fix(plugins): explain source-only package diagnostics (#77835)

[hclsys]

Summary

Fixes #77835.

Source-only TypeScript package diagnostics currently say an installed plugin package requires compiled runtime output, but they do not tell operators what action is available. For packages such as @tencent-weixin/openclaw-weixin@2.3.1, the missing compiled JS is a publisher packaging issue rather than a local config problem.

This PR makes that diagnostic actionable by telling users to update/reinstall after the publisher ships compiled JavaScript, or disable/uninstall the plugin until then. It also documents the same recovery path in the general plugin docs and WeChat troubleshooting page.

Changes

• src/plugins/package-entry-resolution.ts: extend the missing compiled runtime output diagnostic with user action and scope.
• src/plugins/discovery.test.ts: assert startup/discovery warnings include the actionable guidance.
• src/plugins/install.test.ts: assert install-time rejection includes the same guidance.
• src/cli/plugins-install-config.test.ts: keep official reinstall recovery tolerant of the new longer diagnostic.
• docs/tools/plugin.md and docs/channels/wechat.md: document the publisher-package fix path.

Scout audit

• Audit A (existing helper): reused existing missingCompiledRuntimeEntryMessage; no new classifier/predicate added.
• Audit B (shared callers): one shared diagnostic helper, contract preserved; message text becomes more actionable without changing severity or control flow.
• Audit C (broader rival): no fresh open PR found for [Bug]: Third-party TypeScript plugin missing compiled output causes startup warning with no fix path #77835 or the exact source-only compiled-output diagnostic.

Real behavior proof

• Behavior or issue addressed: Operators who hit a source-only TypeScript managed plugin package now receive an actionable diagnostic explaining the missing compiled output is a plugin packaging issue and giving update/reinstall or disable/uninstall recovery steps.
• Real environment tested: Local OpenClaw checkout on branch fix/77835-plugin-source-only-actionable-diagnostic, based on origin/main 0c977cd687; repository plugin discovery/install and CLI install-config test shards.
• Exact steps or command run after this patch:
  • pnpm test src/plugins/discovery.test.ts src/plugins/install.test.ts src/cli/plugins-install-config.test.ts src/cli/plugins-cli.install.test.ts
  • pnpm exec oxlint CHANGELOG.md src/plugins/package-entry-resolution.ts src/plugins/discovery.test.ts src/plugins/install.test.ts src/cli/plugins-install-config.test.ts src/cli/plugins-cli.install.test.ts
  • pnpm exec oxfmt --check --threads=1 src/plugins/package-entry-resolution.ts src/plugins/discovery.test.ts src/plugins/install.test.ts src/cli/plugins-install-config.test.ts src/cli/plugins-cli.install.test.ts docs/tools/plugin.md docs/channels/wechat.md CHANGELOG.md
  • pnpm check:changed
• Evidence after fix: Terminal output from after-patch runs:

Test Files  2 passed (2)
Tests  89 passed (89)
Test Files  2 passed (2)
Tests  150 passed (150)
[test] passed 2 Vitest shards in 9.84s

Found 0 warnings and 0 errors.
All matched files use the correct format.
pnpm check:changed exited 0.

• Observed result after fix: Discovery/install diagnostics now include plugin packaging issue and disable/uninstall the plugin; all focused plugin/CLI tests and changed-file guardrails passed.
• What was not tested: Did not install the broken @tencent-weixin/openclaw-weixin@2.3.1 package in a live Gateway; verification used repository package discovery/install coverage and docs checks.

Additional real behavior proof after maintainer-bot review

After the initial review requested real plugin output, I reproduced the source-only package shape against this branch with actual plugin install and discovery code paths:

node --import tsx --input-type=module <<'NODE'
# creates a temp plugin package with openclaw.extensions=["./src/index.ts"]
# and no compiled JS, then runs installPluginFromDir() and discoverOpenClawPlugins()
NODE

Observed after-fix output:

scenario=install-source-only-package
install.ok=false
install.error=package install requires compiled runtime output for TypeScript entry ./src/index.ts: expected ./dist/index.js, ./dist/index.mjs, ./dist/index.cjs, ./src/index.js, ./src/index.mjs, ./src/index.cjs. This is a plugin packaging issue, not a local config problem; update or reinstall the plugin after the publisher ships compiled JavaScript, or disable/uninstall the plugin until then. TypeScript source fallback is only supported for source checkouts and local development paths.
scenario=discover-managed-source-only-package
candidates=<none>
warn:source-only-pack:installed plugin package requires compiled runtime output for TypeScript entry src/index.ts: expected ./dist/index.js, ./dist/index.mjs, ./dist/index.cjs, src/index.js, src/index.mjs, src/index.cjs. This is a plugin packaging issue, not a local config problem; update or reinstall the plugin after the publisher ships compiled JavaScript, or disable/uninstall the plugin until then. TypeScript source fallback is only supported for source checkouts and local development paths.

[clawsweeper]

Codex review: needs maintainer review before merge.

Summary
The PR extends the source-only TypeScript plugin package diagnostic with recovery guidance and updates related tests, plugin docs, WeChat docs, and the changelog.

Reproducibility: yes. Source inspection shows current main's shared helper omits recovery guidance, and existing install/discovery tests construct the source-only TypeScript package shape that triggers the diagnostic.

Real behavior proof
Sufficient (terminal): The PR body includes after-fix terminal output from real plugin install and discovery code paths showing the improved diagnostic.

Next step before merge
No repair lane is needed; this PR is the implementation and review found no narrow blocker for automation.

Security
Cleared: The diff only changes diagnostic text, docs, tests, and changelog, with no dependency, CI, package-resolution, secret, or code-execution changes.

Review details

Best possible solution:

Merge this PR after normal maintainer and CI gating so the shared diagnostic and public docs give users a clear recovery path.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows current main's shared helper omits recovery guidance, and existing install/discovery tests construct the source-only TypeScript package shape that triggers the diagnostic.

Is this the best way to solve the issue?

Yes. Updating the existing shared helper is the narrowest maintainable fix because install-time rejection and startup discovery warnings already flow through it, with docs/tests covering the exposed behavior.

What I checked:

• Current main diagnostic lacks recovery guidance: The shared missing compiled runtime helper currently reports only the missing JavaScript candidates and does not explain publisher responsibility or disable/uninstall recovery. (src/plugins/package-entry-resolution.ts:90, 10725c9e0144)
• Install path uses the shared helper: Package install validation returns the shared missing compiled runtime message when a TypeScript package entry has no inferred built output. (src/plugins/package-entry-resolution.ts:201, 10725c9e0144)
• Discovery path uses the shared helper: Installed package discovery emits the same helper message as a warning before skipping the source-only package candidate. (src/plugins/package-entry-resolution.ts:528, 10725c9e0144)
• Existing tests cover the failure shape: Current tests already construct source-only TypeScript plugin packages for both install rejection and discovery warning behavior; the PR extends those assertions to the new guidance. (src/plugins/install.test.ts:929, 10725c9e0144)
• Docs already define the packaging contract: The plugin docs state that managed npm packages must ship JavaScript runtime output and reserve TypeScript fallback for source checkouts/local development; the PR adds the missing recovery wording near that rule. Public docs: docs/tools/plugin.md. (docs/tools/plugin.md:163, 10725c9e0144)
• PR diff is narrow: The fetched PR diff changes diagnostic text, docs, tests, and changelog only; it does not alter package resolution control flow or runtime loading behavior. (src/plugins/package-entry-resolution.ts:90, 0b15cd4d0f1a)

Likely related people:

• Chunyue Wang: Prior ClawSweeper context traced the shared helper, related docs section, and source-only package tests to commit 24bd0b2; local commit metadata for that SHA is present, though the local shallow/grafted blame boundary is less precise. (role: current line owner; confidence: medium; commits: 24bd0b212f54; files: src/plugins/package-entry-resolution.ts, src/plugins/discovery.test.ts, src/plugins/install.test.ts)
• steipete: Recent plugin packaging and install-flow maintenance commits are in the same area, making him a practical reviewer for the plugin package diagnostics path. (role: recent adjacent maintainer; confidence: medium; commits: 4862d349257a, 969294f8c51c, b782ecb7ebb3; files: src/plugins/package-entry-resolution.ts, src/plugins/discovery.test.ts, src/plugins/install.test.ts)
• vincentkoc: Nearby plugin install/package docs history and changelog entries connect Vincent Koc to the npm/plugin install behavior this diagnostic documents. (role: prior adjacent owner; confidence: medium; commits: f392b81e9502; files: src/plugins/install.test.ts, docs/tools/plugin.md)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 10725c9e0144.