Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix doctor --fix removes allow-only externalized plugins (lobster) during v2026.5.2 one-time migration [2 pull requests, 2 comments, 3 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#77155Fetched 2026-05-05 05:51:35
View on GitHub
Comments
2
Participants
3
Timeline
8
Reactions
2
Author
kmanankmanan
Participants
clawsweeper[bot]clawsweeper[bot]hclsyshclsyskmanankmanan
Assignees
vincentkocvincentkoc
Timeline (top)
commented ×2cross-referenced ×2referenced ×2assigned ×1

When upgrading from v2026.4.27 to v2026.5.2, openclaw doctor --fix triggers a one-time plugin externalization migration that silently removes lobster (and potentially other allow-only externalized plugins) from both plugins.allow and plugins.entries in openclaw.json. This breaks all cron jobs that depend on lobster pipelines (briefings, digests, etc.) with no warning or error message.

Error Message

When upgrading from v2026.4.27 to v2026.5.2, openclaw doctor --fix triggers a one-time plugin externalization migration that silently removes lobster (and potentially other allow-only externalized plugins) from both plugins.allow and plugins.entries in openclaw.json. This breaks all cron jobs that depend on lobster pipelines (briefings, digests, etc.) with no warning or error message. In our case this silently broke 6 cron jobs (4 briefing/digest pipelines + 2 health checks) that all use .lobster pipeline files. No error was surfaced — cron just produced nothing. We only caught it because we verified immediately after upgrade.

Root Cause

In our case this silently broke 6 cron jobs (4 briefing/digest pipelines + 2 health checks) that all use .lobster pipeline files. No error was surfaced — cron just produced nothing. We only caught it because we verified immediately after upgrade.

Fix Action

Workaround

Manually install the external package before running doctor:

npm install -g @openclaw/lobster
openclaw doctor --fix

Or re-add lobster to the config after doctor removes it:

openclaw plugins install @openclaw/lobster
# Then manually re-add "lobster" to plugins.allow and plugins.entries in openclaw.json

PR fix notes

PR #77193: fix(doctor): include allow-only official plugin ids in release repair set

Description (problem / solution / changelog)

Summary

Fixes #77155 — doctor --fix silently removes plugins that appear in plugins.allow but not in plugins.entries (allow-only).

Root Cause

collectReleaseConfiguredPluginIds collected plugin ids from plugins.entries (material entries), slots, channels, providers, and runtimes — but not from plugins.allow. Allow-only entries (e.g. lobster in plugins.allow with no plugins.entries.lobster) were never passed to repairMissingPluginInstallsForIds, so they weren't installed during the one-time 2026.5.2 release repair. Stale-config cleanup then removed them from plugins.allow because they weren't in the installed plugin registry — silently breaking cron jobs that depend on those plugins.

Fix

Added collectAllowOnlyOfficialPluginIds which reads plugins.allow, filters out ids already covered by a material plugins.entries entry, and gates each remaining id against getOfficialExternalPluginCatalogEntry. Only official external catalog entries are included — arbitrary allow-list ids for unofficial/workspace plugins are intentionally excluded to avoid installing unknown packages during doctor --fix.

Changes

  • src/commands/doctor/shared/release-configured-plugin-installs.ts: added collectAllowOnlyOfficialPluginIds + call in collectReleaseConfiguredPluginIds
  • src/commands/doctor/shared/release-configured-plugin-installs.test.ts: 2 new regression tests
  • CHANGELOG.md: entry under Fixes

Test plan

  • pnpm exec vitest run src/commands/doctor/shared/release-configured-plugin-installs.test.ts — 12/12 pass
  • pnpm exec oxlint src/commands/doctor/shared/release-configured-plugin-installs.ts src/commands/doctor/shared/release-configured-plugin-installs.test.ts — 0 warnings, 0 errors
  • New test: allow-only official plugin (lobster) → included in repair set
  • New test: allow-only unofficial plugin → excluded from repair set
  • New test: allow-only id already covered by material entry → not double-added, catalog not queried for it

🤖 Generated with Claude Code

Changed files

  • CHANGELOG.md (modified, +1/-0)
  • src/commands/doctor/shared/release-configured-plugin-installs.test.ts (modified, +59/-0)
  • src/commands/doctor/shared/release-configured-plugin-installs.ts (modified, +28/-0)

PR #77573: fix(doctor): repair allow-only official plugins

Description (problem / solution / changelog)

Summary

  • Problem: the 2026.5.2 release doctor repair skipped plugins.allow ids that had no material plugins.entries entry, then stale cleanup could remove official external plugins such as lobster.
  • Why it matters: upgraded configs can silently lose allow-only official workflow/runtime plugins used by cron or ClawFlow jobs.
  • What changed: the release configured-plugin repair now includes allow-only ids only when they resolve through the official external plugin catalog.
  • What did NOT change: arbitrary/unofficial allow-only ids are still not treated as configured usage, and general allowlist semantics are unchanged.

Change Type (select all)

  • Bug fix
  • Feature
  • Refactor required for the fix
  • Docs
  • Security hardening
  • Chore/infra

Scope (select all touched areas)

  • Gateway / orchestration
  • Skills / tool execution
  • Auth / tokens
  • Memory / storage
  • Integrations
  • API / contracts
  • UI / DX
  • CI/CD / infra

Linked Issue/PR

  • Closes #77155
  • Related #77193
  • This PR fixes a bug or regression

Root Cause (if applicable)

  • Root cause: collectReleaseConfiguredPluginIds collected material plugin entries and configured surfaces, but not allow-only official external plugin ids.
  • Missing detection / guardrail: the existing release collector test covered allow-only exclusion generally, but not the migration exception for official external catalog entries.
  • Contributing context: stale plugin cleanup can remove missing allow entries after the release install repair misses them.

Regression Test Plan (if applicable)

  • Coverage level that should have caught this:
    • Unit test
    • Seam / integration test
    • End-to-end test
    • Existing coverage already sufficient
  • Target test or file: src/commands/doctor/shared/release-configured-plugin-installs.test.ts
  • Scenario the test should lock in: allow-only official external plugin ids are repair candidates; unofficial allow-only ids are skipped; ids with material entries do not need the allow-only catalog path.
  • Why this is the smallest reliable guardrail: it exercises the exact release collector before install repair and stale cleanup run.
  • Existing test that already covers this (if any): existing allow-only exclusion test remains in place for unofficial ids.
  • If no new test is added, why not: N/A

User-visible / Behavior Changes

openclaw doctor --fix preserves configured allow-only official external plugins during the release repair path by installing them before stale cleanup can remove them.

Diagram (if applicable)

Before:
plugins.allow = ["lobster"] -> release repair ignores lobster -> stale cleanup may remove it

After:
plugins.allow = ["lobster"] -> official catalog match -> release repair installs lobster -> config survives

Security Impact (required)

  • New permissions/capabilities? No
  • Secrets/tokens handling changed? No
  • New/changed network calls? No
  • Command/tool execution surface changed? No
  • Data access scope changed? No
  • If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

  • OS: macOS local worktree; Blacksmith Testbox for changed gate
  • Runtime/container: Node/pnpm via repo scripts
  • Model/provider: N/A
  • Integration/channel (if any): doctor plugin migration repair
  • Relevant config (redacted): plugins.allow: ["lobster", "unofficial-custom"]

Steps

  1. Configure an allow-only official external plugin id such as lobster.
  2. Run the release configured-plugin repair collector.
  3. Verify lobster is included only because it is in the official external plugin catalog.
  4. Verify arbitrary allow-only ids are still excluded.

Expected

  • Official external allow-only ids are sent to missing-install repair.
  • Unofficial allow-only ids are not installed.
  • Material plugin entries keep their existing path.

Actual

  • Before this change, allow-only official external ids were skipped by the release collector.

Evidence

  • pnpm exec oxfmt --check --threads=1 CHANGELOG.md src/commands/doctor/shared/release-configured-plugin-installs.ts src/commands/doctor/shared/release-configured-plugin-installs.test.ts
  • pnpm test:serial src/commands/doctor/shared/release-configured-plugin-installs.test.ts — 12 passed
  • pnpm test:serial src/commands/doctor/shared/release-configured-plugin-installs.test.ts src/commands/doctor/shared/missing-configured-plugin-install.test.ts src/commands/doctor/shared/stale-plugin-config.test.ts — 62 passed
  • Testbox pnpm check:changed — passed on https://github.com/openclaw/openclaw/actions/runs/25348393861 before the final clean rebase; final rebase had no conflicts and the branch diff is materially unchanged
  • git diff --check after final rebase

Human Verification (required)

  • Confirmed the diff is limited to doctor release repair, its regression test, and changelog.
  • Confirmed the fix preserves general allowlist behavior for unofficial allow-only ids.

Changed files

  • CHANGELOG.md (modified, +1/-0)
  • src/commands/doctor/shared/release-configured-plugin-installs.test.ts (modified, +59/-0)
  • src/commands/doctor/shared/release-configured-plugin-installs.ts (modified, +25/-0)

Code Example

npm install -g @openclaw/lobster
openclaw doctor --fix

---

openclaw plugins install @openclaw/lobster
# Then manually re-add "lobster" to plugins.allow and plugins.entries in openclaw.json
RAW_BUFFERClick to expand / collapse

Summary

When upgrading from v2026.4.27 to v2026.5.2, openclaw doctor --fix triggers a one-time plugin externalization migration that silently removes lobster (and potentially other allow-only externalized plugins) from both plugins.allow and plugins.entries in openclaw.json. This breaks all cron jobs that depend on lobster pipelines (briefings, digests, etc.) with no warning or error message.

Steps to Reproduce

  1. Running v2026.4.27 with lobster configured:
    • plugins.allow: ["bluebubbles", "lobster", ...]
    • plugins.entries.lobster: { "enabled": true, "config": {} }
    • Multiple cron jobs running lobster pipelines (ClawFlow briefings/digests)
  2. Upgrade to v2026.5.2: npm install -g openclaw
  3. Run openclaw doctor --fix
  4. Check config: lobster is gone from both plugins.allow and plugins.entries

Expected Behavior

Doctor should detect that lobster is in plugins.allow, recognize it as an official external plugin (it's in the catalog as @openclaw/lobster), install it via npm, and preserve the allow/entries configuration.

Actual Behavior

  • Doctor's one-time release step (collectReleaseConfiguredPluginIds) does NOT read plugins.allow to determine which plugins to install
  • It only collects from: channels, providers, model refs, slots, agent harness runtimes, web search/fetch providers
  • Lobster is a pure workflow runtime plugin — none of those categories
  • The stale-entry cleanup then runs, sees lobster has no install record, and calls removePluginFromConfig which wipes it from allow + entries
  • All lobster-dependent cron jobs silently fail on next fire

Impact

In our case this silently broke 6 cron jobs (4 briefing/digest pipelines + 2 health checks) that all use .lobster pipeline files. No error was surfaced — cron just produced nothing. We only caught it because we verified immediately after upgrade.

Root Cause (confirmed in source)

  • release-configured-plugin-installs-CvfnGeYf.js lines 151-173: collectReleaseConfiguredPluginIds calls multiple collect* helpers but never reads config.plugins.allow
  • missing-configured-plugin-install-A5tUUqKF.js lines 46-67: The non-release repair function (collectConfiguredPluginIds) DOES read plugins.allow, but the release step bypasses it — it calls repairMissingPluginInstallsForIds with its own narrower collection instead of repairMissingConfiguredPluginInstalls
  • uninstall-TRIhnPr4.js lines 181-270: removePluginFromConfig wipes allow, entries, installs, and load.paths

Suggested Fix

In collectReleaseConfiguredPluginIds, add plugins.allow entries to the collection set. Specifically: for each ID in config.plugins.allow, if it appears in listOfficialExternalPluginCatalogEntries() (i.e., it was a bundled plugin that's now external), include it in the set passed to repairMissingPluginInstallsForIds.

Alternatively, the release step could call repairMissingConfiguredPluginInstalls (which already reads allow) instead of constructing its own narrower set.

Workaround

Manually install the external package before running doctor:

npm install -g @openclaw/lobster
openclaw doctor --fix

Or re-add lobster to the config after doctor removes it:

openclaw plugins install @openclaw/lobster
# Then manually re-add "lobster" to plugins.allow and plugins.entries in openclaw.json

Environment

  • OpenClaw v2026.5.2
  • macOS 15.5 (Darwin 25.0.0)
  • lobster plugin configured as workflow runtime for ClawFlow/.lobster pipeline files
  • Also affects v2026.5.3-beta.1 through beta.4 (checked — same code path)

extent analysis

TL;DR

The issue can be fixed by modifying the collectReleaseConfiguredPluginIds function to include plugins.allow entries in the collection set or by manually installing the external package before running openclaw doctor --fix.

Guidance

  • To fix the issue, update the collectReleaseConfiguredPluginIds function to read config.plugins.allow and include the IDs in the collection set passed to repairMissingPluginInstallsForIds.
  • Alternatively, call repairMissingConfiguredPluginInstalls instead of constructing a narrower set in the release step.
  • As a workaround, manually install the external package @openclaw/lobster before running openclaw doctor --fix.
  • After running openclaw doctor --fix, verify that lobster is still present in plugins.allow and plugins.entries in openclaw.json.

Example

npm install -g @openclaw/lobster
openclaw doctor --fix

Notes

The issue is specific to the upgrade from v2026.4.27 to v2026.5.2 and affects the lobster plugin. The suggested fix requires modifying the OpenClaw code, while the workaround provides a temporary solution.

Recommendation

Apply the workaround by manually installing the external package @openclaw/lobster before running openclaw doctor --fix, as this provides a quick and easy solution to the issue.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#prompt template#agent execution#callback error#memory management#API rate limit

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - ✅(Solved) Fix doctor --fix removes allow-only externalized plugins (lobster) during v2026.5.2 one-time migration [2 pull requests, 2 comments, 3 participants]