Bug: npm updates drop node-llama-cpp, breaking local memory_search after every OpenClaw update

[Peilsender]

Summary

After each recent npm-based OpenClaw update, local memory_search stops working because the node-llama-cpp optional dependency is no longer present under the installed OpenClaw package directory.

This has happened repeatedly on the same Linux host after OpenClaw updates. The workaround is always to manually reinstall node-llama-cpp into the OpenClaw package prefix and then retest memory_search.

Environment

• OpenClaw before latest update: 2026.5.27
• OpenClaw after latest update: 2026.5.28 (e932160)
• Install kind: global npm package under /home/openclaw/.npm-global/lib/node_modules/openclaw
• Node.js: v24.15.0
• npm: 11.12.1
• Gateway: systemd user service, loopback 127.0.0.1:18789
• Memory provider: local embeddings
• Expected local model: hf:ggml-org/embeddinggemma-300m-qat-q8_0-GGUF/embeddinggemma-300m-qat-Q8_0.gguf

Repro / observed flow

1. Update OpenClaw via npm from 2026.5.27 to 2026.5.28.
2. Restart the gateway.
3. Run a local memory_search tool call.

Actual result

memory_search becomes unavailable:

results: []
disabled: true
unavailable: true
error: Local embeddings unavailable.
Reason: optional dependency node-llama-cpp is missing (or failed to install).
Detail: Cannot find package 'node-llama-cpp' imported from /home/openclaw/.npm-global/lib/node_modules/openclaw/dist/embeddings-C9YA6RhB.js

npm ls -g --depth=0 node-llama-cpp openclaw only showed openclaw@2026.5.28; node-llama-cpp was absent.

A local post-update check also flagged the dependency as missing:

Memory-Search-Abhaengigkeit
[PROBLEM] node-llama-cpp fehlt im OpenClaw-Paket; memory_search danach im Chat testen/reparieren

Expected result

After an OpenClaw npm update, local memory_search should keep working without manually reinstalling node-llama-cpp into the OpenClaw package directory.

At minimum, the update flow or doctor should detect this condition and offer a direct repair step.

Workaround that fixes it

npm install --no-save node-llama-cpp@3.18.1 --prefix /home/openclaw/.npm-global/lib/node_modules/openclaw
cd /home/openclaw/.npm-global/lib/node_modules/openclaw && node -e "import('node-llama-cpp').then(()=>console.log('ok'))"

After this, the same memory_search call succeeds again:

provider: local
model: hf:ggml-org/embeddinggemma-300m-qat-q8_0-GGUF/embeddinggemma-300m-qat-Q8_0.gguf
hits: 3

The post-update check then passes:

CLI version: 2026.5.28
Package version: 2026.5.28
Gateway version: 2026.5.28
node-llama-cpp present
OK: 8 | Hinweise: 0 | Probleme: 0

Why this matters

For agents configured to rely on local/free memory search, every npm update silently removes or fails to preserve the native local embeddings dependency. The gateway can otherwise look healthy, so the breakage only appears when an agent tries to recall memory.

Related context

This seems adjacent to local memory/provider work such as #70596 and #70873, but the issue here is specifically the npm update/install result: node-llama-cpp disappears from the installed OpenClaw package prefix and must be reinstalled manually after updates.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed May 31, 2026, 12:33 PM ET / 16:33 UTC.

Summary
Keep open: current main still treats node-llama-cpp as operator-installed, and the existing diagnostics do not make npm upgrades preserve or directly repair the local embeddings runtime that this report says disappears after update.

Reproducibility: yes. for the runtime failure path, but not as a live npm-upgrade repro in this read-only checkout. Current source imports node-llama-cpp for provider=local and returns the reported unavailable error when that operator-installed package is missing.

Next step
The remaining action needs maintainer choice between package policy, update/doctor repair behavior, and operator-install guidance before an automated fix PR is safe.

Review details

Best possible solution:

Add a maintainer-approved upgrade/doctor path that either preserves or reinstalls the operator-installed local embeddings runtime after npm updates, or reliably diagnoses it with an exact repair command and packaged-upgrade proof.

Do we have a high-confidence way to reproduce the issue?

Yes for the runtime failure path, but not as a live npm-upgrade repro in this read-only checkout. Current source imports node-llama-cpp for provider=local and returns the reported unavailable error when that operator-installed package is missing.

Is this the best way to solve the issue?

Unclear until maintainers choose the boundary. Current diagnostics are not enough for the reported upgrade workflow, but declaring node-llama-cpp as an OpenClaw dependency conflicts with existing release policy.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• The exact npm global upgrade cleanup path was not live-reproduced in this read-only review; the report's logs match current source behavior when node-llama-cpp is missing.
• A packaging fix that declares node-llama-cpp would reverse an intentional release guard, so maintainers should choose the product boundary before implementation.
• The related open prewarm PR would surface local embedding failure earlier but does not make npm updates preserve or reinstall the native runtime.

Codex review notes: model gpt-5.5, reasoning high; reviewed against a6ee3dbbdd07.

Label changes

Label changes:

• add P1: The report describes a real configured memory_search workflow becoming unavailable after every npm update for local embeddings users.
• add impact:session-state: The failure disables memory retrieval for agents that depend on local memory_search to recall prior context.
• add issue-rating: 🐚 platinum hermit: Current issue advisory state selects this label.
• add clawsweeper:needs-live-repro: Current issue advisory state selects this label.
• add clawsweeper:no-new-fix-pr: Current issue advisory state selects this label.
• add clawsweeper:needs-maintainer-review: Current issue advisory state selects this label.
• add clawsweeper:needs-product-decision: Current issue advisory state selects this label.

Label justifications:

• P1: The report describes a real configured memory_search workflow becoming unavailable after every npm update for local embeddings users.
• impact:session-state: The failure disables memory retrieval for agents that depend on local memory_search to recall prior context.

Evidence reviewed

What I checked:

• Current package metadata omits node-llama-cpp: Current package.json has runtime dependencies and optionalDependencies, but optionalDependencies only contains sqlite-vec; node-llama-cpp is not declared for npm installs. (package.json:1852, a6ee3dbbdd07)
• Release guard intentionally rejects bundling node-llama-cpp: The npm release metadata tests reject node-llama-cpp as peer, direct, and optional dependency, including the message to keep it operator-installed. (test/openclaw-npm-release-check.test.ts:762, a6ee3dbbdd07)
• Runtime failure path matches the report: The local embedding adapter formats ERR_MODULE_NOT_FOUND for node-llama-cpp as 'Local embeddings unavailable' and tells users to install node-llama-cpp next to OpenClaw. (extensions/memory-core/src/memory/provider-adapters.ts:46, a6ee3dbbdd07)
• Doctor warning is conditional, not a post-update repair: For provider=local with a model path/default model, doctor only warns when a gateway memory probe was checked and not ready, then points to verification rather than reinstalling or preserving node-llama-cpp. (src/commands/doctor-memory-search.ts:471, a6ee3dbbdd07)
• Normal doctor gateway probe can be skipped: probeGatewayMemoryStatus calls doctor.memory.status with probe:false, so it can receive a skipped readiness result instead of forcing a local embedding probe during ordinary doctor runs. (src/commands/doctor-gateway-health.ts:102, a6ee3dbbdd07)
• Gateway method confirms skipped probe behavior: doctor.memory.status probes embeddings only when params request probe/deep; otherwise it uses cached availability or the skipped readiness payload. (src/gateway/server-methods/doctor.ts:923, a6ee3dbbdd07)

Likely related people:

• Peter Steinberger: Authored the commit that made node-llama-cpp optional/operator-installed and appears heavily in current package, memory adapter, and doctor history for this surface. (role: operator-installed dependency policy and recent memory/package contributor; confidence: high; commits: 115f24819ebc, 77e6e4cf87, 832b6487e0ca; files: package.json, scripts/openclaw-npm-release-check.ts, extensions/memory-core/src/memory/provider-adapters.ts)
• Steve: History shows the original doctor memory-search health check commit, which is central to the requested detection/repair path. (role: introduced memory search doctor health check; confidence: medium; commits: 69ba9a056251; files: src/commands/doctor-memory-search.ts)
• Adhish Thite: Authored the commit that changed doctor behavior for local memory search without an explicit modelPath, directly adjacent to the current detection gap. (role: doctor local-provider behavior contributor; confidence: medium; commits: 63734df3b0c6; files: src/commands/doctor-memory-search.ts)
• Vincent Koc: Recent history shows multiple memory and doctor changes in the same area, making this a plausible routing candidate for memory-search upgrade behavior. (role: recent memory doctor and memory-runtime contributor; confidence: medium; commits: da7f016db6, 8623c28f1d, 7c9108aaf7; files: src/commands/doctor-memory-search.ts, extensions/memory-core/src/memory/provider-adapters.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[osolmaz]

Related earlier package-policy PR: #71425 removed node-llama-cpp from OpenClaw package metadata and made the release check reject it as a direct, optional, or peer dependency.

That makes the current workaround fragile: npm treats node-llama-cpp installed inside the OpenClaw package prefix as an extra nested package, so a later npm update can remove it.

I reproduced the reported update path in AWS Crabbox: provider=aws, lease=cbx_21e58264a850, run=run_3b8c68212a9f. openclaw@2026.5.27 plus node-llama-cpp@3.18.1 imported successfully before the update; after npm install -g openclaw@2026.5.28, the OpenClaw package prefix had no node-llama-cpp and the import failed.

[osolmaz]

I reproduced the package-manager behavior in a clean temp npm prefix.

Flow tested:

npm install -g --prefix /private/tmp/openclaw-npm-node-llama-repro --ignore-scripts --no-audit --no-fund openclaw@2026.5.27
npm install --prefix /private/tmp/openclaw-npm-node-llama-repro/lib/node_modules/openclaw --ignore-scripts --no-audit --no-fund --no-save node-llama-cpp@3.18.1
npm install -g --prefix /private/tmp/openclaw-npm-node-llama-repro --ignore-scripts --no-audit --no-fund openclaw@2026.5.28

Observed result:

before update node-llama-cpp=3.18.1
updated openclaw=2026.5.28
after update node-llama-cpp=missing

So yes: a manually installed node-llama-cpp under the installed OpenClaw package directory is removed by the next npm update.

Why: that package is being added inside npm's managed OpenClaw install tree:

.../lib/node_modules/openclaw/node_modules/node-llama-cpp

When npm install -g openclaw@<new version> runs, npm reconciles that openclaw package directory to match OpenClaw's package metadata. Since node-llama-cpp is not listed in OpenClaw's dependencies or optionalDependencies, and the manual install used --no-save, npm treats it as an extraneous nested package and prunes it.

Installing node-llama-cpp somewhere else outside the OpenClaw installation is not a reliable workaround either. The current runtime imports node-llama-cpp from OpenClaw's runtime files, so Node resolves it relative to the OpenClaw package tree unless the code is changed to load from an explicit external path.

Practical fix directions:

• Make node-llama-cpp an actual OpenClaw dependency or optional dependency, so npm owns and preserves it.
• Or move local llama.cpp embeddings into a provider/plugin package that owns node-llama-cpp as its dependency.
• Or add an explicit external runtime path/config, though that is more fragile and less ergonomic.

The current documented/manual workaround works only until the next npm update.