feat: verify first-party plugins at eval

- add first-party-plugins check to evaluate HM module - allow openclawPlugin to be a system-scoped function - update nix-steipete-tools pin to dbf0a31 Tests: nix build .#checks.aarch64-darwin.first-party-plugins --accept-flake-config (segfaulted)
2026-01-30 19:25:40 +01:00 · 2026-01-30 19:25:40 +01:00 · c5d422a448
commit c5d422a448
parent 8913d681a9
3 changed files with 50 additions and 7 deletions
--- a/flake.nix
+++ b/flake.nix
@ -48,6 +48,9 @@

        checks = {
          gateway = packageSetStable.openclaw-gateway;
+          first-party-plugins = pkgs.callPackage ./nix/checks/openclaw-first-party-plugins.nix {
+            home-manager = home-manager;
+          };
        } // (if pkgs.stdenv.hostPlatform.isLinux then {
          gateway-tests = pkgs.callPackage ./nix/checks/openclaw-gateway-tests.nix {
            sourceInfo = sourceInfoStable;
--- a/nix/checks/openclaw-first-party-plugins.nix
+++ b/nix/checks/openclaw-first-party-plugins.nix
@ -0,0 +1,31 @@
+{ lib, pkgs, home-manager }:
+
+let
+  eval = home-manager.lib.homeManagerConfiguration {
+    pkgs = pkgs;
+    modules = [
+      ../modules/home-manager/openclaw.nix
+      ({ lib, options, ... }: {
+        config = {
+          home.homeDirectory = "/tmp";
+          home.username = "openclaw";
+          home.stateVersion = "24.11";
+          programs.git.enable = false;
+          programs.openclaw = {
+            enable = true;
+            launchd.enable = false;
+            systemd.enable = false;
+            instances.default = {};
+            firstParty = lib.mapAttrs (_: _: { enable = true; }) options.programs.openclaw.firstParty;
+          };
+        };
+      })
+    ];
+  };
+  evalKey = builtins.deepSeq eval.config.home.file "ok";
+in
+pkgs.stdenvNoCC.mkDerivation {
+  name = "openclaw-first-party-plugins-${evalKey}";
+  dontUnpack = true;
+  installPhase = "${../scripts/empty-install.sh}";
+}
--- a/nix/modules/home-manager/openclaw.nix
+++ b/nix/modules/home-manager/openclaw.nix
@ -54,8 +54,8 @@ let
  };

  firstPartySources = let
-    stepieteRev = "e4e2cac265de35175015cf1ae836b0b30dddd7b7";
-    stepieteNarHash = "sha256-L8bKt5rK78dFP3ZoP1Oi1SSAforXVHZDsSiDO+NsvEE=";
+    stepieteRev = "dbf0a31a57407d9140e32357ea8d0215bd9feed9";
+    stepieteNarHash = "sha256-QkPl/Rgk9DXgaVNhjvHHHjy5e81j+MzcVOouZRdUTLA=";
    stepiete = tool:
      "github:openclaw/nix-steipete-tools?dir=tools/${tool}&rev=${stepieteRev}&narHash=${stepieteNarHash}";
  in {
@ -537,15 +537,24 @@ let

  resolvePlugin = plugin: let
    flake = builtins.getFlake plugin.source;
-    openclawPlugin =
+    system = pkgs.stdenv.hostPlatform.system;
+    openclawPluginRaw =
      if flake ? openclawPlugin then flake.openclawPlugin
      else throw "openclawPlugin missing in ${plugin.source}";
-    needs = openclawPlugin.needs or {};
+    openclawPlugin =
+      if builtins.isFunction openclawPluginRaw
+      then openclawPluginRaw system
+      else openclawPluginRaw;
+    resolvedPlugin =
+      if openclawPlugin == null
+      then throw "openclawPlugin is null in ${plugin.source} for ${system}"
+      else openclawPlugin;
+    needs = resolvedPlugin.needs or {};
  in {
    source = plugin.source;
-    name = openclawPlugin.name or (throw "openclawPlugin.name missing in ${plugin.source}");
-    skills = openclawPlugin.skills or [];
-    packages = openclawPlugin.packages or [];
+    name = resolvedPlugin.name or (throw "openclawPlugin.name missing in ${plugin.source}");
+    skills = resolvedPlugin.skills or [];
+    packages = resolvedPlugin.packages or [];
    needs = {
      stateDirs = needs.stateDirs or [];
      requiredEnv = needs.requiredEnv or [];