18 lines
1004 B
Markdown
18 lines
1004 B
Markdown
# plugin-inspector agent notes
|
|
|
|
- Keep this package publishable and dependency-light. Do not add runtime
|
|
dependencies unless they remove real complexity.
|
|
- Default checks must stay offline and credential-free.
|
|
- Do not publish npm packages without explicit owner approval.
|
|
- Preserve stable report field names and finding codes; downstream CI and
|
|
crabpot reports may consume them.
|
|
- Treat a package dependency named `openclaw` as a host-linked workspace input,
|
|
not an isolated dependency-install blocker. Keep third-party runtime
|
|
dependencies classified as install/audit blockers.
|
|
- When changing plugin-inspector behavior, CLI/package entrypoints, release
|
|
metadata, or the npm package version, update crabpot's
|
|
`@openclaw/plugin-inspector` pin/docs/smoke path as needed and run the
|
|
crabpot plugin-inspector smoke before calling the work done.
|
|
- Prefer public OpenClaw plugin contracts over core internals. If target
|
|
OpenClaw source parsing is needed, isolate it behind explicit helpers.
|