diff --git a/.openclaw-sync/source.json b/.openclaw-sync/source.json index a88b8d176..90642881d 100644 --- a/.openclaw-sync/source.json +++ b/.openclaw-sync/source.json @@ -1,5 +1,5 @@ { "repository": "openclaw/openclaw", - "sha": "95e430f670a3e643b52bc9a1a14f3c6570056e5d", - "syncedAt": "2026-04-22T13:54:35.799Z" + "sha": "0f4ec84a2c29bb53e94f9d91ed75d89800c17701", + "syncedAt": "2026-04-22T14:00:50.249Z" } diff --git a/docs/cli/plugins.md b/docs/cli/plugins.md index 0ed8425cd..ebf0d3c76 100644 --- a/docs/cli/plugins.md +++ b/docs/cli/plugins.md @@ -244,8 +244,10 @@ record, updates that installed plugin, and records the new npm spec for future id-based updates. When a stored integrity hash exists and the fetched artifact hash changes, -OpenClaw prints a warning and asks for confirmation before proceeding. Use -global `--yes` to bypass prompts in CI/non-interactive runs. +OpenClaw treats that as npm artifact drift. The interactive +`openclaw plugins update` command prints the expected and actual hashes and asks +for confirmation before proceeding. Non-interactive update helpers fail closed +unless the caller supplies an explicit continuation policy. `--dangerously-force-unsafe-install` is also available on `plugins update` as a break-glass override for built-in dangerous-code scan false positives during diff --git a/docs/cli/update.md b/docs/cli/update.md index fae3f6d64..e0adde198 100644 --- a/docs/cli/update.md +++ b/docs/cli/update.md @@ -36,7 +36,9 @@ openclaw --update - `--channel `: set the update channel (git + npm; persisted in config). - `--tag `: override the package target for this update only. For package installs, `main` maps to `github:openclaw/openclaw#main`. - `--dry-run`: preview planned update actions (channel/tag/target/restart flow) without writing config, installing, syncing plugins, or restarting. -- `--json`: print machine-readable `UpdateRunResult` JSON. +- `--json`: print machine-readable `UpdateRunResult` JSON, including + `postUpdate.plugins.integrityDrifts` when npm plugin artifact drift is + detected during post-update plugin sync. - `--timeout `: per-step timeout (default is 1200s). - `--yes`: skip confirmation prompts (for example downgrade confirmation) @@ -101,6 +103,11 @@ High-level: 8. Runs `openclaw doctor` as the final “safe update” check. 9. Syncs plugins to the active channel (dev uses bundled extensions; stable/beta uses npm) and updates npm-installed plugins. +If an exact pinned npm plugin update resolves to an artifact whose integrity +differs from the stored install record, `openclaw update` aborts that plugin +artifact update instead of installing it. Reinstall or update the plugin +explicitly only after verifying that you trust the new artifact. + If pnpm bootstrap still fails, the updater now stops early with a package-manager-specific error instead of trying `npm run build` inside the checkout. ## `--update` shorthand