LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-05-07 07:58:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(plugins): trust catalog package installs

Browse Source
This commit is contained in:
Vincent Koc
2026-05-04 11:30:26 -07:00
parent 9dc38f37ea
commit daefb5e341
3 changed files with 39 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/cli/plugins-cli.install.test.ts
View File

@@ -734,7 +734,7 @@ describe("plugins cli install", () => {
expect(writeConfigFile).toHaveBeenCalledWith(enabledCfg);
});
it("passes official external catalog integrity to npm installs", async () => {
it("passes third-party external catalog integrity with catalog install trust", async () => {
const cfg = createEmptyPluginConfig();
const enabledCfg = createEnabledPluginConfig("wecom-openclaw-plugin");
loadConfig.mockReturnValue(cfg);
@@ -796,7 +796,7 @@ describe("plugins cli install", () => {
},
);
it("passes official external catalog integrity to hook-pack fallback", async () => {
it("passes third-party external catalog integrity to hook-pack fallback", async () => {
loadConfig.mockReturnValue(createEmptyPluginConfig());
findBundledPluginSourceMock.mockReturnValue(undefined);
installPluginFromNpmSpec.mockResolvedValue({
@@ -992,6 +992,38 @@ describe("plugins cli install", () => {
expect(installPluginFromClawHub).not.toHaveBeenCalled();
});
it("marks catalog npm package installs with alternate selectors as trusted", async () => {
const cfg = createEmptyPluginConfig();
const enabledCfg = createEnabledPluginConfig("wecom-openclaw-plugin");
loadConfig.mockReturnValue(cfg);
installPluginFromNpmSpec.mockResolvedValue(
createNpmPluginInstallResult("wecom-openclaw-plugin"),
);
enablePluginInConfig.mockReturnValue({ config: enabledCfg });
recordPluginInstall.mockReturnValue(enabledCfg);
applyExclusiveSlotSelection.mockReturnValue({
config: enabledCfg,
warnings: [],
});
await runPluginsCommand(["plugins", "install", "@wecom/wecom-openclaw-plugin@latest"]);
expect(installPluginFromNpmSpec).toHaveBeenCalledWith(
expect.objectContaining({
spec: "@wecom/wecom-openclaw-plugin@latest",
expectedPluginId: "wecom-openclaw-plugin",
trustedSourceLinkedOfficialInstall: true,
}),
);
expect(installPluginFromNpmSpec).toHaveBeenCalledWith(
expect.not.objectContaining({
expectedIntegrity: expect.any(String),
}),
);
expect(installPluginFromClawHub).not.toHaveBeenCalled();
});
it("passes the active profile extensions dir to npm installs", async () => {
const extensionsDir = useProfileExtensionsDir();
const cfg = createEmptyPluginConfig();