From f81fd6828f78602a903e2bdfd1b965d8410bf294 Mon Sep 17 00:00:00 2001 From: "openclaw-docs-sync[bot]" Date: Thu, 23 Apr 2026 07:30:52 +0000 Subject: [PATCH] chore(sync): mirror docs from openclaw/openclaw@ce4bb8f6382697b46d7f0d676ddf43afbf432c96 --- .openclaw-sync/source.json | 4 ++-- docs/plugins/manifest.md | 8 ++++---- docs/plugins/sdk-setup.md | 10 +++++----- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 569cd64a1..c48d6d5d1 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "daaedf37b7fed4f796a222c5c05c6724dddaa477", - "syncedAt": "2026-04-23T07:24:11.622Z" + "sha": "ce4bb8f6382697b46d7f0d676ddf43afbf432c96", + "syncedAt": "2026-04-23T07:30:51.547Z" } diff --git a/docs/plugins/manifest.md b/docs/plugins/manifest.md index 3eb27363d..dfd952829 100644 --- a/docs/plugins/manifest.md +++ b/docs/plugins/manifest.md @@ -582,10 +582,10 @@ plugin on older hosts. Exact npm version pinning already lives in `npmSpec`, for example `"npmSpec": "@wecom/wecom-openclaw-plugin@1.2.3"`. Pair that with `expectedIntegrity` when you want update flows to fail closed if the fetched -npm artifact no longer matches the pinned release. Interactive onboarding only -offers npm install choices from trusted catalog metadata when `npmSpec` is an -exact version and `expectedIntegrity` is present; otherwise it falls back to a -local source or skip. +npm artifact no longer matches the pinned release. Interactive onboarding +offers trusted registry npm specs, including bare package names and dist-tags. +When `expectedIntegrity` is present, install/update flows enforce it; when it +is omitted, the registry resolution is recorded without an integrity pin. Channel plugins should provide `openclaw.setupEntry` when status, channel list, or SecretRef scans need to identify configured accounts without loading the full diff --git a/docs/plugins/sdk-setup.md b/docs/plugins/sdk-setup.md index e904102fa..4921986b5 100644 --- a/docs/plugins/sdk-setup.md +++ b/docs/plugins/sdk-setup.md @@ -162,11 +162,11 @@ Interactive onboarding also uses `openclaw.install` for install-on-demand surfaces. If your plugin exposes provider auth choices or channel setup/catalog metadata before runtime loads, onboarding can show that choice, prompt for npm vs local install, install or enable the plugin, then continue the selected -flow. Npm onboarding choices require trusted catalog metadata with an exact -`npmSpec` version and `expectedIntegrity`; unpinned package names and dist-tags -are not offered for automatic onboarding installs. Keep the "what to show" -metadata in `openclaw.plugin.json` and the "how to install it" metadata in -`package.json`. +flow. Npm onboarding choices require trusted catalog metadata with a registry +`npmSpec`; exact versions and `expectedIntegrity` are optional pins. If +`expectedIntegrity` is present, install/update flows enforce it. Keep the "what +to show" metadata in `openclaw.plugin.json` and the "how to install it" +metadata in `package.json`. If `minHostVersion` is set, install and manifest-registry loading both enforce it. Older hosts skip the plugin; invalid version strings are rejected.