npm - @wipcomputer/wip-ldm-os - Versions diffs - 0.4.73-alpha.31 → 0.4.73-alpha.33 - Mend

@wipcomputer/wip-ldm-os 0.4.73-alpha.31 → 0.4.73-alpha.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/lib/deploy.mjs +81 -3
package/package.json +1 -1

package/lib/deploy.mjs CHANGED Viewed

@@ -558,6 +558,55 @@ function updateToolsAllow(pluginName) {
   }
 }
+/**
+ * Reconcile tools.allow against plugins.entries in ~/.openclaw/openclaw.json.
+ *
+ * In OpenClaw 2026.4.8+, any plugin registered in plugins.entries but missing
+ * from tools.allow is silently blocked at runtime. Each blocked tool call
+ * spawns a root-key approval prompt to the user, flooding iMessage with
+ * approve-ids. This was observed on 2026-04-11 for model-provider plugins
+ * (anthropic, openai, xai) and imessage, which were enabled in plugins.entries
+ * but never added to tools.allow, because the per-plugin updateToolsAllow path
+ * only runs during new plugin deploys and the alpha.27/28 ReferenceError had
+ * silently dropped those entries anyway.
+ *
+ * This function is the self-healing step: at install time, walk plugins.entries,
+ * find any enabled plugin whose name is not already in tools.allow, and add it.
+ * Idempotent. Disabled plugins are skipped. Runs at both ends of installFromPath
+ * so a single `ldm install` repairs existing broken state without requiring a
+ * new plugin deploy.
+ *
+ * Background:
+ *   ai/product/bugs/code-fka-devopstoolkit/2026-04-11--cc-mini--update-tools-allow-reference-error.md
+ *
+ * This function MUST remain at module top level, same as updateToolsAllow.
+ */
+function reconcileToolsAllow() {
+  const ocConfigPath = join(OC_ROOT, 'openclaw.json');
+  if (!existsSync(ocConfigPath)) return;
+  try {
+    const raw = readFileSync(ocConfigPath, 'utf8');
+    const config = JSON.parse(raw);
+    if (!config.plugins?.entries || typeof config.plugins.entries !== 'object') return;
+    if (!config.tools?.allow || !Array.isArray(config.tools.allow)) return;
+    const enabledPlugins = Object.entries(config.plugins.entries)
+      .filter(([, entry]) => entry && entry.enabled !== false)
+      .map(([name]) => name);
+    const allow = config.tools.allow;
+    const missing = enabledPlugins.filter(name => !allow.includes(name));
+    if (missing.length === 0) return;
+    for (const name of missing) allow.push(name);
+    writeFileSync(ocConfigPath, JSON.stringify(config, null, 2) + '\n');
+    log(`Reconciled openclaw.json tools.allow: added ${missing.join(', ')}`);
+  } catch (e) {
+    log(`Warning: failed to reconcile tools.allow: ${e.message}`);
+  }
+}
 // ── OpenClaw plugin naming (fix #8) ──
 function resolveOcPluginName(repoPath, toolName) {
@@ -818,7 +867,6 @@ function registerMCP(repoPath, door, toolName) {
     const envFlag = existsSync(OC_ROOT) ? ` -e OPENCLAW_HOME="${OC_ROOT}"` : '';
     execSync(`claude mcp add --scope user ${name}${envFlag} -- node "${mcpPath}"`, { stdio: 'pipe' });
     ok(`MCP: registered ${name} at user scope`);
-    return true;
   } catch (e) {
     // Fallback: write to ~/.claude.json directly
     try {
@@ -830,12 +878,29 @@ function registerMCP(repoPath, door, toolName) {
       };
       writeJSON(ccUserPath, mcpConfig);
       ok(`MCP: registered ${name} in ~/.claude.json (fallback)`);
-      return true;
     } catch (e2) {
       fail(`MCP: registration failed. ${e.message}`);
       return false;
     }
   }
+  // Also register with OpenClaw so the MCP tools are available to all
+  // OpenClaw agents (e.g. Lēsa) without exec-approval gates. CC
+  // registration alone only gives tools to Claude Code sessions, not
+  // to OpenClaw's agent pipeline. Discovered 2026-04-11 when Lēsa
+  // lost xAI image gen tools after switching from Grok to Claude CLI.
+  try {
+    const ocMcpConfig = JSON.stringify({ command: 'node', args: [mcpPath] });
+    execSync(`openclaw mcp set ${name} '${ocMcpConfig}'`, { stdio: 'pipe' });
+    ok(`MCP: registered ${name} with OpenClaw`);
+  } catch {
+    // Non-fatal: OpenClaw may not be installed on all machines
+  }
+  // Add to OpenClaw tools.allow so the MCP tools are pre-authorized
+  updateToolsAllow(name);
+  return true;
 }
 /**
@@ -1199,10 +1264,19 @@ export function installToolbox(repoPath) {
 // ── Full install pipeline ──
 export async function installFromPath(repoPath) {
+  // Heal tools.allow before any install runs, so the current session picks up
+  // any drift left by earlier broken installs (alpha.27/28 ReferenceError).
+  // Idempotent: no-op if plugins.entries and tools.allow are already in sync.
+  reconcileToolsAllow();
   const subTools = detectToolbox(repoPath);
   if (subTools.length > 0) {
-    return installToolbox(repoPath);
+    const result = installToolbox(repoPath);
+    // Heal again after toolbox install in case any plugin was newly registered
+    // in plugins.entries but never added to tools.allow by its deploy path.
+    reconcileToolsAllow();
+    return result;
   }
   const installed = installSingleTool(repoPath);
@@ -1219,6 +1293,10 @@ export async function installFromPath(repoPath) {
     console.log('');
   }
+  // Final reconcile pass after single-tool install, for the same reason as
+  // the toolbox branch above.
+  reconcileToolsAllow();
   return { tools: 1, interfaces: installed };
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.73-alpha.31",
+  "version": "0.4.73-alpha.33",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {