fix(config): preserve empty plugin allowlist

[zhangguiping-xydt]

Summary

• Problem: openclaw doctor --fix could turn an explicit empty plugins.allow into a restrictive allowlist when auto-enabling configured bundled plugins under plugins.bundledDiscovery: "compat".
• Solution: Preserve empty plugins.allow as nonrestrictive while still extending non-empty restrictive allowlists.
• What changed: Updated plugin auto-enable allowlist materialization and added regression coverage for explicit empty allowlists.
• What did NOT change: Existing restrictive non-empty plugins.allow behavior remains unchanged.

Fixes #87869

Real behavior proof

• Behavior or issue addressed: Doctor/plugin auto-enable should not convert plugins.allow: [] into a restrictive list that blocks bundled plugins under compat discovery.
• Real environment tested: Local OpenClaw source checkout in /media/vdc/code/ai/aispace/openclaw-worktrees/issue-87869, using node --import tsx against the real OpenClaw applyPluginAutoEnable implementation.
• Exact steps or command run after this patch:

  node --import tsx --input-type=module <<'NODE'
  import { applyPluginAutoEnable } from './src/config/plugin-auto-enable.apply.ts';
  const result = applyPluginAutoEnable({
    config: {
      channels: { slack: { botToken: 'x' } },
      plugins: { allow: [], bundledDiscovery: 'compat' },
    },
    env: {},
  });
  console.log('openclaw config materialization output');
  console.log('after allow:', JSON.stringify(result.config.plugins?.allow));
  console.log('after slack enabled:', result.config.channels?.slack?.enabled === true);
  console.log('after changes:', result.changes.join(' | '));
  NODE

• Evidence after fix:

  openclaw config materialization output
  after allow: []
  after slack enabled: true
  after changes: Slack configured, enabled automatically.
  

• Observed result after fix: The explicit empty allowlist remains [], while the configured bundled Slack channel still auto-enables.
• What was not tested: Did not run a full live gateway because this fix is in pure config materialization; the proof calls the real OpenClaw config function directly and the regression test covers the same invariant.

Regression Test Plan

• Coverage level: Unit test
• Target test file: src/config/plugin-auto-enable.core.test.ts
• Scenario locked in: plugins.allow: [] with plugins.bundledDiscovery: "compat" remains empty after auto-enable.
• Why this is the smallest reliable guardrail: The regression is caused by config materialization, so this test directly covers the root invariant without requiring external services.

Root Cause

• Root cause: materializePluginAutoEnableCandidatesInternal called ensurePluginAllowlisted whenever plugins.allow was an array, including the explicit empty array case, which changed a nonrestrictive allowlist into a restrictive one.
• Missing detection / guardrail: Existing tests covered unset allowlists and non-empty restrictive allowlists, but not explicit empty allowlists under compat bundled discovery.

[clawsweeper]

Codex review: passed. Reviewed May 29, 2026, 9:37 AM ET / 13:37 UTC.

Summary
The PR changes plugin auto-enable materialization so an explicit empty plugins.allow stays empty while non-empty restrictive allowlists are still extended, and adds a regression test.

PR surface: Source +3, Tests +17. Total +20 across 2 files.

Reproducibility: yes. Source inspection of current main shows an empty array reaches ensurePluginAllowlisted, and the linked report gives a concrete doctor --fix config path that matches that code.

Review metrics: 1 noteworthy metric.

• Config materialization behavior: 1 changed, 0 added, 0 removed config surfaces. plugins.allow auto-enable semantics affect upgrade behavior and openclaw doctor --fix output for existing configs.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• [P1] This deliberately changes an upgrade-sensitive config materialization path, so maintainers should keep the intended contract explicit: empty plugins.allow remains nonrestrictive, while non-empty plugins.allow remains restrictive and is still extended for auto-enabled plugins.

Maintainer options:

1. Land the narrow compatibility repair (recommended)
   Accept the intentional compatibility change because it restores the existing empty-allowlist contract and keeps non-empty restrictive allowlists unchanged.
2. Pause for broader config-owner confirmation
   If maintainers want plugins.allow: [] to become restrictive, pause this PR and settle that policy with docs, migration, and loader behavior changes instead of merging a local repair.

Next step before merge

• [P2] No repair lane is needed because the PR already contains the focused fix and regression coverage; normal checks and automerge gates can evaluate the exact head.

Security
Cleared: The diff touches only config materialization and a regression test; it does not add dependencies, scripts, workflow permissions, secrets handling, or new code-execution paths.

Review details

Best possible solution:

Land the focused config-materialization fix after normal checks, preserving the empty-allowlist nonrestrictive contract and existing restrictive allowlist extension behavior.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection of current main shows an empty array reaches ensurePluginAllowlisted, and the linked report gives a concrete doctor --fix config path that matches that code.

Is this the best way to solve the issue?

Yes. The patch keeps the rule local to auto-enable materialization, aligns it with adjacent empty-allowlist handling, and preserves the existing behavior for non-empty restrictive allowlists.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against a19225343b45.

Label changes

Label justifications:

• P1: The PR fixes a reported config-breaking doctor --fix path that can disable bundled plugin/provider workflows for users on the current release.
• merge-risk: 🚨 compatibility: The diff changes upgrade-sensitive plugins.allow materialization behavior, even though the change is a narrow compatibility repair.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (terminal): The PR body includes after-fix terminal output from the real config function showing the empty allowlist preserved while Slack auto-enables.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix terminal output from the real config function showing the empty allowlist preserved while Slack auto-enables.

Evidence reviewed

PR surface:

Source +3, Tests +17. Total +20 across 2 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	1	5	2	+3
Tests	1	17	0	+17
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	2	22	2	+20

What I checked:

• Current-main behavior: Current main treats any array-valued plugins.allow as restrictive during plugin auto-enable and always calls ensurePluginAllowlisted, so allow: [] is populated when a candidate is auto-enabled. (src/config/plugin-auto-enable.shared.ts:1043, a19225343b45)
• PR implementation: The PR commit changes the auto-enable decision to only extend plugins.allow when it is a non-empty restrictive allowlist. (src/config/plugin-auto-enable.shared.ts:1044, c06837f5dd73)
• Regression coverage: The new test covers plugins.allow: [] with plugins.bundledDiscovery: "compat", verifying Slack still auto-enables while the allowlist remains empty. (src/config/plugin-auto-enable.core.test.ts:292, c06837f5dd73)
• Existing empty-allowlist contract: Adjacent plugin code already treats empty allowlists as nonrestrictive by requiring allow.length > 0 before blocking or adding explicit enabled entries. (src/plugins/enable.ts:25, a19225343b45)
• Feature history: Blame shows the current auto-enable allowlist materialization block was introduced in commit 6a2ccbc, which also introduced the current test file in this checkout history. (src/config/plugin-auto-enable.shared.ts:1043, 6a2ccbc9294a)
• PR discussion and proof: The PR body supplies after-fix terminal output from the real applyPluginAutoEnable implementation showing after allow: [], after slack enabled: true, and the expected auto-enable change text. (c06837f5dd73)

Likely related people:

• Peter Steinberger: git blame and git log --follow point to commit 6a2ccbc as introducing the current plugin-auto-enable implementation and tests in this checkout history. (role: recent area contributor; confidence: high; commits: 6a2ccbc9294a; files: src/config/plugin-auto-enable.shared.ts, src/config/plugin-auto-enable.core.test.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[Takhoffman]

@clawsweeper visualize

[clawsweeper]

🦞👀
ClawSweeper visual brief is being prepared.

I queued a read-only visual pass. It will create or update one marker-backed visual brief comment and will not trigger close, merge, repair, label, or branch changes.

Lens: auto

[clawsweeper]

Source: #87883 (comment)
Visual model: gpt-5.5, reasoning low.

Visual brief

Lens: state
Advisory only: maintainers remain the final judges.

Config state under bundledDiscovery: "compat"

Before this PR
--------------
plugins.allow: []                 🧠 meaning: nonrestrictive / allow bundled compat behavior
        |
        | doctor/plugin auto-enable sees Slack configured
        v
ensurePluginAllowlisted("slack")
        |
        v
plugins.allow: ["slack"]          🐛 meaning changed to restrictive
        |
        v
Bundled plugins outside list can be blocked ❌

Proposed behavior
-----------------
plugins.allow: []                 ✅ preserved as explicit empty / nonrestrictive
        |
        | doctor/plugin auto-enable sees Slack configured
        v
Slack enabled automatically ✅
        |
        v
plugins.allow: []                 ✅ still empty

Allowlist handling matrix

Input plugins.allow        Meaning in patch              Auto-enable behavior
-------------------        ----------------              --------------------
undefined                  no allowlist present           enable configured plugin; leave unset ✅
[]                         explicit nonrestrictive        enable configured plugin; keep [] ✅
["some-plugin"]            restrictive allowlist          add missing auto-enabled plugin ✅

Code path touched

materializePluginAutoEnableCandidatesInternal
        |
        +-- old guard:
        |      Array.isArray(allow)
        |      -> empty [] was treated like restrictive list 🐛
        |
        +-- new guard:
               Array.isArray(allow) && allow.length > 0
               -> only non-empty allowlists are extended ✅

Proof supplied

Unit regression:
  src/config/plugin-auto-enable.core.test.ts
  - config.plugins.allow = []
  - config.plugins.bundledDiscovery = "compat"
  - Slack bot token configured
  - expects Slack enabled ✅
  - expects plugins.allow remains [] ✅

Runtime-style proof in PR body:
  applyPluginAutoEnable(...)
  after allow: []
  after slack enabled: true
  changes: Slack configured, enabled automatically. ✅

Maintainer judgment points

🧑‍⚖️ Scope:
  XS patch, 2 files, 22 additions / 2 deletions.

🧑‍⚖️ Compatibility:
  Non-empty restrictive allowlists still get extended.
  Empty allowlists are now preserved as nonrestrictive.

⚠️ Remaining boundary:
  Proof is config-materialization level, not a full live gateway restart.
  That appears aligned with the claimed root cause, but maintainer judgment remains needed.

Legend: ✅ expected/preserved/proven; ❌ broken/failing path; ⚠️ unresolved concern/tradeoff; 🐛 confirmed bug path; 🧠 runtime/config state; 🧑‍⚖️ maintainer judgment point.

Maintainer ruling

Benefit: Preserves plugins.allow: [] semantics while still auto-enabling configured bundled plugins under compat discovery.
Risk: Low apparent code risk; main residual risk is whether live gateway loading has any separate allowlist gate not covered by this unit-level proof.
Proof needed: Existing supplied proof covers the config materialization invariant; optional live gateway confirmation would only broaden confidence.
Recommended next action: Maintainer review of whether empty plugins.allow is intended to remain nonrestrictive across all plugin loading paths.
Question presented: Should plugins.allow: [] continue to mean nonrestrictive when plugins.bundledDiscovery: "compat" is active?

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=c06837f5dd73626b95008752462337ec76ce226e)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-05-29T13:37:51Z
Merge commit: b3c7ef6e62f5

What merged:

• The PR changes plugin auto-enable materialization so an explicit empty plugins.allow stays empty while non-empty restrictive allowlists are still extended, and adds a regression test.
• PR surface: Source +3, Tests +17. Total +20 across 2 files.
• Reproducibility: yes. Source inspection of current main shows an empty array reaches ensurePluginAllowlisted, and the linked report gives a concrete doctor --fix config path that matches that code.

Automerge notes:

• No ClawSweeper repair was needed after automerge opt-in.

The automerge loop is complete.

Automerge progress:

• 2026-05-29 13:31:49 UTC review queued c06837f5dd73 (queued)

• 2026-05-29 13:37:31 UTC review passed c06837f5dd73 (structured ClawSweeper verdict: pass (sha=c06837f5dd73626b95008752462337ec76ce2...)

• 2026-05-29 12:46:38 UTC repair queued c06837f5dd73 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26638066006

• 2026-05-29 12:48:00 UTC repair started (running) in 0s Run: https://github.com/openclaw/clawsweeper/actions/runs/26638066006 automerge-openclaw-openclaw-87883

• 2026-05-29 12:48:18 UTC validation plan (passed) in 18s Run: https://github.com/openclaw/clawsweeper/actions/runs/26638066006 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-29 12:48:35 UTC Codex write preflight (passed) in 35s Run: https://github.com/openclaw/clawsweeper/actions/runs/26638066006 danger-full-access

• 2026-05-29 12:49:03 UTC Codex edit 1 c06837f5dd73 (running) in 1m 3s Run: https://github.com/openclaw/clawsweeper/actions/runs/26638066006 repairing branch

• 2026-05-29 13:09:07 UTC repair completed (no branch change) in 21m 7s Run: https://github.com/openclaw/clawsweeper/actions/runs/26638066006 Codex fix worker timed out after 1200000ms

• 2026-05-29 13:09:08 UTC repair finished (blocked) in 21m 8s Run: https://github.com/openclaw/clawsweeper/actions/runs/26638066006 Codex fix worker timed out after 1200000ms

• 2026-05-29 13:37:54 UTC merged c06837f5dd73 (merged by ClawSweeper automerge)