[Bug]: Error [ERR_UNSUPPORTED_ESM_URL_SCHEME]: Only URLs with a scheme in: file, data, and node are supported by the default ESM loader. On Windows, absolute paths must be valid file:// URLs. Received protocol 'c:'**

[q7793527]

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

After installing OpenClaw 2026.4.5 on a native Windows 10 system, an error occurs when entering the configuration wizard: **Error [ERR_UNSUPPORTED_ESM_URL_SCHEME]: Only URLs with a scheme in: file, data, and node are supported by the default ESM loader. On Windows, absolute paths must be valid file:// URLs. Received protocol 'c:'**

I was originally on version 3.31. When upgrading to 4.2, I got this warning:

C:\WINDOWS\system32>openclaw gateway install --force
Config warnings:
- plugins.entries.browser: plugin not found: browser (stale config entry ignored; remove it from plugins config)
Config was last written by a newer OpenClaw (2026.4.5); current version is 2026.3.11

So I simply uninstalled the old version and reinstalled it.

Steps to reproduce

C:\WINDOWS\system32>npm install -g openclaw@latest
npm warn deprecated node-domexception@1.0.0: Use your platform's native DOMException instead

added 482 packages in 4m

87 packages are looking for funding
run npm fund for details

C:\WINDOWS\system32>openclaw onboard --install-daemon

🦞 OpenClaw 2026.4.5 (3e72c03) — Powered by open source, sustained by spite and good documentation.

Windows detected - OpenClaw runs great on WSL2!
Native Windows might be trickier.
Quick setup: wsl --install (one command, one reboot)
Guide: https://docs.openclaw.ai/windows
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██░▄▄▄░██░▄▄░██░▄▄▄██░▀██░██░▄▄▀██░████░▄▄▀██░███░██
██░███░██░▀▀░██░▄▄▄██░█░█░██░█████░████░▀▀░██░█░█░██
██░▀▀▀░██░█████░▀▀▀██░██▄░██░▀▀▄██░▀▀░█░██░██▄▀▄▀▄██
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
🦞 OPENCLAW 🦞

T OpenClaw setup
|
o Security ---------------------------------------------------------------------------------+
| |
| Security warning — please read. |
| |
| OpenClaw is a hobby project and still in beta. Expect sharp edges. |
| By default, OpenClaw is a personal agent: one trusted operator boundary. |
| This bot can read files and run actions if tools are enabled. |
| A bad prompt can trick it into doing unsafe things. |
| |
| OpenClaw is not a hostile multi-tenant boundary by default. |
| If multiple users can message one tool-enabled agent, they share that delegated tool |
| authority. |
| |
| If you’re not comfortable with security hardening and access control, don’t run |
| OpenClaw. |
| Ask someone experienced to help before enabling tools or exposing it to the internet. |
| |
| Recommended baseline: |
| - Pairing/allowlists + mention gating. |
| - Multi-user/shared inbox: split trust boundaries (separate gateway/credentials, ideally |
| separate OS users/hosts). |
| - Sandbox + least-privilege tools. |
| - Shared inboxes: isolate DM sessions (session.dmScope: per-channel-peer) and keep |
| tool access minimal. |
| - Keep secrets out of the agent’s reachable filesystem. |
| - Use the strongest available model for any bot with tools or untrusted inboxes. |
| |
| Run regularly: |
| openclaw security audit --deep |
| openclaw security audit --fix |
| |
| Must read: https://docs.openclaw.ai/gateway/security |
| |
+--------------------------------------------------------------------------------------------+
|
o I understand this is personal-by-default and shared/multi-user use requires lock-down. Continue?
| Yes
|
o Setup mode
| QuickStart
|
o QuickStart -------------------------+
| |
| Gateway port: 18789 |
| Gateway bind: Loopback (127.0.0.1) |
| Gateway auth: Token (default) |
| Tailscale exposure: Off |
| Direct to chat channels. |
| |
+--------------------------------------+
|
o Model/auth provider
| Custom Provider
|
o API Base URL
| http://127.0.0.1:1234/v1
|
o How do you want to provide this API key?
| Paste API key now
|
o API Key (leave blank if not required)
| lmstudio
|
o Endpoint compatibility
| OpenAI-compatible
|
o Model ID
| qwen3.5-35b-a3b
|
o Verification successful.
|
o Endpoint ID
| lm-studio
|
o Model alias (optional)
| qwen3.5-35b-a3b
Configured custom provider: lm-studio/qwen3.5-35b-a3b
Error [ERR_UNSUPPORTED_ESM_URL_SCHEME]: Only URLs with a scheme in: file, data, and node are supported by the default ESM loader. On Windows, absolute paths must be valid file:// URLs. Received protocol 'c:'

C:\WINDOWS\system32>

Expected behavior

I hope future version upgrades won't be so troublesome; I end up struggling for a day or two every time I update.

Actual behavior

OpenClaw version

OpenClaw 2026.4.5

Operating system

Win10

Install method

npm install -g openclaw@latest

Model

lm-studio/qwen3.5-35b-a3b

Provider / routing chain

http://127.0.0.1:1234/v1

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

2026.3.31 is the last working version on my machine. All versions from 2026.4.1 onwards are broken.

[zhangjiany2929]

Seems the error occurs when configure channels:
PS C:\Users\xxx> openclaw configure

🦞 OpenClaw 2026.4.5 (3e72c03) — If you're lost, run doctor; if you're brave, run prod; if you're wise, run tests.

┌ OpenClaw configure
│
◇ Where will the Gateway run?
│ Local (this machine)
│
◇ Select sections to configure
│ Channels
Error [ERR_UNSUPPORTED_ESM_URL_SCHEME]: Only URLs with a scheme in: file, data, and node are supported by the default ESM loader. On Windows, absolute paths must be valid file:// URLs. Received protocol 'c:'

[miccall]

Same Here

[Aryangpt007]

Same Here

[neptunusRomulus]

same here on w11, I've the latest node.

o Default model
| openrouter/qwen/qwen3.6-plus:free
Error [ERR_UNSUPPORTED_ESM_URL_SCHEME]: Only URLs with a scheme in: file, data, and node are supported by the default ESM loader. On Windows, absolute paths must be valid file:// URLs. Received protocol 'c:'

[muratmozdemir]

Fix: ERR_UNSUPPORTED_ESM_URL_SCHEME on Windows during openclaw onboard

I found a way to temporarily patch this issue, skip to the fix section to fix this on your installation. This was happening to me when I ran openclaw onboard

Problem

Running openclaw onboard on native Windows fails after the model selection step:

Error [ERR_UNSUPPORTED_ESM_URL_SCHEME]: Only URLs with a scheme in: file, data, and node
are supported by the default ESM loader. On Windows, absolute paths must be valid file://
URLs. Received protocol 'c:'

Root Cause

jiti 2.6.1 has a bug where its nativeImport wrapper passes raw Windows absolute paths
(e.g. C:\Users\...) directly to ESM import(). Node.js parses C: as a URL protocol
scheme and rejects it — only file:// URLs are valid for ESM dynamic imports on Windows.

jiti's internal CJS core (jiti.cjs) does have a pathToFileURL conversion inside
nativeImportOrRequire, but the tryNative code path bypasses that function and calls
nativeImport(path) directly with the unconverted path.

Fix

Edit one file:

C:\Users\<YOUR_USERNAME>\AppData\Roaming\npm\node_modules\openclaw\node_modules\jiti\lib\jiti.mjs

Replace this line:

const nativeImport = (id) => import(id);

With:

import { pathToFileURL } from "node:url";
import { isAbsolute } from "node:path";
const nativeImport = (id) => import(process.platform === "win32" && typeof id === "string" && isAbsolute(id) ? pathToFileURL(id).href : id);

Scope

• Only activates on Windows (process.platform === "win32")
• Only converts absolute filesystem paths; relative specifiers, node: builtins,
  and file:// URLs pass through unchanged
• Zero impact on Linux/macOS

Affected versions

• jiti: 2.6.1 (bundled with OpenClaw 2026.4.5)
• Node.js: v22.12+ / v24.x (any version enforcing strict ESM URL schemes on Windows)

Notes

• This fix edits a file inside node_modules and will be overwritten by
  npm install / package updates. The proper long-term fix belongs upstream in
  unjs/jiti.
• OpenClaw's shouldPreferNativeJiti() already returns false on Windows to
  avoid this class of bug, but several jiti creation sites receive tryNative: true
  via buildPluginLoaderJitiOptions() regardless — patching jiti's nativeImport
  fixes all of them in one place.

[iM3SK]

Workaround (PowerShell one-liner)

Run this after every npm install -g openclaw@latest until the bug is fixed upstream in jiti:

$file = "$env:APPDATA\npm\node_modules\openclaw\node_modules\jiti\lib\jiti.mjs"
(Get-Content $file) -replace 'const nativeImport = \(id\) => import\(id\);', 'import { pathToFileURL } from "node:url";
import { isAbsolute } from "node:path";
const nativeImport = (id) => import(process.platform === "win32" && typeof id === "string" && isAbsolute(id) ? pathToFileURL(id).href : id);' | Set-Content $file

What it does:

• Patches jiti.mjs so that nativeImport converts absolute Windows paths to file:// URLs before passing them to ESM import()
• Only activates on Windows (process.platform === "win32"), zero impact on Linux/macOS
• Relative specifiers, node: builtins, and file:// URLs pass through unchanged

Note: This edits a file inside node_modules, so it will be overwritten by any reinstall or update. Save the script as fix-openclaw.ps1 and run it after each upgrade.

Tested on Windows 11 Pro, Node.js v25.9.0, OpenClaw 2026.4.5.

[chen-zhang-cs-code]

I dug into this Windows onboarding/configure regression and opened #62286.

The root cause appears to be that the bundled-channel module loader and bundled-entry sidecar loader still force native Jiti for dist/** paths on Windows, which bypasses the existing shouldPreferNativeJiti() safeguard and lets Jiti hand raw C:\... paths to native ESM import.

The PR keeps those two seams on the non-native Jiti path on Windows and adds focused regression tests for both loaders.

[wtfrules]

Same here