What:
- run upstream runtime-postbuild after tsdown in the gateway build
- assert runtime-model-auth stable alias points at a real generated target
Why:
- bundled provider auth imports need the upstream stable runtime alias materialized in the Nix package
- package-contents should catch missing runtime aliases before deployment
Tests:
- nix build .#checks.aarch64-darwin.package-contents --accept-flake-config --no-link
- nix build .#checks.aarch64-darwin.qmd-runtime --accept-flake-config --no-link
- nix build .#checks.aarch64-darwin.bin-surface .#checks.aarch64-darwin.config-validity .#checks.aarch64-darwin.gateway-smoke --accept-flake-config --no-link
Clarify that AGENTS.md is maintainer operating guidance for the public packaging repo, not consumer onboarding or private deployment policy.
Remove the private bot reference, generalize recovery wording, and keep automation focused on the public split-track publishing invariant.
Checks: git diff --check -- AGENTS.md; scripts/check-flake-lock-owners.sh
Describe the daily nix-openclaw maintainer run by desired publishing state instead of enumerated failure modes.
The automation must restore split-track freshness for latest source gateway and latest published macOS app, or report the exact blocker.
Checks: git diff --check -- AGENTS.md; scripts/check-flake-lock-owners.sh
Define daily maintainer automation health as split-track freshness: gateway tracks latest stable source, while the Darwin app tracks the newest published public macOS zip.
This prevents expected source/app version differences from being treated as failures, while requiring pipeline repair when either track is stale.
Checks: git diff --check -- AGENTS.md; scripts/check-flake-lock-owners.sh
QMD currently pulls a native better-sqlite3 rebuild that fails on Garnix Darwin because node-gyp cannot find Xcode/CLT in the builder.
Keep QMD bundled and checked on Linux, but omit it from Darwin packages until the QMD package is Darwin-cacheable.
Tests: nix eval --accept-flake-config --json .#checks.aarch64-darwin --apply 'builtins.attrNames'; nix eval --accept-flake-config --json .#checks.x86_64-linux --apply 'builtins.attrNames'; nix build --accept-flake-config .#checks.aarch64-darwin.ci --no-link --print-build-logs
What:
- make the downstream Nix-mode auto-enable patch runtime-only and remove broken degraded-state references
- allow plugin-owned channels.<id> config in generated Home Manager options
- add Telegram channel config coverage to the config validity check
- document the Nix/OpenClaw boundary in AGENTS.md
Why:
- Nix-owned openclaw.json must not be mutated at runtime
- plugin channel config should stay valid even when upstream core schema does not type every plugin-owned channel key
- future agents need the boundary documented in the packaging repo
Tests:
- patch -d /tmp/openclaw-v2026.5.4 -p1 --dry-run < nix/patches/skip-plugin-auto-enable-persist-in-nix-mode.patch: passed
- generator round-trip against OpenClaw 325df3ef produced no diff: passed
- nix eval --accept-flake-config --raw .#checks.aarch64-darwin.config-validity.drvPath: passed
- nix eval --accept-flake-config --raw .#checks.x86_64-linux.config-options.drvPath: passed
- nix build --accept-flake-config .#checks.aarch64-darwin.config-validity --no-link --print-build-logs: passed
Make QMD the Nix-supported batteries-included local memory backend by pinning the upstream QMD flake and adding qmd to the private openclaw wrapper PATH.
Keep QMD opt-in through upstream OpenClaw config with memory.backend = qmd, and document that builtin memorySearch.provider = local remains an escape hatch rather than the primary supported Nix path.
Also point nix run .#openclaw at the batteries-included bundle so app execution gets the same internal runtime PATH as the package.
Tests: sh -n nix/scripts/check-openclaw-qmd-runtime.sh; scripts/check-flake-lock-owners.sh; git diff --check; nix flake show --accept-flake-config --json; nix build .#checks.aarch64-darwin.qmd-runtime .#checks.aarch64-darwin.bin-surface .#packages.aarch64-darwin.openclaw --accept-flake-config --no-link --print-out-paths; nix build .#checks.x86_64-linux.qmd-runtime --accept-flake-config --no-link --print-out-paths; nix build .#checks.aarch64-darwin.ci --accept-flake-config --no-link --print-out-paths; nix build .#packages.x86_64-linux.openclaw .#checks.x86_64-linux.bin-surface --accept-flake-config --no-link --print-out-paths; scripts/hm-activation-macos.sh; nix build .#checks.x86_64-linux.gateway-smoke --accept-flake-config --no-link --print-out-paths; nix run .#openclaw --accept-flake-config -- --version; bash -n scripts/update-pins.sh; node --check scripts/select-openclaw-release.mjs; node --check scripts/select-openclaw-release.test.mjs; node scripts/select-openclaw-release.test.mjs
OpenClaw v2026.5.4 resolves bundled plugin public artifacts under the package-root extension surface. In the Nix store those artifacts may be hardlinked, so allow hardlinks for resolved module paths inside OPENCLAW_PACKAGE_ROOT while keeping the existing hardlink rejection elsewhere.
Tests: nix build .#checks.aarch64-darwin.gateway-smoke --accept-flake-config --no-link --print-out-paths; nix build .#checks.aarch64-darwin.ci --accept-flake-config --no-link --print-out-paths; nix build .#packages.x86_64-linux.openclaw .#checks.x86_64-linux.bin-surface .#checks.x86_64-linux.gateway-smoke --accept-flake-config --no-link --print-out-paths; scripts/check-flake-lock-owners.sh; scripts/hm-activation-macos.sh
What:
- update nix-openclaw to the latest stable OpenClaw source release
- refresh generated config options from that source
- keep the macOS app pin on the newest public app artifact
Why:
- keep source-built OpenClaw current without blocking on public macOS app asset lag
Tests:
- nix build .#checks.x86_64-linux.ci --accept-flake-config
- nix build .#checks.aarch64-darwin.ci --accept-flake-config
- scripts/hm-activation-macos.sh
Expose only the openclaw command from the default package while keeping bundled runtime tools on the wrapper PATH. Remove the public openclaw-tools package output and document runtime tools as implementation detail.
Tests: nix build .#packages.aarch64-darwin.openclaw .#checks.aarch64-darwin.bin-surface .#packages.x86_64-linux.openclaw .#checks.x86_64-linux.bin-surface --accept-flake-config --no-link --print-out-paths; nix build .#checks.aarch64-darwin.ci --accept-flake-config --no-link --print-out-paths; git diff --check --cached
Make the repo-local agent rules explicit: work on main by default, push surgical commits directly, and verify CI per pushed commit.
This prevents completed nix-openclaw maintainer work from being parked on Codex branches.
Tests: git diff --check
Patch the gateway startup path so OPENCLAW_NIX_MODE skips plugin auto-enable persistence instead of replacing a Nix-managed config symlink.
Plugins remain a declarative Nix config choice under the Home Manager module; runtime auto-enable can still report what it would have changed.
Tests: git diff --cached --check; patch -p1 --dry-run against pinned OpenClaw source; nix build .#packages.aarch64-darwin.openclaw-gateway --accept-flake-config --no-link --print-out-paths; OPENCLAW_NIX_MODE symlink-clobber smoke against the native gateway; nix build .#packages.x86_64-linux.openclaw-gateway --accept-flake-config --no-link --print-out-paths
Generate a Nix-owned source/target manifest for workspace documents and skills, then pass that manifest to the activation helper.
This keeps document and plugin source paths in the Home Manager generation closure so the NixOS VM can actually copy them during activation.
Tests: helper smoke; git diff --check; nix build .#checks.x86_64-linux.default-instance --accept-flake-config --no-link --print-out-paths; nix build .#checks.x86_64-linux.hm-activation.nodes.machine.system.build.toplevel --accept-flake-config --no-link --print-out-paths
What:
- copy Nix-managed documents and skills into the OpenClaw workspace as real files
- replace Home Manager symlink installs with an activation-time materialization helper
- extend checks to assert custom plugin skills and document files are not symlinks
Why:
- OpenClaw rejects workspace files that resolve back into the Nix store
- custom plugin skills and documents must satisfy the gateway workspace boundary
Tests:
- git diff --cached --check: passed
- nix/modules/home-manager/openclaw-materialize-workspace-files.sh smoke: copied docs and skill dirs as non-symlinks, rerun idempotent
- temporary worktree with only this staged patch: nix build #checks.x86_64-linux.default-instance --accept-flake-config --no-link --print-out-paths: /nix/store/2zihci7mhlk3mcbczmyw0s401n162vk7-openclaw-default-instance-1
- temporary worktree with only this staged patch: nix build #checks.x86_64-linux.hm-activation --accept-flake-config --no-link --print-out-paths: materialization assertions passed; later gateway open-port wait timed out under local TCG VM after 900s
What:
- copy upstream bundled skills into the gateway package output
- make package-contents require bundled SKILL.md files under lib/openclaw/skills
Why:
- upstream bundled skills are part of the runnable OpenClaw package contract
- package checks should catch missing skills before users hit runtime failures
Tests:
- git diff --cached --check: passed
- temporary worktree with only this staged patch: nix build #checks.x86_64-linux.package-contents --accept-flake-config --no-link --print-out-paths: /nix/store/zqwb4x85cwww8fx5gzj0asxy1ic5i373-openclaw-package-contents-unstable-8b2a6e57
What:
- flatten source-discriminated object unions when the variants have different fields
- regenerate secrets.providers as one submodule with a source enum and nullable variant fields
- add a default-instance regression for file-backed secret providers
Why:
- Nix cannot reliably merge attrsOf oneOf submodules for secrets.providers
- the generated module should preserve upstream config shape while staying evaluable
Tests:
- git diff --cached --check: passed
- temporary worktree with only this staged patch: nix build #checks.x86_64-linux.default-instance --accept-flake-config --no-link --print-out-paths: /nix/store/2zihci7mhlk3mcbczmyw0s401n162vk7-openclaw-default-instance-1
- temporary worktree with only this staged patch: nix build #checks.x86_64-linux.config-options --accept-flake-config --no-link --print-out-paths: /nix/store/4yrjhllg88ydyf70yqnkdmndbrv7y2c6-openclaw-source-checks-unstable-8b2a6e57
What:
- strip generated null defaults before merging user and instance OpenClaw config
- assert the default generated config keeps gateway.mode = "local"
Why:
- generated submodule defaults should not silently erase package-owned base config
- the default Home Manager instance must remain runnable without extra gateway config
Tests:
- git diff --cached --check: passed
- temporary worktree with only this staged patch: nix build #checks.x86_64-linux.default-instance --accept-flake-config --no-link --print-out-paths: /nix/store/2zihci7mhlk3mcbczmyw0s401n162vk7-openclaw-default-instance-1
What:
- export the agent-first flake template
- remove unsupported Intel macOS setup claims
- replace stale Discord channel links with the public invite path
- simplify the advanced dual-instance example and sync plugin docs
Why:
- make the documented first-run path match the flake users actually consume
- avoid sending users toward unsupported systems or dead Discord links
Tests:
- git diff --cached --check: passed
- nix flake show --json --accept-flake-config | jq -e '.templates."agent-first"': passed
- nix flake init -t /Users/josh/code/nix-openclaw#agent-first --accept-flake-config: wrote flake.nix and documents/
- rg stale onboarding strings in README.md AGENTS.md templates/agent-first/flake.nix docs: no matches
What:
- replace the misleading gateway test check with a source-checks build/config-options check
- remove the full upstream Vitest suite from the hard Nix promotion gate
- document that yolo validates the Nix-owned package contract, not upstream source test health
Why:
- the current full packageable upstream release builds as a package but has failing upstream Vitest cases when rebuilt from source
- nix-openclaw should block on packaging, smoke startup, config generation, module activation, and app artifacts rather than an upstream-owned unit test suite
Tests:
- git diff --check
- bash -n scripts/update-pins.sh scripts/hm-activation-macos.sh nix/modules/home-manager/openclaw-launchd-relink.sh nix/scripts/source-checks-build.sh nix/scripts/source-checks-check.sh nix/scripts/config-options-check.sh
- ruby -e 'require "yaml"; YAML.load_file(".github/workflows/ci.yml"); YAML.load_file(".github/workflows/yolo-update.yml")'
- nix eval --accept-flake-config --raw .#checks.x86_64-linux.source-checks.drvPath
- nix eval --accept-flake-config --raw .#checks.x86_64-linux.ci.drvPath
- nix flake show --accept-flake-config --all-systems --json
- scripts/check-flake-lock-owners.sh
- node scripts/select-openclaw-release.test.mjs
- scripts/hm-activation-macos.sh
- nix build --accept-flake-config -L .#checks.aarch64-darwin.ci
Blacksmith Linux hung twice during final verification while the same check passed once in between. Move Linux validation back to ubuntu-latest and keep explicit timeouts so the packaging gate favors reliability over runner speed.
Verification: git diff --check; ruby YAML parse
Apply the same timeout discipline to the automated OpenClaw pin updater so release validation cannot hang indefinitely before rewriting main.
Verification: git diff --check; ruby YAML parse
Add explicit CI timeouts around the Linux and macOS packaging gates so a wedged OpenClaw build fails inspectably instead of hanging indefinitely.
Verification: git diff --check; ruby YAML parse
Fix the documented minimal Home Manager plugin option to use customPlugins, remove the stale duplicate skill-file builder, and assert duplicate plugin skill paths against the paths Home Manager actually installs.
Add local plugin fixtures so the default-instance check covers the agent-facing customPlugins path and duplicate skill collisions.
What:
- move the completed OpenClaw packaging ExecPlan out of the pending slot
- document recursive self-review and the macOS Home Manager activation gate for daily maintenance
- make macOS app publishing explicitly out of scope for nix-openclaw automation
- replace an unclear README ownership label with release automation
Why:
- future maintainer runs need enough durable context to repair nix-openclaw without relearning this thread
- missing upstream macOS assets should be classified, not turned into a competing release process
Tests:
- git diff --check
- node scripts/select-openclaw-release.test.mjs
- bash -n scripts/update-pins.sh
- ruby -e 'require "yaml"; YAML.load_file(".github/workflows/yolo-update.yml"); YAML.load_file(".github/workflows/ci.yml")'
- scripts/check-flake-lock-owners.sh
- nix flake show --accept-flake-config
OpenClaw v2026.4.14 moved the gateway Vitest config under test/vitest/, but
our Nix gateway test seam still hard-coded the old root-level path. Linux CI
therefore failed before tests even started.
Prefer the old path when present, but fall back to the new upstream path so the
stable release mirror works across both layouts.
Tests:
- bash -n nix/scripts/gateway-tests-check.sh
The stable mirror had advanced main to v2026.4.14 with an app hash that only
matched prefetch output, not the unpacked tree hash that fetchzip validates.
That left macOS CI red on the pinned stable release.
Compute the app hash from the unpacked zip contents in update-pins.sh and fix
the current v2026.4.14 app pin to the actual fetchzip hash.
Tests:
- bash -n scripts/update-pins.sh
- nix build .#openclaw-app --accept-flake-config -L
What:
- split the stable-release updater into read-only selection and pin materialization modes
- rewrite yolo into select, validate-linux, validate-macos, and promote jobs
- fail yolo when the newest stable release is incomplete instead of silently sticking
- update maintainer docs to describe the new safe promotion policy
Why:
- stop direct yolo pushes from moving main without the same Linux and macOS proof as CI
- keep mirroring the newest stable release while making broken upstream releases visible
Tests:
- bash -n scripts/update-pins.sh
- ruby -e 'require "yaml"; YAML.load_file(".github/workflows/yolo-update.yml"); puts "yaml-ok"'
- GITHUB_ACTIONS=true GH_TOKEN="$(gh auth token)" scripts/update-pins.sh select
- temp copy pinned to v2026.4.11: scripts/update-pins.sh select emits v2026.4.14 tuple
What:
- restore the direct vitest entrypoint lookup in nix/scripts/gateway-tests-check.sh
- execute the discovered vitest module with node instead of relying on pnpm exec lookup
Why:
- the history rewrite dropped one real recovery fix and reintroduced the gateway-tests runner failure on Linux
- the green line already proved the direct-entrypoint approach works reliably in the Nix check environment
Tests:
- verified failing CI run 24246896697: ERR_PNPM_RECURSIVE_EXEC_FIRST_FAIL Command "vitest" not found
What:
- switch the pin updater from upstream-main commit selection to upstream stable release selection
- restore Yolo Update Pins as an hourly stable-release poller
- update maintainer and README docs to describe stable-release mirroring and the recovery lesson
Why:
- OpenClaw stable is already tag-based upstream, and nix-openclaw should mirror that release line directly
- this removes the old latest-green-main churn model and keeps source + app pins tied to one published upstream release
Tests:
- bash -n scripts/update-pins.sh
- GITHUB_ACTIONS=true GH_TOKEN="$(gh auth token)" scripts/update-pins.sh
Why:
- disabling bundled plugins globally fixed provider leakage but broke send tests that rely on bundled channels
- Linux gateway tests need bundled channels, but not real provider model augmentation or web search/fetch provider discovery
What:
- keep the gateway test env unchanged
- patch gateway test mocks to stub provider model augmentation to []
- patch gateway test mocks to stub runtime and public-artifact web search/fetch provider discovery to []
- keep the change in the Nix postpatch seam only
Tests:
- sh -n nix/scripts/gateway-postpatch.sh
- nix eval --raw --accept-flake-config .#checks.x86_64-linux.gateway-tests.src.outPath
Move nix-openclaw to the current OpenClaw daily release and refresh the
release-coupled generated artifacts.
Also fix the Nix build wrapper for A2UI bundling by running the same tsc +
rolldown steps directly instead of relying on upstream's nested pnpm runner,
which exits silently inside the Nix build environment.
Verification:
- nix build .#openclaw-gateway --accept-flake-config -L
- nix build .#checks.aarch64-darwin.ci --accept-flake-config -L
- scripts/hm-activation-macos.sh (expected local USER mismatch: josh vs runner)
What:
- harden the package build against broken prune symlinks and missing plugin metadata
- make the config-options and gateway test checks call the installed CLIs directly
- restore the bundled runtime-deps staging patch for Nix builds
- rebuild the test prebuild around the exact generated artifacts the Nix checks consume
Why:
- the release recovery failures were not random product regressions; they were Nix-owned build and test contract drift
- nix-openclaw needed the same plugin manifests, plugin-sdk artifacts, runtime deps staging, and local CLI resolution that upstream assumes
Tests:
- final green CI run on main: 24217118174
What:
- move the Linux CI job to blacksmith-16vcpu-ubuntu-2404
- switch Linux Nix installation to cachix/install-nix-action
Why:
- the recovery line exhausted disk on ubuntu-latest during the Linux aggregator build
- the larger runner kept the normal parallel build graph intact and the cachix installer worked reliably there
Tests:
- final green CI run on main: 24217118174
What:
- restore one visible CI workflow
- add CI concurrency and Linux failure-log dumping
- disable yolo during release recovery
- delete the old split workflow_run files
Why:
- cut away the post-reset churn immediately
- keep one readable contract on main
- prevent any updater mutation during recovery
Tests:
- git diff --check
