v2026.5.20 post-update Codex plugin sync can wedge managed npm root with npm ERR_INVALID_ARG_TYPE

[allenhurff]

Summary

During an update from 2026.5.19 to 2026.5.20, the core package update succeeded, but the post-update plugin sync failed while installing the official @openclaw/codex plugin into the managed npm plugin root. This left the Codex harness unregistered and caused Codex-routed cron/channel sessions to fail.

This appears to be a managed npm-root/reify resilience issue rather than a bad @openclaw/codex@2026.5.20 tarball: after quarantining the existing ~/.openclaw/npm/node_modules tree and letting OpenClaw rebuild it, the same plugin installed successfully and openclaw plugins doctor reported no plugin issues.

Release involved: https://github.com/openclaw/openclaw/releases/tag/v2026.5.20

Environment

• macOS arm64
• OpenClaw before update: 2026.5.19 (a185ca2)
• OpenClaw after core update: 2026.5.20 (e510042)
• which openclaw: /opt/homebrew/bin/openclaw
• OpenClaw root reported by update: /opt/homebrew/lib/node_modules/openclaw
• Node from npm debug log: v24.14.1
• npm from npm debug log: 11.11.0
• npm install cwd from debug log: ~/.openclaw/npm
• Active slots before update: contextEngine=lossless-claw, memory=memory-lancedb

What happened

1. Started on 2026.5.19.
2. Ran:

openclaw update --tag 2026.5.20 --yes

3. Core update completed successfully:

Update Result: OK
  Root: /opt/homebrew/lib/node_modules/openclaw
  Before: 2026.5.19
  After: 2026.5.20

4. Post-update plugin sync then failed while processing Codex:

Installing @openclaw/codex into /Users/allenhurff/.openclaw/npm...
Linked peerDependency "openclaw" -> /opt/homebrew/lib/node_modules/openclaw
Linked peerDependency "openclaw" -> /opt/homebrew/lib/node_modules/openclaw
Disabled "codex" after plugin update failure; OpenClaw will continue without it. Failed to update codex: npm install failed: npm error code ERR_INVALID_ARG_TYPE
npm error The "from" argument must be of type string. Received undefined
npm error A complete log of this run can be found in: /Users/allenhurff/.npm/_logs/2026-05-21T21_21_58_750Z-debug-0.log

5. Subsequent attempts to manually repair with openclaw plugins install @openclaw/codex --force failed the same way:

Installing @openclaw/codex into /Users/allenhurff/.openclaw/npm...
Downloading @openclaw/codex...
Extracting .../openclaw-codex-2026.5.20.tgz...
npm install failed: npm error code ERR_INVALID_ARG_TYPE
npm error The "from" argument must be of type string. Received undefined
Also not a valid hook pack: Error: package.json missing openclaw.hooks

The package.json missing openclaw.hooks line appears to be secondary/misleading fallback noise after the npm install failure.

Relevant npm debug stack

From the npm debug log:

verbose cwd /Users/allenhurff/.openclaw/npm
verbose node v24.14.1
verbose npm  v11.11.0
verbose stack TypeError [ERR_INVALID_ARG_TYPE]: The "from" argument must be of type string. Received undefined
verbose stack     at relative (node:path:1357:5)
verbose stack     at /opt/homebrew/Cellar/node@24/24.14.1/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:1184:21
verbose stack     at Array.map (<anonymous>)
verbose stack     at /opt/homebrew/Cellar/node@24/24.14.1/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:1182:66
verbose stack     at Array.map (<anonymous>)
verbose stack     at [rollbackMoveBackRetiredUnchanged] (/opt/homebrew/Cellar/node@24/24.14.1/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:1182:8)
verbose stack     at #reifyPackages (/opt/homebrew/Cellar/node@24/24.14.1/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:315:31)
verbose stack     at async Arborist.reify (/opt/homebrew/Cellar/node@24/24.14.1/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:121:5)
verbose stack     at async Install.exec (/opt/homebrew/Cellar/node@24/24.14.1/lib/node_modules/npm/lib/commands/install.js:152:5)
verbose stack     at async Npm.exec (/opt/homebrew/Cellar/node@24/24.14.1/lib/node_modules/npm/lib/npm.js:209:9)

The log also showed npm retiring/moving existing plugin packages in the shared managed root immediately before the crash, including packages under ~/.openclaw/npm/node_modules.

User-visible impact

After the failed post-update plugin sync, Codex was disabled/missing:

Plugin "codex" failed post-core payload smoke check (missing-package-dir): Install dir is missing: /Users/allenhurff/.openclaw/npm/node_modules/@openclaw/codex

Codex-routed work then failed with:

MissingAgentHarnessError: Requested agent harness "codex" is not registered.

A rollback attempt to 2026.5.19 also became confusing because the config had already been written by 2026.5.20, and the older binary refused gateway destructive/restart actions without OPENCLAW_ALLOW_OLDER_BINARY_DESTRUCTIVE_ACTIONS=1.

Recovery that worked

The successful recovery was to quarantine the entire managed npm node_modules tree and let OpenClaw rebuild it:

stamp=$(date +%Y%m%d-%H%M%S)
mkdir -p ~/.openclaw/manual-backups

tar -czf ~/.openclaw/manual-backups/${stamp}-openclaw-npm-before-repair.tgz -C ~/.openclaw npm

if [ -d "$HOME/.openclaw/npm/node_modules" ]; then
  mv "$HOME/.openclaw/npm/node_modules" "$HOME/.openclaw/npm-node_modules.broken-$stamp"
fi

rm -f "$HOME/.openclaw/npm/package-lock.json" "$HOME/.openclaw/npm/npm-shrinkwrap.json"

openclaw plugins install @martian-engineering/lossless-claw@latest --force
openclaw plugins update acpx
openclaw plugins update memory-lancedb
openclaw plugins install @openclaw/codex --force
openclaw plugins update discord
openclaw plugins registry --refresh
openclaw plugins doctor
openclaw gateway restart --wait 45s
openclaw status --deep

After that:

Installed plugin: codex
No plugin issues detected.
Gateway reachable
Memory enabled (plugin memory-lancedb)

Expected behavior

• openclaw update --tag 2026.5.20 --yes should not leave the configured Codex runtime/harness unavailable because npm's shared managed plugin root is in a bad state.
• If the managed npm root is corrupt or npm Arborist hits this rollback failure, OpenClaw should either:
  • detect and quarantine/rebuild the managed npm plugin node_modules tree automatically, or
  • emit an explicit recovery command that rebuilds the managed npm root.
• The fallback Also not a valid hook pack: package.json missing openclaw.hooks message should probably be suppressed or clarified when npm install has already failed for an npm plugin package.
• Downgrade/rollback guidance should account for the config last written by newer version guard, since a failed post-update plugin sync can leave users with a newer config stamp but a broken runtime.

Why I think this is not simply a broken Codex tarball

The same @openclaw/codex@2026.5.20 package installed successfully after the shared managed npm root was rebuilt. The package metadata also appears to include normal OpenClaw plugin metadata (openclaw.runtimeExtensions, openclaw.install, peerDependencies.openclaw >=2026.5.20). The observed crash happens inside npm Arborist rollback while reifying the existing shared npm tree.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Keep open: current main still treats the managed npm install failure as a rollback-and-report path, while post-update sync can disable the affected plugin and leave Codex unavailable until a separate repair succeeds.

Reproducibility: no. not as a live current-main reproduction in this read-only pass. The reporter supplied concrete update and npm stack logs, and source inspection shows the current path still rolls back and reports npm failure without corrupt-root rebuild.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.

Next step
This is a focused repair candidate because the affected install/update paths, error output, and regression tests are identifiable, but live corrupt-root proof should be added when feasible.

Review details

Best possible solution:

Add a generic managed npm-root corruption recovery path in plugin install/update or doctor, keep it non-Codex-specific, and suppress misleading hook-pack fallback text when the primary npm plugin install already failed.

Do we have a high-confidence way to reproduce the issue?

No, not as a live current-main reproduction in this read-only pass. The reporter supplied concrete update and npm stack logs, and source inspection shows the current path still rolls back and reports npm failure without corrupt-root rebuild.

Is this the best way to solve the issue?

Yes, the requested direction is maintainable if it stays generic to managed npm plugin roots. The safest narrow solution is a doctor/post-update repair path with backup and one retry, plus clearer npm-failure output.

Label changes:

• add P1: A post-update regression can leave the configured Codex agent harness unavailable for real cron/channel sessions.
• add impact:auth-provider: The reported failure removes the registered Codex agent harness/provider route after update.
• add issue-rating: 🐚 platinum hermit: Current issue advisory state selects this label.
• add clawsweeper:needs-live-repro: Current issue advisory state selects this label.

Label justifications:

• P1: A post-update regression can leave the configured Codex agent harness unavailable for real cron/channel sessions.
• impact:auth-provider: The reported failure removes the registered Codex agent harness/provider route after update.

Acceptance criteria:

• node scripts/run-vitest.mjs src/plugins/install.npm-spec.test.ts
• node scripts/run-vitest.mjs src/infra/npm-managed-root.test.ts
• node scripts/run-vitest.mjs src/cli/plugins-cli.install.test.ts
• node scripts/run-vitest.mjs src/cli/update-cli.test.ts

What I checked:

• Reporter evidence: The issue includes v2026.5.20 update output showing @openclaw/codex install failed with npm ERR_INVALID_ARG_TYPE, followed by Codex missing-package-dir smoke failure and MissingAgentHarnessError; the same package installed after rebuilding the managed npm root.
• Managed npm install failure path: Current install code runs npm in the managed root, rolls back on nonzero npm exit, then returns npm install failed: ...; there is no automatic corrupt-root quarantine/rebuild retry in this path. (src/plugins/install.ts:729, 6b5eba1f433a)
• Post-update disable-on-failure behavior: Plugin update failure with disableOnFailure writes a disabled plugin config entry and reports Disabled "<id>" after plugin update failure, matching the issue's observed Codex disablement. (src/plugins/update.ts:1010, 6b5eba1f433a)
• Post-update official plugin sync path: The update command calls updateNpmInstalledPlugins with syncOfficialPluginInstalls: true and disableOnFailure: true, so official external Codex sync uses the same npm failure/disable path. (src/cli/update-cli/update-command.ts:1678, 6b5eba1f433a)
• Existing guidance is generic: Post-update plugin warnings currently say to run openclaw doctor --fix, and docs say doctor can reinstall missing downloadable plugins after updates, but neither source evidence shows automatic managed-root rebuild for this npm Arborist failure. (src/cli/update-cli/update-command.ts:513, 6b5eba1f433a)
• Hook-pack fallback noise remains possible: The shared formatter appends Also not a valid hook pack for most plugin install failures, which matches the issue's complaint about misleading fallback output after npm install has already failed. (src/cli/plugins-command-helpers.ts:175, 6b5eba1f433a)

Likely related people:

• Peter Steinberger: Authored recent plugin update tracking, update-channel sync, and plugin-update test refactor commits found in the bounded history search. (role: feature-history contributor; confidence: medium; commits: 54ec14262b84, 99fc0fbac1ef, 5ca92b0498c9; files: src/plugins/update.ts, src/cli/update-cli/update-command.ts)
• huntharo: Commit 401ffb5 added versioned plugin update support and names @huntharo as co-author/reviewer in the commit metadata. (role: plugin update contributor/reviewer; confidence: medium; commits: 401ffb59f538; files: src/plugins/update.ts)
• takhoffman: Current central plugin install/update files blame to the shallow-base squash commit b33deb4, whose metadata records approval by takhoffman. (role: reviewer/approver in current shallow-base history; confidence: low; commits: b33deb41594e; files: src/plugins/install.ts, src/infra/npm-managed-root.ts, src/cli/plugins-command-helpers.ts)

Remaining risk / open question:

• I did not run a live macOS npm 11.11 corrupt-root reproduction in this read-only review; the decision is based on the reporter's logs plus current source behavior.
• Automatically quarantining or rebuilding ~/.openclaw/npm/node_modules during update touches OpenClaw-managed user state, so the repair should use a backup, one retry, and focused tests.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 6b5eba1f433a.

[allenhurff]

Thanks for the review. Adding the recovery details from the machine after we got it back to a healthy state.

I no longer have the broken runtime active because I had to recover the install, but the resolution was very specific:

1. Repeated openclaw plugins install @openclaw/codex --force attempts failed while the existing managed npm root was present.
2. I backed up ~/.openclaw/npm, moved the entire ~/.openclaw/npm/node_modules tree aside, and removed the managed npm lockfiles.
3. I reran the plugin installs/updates.
4. openclaw plugins install @openclaw/codex --force then succeeded immediately.
5. openclaw plugins doctor returned No plugin issues detected.
6. openclaw gateway restart --wait 45s succeeded, and openclaw status --deep showed the gateway reachable with Memory enabled (plugin memory-lancedb).

The exact recovery shape was:

stamp=$(date +%Y%m%d-%H%M%S)
mkdir -p ~/.openclaw/manual-backups

tar -czf ~/.openclaw/manual-backups/${stamp}-openclaw-npm-before-repair.tgz -C ~/.openclaw npm

if [ -d "$HOME/.openclaw/npm/node_modules" ]; then
  mv "$HOME/.openclaw/npm/node_modules" "$HOME/.openclaw/npm-node_modules.broken-$stamp"
fi

rm -f "$HOME/.openclaw/npm/package-lock.json" "$HOME/.openclaw/npm/npm-shrinkwrap.json"

openclaw plugins install @martian-engineering/lossless-claw@latest --force
openclaw plugins update acpx
openclaw plugins update memory-lancedb
openclaw plugins install @openclaw/codex --force
openclaw plugins update discord
openclaw plugins registry --refresh
openclaw plugins doctor
openclaw gateway restart --wait 45s
openclaw status --deep

The important diagnostic point is that no package version changed between the repeated failing Codex installs and the successful Codex install. The material change was rebuilding the managed npm root by quarantining ~/.openclaw/npm/node_modules.

So the observed behavior was:

• Expected: post-update sync or doctor --fix should either recover the managed npm root or give an explicit managed-root rebuild/quarantine recovery path.
• Actual: post-update sync disabled Codex, doctor --fix and plugins install @openclaw/codex --force kept retrying the same npm Arborist failure, and Codex-routed cron/channel sessions failed with MissingAgentHarnessError until the managed npm root was rebuilt.

I may still have the quarantined ~/.openclaw/npm-node_modules.broken-* directory and/or the *openclaw-npm-before-repair.tgz backup if those artifacts would be useful for a maintainer-directed repro.

[steipete]

Fixed on main in a326faa10c.

What changed:

• managed per-plugin npm projects now detect npm's ERR_INVALID_ARG_TYPE/"from" argument corruption signature, quarantine node_modules and lockfiles under _openclaw-quarantined-npm-projects, and retry once against a rebuilt project;
• rebuilt dependency trees recompute the scan baseline so newly materialized hoisted packages are still scanned;
• Windows packaged-upgrade fallback now verifies the candidate version after the direct fallback install, and successful swaps report when a locked old backup is preserved for delayed cleanup.

Proof:

• local focused Vitest: src/infra/package-update-steps.test.ts, src/plugins/install.npm-spec.test.ts, test/scripts/openclaw-cross-os-release-checks.test.ts;
• Testbox-through-Crabbox changed gate: tbx_01kt43arnm9kg7h284vfpshc0k, Actions run https://github.com/openclaw/openclaw/actions/runs/26818339001;
• native Windows AWS Crabbox: cbx_68a3fd5bc935 / run_05f5965d70da, EPERM package-swap regression passed and Windows release-check fallback regressions passed.

Closing as fixed.