Skip to content

Fix/plugin diagnostics orphan cleanup v2#7

Open
ralf003 wants to merge 5 commits into
mainfrom
fix/plugin-diagnostics-orphan-cleanup-v2
Open

Fix/plugin diagnostics orphan cleanup v2#7
ralf003 wants to merge 5 commits into
mainfrom
fix/plugin-diagnostics-orphan-cleanup-v2

Conversation

@ralf003

@ralf003 ralf003 commented Jun 17, 2026

Copy link
Copy Markdown
Owner

Summary

What problem does this PR solve?

Why does this matter now?

What is the intended outcome?

What is intentionally out of scope?

What does success look like?

What should reviewers focus on?

Summary guidance

This PR description is the contributor's durable explanation of the change. Write it for human maintainers first; ClawSweeper and Barnacle use the same text to understand intent, proof, risk, and current review state.

Describe the intent and outcome in 2-5 bullets. Avoid restating the diff; reviewers and bots can read the changed files.

If this PR fixes a plugin beta-release blocker, title it fix(<plugin-id>): beta blocker - <summary> and link the matching Beta blocker: <plugin-name> - <summary> issue labeled beta-blocker. Contributors cannot label PRs, so the title is the PR-side signal for maintainers and automation.

Linked context

Which issue does this close?

Closes #

Which issues, PRs, or discussions are related?

Related #

Was this requested by a maintainer or owner?

Linked context guidance

Link the issue, PR, discussion, maintainer request, or owner request that explains why this PR should exist. Maintainer context helps reviewers and automation distinguish intended work from drive-by churn.

Real behavior proof (required for external PRs)

  • Behavior or issue addressed:
  • Real environment tested:
  • Exact steps or command run after this patch:
  • Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output):
  • Observed result after fix:
  • What was not tested:
  • Proof limitations or environment constraints:
  • Before evidence (optional but encouraged):
Real behavior proof guidance

External contributors must show after-fix evidence from a real OpenClaw setup. Unit tests, mocks, lint, typechecks, snapshots, and CI are supplemental only.

Screenshots are encouraged even for CLI, console, text, or log changes. Terminal screenshots, copied live output, redacted runtime logs, recordings, and linked artifacts count.

If your environment cannot produce the ideal proof, explain that under Proof limitations or environment constraints so reviewers and ClawSweeper can direct the next step properly.

Be mindful of private information like IP addresses, API keys, phone numbers, non-public endpoints, or other private details when providing evidence.

Tests and validation

Which commands did you run?

What regression coverage was added or updated?

What failed before this fix, if known?

If no test was added, why not?

Testing guidance

List focused commands, not every incidental check. CI is useful support, but external PRs still need real behavior proof above when behavior changes.

Risk checklist

Did user-visible behavior change? (Yes/No)

Did config, environment, or migration behavior change? (Yes/No)

Did security, auth, secrets, network, or tool execution behavior change? (Yes/No)

What is the highest-risk area?

How is that risk mitigated?

Risk guidance

Use this for author judgment that is not obvious from the diff. ClawSweeper can see touched files, but it cannot know which behavior you think is risky, why the risk is acceptable, or what mitigation reviewers should verify.

Current review state

What is the next action?

What is still waiting on author, maintainer, CI, or external proof?

Which bot or reviewer comments were addressed?

Review state guidance

Keep this as the durable state for review progress. If useful information appears in comments, fold the current next action or blocker back here so maintainers and ClawSweeper do not need to reconstruct state from comment history.

ralf003 added 5 commits June 17, 2026 13:48
Replace the blanket !pluginId -> stale rule with a targeted orphan-source-path diagnostic code. discovery.ts now sets this code on diagnostics from discoverFromPath, and hasStalePersistedPluginDiagnostics checks the code instead of requiring pluginId to be absent.

This avoids treating legitimate diagnostics without pluginId (e.g. package plugin validation warnings, source-overlay diagnostics) as stale, while still correctly invalidating the persisted registry when a configured load path disappears.

Fixes: Gateway startup failure when stale plugin diagnostics_json persists after plugin uninstall.
… persistence

The PluginDiagnosticSchema Zod schema was missing the 'code' field that
discovery.ts now sets on orphan-source-path diagnostics. This caused the
code field to be stripped during SQLite read-back via safeParseWithSchema,
preventing hasStalePersistedPluginDiagnostics from detecting stale orphan
diagnostics in the persisted plugin index.

After this fix, diagnostics with code='orphan-source-path' survive the
write/read round-trip through the installed plugin index SQLite store,
and the snapshot loading fast path correctly invalidates the persisted
registry when orphan diagnostics are present.
ClawSweeper P1: existing users upgrading from released/current OpenClaw have
SQLite diagnostics_json rows without the .code field (added in PluginDiagnosticSchema
as part of this PR). Those rows have no pluginId and no code but an absolute source
that doesn't exist — they are conceptually orphan diagnostics that must trigger a
registry refresh instead of being silently reused (which blocks Gateway startup).

Add a legacy path in hasStalePersistedPluginDiagnostics: when a diagnostic has
no pluginId, a missing absolute source, and no code field (undefined), treat it
as stale. This is a narrow, explicit check that avoids the blanket !pluginId
rule rejected by maintainers on the original openclaw#93467.

New test: 'refreshes registry for legacy no-code orphan diagnostics (upgrade from
pre-code schema)' — simulates SQLite row exactly as current/released OpenClaw
would have written it.
@github-actions

Copy link
Copy Markdown

Dependency Guard

This PR changes dependency-related files. Maintainers should confirm these changes are intentional.

Changed files:

  • extensions/acpx/npm-shrinkwrap.json
  • extensions/acpx/package.json
  • extensions/admin-http-rpc/package.json
  • extensions/alibaba/package.json
  • extensions/amazon-bedrock-mantle/npm-shrinkwrap.json
  • extensions/amazon-bedrock-mantle/package.json
  • extensions/amazon-bedrock/npm-shrinkwrap.json
  • extensions/amazon-bedrock/package.json
  • extensions/anthropic-vertex/npm-shrinkwrap.json
  • extensions/anthropic-vertex/package.json
  • extensions/anthropic/package.json
  • extensions/arcee/npm-shrinkwrap.json
  • extensions/arcee/package.json
  • extensions/azure-speech/package.json
  • extensions/bonjour/package.json
  • extensions/brave/npm-shrinkwrap.json
  • extensions/brave/package.json
  • extensions/browser/package.json
  • extensions/byteplus/package.json
  • extensions/canvas/package.json
  • extensions/cerebras/npm-shrinkwrap.json
  • extensions/cerebras/package.json
  • extensions/chutes/npm-shrinkwrap.json
  • extensions/chutes/package.json
  • extensions/clickclack/package.json
  • 166 additional dependency-related files not shown

Maintainer follow-up:

  • Review whether the dependency changes are intentional.
  • Inspect resolved package deltas when lockfile, shrinkwrap, or workspace dependency policy changes are present.
  • Treat package-lock.json and npm-shrinkwrap.json diffs as security-review surfaces.
  • Run pnpm deps:changes:report -- --base-ref origin/main --markdown /tmp/dependency-changes.md --json /tmp/dependency-changes.json locally for detailed release-style evidence.

@github-actions

Copy link
Copy Markdown

Dependency graph changes noted

This PR includes dependency graph changes. The dependency guard is informational because the PR author is a repository admin or a member of @openclaw/openclaw-secops.

  • Current SHA: 86608c32a4e97a350003fe83a5b3332b54a0047c
  • Trusted actor: @ralf003
  • Trusted role: pull request author; repository admin

Security review is still recommended before merge when the dependency graph change is intentional.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant