perf(plugins): scan-scoped package.json cache in discovery

[RomneyDa]

Summary

Investigates and fixes the inner amplifier — why each plugin's package.json was being read ~1,565 times per TUI startup. Stacked on top of #84283.

Root cause: runPluginDiscovery runs two tracePluginLifecyclePhase("discovery scan") blocks (scoped + shared), each invoking multiple overlapping helpers (discoverFromPath, discoverInDirectory) that all call readCandidatePackageManifest per candidate. For bundled plugins reachable through multiple roots (stock root + source-checkout extensions + bundled overlays + installed paths + global root), the same package.json gets read once per code path per scan — and the per-helper seen: Set<string> dedup operates at the candidate level after the manifest read happens. The existing realpathCache only memoizes realpath resolution, not the JSON parse.

Fix: add a per-scan Map<string, PackageManifest | null> threaded through the same chain as realpathCache, keyed by ${trustMode}:${rootRealPath}. Trust mode separates trusted (bundled, no hardlink check) from external-reject / external-allow so the cache can't reuse a trusted parse for a later external-origin read that needs hardlink rejection. Cache lifetime is one scan — created in runPluginDiscovery alongside the existing seen/realpathCache, dies when the scan returns. discoverOpenClawPlugins remains stateless externally.

This PR is complementary to #84283:

• perf(plugins): extend discovery threading to loader, manifest registry, installed-index, and config contracts #84283: collapses multiple outer scans into one per ensurePluginRegistryLoaded invocation.
• This PR: makes each remaining outer scan read each manifest once instead of N times.

Commits

1. perf(plugins): scan-scoped package.json cache in discovery — the cache + threading.
2. perf(plugins): expose raw parsed package.json on PluginCandidate — keeps the parsed manifest on the candidate so downstream iterators don't have to re-read.
3. perf(plugins): make package-manifest cache key trust-aware — keys the cache by ${trustMode}:${realPath} so trusted/external/hardlink-rejecting reads don't cross. (Addresses clawsweeper P1.)

Expected impact

From the original profile (~1,565 reads per extension package.json):

• The scan-scoped cache caps within-scan reads at 1 per file per trust mode.
• Combined with perf(plugins): extend discovery threading to loader, manifest registry, installed-index, and config contracts #84283, expected post-fix reads per file ≈ 1-2 across one CLI/TUI startup.
• Estimated reduction: from ~1,565 to ~1-2 per file. ~99% of the inner amplifier eliminated.

Not measured end-to-end yet — single-launch impact depends on root overlap in the user's environment. If most reads were already from a single root (no overlap), savings are smaller.

Test plan

• node scripts/run-vitest.mjs src/plugins/discovery.test.ts — 67/67 pass
• pnpm tsgo --noEmit --project tsconfig.core.json — clean
• node scripts/run-oxlint.mjs --quiet src/plugins/discovery.ts — 0/0
• npx oxfmt --check — clean
• End-to-end TUI startup measurement (recommended; pop the audit-branch perf-trace stash, rebuild, launch TUI, count json.tryReadJsonSync lines per extensions/<id>/package.json path in /tmp/openclaw-perf.log).

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The branch adds a scan-scoped package.json manifest cache in plugin discovery, threads it through discovery scans, and stores the raw parsed package manifest on PluginCandidate.

Reproducibility: Source-level yes, runtime no: current discovery reads package.json through overlapping helper paths before candidate de-dupe, and the PR body cites a profile, but I did not run the TUI startup measurement.

PR rating
Overall: 🐚 platinum hermit
Proof: 🌊 off-meta tidepool
Patch quality: 🐚 platinum hermit
Summary: Good normal PR quality: the patch is small and coherent with no blocking finding, but runtime profiling and cache-boundary coverage remain maintainer confidence choices.

Rank-up moves:

• Add a focused trust-mode cache regression if maintainers want stronger proof before merge.
• Run the deferred TUI startup read-count measurement if the performance claim needs runtime confirmation.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Not applicable: The contributor proof gate does not apply to this MEMBER maintainer-labeled PR; the body includes local test/type/lint/format proof and explicitly defers end-to-end startup profiling.

Risk before merge

• The PR body still defers the end-to-end TUI startup read-count measurement, so the performance delta is source-plausible but not runtime-proved in the reported startup setup.
• The cache touches a hardlink-sensitive package-manifest path; source review shows the current key is trust-aware, but there is no focused regression for trusted versus external cache separation.

Maintainer options:

1. Add cache-boundary coverage
   Add a focused discovery regression proving a trusted bundled package-manifest read is not reused for an external hardlink-rejecting read of the same real package root.
2. Accept the source-reviewed boundary
   Maintainers can accept the trust-aware key as sufficient if the existing hardlink tests and source review are enough for this performance stack.

Next step before merge
The PR has no actionable bot-fix finding; the remaining work is maintainer judgment on profiling and security-boundary test coverage before merge.

Security
Cleared: The diff touches a hardlink-sensitive manifest-read path, but the current head separates trusted, external-rejecting, and external-allowing cache entries and keeps the cache scan-local.

Review details

Best possible solution:

Land the scan-local, trust-aware cache only after maintainers are comfortable with the remaining profiling gap or add a small cache-boundary regression test first.

Do we have a high-confidence way to reproduce the issue?

Source-level yes, runtime no: current discovery reads package.json through overlapping helper paths before candidate de-dupe, and the PR body cites a profile, but I did not run the TUI startup measurement.

Is this the best way to solve the issue?

Yes with caveats: a scan-local cache keyed by trust mode is a bounded maintainable fix for repeated manifest parses, while cache-specific regression coverage or startup profiling would improve merge confidence.

Label justifications:

• P2: This is a normal-priority plugin startup performance improvement with limited code surface but potentially meaningful startup impact.
• merge-risk: 🚨 security-boundary: The PR caches reads in the plugin package-manifest path that enforces hardlink rejection, so trust-policy separation must remain correct.
• rating: 🐚 platinum hermit: Current PR rating is 🐚 platinum hermit because proof is 🌊 off-meta tidepool, patch quality is 🐚 platinum hermit, and Good normal PR quality: the patch is small and coherent with no blocking finding, but runtime profiling and cache-boundary coverage remain maintainer confidence choices.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: The contributor proof gate does not apply to this MEMBER maintainer-labeled PR; the body includes local test/type/lint/format proof and explicitly defers end-to-end startup profiling.

What I checked:

• PR head cache design: PR head computes a trust-aware cache key in readCandidatePackageManifest, separating trusted, external-reject, and external-allow reads before caching package manifests for the scan. (src/plugins/discovery.ts:503, 949dd682b9d9)
• Scan-local lifetime: PR head creates separate packageManifestCache maps inside the scoped and shared discovery scan closures, so the cache is not process-persistent. (src/plugins/discovery.ts:1244, 949dd682b9d9)
• Current main behavior: Current main reads each candidate package manifest directly through the bundled trusted path or external hardlink-rejecting path without a manifest parse cache. (src/plugins/discovery.ts:502, 88d8d6af9336)
• Hardlink boundary: Current hardlink policy allows bundled and Nix-store roots while rejecting hardlinked files for other plugin origins, which is why the PR's cache key needs to preserve trust mode. (src/plugins/hardlink-policy.ts:25, 88d8d6af9336)
• Existing safety coverage: Current tests cover rejecting hardlinked package manifests, but the PR does not add a focused regression proving cached trusted reads cannot be reused for later external hardlink-rejecting reads. (src/plugins/discovery.test.ts:1995, 88d8d6af9336)
• PR discussion and proof: The PR body reports local discovery tests, typecheck, lint, and format proof, while explicitly leaving end-to-end TUI startup read-count measurement unchecked. (949dd682b9d9)

Likely related people:

• Ayaan Zaidi: git blame attributes the current discovery package-manifest read helper and plugin hardlink-policy surface to their commit. (role: introduced current behavior; confidence: high; commits: 6da73ac90f1e; files: src/plugins/discovery.ts, src/plugins/hardlink-policy.ts)
• RomneyDa: Authored the merged current-main discovery-threading change and this follow-up performance branch on the same plugin discovery startup path. (role: recent area contributor; confidence: high; commits: 88d8d6af9336, 949dd682b9d9; files: src/plugins/discovery.ts, src/plugins/loader.ts, src/plugins/manifest-registry.ts)
• steipete: Recent history on src/plugins/discovery.ts includes plugin discovery hardening, manifest-read hardening, and cold-start metadata performance work. (role: adjacent owner; confidence: medium; commits: a97cec0018a4, 171b24c5c5b6, b8b43175c5b8; files: src/plugins/discovery.ts, src/plugins/manifest-registry.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 88d8d6af9336.

[RomneyDa]

ClawSweeper's prior findings (against head c909256d2e) are all resolved on current head 949dd682b9:

• P1: cache-trust separation in discovery.ts:510 — fixed in commit 949dd682b9. Cache key is now ${trustMode}:${realPath} where trustMode ∈ {trusted, external-reject, external-allow}, matching the three distinct read paths (readTrustedPackageManifest, readPackageManifest with rejectHardlinks=true, readPackageManifest with rejectHardlinks=false). A bundled-trusted parse can no longer be reused for a later external-origin read.
• P2: eager runtime discovery in runtime-registry-loader.ts:142 — no longer on this branch. After rebase onto cleaned perf(plugins): extend discovery threading to loader, manifest registry, installed-index, and config contracts #84283, the runtime-loader orchestration commit was dropped (it was the same scope creep called out on the parent PR's prior head).
• P2: dead discovery? param in channel-presence-policy.ts:454 — same; that commit was dropped during the rebase onto cleaned perf(plugins): extend discovery threading to loader, manifest registry, installed-index, and config contracts #84283.

Current head 949dd682b9 is the cleaned #84283 base (6b6254db8f) plus 3 commits scoped to the inner amplifier:

• bc561f8441 scan-scoped package.json cache
• 13c930e70f expose raw parsed package.json on PluginCandidate
• 949dd682b9 make cache key trust-aware (P1 fix)

Local gates green: discovery.test.ts 67/67, oxlint clean, oxfmt clean, tsgo core noEmit exit 0.

ClawSweeper has since re-reviewed against 949dd682b9 and updated its verdict to needs-human / 🐚 platinum hermit / "no concrete code defect found" / security Cleared. Only optional rank-up move is a focused cache-boundary regression test.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🌱 uncommon Gilded Shellbean

        .--^^^^--.           
     .-'  o    o  '-.        
    /       \__/      \      
   |    /\  ____  /\   |     
   |   /  \/____\/  \  |     
    \  \_.------._/  /       
     '._  `----'  _.'        
        '-.____.-'           
       _/|_|  |_|\_          
      /__|      |__\         
       .-----------.         
      '-------------'        

Rarity: 🌱 uncommon.
Trait: collects tiny proofs.
Image traits: location flaky test forest; accessory CI status badge; palette seafoam, black, and opal; mood sleepy but ready; pose waving from a small platform; shell matte ceramic shell; lighting soft underwater shimmer; background smooth stones and checkmarks.
How to hatch it: once this PR reaches status: 👀 ready for maintainer look or status: 🚀 automerge armed, the PR author or a maintainer can comment @clawsweeper hatch to turn this ASCII egg into its generated creature image.
Share on X: post this hatch
Copy: My PR egg hatched a 🌱 uncommon Gilded Shellbean in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchable usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[RomneyDa]

@clawsweeper reevaluate labels, I believe I've mitigated security concern

[clawsweeper]

🦞👀
ClawSweeper could not start a freeform assist pass for this item.

Reason: freeform assist requires an open issue or PR.

Request: reevaluate labels, I believe I've mitigated security concern