProvenance(params: {
|
|
pluginId: string;
|
|
source: string;
|
|
index: PluginProvenanceIndex;
|
|
env: NodeJS.ProcessEnv;
|
|
}): boolean {
|
|
const sourcePath = resolveUserPath(params.source, params.env);
|
|
const installRule = params.index.installRules.get(params.pluginId);
|
|
if (installRule) {
|
|
if (installRule.trackedWithoutPaths) {
|
|
return true;
|
|
}
|
|
if (matchesPathMatcher(installRule.matcher, sourcePath)) {
|
|
return true;
|
|
}
|
|
}
|
|
return matchesPathMatcher(params.index.loadPathMatcher, sourcePath);
|
|
}
|
|
|
|
function matchesExplicitInstallRule(params: {
|
|
pluginId: string;
|
|
source: string;
|
|
index: PluginProvenanceIndex;
|
|
env: NodeJS.ProcessEnv;
|
|
}): boolean {
|
|
const sourcePath = resolveUserPath(params.source, params.env);
|
|
const installRule = params.index.installRules.get(params.pluginId);
|
|
if (!installRule || installRule.trackedWithoutPaths) {
|
|
return false;
|
|
}
|
|
return matchesPathMatcher(installRule.matcher, sourcePath);
|
|
}
|
|
|
|
function resolveCandidateDuplicateRank(params: {
|
|
candidate: ReturnType<typeof discoverOpenClawPlugins>["candidates"][number];
|
|
manifestByRoot: Map<string, ReturnType<typeof loadPluginManifestRegistry>["plugins"][number]>;
|
|
provenance: PluginProvenanceIndex;
|
|
env: NodeJS.ProcessEnv;
|
|
}): number {
|
|
const manifestRecord = params.manifestByRoot.get(params.candidate.rootDir);
|
|
const pluginId = manifestRecord?.id;
|
|
const isExplicitInstall =
|
|
params.candidate.origin === "global" &&
|
|
pluginId !== undefined &&
|
|
matchesExplicitInstallRule({
|
|
pluginId,
|
|
source: params.candidate.source,
|
|
index: params.provenance,
|
|
env: params.env,
|
|
});
|
|
|
|
if (params.candidate.origin === "config") {
|
|
return 0;
|
|
}
|
|
if (params.candidate.origin === "global" && isExplicitInstall) {
|
|
return 1;
|
|
}
|
|
if (params.candidate.origin === "bundled") {
|
|
// Bundled plugin ids stay reserved unless the operator configured an override.
|
|
return 2;
|
|
}
|
|
if (params.candidate.origin === "workspace") {
|
|
return 3;
|
|
}
|
|
return 4;
|
|
}
|
|
|
|
function compareDuplicateCandidateOrder(params: {
|
|
left: ReturnType<typeof discoverOpenClawPlugins>["candidates"][number];
|
|
right: ReturnType<typeof discoverOpenClawPlugins>["candidates"][number];
|
|
manifestByRoot: Map<string, ReturnType<typeof loadPluginManifestRegistry>["plugins"][number]>;
|
|
provenance: PluginProvenanceIndex;
|
|
env: NodeJS.ProcessEnv;
|
|
}): number {
|
|
const leftPluginId = params.manifestByRoot.get(params.left.rootDir)?.id;
|
|
const rightPluginId = params.manifestByRoot.get(params.right.rootDir)?.id;
|
|
if (!leftPluginId || leftPluginId !== rightPluginId) {
|
|
return 0;
|
|
}
|
|
return (
|
|
resolveCandidateDuplicateRank({
|
|
candidate: params.left,
|
|
manifestByRoot: params.manifestByRoot,
|
|
provenance: params.provenance,
|
|
env: params.env,
|
|
}) -
|
|
resolveCandidateDuplicateRank({
|
|
candidate: params.right,
|
|
manifestByRoot: params.manifestByRoot,
|
|
provenance: params.provenance,
|
|
env: params.env,
|
|
})
|
|
);
|
|
}
|
|
|
|
function warnWhenAllowlistIsOpen(params: {
|
|
logger: PluginLogger;
|
|
pluginsEnabled: boolean;
|
|
allow: string[];
|
|
warningCacheKey: string;
|
|
discoverablePlugins: Array<{ id: string; source: string; origin: PluginRecord["origin"] }>;
|
|
}) {
|
|
if (!params.pluginsEnabled) {
|
|
return;
|
|
}
|
|
if (params.allow.length > 0) {
|
|
return;
|
|
}
|
|
const nonBundled = params.discoverablePlugins.filter((entry) => entry.origin !== "bundled");
|
|
if (nonBundled.length === 0) {
|
|
return;
|
|
}
|
|
if (openAllowlistWarningCache.has(params.warningCacheKey)) {
|
|
return;
|
|
}
|
|
const preview = nonBundled
|
|
.slice(0, 6)
|
|
.map((entry) => `${entry.id} (${entry.source})`)
|
|
.join(", ");
|
|
const extra = nonBundled.length > 6 ? ` (+${nonBundled.length - 6} more)` : "";
|
|
openAllowlistWarningCache.add(params.warningCacheKey);
|
|
params.logger.warn(
|
|
`[plugins] plugins.allow is empty; discovered non-bundled plugins may auto-load: ${preview}${extra}. Set plugins.allow to explicit trusted ids.`,
|
|
);
|
|
}
|
|
|
|
function warnAboutUntrackedLoadedPlugins(params: {
|
|
registry: PluginRegistry;
|
|
provenance: PluginProvenanceIndex;
|
|
logger: PluginLogger;
|
|
env: NodeJS.ProcessEnv;
|
|
}) {
|
|
for (const plugin of params.registry.plugins) {
|
|
if (plugin.status !== "loaded" || plugin.origin === "bundled") {
|
|
continue;
|
|
}
|
|
if (
|
|
isTrackedByProvenance({
|
|
pluginId: plugin.id,
|
|
source: plugin.source,
|
|
index: params.provenance,
|
|
env: params.env,
|
|
})
|
|
) {
|
|
continue;
|
|
}
|
|
const message =
|
|
"loaded without install/load-path provenance; treat as untracked local code and pin trust via plugins.allow or install records";
|
|
params.registry.diagnostics.push({
|
|
level: "warn",
|
|
pluginId: plugin.id,
|
|
source: plugin.source,
|
|
message,
|
|
});
|
|
params.logger.warn(`[plugins] ${plugin.id}: ${message} (${plugin.source})`);
|
|
}
|
|
}
|
|
|
|
function activatePluginRegistry(registry: PluginRegistry, cacheKey: string): void {
|
|
setActivePluginRegistry(registry, cacheKey);
|
|
initializeGlobalHookRunner(registry);
|
|
}
|
|
|
|
export function loadOpenClawPlugins(options: PluginLoadOptions = {}): PluginRegistry {
|
|
// Snapshot (non-activating) loads must disable the cache to avoid storing a registry
|
|
// whose commands were never globally registered.
|
|
if (options.activate === false && options.cache !== false) {
|
|
throw new Error(
|
|
"loadOpenClawPlugins: activate:false requires cache:false to prevent command registry divergence",
|
|
);
|
|
}
|
|
const env = options.env ?? process.env;
|
|
// Test env: default-disable plugins unless explicitly configured.
|
|
// This keeps unit/gateway suites fast and avoids loading heavyweight plugin deps by accident.
|
|
const cfg = applyTestPluginDefaults(options.config ?? {}, env);
|
|
const logger = options.logger ?? defaultLogger();
|
|
const validateOnly = options.mode === "validate";
|
|
const normalized = normalizePluginsConfig(cfg.plugins);
|
|
const onlyPluginIds = normalizeScopedPluginIds(options.onlyPluginIds);
|
|
const onlyPluginIdSet = onlyPluginIds ? new Set(onlyPluginIds) : null;
|
|
const includeSetupOnlyChannelPlugins = options.includeSetupOnlyChannelPlugins === true;
|
|
const preferSetupRuntimeForChannelPlugins = options.preferSetupRuntimeForChannelPlugins === true;
|
|
const shouldActivate = options.activate !== false;
|
|
// NOTE: `activate` is intentionally excluded from the cache key. All non-activating
|
|
// (snapshot) callers pass `cache: false` via loadOnboardingPluginRegistry(), so they
|
|
// never read from or write to the cache. Including `activate` here would be misleading
|
|
// — it would imply mixed-activate caching is supported, when in practice it is not.
|
|
const cacheKey = buildCacheKey({
|
|
workspaceDir: options.workspaceDir,
|
|
plugins: normalized,
|
|
installs: cfg.plugins?.installs,
|
|
env,
|
|
onlyPluginIds,
|
|
includeSetupOnlyChannelPlugins,
|
|
preferSetupRuntimeForChannelPlugins,
|
|
runtimeSubagentMode:
|
|
options.runtimeOptions?.allowGatewaySubagentBinding === true
|
|
? "gateway-bindable"
|
|
: options.runtimeOptions?.subagent
|
|
? "explicit"
|
|
: "default",
|
|
});
|
|
const cacheEnabled = options.cache !== false;
|
|
if (cacheEnabled) {
|
|
const cached = getCachedPluginRegistry(cacheKey);
|
|
if (cached) {
|
|
restoreMemoryPromptSection(cached.memoryPromptBuilder);
|
|
if (shouldActivate) {
|
|
activatePluginRegistry(cached.registry, cacheKey);
|
|
}
|
|
return cached.registry;
|
|
}
|
|
}
|
|
|
|
// Clear previously registered plugin state before reloading.
|
|
// Skip for non-activating (snapshot) loads to avoid wiping commands from other plugins.
|
|
if (shouldActivate) {
|
|
clearPluginCommands();
|
|
clearPluginInteractiveHandlers();
|
|
clearMemoryPromptSection();
|
|
}
|
|
|
|
// Lazy: avoid creating the Jiti loader when all plugins are disabled (common in unit tests).
|
|
const jitiLoaders = new Map<string, ReturnType<typeof createJiti>>();
|
|
const getJiti = (modulePath: string) => {
|
|
const tryNative = shouldPreferNativeJiti(modulePath);
|
|
// Pass loader's moduleUrl so the openclaw root can always be resolved even when
|
|
// loading external plugins from outside the installation directory (e.g. ~/.openclaw/extensions/).
|
|
const aliasMap = buildPluginLoaderAliasMap(modulePath, process.argv[1], import.meta.url);
|
|
const cacheKey = JSON.stringify({
|
|
tryNative,
|
|
aliasMap: Object.entries(aliasMap).toSorted(([left], [right]) => left.localeCompare(right)),
|
|
});
|
|
const cached = jitiLoaders.get(cacheKey);
|
|
if (cached) {
|
|
return cached;
|
|
}
|
|
const loader = createJiti(import.meta.url, {
|
|
...buildPluginLoaderJitiOptions(aliasMap),
|
|
// Source .ts runtime shims import sibling ".js" specifiers that only exist
|
|
// after build. Disable native loading for source entries so Jiti rewrites
|
|
// those imports against the source graph, while keeping native dist/*.js
|
|
// loading for the canonical built module graph.
|
|
tryNative,
|
|
});
|
|
jitiLoaders.set(cacheKey, loader);
|
|
return loader;
|
|
};
|
|
|
|
let createPluginRuntimeFactory: ((options?: CreatePluginRuntimeOptions) => PluginRuntime) | null =
|
|
null;
|
|
const resolveCreatePluginRuntime = (): ((
|
|
options?: CreatePluginRuntimeOptions,
|
|
) => PluginRuntime) => {
|
|
if (createPluginRuntimeFactory) {
|
|
return createPluginRuntimeFactory;
|
|
}
|
|
const runtimeModulePath = resolvePluginRuntimeModulePath();
|
|
if (!runtimeModulePath) {
|
|
throw new Error("Unable to resolve plugin runtime module");
|
|
}
|
|
const runtimeModule = getJiti(runtimeModulePath)(runtimeModulePath) as {
|
|
createPluginRuntime?: (options?: CreatePluginRuntimeOptions) => PluginRuntime;
|
|
};
|
|
if (typeof runtimeModule.createPluginRuntime !== "function") {
|
|
throw new Error("Plugin runtime module missing createPluginRuntime export");
|
|
}
|
|
createPluginRuntimeFactory = runtimeModule.createPluginRuntime;
|
|
return createPluginRuntimeFactory;
|
|
};
|
|
|
|
// Lazily initialize the runtime so startup paths that discover/skip plugins do
|
|
// not eagerly load every channel/runtime dependency tree.
|
|
let resolvedRuntime: PluginRuntime | null = null;
|
|
const resolveRuntime = (): PluginRuntime => {
|
|
resolvedRuntime ??= resolveCreatePluginRuntime()(options.runtimeOptions);
|
|
return resolvedRuntime;
|
|
};
|
|
const lazyRuntimeReflectionKeySet = new Set<PropertyKey>(LAZY_RUNTIME_REFLECTION_KEYS);
|
|
const resolveLazyRuntimeDescriptor = (prop: PropertyKey): PropertyDescriptor | undefined => {
|
|
if (!lazyRuntimeReflectionKeySet.has(prop)) {
|
|
return Reflect.getOwnPropertyDescriptor(resolveRuntime() as object, prop);
|
|
}
|
|
return {
|
|
configurable: true,
|
|
enumerable: true,
|
|
get() {
|
|
return Reflect.get(resolveRuntime() as object, prop);
|
|
},
|
|
set(value: unknown) {
|
|
Reflect.set(resolveRuntime() as object, prop, value);
|
|
},
|
|
};
|
|
};
|
|
const runtime = new Proxy({} as PluginRuntime, {
|
|
get(_target, prop, receiver) {
|
|
return Reflect.get(resolveRuntime(), prop, receiver);
|
|
},
|
|
set(_target, prop, value, receiver) {
|
|
return Reflect.set(resolveRuntime(), prop, value, receiver);
|
|
},
|
|
has(_target, prop) {
|
|
return lazyRuntimeReflectionKeySet.has(prop) || Reflect.has(resolveRuntime(), prop);
|
|
},
|
|
ownKeys() {
|
|
return [...LAZY_RUNTIME_REFLECTION_KEYS];
|
|
},
|
|
getOwnPropertyDescriptor(_target, prop) {
|
|
return resolveLazyRuntimeDescriptor(prop);
|
|
},
|
|
defineProperty(_target, prop, attributes) {
|
|
return Reflect.defineProperty(resolveRuntime() as object, prop, attributes);
|
|
},
|
|
deleteProperty(_target, prop) {
|
|
return Reflect.deleteProperty(resolveRuntime() as object, prop);
|
|
},
|
|
getPrototypeOf() {
|
|
return Reflect.getPrototypeOf(resolveRuntime() as object);
|
|
},
|
|
});
|
|
|
|
const { registry, createApi } = createPluginRegistry({
|
|
logger,
|
|
runtime,
|
|
coreGatewayHandlers: options.coreGatewayHandlers as Record<string, GatewayRequestHandler>,
|
|
suppressGlobalCommands: !shouldActivate,
|
|
});
|
|
|
|
const discovery = discoverOpenClawPlugins({
|
|
workspaceDir: options.workspaceDir,
|
|
extraPaths: normalized.loadPaths,
|
|
cache: options.cache,
|
|
env,
|
|
});
|
|
const manifestRegistry = loadPluginManifestRegistry({
|
|
config: cfg,
|
|
workspaceDir: options.workspaceDir,
|
|
cache: options.cache,
|
|
env,
|
|
candidates: discovery.candidates,
|
|
diagnostics: discovery.diagnostics,
|
|
});
|
|
pushDiagnostics(registry.diagnostics, manifestRegistry.diagnostics);
|
|
warnWhenAllowlistIsOpen({
|
|
logger,
|
|
pluginsEnabled: normalized.enabled,
|
|
allow: normalized.allow,
|
|
warningCacheKey: cacheKey,
|
|
// Keep warning input scoped as well so partial snapshot loads only mention the
|
|
// plugins that were intentionally requested for this registry.
|
|
discoverablePlugins: manifestRegistry.plugins
|
|
.filter((plugin) => !onlyPluginIdSet || onlyPluginIdSet.has(plugin.id))
|
|
.map((plugin) => ({
|
|
id: plugin.id,
|
|
source: plugin.source,
|
|
origin: plugin.origin,
|
|
})),
|
|
});
|
|
const provenance = buildProvenanceIndex({
|
|
config: cfg,
|
|
normalizedLoadPaths: normalized.loadPaths,
|
|
env,
|
|
});
|
|
|
|
const manifestByRoot = new Map(
|
|
manifestRegistry.plugins.map((record) => [record.rootDir, record]),
|
|
);
|
|
const orderedCandidates = [...discovery.candidates].toSorted((left, right) => {
|
|
return compareDuplicateCandidateOrder({
|
|
left,
|
|
right,
|
|
manifestByRoot,
|
|
provenance,
|
|
env,
|
|
});
|
|
});
|
|
|
|
const seenIds = new Map<string, PluginRecord["origin"]>();
|
|
const memorySlot = normalized.slots.memory;
|
|
let selectedMemoryPluginId: string | null = null;
|
|
let memorySlotMatched = false;
|
|
|
|
for (const candidate of orderedCandidates) {
|
|
const manifestRecord = manifestByRoot.get(candidate.rootDir);
|
|
if (!manifestRecord) {
|
|
continue;
|
|
}
|
|
const pluginId = manifestRecord.id;
|
|
// Filter again at import time as a final guard. The earlier manifest filter keeps
|
|
// warnings scoped; this one prevents loading/registering anything outside the scope.
|
|
if (onlyPluginIdSet && !onlyPluginIdSet.has(pluginId)) {
|
|
continue;
|
|
}
|
|
const existingOrigin = seenIds.get(pluginId);
|
|
if (existingOrigin) {
|
|
const record = createPluginRecord({
|
|
id: pluginId,
|
|
name: manifestRecord.name ?? pluginId,
|
|
description: manifestRecord.description,
|
|
version: manifestRecord.version,
|
|
format: manifestRecord.format,
|
|
bundleFormat: manifestRecord.bundleFormat,
|
|
bundleCapabilities: manifestRecord.bundleCapabilities,
|
|
source: candidate.source,
|
|
rootDir: candidate.rootDir,
|
|
origin: candidate.origin,
|
|
workspaceDir: candidate.workspaceDir,
|
|
enabled: false,
|
|
configSchema: Boolean(manifestRecord.configSchema),
|
|
});
|
|
record.status = "disabled";
|
|
record.error = `overridden by ${existingOrigin} plugin`;
|
|
registry.plugins.push(record);
|
|
continue;
|
|
}
|
|
|
|
const enableState = resolveEffectiveEnableState({
|
|
id: pluginId,
|
|
origin: candidate.origin,
|
|
config: normalized,
|
|
rootConfig: cfg,
|
|
enabledByDefault: manifestRecord.enabledByDefault,
|
|
});
|
|
const entry = normalized.entries[pluginId];
|
|
const record = createPluginRecord({
|
|
id: pluginId,
|
|
name: manifestRecord.name ?? pluginId,
|
|
description: manifestRecord.description,
|
|
version: manifestRecord.version,
|
|
format: manifestRecord.format,
|
|
bundleFormat: manifestRecord.bundleFormat,
|
|
bundleCapabilities: manifestRecord.bundleCapabilities,
|
|
source: candidate.source,
|
|
rootDir: candidate.rootDir,
|
|
origin: candidate.origin,
|
|
workspaceDir: candidate.workspaceDir,
|
|
enabled: enableState.enabled,
|
|
configSchema: Boolean(manifestRecord.configSchema),
|
|
});
|
|
record.kind = manifestRecord.kind;
|
|
record.configUiHints = manifestRecord.configUiHints;
|
|
record.configJsonSchema = manifestRecord.configSchema;
|
|
const pushPluginLoadError = (message: string) => {
|
|
record.status = "error";
|
|
record.error = message;
|
|
registry.plugins.push(record);
|
|
seenIds.set(pluginId, candidate.origin);
|
|
registry.diagnostics.push({
|
|
level: "error",
|
|
pluginId: record.id,
|
|
source: record.source,
|
|
message: record.error,
|
|
});
|
|
};
|
|
|
|
const registrationMode = enableState.enabled
|
|
? !validateOnly &&
|
|
shouldLoadChannelPluginInSetupRuntime({
|
|
manifestChannels: manifestRecord.channels,
|
|
setupSource: manifestRecord.setupSource,
|
|
startupDeferConfiguredChannelFullLoadUntilAfterListen:
|
|
manifestRecord.startupDeferConfiguredChannelFullLoadUntilAfterListen,
|
|
cfg,
|
|
env,
|
|
preferSetupRuntimeForChannelPlugins,
|
|
})
|
|
? "setup-runtime"
|
|
: "full"
|
|
: includeSetupOnlyChannelPlugins && !validateOnly && manifestRecord.channels.length > 0
|
|
? "setup-only"
|
|
: null;
|
|
|
|
if (!registrationMode) {
|
|
record.status = "disabled";
|
|
record.error = enableState.reason;
|
|
registry.plugins.push(record);
|
|
seenIds.set(pluginId, candidate.origin);
|
|
continue;
|
|
}
|
|
if (!enableState.enabled) {
|
|
record.status = "disabled";
|
|
record.error = enableState.reason;
|
|
}
|
|
|
|
if (record.format === "bundle") {
|
|
const unsupportedCapabilities = (record.bundleCapabilities ?? []).filter(
|
|
(capability) =>
|
|
capability !== "skills" &&
|
|
capability !== "mcpServers" &&
|
|
capability !== "settings" &&
|
|
!(
|
|
(capability === "commands" ||
|
|
capability === "agents" ||
|
|
capability === "outputStyles" ||
|
|
capability === "lspServers") &&
|
|
(record.bundleFormat === "claude" || record.bundleFormat === "cursor")
|
|
) &&
|
|
!(
|
|
capability === "hooks" &&
|
|
(record.bundleFormat === "codex" || record.bundleFormat === "claude")
|
|
),
|
|
);
|
|
for (const capability of unsupportedCapabilities) {
|
|
registry.diagnostics.push({
|
|
level: "warn",
|
|
pluginId: record.id,
|
|
source: record.source,
|
|
message: `bundle capability detected but not wired into OpenClaw yet: ${capability}`,
|
|
});
|
|
}
|
|
if (
|
|
enableState.enabled &&
|
|
record.rootDir &&
|
|
record.bundleFormat &&
|
|
(record.bundleCapabilities ?? []).includes("mcpServers")
|
|
) {
|
|
const runtimeSupport = inspectBundleMcpRuntimeSupport({
|
|
pluginId: record.id,
|
|
rootDir: record.rootDir,
|
|
bundleFormat: record.bundleFormat,
|
|
});
|
|
for (const message of runtimeSupport.diagnostics) {
|
|
registry.diagnostics.push({
|
|
level: "warn",
|
|
pluginId: record.id,
|
|
source: record.source,
|
|
message,
|
|
});
|
|
}
|
|
if (runtimeSupport.unsupportedServerNames.length > 0) {
|
|
registry.diagnostics.push({
|
|
level: "warn",
|
|
pluginId: record.id,
|
|
source: record.source,
|
|
message:
|
|
"bundle MCP servers use unsupported transports or incomplete configs " +
|
|
`(stdio only today): ${runtimeSupport.unsupportedServerNames.join(", ")}`,
|
|
});
|
|
}
|
|
}
|
|
registry.plugins.push(record);
|
|
seenIds.set(pluginId, candidate.origin);
|
|
continue;
|
|
}
|
|
// Fast-path bundled memory plugins that are guaranteed disabled by slot policy.
|
|
// This avoids opening/importing heavy memory plugin modules that will never register.
|
|
if (
|
|
registrationMode === "full" &&
|
|
candidate.origin === "bundled" &&
|
|
manifestRecord.kind === "memory"
|
|
) {
|
|
const earlyMemoryDecision = resolveMemorySlotDecision({
|
|
id: record.id,
|
|
kind: "memory",
|
|
slot: memorySlot,
|
|
selectedId: selectedMemoryPluginId,
|
|
});
|
|
if (!earlyMemoryDecision.enabled) {
|
|
record.enabled = false;
|
|
record.status = "disabled";
|
|
record.error = earlyMemoryDecision.reason;
|
|
registry.plugins.push(record);
|
|
seenIds.set(pluginId, candidate.origin);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
if (!manifestRecord.configSchema) {
|
|
pushPluginLoadError("missing config schema");
|
|
continue;
|
|
}
|
|
|
|
const pluginRoot = safeRealpathOrResolve(candidate.rootDir);
|
|
const loadSource =
|
|
(registrationMode === "setup-only" || registrationMode === "setup-runtime") &&
|
|
manifestRecord.setupSource
|
|
? manifestRecord.setupSource
|
|
: candidate.source;
|
|
const opened = openBoundaryFileSync({
|
|
absolutePath: loadSource,
|
|
rootPath: pluginRoot,
|
|
boundaryLabel: "plugin root",
|
|
rejectHardlinks: candidate.origin !== "bundled",
|
|
skipLexicalRootCheck: true,
|
|
});
|
|
if (!opened.ok) {
|
|
pushPluginLoadError("plugin entry path escapes plugin root or fails alias checks");
|
|
continue;
|
|
}
|
|
const safeSource = opened.path;
|
|
fs.closeSync(opened.fd);
|
|
|
|
let mod: OpenClawPluginModule | null = null;
|
|
try {
|
|
mod = getJiti(safeSource)(safeSource) as OpenClawPluginModule;
|
|
} catch (err) {
|
|
recordPluginError({
|
|
logger,
|
|
registry,
|
|
record,
|
|
seenIds,
|
|
pluginId,
|
|
origin: candidate.origin,
|
|
error: err,
|
|
logPrefix: `[plugins] ${record.id} failed to load from ${record.source}: `,
|
|
diagnosticMessagePrefix: "failed to load plugin: ",
|
|
});
|
|
continue;
|
|
}
|
|
|
|
if (
|
|
(registrationMode === "setup-only" || registrationMode === "setup-runtime") &&
|
|
manifestRecord.setupSource
|
|
) {
|
|
const setupRegistration = resolveSetupChannelRegistration(mod);
|
|
if (setupRegistration.plugin) {
|
|
if (setupRegistration.plugin.id && setupRegistration.plugin.id !== record.id) {
|
|
pushPluginLoadError(
|
|
`plugin id mismatch (config uses "${record.id}", setup export uses "${setupRegistration.plugin.id}")`,
|
|
);
|
|
continue;
|
|
}
|
|
const api = createApi(record, {
|
|
config: cfg,
|
|
pluginConfig: {},
|
|
hookPolicy: entry?.hooks,
|
|
registrationMode,
|
|
});
|
|
api.registerChannel(setupRegistration.plugin);
|
|
registry.plugins.push(record);
|
|
seenIds.set(pluginId, candidate.origin);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
const resolved = resolvePluginModuleExport(mod);
|
|
const definition = resolved.definition;
|
|
const register = resolved.register;
|
|
|
|
if (definition?.id && definition.id !== record.id) {
|
|
pushPluginLoadError(
|
|
`plugin id mismatch (config uses "${record.id}", export uses "${definition.id}")`,
|
|
);
|
|
continue;
|
|
}
|
|
|
|
record.name = definition?.name ?? record.name;
|
|
record.description = definition?.description ?? record.description;
|
|
record.version = definition?.version ?? record.version;
|
|
const manifestKind = record.kind as string | undefined;
|
|
const exportKind = definition?.kind as string | undefined;
|
|
if (manifestKind && exportKind && exportKind !== manifestKind) {
|
|
registry.diagnostics.push({
|
|
level: "warn",
|
|
pluginId: record.id,
|
|
source: record.source,
|
|
message: `plugin kind mismatch (manifest uses "${manifestKind}", export uses "${exportKind}")`,
|
|
});
|
|
}
|
|
record.kind = definition?.kind ?? record.kind;
|
|
|
|
if (record.kind === "memory" && memorySlot === record.id) {
|
|
memorySlotMatched = true;
|
|
}
|
|
|
|
if (registrationMode === "full") {
|
|
const memoryDecision = resolveMemorySlotDecision({
|
|
id: record.id,
|
|
kind: record.kind,
|
|
slot: memorySlot,
|
|
selectedId: selectedMemoryPluginId,
|
|
});
|
|
|
|
if (!memoryDecision.enabled) {
|
|
record.enabled = false;
|
|
record.status = "disabled";
|
|
record.error = memoryDecision.reason;
|
|
registry.plugins.push(record);
|
|
seenIds.set(pluginId, candidate.origin);
|
|
continue;
|
|
}
|
|
|
|
if (memoryDecision.selected && record.kind === "memory") {
|
|
selectedMemoryPluginId = record.id;
|
|
}
|
|
}
|
|
|
|
const validatedConfig = validatePluginConfig({
|
|
schema: manifestRecord.configSchema,
|
|
cacheKey: manifestRecord.schemaCacheKey,
|
|
value: entry?.config,
|
|
});
|
|
|
|
if (!validatedConfig.ok) {
|
|
logger.error(`[plugins] ${record.id} invalid config: ${validatedConfig.errors?.join(", ")}`);
|
|
pushPluginLoadError(`invalid config: ${validatedConfig.errors?.join(", ")}`);
|
|
continue;
|
|
}
|
|
|
|
if (validateOnly) {
|
|
registry.plugins.push(record);
|
|
seenIds.set(pluginId, candidate.origin);
|
|
continue;
|
|
}
|
|
|
|
if (typeof register !== "function") {
|
|
logger.error(`[plugins] ${record.id} missing register/activate export`);
|
|
pushPluginLoadError("plugin export missing register/activate");
|
|
continue;
|
|
}
|
|
|
|
const api = createApi(record, {
|
|
config: cfg,
|
|
pluginConfig: validatedConfig.value,
|
|
hookPolicy: entry?.hooks,
|
|
registrationMode,
|
|
});
|
|
const previousMemoryPromptBuilder = getMemoryPromptSectionBuilder();
|
|
|
|
try {
|
|
const result = register(api);
|
|
if (result && typeof result.then === "function") {
|
|
registry.diagnostics.push({
|
|
level: "warn",
|
|
pluginId: record.id,
|
|
source: record.source,
|
|
message: "plugin register returned a promise; async registration is ignored",
|
|
});
|
|
}
|
|
// Snapshot loads should not replace process-global runtime prompt state.
|
|
if (!shouldActivate) {
|
|
restoreMemoryPromptSection(previousMemoryPromptBuilder);
|
|
}
|
|
registry.plugins.push(record);
|
|
seenIds.set(pluginId, candidate.origin);
|
|
} catch (err) {
|
|
restoreMemoryPromptSection(previousMemoryPromptBuilder);
|
|
recordPluginError({
|
|
logger,
|
|
registry,
|
|
record,
|
|
seenIds,
|
|
pluginId,
|
|
origin: candidate.origin,
|
|
error: err,
|
|
logPrefix: `[plugins] ${record.id} failed during register from ${record.source}: `,
|
|
diagnosticMessagePrefix: "plugin failed during register: ",
|
|
});
|
|
}
|
|
}
|
|
|
|
// Scoped snapshot loads may intentionally omit the configured memory plugin, so only
|
|
// emit the missing-memory diagnostic for full registry loads.
|
|
if (!onlyPluginIdSet && typeof memorySlot === "string" && !memorySlotMatched) {
|
|
registry.diagnostics.push({
|
|
level: "warn",
|
|
message: `memory slot plugin not found or not marked as memory: ${memorySlot}`,
|
|
});
|
|
}
|
|
|
|
warnAboutUntrackedLoadedPlugins({
|
|
registry,
|
|
provenance,
|
|
logger,
|
|
env,
|
|
});
|
|
|
|
maybeThrowOnPluginLoadError(registry, options.throwOnLoadError);
|
|
|
|
if (cacheEnabled) {
|
|
setCachedPluginRegistry(cacheKey, {
|
|
registry,
|
|
memoryPromptBuilder: getMemoryPromptSectionBuilder(),
|
|
});
|
|
}
|
|
if (shouldActivate) {
|
|
activatePluginRegistry(registry, cacheKey);
|
|
}
|
|
return registry;
|
|
}
|
|
|
|
function safeRealpathOrResolve(value: string): string {
|
|
try {
|
|
return fs.realpathSync(value);
|
|
} catch {
|
|
return path.resolve(value);
|
|
}
|
|
}
|