openclaw - 💡(How to fix) Fix [v29] Google secrets reloader crash-loop: Unable to open bundled plugin public surface google/web-search-contract-api.js [1 comments, 2 participants]

Summary

After upgrading from OpenClaw 2026.4.26 to 2026.4.29, the gateway successfully started once, then after a later SIGTERM it entered a cold-start crash loop. Every subsequent startup failed with a Google plugin / secrets-reloader error:

[secrets] [SECRETS_RELOADER_DEGRADED] Error: Unable to open bundled plugin public surface google/web-search-contract-api.js
Gateway failed to start: Error: Startup failed: required secrets are unavailable. Error: Unable to open bundled plugin public surface google/web-search-contract-api.js

Rolling back to 2026.4.26 restored service.

This looks related to, but more specific than, provider-secret startup failures such as #46531 and v29 gateway lifecycle instability such as #75398.

Environment

• OpenClaw upgraded version: 2026.4.29 (a448042)
• Previous / rollback version: 2026.4.26 (be8c246)
• OS: macOS, Apple Silicon (arm64)
• Install method: global npm install under Homebrew prefix (/opt/homebrew/lib/node_modules/openclaw/)
• Node tested:
  • Homebrew Node 25.9.0 — reproduced
  • Homebrew Node 22.22.2 LTS — reproduced
• Gateway mode: LaunchAgent, loopback bind, port 18789
• Active plugins during working rollback state include: active-memory, browser, memory-core, voice-call, whatsapp
• Configured providers include:
  • openai-codex as primary
  • google/gemini-* as fallback and for voice realtime/response paths

Relevant config context

This setup intentionally uses Google/Gemini through supported OpenClaw configuration surfaces:

• default model fallback: google/gemini-3.1-pro-preview
• voice-call realtime provider: google
• voice-call realtime model: gemini-2.5-flash-native-audio-preview-12-2025
• voice-call response model: google/gemini-3.1-flash-lite-preview
• GEMINI_API_KEY exists in ~/.openclaw/.env

This is not intended as a claim that the config is invalid or self-inflicted. The point is that a valid Google/Gemini-enabled setup appears to exercise a v29 startup path where the Google contract/secrets reloader can become fatal to the entire gateway. OpenClaw should either start successfully with this supported config, degrade the affected Google capability only, or report the real underlying validation/import error.

No credentials are included here; the key was present and usable enough for the rollback version to run.

What happened

1. Upgrade from 2026.4.26 to 2026.4.29.
2. Gateway started successfully once and handled at least one request.
3. Gateway later received SIGTERM.
4. Every cold start after that failed with the secrets-reloader error above.
5. LaunchAgent restarted repeatedly, producing a crash loop.
6. Rollback to 2026.4.26 restored service.

Things ruled out

The reported file is not missing and can be imported

The file exists:

/opt/homebrew/lib/node_modules/openclaw/dist/extensions/google/web-search-contract-api.js

It is readable and imports cleanly with Node outside OpenClaw. The module exports the expected createGeminiWebSearchProvider symbol.

So the message Unable to open bundled plugin public surface google/web-search-contract-api.js appears to be misleading or wrapping another underlying failure.

Not a corrupt install

A clean global reinstall reproduced the same startup failure.

Not Node 25-specific

The failure reproduced with Node 22.22.2 LTS as well.

Not just missing shell env

GEMINI_API_KEY was in ~/.openclaw/.env, and an explicit Google webSearch API key was also tried in config during debugging. The same startup failure remained.

Disabling/uninstalling Google did not isolate the failure

openclaw plugins disable google only flipped plugins.entries.google.enabled=false; the secrets reloader still attempted to load the Google contract.

After openclaw plugins uninstall google, the next startup auto-enabled Google again because configured Gemini models were present, then the same secrets-reloader path failed.

Additional diagnostics problem

The generated stability bundles for gateway.startup_failed were not useful. They contained only:

"error": { "name": "Error" },
"snapshot": { "events": [] }

No message, no stack, no useful event context, despite the gateway logs containing the secrets-reloader error.

Expected behavior

• A secondary provider/plugin contract load failure should not brick the whole gateway when the primary model/provider is valid.
• If Google/Gemini config is invalid, the startup error should identify the actual missing/invalid secret or underlying import/validation error.
• plugins disable google should prevent Google plugin/contract/secrets-reloader loading, or the CLI should clearly state that configured Gemini models will still force it into the startup path.
• plugins uninstall google should not be silently undone by auto-enable without a clear warning/override mechanism.
• Stability bundles for gateway.startup_failed should include the real message/stack and useful event context.

Actual behavior

• Gateway cold-start failed completely.
• Error pointed at opening google/web-search-contract-api.js even though the file exists and imports correctly.
• Google plugin disable/uninstall did not provide a path to recover while retaining configured Gemini references.
• Stability bundles were effectively empty.
• Rollback to 2026.4.26 was required to restore service.

Related issues

• #75398 — v29 gateway lifecycle instability / CLI commands triggering restarts
• #46531 — provider secret/config issue causing gateway crash loop

This report may be a more specific v29 regression in the Google plugin secrets-reloader/contract-loading path.