fix: keep dogfood public surface hardlink-safe

Dogfood now points at an OpenClaw commit with the broader plugin hardlink work merged, but the bundled public-surface loader still needs nix-openclaw's package-root hardlink compatibility patch. Keep that patch active for dogfood and add a package-content check that fails if the compiled loader rejects hardlinked package files again.

Tests: nix fmt --accept-flake-config; git diff --check; remote mac-mini nix build .#checks.aarch64-darwin.package-contents-dogfood --no-link; remote mac-mini nix build .#checks.aarch64-darwin.package-contents --no-link; remote mac-mini nix build .#checks.aarch64-darwin.default-instance --no-link

Co-authored-by: Codex <noreply@openai.com>

flake.nix

@@ -105,6 +105,9 @@
               package-contents = pkgs.callPackage ./nix/checks/openclaw-package-contents.nix {
                 openclawGateway = packageSetStable.openclaw-gateway;
               };
+              package-contents-dogfood = pkgs.callPackage ./nix/checks/openclaw-package-contents.nix {
+                openclawGateway = packageSetDogfood.openclaw-gateway;
+              };
               default-instance = pkgs.callPackage ./nix/checks/openclaw-default-instance.nix { };
               config-validity = pkgs.callPackage ./nix/checks/openclaw-config-validity.nix {
                 openclawGateway = packageSetStable.openclaw-gateway;

nix/patches/allow-package-public-surface-hardlinks.patch

@@ -1,25 +1,13 @@
 diff --git a/src/plugins/public-surface-loader.ts b/src/plugins/public-surface-loader.ts
-index 1f5b5ab..c9727e1 100644
+index 5f6f939..8cb550f 100644
 --- a/src/plugins/public-surface-loader.ts
 +++ b/src/plugins/public-surface-loader.ts
-@@ -116,13 +116,16 @@ export function loadBundledPluginPublicArtifactModuleSync<T extends object>(para
-   if (cached) {
-     return cached as T;
-   }
--
-+  const packageRoot = path.resolve(OPENCLAW_PACKAGE_ROOT);
-+  const resolvedModulePath = path.resolve(location.modulePath);
-+  const isPackagePublicSurface = resolvedModulePath.startsWith(`${packageRoot}${path.sep}`);
-+
-   const opened = openBoundaryFileSync({
-     absolutePath: location.modulePath,
+@@ -128,7 +128,7 @@ export function loadBundledPluginPublicArtifactModuleSync<T extends object>(para
      rootPath: location.boundaryRoot,
--    boundaryLabel:
--      location.boundaryRoot === OPENCLAW_PACKAGE_ROOT ? "OpenClaw package root" : "plugin root",
+     boundaryLabel:
+       location.boundaryRoot === OPENCLAW_PACKAGE_ROOT ? "OpenClaw package root" : "plugin root",
 -    rejectHardlinks: true,
-+    boundaryLabel:
-+      location.boundaryRoot === OPENCLAW_PACKAGE_ROOT ? "OpenClaw package root" : "plugin root",
-+    rejectHardlinks: !isPackagePublicSurface,
++    rejectHardlinks: location.boundaryRoot !== OPENCLAW_PACKAGE_ROOT,
    });
    if (!opened.ok) {
      throw new Error(

nix/scripts/check-package-contents.sh

@@ -35,6 +35,18 @@ require_path "${root}/skills"
 require_path "${root}/node_modules/hasown"
 require_path "${root}/node_modules/combined-stream"
 
+public_surface_loader="$(
+  grep -Rsl "function loadBundledPluginPublicArtifactModuleSync" "${root}/dist" | head -1
+)"
+if [ -z "$public_surface_loader" ]; then
+  echo "Missing bundled plugin public surface loader" >&2
+  exit 1
+fi
+if grep -q "rejectHardlinks: true" "$public_surface_loader"; then
+  echo "Bundled plugin public surface loader still rejects hardlinked package files" >&2
+  exit 1
+fi
+
 require_js_alias_target() {
   alias="$1"
   alias_path="${root}/dist/${alias}"

nix/sources/openclaw-dogfood-source.nix

@@ -12,6 +12,5 @@
     hash = "sha256-jndOOSSFROyrK4RiwAsJfUuCJTj7qbmmm4Qz8BqtJ/c=";
   };
 
-  applyPublicSurfaceHardlinksPatch = false;
   applySkipPluginAutoEnableNixModePatch = false;
 }