fix: auto-repair missing plugins on startup (#293)

* fix: auto-repair missing plugins and graceful config fallback Plugins whose directories are missing (failed update, migration, etc.) now get automatically reinstalled from the store on startup. The config endpoint no longer returns a hard 500 when a schema is unavailable — it falls back to conservative key-name-based masking so the settings page stays functional. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: handle ledmatrix- prefix in plugin updates and reconciliation The store registry uses unprefixed IDs (e.g., 'weather') while older installs used prefixed config keys (e.g., 'ledmatrix-weather'). Both update_plugin() and auto-repair now try the unprefixed ID as a fallback when the prefixed one isn't found in the registry. Also filters system config keys (schedule, display, etc.) from reconciliation to avoid false positives. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: address code review findings for plugin auto-repair - Move backup-folder filter from _get_config_state to _get_disk_state where the artifact actually lives - Run startup reconciliation in a background thread so requests aren't blocked by plugin reinstallation - Set _reconciliation_done only after success so failures allow retries - Replace print() with proper logger in reconciliation - Wrap load_schema in try/except so exceptions fall through to conservative masking instead of 500 - Handle list values in _conservative_mask_config for nested secrets - Remove duplicate import re Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: add thread-safe locking to PluginManager and fix reconciliation retry PluginManager thread safety: - Add RLock protecting plugin_manifests and plugin_directories - Build scan results locally in _scan_directory_for_plugins, then update shared state under lock - Protect reads in get_plugin_info, get_all_plugin_info, get_plugin_directory, get_plugin_display_modes, find_plugin_for_mode - Protect manifest mutation in reload_plugin - Prevents races between background reconciliation thread and request handlers reading plugin state Reconciliation retry: - Clear _reconciliation_started on exception so next request retries - Check result.reconciliation_successful before marking done - Reset _reconciliation_started on non-success results to allow retry Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-10 13:02:59 +00:00 · 2026-03-25 17:09:49 -04:00
parent 81a022dbe8
commit 640a4c1706
5 changed files with 196 additions and 54 deletions
--- a/web_interface/blueprints/api_v3.py
+++ b/web_interface/blueprints/api_v3.py
@@ -33,6 +33,29 @@ from src.web_interface.secret_helpers import (
    separate_secrets,
 )

+_SECRET_KEY_PATTERN = re.compile(
+    r'(api_key|api_secret|password|secret|token|auth_key|credential)',
+    re.IGNORECASE,
+)
+
+def _conservative_mask_config(config, _parent_key=None):
+    """Mask string values whose keys look like secrets (no schema available)."""
+    if isinstance(config, list):
+        return [
+            _conservative_mask_config(item, _parent_key) if isinstance(item, (dict, list))
+            else ('' if isinstance(item, str) and item and _parent_key and _SECRET_KEY_PATTERN.search(_parent_key) else item)
+            for item in config
+        ]
+    result = dict(config)
+    for key, value in result.items():
+        if isinstance(value, dict):
+            result[key] = _conservative_mask_config(value)
+        elif isinstance(value, list):
+            result[key] = _conservative_mask_config(value, key)
+        elif isinstance(value, str) and value and _SECRET_KEY_PATTERN.search(key):
+            result[key] = ''
+    return result
+
 # Will be initialized when blueprint is registered
 config_manager = None
 plugin_manager = None
@@ -2505,24 +2528,19 @@ def get_plugin_config():
            }

        # Mask secret fields before returning to prevent exposing API keys
-        # Fail closed — if schema unavailable, refuse to return unmasked config
        schema_mgr = api_v3.schema_manager
-        if not schema_mgr:
-            return error_response(
-                ErrorCode.CONFIG_LOAD_FAILED,
-                f"Cannot safely return config for {plugin_id}: schema manager unavailable",
-                status_code=500
-            )
+        schema_for_mask = None
+        if schema_mgr:
+            try:
+                schema_for_mask = schema_mgr.load_schema(plugin_id, use_cache=True)
+            except Exception as e:
+                logger.error("[PluginConfig] Error loading schema for %s: %s", plugin_id, e, exc_info=True)

-        schema_for_mask = schema_mgr.load_schema(plugin_id, use_cache=True)
-        if not schema_for_mask or 'properties' not in schema_for_mask:
-            return error_response(
-                ErrorCode.CONFIG_LOAD_FAILED,
-                f"Cannot safely return config for {plugin_id}: schema unavailable for secret masking",
-                status_code=500
-            )
-
-        plugin_config = mask_secret_fields(plugin_config, schema_for_mask['properties'])
+        if schema_for_mask and 'properties' in schema_for_mask:
+            plugin_config = mask_secret_fields(plugin_config, schema_for_mask['properties'])
+        else:
+            logger.warning("[PluginConfig] Schema unavailable for %s, applying conservative masking", plugin_id)
+            plugin_config = _conservative_mask_config(plugin_config)

        return success_response(data=plugin_config)
    except Exception as e: