fix(update): expose plugin convergence repair

[fuller-stack-dev]

Summary

• Add public openclaw update repair command that delegates to the existing update finalization path.
• Keep hidden openclaw update finalize as an internal alias while documenting repair as the supported operator recovery command.
• Point post-update plugin/convergence guidance at openclaw update repair so partial package updates have a direct rerun path for doctor repair, managed npm plugin convergence, install-record metadata, and registry refresh.

Verification

• pnpm docs:list
• pnpm format:fix docs/cli/update.md src/cli/update-cli.ts src/cli/update-cli.option-collisions.test.ts src/cli/update-cli/update-command.ts src/cli/update-cli/update-command.test.ts src/cli/update-cli/post-core-plugin-convergence.ts src/cli/update-cli/post-core-plugin-convergence.test.ts src/cli/update-cli.test.ts
• git diff --check
• node scripts/run-oxlint-shards.mjs --threads=8
• node scripts/run-vitest.mjs src/cli/update-cli.option-collisions.test.ts src/cli/update-cli/update-command.test.ts src/cli/update-cli/post-core-plugin-convergence.test.ts src/cli/update-cli.test.ts
• .agents/skills/autoreview/scripts/autoreview --mode local (clean: no accepted/actionable findings)
• OPENCLAW_HOME=$(mktemp -d /tmp/openclaw-update-repair-proof.XXXXXX) pnpm openclaw update repair --json --yes

Real behavior proof

Behavior addressed: After a core package update succeeds but post-core plugin convergence or managed npm plugin metadata is stranded, operators now have a documented openclaw update repair command instead of discovering the hidden update finalize path or rerunning unrelated repair commands.

Real environment tested: Disposable local OpenClaw home on macOS, using the real CLI entry point from this PR branch. The run used OPENCLAW_HOME pointed at a temporary directory so it did not read or mutate the operator's live OpenClaw state.

Exact steps or command run after this patch: OPENCLAW_HOME=$(mktemp -d /tmp/openclaw-update-repair-proof.XXXXXX) pnpm openclaw update repair --json --yes

Evidence after fix: The command built the stale local runtime, ran openclaw update repair, executed doctor repair and post-core plugin convergence, and exited 0. Redacted terminal output from the final JSON result:

{
  "status": "ok",
  "mode": "finalize",
  "root": "<repo-worktree>",
  "channel": "stable",
  "restart": false,
  "postUpdate": {
    "doctor": {
      "status": "ok"
    },
    "plugins": {
      "status": "ok",
      "changed": false,
      "warnings": [],
      "sync": {
        "changed": false,
        "switchedToBundled": [],
        "switchedToNpm": [],
        "warnings": [],
        "errors": []
      },
      "npm": {
        "changed": false,
        "outcomes": []
      },
      "integrityDrifts": []
    }
  }
}

Observed result after fix: openclaw update repair completes successfully through the real CLI path, reports mode: "finalize", keeps restart: false, and returns postUpdate.doctor.status: "ok" plus postUpdate.plugins.status: "ok".

What was not tested: A live partial package update recovery against real managed plugin npm metadata was not run in this branch; the proof covers the public command invocation and successful post-update repair/finalization path in a disposable local setup.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 9, 2026, 1:57 AM ET / 05:57 UTC.

Summary
The PR adds a public openclaw update repair subcommand that delegates to existing update finalization, preserves hidden update finalize, and updates update docs, repair guidance, and focused CLI/convergence tests.

PR surface: Source +17, Tests +27, Docs +31. Total +75 across 8 files.

Reproducibility: yes. from source: current main registers hidden update finalize but not public update repair, and current docs/guidance still point post-update plugin recovery at doctor --fix or rerunning update. I did not run the CLI because this review is read-only.

Review metrics: 1 noteworthy metric.

• Public CLI surface: 1 command added, 5 command options documented, 1 hidden alias preserved. The PR adds a supported operator recovery command, so maintainers should notice the new public CLI contract even though it reuses existing finalization logic.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• [P1] openclaw update repair becomes a documented public operator command, so maintainers should intentionally accept that support surface before merge.

Maintainer options:

1. Decide the mitigation before merge
   Land the additive command if maintainers accept the public recovery name, keeping update finalize hidden and routing all repair behavior through the existing finalization implementation.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• No ClawSweeper repair lane is needed; the remaining action is maintainer acceptance of the new public command name plus normal merge and CI handling.

Security
Cleared: The diff adds CLI/docs/tests around an existing internal finalization path and does not change workflows, dependencies, lockfiles, secrets handling, permissions, or package resolution sources.

Review details

Best possible solution:

Land the additive command if maintainers accept the public recovery name, keeping update finalize hidden and routing all repair behavior through the existing finalization implementation.

Do we have a high-confidence way to reproduce the issue?

Yes, from source: current main registers hidden update finalize but not public update repair, and current docs/guidance still point post-update plugin recovery at doctor --fix or rerunning update. I did not run the CLI because this review is read-only.

Is this the best way to solve the issue?

Yes, the PR is the best implementation shape I found: it exposes a public alias to the existing finalization path instead of duplicating doctor, plugin convergence, registry refresh, or install-record logic. The only product choice left is whether maintainers want openclaw update repair as the supported command name.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against e1978cf73cbd.

Label changes

Label changes:

• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix terminal output from a disposable local OpenClaw home showing the real openclaw update repair --json --yes CLI path reached finalization and returned ok doctor/plugins results.
• add rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• remove rating: 🐚 platinum hermit: Current PR rating is rating: 🦞 diamond lobster, so this older rating label is no longer current.

Label justifications:

• P2: This is a focused CLI/operator recovery improvement with limited blast radius and no emergency user-impact signal.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes after-fix terminal output from a disposable local OpenClaw home showing the real openclaw update repair --json --yes CLI path reached finalization and returned ok doctor/plugins results.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix terminal output from a disposable local OpenClaw home showing the real openclaw update repair --json --yes CLI path reached finalization and returned ok doctor/plugins results.

Evidence reviewed

PR surface:

Source +17, Tests +27, Docs +31. Total +75 across 8 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	3	45	28	+17
Tests	4	43	16	+27
Docs	1	33	2	+31
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	8	121	46	+75

What I checked:

• Current main has only the hidden finalizer command: registerUpdateCli currently registers update finalize as hidden and wires it directly to updateFinalizeCommand; there is no public update repair command on current main. (src/cli/update-cli.ts:118, e1978cf73cbd)
• Current finalization path already owns the desired repair behavior: updateFinalizeCommand runs doctor repair, reloads config, applies channel persistence, loads plugin install records, and calls the post-core plugin update path with restart: false. (src/cli/update-cli/update-command.ts:2299, e1978cf73cbd)
• Current docs still send operators to doctor or full update: The current update docs say post-update plugin warnings point to openclaw doctor --fix and tell users to rerun openclaw doctor --fix or openclaw update, so the PR is not already implemented on main. Public docs: docs/cli/update.md. (docs/cli/update.md:221, e1978cf73cbd)
• PR exposes the existing finalizer under the supported repair name: At PR head, registerUpdateRepairCommand registers repair, forwards --json, --channel, --timeout, --yes, and forces restart: false into updateFinalizeCommand; the same helper preserves hidden finalize. (src/cli/update-cli.ts:41, 1982fbf5dd72)
• PR docs describe the new public recovery surface: At PR head, docs/cli/update.md adds openclaw update repair, documents the command options, and updates post-update plugin guidance to rerun the repair command. (docs/cli/update.md:80, 1982fbf5dd72)
• Focused tests cover the new command wiring and guidance updates: The patch adds option-collision coverage for update repair and updates existing update/convergence tests so warning guidance matches the new supported recovery command. (src/cli/update-cli.option-collisions.test.ts:63, 718a7334c06e)

Likely related people:

• Peter Steinberger: git shortlog over the touched update CLI/docs files shows the largest sampled contribution count, and recent commits changed post-update root and plugin sync behavior around this surface. (role: heavy update-area contributor; confidence: medium; commits: 38cb5aefc81a, be16cf2f0d41, 28be124cc108; files: src/cli/update-cli/update-command.ts, docs/cli/update.md)
• Vincent Koc: Current-main blame for the hidden finalizer and post-core convergence paths points to the available graft boundary commit, and prior update CLI commits include self-update plugin refresh work. (role: recent area contributor; confidence: medium; commits: 50130d32a997, a24af4910018, 2e08f0f4221f; files: src/cli/update-cli.ts, src/cli/update-cli/update-command.ts, src/cli/update-cli/post-core-plugin-convergence.ts)
• Benjamin Jesuiter: History over the touched files includes update CLI help/description work, which is adjacent to the new public subcommand and help text surface. (role: adjacent CLI help contributor; confidence: low; commits: b25f334fa2c8; files: src/cli/update-cli.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[fuller-stack-dev]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27185514459
• Updated: 2026-06-09T05:26:12.145Z

[obviyus]

Landed via rebase onto main.

• Scoped tests: git diff --check origin/main...HEAD; node scripts/run-vitest.mjs src/cli/update-cli.option-collisions.test.ts src/cli/update-cli/update-command.test.ts src/cli/update-cli/post-core-plugin-convergence.test.ts; pnpm openclaw update repair --help; pnpm openclaw update finalize --help; pnpm openclaw update --help | rg -n 'update repair|update finalize|Usage:'
• Review: .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main clean, no accepted/actionable findings
• CI: clean before merge, no pending/failing checks
• Changelog: not updated; release generation owns CHANGELOG.md
• Land commit: b29a19b
• Merge commit: 1ec04c6

Thanks @fuller-stack-dev!