2026.2.26: pnpm global install fails — all bundled plugins rejected as "unsafe plugin manifest path"

[robcean]

Environment

• OS: Debian 13, Linux 6.12.63
• Node: v22.22.0
• Package manager: pnpm 10.29.2 (global install)
• Previous version: 2026.2.22-2 (working)
• Updated version: 2026.2.26 (broken)

Description

After upgrading from 2026.2.22-2 to 2026.2.26 via pnpm add -g openclaw@latest, the gateway fails to start. All bundled plugins in extensions/ are rejected with:

unsafe plugin manifest path: .../extensions/telegram/openclaw.plugin.json (validation)
unsafe plugin manifest path: .../extensions/memory-core/openclaw.plugin.json (validation)
... (all ~35 bundled plugins)
plugins.slots.memory: plugin not found: memory-core

openclaw doctor --fix also fails with the same validation error, making recovery impossible without a rollback.

Root cause

The new openBoundaryFileSync security check in 2026.2.26 sets rejectHardlinks: true by default. pnpm's content-addressable store uses hardlinks (typical Links: 3 on plugin manifest files), so every bundled plugin manifest is rejected as "unsafe".

The relevant code path:

// openBoundaryFileSync in openclaw-root-*.js
const opened = openVerifiedFileSync({
  filePath: absolutePath,
  resolvedPath,
  rejectHardlinks: params.rejectHardlinks ?? true,  // <-- hardlinks rejected by default
  maxBytes: params.maxBytes,
  ioFs
});

Related changelog entries:

• Security/Plugins/Hooks: enforce runtime/package path containment with realpath checks...
• Security/Plugins: harden plugin discovery by blocking unsafe candidates...

Steps to reproduce

1. Install OpenClaw globally with pnpm: pnpm add -g openclaw@2026.2.26
2. Start the gateway: openclaw gateway --port 18789
3. Gateway crashes with "unsafe plugin manifest path" for all bundled plugins

Expected behavior

Bundled plugins shipped inside the OpenClaw package should be trusted regardless of filesystem hardlink count, since pnpm's hardlinks are a standard package manager behavior.

Workaround

Rollback to 2026.2.22-2: pnpm add -g openclaw@2026.2.22-2

Possible fix

• Skip hardlink validation for bundled plugins (those inside the package's own extensions/ directory)
• Or allow pnpm install --config.package-import-method=copy as a documented workaround (not tested)

Additional context

This affects any pnpm global install. npm installs may not be affected since npm copies files instead of hardlinking.

[cgdusek]

Triage summary:

• This appears to be a duplicate of [Bug]: pnpm global install fails with "unsafe plugin manifest path" error #28175 (same unsafe plugin manifest path failure on package-manager hardlinked installs).
• It also overlaps with v2026.2.26: bundled plugin manifests rejected as 'unsafe plugin manifest path' with pnpm global install #28122 (pnpm) and v2026.2.26: bun global install fails with 'unsafe plugin manifest path' (hardlink rejection) #28404 (bun hardlink variant).
• Current npm latest is still 2026.2.26, so this regression is still live for fresh global installs.
• There are already active fix attempts in PR fix(plugins): allow hardlinked manifests for bundled/global (closes #28175) #28366 and PR fix(plugins): allow hardlinks from package manager stores in boundary checks #28897.

Recommendation:

• Consolidate ongoing debugging/repro data in [Bug]: pnpm global install fails with "unsafe plugin manifest path" error #28175 to avoid splitting signal.
• Keep one canonical issue + one chosen fix PR path, then close duplicates once merged.

Interim workaround for affected users:

• Use npm global install, or
• Use pnpm copy import mode (pnpm config set package-import-method copy), or
• Roll back to 2026.2.25/2026.2.22-2 depending on environment.

[bronbot]

We hit the same issue and found a reliable workaround: use npm instead of pnpm for the global install.

pnpm's symlink store causes the plugin manifest paths to resolve through .pnpm/ which trips the "unsafe plugin manifest path" validation. npm writes directly to the node prefix, so paths resolve cleanly.

# Use the node/npm that ships with your pnpm-managed Node:
~/.local/share/pnpm/nodejs/22.22.0/bin/node \
  ~/.local/share/pnpm/nodejs/22.22.0/lib/node_modules/npm/bin/npm-cli.js \
  install -g openclaw@latest \
  --prefix ~/.local/share/pnpm/nodejs/22.22.0

# Then reinstall the service and restart:
openclaw gateway install --force
systemctl --user daemon-reload
systemctl --user restart openclaw-gateway.service

This avoids the symlink issue entirely — which openclaw resolves to the new version immediately with no dual-path weirdness. Confirmed working on 2026.3.1.

Related: #31960