feat: allow 3rd party plugins with user confirmation for binary downloads

[Copilot]

Third-party (non-@varlock/*) plugins were hard-blocked. This lifts the restriction with appropriate trust boundaries depending on execution context.

Behavior changes

• JS projects (node_modules): Any plugin installed via package.json is now trusted automatically — explicit installation is sufficient consent.
• Standalone binary (npm download): First-time downloads of 3rd party plugins require interactive confirmation. Once confirmed and cached, subsequent runs skip the prompt.
• Non-interactive environments (CI, piped): Throws a clear error if confirmation is needed but no TTY is available, with a message directing users to confirm interactively or install via package.json.

Implementation

• Removed the hard SchemaError block rejecting all non-@varlock/* module names
• Added isPluginCached(url) to check the local cache index before prompting — already-cached plugins are implicitly trusted (previously confirmed)
• Confirmation prompt (using existing @clack prompt helpers) shows package name, npm registry source, and a trust reminder:

⚠  Third-party plugin download requested
   Package: some-plugin@1.0.0
   Source:  npm registry (https://registry.npmjs.org)

   Only install plugins from sources you trust.

◆ Allow downloading "some-plugin@1.0.0" from npm?
  ● Yes, download it / ○ No, cancel

Docs

Updated plugins.mdx to remove the "only @varlock/* supported" caution and add a note about the confirmation requirement for 3rd party binary downloads.

[changeset-bot]

🦋 Changeset detected

Latest commit: a8aab1c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 18 packages

Name	Type
varlock	Minor
@varlock/astro-integration	Major
@varlock/cloudflare-integration	Major
@varlock/expo-integration	Major
@varlock/nextjs-integration	Major
@varlock/vite-integration	Major
@varlock/1password-plugin	Major
@varlock/aws-secrets-plugin	Major
@varlock/azure-key-vault-plugin	Major
@varlock/bitwarden-plugin	Major
@varlock/dashlane-plugin	Major
@varlock/google-secret-manager-plugin	Major
@varlock/hashicorp-vault-plugin	Major
@varlock/infisical-plugin	Major
@varlock/keepass-plugin	Major
@varlock/pass-plugin	Major
@varlock/passbolt-plugin	Major
@varlock/proton-pass-plugin	Major

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	varlock-website	a8aab1c	Commit Preview URL Branch Preview URL	Apr 02 2026, 07:25 PM

[philmillman]

@theoephraim we may need a --dangerously-accept style flag for CI (or non-interactive workflows) maybe with some sort of allowList?