Repair active npm host after plugin installs

[mbelinky]

Summary

• Detect when a managed plugin npm install prunes dependencies from the active global-prefix OpenClaw package.
• Repair the active OpenClaw package at the same installed version before reporting plugin install success, including required dependencies and optional runtime dependencies that were present before the install.
• Roll back plugin installs if active-host repair fails, and keep npm lifecycle scripts disabled during repair.

Verification

• node scripts/run-vitest.mjs src/plugins/install.npm-spec.test.ts src/infra/npm-managed-root.test.ts
• ./node_modules/.bin/oxfmt --check --threads=1 src/infra/npm-managed-root.ts src/infra/npm-managed-root.test.ts src/plugins/install.ts src/plugins/install.npm-spec.test.ts
• git diff --check
• Testbox-through-Crabbox: tbx_01kspspe3ktdsxrpmg7b24aqtv

Real behavior proof
Behavior addressed: Installing an external plugin into the same managed npm prefix as a global OpenClaw package can leave the active OpenClaw package missing runtime dependencies.
Real environment tested: Blacksmith Testbox through Crabbox with a PR-built OpenClaw tarball installed into a throwaway global npm prefix, then the published Twilio WhatsApp plugin installed into that same managed prefix.
Exact steps or command run after this patch: Built and packed this branch, installed the tarball globally with npm --prefix, ran openclaw plugins install npm:@srinathh/openclaw-channel-twilio-whatsapp@2.1.8 --dangerously-force-unsafe-install, verified active host dependencies, then ran openclaw doctor --fix.
Evidence after fix: The Testbox run printed json5=2.2.3, croner=10.0.1, listed twilio-whatsapp in plugins, and ended with PROOF_OK active host deps survived plugin install and doctor ran.
Observed result after fix: Testbox-through-Crabbox tbx_01kspspe3ktdsxrpmg7b24aqtv completed with exit=0. Focused local tests also passed: 2 test files, 58 tests.
What was not tested: The production gateway was not restarted or repointed to this PR. AWS Crabbox did not execute because AWS lease creation hit a security-group rule limit, so the remote proof used Blacksmith Testbox through Crabbox.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed May 29, 2026, 1:13 AM ET / 05:13 UTC.

Summary
Review failed before ClawSweeper could summarize the requested change.

PR surface: Source +308, Tests +467. Total +775 across 6 files.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Review metrics: none identified.

Merge readiness
Overall: 🌊 off-meta tidepool
Proof: 🌊 off-meta tidepool
Patch quality: 🌊 off-meta tidepool
Result: rating does not apply to this item.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• [P1] No close action taken because the review did not complete.

Maintainer options:

1. Decide the mitigation before merge
   Retry the Codex review after fixing the execution failure.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P1] Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 5fb83af3e389.

Label changes

Label changes:

• remove P2: Current review triage priority is none.
• remove merge-risk: 🚨 compatibility: Current PR review selected no merge-risk labels.
• remove merge-risk: 🚨 availability: Current PR review selected no merge-risk labels.

Label justifications:

• rating: 🌊 off-meta tidepool: Overall readiness is 🌊 off-meta tidepool; proof is 🌊 off-meta tidepool and patch quality is 🌊 off-meta tidepool.

Evidence reviewed

PR surface:

Source +308, Tests +467. Total +775 across 6 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	3	309	1	+308
Tests	3	476	9	+467
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	6	785	10	+775

What I checked:

• failure reason: codex execution failed.
• codex failure detail: Codex review failed for this PR with exit 1.
• codex stdout: Per-item Codex failure; continuing with the rest of the shard.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg: 🔥 warming; proof passed, review follow-up or readiness checks remain. Hatch with @clawsweeper hatch when eligible.

Rules and details

Hatchability:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

About:

• Eggs appear after real-behavior proof passes. They are collectible flavor only.
• Review momentum changes the shell state: follow-up work warms it, re-review makes it wobble, and a clean final review lets it hatch.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.