fix(update): surface plugin channel fallbacks

[BKF-Gitty]

Summary

• Problem: Beta core updates logged npm plugin channel fallbacks in the install stream, but the final plugin summary did not preserve that mixed-channel state.
• Why it matters: Operators can miss that a configured plugin used @latest because @beta was unavailable.
• What changed: Plugin update outcomes now carry structured channelFallback metadata and both direct plugin updates and post-core summaries emit a concise warning.
• What did NOT change (scope boundary): Install targets, fallback probes, fallback installs, and update semantics are unchanged.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes N/A
• Related v2026.5.12-beta.4 npm update succeeds but restart phase reports stale CLI/config-version mismatch #81394
• This PR fixes a bug or regression

Real behavior proof (required for external PRs)

• Behavior or issue addressed: Final plugin update output now retains the npm channel fallback warning when a plugin uses @latest because @beta is unavailable.
• Real environment tested: Local OpenClaw repo worktree on macOS, running inside the OpenClaw dev container.
• Exact steps or command run after this patch: In the dev container, ran pnpm test src/plugins/update.test.ts src/cli/update-cli.test.ts to exercise the production post-core summary path and direct plugin update reporting path.
• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output): Terminal capture from the local OpenClaw dev container:

$ pnpm test src/plugins/update.test.ts src/cli/update-cli.test.ts
✓ |cli| src/cli/update-cli.test.ts (90 tests) 23557ms
  ✓ prints plugin channel fallbacks near the post-core plugin summary 517ms
✓ |plugins| src/plugins/update.test.ts (73 tests) 79ms

Test Files  2 passed (2)
Tests       163 passed (163)
[test] passed 2 Vitest shards in 33.75s

• Observed result after fix: The post-core summary scenario emitted npm plugins: 1 updated, 0 unchanged. followed by plugin channel fallback: lossless-claw used @latest because @beta was unavailable.
• What was not tested: Full live package-manager beta update against the public npm registry; this patch is reporting/data-shape only and does not change registry install semantics.

Root Cause (if applicable)

• Root cause: The fallback was only represented in transient install logging and a local outcome suffix; the durable plugin outcome data did not carry enough structured state for final summaries to repeat it.
• Missing detection / guardrail: No final-summary regression test asserted that channel fallback information survived the plugin update flow.
• Contributing context (if known): Post-core summaries intentionally aggregate plugin outcomes, which made mid-install warnings easy to lose.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: src/plugins/update.test.ts, src/cli/update-cli.test.ts
• Scenario the test should lock in: npm plugin update falls back from @beta to @latest, and the final summary emits the concise channel fallback warning.
• Why this is the smallest reliable guardrail: The plugin test locks the data shape at the update seam, and the CLI test locks the final operator-visible output.
• Existing test that already covers this (if any): N/A
• If no new test is added, why not: N/A

User-visible / Behavior Changes

Plugin update summaries may now include a concise warning such as plugin channel fallback: lossless-claw used @latest because @beta was unavailable when an npm plugin falls back from a requested channel to @latest.

Diagram (if applicable)

Before:
core update -> plugin @beta unavailable -> install logs mention fallback -> final summary omits mixed-channel warning

After:
core update -> plugin @beta unavailable -> channelFallback metadata -> final summary warns plugin used @latest

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) No
• New/changed network calls? (Yes/No) No
• Command/tool execution surface changed? (Yes/No) No
• Data access scope changed? (Yes/No) No
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: macOS host
• Runtime/container: OpenClaw dev container, repo pnpm test
• Model/provider: N/A
• Integration/channel (if any): npm plugin update flow simulated by tests
• Relevant config (redacted): N/A

Steps

1. Check the patch with git diff --check.
2. Run pnpm test src/plugins/update.test.ts src/cli/update-cli.test.ts.
3. Inspect the added CLI assertion for the final fallback warning.

Expected

• Plugin fallback metadata is attached to npm beta-to-latest fallback outcomes.
• Final post-core output includes the concise plugin channel fallback warning.
• Existing successful update behavior remains unchanged.

Actual

• git diff --check passed.
• pnpm test src/plugins/update.test.ts src/cli/update-cli.test.ts passed with 2 files and 163 tests.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios: unavailable @beta fallback metadata, failed @beta fallback metadata, fallback-second-failure error shape, direct plugin update warning plumbing, and post-core final warning output.
• Edge cases checked: warning deduplication in post-core summary and no ClawHub fallback metadata attachment.
• What you did not verify: full live update against npm registry.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps: N/A

Risks and Mitigations

• Risk: The new warning could be perceived as extra output.
  • Mitigation: It only emits when fallback metadata exists, uses one concise line per affected plugin, and dedupes final post-core messages.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 3, 2026, 6:49 PM ET / 22:49 UTC.

Summary
The PR adds structured channelFallback metadata to npm plugin update outcomes and prints deduped fallback warnings in direct plugin updates and post-core summaries, with focused regression tests and an additive update-result type field.

PR surface: Source +115, Tests +144. Total +259 across 6 files.

Reproducibility: yes. Source inspection shows current main can log an npm beta fallback during the update flow but the post-core summary only repeats aggregate counts and errors, so a successful fallback can be missing from the final summary.

Review metrics: 1 noteworthy metric.

• Update result surface: 1 optional outcome field added. The additive channelFallback metadata is part of the post-update result shape that downstream or JSON-mode consumers may inspect.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🐚 platinum hermit
Result: blocked until real behavior proof from a real setup is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Add a redacted terminal capture or linked log from a real beta update where an npm plugin falls back to @latest and the final summary shows the new warning.
• Keep the focused test output in the PR body as supplemental validation after adding the real transcript.

Proof guidance:

• [P1] Needs real behavior proof before merge: The supplied proof is a terminal capture from focused Vitest runs, which validates tests but does not show an after-fix real package-manager beta update or npm fallback path. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• [P2] External real behavior proof is still mock/test-only; maintainers lack a redacted live package-manager beta update transcript showing the final fallback warning.
• [P2] The PR intentionally adds an optional channelFallback result field and an extra fallback warning line, so strict consumers of post-update JSON or human CLI output should be considered before merge.

Maintainer options:

1. Require live fallback transcript (recommended)
   Ask for a redacted terminal capture from a real beta update where an npm plugin falls back to latest so the new operator-visible warning is proven on the actual update path.
2. Accept the additive output contract
   Maintainers can choose to accept the optional result field and extra warning line as an intended additive CLI/result change because install semantics are unchanged.

Next step before merge

• [P1] No repair job is indicated because the branch already contains the narrow code/test fix; the remaining action is real update proof plus maintainer review of the additive output contract.

Security
Cleared: No concrete security or supply-chain regression was found; the diff changes TypeScript result metadata, CLI logging, and tests without new dependencies, workflows, permissions, or install commands.

Review details

Best possible solution:

Carry fallback metadata through PluginUpdateOutcome, print a deduped warning in both direct and post-core update paths, and require one redacted real beta-to-latest update transcript before merge.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows current main can log an npm beta fallback during the update flow but the post-core summary only repeats aggregate counts and errors, so a successful fallback can be missing from the final summary.

Is this the best way to solve the issue?

Yes for the code shape: structured metadata on PluginUpdateOutcome is cleaner than parsing the existing message suffix, and the post-core printer dedupes messages without changing install semantics. The missing piece is real behavior proof, not a different implementation layer.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 381c5e0762d1.

Label changes

Label changes:

• add merge-risk: 🚨 compatibility: The diff adds an optional post-update result field and an extra fallback warning line that can affect strict output consumers.
• add rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
• remove rating: 🦪 silver shellfish: Current PR rating is rating: 🧂 unranked krab, so this older rating label is no longer current.

Label justifications:

• P2: This is a normal-priority operator-facing update reporting bug with limited blast radius.
• merge-risk: 🚨 compatibility: The diff adds an optional post-update result field and an extra fallback warning line that can affect strict output consumers.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The supplied proof is a terminal capture from focused Vitest runs, which validates tests but does not show an after-fix real package-manager beta update or npm fallback path. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

PR surface:

Source +115, Tests +144. Total +259 across 6 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	4	121	6	+115
Tests	2	144	0	+144
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	6	265	6	+259

What I checked:

• Repository policy read: Root AGENTS.md and scoped src/plugins/AGENTS.md were read; plugin contract, fallback behavior, and real-behavior-proof guidance informed this review. (AGENTS.md:1, 381c5e0762d1)
• Current-main gap: Current main only appends the beta fallback note inside individual plugin outcome messages, while the post-core summary prints aggregate counts and only error messages, so successful fallback warnings are not repeated near the final summary. (src/cli/update-cli/update-command.ts:1913, 381c5e0762d1)
• PR implementation: The PR head adds a structured npm fallback helper and emits deduped fallback messages after the post-core npm plugin summary. (src/cli/update-cli/update-command.ts:1940, 8ad556c41324)
• Regression coverage in branch: The PR adds focused tests for unavailable beta fallback metadata, dry-run wording, failed beta fallback metadata, fallback-second-failure preservation, and final post-core summary output. (src/plugins/update.test.ts:2191, 8ad556c41324)
• Proof status: The PR body supplies terminal output from focused Vitest files, but no redacted live package-manager beta update or public npm fallback transcript after the patch. (8ad556c41324)
• Not implemented on current main or release: The PR head is not an ancestor of current main, no branch or tag contains it locally, and the latest release tag points to a different commit. (381c5e0762d1)

Likely related people:

• Andy Ye: Current-main blame for the beta fallback helper, post-core summary loop, and update result type points to commit 946eed6. (role: introduced current fallback/reporting behavior; confidence: high; commits: 946eed685d47; files: src/plugins/update.ts, src/cli/update-cli/update-command.ts, src/infra/update-runner.ts)
• steipete: The PR timeline shows assignment to steipete, and the branch contains follow-up commits 75d8cca and 8ad556c authored by Peter Steinberger. (role: recent PR branch contributor and assigned follow-up owner; confidence: medium; commits: 75d8ccab4400, 8ad556c41324, 381c5e0762d1; files: src/plugins/update.ts, src/plugins/update.test.ts, src/cli/plugins-update-outcomes.ts)
• Ayaan Zaidi: The current-main commit that carries the fallback helper and summary code was committed by Ayaan Zaidi, making them a useful routing signal if commit provenance matters. (role: recent committer of current update surface; confidence: medium; commits: 946eed685d47; files: src/plugins/update.ts, src/cli/update-cli/update-command.ts, src/infra/update-runner.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[openclaw-barnacle]

This pull request has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[clawsweeper]

ClawSweeper PR egg: 🎁 locked until real behavior proof passes.

Details

• No creature or rarity is rolled until proof passes.
• Eggs are collectible flavor only; they do not affect labels, ratings, merge decisions, or automation.

[steipete]

Land-ready proof for 6fedc53:

• Rebased PR branch on latest origin/main and pushed maintainer fixups.
• Local proof:
  • pnpm test src/plugins/update.test.ts src/cli/update-cli.test.ts
  • pnpm check:architecture
  • node scripts/run-oxlint-shards.mjs --threads=8
  • .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main
• Autoreview: clean, no accepted/actionable findings.
• CI: green on head 6fedc53, including runs 26918257523, 26918257434, 26918257472, and 26918256081.