perf(config): dedupe plugin auto-enable fanout work

[ai-hpc]

Summary

Fixes the plugin auto-enable recomputation side of #81355.

applyPluginAutoEnable can be called repeatedly during the same cold-start RPC fanout with the same runtime config and environment inputs. This adds a same-turn cache keyed by config, env, manifest registry, and discovery identity so identical fanout calls reuse the computed result instead of re-running detection/materialization.

The cache is cleared on the next event-loop turn so mutable inputs such as process.env and plugin discovery state are not held as long-lived stale keys.

Verification

• pnpm test src/config/plugin-auto-enable.core.test.ts src/config/plugin-auto-enable.providers.test.ts src/config/plugin-auto-enable.channels.test.ts src/config/plugin-auto-enable.model-support.test.ts src/config/plugin-auto-enable.prefer-over.test.ts src/plugins/web-search-providers.runtime.test.ts
• pnpm exec oxfmt --check --threads=1 src/config/plugin-auto-enable.apply.ts src/config/plugin-auto-enable.core.test.ts
• git diff --check
• pnpm ui:build
• Full local browser E2E proof with a real gateway, production Control UI, throwaway state, token auth, and Chromium.

Real behavior proof

Behavior or issue addressed: Dashboard cold-start fanout no longer repeats the plugin auto-enable recomputation path across concurrent Control UI requests.

Real environment tested: Local OpenClaw checkout at 638b1e8ef5b0814f31f5652fb2ac3a053e4f129d, Node 22.22.2, production Control UI build, real local gateway with throwaway OpenClaw state, token auth, and Chromium.

Exact steps or command run after this patch:

1. Built the production Control UI with pnpm ui:build.
2. Started a real local gateway from this PR branch with throwaway state and token auth.
3. Opened the served Control UI in Chromium using the tokenized dashboard URL.
4. Loaded /overview and waited for the dashboard fanout.
5. Loaded /agents, selected the ops agent, opened Tools, and waited for tools.catalog.
6. Loaded /debug and invoked tts.status through the rendered manual RPC form.

Evidence after fix:
Terminal output from the full local browser E2E proof:

{
  "head": "638b1e8ef5b0814f31f5652fb2ac3a053e4f129d",
  "browserRendered": true,
  "routes": [
    "/overview",
    "/agents",
    "/debug"
  ],
  "okMethods": {
    "agent.identity.get": 6,
    "agents.files.list": 2,
    "agents.list": 4,
    "channels.status": 1,
    "config.get": 1,
    "connect": 3,
    "cron.list": 1,
    "cron.status": 1,
    "health": 5,
    "last-heartbeat": 2,
    "logs.tail": 1,
    "models.authStatus": 1,
    "models.list": 2,
    "sessions.list": 1,
    "sessions.messages.subscribe": 3,
    "sessions.subscribe": 3,
    "sessions.usage": 1,
    "skills.status": 1,
    "status": 2,
    "system-presence": 1,
    "tools.catalog": 1,
    "tts.status": 1,
    "usage.cost": 1
  },
  "errorMethods": {},
  "gatewayReady": true
}

Observed result after fix: The rendered dashboard completed overview cold-start fanout, agent tools loading, and the UI-invoked tts.status call without browser RPC errors.

What was not tested: No known gaps.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 5, 2026, 3:50 AM ET / 07:50 UTC.

Summary
Adds a same-turn WeakMap cache to applyPluginAutoEnable keyed by config, env, manifest registry, and discovery identity, plus regression tests for cache reuse and stale-input avoidance.

PR surface: Source +112, Tests +135. Total +247 across 2 files.

Reproducibility: yes. from source rather than a local timing run: the linked report identifies repeated cold-start fanout calls, and current code shows tools.catalog and plugin runtime load paths reach applyPluginAutoEnable. I did not run the live dashboard timing scenario in this read-only review.

Review metrics: none identified.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P2] Add a latest-head cold-start call-count or timing snippet if maintainers want the performance magnitude proven before merge.

Risk before merge

• [P1] The live browser proof in the PR body is from earlier head 638b1e8 and does not measure cold-start latency or cache-hit counts on the current head; this is not a correctness blocker, but maintainers may want latest-head timing if the performance claim is merge-critical.

Maintainer options:

1. Decide the mitigation before merge
   Land the focused same-turn cache after normal maintainer review if CI remains healthy; request a small latest-head timing or call-count snippet only if the performance magnitude needs merge-time proof.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• No automated repair is needed; the remaining action is ordinary maintainer review and merge validation.

Security
Cleared: The diff adds in-process memoization and tests only; it does not change dependencies, CI, packaging, secrets, permissions, or downloaded code execution.

Review details

Best possible solution:

Land the focused same-turn cache after normal maintainer review if CI remains healthy; request a small latest-head timing or call-count snippet only if the performance magnitude needs merge-time proof.

Do we have a high-confidence way to reproduce the issue?

Yes, from source rather than a local timing run: the linked report identifies repeated cold-start fanout calls, and current code shows tools.catalog and plugin runtime load paths reach applyPluginAutoEnable. I did not run the live dashboard timing scenario in this read-only review.

Is this the best way to solve the issue?

Yes. The latest implementation is a narrow owner-boundary fix because it caches only explicit metadata snapshots, fingerprints mutable config/env inputs, and leaves omitted metadata on the current uncached path; broader gateway-level caching would be higher risk.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 1a3ce7c2a8da.

Label changes

Label changes:

• add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes live local gateway, production Control UI, token auth, and Chromium output exercising the dashboard routes and RPCs after the central behavior change, though it does not measure the latency claim on the latest head.
• remove rating: 🧂 unranked krab: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.
• remove merge-risk: 🚨 compatibility: Current PR review selected no merge-risk labels.
• remove status: ⏳ waiting on author: Current PR status label is status: 👀 ready for maintainer look.

Label justifications:

• P2: This is a normal-priority gateway/plugin config performance fix with limited blast radius and no blocking correctness finding in the latest head.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes live local gateway, production Control UI, token auth, and Chromium output exercising the dashboard routes and RPCs after the central behavior change, though it does not measure the latency claim on the latest head.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes live local gateway, production Control UI, token auth, and Chromium output exercising the dashboard routes and RPCs after the central behavior change, though it does not measure the latency claim on the latest head.

Evidence reviewed

PR surface:

Source +112, Tests +135. Total +247 across 2 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	1	112	0	+112
Tests	1	135	0	+135
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	2	247	0	+247

What I checked:

• Repository policy read: Read the full root AGENTS.md and found no scoped AGENTS.md under src/config; the root policy makes config/plugin metadata cache changes compatibility-sensitive and requires whole-path review. (AGENTS.md:31, 1a3ce7c2a8da)
• Current main lacks the PR cache: Current main still computes candidates and immediately materializes them on each applyPluginAutoEnable call, so the central PR work is not already implemented on main. (src/config/plugin-auto-enable.apply.ts:52, 1a3ce7c2a8da)
• Latest PR cache is scoped to explicit metadata identities: At PR head, the cache path only runs when config, manifestRegistry, and discovery are all present, then keys through config, env, registry, and discovery WeakMap identities and checks config/env fingerprints before reuse. (src/config/plugin-auto-enable.apply.ts:130, d937944e7081)
• Implicit metadata path remains uncached: Current main resolves omitted manifest registries from the current plugin metadata snapshot or a loaded snapshot, and the latest PR bypasses caching when explicit registry/discovery inputs are missing. (src/config/plugin-auto-enable.shared.ts:958, 1a3ce7c2a8da)
• Gateway fanout callers can supply stable metadata: The runtime plugin load context resolves a metadata snapshot and passes its manifest registry plus discovery into applyPluginAutoEnable, which is the explicit-input path the PR optimizes. (src/plugins/runtime/load-context.ts:92, 1a3ce7c2a8da)
• Regression tests cover prior cache freshness risks: The PR adds tests for same-turn reuse, current snapshot replacement when metadata is omitted, explicit registry/env separation, config mutation, and env mutation. (src/config/plugin-auto-enable.core.test.ts:1032, d937944e7081)

Likely related people:

• Peter Steinberger: Blame for applyPluginAutoEnable, implicit manifest registry resolution, and the runtime config hash helper points to 82710b4; recent history also shows adjacent plugin runtime/context work. (role: current implementation and recent area contributor; confidence: high; commits: 82710b4f1f10, 1a63f5b972f6, 58f4099a4fb0; files: src/config/plugin-auto-enable.apply.ts, src/config/plugin-auto-enable.shared.ts, src/config/runtime-snapshot.ts)
• Vincent Koc: Recent history on the related plugin runtime and release baseline paths includes plugin SDK baseline and gateway/plugin hot-path commits near the affected surface. (role: recent plugin/runtime baseline contributor; confidence: medium; commits: 2e08f0f4221f, 9b25c8f8e1b8, d2ce3e9accc6; files: src/config/plugin-auto-enable.apply.ts, src/config/plugin-auto-enable.shared.ts, src/gateway/server-plugins.ts)
• Tak Hoffman: History on gateway plugin loading and tool registry reuse includes multiple regression fixes around auto-enabled plugin loads and stale registries. (role: adjacent gateway plugin auto-enable contributor; confidence: medium; commits: 1b5043f47bed, 36ac9224cc92, cfd1e94e6101; files: src/gateway/server-plugins.ts, src/plugins/tools.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[ai-hpc]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26951779338
• Updated: 2026-06-04T12:39:53.425Z

[shakkernerd]

Land-ready verification for rebase merge:

• Rebases onto current origin/main; final PR head is 7179cf54e6580a2f181e24002f7858da949f5522.
• Preserved GitHub-resolvable PR author identity on all commits: ai-hpc / NVIDIAN <183861985+ai-hpc@users.noreply.github.com>.
• Local proof after author repair: git diff --check; node scripts/run-vitest.mjs src/config/plugin-auto-enable.core.test.ts (51 passed).
• Auto review: .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main returned clean with no accepted/actionable findings.
• Crabbox proof: AWS Crabbox cbx_a145a2dbe32d, run run_b48b365efdb0; passed diff-check, format check, pnpm check:changed, and related Vitest (95 tests).
• GitHub CI: live PR rollup is clean: 160 checks, 0 pending, 0 failed.