Summary

This is a stacked PR on top of TinyAGI#127 (feature/plugin-system) that hardens the plugin runtime without changing plugin API shape.

Changes:

• Add explicit plugin enable gate:
  • TINYCLAW_PLUGINS_ENABLED=1 required to load plugins
• Add timeout protection:
  • TINYCLAW_PLUGIN_HOOK_TIMEOUT_MS (default 1500)
  • TINYCLAW_PLUGIN_ACTIVATE_TIMEOUT_MS (default 3000)
• Add outgoing metadata allowlist/sanitization in queue processor:
  • currently only allows parseMode === "MarkdownV2"
• Document trust boundary and env controls in README (Plugin Security section)

Why

#127 introduces dynamic plugin loading from local filesystem.
This PR reduces risk and blast radius by:

• disabling plugin execution by default
• preventing plugin hangs from blocking processing
• preventing arbitrary metadata passthrough to channel clients
• documenting that plugins are fully trusted local code

Testing

• npm run -s build:main passes
• Queue startup with plugins disabled:
  • logs Plugins disabled..., normal startup/shutdown
• Queue startup with plugins enabled and no plugin dir:
  • logs No plugins directory found, normal startup/shutdown
• Timeout smoke test:
  • injected a temporary plugin with slow activate()
  • observed timeout log (activate timed out ...)
  • queue still starts and continues running

Dependency / Stacking

• Depends on: feat: add plugin system with events and hooks TinyAGI/tinyclaw#127
• Base branch for review: steven1522:feature/plugin-system
• After feat: add plugin system with events and hooks TinyAGI/tinyclaw#127 merges, this PR should be retargeted to main.