The stable and dogfood OpenClaw source pins need different public-surface hardlink patch shapes while upstream is still catching up. Select the right patch per source and make package contents import the OpenAI provider policy public surface, which is the path the gateway uses before a model run.
Tests: nix fmt --accept-flake-config; git diff --check; remote mac-mini nix build .#checks.aarch64-darwin.package-contents-dogfood --no-link; remote mac-mini nix build .#checks.aarch64-darwin.package-contents --no-link
Co-authored-by: Codex <noreply@openai.com>
What:\n- expose temporary dogfood package outputs pinned to an upstream OpenClaw commit with the Nix-mode fixes merged\n- let source pins disable downstream patches that are already upstream\n- build current upstream plugin assets through upstream asset hooks, while keeping the 2026.5.7 path working\n- supply the fs-safe Git dependency as an immutable Nix source for the dogfood build\n\nWhy:\n- private deployments need to dogfood upstream fixes before the next OpenClaw release without making the published stable package depend on runtime npm work\n\nTests:\n- remote Mac mini: nix build --accept-flake-config .#openclaw-gateway-dogfood --no-link\n- remote Mac mini: nix build --accept-flake-config .#openclaw-dogfood --no-link\n- remote Mac mini: nix build --accept-flake-config .#checks.aarch64-darwin.default-instance --no-link\n- remote Mac mini: nix build --accept-flake-config .#checks.aarch64-darwin.package-contents --no-link\n\nCo-authored-by: Codex <noreply@openai.com>
Add a hash-backed npm runtime plugin path that lowers OpenClaw-style npm sources into immutable plugin roots and wires them through the existing Home Manager plugin resolver. Keep flake-backed customPlugins unchanged and document the boundary for agents and maintainers.
Tests: nix build .#checks.aarch64-darwin.default-instance --no-link; nix flake check --no-build; git diff --check
Co-authored-by: Codex <noreply@openai.com>
Patch the gateway startup path so OPENCLAW_NIX_MODE skips plugin auto-enable persistence instead of replacing a Nix-managed config symlink.
Plugins remain a declarative Nix config choice under the Home Manager module; runtime auto-enable can still report what it would have changed.
Tests: git diff --cached --check; patch -p1 --dry-run against pinned OpenClaw source; nix build .#packages.aarch64-darwin.openclaw-gateway --accept-flake-config --no-link --print-out-paths; OPENCLAW_NIX_MODE symlink-clobber smoke against the native gateway; nix build .#packages.x86_64-linux.openclaw-gateway --accept-flake-config --no-link --print-out-paths
What:
- harden the package build against broken prune symlinks and missing plugin metadata
- make the config-options and gateway test checks call the installed CLIs directly
- restore the bundled runtime-deps staging patch for Nix builds
- rebuild the test prebuild around the exact generated artifacts the Nix checks consume
Why:
- the release recovery failures were not random product regressions; they were Nix-owned build and test contract drift
- nix-openclaw needed the same plugin manifests, plugin-sdk artifacts, runtime deps staging, and local CLI resolution that upstream assumes
Tests:
- final green CI run on main: 24217118174
