openclaw - 💡(How to fix) Fix Bundled plugin postinstall repair crashes on unsafe dist entry after global npm upgrade to 2026.4.21 [3 comments, 4 participants]

Summary

On [email protected], the bundled-plugin postinstall repair path can crash on existing partial dist/extensions/*/node_modules contents before it repairs missing bundled runtime dependencies.

In my case, that left the install in a state where:

• config load failed on missing Feishu runtime dep (@larksuiteoapi/node-sdk)
• openclaw gateway restart aborted because config could not be read
• openclaw doctor --fix entered a degraded recovery path and also reported suspicious/clobber-related config anomalies

This looks like a new regression on top of the already-reported packaged bundled-runtime dependency issue.

Related:

• #69842

Environment

• OpenClaw: 2026.4.21 (f788c88)
• Previous version: 2026.4.20
• Install type: global npm install
• OS: macOS
• Global install root: ~/.npm-global/lib/node_modules/openclaw

Reproduction path

1. Upgrade globally:

npm install -g openclaw@latest

1. Restart the gateway:

openclaw gateway restart

1. Config load fails immediately on a missing bundled runtime dependency:

Failed to read config at ~/.openclaw/openclaw.json Error: Cannot find module '@larksuiteoapi/node-sdk'
Require stack:
- ~/.npm-global/lib/node_modules/openclaw/dist/extensions/feishu/client-yWGpoGkZ.js

1. Try the documented/manual bundled repair path:

OPENCLAW_EAGER_BUNDLED_PLUGIN_DEPS=1 node ~/.npm-global/lib/node_modules/openclaw/scripts/postinstall-bundled-plugins.mjs

1. The postinstall repair script crashes before repair because it treats an existing symlink under a partial bundled extension runtime as unsafe:

Error: unsafe dist entry: dist/extensions/amazon-bedrock-mantle/node_modules/.bin/fxparser
    at listInstalledDistFiles (...)
    at pruneInstalledPackageDist (...)
    at runBundledPluginPostinstall (...)

Actual result

• The bundled runtime repair path aborts before it can restore missing deps.
• CLI/config load continues to fail on missing bundled plugin modules, for example:

Cannot find module '@larksuiteoapi/node-sdk'

• openclaw doctor --fix can then proceed in a degraded mode and emit additional misleading fallout such as:

Gateway start blocked: existing config is missing gateway.mode. Treat this as suspicious or clobbered config.

In my case the main ~/.openclaw/openclaw.json was still intact and still contained gateway.mode: "local". The real blocker was the bundled plugin runtime dependency regression, not an actually missing gateway mode in the main config.

Workaround

What worked for me was:

1. Move the existing partial bundled extension node_modules directories out of dist/extensions, for example:

   • dist/extensions/amazon-bedrock/node_modules
   • dist/extensions/amazon-bedrock-mantle/node_modules
   • dist/extensions/telegram/node_modules

2. Rerun:

OPENCLAW_EAGER_BUNDLED_PLUGIN_DEPS=1 node ~/.npm-global/lib/node_modules/openclaw/scripts/postinstall-bundled-plugins.mjs

1. Then restart the gateway again.

After that:

• Feishu module import succeeded
• gateway started successfully
• openclaw gateway status --deep returned Connectivity probe: ok

Expected result

• The bundled-plugin postinstall repair path should tolerate pre-existing partial extension runtime directories from a previous failed/partial repair.
• It should not abort on extension-local .bin symlinks while trying to prune/repair packaged installs.
• Missing bundled runtime deps should be repaired without cascading into misleading config-clobber style diagnostics when the main config file is still valid.

Notes

This issue seems distinct from the earlier “missing bundled runtime deps after global upgrade” reports because the built-in/manual repair path itself is now crashing on unsafe dist entry, which prevents recovery without manual intervention.