#7204: Plugins: default non-bundled plugins off
docs
agents
## Summary
- default non-bundled plugins to **disabled** unless explicitly enabled
- prevent automatic execution of non-bundled plugin `register` hooks on gateway restart
- update plugin loader/tool tests to require explicit enable
- update plugin docs to reflect default disable behavior
## Security
Non-bundled plugins were being auto-registered on gateway restart, which effectively auto-executed code discovered on disk. This change requires an explicit enable step, reducing the risk of unintended plugin code execution.
## Testing
- pnpm test passed
<!-- greptile_comment -->
<h2>Greptile Overview</h2>
<h3>Greptile Summary</h3>
This PR changes plugin enablement defaults so non-bundled (installed / discovered on disk) plugins are **disabled unless explicitly enabled** via `plugins.entries.<id>.enabled` (or CLI enable), and updates tests/docs to reflect the new behavior. The core logic is in `src/plugins/config-state.ts` (default enable state) and is consumed by the plugin loader (`src/plugins/loader.ts`) and config validation (`src/config/validation.ts`), while tests now set `entries.<id>.enabled=true` where plugin execution is expected.
<h3>Confidence Score: 4/5</h3>
- This PR looks safe to merge and primarily tightens plugin execution defaults, with low functional risk outside of expected behavior changes.
- I reviewed the changed logic in `resolveEnableState` and traced its use through plugin loading and config validation; the behavior change is consistent across these call sites and tests were updated accordingly. Main remaining risk is behavioral: existing users relying on auto-enabled non-bundled plugins will now need explicit enablement, and some doc phrasing could still be misinterpreted.
- docs/plugin.md (wording clarity around enablement defaults), src/plugins/config-state.ts (ensure intended default-off semantics are correct for all non-bundled origins)
<!-- greptile_other_comments_section -->
<sub>(2/5) Greptile learns from your feedback when you react with thumbs up/down!</sub>
<!-- /greptile_comment -->
Most Similar PRs
#21660: fix(plugins): require explicit allowlist for non-bundled plugins
by AI-Reviewer-QS · 2026-02-20
84.4%
#2556: fix(plugin-install): handle existing plugins and filter workspace deps
by longmaba · 2026-01-27
81.5%
#11096: fix(plugins): require explicit trust for workspace and external plu...
by T1mn · 2026-02-07
80.8%
#21964: Security: harden gateway and plugin trust boundaries
by Elormyevu · 2026-02-20
79.8%
#20499: test(plugins): add bundled+config duplicate discovery regression
by dcol91863 · 2026-02-19
78.0%
#15618: fix(plugins): reject async plugin registration instead of silently ...
by AI-Reviewer-QS · 2026-02-13
77.7%
#23574: security: P0 critical remediation — plugin sandbox, password hashin...
by lumeleopard001 · 2026-02-22
77.4%
#18966: fix(config): downgrade unknown bundled plugin references to warnings
by moxunjinmu · 2026-02-17
77.1%
#20424: Fix plugin extension path traversal in discovery/install
by markmusson · 2026-02-18
76.4%
#13169: security: add --ignore-scripts to npm install during plugin/hook in...
by RamiNoodle733 · 2026-02-10
76.0%