fix(plugins): fall back to bundled plugin when npm spec resolves to non-OpenClaw package

[scoootscooob]

Closes #32019

Summary

• openclaw plugins install diffs downloads the unrelated npm package diffs@0.1.1 (a simple object-diff utility by synder) which lacks openclaw.extensions
• The install fails with "package.json missing openclaw.extensions" without trying the bundled @openclaw/diffs plugin
• Root cause 1: the bundled-fallback trigger only fires on npm 404 errors, not on "downloaded but not an OpenClaw plugin" errors
• Root cause 2: findBundledPluginByNpmSpec only matches by npmSpec (@openclaw/diffs), not by pluginId (diffs)

Changes

• src/cli/plugins-cli.ts: add isNotAnOpenClawPluginError() check; broaden fallback trigger to also fire on missing/empty openclaw.extensions errors
• src/plugins/bundled-sources.ts: match bundled plugins by pluginId in addition to npmSpec
• src/plugins/bundled-sources.test.ts: new test for pluginId-based lookup

What did NOT change

• No changes to npm download logic, plugin discovery, or manifest validation
• Existing behavior for 404 errors and exact npmSpec matches is preserved
• No changes to how bundled plugins are resolved or loaded

Test plan

• Existing bundled source tests still pass
• New test: findBundledPluginByNpmSpec({ spec: "diffs" }) resolves via pluginId when npmSpec is @openclaw/diffs
• npx tsgo type check passes (pre-existing error in gateway-chat.ts only)

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

This PR fixes a two-part bug where openclaw plugins install diffs silently downloads the unrelated npm package diffs@0.1.1 and then fails without falling back to the bundled @openclaw/diffs plugin.

Changes:

• src/cli/plugins-cli.ts: Adds isNotAnOpenClawPluginError() to detect the "package downloaded but missing openclaw.extensions" failure mode, and widens the bundled-fallback trigger to cover it alongside existing 404 errors.
• src/plugins/bundled-sources.ts: Adds a secondary pluginId match in findBundledPluginByNpmSpec so a bare spec like diffs can resolve to a bundled plugin whose npmSpec is @openclaw/diffs.
• src/plugins/bundled-sources.test.ts: New test for the pluginId-based lookup that reproduces the Plugin diffs v0.1.1 install fails: package.json missing openclaw.extensions #32019 scenario.

Issue found:

• The warning message on line 683 — "npm package unavailable for ${raw}" — is unchanged and is now reused for both the 404 case and the new "not an OpenClaw plugin" case. In the latter scenario the package is available on npm; it just isn't a valid plugin. A user seeing this message could incorrectly conclude the package doesn't exist.

Confidence Score: 4/5

• This PR is safe to merge; it fixes a real regression with minimal, well-scoped changes and no breakage to existing behavior.
• The two root-cause fixes are correct and well-tested. The only noted issue is a user-facing warning message that remains accurate for the 404 case but becomes slightly misleading for the new "not an OpenClaw plugin" case — this is a UX polish concern, not a functional or safety problem.
• The warning message in src/cli/plugins-cli.ts around line 683 is worth a quick look before merging.

_{Last reviewed commit: b006503}

[greptile-apps]

_{3 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

src/cli/plugins-cli.ts
Misleading warning message for non-OpenClaw plugin case

When the fallback is triggered by isNotAnOpenClawPluginError (i.e. the npm package was found and downloaded, but it isn't an OpenClaw plugin), the message "npm package unavailable for ${raw}" is factually incorrect — the package exists; it just doesn't implement openclaw.extensions. This could confuse users into thinking the npm package doesn't exist at all.

Consider distinguishing the two reasons:

          theme.warn(
            isPackageNotFoundInstallError(result.error)
              ? `npm package unavailable for ${raw}; using bundled plugin at ${shortenHomePath(bundledFallback.localPath)}.`
              : `npm package "${raw}" is not a valid OpenClaw plugin; using bundled plugin at ${shortenHomePath(bundledFallback.localPath)}.`,
          ),

(This would require hoisting shouldTryBundledFallback's sub-conditions so both are still available here.)

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/cli/plugins-cli.ts
Line: 683

Comment:
**Misleading warning message for non-OpenClaw plugin case**

When the fallback is triggered by `isNotAnOpenClawPluginError` (i.e. the npm package _was_ found and downloaded, but it isn't an OpenClaw plugin), the message `"npm package unavailable for ${raw}"` is factually incorrect — the package exists; it just doesn't implement `openclaw.extensions`. This could confuse users into thinking the npm package doesn't exist at all.

Consider distinguishing the two reasons:

```suggestion
          theme.warn(
            isPackageNotFoundInstallError(result.error)
              ? `npm package unavailable for ${raw}; using bundled plugin at ${shortenHomePath(bundledFallback.localPath)}.`
              : `npm package "${raw}" is not a valid OpenClaw plugin; using bundled plugin at ${shortenHomePath(bundledFallback.localPath)}.`,
          ),
```

(This would require hoisting `shouldTryBundledFallback`'s sub-conditions so both are still available here.)

How can I resolve this? If you propose a fix, please make it concise.

[steipete]

Landed via temp rebase onto main.

• Gate: pnpm test src/plugins/bundled-sources.test.ts && pnpm test src/plugins/install.test.ts -t "openclaw.extensions"
• Land commit: bca352e
• Merge commit: 320920d

Thanks @scoootscooob!