fix(plugins): allowlist bundled provider discovery

[steipete]

Summary

• Makes bundled provider discovery honor restrictive plugins.allow by default for fresh/new configs; omitted bundled provider plugins no longer appear in setup/runtime/web-search inventory unless allowed.
• Adds doctor legacy migration so existing non-empty plugins.allow configs with no explicit plugins.bundledDiscovery get stamped as "compat", preserving upgrade behavior until the operator opts into "allowlist".
• Keeps compat behavior explicit across provider setup/runtime activation and public-artifact web provider fallback, while keeping empty allowlists open.
• Updates generated config schema/docs/changelog and adds regression coverage for provider inventory, web-search fallback, and doctor migration/warning paths.

Verification

• pnpm test src/plugins/providers.test.ts src/agents/models-config.providers.plugin-allowlist-compat.test.ts src/plugins/web-search-providers.runtime.test.ts src/plugins/web-provider-public-artifacts.fallback.test.ts src/commands/doctor/shared/plugin-tool-allowlist-warnings.test.ts src/commands/doctor/shared/legacy-config-migrate.test.ts src/commands/doctor-config-flow.test.ts src/config/schema.help.quality.test.ts src/config/schema.base.generated.test.ts
• pnpm config:schema:check
• pnpm config:docs:check
• pnpm format:docs:check
• pnpm exec oxfmt --check --threads=1 src/plugins/activation-context.ts src/plugins/bundled-compat.ts src/plugins/providers.ts src/plugins/providers.test.ts src/plugins/web-provider-public-artifacts.ts src/plugins/web-search-providers.runtime.test.ts src/agents/models-config.providers.plugin-allowlist-compat.test.ts src/commands/doctor/shared/legacy-config-migrations.runtime.providers.ts src/commands/doctor/shared/legacy-config-migrate.test.ts src/commands/doctor/shared/plugin-tool-allowlist-warnings.ts src/commands/doctor/shared/plugin-tool-allowlist-warnings.test.ts src/config/types.plugins.ts src/config/schema.help.ts src/config/schema.base.generated.ts
• git diff --check
• pnpm build
• Blacksmith Testbox tbx_01kqtfemz7e4jz8b829j4z4pt1: pnpm check:changed

Fixes #75575.

Additional verification after PR rewrite on 2026-05-04

• pnpm test src/plugins/web-provider-public-artifacts.fallback.test.ts src/plugins/web-search-providers.runtime.test.ts src/agents/models-config.providers.plugin-allowlist-compat.test.ts src/plugins/providers.test.ts
• pnpm config:schema:check
• pnpm config:docs:check
• pnpm exec oxfmt --check --threads=1 src/plugins/web-provider-public-artifacts.ts src/plugins/web-provider-public-artifacts.fallback.test.ts src/plugins/bundled-compat.ts src/agents/models-config.providers.plugin-allowlist-compat.test.ts
• git diff --check

Additional verification after alias follow-up on 2026-05-04

• pnpm test src/agents/models-config.providers.plugin-allowlist-compat.test.ts
• pnpm test src/plugins/web-provider-public-artifacts.fallback.test.ts src/plugins/web-search-providers.runtime.test.ts src/agents/models-config.providers.plugin-allowlist-compat.test.ts src/plugins/providers.test.ts
• pnpm exec oxfmt --check --threads=1 src/plugins/bundled-compat.ts src/agents/models-config.providers.plugin-allowlist-compat.test.ts
• git diff --check

[clawsweeper]

Codex review: needs maintainer review before merge.

Summary
The PR adds plugins.bundledDiscovery, gates bundled provider discovery by plugins.allow for new configs, migrates legacy allowlist configs to compat in doctor, and updates schema, docs, changelog, and regression tests.

Reproducibility: yes. Source inspection on current main shows bundled provider setup discovery and compat helpers can widen restrictive plugin allowlists before activation, while the PR adds targeted regression coverage for the intended policy.

Next step before merge
The PR is protected by the maintainer label and changes a public config/default policy; no narrow automated repair remains from this review.

Security
Cleared: The diff changes config, docs, tests, and provider discovery policy without adding dependencies, workflows, scripts, artifact downloads, or broader secret access.

Review details

Best possible solution:

Review and land this PR if maintainers approve the bundledDiscovery default/compat policy and the reported checks remain green.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection on current main shows bundled provider setup discovery and compat helpers can widen restrictive plugin allowlists before activation, while the PR adds targeted regression coverage for the intended policy.

Is this the best way to solve the issue?

Yes, subject to maintainer policy approval. The latest diff keeps the change localized to provider discovery/compat helpers, schema/docs, doctor migration, and regression tests, and it addresses the prior alias-normalization and master-toggle edge cases.

What I checked:

• Protected open PR: Provided GitHub context shows this PR is open, unmerged, labeled maintainer, and currently targets [Feature]: Honor plugins.allow on runtime provider paths (currently force-loaded) — propose plugins.bundledMode opt-in #75575 from head c6d811eb8f48729911b28592f4b96277bb56f704. (c6d811eb8f48)
• Current main lacks new config key: bundledDiscovery is absent from current main, so the PR is not obsolete on main. (f042b53782d9)
• Current bundled setup discovery bypasses allowlist: Current main returns true for all non-workspace provider plugins in setup discovery before checking activation policy, which is the behavior this PR changes. (src/plugins/providers.ts:283, f042b53782d9)
• Current compat helpers widen plugin config: Current main unconditionally adds bundled provider ids to plugins.allow and plugins.entries, including the global enablement override path. (src/plugins/bundled-compat.ts:14, f042b53782d9)
• Prior review blockers addressed in latest diff: The latest PR diff normalizes allow entries with normalizePluginId in public-artifact filtering and guards withBundledPluginEnablementCompat with allowlist eligibility before re-enabling plugins. (src/plugins/web-provider-public-artifacts.ts:27, c6d811eb8f48)
• Maintainer triage context: The discussion says fix(plugins): gate runtime provider discovery by plugins.allow #76085 was superseded by this PR, web_search reports 'no provider available' from first-class assistant tools when capability + runtime succeed #77073 was already fixed by merged fix(web-search): keep first-class web_search runtime providers visible #77074, and this PR should close [Feature]: Honor plugins.allow on runtime provider paths (currently force-loaded) — propose plugins.bundledMode opt-in #75575 after the two narrow blockers are fixed.

Likely related people:

• Brad: Current-main blame and shallow history attribute the central provider discovery, activation, bundled compat, and public-artifact files to commit be8b4dc845. (role: recent maintainer; confidence: medium; commits: be8b4dc84514; files: src/plugins/providers.ts, src/plugins/bundled-compat.ts, src/plugins/activation-context.ts)
• dougbtv: Authored the earlier superseded allowlist-provider PR and the initial commits in this PR that introduced the config/schema/provider-discovery direction. (role: related implementation contributor; confidence: medium; commits: d733e4fcc0a3, d42d7f720b1b; files: src/plugins/providers.ts, src/config/types.plugins.ts, src/config/zod-schema.ts)
• steipete: Provided the maintainer triage update naming the remaining blockers and authored the latest PR rewrite/fix commits that address those blockers. (role: maintainer triage and latest PR repair; confidence: medium; commits: e65b7a5909e0, c6d811eb8f48; files: src/plugins/web-provider-public-artifacts.ts, src/plugins/bundled-compat.ts, src/plugins/providers.test.ts)

Remaining risk / open question:

• The change introduces a public config/default policy, so maintainer approval is still needed even though no new code-level blocker was found.
• This read-only review did not run the PR's tests; it relies on source inspection and the PR's reported verification.

Codex review notes: model gpt-5.5, reasoning high; reviewed against f8e080386d8b.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/25347676460
• Updated: 2026-05-04T22:51:49.942Z

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9f41a7e26c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Normalize allowlist aliases before filtering providers

When plugins.allow contains a supported legacy/provider alias such as google-gemini-cli or minimax-portal, this raw set does not match the actual bundled plugin id (google, minimax). The normal plugin config path already normalizes allowlist entries through the plugin-id resolver, but this new public-artifact filter runs before that, so allowlist-mode web search/fetch inventories can disappear on the fast path even though the same config is accepted elsewhere. Please normalize these allow entries with the same plugin-id rules before filtering.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Avoid re-enabling plugins after allowlist rejection

When plugins.enabled is false and allowlist mode filters out every requested bundled provider here, changed remains false but the later forcePluginsEnabled branch still returns a config with plugins.enabled: true. Provider hook/runtime compat calls can hit this with a restrictive plugins.allow that omits bundled providers, which re-enables globally disabled plugin loading even though no compat plugin was admitted. Keep the original config when no allowed entries were added, or only force-enable after at least one requested plugin survives the allowlist.

Useful? React with 👍 / 👎.

[steipete]

Maintainer triage update:

• fix(plugins): gate runtime provider discovery by plugins.allow #76085 is closed as superseded by this PR.
• web_search reports 'no provider available' from first-class assistant tools when capability + runtime succeed #77073 was already fixed by merged fix(web-search): keep first-class web_search runtime providers visible #77074, so this PR should not close web_search reports 'no provider available' from first-class assistant tools when capability + runtime succeed #77073.
• This PR should target/close [Feature]: Honor plugins.allow on runtime provider paths (currently force-loaded) — propose plugins.bundledMode opt-in #75575 after the remaining fixes land.

Current blocker list matches the ClawSweeper review and is narrow:

1. Normalize plugins.allow aliases before bundled public-artifact web-provider filtering (google-gemini-cli -> google, minimax-portal -> minimax).
2. Preserve plugins.enabled: false when allowlist filtering rejects all requested bundled plugins; do not re-enable plugin loading through the compat helper in that case.

After those are fixed, update the body from Fixes #77073 to Fixes #75575.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c6d811eb8f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Normalize allow aliases before gating compat enablement

When plugins.enabled is false and plugins.allow contains a supported legacy/provider alias such as google-gemini-cli or minimax-portal, this raw set does not match the bundled plugin id passed in pluginIds (google, minimax). The same commit normalizes allow entries in web-provider-public-artifacts.ts, and normalizePluginsConfig accepts these aliases elsewhere, but this gate treats the compat plugin as ineligible and leaves plugins globally disabled, so provider hook/runtime compat cannot load the allowed bundled provider.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a2c92b0aa2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Limit compat bypass to bundled providers

When plugins.bundledDiscovery is "compat", this branch returns true for every non-workspace provider plugin, including global and config origins from PluginOrigin. Migrated configs with a restrictive plugins.allow therefore still discover omitted third-party/global provider plugins even though the new mode is documented and named as a bundled-provider compatibility escape hatch; keep the bypass to plugin.origin === "bundled" and let other origins continue through the base allow/deny policy.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Apply deny and disabled-entry policy to public artifacts

When a bundled web provider is present in plugins.allow but also explicitly disabled with plugins.entries.<id>.enabled = false or blocked by plugins.deny, this filter still returns it because it only checks the allowlist before the public-artifact fast path returns providers. The loader fallback goes through passesManifestOwnerBasePolicy and would block those entries, so web_search/web_fetch can expose a provider the operator explicitly disabled whenever public artifacts are available; apply the same deny/entry policy before accepting the candidate.

Useful? React with 👍 / 👎.

[steipete]

Landed via rebase onto main.

• Source head: a2c92b0
• Landed commit: d362879
• Gate: GitHub PR checks green for source head; Testbox tbx_01kqtjpm76mzdrfqmrvcnkjfe1 pnpm check:changed passed before landing.
• Follow-up duplicate scan: no open matching issues/PRs found for bundled provider allowlist / google-gemini-cli allowlist / web provider allowlist.

[steipete]

Replaced this with a squashed branch on current main: #77569.

This PR's visible head ref was detached from the recreated branch, so GitHub would not let me update refs/pull/77194/head directly. The replacement keeps the same fix, folds in the latest alias-normalization follow-up, preserves contributor credit, and has the current local verification listed in the new PR body.

[steipete]

Correction: this had already merged while I was trying to rewrite the detached head ref. #77569 was opened as a fallback replacement, but I closed it as stale once I confirmed this PR is the canonical merged one.

Canonical merge: d3628792825956702be7a6253061b96d976c623d.