fix: enforce plugin config schemas (#1272) (thanks @thewilloftheshadow)

Co-authored-by: thewilloftheshadow <thewilloftheshadow@users.noreply.github.com>

docs/cli/plugins.md

@@ -11,6 +11,7 @@ Manage Gateway plugins/extensions (loaded in-process).
 
 Related:
 - Plugin system: [Plugins](/plugin)
+- Plugin manifest + schema: [Plugin manifest](/plugins/manifest)
 - Security hardening: [Security](/gateway/security)
 
 ## Commands
@@ -28,6 +29,10 @@ clawdbot plugins update --all
 Bundled plugins ship with Clawdbot but start disabled. Use `plugins enable` to
 activate them.
 
+All plugins must ship a `clawdbot.plugin.json` file with an inline JSON Schema
+(`configSchema`, even if empty). Missing/invalid manifests or schemas prevent
+the plugin from loading and fail config validation.
+
 ### Install
 
 ```bash

docs/plugin.md

@@ -48,8 +48,11 @@ See [Voice Call](/plugins/voice-call) for a concrete example plugin.
 - Qwen OAuth (provider auth) — bundled as `qwen-portal-auth` (disabled by default)
 - Copilot Proxy (provider auth) — local VS Code Copilot Proxy bridge; distinct from built-in `github-copilot` device login (bundled, disabled by default)
 
-Clawdbot plugins are **TypeScript modules** loaded at runtime via jiti. They can
-register:
+Clawdbot plugins are **TypeScript modules** loaded at runtime via jiti. **Config
+validation does not execute plugin code**; it uses the plugin manifest and JSON
+Schema instead. See [Plugin manifest](/plugins/manifest).
+
+Plugins can register:
 
 - Gateway RPC methods
 - Gateway HTTP handlers
@@ -83,6 +86,10 @@ Bundled plugins must be enabled explicitly via `plugins.entries.<id>.enabled`
 or `clawdbot plugins enable <id>`. Installed plugins are enabled by default,
 but can be disabled the same way.
 
+Each plugin must include a `clawdbot.plugin.json` file in its root. If a path
+points at a file, the plugin root is the file's directory and must contain the
+manifest.
+
 If multiple plugins resolve to the same id, the first match in the order above
 wins and lower-precedence copies are ignored.
 
@@ -140,6 +147,14 @@ Fields:
 
 Config changes **require a gateway restart**.
 
+Validation rules (strict):
+- Unknown plugin ids in `entries`, `allow`, `deny`, or `slots` are **errors**.
+- Unknown `channels.<id>` keys are **errors** unless a plugin manifest declares
+  the channel id.
+- Plugin config is validated using the JSON Schema embedded in
+  `clawdbot.plugin.json` (`configSchema`).
+- If a plugin is disabled, its config is preserved and a **warning** is emitted.
+
 ## Plugin slots (exclusive categories)
 
 Some plugin categories are **exclusive** (only one active at a time). Use
@@ -169,22 +184,26 @@ Clawdbot augments `uiHints` at runtime based on discovered plugins:
   `plugins.entries.<id>.config.<field>`
 
 If you want your plugin config fields to show good labels/placeholders (and mark secrets as sensitive),
-provide `configSchema.uiHints`.
+provide `uiHints` alongside your JSON Schema in the plugin manifest.
 
 Example:
 
-```ts
-export default {
-  id: "my-plugin",
-  configSchema: {
-    parse: (v) => v,
-    uiHints: {
-      "apiKey": { label: "API Key", sensitive: true },
-      "region": { label: "Region", placeholder: "us-east-1" },
-    },
+```json
+{
+  "id": "my-plugin",
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {
+      "apiKey": { "type": "string" },
+      "region": { "type": "string" }
+    }
   },
-  register(api) {},
-};
+  "uiHints": {
+    "apiKey": { "label": "API Key", "sensitive": true },
+    "region": { "label": "Region", "placeholder": "us-east-1" }
+  }
+}
 ```
 
 ## CLI

docs/plugins/manifest.md

@@ -0,0 +1,63 @@
+---
+summary: "Plugin manifest + JSON schema requirements (strict config validation)"
+read_when:
+  - You are building a Clawdbot plugin
+  - You need to ship a plugin config schema or debug plugin validation errors
+---
+# Plugin manifest (clawdbot.plugin.json)
+
+Every plugin **must** ship a `clawdbot.plugin.json` file in the **plugin root**.
+Clawdbot uses this manifest to validate configuration **without executing plugin
+code**. Missing or invalid manifests are treated as plugin errors and block
+config validation.
+
+See the full plugin system guide: [Plugins](/plugin).
+
+## Required fields
+
+```json
+{
+  "id": "voice-call",
+  "configSchema": {
+    "type": "object",
+    "additionalProperties": false,
+    "properties": {}
+  }
+}
+```
+
+Required keys:
+- `id` (string): canonical plugin id.
+- `configSchema` (object): JSON Schema for plugin config (inline).
+
+Optional keys:
+- `kind` (string): plugin kind (example: `"memory"`).
+- `channels` (array): channel ids registered by this plugin (example: `["matrix"]`).
+- `providers` (array): provider ids registered by this plugin.
+- `name` (string): display name for the plugin.
+- `description` (string): short plugin summary.
+- `uiHints` (object): config field labels/placeholders/sensitive flags for UI rendering.
+- `version` (string): plugin version (informational).
+
+## JSON Schema requirements
+
+- **Every plugin must ship a JSON Schema**, even if it accepts no config.
+- An empty schema is acceptable (for example, `{ "type": "object", "additionalProperties": false }`).
+- Schemas are validated at config read/write time, not at runtime.
+
+## Validation behavior
+
+- Unknown `channels.*` keys are **errors**, unless the channel id is declared by
+  a plugin manifest.
+- `plugins.entries.<id>`, `plugins.allow`, `plugins.deny`, and `plugins.slots.*`
+  must reference **discoverable** plugin ids. Unknown ids are **errors**.
+- If a plugin is installed but has a broken or missing manifest or schema,
+  validation fails and Doctor reports the plugin error.
+- If plugin config exists but the plugin is **disabled**, the config is kept and
+  a **warning** is surfaced in Doctor + logs.
+
+## Notes
+
+- The manifest is **required for all plugins**, including local filesystem loads.
+- Runtime still loads the plugin module separately; the manifest is only for
+  discovery + validation.

docs/refactor/strict-config.md

@@ -22,17 +22,20 @@ read_when:
 - Unknown keys are validation errors (no passthrough at root or nested).
 - `plugins.entries.<id>.config` must be validated by the plugin’s schema.
   - If a plugin lacks a schema, **reject plugin load** and surface a clear error.
+- Unknown `channels.<id>` keys are errors unless a plugin manifest declares the channel id.
+- Plugin manifests (`clawdbot.plugin.json`) are required for all plugins.
 
 ## Plugin schema enforcement
-- Each plugin provides a strict schema for its config (no passthrough).
+- Each plugin provides a strict JSON Schema for its config (inline in the manifest).
 - Plugin load flow:
-  1) Resolve plugin schema by plugin id.
+  1) Resolve plugin manifest + schema (`clawdbot.plugin.json`).
   2) Validate config against the schema.
   3) If missing schema or invalid config: block plugin load, record error.
 - Error message includes:
   - Plugin id
   - Reason (missing schema / invalid config)
   - Path(s) that failed validation
+- Disabled plugins keep their config, but Doctor + logs surface a warning.
 
 ## Doctor flow
 - Doctor runs **every time** config is loaded (dry-run by default).