fix(openclaw): revert update openclaw version#944
Conversation
This reverts commit 9c930b2.
Roll back to a known-good openclaw release after reverting the 4.26 upgrade. Updates pnpm-lock.yaml accordingly. Made-with: Cursor
openclaw 2026.4.20+ split out channel/runtime deps (qrcode-terminal, @homebridge/ciao, @grammyjs/*, @larksuiteoapi/node-sdk, etc.) into external packages. ClawX's wechat-login / whatsapp-login resolve them via createRequire(openclaw/package.json), which only works if those packages are reachable from the workspace root node_modules. The previous revert removed all of these as direct devDependencies, so on openclaw 2026.4.23 (slim) electron startup failed with: Cannot find module 'qrcode-terminal/vendor/QRCode/index.js' Re-add the workspace devDependencies needed by slim openclaw without re-introducing the 4.26 upgrade itself. Made-with: Cursor
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f4d568e0e4
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if (!allowedOrigins.includes('file://')) { | ||
| controlUi.allowedOrigins = [...allowedOrigins, 'file://']; | ||
| } |
There was a problem hiding this comment.
Allowlist
null origin for packaged control UI
This now only appends file:// to gateway.controlUi.allowedOrigins, but renderer WebSocket handshakes from packaged file:// pages commonly present Origin: null; on fresh configs that means the gateway can reject the chat/control socket even though packaged mode is enabled. The previous helper added both values, so this change reintroduces packaged-only connection failures unless users already had null persisted.
Useful? React with 👍 / 👎.
| const EXTRA_BUNDLED_PACKAGES = [ | ||
| '@whiskeysockets/baileys', // WhatsApp channel (was a dep of old clawdbot, not openclaw) | ||
| '@larksuiteoapi/node-sdk', // Fallback for Feishu plugin setup/doctor module resolution | ||
| 'qrcode-terminal', // QR rendering used by WhatsApp/WeChat login helpers | ||
| ]; | ||
|
|
||
| const BUNDLED_EXTENSION_RUNTIME_DEP_PLUGIN_IDS = [ | ||
| 'acpx', | ||
| 'bonjour', | ||
| 'browser', | ||
| 'discord', | ||
| 'memory-core', | ||
| 'qqbot', | ||
| 'telegram', | ||
| ]; |
There was a problem hiding this comment.
Keep QR renderer package in bundled OpenClaw deps
EXTRA_BUNDLED_PACKAGES no longer includes qrcode-terminal, but the login managers still resolve qrcode-terminal/vendor/QRCode/... from the OpenClaw runtime context. With this commit also pinning OpenClaw to 2026.4.23 (which uses @vincentkoc/qrcode-tui rather than shipping qrcode-terminal), packaged builds can miss that module and fail module resolution when WhatsApp/WeChat login paths initialize.
Useful? React with 👍 / 👎.
| symlinkSync(join(scopeDir, sub.name), dest); | ||
| linkedCount++; |
There was a problem hiding this comment.
Use junction symlinks when linking extension deps on Windows
These symlink calls dropped the explicit Windows junction type and now rely on the default symlink mode. On Windows, default directory symlinks often require elevated symlink privileges, so non-admin installs can silently skip these links (errors are swallowed), leaving extension deps unlinked in top-level node_modules and causing runtime channel/module resolution failures.
Useful? React with 👍 / 👎.
Summary
Change openclaw version to 2026.4.23
Type of Change
Validation
Checklist