diff --git a/docs/.internal/extension-host-migration/openclaw-capability-catalog-and-arbitration-spec.md b/docs/.internal/extension-host-migration/openclaw-capability-catalog-and-arbitration-spec.md index 2cb24c5636c..c11b21abc1c 100644 --- a/docs/.internal/extension-host-migration/openclaw-capability-catalog-and-arbitration-spec.md +++ b/docs/.internal/extension-host-migration/openclaw-capability-catalog-and-arbitration-spec.md @@ -47,7 +47,8 @@ What has been implemented: - loader mutable activation state now routes through `src/extension-host/loader-session.ts` - loader activation policy outcomes now route through `src/extension-host/loader-activation-policy.ts` - loader record-state transitions now route through `src/extension-host/loader-state.ts`, which now enforces an explicit loader lifecycle state machine while preserving compatibility `PluginRecord.status` values -- loader final cache, warning, and activation finalization now routes through `src/extension-host/loader-finalize.ts` +- loader finalization policy results now route through `src/extension-host/loader-finalization-policy.ts` +- loader final cache, readiness promotion, and activation finalization now routes through `src/extension-host/loader-finalize.ts` - channel, provider, gateway-method, tool, CLI, service, command, context-engine, and hook registration normalization now has a host-owned helper boundary for future catalog migration How it has been implemented: @@ -61,6 +62,7 @@ How it has been implemented: - by converting the compatibility record-state layer into an enforced loader lifecycle state machine before catalog publication work - by moving mutable activation state into a host-owned loader session before catalog publication work - by moving duplicate precedence, config enablement, and early memory-slot gating into explicit host-owned activation-policy outcomes before catalog publication work +- by turning provenance-based untracked-extension warnings and final memory-slot warnings into explicit host-owned finalization-policy results before catalog publication work What remains pending: diff --git a/docs/.internal/extension-host-migration/openclaw-extension-contribution-schema-spec.md b/docs/.internal/extension-host-migration/openclaw-extension-contribution-schema-spec.md index 37d631a9b7b..a276f7bb4aa 100644 --- a/docs/.internal/extension-host-migration/openclaw-extension-contribution-schema-spec.md +++ b/docs/.internal/extension-host-migration/openclaw-extension-contribution-schema-spec.md @@ -51,7 +51,8 @@ What has been implemented: - loader mutable activation state now routes through `src/extension-host/loader-session.ts` - loader activation policy outcomes now route through `src/extension-host/loader-activation-policy.ts` - loader record-state transitions now route through `src/extension-host/loader-state.ts`, which now enforces an explicit loader lifecycle state machine while preserving compatibility `PluginRecord.status` values -- loader final cache, warning, and activation finalization now routes through `src/extension-host/loader-finalize.ts` +- loader finalization policy results now route through `src/extension-host/loader-finalization-policy.ts` +- loader final cache, readiness promotion, and activation finalization now routes through `src/extension-host/loader-finalize.ts` How it has been implemented: @@ -65,6 +66,7 @@ How it has been implemented: - by turning the compatibility record-state layer into an enforced loader lifecycle state machine before broadening the schema-driven host lifecycle model - by moving mutable activation state into a host-owned loader session before broadening the schema-driven host lifecycle model - by moving duplicate precedence, config enablement, and early memory-slot gating into explicit host-owned activation-policy outcomes before broadening the schema-driven host lifecycle model +- by turning provenance-based untracked-extension warnings and final memory-slot warnings into explicit host-owned finalization-policy results before broadening the schema-driven host lifecycle model What remains pending: diff --git a/docs/.internal/extension-host-migration/openclaw-extension-host-implementation-guide.md b/docs/.internal/extension-host-migration/openclaw-extension-host-implementation-guide.md index df6b1d6fb4b..937b439a6af 100644 --- a/docs/.internal/extension-host-migration/openclaw-extension-host-implementation-guide.md +++ b/docs/.internal/extension-host-migration/openclaw-extension-host-implementation-guide.md @@ -72,7 +72,8 @@ What has been implemented so far: - loader mutable activation state now routes through `src/extension-host/loader-session.ts` - loader activation policy outcomes now route through `src/extension-host/loader-activation-policy.ts` - loader record-state transitions now route through `src/extension-host/loader-state.ts`, which now enforces an explicit loader lifecycle state machine while preserving compatibility `PluginRecord.status` values -- loader final cache, warning, and activation finalization now routes through `src/extension-host/loader-finalize.ts` +- loader finalization policy results now route through `src/extension-host/loader-finalization-policy.ts` +- loader final cache, readiness promotion, and activation finalization now routes through `src/extension-host/loader-finalize.ts` - runtime registration normalization has started in `src/extension-host/runtime-registrations.ts` for channel, provider, HTTP-route, gateway-method, tool, CLI, service, command, context-engine, and hook registrations - several static and lookup consumers now read through the host boundary or resolved-extension model: - channel registry and dock lookups @@ -108,6 +109,7 @@ How it has been done: - by moving the remaining top-level loader orchestration into a host-owned module so `src/plugins/loader.ts` becomes a compatibility facade instead of the real owner - by moving mutable activation state such as seen-id tracking, memory-slot selection, and finalization inputs into a host-owned loader session instead of leaving them in top-level loader variables - by moving duplicate precedence, config enablement, and early memory-slot gating into explicit host-owned activation-policy outcomes instead of leaving them inline in the loader flow +- by turning provenance-based untracked-extension warnings and final memory-slot warnings into explicit host-owned finalization-policy results before the finalizer applies them - by moving central readers first, so later lifecycle and compatibility work can land on one boundary instead of many ad hoc call sites - by adding focused tests for each extracted seam before widening the boundary further @@ -126,13 +128,14 @@ Committed implementation slices so far: - `d32f65eb5e` `Plugins: add loader lifecycle state machine` - `da9aad0c0f` `Plugins: add loader activation session` - `fc51ce2867` `Plugins: add loader activation policy` +- `fd7488e10a` `Plugins: add loader finalization policy` - `89414ed857` `Docs: track extension host migration internally` - `d8af1eceaf` `Docs: refresh extension host migration status` What is still missing for these phases: - keeping the cutover inventory current as more surfaces move -- broader lifecycle ownership beyond the loader state machine, session-owned activation state, and explicit activation-policy outcomes, remaining policy gate ownership, and broad host-owned registries described for Phase 2 +- broader lifecycle ownership beyond the loader state machine, session-owned activation state, and explicit activation-policy and finalization-policy outcomes, remaining policy gate ownership, and broad host-owned registries described for Phase 2 - minimal SDK compatibility work beyond preserving current behavior indirectly through existing loading - any pilot migration, event pipeline, canonical catalog, or arbitration implementation @@ -322,7 +325,7 @@ Current implementation status: - the host owns the active registry state - the host exposes a resolved-extension registry view for static consumers - plugin skills, plugin auto-enable, and config validation indexing now consume host-owned resolved-extension data -- activation, loader cache control, loader policy, loader activation-policy outcomes, loader candidate planning, loader import flow, loader runtime decisions, loader post-import register flow, loader candidate orchestration, loader top-level load orchestration, loader session state, loader record-state helpers, and loader finalization now route through `src/extension-host/*` +- activation, loader cache control, loader policy, loader activation-policy outcomes, loader finalization-policy outcomes, loader candidate planning, loader import flow, loader runtime decisions, loader post-import register flow, loader candidate orchestration, loader top-level load orchestration, loader session state, loader record-state helpers, and loader finalization now route through `src/extension-host/*` - broader lifecycle state ownership beyond the loader state machine, activation states, policy evaluation, and broad host-owned registries are still not implemented ### Phase 3: Build compatibility bridges diff --git a/docs/.internal/extension-host-migration/openclaw-extension-host-lifecycle-and-security-spec.md b/docs/.internal/extension-host-migration/openclaw-extension-host-lifecycle-and-security-spec.md index 6d6885e4a79..08d3985c1c5 100644 --- a/docs/.internal/extension-host-migration/openclaw-extension-host-lifecycle-and-security-spec.md +++ b/docs/.internal/extension-host-migration/openclaw-extension-host-lifecycle-and-security-spec.md @@ -49,7 +49,8 @@ What has been implemented: - loader mutable activation state now routes through `src/extension-host/loader-session.ts` - loader activation policy outcomes now route through `src/extension-host/loader-activation-policy.ts` - loader record-state transitions now route through `src/extension-host/loader-state.ts`, which now enforces an explicit loader lifecycle state machine while preserving compatibility `PluginRecord.status` values -- loader final cache, warning, and activation finalization now routes through `src/extension-host/loader-finalize.ts`, including readiness promotion for successfully registered plugins +- loader finalization policy results now route through `src/extension-host/loader-finalization-policy.ts` +- loader final cache, readiness promotion, and activation finalization now routes through `src/extension-host/loader-finalize.ts` How it has been implemented: @@ -75,10 +76,11 @@ How it has been implemented: - by promoting successfully registered plugins to `ready` during host-owned finalization while leaving broader activation-state semantics for later phases - by moving mutable activation state such as seen-id tracking, memory-slot selection, and finalization inputs into a host-owned loader session before broader activation-state semantics move - by moving duplicate precedence, config enablement, and early memory-slot gating into explicit host-owned activation-policy outcomes before broader policy semantics move +- by turning provenance-based untracked-extension warnings and final memory-slot warnings into explicit host-owned finalization-policy results before the finalizer applies them What is still pending from this spec: -- broader extension-host lifecycle ownership beyond the loader state machine, session-owned activation state, and explicit activation-policy outcomes +- broader extension-host lifecycle ownership beyond the loader state machine, session-owned activation state, and explicit activation-policy and finalization-policy outcomes - activation pipeline ownership - host-owned registries for setup, CLI, routes, services, slots, and backends - permission-mode enforcement diff --git a/docs/.internal/extension-host-migration/openclaw-kernel-event-pipeline-spec.md b/docs/.internal/extension-host-migration/openclaw-kernel-event-pipeline-spec.md index e836dc6a314..d29b37cef36 100644 --- a/docs/.internal/extension-host-migration/openclaw-kernel-event-pipeline-spec.md +++ b/docs/.internal/extension-host-migration/openclaw-kernel-event-pipeline-spec.md @@ -47,12 +47,13 @@ Relevant prerequisite work that has landed: - loader mutable activation state now has a host-owned helper boundary - loader activation policy outcomes now have a host-owned helper boundary - loader record-state transitions now have a host-owned helper boundary and enforced loader lifecycle state machine, while still preserving compatibility `PluginRecord.status` values -- loader final cache, warning, and activation finalization now has a host-owned helper boundary +- loader finalization policy outcomes now have a host-owned helper boundary +- loader final cache, readiness promotion, and activation finalization now has a host-owned helper boundary Why this matters for this spec: - event work should land on top of a host-owned boundary and normalized contribution model rather than on top of more plugin-era runtime seams -- the current implementation has deliberately not started bridge or stage work before those earlier boundaries were in place, including the first loader-runtime, record-state, and finalization seams +- the current implementation has deliberately not started bridge or stage work before those earlier boundaries were in place, including the first loader-runtime, record-state, activation-policy, and finalization-policy seams ## Design Goals diff --git a/docs/.internal/extension-host-migration/openclaw-kernel-extension-host-transition-plan.md b/docs/.internal/extension-host-migration/openclaw-kernel-extension-host-transition-plan.md index 2044d53f77d..2aae201ed56 100644 --- a/docs/.internal/extension-host-migration/openclaw-kernel-extension-host-transition-plan.md +++ b/docs/.internal/extension-host-migration/openclaw-kernel-extension-host-transition-plan.md @@ -57,7 +57,8 @@ What has landed: - loader mutable activation state now routes through `src/extension-host/loader-session.ts` - loader activation policy outcomes now route through `src/extension-host/loader-activation-policy.ts` - loader record-state transitions now route through `src/extension-host/loader-state.ts`, which now enforces an explicit loader lifecycle state machine while preserving compatibility `PluginRecord.status` values -- loader final cache, warning, and activation finalization now routes through `src/extension-host/loader-finalize.ts` +- loader finalization policy results now route through `src/extension-host/loader-finalization-policy.ts` +- loader final cache, readiness promotion, and activation finalization now routes through `src/extension-host/loader-finalize.ts` - runtime registration normalization has started in `src/extension-host/runtime-registrations.ts` for channel, provider, HTTP-route, gateway-method, tool, CLI, service, command, context-engine, and hook registrations - several existing consumers now read host-owned normalized data instead of plugin-era manifest or runtime state directly: - channel and dock lookup surfaces @@ -94,6 +95,7 @@ How it was done: - by moving the remaining top-level loader orchestration into a host-owned module so `src/plugins/loader.ts` becomes a compatibility facade instead of the real owner - by moving mutable activation state such as seen-id tracking, memory-slot selection, and finalization inputs into a host-owned loader session instead of leaving them in top-level loader variables - by moving duplicate precedence, config enablement, and early memory-slot gating into explicit host-owned activation-policy outcomes instead of leaving them inline in the loader flow +- by turning provenance-based untracked-extension warnings and final memory-slot warnings into explicit host-owned finalization-policy results before the finalizer applies them - by moving static and lookup-heavy consumers first, where the ownership boundary matters but runtime risk is lower Committed implementation slices so far: @@ -111,13 +113,14 @@ Committed implementation slices so far: - `d32f65eb5e` `Plugins: add loader lifecycle state machine` - `da9aad0c0f` `Plugins: add loader activation session` - `fc51ce2867` `Plugins: add loader activation policy` +- `fd7488e10a` `Plugins: add loader finalization policy` - `89414ed857` `Docs: track extension host migration internally` - `d8af1eceaf` `Docs: refresh extension host migration status` What has not landed: - keeping the cutover inventory current as more surfaces move -- broader lifecycle ownership beyond the loader state machine, session-owned activation state, and explicit activation-policy outcomes, plus remaining policy semantics +- broader lifecycle ownership beyond the loader state machine, session-owned activation state, and explicit activation-policy and finalization-policy outcomes, plus remaining policy semantics - host-owned registration surfaces beyond the first channel, provider, HTTP-route, gateway-method, tool, CLI, service, command, context-engine, and hook helper slices - SDK compatibility translation work - canonical event stages @@ -1333,7 +1336,7 @@ Current implementation status: - partially implemented in a compatibility-preserving form - the host now owns active registry state - the host now exposes resolved static registries for static consumers -- activation, loader cache control, loader policy, loader activation-policy outcomes, loader runtime decisions, loader top-level load orchestration, loader session state, loader record-state helpers, and loader finalization now route through `src/extension-host/*` +- activation, loader cache control, loader policy, loader activation-policy outcomes, loader finalization-policy outcomes, loader runtime decisions, loader top-level load orchestration, loader session state, loader record-state helpers, and loader finalization now route through `src/extension-host/*` - broader lifecycle ownership beyond the loader state machine, registration surfaces, policy gates, and activation-state management are still pending ## Phase 3: Broader Legacy Compatibility Bridges