diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index 9400eee0a..0797bd7b4 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "fbd6b3ce3cb4eecff4cc7eddfec4153d8f3e95f5", - "syncedAt": "2026-04-26T05:06:55.161Z" + "sha": "8c35e45c00ff4b19b6e607e5127d6422ff8c2409", + "syncedAt": "2026-04-26T05:09:05.385Z" } diff --git a/docs/gateway/doctor.md b/docs/gateway/doctor.md index 057a4bf70..f66d7ce3e 100644 --- a/docs/gateway/doctor.md +++ b/docs/gateway/doctor.md @@ -584,6 +584,9 @@ Notes: - If token auth requires a token and the configured token SecretRef is unresolved, doctor blocks the install/repair path with actionable guidance. - If both `gateway.auth.token` and `gateway.auth.password` are configured and `gateway.auth.mode` is unset, doctor blocks install/repair until mode is set explicitly. - For Linux user-systemd units, doctor token drift checks now include both `Environment=` and `EnvironmentFile=` sources when comparing service auth metadata. +- Doctor service repairs refuse to rewrite, stop, or restart a gateway service + from an older OpenClaw binary when the config was last written by a newer + version. See [Gateway troubleshooting](/gateway/troubleshooting#split-brain-installs-and-newer-config-guard). - You can always force a full rewrite via `openclaw gateway install --force`. ### 16) Gateway runtime + port diagnostics diff --git a/docs/gateway/troubleshooting.md b/docs/gateway/troubleshooting.md index eb549bcba..0b4204eb4 100644 --- a/docs/gateway/troubleshooting.md +++ b/docs/gateway/troubleshooting.md @@ -30,6 +30,42 @@ Expected healthy signals: - `openclaw channels status --probe` shows live per-account transport status and, where supported, probe/audit results such as `works` or `audit ok`. +## Split brain installs and newer config guard + +Use this when a gateway service unexpectedly stops after an update, or logs show +that one `openclaw` binary is older than the version that last wrote +`openclaw.json`. + +OpenClaw stamps config writes with `meta.lastTouchedVersion`. Read-only commands +can still inspect a config written by a newer OpenClaw, but process and service +mutations refuse to continue from an older binary. Blocked actions include +gateway service start, stop, restart, uninstall, forced service reinstall, +service-mode gateway startup, and `gateway --force` port cleanup. + +```bash +which openclaw +openclaw --version +openclaw gateway status --deep +openclaw config get meta.lastTouchedVersion +``` + +Fix options: + +1. Fix `PATH` so `openclaw` resolves to the newer install, then rerun the action. +2. Reinstall the intended gateway service from the newer install: + + ```bash + openclaw gateway install --force + openclaw gateway restart + ``` + +3. Remove stale system package or old wrapper entries that still point at an old + `openclaw` binary. + +For intentional downgrade or emergency recovery only, set +`OPENCLAW_ALLOW_OLDER_BINARY_DESTRUCTIVE_ACTIONS=1` for the single command. +Leave it unset for normal operation. + ## Anthropic 429 extra usage required for long context Use this when logs/errors include: