The stable and dogfood OpenClaw source pins need different public-surface hardlink patch shapes while upstream is still catching up. Select the right patch per source and make package contents import the OpenAI provider policy public surface, which is the path the gateway uses before a model run.
Tests: nix fmt --accept-flake-config; git diff --check; remote mac-mini nix build .#checks.aarch64-darwin.package-contents-dogfood --no-link; remote mac-mini nix build .#checks.aarch64-darwin.package-contents --no-link
Co-authored-by: Codex <noreply@openai.com>
Dogfood now points at an OpenClaw commit with the broader plugin hardlink work merged, but the bundled public-surface loader still needs nix-openclaw's package-root hardlink compatibility patch. Keep that patch active for dogfood and add a package-content check that fails if the compiled loader rejects hardlinked package files again.
Tests: nix fmt --accept-flake-config; git diff --check; remote mac-mini nix build .#checks.aarch64-darwin.package-contents-dogfood --no-link; remote mac-mini nix build .#checks.aarch64-darwin.package-contents --no-link; remote mac-mini nix build .#checks.aarch64-darwin.default-instance --no-link
Co-authored-by: Codex <noreply@openai.com>
What:\n- expose temporary dogfood package outputs pinned to an upstream OpenClaw commit with the Nix-mode fixes merged\n- let source pins disable downstream patches that are already upstream\n- build current upstream plugin assets through upstream asset hooks, while keeping the 2026.5.7 path working\n- supply the fs-safe Git dependency as an immutable Nix source for the dogfood build\n\nWhy:\n- private deployments need to dogfood upstream fixes before the next OpenClaw release without making the published stable package depend on runtime npm work\n\nTests:\n- remote Mac mini: nix build --accept-flake-config .#openclaw-gateway-dogfood --no-link\n- remote Mac mini: nix build --accept-flake-config .#openclaw-dogfood --no-link\n- remote Mac mini: nix build --accept-flake-config .#checks.aarch64-darwin.default-instance --no-link\n- remote Mac mini: nix build --accept-flake-config .#checks.aarch64-darwin.package-contents --no-link\n\nCo-authored-by: Codex <noreply@openai.com>
Add a hash-backed npm runtime plugin path that lowers OpenClaw-style npm sources into immutable plugin roots and wires them through the existing Home Manager plugin resolver. Keep flake-backed customPlugins unchanged and document the boundary for agents and maintainers.
Tests: nix build .#checks.aarch64-darwin.default-instance --no-link; nix flake check --no-build; git diff --check
Co-authored-by: Codex <noreply@openai.com>
Install and validate OpenClaw's dist-runtime tree so bundled runtime plugins such as ACPX are present in the Nix gateway output.
Extend the existing plugin flake contract with immutable OpenClaw plugin roots, wire those roots into generated config, and add eval fixtures proving default enablement, user overrides, and disabled entries.
Document the boundary: curated plugin artifacts are CI/Garnix-cached by nix-openclaw, while arbitrary npm or ClawHub specs need deterministic lock/hash-backed Nix artifacts cached by the user's store/cache instead of runtime npm installs.
Tests: nix build --accept-flake-config .#checks.x86_64-linux.default-instance --no-link --print-out-paths; nix eval --accept-flake-config --raw .#checks.aarch64-darwin.package-contents.drvPath; nix build --accept-flake-config .#checks.aarch64-darwin.package-contents --no-link --dry-run; nix build --impure --accept-flake-config .#darwinConfigurations.mac-mini.system --no-link --override-input nix-openclaw path:/Users/josh/code/nix/nix-openclaw --dry-run
Co-authored-by: Codex <noreply@openai.com>
The gateway runtime loads built plugins from dist/extensions, so the source extensions tree only needs manifest metadata for compatibility. Copy only openclaw.plugin.json files and assert the memory-core manifest exists in both compatibility and runtime trees.
Tests: sh -n nix/scripts/gateway-install.sh nix/scripts/check-package-contents.sh; git diff --check; nix build --dry-run .#checks.aarch64-darwin.package-contents .#checks.x86_64-linux.package-contents --accept-flake-config
Use a normal temporary build root and copy only final runtime outputs into the Nix output. This avoids the Garnix stall caused by recursively deleting the temporary OpenClaw source tree from inside $out during install.
Tests: sh -n nix/scripts/build-root.sh nix/scripts/gateway-install.sh; git diff --check; nix build --dry-run .#checks.aarch64-darwin.qmd-runtime .#checks.x86_64-linux.qmd-runtime --accept-flake-config
Move the temporary output build root out of the final output instead of recursively deleting it during install, and time the final wrapper/cleanup steps so Garnix logs show where gateway builds stall.
Tests: sh -n nix/scripts/build-root.sh nix/scripts/gateway-install.sh; git diff --check; nix build --dry-run .#checks.aarch64-darwin.qmd-runtime .#checks.x86_64-linux.qmd-runtime --accept-flake-config
Use NIX_BUILD_CORES for zstd extraction instead of --threads=0. Garnix macOS builders were hanging in the pnpm-store extraction step on the fresh OpenClaw gateway build.
Tests: git diff --check. Full package proof is delegated to Garnix because the fresh v2026.5.5 gateway source build is intentionally not run locally.
Remove the install-phase patchShebangs pass over node_modules/.bin. The build phase already runs patchShebangs before packaging, and the second pass can hang Garnix while not materially changing the output.
Tests: git diff --check. Full package proof is delegated to Garnix because the fresh v2026.5.5 gateway source build is intentionally not run locally.
Use QMD's real update/embed/query commands instead of the nonexistent qmd pull path, and keep the activation script in nix/scripts instead of inline Nix.
Tests: nix build .#checks.aarch64-darwin.config-validity .#checks.aarch64-darwin.qmd-runtime --no-link; nix eval .#checks.x86_64-linux.qmd-runtime.name; scripts/check-flake-lock-owners.sh; git diff --check
Bundle a Nix Python path inside the OpenClaw batteries wrapper for the safe-write helper. This avoids macOS /usr/bin/python3 triggering the Xcode command-line-tools shim on headless hosts, without exposing Python on the user PATH.
Tests: nix build .#checks.aarch64-darwin.qmd-runtime --no-link; nix eval .#checks.x86_64-linux.qmd-runtime.name; scripts/check-flake-lock-owners.sh; git diff --check
What:
- run upstream runtime-postbuild after tsdown in the gateway build
- assert runtime-model-auth stable alias points at a real generated target
Why:
- bundled provider auth imports need the upstream stable runtime alias materialized in the Nix package
- package-contents should catch missing runtime aliases before deployment
Tests:
- nix build .#checks.aarch64-darwin.package-contents --accept-flake-config --no-link
- nix build .#checks.aarch64-darwin.qmd-runtime --accept-flake-config --no-link
- nix build .#checks.aarch64-darwin.bin-surface .#checks.aarch64-darwin.config-validity .#checks.aarch64-darwin.gateway-smoke --accept-flake-config --no-link
What:
- make the downstream Nix-mode auto-enable patch runtime-only and remove broken degraded-state references
- allow plugin-owned channels.<id> config in generated Home Manager options
- add Telegram channel config coverage to the config validity check
- document the Nix/OpenClaw boundary in AGENTS.md
Why:
- Nix-owned openclaw.json must not be mutated at runtime
- plugin channel config should stay valid even when upstream core schema does not type every plugin-owned channel key
- future agents need the boundary documented in the packaging repo
Tests:
- patch -d /tmp/openclaw-v2026.5.4 -p1 --dry-run < nix/patches/skip-plugin-auto-enable-persist-in-nix-mode.patch: passed
- generator round-trip against OpenClaw 325df3ef produced no diff: passed
- nix eval --accept-flake-config --raw .#checks.aarch64-darwin.config-validity.drvPath: passed
- nix eval --accept-flake-config --raw .#checks.x86_64-linux.config-options.drvPath: passed
- nix build --accept-flake-config .#checks.aarch64-darwin.config-validity --no-link --print-build-logs: passed
Make QMD the Nix-supported batteries-included local memory backend by pinning the upstream QMD flake and adding qmd to the private openclaw wrapper PATH.
Keep QMD opt-in through upstream OpenClaw config with memory.backend = qmd, and document that builtin memorySearch.provider = local remains an escape hatch rather than the primary supported Nix path.
Also point nix run .#openclaw at the batteries-included bundle so app execution gets the same internal runtime PATH as the package.
Tests: sh -n nix/scripts/check-openclaw-qmd-runtime.sh; scripts/check-flake-lock-owners.sh; git diff --check; nix flake show --accept-flake-config --json; nix build .#checks.aarch64-darwin.qmd-runtime .#checks.aarch64-darwin.bin-surface .#packages.aarch64-darwin.openclaw --accept-flake-config --no-link --print-out-paths; nix build .#checks.x86_64-linux.qmd-runtime --accept-flake-config --no-link --print-out-paths; nix build .#checks.aarch64-darwin.ci --accept-flake-config --no-link --print-out-paths; nix build .#packages.x86_64-linux.openclaw .#checks.x86_64-linux.bin-surface --accept-flake-config --no-link --print-out-paths; scripts/hm-activation-macos.sh; nix build .#checks.x86_64-linux.gateway-smoke --accept-flake-config --no-link --print-out-paths; nix run .#openclaw --accept-flake-config -- --version; bash -n scripts/update-pins.sh; node --check scripts/select-openclaw-release.mjs; node --check scripts/select-openclaw-release.test.mjs; node scripts/select-openclaw-release.test.mjs
Expose only the openclaw command from the default package while keeping bundled runtime tools on the wrapper PATH. Remove the public openclaw-tools package output and document runtime tools as implementation detail.
Tests: nix build .#packages.aarch64-darwin.openclaw .#checks.aarch64-darwin.bin-surface .#packages.x86_64-linux.openclaw .#checks.x86_64-linux.bin-surface --accept-flake-config --no-link --print-out-paths; nix build .#checks.aarch64-darwin.ci --accept-flake-config --no-link --print-out-paths; git diff --check --cached
Patch the gateway startup path so OPENCLAW_NIX_MODE skips plugin auto-enable persistence instead of replacing a Nix-managed config symlink.
Plugins remain a declarative Nix config choice under the Home Manager module; runtime auto-enable can still report what it would have changed.
Tests: git diff --cached --check; patch -p1 --dry-run against pinned OpenClaw source; nix build .#packages.aarch64-darwin.openclaw-gateway --accept-flake-config --no-link --print-out-paths; OPENCLAW_NIX_MODE symlink-clobber smoke against the native gateway; nix build .#packages.x86_64-linux.openclaw-gateway --accept-flake-config --no-link --print-out-paths
What:
- copy upstream bundled skills into the gateway package output
- make package-contents require bundled SKILL.md files under lib/openclaw/skills
Why:
- upstream bundled skills are part of the runnable OpenClaw package contract
- package checks should catch missing skills before users hit runtime failures
Tests:
- git diff --cached --check: passed
- temporary worktree with only this staged patch: nix build #checks.x86_64-linux.package-contents --accept-flake-config --no-link --print-out-paths: /nix/store/zqwb4x85cwww8fx5gzj0asxy1ic5i373-openclaw-package-contents-unstable-8b2a6e57
What:
- flatten source-discriminated object unions when the variants have different fields
- regenerate secrets.providers as one submodule with a source enum and nullable variant fields
- add a default-instance regression for file-backed secret providers
Why:
- Nix cannot reliably merge attrsOf oneOf submodules for secrets.providers
- the generated module should preserve upstream config shape while staying evaluable
Tests:
- git diff --cached --check: passed
- temporary worktree with only this staged patch: nix build #checks.x86_64-linux.default-instance --accept-flake-config --no-link --print-out-paths: /nix/store/2zihci7mhlk3mcbczmyw0s401n162vk7-openclaw-default-instance-1
- temporary worktree with only this staged patch: nix build #checks.x86_64-linux.config-options --accept-flake-config --no-link --print-out-paths: /nix/store/4yrjhllg88ydyf70yqnkdmndbrv7y2c6-openclaw-source-checks-unstable-8b2a6e57
What:
- replace the misleading gateway test check with a source-checks build/config-options check
- remove the full upstream Vitest suite from the hard Nix promotion gate
- document that yolo validates the Nix-owned package contract, not upstream source test health
Why:
- the current full packageable upstream release builds as a package but has failing upstream Vitest cases when rebuilt from source
- nix-openclaw should block on packaging, smoke startup, config generation, module activation, and app artifacts rather than an upstream-owned unit test suite
Tests:
- git diff --check
- bash -n scripts/update-pins.sh scripts/hm-activation-macos.sh nix/modules/home-manager/openclaw-launchd-relink.sh nix/scripts/source-checks-build.sh nix/scripts/source-checks-check.sh nix/scripts/config-options-check.sh
- ruby -e 'require "yaml"; YAML.load_file(".github/workflows/ci.yml"); YAML.load_file(".github/workflows/yolo-update.yml")'
- nix eval --accept-flake-config --raw .#checks.x86_64-linux.source-checks.drvPath
- nix eval --accept-flake-config --raw .#checks.x86_64-linux.ci.drvPath
- nix flake show --accept-flake-config --all-systems --json
- scripts/check-flake-lock-owners.sh
- node scripts/select-openclaw-release.test.mjs
- scripts/hm-activation-macos.sh
- nix build --accept-flake-config -L .#checks.aarch64-darwin.ci
OpenClaw v2026.4.14 moved the gateway Vitest config under test/vitest/, but
our Nix gateway test seam still hard-coded the old root-level path. Linux CI
therefore failed before tests even started.
Prefer the old path when present, but fall back to the new upstream path so the
stable release mirror works across both layouts.
Tests:
- bash -n nix/scripts/gateway-tests-check.sh
What:
- restore the direct vitest entrypoint lookup in nix/scripts/gateway-tests-check.sh
- execute the discovered vitest module with node instead of relying on pnpm exec lookup
Why:
- the history rewrite dropped one real recovery fix and reintroduced the gateway-tests runner failure on Linux
- the green line already proved the direct-entrypoint approach works reliably in the Nix check environment
Tests:
- verified failing CI run 24246896697: ERR_PNPM_RECURSIVE_EXEC_FIRST_FAIL Command "vitest" not found
Why:
- disabling bundled plugins globally fixed provider leakage but broke send tests that rely on bundled channels
- Linux gateway tests need bundled channels, but not real provider model augmentation or web search/fetch provider discovery
What:
- keep the gateway test env unchanged
- patch gateway test mocks to stub provider model augmentation to []
- patch gateway test mocks to stub runtime and public-artifact web search/fetch provider discovery to []
- keep the change in the Nix postpatch seam only
Tests:
- sh -n nix/scripts/gateway-postpatch.sh
- nix eval --raw --accept-flake-config .#checks.x86_64-linux.gateway-tests.src.outPath
Move nix-openclaw to the current OpenClaw daily release and refresh the
release-coupled generated artifacts.
Also fix the Nix build wrapper for A2UI bundling by running the same tsc +
rolldown steps directly instead of relying on upstream's nested pnpm runner,
which exits silently inside the Nix build environment.
Verification:
- nix build .#openclaw-gateway --accept-flake-config -L
- nix build .#checks.aarch64-darwin.ci --accept-flake-config -L
- scripts/hm-activation-macos.sh (expected local USER mismatch: josh vs runner)
What:
- harden the package build against broken prune symlinks and missing plugin metadata
- make the config-options and gateway test checks call the installed CLIs directly
- restore the bundled runtime-deps staging patch for Nix builds
- rebuild the test prebuild around the exact generated artifacts the Nix checks consume
Why:
- the release recovery failures were not random product regressions; they were Nix-owned build and test contract drift
- nix-openclaw needed the same plugin manifests, plugin-sdk artifacts, runtime deps staging, and local CLI resolution that upstream assumes
Tests:
- final green CI run on main: 24217118174
What:
- export node_modules/.pnpm/node_modules/.bin in gateway build before canvas:a2ui:bundle
so rolldown is found in sandbox/offline builds
- track openclaw bump failure in scripts/update-pins.sh and fail the workflow when
openclaw upstream is ahead but no openclaw pin update was produced
Why:
- yolo was reporting success while silently restoring old pins
- openclaw bump attempts were repeatedly failing at A2UI bundling, keeping pins stale
Tests:
- bash -n scripts/update-pins.sh
- bash -n nix/scripts/gateway-build.sh
What:
- set `dontFixup = true` for `openclaw-gateway`
- speed install phase by moving build outputs instead of deep-copying node_modules
- add lightweight dangling-symlink integrity check in gateway install script
- remove `.github/workflows/cache-only.yml`
Why:
- keep the high-value packaging/build speed improvements
- keep one minimal safety guard when fixup is skipped
- remove flaky cache orchestration that adds CI latency and merge-SHA timeout failures
Tests:
- not run locally (per-request: CI-only validation due local NixOS issues)
- will validate via GitHub Actions/Garnix on push to main
Gateway bundles now export validateConfigObjectWithPlugins (often aliased) instead of dist/config/validation.js. Detect and use the exported plugin-aware validator.
- add clipboard wrapper + patch script for Linux builds
- apply patch during gateway install
- drop hm-activation debug/probe env and restore test script
Tests: not run (CI)
- Export OPENCLAW_* vars in launchd/systemd services.
- Set OPENCLAW_NIX_MODE default in gateway wrapper.
- Dump gateway logs on hm-activation failure.
Tests: not run (CI)
Options with Zod defaults now emit nullOr defaults in generated config options to avoid missing value errors.
Regenerated nix/generated/openclaw-config-options.nix.
Tests: not run (config generation).
