Add Home Manager runtimePackages/environment options that feed the gateway wrapper without polluting the user PATH. Link the same runtime package set into Codex's isolated agent home so shell calls from the Codex harness see Nix-managed plugin and helper CLIs.
Tests: ./scripts/check-flake-lock-owners.sh; nix flake show --accept-flake-config; nix build --accept-flake-config .#checks.aarch64-darwin.ci --no-link; nix build --accept-flake-config .#checks.aarch64-darwin.qmd-runtime .#checks.aarch64-darwin.bin-surface .#checks.aarch64-darwin.package-contents --no-link; nix eval --accept-flake-config .#checks.x86_64-linux.default-instance.drvPath; ./scripts/hm-activation-macos.sh
Make QMD the Nix-supported batteries-included local memory backend by pinning the upstream QMD flake and adding qmd to the private openclaw wrapper PATH.
Keep QMD opt-in through upstream OpenClaw config with memory.backend = qmd, and document that builtin memorySearch.provider = local remains an escape hatch rather than the primary supported Nix path.
Also point nix run .#openclaw at the batteries-included bundle so app execution gets the same internal runtime PATH as the package.
Tests: sh -n nix/scripts/check-openclaw-qmd-runtime.sh; scripts/check-flake-lock-owners.sh; git diff --check; nix flake show --accept-flake-config --json; nix build .#checks.aarch64-darwin.qmd-runtime .#checks.aarch64-darwin.bin-surface .#packages.aarch64-darwin.openclaw --accept-flake-config --no-link --print-out-paths; nix build .#checks.x86_64-linux.qmd-runtime --accept-flake-config --no-link --print-out-paths; nix build .#checks.aarch64-darwin.ci --accept-flake-config --no-link --print-out-paths; nix build .#packages.x86_64-linux.openclaw .#checks.x86_64-linux.bin-surface --accept-flake-config --no-link --print-out-paths; scripts/hm-activation-macos.sh; nix build .#checks.x86_64-linux.gateway-smoke --accept-flake-config --no-link --print-out-paths; nix run .#openclaw --accept-flake-config -- --version; bash -n scripts/update-pins.sh; node --check scripts/select-openclaw-release.mjs; node --check scripts/select-openclaw-release.test.mjs; node scripts/select-openclaw-release.test.mjs
Fix the documented minimal Home Manager plugin option to use customPlugins, remove the stale duplicate skill-file builder, and assert duplicate plugin skill paths against the paths Home Manager actually installs.
Add local plugin fixtures so the default-instance check covers the agent-facing customPlugins path and duplicate skill collisions.
The stable mirror had advanced main to v2026.4.14 with an app hash that only
matched prefetch output, not the unpacked tree hash that fetchzip validates.
That left macOS CI red on the pinned stable release.
Compute the app hash from the unpacked zip contents in update-pins.sh and fix
the current v2026.4.14 app pin to the actual fetchzip hash.
Tests:
- bash -n scripts/update-pins.sh
- nix build .#openclaw-app --accept-flake-config -L
What:
- split the stable-release updater into read-only selection and pin materialization modes
- rewrite yolo into select, validate-linux, validate-macos, and promote jobs
- fail yolo when the newest stable release is incomplete instead of silently sticking
- update maintainer docs to describe the new safe promotion policy
Why:
- stop direct yolo pushes from moving main without the same Linux and macOS proof as CI
- keep mirroring the newest stable release while making broken upstream releases visible
Tests:
- bash -n scripts/update-pins.sh
- ruby -e 'require "yaml"; YAML.load_file(".github/workflows/yolo-update.yml"); puts "yaml-ok"'
- GITHUB_ACTIONS=true GH_TOKEN="$(gh auth token)" scripts/update-pins.sh select
- temp copy pinned to v2026.4.11: scripts/update-pins.sh select emits v2026.4.14 tuple
What:
- switch the pin updater from upstream-main commit selection to upstream stable release selection
- restore Yolo Update Pins as an hourly stable-release poller
- update maintainer and README docs to describe stable-release mirroring and the recovery lesson
Why:
- OpenClaw stable is already tag-based upstream, and nix-openclaw should mirror that release line directly
- this removes the old latest-green-main churn model and keeps source + app pins tied to one published upstream release
Tests:
- bash -n scripts/update-pins.sh
- GITHUB_ACTIONS=true GH_TOKEN="$(gh auth token)" scripts/update-pins.sh
What:
- export node_modules/.pnpm/node_modules/.bin in gateway build before canvas:a2ui:bundle
so rolldown is found in sandbox/offline builds
- track openclaw bump failure in scripts/update-pins.sh and fail the workflow when
openclaw upstream is ahead but no openclaw pin update was produced
Why:
- yolo was reporting success while silently restoring old pins
- openclaw bump attempts were repeatedly failing at A2UI bundling, keeping pins stale
Tests:
- bash -n scripts/update-pins.sh
- bash -n nix/scripts/gateway-build.sh
Add a Linux nixosTest for Home Manager activation and a macOS CI workflow to run the activation script.
Wire the new Linux check into flake checks and Garnix.
Tests: not run (CI wiring).
What: handle prefetched tarball store paths when regenerating config options
Why: nix store prefetch-file now returns tarball path even with --unpack
Tests: not run (script change)
What:
- require upstream non-windows check runs to be green before trying a SHA
- keep local build validation in place for pnpm hash resolution
Why:
- honor yolo mode without blocking on Windows-only failures
Tests:
- nix flake check --accept-flake-config
What:
- rebase on latest main before pushing yolo pin updates
Why:
- avoid non-fast-forward failures when main advances during the job
Tests:
- nix flake check --accept-flake-config
- ubs --diff
What:
- only build clawdbot-app on darwin during yolo updates
Why:
- linux runners don't expose clawdbot-app in flake outputs
Tests:
- nix flake check --accept-flake-config
- ubs --diff
What:
- add progress logging to the yolo updater steps
Why:
- make CI failures diagnosable in workflow logs
Tests:
- nix flake check --accept-flake-config
What:
- handle ls-remote and release API failures gracefully
Why:
- make yolo updater errors visible in CI logs
Tests:
- nix flake check --accept-flake-config
What:
- select the latest release that includes a Clawdis zip asset
Why:
- avoid updater failures when the newest release lacks app artifacts
Tests:
- nix flake check --accept-flake-config
