PluginContext

[RohitKushvaha01]

No description provided.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR introduces a new local Cordova plugin (com.foxdebug.acode.rk.plugin.plugincontext) and wires it into Acode’s plugin loader so each loaded plugin can receive a ctx object. The Android side (Tee) issues a token per pluginId based on plugin.json and exposes permission queries to JS via window.PluginContext.

Key issues to address before merge:

• package.json now registers pluginContext under cordova.plugins but drops the existing auth plugin entry while still keeping the local auth package in devDependencies, which is inconsistent and can unexpectedly remove auth functionality.
• The native Tee implementation uses static in-memory stores for tokens/permissions that are never cleared, which can produce stale behavior across reloads/uninstall/reinstall within the same process lifecycle.

Other already-noted threads cover the plugin.xml name mismatch, lockfile extraneous entry, and the JS->native JSON argument type contract.

Confidence Score: 3/5

• This PR needs a couple fixes before it’s safe to merge.
• Core wiring for the new PluginContext looks coherent, but package.json introduces an inconsistent Cordova plugin configuration (auth removed from cordova.plugins while still present locally), and the Android implementation relies on static stores that can persist stale state across reloads in the same process.
• package.json, src/plugins/pluginContext/src/android/Tee.java

Important Files Changed

Filename	Overview
.prettierrc	Adds an empty Prettier config file; no functional impact observed.
package-lock.json	Adds local pluginContext dependency linkage; also includes unrelated extraneous entry noted in prior thread.
package.json	Registers pluginContext Cordova plugin and local dependency, but drops auth from cordova.plugins while still keeping auth in devDependencies (inconsistent).
src/lib/loadPlugin.js	Passes generated PluginContext into initPlugin options; JSON stringification added for native parsing.
src/plugins/pluginContext/package.json	Adds pluginContext package metadata for local Cordova plugin.
src/plugins/pluginContext/plugin.xml	Adds Cordova plugin.xml wiring for Android/JS module; plugin name mismatch already noted in prior thread.
src/plugins/pluginContext/src/android/Tee.java	Implements native token/permission store; uses static global maps that persist across WebView/app lifecycle and can return stale results.
src/plugins/pluginContext/www/PluginContext.js	Adds JS wrapper around cordova.exec for requesting token and querying permissions; returns null on failure.

Sequence Diagram

sequenceDiagram
  participant LP as loadPlugin.js
  participant PC as window.PluginContext
  participant CX as cordova.exec
  participant T as Android Tee (CordovaPlugin)
  participant IP as acode.initPlugin

  LP->>LP: read plugin.json
  LP->>PC: generate(pluginId, JSON.stringify(pluginJson))
  PC->>CX: exec("Tee","requestToken",[pluginId, pluginJsonStr])
  CX->>T: execute("requestToken", args)
  T-->>CX: callback.success(token) / error
  CX-->>PC: resolve(token)
  PC-->>LP: return ctx (_PluginContext)
  LP->>IP: initPlugin(..., { ctx })
  Note over PC,T: ctx methods call Tee to query permissions

Loading

[greptile-apps]

_{8 files reviewed, 4 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Native expects string JSON

On Android, Tee.java reads args.getString(1) and then new JSONObject(pluginJson), so the second argument must be a JSON string. Here pluginJson is passed directly (it’s an object in loadPlugin.js), which will arrive natively as a non-JSON value and trigger INVALID_PLUGIN_JSON, causing generate() to return null.

Suggested change

	generate: async function (pluginId, pluginJson) {
	try {
	function requestToken(pluginId) {
	return new Promise((resolve, reject) => {
	exec(resolve, reject, "Tee", "requestToken", [
	pluginId,
	pluginJson,
	]);
	});
	exec(resolve, reject, "Tee", "requestToken", [
	pluginId,
	JSON.stringify(pluginJson),
	]);

[greptile-apps]

Plugin metadata mismatch

This plugin is plugincontext but the <name> is set to Gatekeeper, which will surface as the wrong plugin name in Cordova tooling/plugins list. This looks like a copy/paste error and should be renamed to match the actual plugin.

Suggested change

	<plugin xmlns="http://apache.org/cordova/ns/plugins/1.0" xmlns:android="http://schemas.android.com/apk/res/android" id="com.foxdebug.acode.rk.plugin.plugincontext" version="1.0.0">
	<name>Gatekeeper</name>
	<js-module name="PluginContext" src="www/PluginContext.js">
	<clobbers target="window.PluginContext" />
	</js-module>
	<name>PluginContext</name>

[greptile-apps]

Unrelated extraneous lockfile entry

This PR introduces an extraneous entry for src/plugins/gatekeeper, but there’s no corresponding dependency/plugin added in package.json. This will make installs non-reproducible across environments and should be removed from the lockfile (regenerate package-lock.json from a clean install) so only intentional dependencies are recorded.

[greptile-apps]

Additional Comments (1)

src/lib/loadPlugin.js
Undefined PluginContext

PluginContext.generate(...) is referenced here but PluginContext isn’t imported/defined in this module, so loading any plugin will throw ReferenceError: PluginContext is not defined at runtime. If this is intended to come from the Cordova clobber (window.PluginContext), it still needs to be referenced as window.PluginContext (and ideally gated until deviceready / plugin availability).

[RohitKushvaha01]

@greptileai

[greptile-apps]

_{8 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Plugin list inconsistency

cordova.plugins dropped the auth plugin entry while devDependencies still includes the local auth package. This makes the Cordova plugin list inconsistent with what gets installed, and can remove auth functionality unexpectedly. If auth is still required, add it back under cordova.plugins; otherwise remove the local auth dependency and update any consumers accordingly.

[greptile-apps]

Global static stores leak

tokenStore, disclosed, and permissionStore are static and never cleared. In a Cordova WebView, plugins can be installed/uninstalled or reloaded without a full process restart; these maps will retain old pluginIds/tokens/permissions and can cause TOKEN_ALREADY_ISSUED or stale permission results for later sessions. Consider scoping these stores to the plugin instance/lifecycle or providing a reset path tied to app/plugin reload.