ea682182d0
* fix: isolate npm plugin installs per package * test: assert isolated npm plugin projects in upgrade survivor * test: assert plugin lifecycle npm project roots * test: resolve npm project deps in live assertions * fix: resolve codex bins from isolated npm projects * docs: document isolated npm plugin projects * ci: configure testbox workflow for crabbox * fix: stabilize npm project fingerprint * fix: keep fetch runtime import side-effect free * test: keep dynamic live model unit hermetic * ci: handle empty node toolcache roots * test: make nounset toolcache probe deterministic
2.9 KiB
summary, read_when, title, sidebarTitle
| summary | read_when | title | sidebarTitle | |||
|---|---|---|---|---|---|---|
| Test packaged plugin overrides with setup-time install flows |
|
Plugin install overrides | Install overrides |
Plugin install overrides let maintainers test setup-time plugin installs against
a specific npm package or local npm-pack tarball. They are for E2E and package
validation only. Normal users should install plugins with
openclaw plugins install.
Environment
Overrides are disabled unless both variables are set:
export OPENCLAW_ALLOW_PLUGIN_INSTALL_OVERRIDES=1
export OPENCLAW_PLUGIN_INSTALL_OVERRIDES='{
"codex": "npm-pack:/tmp/openclaw-codex-2026.5.8.tgz",
"openclaw-web-search": "npm:@openclaw/web-search@2026.5.8"
}'
The override map is JSON keyed by plugin id. Values support:
npm:<registry-spec>for registry packages and exact versions or tagsnpm-pack:<path.tgz>for local tarballs produced bynpm pack
Relative npm-pack: paths resolve from the current working directory.
Behavior
When a setup-time flow asks to install a plugin whose id appears in the map, OpenClaw uses the override source instead of the catalog, bundled, or default npm source. This applies to onboarding and other flows that use the shared setup-time plugin installer.
Overrides still enforce the expected plugin id. A tarball mapped to codex
must install a plugin whose manifest id is codex.
Overrides do not inherit official trusted-source status. Even when the catalog entry normally represents an OpenClaw-owned package, an override is treated as operator-supplied test input.
Workspace .env files cannot enable install overrides. Set these variables in
the trusted shell, CI job, or remote test command that launches OpenClaw.
Package E2E
Use an isolated state directory so package installs and install records do not touch your normal OpenClaw state:
npm pack extensions/codex --pack-destination /tmp
OPENCLAW_STATE_DIR="$(mktemp -d)" \
OPENCLAW_ALLOW_PLUGIN_INSTALL_OVERRIDES=1 \
OPENCLAW_PLUGIN_INSTALL_OVERRIDES='{"codex":"npm-pack:/tmp/openclaw-codex-2026.5.8.tgz"}' \
pnpm openclaw onboard --mode local
Verify the installed package under the state directory:
find "$OPENCLAW_STATE_DIR/npm/projects" -path '*/node_modules/@openclaw/codex/package.json' -print
grep -R '"@openclaw/codex"' "$OPENCLAW_STATE_DIR/npm/projects"/*/package-lock.json
For live provider E2E, source the real API key from a trusted shell or CI secret before launching the test command. Do not print keys; report only the source and whether the key was present.