squad-openclaw 2026.2.2706 → 2026.2.2707

package/README.md

@@ -11,6 +11,8 @@ OpenClaw gateway plugin for [Squad](https://squad.ceo) — provides entity regis
 | `squad.agents.add` | Plugin wrapper for creating agent scaffolding (workspace seed files, sessions skeleton, and config list entry) |
 | `squad.version.check` | Plugin version reporting |
 | `squad.questions.validate-envelope` | HUMAN_INPUT_REQUIRED envelope validation |
+| `squad.extensions.list`, `squad.extensions.update`, `squad.extensions.updateStatus` | Installed extension metadata, cached version checks, and update lifecycle status |
+| `squad.gateway.restart` | Trigger gateway restart for extension-update activation |
 | `tools.invoke`, `tools.list`, `squad.layout.get` | Core plugin RPC entrypoints for tool invocation/listing and gateway layout metadata |
 | `squad.plugin.status`, `squad.plugin.recover`, `squad.plugin.disable` | Plugin safety-state RPC control (status, recovery, manual disable) |
 | `GET /squad-internal/health` | Tailnet internal health + pairing capability metadata |
@@ -31,6 +33,8 @@ All `/squad-internal/*` routes enforce Tailnet context and origin checks. CORS p
 | `/squad-internal/pairing/request` | `POST` | Creates pairing request via gateway-native pairing methods (`node/devices/device.pair.request`) |
 | `/squad-internal/pairing/status` | `GET` | Resolves pairing status via gateway-native status methods (`node/devices/device.pair.status/get`) |
 
+Extension-management routes intentionally do not expose install commands. Only update/status/restart are available via RPC methods.
+
 ## State Directory Resolution
 
 All paths in this plugin (and throughout this README) that reference `~/.openclaw` resolve via environment override when set. This supports Docker and other containerized deployments where the OpenClaw data directory may not be at the default location.

package/dist/index.js

@@ -1412,12 +1412,662 @@ async function withTimeout(promise, timeoutMs, operation) {
   }
 }
 
-// src/plugin-safety-state.ts
-import crypto from "crypto";
+// src/extensions-management.ts
 import fs8 from "fs";
 import path8 from "path";
-var SAFETY_DIR = path8.join(getOpenclawStateDir(), "squad-ceo-data", "safety");
-var PLUGIN_SAFETY_STATE_PATH = path8.join(SAFETY_DIR, "plugin-state.json");
+import { spawn } from "child_process";
+
+// src/gateway-invoke.ts
+function asRecord2(value) {
+  return value && typeof value === "object" ? value : null;
+}
+function isInvoker(fn) {
+  return typeof fn === "function";
+}
+function isUnknownGatewayMethodError(message) {
+  return /unknown method|method .* unavailable|not found|invalid[_ ]request|does not exist/i.test(
+    message
+  );
+}
+async function callGatewayAny(ctx, api, method, params) {
+  const ctxGateway = asRecord2(ctx.gateway);
+  const apiGateway = asRecord2(api?.gateway);
+  const candidates = [
+    ctx.request,
+    ctx.callGatewayMethod,
+    ctx.gatewayRequest,
+    ctx.invokeGatewayMethod,
+    ctxGateway?.request,
+    ctxGateway?.callGatewayMethod,
+    api?.request,
+    api?.callGatewayMethod,
+    api?.gatewayRequest,
+    api?.invokeGatewayMethod,
+    apiGateway?.request,
+    apiGateway?.callGatewayMethod
+  ];
+  let lastErr = null;
+  for (const candidate of candidates) {
+    if (!isInvoker(candidate)) continue;
+    try {
+      return await candidate(method, params);
+    } catch (err2) {
+      lastErr = err2;
+      const msg = err2 instanceof Error ? err2.message : String(err2);
+      if (isUnknownGatewayMethodError(msg)) {
+        continue;
+      }
+      throw err2;
+    }
+  }
+  if (lastErr) throw lastErr;
+  throw new Error("Gateway method invocation API unavailable in plugin context");
+}
+
+// src/extensions-management.ts
+var DEFAULT_TTL_MS = 60 * 60 * 1e3;
+var MIN_TTL_MS = 1e4;
+var MAX_TTL_MS = 24 * 60 * 60 * 1e3;
+var NPM_FETCH_TIMEOUT_MS = readTimeoutMs("SQUAD_EXTENSIONS_NPM_FETCH_TIMEOUT_MS", 5e3, 1e3, 3e4);
+var RESTART_METHOD_TIMEOUT_MS = readTimeoutMs("SQUAD_GATEWAY_RESTART_METHOD_TIMEOUT_MS", 2e3, 500, 1e4);
+var OPENCLAW_BIN = process.env.SQUAD_OPENCLAW_BIN?.trim() || "openclaw";
+var DEFAULT_REGISTRY_BASE_URL = "https://registry.npmjs.org";
+var NPM_REGISTRY_BASE_URL = (process.env.SQUAD_NPM_REGISTRY_BASE_URL?.trim() || DEFAULT_REGISTRY_BASE_URL).replace(/\/+$/g, "");
+var updateStatuses = /* @__PURE__ */ new Map();
+var activeUpdatePluginId = null;
+var ExtensionsManagementError = class extends Error {
+  code;
+  details;
+  constructor(code, message, details = {}) {
+    super(message);
+    this.code = code;
+    this.details = details;
+  }
+};
+function isExtensionsManagementError(error) {
+  return error instanceof ExtensionsManagementError;
+}
+function toExtensionsErrorPayload(error) {
+  return {
+    code: error.code,
+    error: error.message,
+    errorCode: error.code,
+    errorMessage: error.message,
+    ...error.details
+  };
+}
+function nowIso() {
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+function parseMs(value) {
+  if (!value) return null;
+  const parsed = Date.parse(value);
+  return Number.isFinite(parsed) ? parsed : null;
+}
+function normalizeRefresh(value) {
+  if (value === "force" || value === "cache-only") return value;
+  return "if-stale";
+}
+function normalizeTtl(value) {
+  if (typeof value !== "number" || !Number.isFinite(value)) {
+    return DEFAULT_TTL_MS;
+  }
+  const rounded = Math.floor(value);
+  if (rounded < MIN_TTL_MS) return MIN_TTL_MS;
+  if (rounded > MAX_TTL_MS) return MAX_TTL_MS;
+  return rounded;
+}
+function asNonEmptyString(value) {
+  if (typeof value !== "string") return null;
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : null;
+}
+function readJsonFile(filePath) {
+  try {
+    return JSON.parse(fs8.readFileSync(filePath, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function ensureParentDir(filePath) {
+  fs8.mkdirSync(path8.dirname(filePath), { recursive: true });
+}
+function writeJsonFileAtomic(filePath, payload) {
+  ensureParentDir(filePath);
+  const tempPath = `${filePath}.${process.pid}.${Date.now()}.tmp`;
+  fs8.writeFileSync(tempPath, `${JSON.stringify(payload, null, 2)}
+`, "utf-8");
+  fs8.renameSync(tempPath, filePath);
+}
+function normalizeSource(value) {
+  if (value === "npm") return "npm";
+  if (typeof value === "string" && value.trim()) return "other";
+  return "unknown";
+}
+function normalizePluginStatus(value) {
+  if (value === "up_to_date" || value === "update_available" || value === "unknown" || value === "error") {
+    return value;
+  }
+  return "unknown";
+}
+function defaultUpdateStatus() {
+  return {
+    state: "idle",
+    startedAt: null,
+    finishedAt: null,
+    needsRestart: false,
+    error: null
+  };
+}
+function setUpdateStatus(pluginId, next) {
+  updateStatuses.set(pluginId, next);
+}
+function appendOutputTail(current, chunk, maxChars = 6e3) {
+  const combined = current + chunk;
+  if (combined.length <= maxChars) return combined;
+  return combined.slice(-maxChars);
+}
+function updateCachePath(stateDir) {
+  return path8.join(stateDir, "squad-ceo-data", "extensions", "update-check-cache.json");
+}
+function readUpdateCheckCache(stateDir) {
+  const filePath = updateCachePath(stateDir);
+  const raw = readJsonFile(filePath);
+  const entries = {};
+  const rawEntries = raw?.entries;
+  if (rawEntries && typeof rawEntries === "object" && !Array.isArray(rawEntries)) {
+    for (const [pluginId, value] of Object.entries(rawEntries)) {
+      if (!value || typeof value !== "object" || Array.isArray(value)) continue;
+      const record = value;
+      const checkedAt = asNonEmptyString(record.checkedAt);
+      if (!checkedAt) continue;
+      entries[pluginId] = {
+        pluginId,
+        packageName: asNonEmptyString(record.packageName),
+        checkedAt,
+        latestVersion: asNonEmptyString(record.latestVersion),
+        status: normalizePluginStatus(record.status),
+        checkError: asNonEmptyString(record.checkError)
+      };
+    }
+  }
+  return {
+    version: 1,
+    updatedAt: asNonEmptyString(raw?.updatedAt) ?? nowIso(),
+    entries
+  };
+}
+function writeUpdateCheckCache(stateDir, cache) {
+  const filePath = updateCachePath(stateDir);
+  writeJsonFileAtomic(filePath, cache);
+}
+function invalidateUpdateCheckCacheEntry(stateDir, pluginId) {
+  const cache = readUpdateCheckCache(stateDir);
+  if (!(pluginId in cache.entries)) return;
+  delete cache.entries[pluginId];
+  cache.updatedAt = nowIso();
+  writeUpdateCheckCache(stateDir, cache);
+}
+function loadInstallConfig(stateDir) {
+  const configPath = path8.join(stateDir, "openclaw.json");
+  const config = readJsonFile(configPath) ?? {};
+  const plugins = config.plugins ?? {};
+  const installs = plugins.installs ?? {};
+  const result = {};
+  for (const [pluginId, value] of Object.entries(installs)) {
+    const record = value && typeof value === "object" && !Array.isArray(value) ? value : {};
+    result[pluginId] = {
+      source: normalizeSource(record.source),
+      spec: asNonEmptyString(record.spec),
+      version: asNonEmptyString(record.version),
+      installPath: asNonEmptyString(record.installPath)
+    };
+  }
+  return result;
+}
+function derivePackageNameFromSpec(spec) {
+  if (!spec) return null;
+  let normalized = spec.trim();
+  if (!normalized) return null;
+  if (normalized.startsWith("npm:")) {
+    normalized = normalized.slice(4);
+  }
+  if (normalized.startsWith("@")) {
+    const slashIndex = normalized.indexOf("/");
+    if (slashIndex < 1) return null;
+    const versionAtIndex2 = normalized.indexOf("@", slashIndex + 1);
+    return versionAtIndex2 === -1 ? normalized : normalized.slice(0, versionAtIndex2);
+  }
+  const versionAtIndex = normalized.indexOf("@");
+  return versionAtIndex === -1 ? normalized : normalized.slice(0, versionAtIndex);
+}
+function isValidNpmPackageName(value) {
+  if (!value) return false;
+  return /^(?:@[a-z0-9][a-z0-9._-]*\/)?[a-z0-9][a-z0-9._-]*$/i.test(value);
+}
+function isValidSpecForCommand(value) {
+  if (!value) return false;
+  return /^[a-z0-9@._/-]+$/i.test(value);
+}
+function readInstalledPluginDescriptors(stateDir) {
+  const extensionsDir = path8.join(stateDir, "extensions");
+  let entries = [];
+  try {
+    entries = fs8.readdirSync(extensionsDir, { withFileTypes: true });
+  } catch {
+    return [];
+  }
+  const installs = loadInstallConfig(stateDir);
+  const descriptors = [];
+  for (const entry of entries) {
+    if (!entry.isDirectory()) continue;
+    const pluginDir = path8.join(extensionsDir, entry.name);
+    const manifestPath = path8.join(pluginDir, "openclaw.plugin.json");
+    const manifest = readJsonFile(manifestPath);
+    if (!manifest) continue;
+    const pluginId = asNonEmptyString(manifest.id) ?? entry.name;
+    const packageJson = readJsonFile(path8.join(pluginDir, "package.json"));
+    const install = installs[pluginId] ?? {
+      source: "unknown",
+      spec: null,
+      version: null,
+      installPath: null
+    };
+    const packageName = asNonEmptyString(packageJson?.name) ?? derivePackageNameFromSpec(install.spec);
+    const source = install.source;
+    descriptors.push({
+      pluginId,
+      name: asNonEmptyString(manifest.name) ?? asNonEmptyString(packageJson?.name) ?? pluginId,
+      description: asNonEmptyString(manifest.description) ?? asNonEmptyString(packageJson?.description),
+      pluginDir,
+      packageName: isValidNpmPackageName(packageName) ? packageName : null,
+      currentVersion: asNonEmptyString(packageJson?.version) ?? install.version,
+      source,
+      spec: install.spec
+    });
+  }
+  descriptors.sort((a, b) => a.name.localeCompare(b.name));
+  return descriptors;
+}
+function comparePrerelease(a, b) {
+  if (!a && !b) return 0;
+  if (!a) return 1;
+  if (!b) return -1;
+  const aParts = a.split(".");
+  const bParts = b.split(".");
+  const maxLen = Math.max(aParts.length, bParts.length);
+  for (let i = 0; i < maxLen; i++) {
+    const aPart = aParts[i];
+    const bPart = bParts[i];
+    if (aPart == null) return -1;
+    if (bPart == null) return 1;
+    const aNum = Number(aPart);
+    const bNum = Number(bPart);
+    const bothNumeric = Number.isInteger(aNum) && Number.isInteger(bNum);
+    if (bothNumeric) {
+      if (aNum > bNum) return 1;
+      if (aNum < bNum) return -1;
+      continue;
+    }
+    const cmp = aPart.localeCompare(bPart);
+    if (cmp !== 0) return cmp > 0 ? 1 : -1;
+  }
+  return 0;
+}
+function compareVersionValues(a, b) {
+  const semverRe = /^(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z.-]+))?(?:\+[0-9A-Za-z.-]+)?$/;
+  const aMatch = a.match(semverRe);
+  const bMatch = b.match(semverRe);
+  if (!aMatch || !bMatch) {
+    const cmp = a.localeCompare(b, void 0, { numeric: true, sensitivity: "base" });
+    if (cmp === 0) return 0;
+    return cmp > 0 ? 1 : -1;
+  }
+  for (let i = 1; i <= 3; i++) {
+    const aPart = Number(aMatch[i]);
+    const bPart = Number(bMatch[i]);
+    if (aPart > bPart) return 1;
+    if (aPart < bPart) return -1;
+  }
+  return comparePrerelease(aMatch[4] ?? null, bMatch[4] ?? null);
+}
+function supportsNpmUpdate(plugin) {
+  return plugin.source === "npm" && isValidNpmPackageName(plugin.packageName);
+}
+function resolveUpdateSpec(plugin) {
+  if (isValidSpecForCommand(plugin.spec)) return plugin.spec;
+  if (isValidSpecForCommand(plugin.packageName)) return plugin.packageName;
+  return null;
+}
+async function fetchLatestVersion(packageName) {
+  const encoded = encodeURIComponent(packageName);
+  const url = `${NPM_REGISTRY_BASE_URL}/${encoded}/latest`;
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), NPM_FETCH_TIMEOUT_MS);
+  try {
+    const response = await fetch(url, { signal: controller.signal });
+    if (!response.ok) {
+      return {
+        latestVersion: null,
+        checkError: `Registry request failed (${response.status})`
+      };
+    }
+    const json2 = await response.json();
+    const latestVersion = asNonEmptyString(json2?.version);
+    if (!latestVersion) {
+      return {
+        latestVersion: null,
+        checkError: "Registry response did not include a valid version."
+      };
+    }
+    return { latestVersion, checkError: null };
+  } catch (error) {
+    const isAbortError = !!(error && typeof error === "object" && "name" in error && error.name === "AbortError");
+    if (isAbortError) {
+      return { latestVersion: null, checkError: `Registry request timed out after ${NPM_FETCH_TIMEOUT_MS}ms` };
+    }
+    const message = error instanceof Error ? error.message : String(error);
+    return { latestVersion: null, checkError: message };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+function shouldRefreshCacheEntry(mode, ttlMs, now, entry) {
+  if (mode === "cache-only") return false;
+  if (mode === "force") return true;
+  if (!entry) return true;
+  const checkedAtMs = parseMs(entry.checkedAt);
+  if (checkedAtMs == null) return true;
+  return now - checkedAtMs > ttlMs;
+}
+async function listExtensions(params = {}) {
+  const stateDir = getOpenclawStateDir();
+  const refreshMode = normalizeRefresh(params.refresh);
+  const ttlMs = normalizeTtl(params.ttlMs);
+  const nowMs = Date.now();
+  const now = nowIso();
+  const plugins = readInstalledPluginDescriptors(stateDir);
+  const cache = readUpdateCheckCache(stateDir);
+  let cacheDirty = false;
+  let maxCheckedAtMs = null;
+  const resultPlugins = [];
+  for (const plugin of plugins) {
+    const updateSupport = supportsNpmUpdate(plugin) ? "supported" : "unsupported";
+    let latestVersion = null;
+    let status = "unknown";
+    let checkError = null;
+    let checkedAt = null;
+    const cacheEntry = cache.entries[plugin.pluginId] ?? null;
+    if (updateSupport === "supported") {
+      if (shouldRefreshCacheEntry(refreshMode, ttlMs, nowMs, cacheEntry)) {
+        const fetchResult = await fetchLatestVersion(plugin.packageName);
+        if (fetchResult.checkError) {
+          latestVersion = cacheEntry?.latestVersion ?? null;
+          status = "error";
+          checkError = fetchResult.checkError;
+          checkedAt = now;
+        } else {
+          latestVersion = fetchResult.latestVersion;
+          status = "unknown";
+          checkError = null;
+          checkedAt = now;
+        }
+        cache.entries[plugin.pluginId] = {
+          pluginId: plugin.pluginId,
+          packageName: plugin.packageName,
+          checkedAt,
+          latestVersion,
+          status,
+          checkError
+        };
+        cacheDirty = true;
+      } else if (cacheEntry) {
+        latestVersion = cacheEntry.latestVersion;
+        status = cacheEntry.status;
+        checkError = cacheEntry.checkError;
+        checkedAt = cacheEntry.checkedAt;
+      }
+      if (plugin.currentVersion && latestVersion) {
+        const updateAvailable2 = compareVersionValues(latestVersion, plugin.currentVersion) > 0;
+        if (status !== "error") {
+          status = updateAvailable2 ? "update_available" : "up_to_date";
+        }
+      } else if (status !== "error") {
+        status = "unknown";
+      }
+    } else {
+      status = "unknown";
+    }
+    const checkedAtMs = parseMs(checkedAt);
+    if (checkedAtMs != null && (maxCheckedAtMs == null || checkedAtMs > maxCheckedAtMs)) {
+      maxCheckedAtMs = checkedAtMs;
+    }
+    const updateAvailable = updateSupport === "supported" && latestVersion && plugin.currentVersion ? compareVersionValues(latestVersion, plugin.currentVersion) > 0 : null;
+    resultPlugins.push({
+      pluginId: plugin.pluginId,
+      name: plugin.name,
+      description: plugin.description,
+      currentVersion: plugin.currentVersion,
+      latestVersion,
+      updateAvailable,
+      updateSupport,
+      source: plugin.source,
+      spec: plugin.spec,
+      packageName: plugin.packageName,
+      status,
+      checkError,
+      checkedAt
+    });
+  }
+  if (cacheDirty) {
+    cache.updatedAt = now;
+    writeUpdateCheckCache(stateDir, cache);
+  }
+  return {
+    checkedAt: maxCheckedAtMs == null ? null : new Date(maxCheckedAtMs).toISOString(),
+    ttlMs,
+    plugins: resultPlugins
+  };
+}
+function buildOpenClawCommandEnv(stateDir) {
+  return {
+    ...process.env,
+    OPENCLAW_STATE_DIR: process.env.OPENCLAW_STATE_DIR ?? stateDir,
+    OPENCLAW_CONFIG_PATH: process.env.OPENCLAW_CONFIG_PATH ?? path8.join(stateDir, "openclaw.json"),
+    OPENCLAW_HOME: process.env.OPENCLAW_HOME ?? path8.join(stateDir, "home")
+  };
+}
+function listInstalledPluginIds(stateDir) {
+  return readInstalledPluginDescriptors(stateDir).map((plugin) => plugin.pluginId);
+}
+function normalizePluginIds(value) {
+  if (!Array.isArray(value)) return null;
+  const ids = [];
+  for (const entry of value) {
+    const id = asNonEmptyString(entry);
+    if (!id) continue;
+    if (!ids.includes(id)) ids.push(id);
+  }
+  return ids;
+}
+function getExtensionsUpdateStatus(params = {}) {
+  const stateDir = getOpenclawStateDir();
+  const requestedIds = normalizePluginIds(params.pluginIds);
+  const pluginIds = requestedIds ?? listInstalledPluginIds(stateDir);
+  for (const id of updateStatuses.keys()) {
+    if (!pluginIds.includes(id) && requestedIds == null) {
+      pluginIds.push(id);
+    }
+  }
+  const statuses = {};
+  for (const pluginId of pluginIds) {
+    statuses[pluginId] = updateStatuses.get(pluginId) ?? defaultUpdateStatus();
+  }
+  return { statuses };
+}
+function updateFinishMessage(command, code, signal, stdoutTail, stderrTail) {
+  const details = [];
+  details.push(`${command} exited with code=${String(code)} signal=${String(signal)}`);
+  if (stderrTail.trim()) {
+    details.push(`stderr: ${stderrTail.trim()}`);
+  } else if (stdoutTail.trim()) {
+    details.push(`stdout: ${stdoutTail.trim()}`);
+  }
+  return details.join(" | ");
+}
+function startExtensionUpdate(params) {
+  const pluginId = asNonEmptyString(params.pluginId);
+  if (!pluginId) {
+    throw new ExtensionsManagementError("INVALID_REQUEST", "pluginId is required");
+  }
+  if (activeUpdatePluginId) {
+    const activeStatus = updateStatuses.get(activeUpdatePluginId);
+    if (activeStatus?.state === "running") {
+      throw new ExtensionsManagementError(
+        "UPDATE_IN_PROGRESS",
+        `Another extension update is already in progress (${activeUpdatePluginId}).`,
+        { inProgressPluginId: activeUpdatePluginId }
+      );
+    }
+  }
+  const stateDir = getOpenclawStateDir();
+  const plugins = readInstalledPluginDescriptors(stateDir);
+  const plugin = plugins.find((entry) => entry.pluginId === pluginId);
+  if (!plugin) {
+    throw new ExtensionsManagementError("EXTENSION_NOT_FOUND", `Extension '${pluginId}' is not installed.`);
+  }
+  if (!supportsNpmUpdate(plugin)) {
+    throw new ExtensionsManagementError(
+      "UPDATE_NOT_SUPPORTED",
+      `Extension '${pluginId}' does not support updates via npm.`
+    );
+  }
+  const spec = resolveUpdateSpec(plugin);
+  if (!spec) {
+    throw new ExtensionsManagementError(
+      "UPDATE_NOT_SUPPORTED",
+      `Extension '${pluginId}' does not have a valid npm spec for updates.`
+    );
+  }
+  const startedAt = nowIso();
+  setUpdateStatus(pluginId, {
+    state: "running",
+    startedAt,
+    finishedAt: null,
+    needsRestart: false,
+    error: null
+  });
+  activeUpdatePluginId = pluginId;
+  const commandArgs = ["plugins", "update", spec];
+  const child = spawn(OPENCLAW_BIN, commandArgs, {
+    env: buildOpenClawCommandEnv(stateDir),
+    stdio: ["ignore", "pipe", "pipe"]
+  });
+  let stdoutTail = "";
+  let stderrTail = "";
+  let finalized = false;
+  const finalize = (status) => {
+    if (finalized) return;
+    finalized = true;
+    setUpdateStatus(pluginId, status);
+    if (activeUpdatePluginId === pluginId) {
+      activeUpdatePluginId = null;
+    }
+    invalidateUpdateCheckCacheEntry(stateDir, pluginId);
+  };
+  child.stdout?.on("data", (chunk) => {
+    stdoutTail = appendOutputTail(stdoutTail, chunk.toString("utf-8"));
+  });
+  child.stderr?.on("data", (chunk) => {
+    stderrTail = appendOutputTail(stderrTail, chunk.toString("utf-8"));
+  });
+  child.on("error", (error) => {
+    const message = error instanceof Error ? error.message : String(error);
+    finalize({
+      state: "failed",
+      startedAt,
+      finishedAt: nowIso(),
+      needsRestart: false,
+      error: `Failed to start update command: ${message}`
+    });
+  });
+  child.on("exit", (code, signal) => {
+    const finishedAt = nowIso();
+    if (code === 0) {
+      finalize({
+        state: "success",
+        startedAt,
+        finishedAt,
+        needsRestart: true,
+        error: null
+      });
+      return;
+    }
+    finalize({
+      state: "failed",
+      startedAt,
+      finishedAt,
+      needsRestart: false,
+      error: updateFinishMessage(`${OPENCLAW_BIN} ${commandArgs.join(" ")}`, code, signal, stdoutTail, stderrTail)
+    });
+  });
+  return {
+    accepted: true,
+    pluginId,
+    state: "running"
+  };
+}
+async function tryGatewayRestartMethod(payload, api) {
+  const methods = [
+    "gateway.restart",
+    "openclaw.gateway.restart",
+    "system.restart",
+    "node.restart"
+  ];
+  for (const method of methods) {
+    try {
+      await withTimeout(
+        callGatewayAny(payload, api, method, {}),
+        RESTART_METHOD_TIMEOUT_MS,
+        `restart method ${method}`
+      );
+      return true;
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (isUnknownGatewayMethodError(message)) {
+        continue;
+      }
+      return false;
+    }
+  }
+  return false;
+}
+function spawnGatewayRestartCommand(stateDir) {
+  const child = spawn(OPENCLAW_BIN, ["gateway", "restart"], {
+    env: buildOpenClawCommandEnv(stateDir),
+    detached: true,
+    stdio: "ignore"
+  });
+  child.unref();
+}
+async function restartGateway(payload, api) {
+  const stateDir = getOpenclawStateDir();
+  const usedGatewayMethod = await tryGatewayRestartMethod(payload, api);
+  if (!usedGatewayMethod) {
+    spawnGatewayRestartCommand(stateDir);
+  }
+  return {
+    accepted: true,
+    issuedAt: nowIso()
+  };
+}
+
+// src/plugin-safety-state.ts
+import crypto from "crypto";
+import fs9 from "fs";
+import path9 from "path";
+var SAFETY_DIR = path9.join(getOpenclawStateDir(), "squad-ceo-data", "safety");
+var PLUGIN_SAFETY_STATE_PATH = path9.join(SAFETY_DIR, "plugin-state.json");
 var FAILURE_THRESHOLD = readIntegerEnv("SQUAD_PLUGIN_FAILURE_THRESHOLD", 3, 1, 50);
 var FAILURE_WINDOW_MS = readTimeoutMs("SQUAD_PLUGIN_FAILURE_WINDOW_MS", 5 * 60 * 1e3, 1e3, 24 * 60 * 60 * 1e3);
 var QUARANTINE_MS = readTimeoutMs("SQUAD_PLUGIN_QUARANTINE_MS", 10 * 60 * 1e3, 1e3, 24 * 60 * 60 * 1e3);
@@ -1431,7 +2081,7 @@ function readIntegerEnv(envName, fallback, min, max) {
   if (rounded > max) return max;
   return rounded;
 }
-function nowIso() {
+function nowIso2() {
   return (/* @__PURE__ */ new Date()).toISOString();
 }
 function normalizeIso(value) {
@@ -1456,7 +2106,7 @@ function normalizeFailureCount(value) {
   const rounded = Math.floor(value);
   return rounded > 0 ? rounded : 0;
 }
-function parseMs(value) {
+function parseMs2(value) {
   if (!value) return null;
   const parsed = Date.parse(value);
   if (!Number.isFinite(parsed)) return null;
@@ -1477,7 +2127,7 @@ function defaultPersistedState() {
     failureWindowStartedAt: null,
     quarantineUntil: null,
     lastErrorId: null,
-    updatedAt: nowIso()
+    updatedAt: nowIso2()
   };
 }
 function sanitizePersistedState(value) {
@@ -1498,12 +2148,12 @@ function sanitizePersistedState(value) {
     failureWindowStartedAt: normalizeIso(record.failureWindowStartedAt),
     quarantineUntil: normalizeIso(record.quarantineUntil),
     lastErrorId: normalizeString(record.lastErrorId),
-    updatedAt: normalizeIso(record.updatedAt) ?? nowIso()
+    updatedAt: normalizeIso(record.updatedAt) ?? nowIso2()
   };
 }
 function readPersistedState() {
   try {
-    const raw = fs8.readFileSync(PLUGIN_SAFETY_STATE_PATH, "utf-8");
+    const raw = fs9.readFileSync(PLUGIN_SAFETY_STATE_PATH, "utf-8");
     return sanitizePersistedState(JSON.parse(raw));
   } catch {
     return defaultPersistedState();
@@ -1511,11 +2161,11 @@ function readPersistedState() {
 }
 function writePersistedState(state) {
   try {
-    fs8.mkdirSync(SAFETY_DIR, { recursive: true });
+    fs9.mkdirSync(SAFETY_DIR, { recursive: true });
     const tempPath = `${PLUGIN_SAFETY_STATE_PATH}.${process.pid}.${Date.now()}.tmp`;
-    fs8.writeFileSync(tempPath, `${JSON.stringify(state, null, 2)}
+    fs9.writeFileSync(tempPath, `${JSON.stringify(state, null, 2)}
 `, "utf-8");
-    fs8.renameSync(tempPath, PLUGIN_SAFETY_STATE_PATH);
+    fs9.renameSync(tempPath, PLUGIN_SAFETY_STATE_PATH);
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
     console.warn(`[squad-openclaw] failed to persist plugin safety state: ${message}`);
@@ -1554,7 +2204,7 @@ function snapshotFromState(state, source, canRecover) {
 }
 function maybeReleaseExpiredQuarantine(state) {
   if (state.state !== "QUARANTINED_AUTO") return state;
-  const untilMs = parseMs(state.quarantineUntil);
+  const untilMs = parseMs2(state.quarantineUntil);
   if (untilMs == null || Date.now() < untilMs) return state;
   const released = {
     ...state,
@@ -1562,11 +2212,11 @@ function maybeReleaseExpiredQuarantine(state) {
     reasonCode: null,
     reasonMessage: null,
     remediation: null,
-    triggeredAt: nowIso(),
+    triggeredAt: nowIso2(),
     quarantineUntil: null,
     failureCount: 0,
     failureWindowStartedAt: null,
-    updatedAt: nowIso()
+    updatedAt: nowIso2()
   };
   writePersistedState(released);
   return released;
@@ -1587,8 +2237,8 @@ function getPluginSafetySnapshot() {
       reasonCode: "ENV_KILL_SWITCH",
       reasonMessage: envKillSwitchReason(),
       remediation: "Unset SQUAD_PLUGIN_DISABLED and restart the gateway process.",
-      triggeredAt: persisted.triggeredAt ?? nowIso(),
-      updatedAt: nowIso()
+      triggeredAt: persisted.triggeredAt ?? nowIso2(),
+      updatedAt: nowIso2()
     };
     return snapshotFromState(envState, "env", false);
   }
@@ -1602,7 +2252,7 @@ function recordPluginFailure(failureCode, failureMessage, remediation) {
   const state = readPersistedState();
   const nowMs = Date.now();
   const now = new Date(nowMs).toISOString();
-  const windowStartMs = parseMs(state.failureWindowStartedAt);
+  const windowStartMs = parseMs2(state.failureWindowStartedAt);
   if (windowStartMs == null || nowMs - windowStartMs > FAILURE_WINDOW_MS) {
     state.failureWindowStartedAt = now;
     state.failureCount = 1;
@@ -1630,7 +2280,7 @@ function recordPluginFailure(failureCode, failureMessage, remediation) {
 function setPluginManualDisabled(reasonCode = "MANUAL_KILL_SWITCH", reasonMessage = "Plugin manually disabled", remediation = "Run squad.plugin.recover after resolving plugin issues.") {
   if (isEnvKillSwitchActive()) return getPluginSafetySnapshot();
   const state = readPersistedState();
-  const now = nowIso();
+  const now = nowIso2();
   state.state = "DISABLED_MANUAL";
   state.reasonCode = reasonCode;
   state.reasonMessage = reasonMessage;
@@ -1650,7 +2300,7 @@ function recoverPlugin(reasonMessage = "Plugin manually recovered") {
     };
   }
   const state = readPersistedState();
-  const now = nowIso();
+  const now = nowIso2();
   state.state = "ACTIVE";
   state.reasonCode = null;
   state.reasonMessage = null;
@@ -1837,6 +2487,93 @@ function registerSquadSharedApi(api, onFsChange) {
         }
       }
     );
+    safeRegisterGatewayMethod(
+      "squad.extensions.list",
+      async ({ params, respond }) => {
+        const safetySnapshot = getPluginSafetySnapshot();
+        if (isPluginExecutionBlocked(safetySnapshot)) {
+          respond(false, pluginBlockedPayload(safetySnapshot));
+          return;
+        }
+        try {
+          const result = await listExtensions({
+            refresh: params?.refresh,
+            ttlMs: params?.ttlMs
+          });
+          respond(true, result);
+        } catch (err2) {
+          if (isExtensionsManagementError(err2)) {
+            respond(false, toExtensionsErrorPayload(err2));
+            return;
+          }
+          respond(false, { errorMessage: errorMessage(err2) });
+        }
+      }
+    );
+    safeRegisterGatewayMethod(
+      "squad.extensions.update",
+      async ({ params, respond }) => {
+        const safetySnapshot = getPluginSafetySnapshot();
+        if (isPluginExecutionBlocked(safetySnapshot)) {
+          respond(false, pluginBlockedPayload(safetySnapshot));
+          return;
+        }
+        try {
+          const result = startExtensionUpdate({
+            pluginId: params?.pluginId
+          });
+          respond(true, result);
+        } catch (err2) {
+          if (isExtensionsManagementError(err2)) {
+            respond(false, toExtensionsErrorPayload(err2));
+            return;
+          }
+          respond(false, { errorMessage: errorMessage(err2) });
+        }
+      }
+    );
+    safeRegisterGatewayMethod(
+      "squad.extensions.updateStatus",
+      async ({ params, respond }) => {
+        const safetySnapshot = getPluginSafetySnapshot();
+        if (isPluginExecutionBlocked(safetySnapshot)) {
+          respond(false, pluginBlockedPayload(safetySnapshot));
+          return;
+        }
+        try {
+          const result = getExtensionsUpdateStatus({
+            pluginIds: params?.pluginIds
+          });
+          respond(true, result);
+        } catch (err2) {
+          if (isExtensionsManagementError(err2)) {
+            respond(false, toExtensionsErrorPayload(err2));
+            return;
+          }
+          respond(false, { errorMessage: errorMessage(err2) });
+        }
+      }
+    );
+    safeRegisterGatewayMethod(
+      "squad.gateway.restart",
+      async (payload) => {
+        const safetySnapshot = getPluginSafetySnapshot();
+        if (isPluginExecutionBlocked(safetySnapshot)) {
+          payload.respond(false, pluginBlockedPayload(safetySnapshot));
+          return;
+        }
+        try {
+          const result = await restartGateway(payload, api);
+          payload.respond(true, result);
+        } catch (err2) {
+          if (isExtensionsManagementError(err2)) {
+            payload.respond(false, toExtensionsErrorPayload(err2));
+            return;
+          }
+          payload.respond(false, { errorMessage: errorMessage(err2) });
+        }
+      }
+    );
   };
   return {
     invokeTool,
@@ -1846,13 +2583,13 @@ function registerSquadSharedApi(api, onFsChange) {
 }
 
 // src/migrations/runner.ts
-import fs11 from "fs";
-import path11 from "path";
+import fs12 from "fs";
+import path12 from "path";
 
 // src/migrations/001-enable-main-subagent-access.ts
-import fs9 from "fs";
-import path9 from "path";
-function asRecord2(value) {
+import fs10 from "fs";
+import path10 from "path";
+function asRecord3(value) {
   if (!value || typeof value !== "object" || Array.isArray(value)) return null;
   return value;
 }
@@ -1867,24 +2604,24 @@ function mergeStringArrayWithWildcard(value) {
   return Array.from(next);
 }
 function patchConfigOnDisk() {
-  const configPath = path9.join(getOpenclawStateDir(), "openclaw.json");
-  const raw = fs9.readFileSync(configPath, "utf-8");
+  const configPath = path10.join(getOpenclawStateDir(), "openclaw.json");
+  const raw = fs10.readFileSync(configPath, "utf-8");
   const parsed = JSON.parse(raw);
-  const agents = asRecord2(parsed.agents) ?? {};
-  const defaults = asRecord2(agents.defaults) ?? {};
-  const subagentsDefaults = asRecord2(defaults.subagents) ?? {};
+  const agents = asRecord3(parsed.agents) ?? {};
+  const defaults = asRecord3(agents.defaults) ?? {};
+  const subagentsDefaults = asRecord3(defaults.subagents) ?? {};
   defaults.maxConcurrent = 4;
   defaults.subagents = {
     ...subagentsDefaults,
     maxConcurrent: 8
   };
   const listRaw = Array.isArray(agents.list) ? agents.list : [];
-  const list = listRaw.map((entry) => asRecord2(entry)).filter((entry) => Boolean(entry));
+  const list = listRaw.map((entry) => asRecord3(entry)).filter((entry) => Boolean(entry));
   const mainIndex = list.findIndex((entry) => entry.id === "main");
   const existingMain = mainIndex >= 0 ? list[mainIndex] : {};
-  const existingIdentity = asRecord2(existingMain.identity) ?? {};
-  const existingTools = asRecord2(existingMain.tools) ?? {};
-  const existingSubagents = asRecord2(existingMain.subagents) ?? {};
+  const existingIdentity = asRecord3(existingMain.identity) ?? {};
+  const existingTools = asRecord3(existingMain.tools) ?? {};
+  const existingSubagents = asRecord3(existingMain.subagents) ?? {};
   const nextMain = {
     ...existingMain,
     id: "main",
@@ -1908,7 +2645,7 @@ function patchConfigOnDisk() {
     defaults,
     list
   };
-  fs9.writeFileSync(configPath, `${JSON.stringify(parsed, null, 2)}
+  fs10.writeFileSync(configPath, `${JSON.stringify(parsed, null, 2)}
 `, "utf-8");
 }
 var migration = {
@@ -1983,13 +2720,13 @@ var migration = {
 var enable_main_subagent_access_default = migration;
 
 // src/auth-profiles.ts
-import fs10 from "fs";
-import path10 from "path";
+import fs11 from "fs";
+import path11 from "path";
 function getMainAuthProfilesPath(stateDir) {
-  return path10.join(stateDir, "agents", "main", "agent", "auth-profiles.json");
+  return path11.join(stateDir, "agents", "main", "agent", "auth-profiles.json");
 }
 function getAgentAuthProfilesPath(stateDir, agentId) {
-  return path10.join(stateDir, "agents", agentId, "agent", "auth-profiles.json");
+  return path11.join(stateDir, "agents", agentId, "agent", "auth-profiles.json");
 }
 function ensureAgentAuthProfiles(agentId) {
   const normalizedAgentId = agentId.trim();
@@ -1997,17 +2734,17 @@ function ensureAgentAuthProfiles(agentId) {
   const stateDir = getOpenclawStateDir();
   const sourcePath = getMainAuthProfilesPath(stateDir);
   const targetPath = getAgentAuthProfilesPath(stateDir, normalizedAgentId);
-  if (!fs10.existsSync(sourcePath) || fs10.existsSync(targetPath)) return false;
-  fs10.mkdirSync(path10.dirname(targetPath), { recursive: true });
-  fs10.copyFileSync(sourcePath, targetPath);
+  if (!fs11.existsSync(sourcePath) || fs11.existsSync(targetPath)) return false;
+  fs11.mkdirSync(path11.dirname(targetPath), { recursive: true });
+  fs11.copyFileSync(sourcePath, targetPath);
   return true;
 }
 function backfillAgentAuthProfiles() {
   const stateDir = getOpenclawStateDir();
-  const agentsDir = path10.join(stateDir, "agents");
-  if (!fs10.existsSync(agentsDir)) return [];
+  const agentsDir = path11.join(stateDir, "agents");
+  if (!fs11.existsSync(agentsDir)) return [];
   const copied = [];
-  for (const entry of fs10.readdirSync(agentsDir, { withFileTypes: true })) {
+  for (const entry of fs11.readdirSync(agentsDir, { withFileTypes: true })) {
     if (!entry.isDirectory()) continue;
     const agentId = entry.name;
     if (ensureAgentAuthProfiles(agentId)) {
@@ -2038,8 +2775,8 @@ var STARTUP_MIGRATIONS = [
 ];
 
 // src/migrations/runner.ts
-var MIGRATIONS_DIR = path11.join(getOpenclawStateDir(), "squad-ceo-data");
-var MIGRATIONS_PATH = path11.join(MIGRATIONS_DIR, "migrations.json");
+var MIGRATIONS_DIR = path12.join(getOpenclawStateDir(), "squad-ceo-data");
+var MIGRATIONS_PATH = path12.join(MIGRATIONS_DIR, "migrations.json");
 var STARTUP_MIGRATION_TIMEOUT_MS = readTimeoutMs("SQUAD_STARTUP_MIGRATION_TIMEOUT_MS", 2e4);
 var STARTUP_GATEWAY_CALL_TIMEOUT_MS = readTimeoutMs("SQUAD_STARTUP_GATEWAY_CALL_TIMEOUT_MS", 5e3);
 function defaultState() {
@@ -2050,7 +2787,7 @@ function defaultState() {
 }
 function readState() {
   try {
-    const raw = fs11.readFileSync(MIGRATIONS_PATH, "utf-8");
+    const raw = fs12.readFileSync(MIGRATIONS_PATH, "utf-8");
     const parsed = JSON.parse(raw);
     if (!Array.isArray(parsed.completed)) return defaultState();
     return {
@@ -2062,8 +2799,8 @@ function readState() {
   }
 }
 function writeState(state) {
-  fs11.mkdirSync(MIGRATIONS_DIR, { recursive: true });
-  fs11.writeFileSync(MIGRATIONS_PATH, JSON.stringify(state, null, 2), "utf-8");
+  fs12.mkdirSync(MIGRATIONS_DIR, { recursive: true });
+  fs12.writeFileSync(MIGRATIONS_PATH, JSON.stringify(state, null, 2), "utf-8");
 }
 function makeGatewayCaller(api) {
   return async (method, params = {}) => {
@@ -2130,55 +2867,6 @@ async function runStartupMigrations(api) {
 
 // src/http-routes.ts
 import crypto2 from "crypto";
-
-// src/gateway-invoke.ts
-function asRecord3(value) {
-  return value && typeof value === "object" ? value : null;
-}
-function isInvoker(fn) {
-  return typeof fn === "function";
-}
-function isUnknownGatewayMethodError(message) {
-  return /unknown method|method .* unavailable|not found|invalid[_ ]request|does not exist/i.test(
-    message
-  );
-}
-async function callGatewayAny(ctx, api, method, params) {
-  const ctxGateway = asRecord3(ctx.gateway);
-  const apiGateway = asRecord3(api?.gateway);
-  const candidates = [
-    ctx.request,
-    ctx.callGatewayMethod,
-    ctx.gatewayRequest,
-    ctx.invokeGatewayMethod,
-    ctxGateway?.request,
-    ctxGateway?.callGatewayMethod,
-    api?.request,
-    api?.callGatewayMethod,
-    api?.gatewayRequest,
-    api?.invokeGatewayMethod,
-    apiGateway?.request,
-    apiGateway?.callGatewayMethod
-  ];
-  let lastErr = null;
-  for (const candidate of candidates) {
-    if (!isInvoker(candidate)) continue;
-    try {
-      return await candidate(method, params);
-    } catch (err2) {
-      lastErr = err2;
-      const msg = err2 instanceof Error ? err2.message : String(err2);
-      if (isUnknownGatewayMethodError(msg)) {
-        continue;
-      }
-      throw err2;
-    }
-  }
-  if (lastErr) throw lastErr;
-  throw new Error("Gateway method invocation API unavailable in plugin context");
-}
-
-// src/http-routes.ts
 var DEFAULT_ALLOWED_ORIGINS = [
   "https://squad.ceo",
   "https://www.squad.ceo",
@@ -2677,10 +3365,10 @@ function registerTailnetInternalRoutes(api) {
   };
   const handleRequest = async (request) => {
     const url = getRequestUrl(request);
-    const path12 = url.pathname;
+    const path13 = url.pathname;
     cleanupCaches();
     let pluginState = getPluginSafetySnapshot();
-    if (request.method === "OPTIONS" && path12.startsWith("/squad-internal/")) {
+    if (request.method === "OPTIONS" && path13.startsWith("/squad-internal/")) {
       const origin = ensureOriginAllowed(request);
       if (!origin) {
         return new Response(null, { status: 403 });
@@ -2698,7 +3386,7 @@ function registerTailnetInternalRoutes(api) {
         })
       );
     }
-    if (request.method === "GET" && path12 === "/squad-internal/health") {
+    if (request.method === "GET" && path13 === "/squad-internal/health") {
       if (!isTailnetContext(request)) {
         return jsonError(request, "TAILNET_REQUIRED", "Tailnet context required", 403);
       }
@@ -2715,7 +3403,7 @@ function registerTailnetInternalRoutes(api) {
         })
       );
     }
-    if (request.method === "GET" && path12 === "/squad-internal/plugin/status") {
+    if (request.method === "GET" && path13 === "/squad-internal/plugin/status") {
       if (!isTailnetContext(request)) {
         return jsonError(request, "TAILNET_REQUIRED", "Tailnet context required", 403);
       }
@@ -2730,7 +3418,7 @@ function registerTailnetInternalRoutes(api) {
         })
       );
     }
-    if (request.method === "POST" && path12 === "/squad-internal/plugin/recover") {
+    if (request.method === "POST" && path13 === "/squad-internal/plugin/recover") {
       if (!isTailnetContext(request)) {
         return jsonError(request, "TAILNET_REQUIRED", "Tailnet context required", 403);
       }
@@ -2763,7 +3451,7 @@ function registerTailnetInternalRoutes(api) {
       pluginState = result.snapshot;
       return withCors(request, json({ ok: true, plugin: pluginState, message: result.message }));
     }
-    if (request.method === "POST" && path12 === "/squad-internal/plugin/disable") {
+    if (request.method === "POST" && path13 === "/squad-internal/plugin/disable") {
       if (!isTailnetContext(request)) {
         return jsonError(request, "TAILNET_REQUIRED", "Tailnet context required", 403);
       }
@@ -2789,7 +3477,7 @@ function registerTailnetInternalRoutes(api) {
       pluginState = setPluginManualDisabled(reasonCode, reasonMessage, remediation);
       return withCors(request, json({ ok: true, plugin: pluginState }));
     }
-    if (path12.startsWith("/squad-internal/") && isPluginExecutionBlocked(pluginState)) {
+    if (path13.startsWith("/squad-internal/") && isPluginExecutionBlocked(pluginState)) {
       const code = pluginBlockedCode(pluginState);
       return jsonError(
         request,
@@ -2799,7 +3487,7 @@ function registerTailnetInternalRoutes(api) {
         { plugin: pluginState }
       );
     }
-    if (request.method === "POST" && path12 === "/squad-internal/pairing/request") {
+    if (request.method === "POST" && path13 === "/squad-internal/pairing/request") {
       const origin = ensureOriginAllowed(request);
       if (!origin) {
         return jsonError(request, "ORIGIN_NOT_ALLOWED", "Origin is not allowed", 403);
@@ -2851,7 +3539,7 @@ function registerTailnetInternalRoutes(api) {
         );
       }
     }
-    if (request.method === "GET" && path12 === "/squad-internal/pairing/status") {
+    if (request.method === "GET" && path13 === "/squad-internal/pairing/status") {
       const origin = ensureOriginAllowed(request);
       if (!origin) {
         return jsonError(request, "ORIGIN_NOT_ALLOWED", "Origin is not allowed", 403);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "squad-openclaw",
-  "version": "2026.2.2706",
+  "version": "2026.2.2707",
   "description": "Entity registry, filesystem tools, and version management plugin for OpenClaw gateway",
   "type": "module",
   "main": "./dist/index.js",