feat: add runtime validation of plugin driver descriptors

Author: datlechin

TablePro/Core/Plugins/PluginError.swift

@@ -19,6 +19,7 @@ enum PluginError: LocalizedError {
     case downloadFailed(String)
     case pluginNotInstalled(String)
     case incompatibleWithCurrentApp(minimumRequired: String)
+    case invalidDescriptor(pluginId: String, reason: String)
 
     var errorDescription: String? {
         switch self {
@@ -48,6 +49,8 @@ enum PluginError: LocalizedError {
             return String(localized: "The \(databaseType) plugin is not installed. You can download it from the plugin marketplace.")
         case .incompatibleWithCurrentApp(let minimumRequired):
             return String(localized: "This plugin requires TablePro \(minimumRequired) or later")
+        case .invalidDescriptor(let pluginId, let reason):
+            return String(localized: "Plugin '\(pluginId)' has an invalid descriptor: \(reason)")
         }
     }
 }

TablePro/Core/Plugins/PluginManager.swift

@@ -249,6 +249,12 @@ final class PluginManager {
             if !declared.contains(.databaseDriver) {
                 Self.logger.warning("Plugin '\(pluginId)' conforms to DriverPlugin but does not declare .databaseDriver capability — registering anyway")
             }
+            do {
+                try validateDriverDescriptor(type(of: driver), pluginId: pluginId)
+            } catch {
+                Self.logger.error("Plugin '\(pluginId)' rejected: \(error.localizedDescription)")
+                return
+            }
             let typeId = type(of: driver).databaseTypeId
             driverPlugins[typeId] = driver
             for additionalId in type(of: driver).additionalDatabaseTypeIds {
@@ -293,6 +299,73 @@ final class PluginManager {
         }
     }
 
+    // MARK: - Descriptor Validation
+
+    /// Reject-level validation: runs synchronously before registration.
+    /// Checks only properties already accessed during the loading flow.
+    private func validateDriverDescriptor(_ driverType: any DriverPlugin.Type, pluginId: String) throws {
+        guard !driverType.databaseTypeId.trimmingCharacters(in: .whitespaces).isEmpty else {
+            throw PluginError.invalidDescriptor(pluginId: pluginId, reason: "databaseTypeId is empty")
+        }
+
+        guard !driverType.databaseDisplayName.trimmingCharacters(in: .whitespaces).isEmpty else {
+            throw PluginError.invalidDescriptor(pluginId: pluginId, reason: "databaseDisplayName is empty")
+        }
+
+        let typeId = driverType.databaseTypeId
+        if let existingPlugin = driverPlugins[typeId] {
+            let existingName = Swift.type(of: existingPlugin).databaseDisplayName
+            throw PluginError.invalidDescriptor(
+                pluginId: pluginId,
+                reason: "databaseTypeId '\(typeId)' is already registered by '\(existingName)'"
+            )
+        }
+
+        let allAdditionalIds = driverType.additionalDatabaseTypeIds
+        if allAdditionalIds.contains(typeId) {
+            Self.logger.warning("Plugin '\(pluginId)': additionalDatabaseTypeIds contains the primary databaseTypeId '\(typeId)'")
+        }
+
+        for additionalId in allAdditionalIds {
+            if let existingPlugin = driverPlugins[additionalId] {
+                let existingName = Swift.type(of: existingPlugin).databaseDisplayName
+                throw PluginError.invalidDescriptor(
+                    pluginId: pluginId,
+                    reason: "additionalDatabaseTypeId '\(additionalId)' is already registered by '\(existingName)'"
+                )
+            }
+        }
+    }
+
+    /// Warn-level connection field validation. Called lazily when fields are accessed,
+    /// not during plugin loading (protocol witness tables may be unstable for dynamically loaded bundles).
+    private func validateConnectionFields(_ fields: [ConnectionField], pluginId: String) {
+        var seenIds = Set<String>()
+        for field in fields {
+            if field.id.trimmingCharacters(in: .whitespaces).isEmpty {
+                Self.logger.warning("Plugin '\(pluginId)': connection field has empty id")
+            }
+            if field.label.trimmingCharacters(in: .whitespaces).isEmpty {
+                Self.logger.warning("Plugin '\(pluginId)': connection field '\(field.id)' has empty label")
+            }
+            if !seenIds.insert(field.id).inserted {
+                Self.logger.warning("Plugin '\(pluginId)': duplicate connection field id '\(field.id)'")
+            }
+            if case .dropdown(let options) = field.fieldType, options.isEmpty {
+                Self.logger.warning("Plugin '\(pluginId)': connection field '\(field.id)' is a dropdown with no options")
+            }
+        }
+    }
+
+    private func validateDialectDescriptor(_ dialect: SQLDialectDescriptor, pluginId: String) {
+        if dialect.identifierQuote.trimmingCharacters(in: .whitespaces).isEmpty {
+            Self.logger.warning("Plugin '\(pluginId)': sqlDialect.identifierQuote is empty")
+        }
+        if dialect.keywords.isEmpty {
+            Self.logger.warning("Plugin '\(pluginId)': sqlDialect.keywords is empty")
+        }
+    }
+
     private func replaceExistingPlugin(bundleId: String) {
         guard let existingIndex = plugins.firstIndex(where: { $0.id == bundleId }) else { return }
         // Order matters: unregisterCapabilities reads from `plugins` to find the principal class