openclaw update exits code 1 on disabled-plugin ClawHub 429 even though core update succeeded; should treat disabled plugins as no-op for sync

[islandpreneur007]

Upstream bug report DRAFT — pending Trent blind-pass

Target: github.com/openclaw/openclaw/issues
Status: DRAFT v0 — not filed.

---

Title

openclaw update exits code 1 on disabled-plugin ClawHub 429 even though core update succeeded; should treat disabled plugins as no-op for sync

Environment

• OpenClaw 2026.4.25 → 2026.4.26 (be8c246) update
• Install: pnpm-detected install, real path under .npm-global/lib/node_modules/openclaw
• Affected plugin: apify (in config but enabled: false)

Summary

openclaw update --channel stable --yes --no-restart --json succeeded on the core package update (4.25 → 4.26) but exited code 1 because the post-update plugin sync hit a ClawHub 429 (rate limit) for the apify plugin. The apify plugin is enabled: false in our config — it should never have been queued for sync.

Per docs.openclaw.ai/cli/update: "Post-update plugin sync failures fail the update result and stop restart follow-up work... fix the plugin install or update error, then rerun openclaw update." Following this guidance would require us to fix the rate-limited update for a plugin we don't even use, OR to remove the plugin entry entirely from config.

Reproduction

1. Have apify (or any other ClawHub-distributed plugin) in plugins.entries with enabled: false and a config block present
2. Run openclaw update --channel stable --yes --no-restart --json
3. If ClawHub returns 429 for the apify update query, the entire update exits code 1

The ClawHub URL queried for the disabled plugin: /api/v1/packages/%40apify%2Fapify-openclaw-plugin/download

Source locations (4.26)

• dist/update-kKaOeGGE.js:432-440 — ClawHub install/update path
• dist/update-kKaOeGGE.js:451-456 — update errors pushed into outcomes
• dist/update-cli-CgKMD06I.js:1274-1287 — JSON plugin update result status includes npm outcomes
• dist/update-cli-CgKMD06I.js:1313-1325 — non-JSON result status
• dist/update-cli-CgKMD06I.js:1797-1810 — post-update-plugins sets overall update error + exits code 1

Expected behavior

Plugin sync should:

• Skip disabled plugins — they're not loaded, not running, sync isn't required for runtime correctness
• OR: classify plugin-sync failures for disabled plugins as warnings (not fatal), allowing the update to succeed code 0 with a warning surfaced

Workaround we used

Treated the code 1 as non-blocking since:

• Core 4.26 install completed
• Apify is disabled (no runtime impact)
• Doctor passed (with same baseline-of-known-warnings)

Continued with the controlled restart path (--no-restart had been passed, so we did the restart manually). 4.26 is now LIVE and healthy. But this required a judgment call against documented guidance.

Why this matters

The current behavior creates pressure to either (a) keep retrying updates against ClawHub until rate-limit clears or (b) remove disabled-plugin entries entirely. Both are friction. Disabled-but-configured is a legitimate state (we may want to enable apify later without re-adding the config block).

Suggested fix

A disabled plugin present in plugins.entries should be skipped or downgraded to warning during the plugin-sync step. Plugin sync is for plugins that will actually be loaded; it shouldn't gate the entire update on a plugin we're not running.

In the plugin-sync code path (dist/update-cli-CgKMD06I.js:1797-1810), check plugins.entries.<name>.enabled before attempting any ClawHub query. If enabled: false, log skip + move on.

No config option was found in 4.26 to suppress sync for disabled plugins — operators have to either (a) keep retrying until rate-limit clears, or (b) remove the plugin entry entirely from config (loses the keep-disabled-but-configured state).

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Keep this issue open. Current main still updates tracked ClawHub/npm/marketplace plugin install records without checking plugins.entries.<id>.enabled, and any post-update plugin error still turns an otherwise successful core update into reason: "post-update-plugins". There is also an open unmerged closing PR, #73902, so the right path is to review/land or close that PR rather than closing this issue early.

Best possible solution:

Keep this issue open and use the linked open PR #73902 as the implementation lane. The best fix is a narrow post-update plugin-sync filter that treats explicitly disabled tracked plugins as skipped/non-fatal before ClawHub/npm/marketplace network calls, while keeping enabled plugin failures fatal and preserving disabled install metadata. Regression coverage should include a disabled ClawHub install record whose update would fail with HTTP 429.

What I checked:

• Current post-update sync feeds tracked installs into updater: updatePluginsAfterCoreUpdate loads persisted install records, merges them into config, and calls updateNpmInstalledPlugins with only skipIds for plugins switched to npm; there is no disabled-plugin filter at this boundary. (src/cli/update-cli/update-command.ts:728, 610e575844b2)
• Updater targets all install records: updateNpmInstalledPlugins defaults targets to Object.keys(installs) and checks record source/metadata before update, but does not inspect plugins.entries.<id>.enabled before proceeding. (src/plugins/update.ts:479, 610e575844b2)
• ClawHub update still performs network install path: For record.source === "clawhub", the updater calls installPluginFromClawHub in update mode; a failed result is pushed as status: "error". (src/plugins/update.ts:730, 610e575844b2)
• Plugin sync errors remain fatal to update command: Post-update plugin sync returns status: "error" when any plugin update outcome is error, and the outer update command exits 1 with reason: "post-update-plugins". (src/cli/update-cli/update-command.ts:790, 610e575844b2)
• Regression coverage currently expects disabled tracked plugin to update: The migration test configures a tracked plugin entry with enabled: false and still expects installPluginFromNpmSpec to be called, showing current tests do not encode the requested skip/no-op behavior. (src/plugins/update.test.ts:880, 610e575844b2)
• Documented failure policy matches reporter impact: The public update docs state that post-update plugin sync failures fail the update result and stop restart follow-up work, which is exactly the reported operator-facing failure mode. Public docs: docs/cli/update.md. (docs/cli/update.md:152, 610e575844b2)

Likely related people:

• steipete: Peter authored feat: add native clawhub install flows and fix: fail update on plugin sync errors, both central to ClawHub update attempts becoming fatal post-update failures. Current local blame also routes the reviewed lines through the shallow base authored by Peter. (role: introduced and recent maintainer of the ClawHub/update failure path; confidence: high; commits: 91b2800241c1, a434133aacb1, b67d9bf7f06f; files: src/plugins/update.ts, src/cli/update-cli/update-command.ts, docs/cli/update.md)
• shakkernerd: Shakker recently changed update-channel plugin index writes and npm global update behavior, which are adjacent to the post-core plugin sync and persisted install-record path. (role: adjacent update/install-index maintainer; confidence: medium; commits: e7c131d6de92, 6985c6751c3d, c19f8a522310; files: src/cli/update-cli/update-command.ts, src/cli/plugins-install-record-commit.ts, src/plugins/installed-plugin-index.ts)
• vincentkoc: Vincent authored nearby install-ledger and plugin relocation work, including moving install records to the managed ledger and hardening ledger path handling, which affects how post-update sync discovers tracked installs. (role: plugin install-ledger and relocation maintainer; confidence: medium; commits: 888448facc1b, 9bd348fdec59, 0abb2a571f52; files: src/plugins/update.ts, src/plugins/installed-plugin-index.ts, src/plugins/installed-plugin-index-records.ts)
• huntharo: Harold authored the versioned plugin update support that modified src/plugins/update.ts, src/plugins/update.test.ts, and plugin update docs; this is the updater surface where disabled tracked installs need filtering. (role: introduced versioned plugin update contract; confidence: medium; commits: 401ffb59f538; files: src/plugins/update.ts, src/plugins/update.test.ts, docs/cli/plugins.md)

Remaining risk / open question:

• Disabled tracked ClawHub plugins can still make a successful core package update exit 1 when ClawHub returns 429 or another transient error.
• A fix must preserve fail-closed behavior for enabled plugin updates, integrity drift, unsafe install failures, and real install/update errors.
• Skip logic must preserve disabled-but-configured plugin entries and install metadata, including package-id migration behavior where needed.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 610e575844b2.

[vincentkoc]

Thanks for the clear report. Fixed in #73970: post-update plugin sync now skips disabled tracked plugins before npm, ClawHub, or marketplace update checks while preserving install records and keeping enabled plugin failures fail-closed.