github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 13:01:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(update): honor update.channel for update.run

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-03 17:57:44 -08:00
parent 61a7fc5e0e
commit bbe9cb3022
5 changed files with 98 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -29,6 +29,7 @@ Docs: https://docs.openclaw.ai
### Fixes ### Fixes
- Security: require operator.approvals for gateway /approve commands. (#1) Thanks @mitsuhiko, @yueyueL. - Security: require operator.approvals for gateway /approve commands. (#1) Thanks @mitsuhiko, @yueyueL.
- Updates: honor update.channel for update.run (Control UI) and channel-based npm tags for global installs.
- Security: Matrix allowlists now require full MXIDs; ambiguous name resolution no longer grants access. Thanks @MegaManSec. - Security: Matrix allowlists now require full MXIDs; ambiguous name resolution no longer grants access. Thanks @MegaManSec.
- Security: enforce access-group gating for Slack slash commands when channel type lookup fails. - Security: enforce access-group gating for Slack slash commands when channel type lookup fails.
- Security: require validated shared-secret auth before skipping device identity on gateway connect. - Security: require validated shared-secret auth before skipping device identity on gateway connect.

5
src/gateway/server-methods/update.ts
View File

@@ -1,4 +1,5 @@
import type { GatewayRequestHandlers } from "./types.js"; import type { GatewayRequestHandlers } from "./types.js";
import { loadConfig } from "../../config/config.js";
import { resolveOpenClawPackageRoot } from "../../infra/openclaw-root.js"; import { resolveOpenClawPackageRoot } from "../../infra/openclaw-root.js";
import { import {
formatDoctorNonInteractiveHint, formatDoctorNonInteractiveHint,
@@ -6,6 +7,7 @@ import {
writeRestartSentinel, writeRestartSentinel,
} from "../../infra/restart-sentinel.js"; } from "../../infra/restart-sentinel.js";
import { scheduleGatewaySigusr1Restart } from "../../infra/restart.js"; import { scheduleGatewaySigusr1Restart } from "../../infra/restart.js";
import { normalizeUpdateChannel } from "../../infra/update-channels.js";
import { runGatewayUpdate } from "../../infra/update-runner.js"; import { runGatewayUpdate } from "../../infra/update-runner.js";
import { import {
ErrorCodes, ErrorCodes,
@@ -48,6 +50,8 @@ export const updateHandlers: GatewayRequestHandlers = {
let result: Awaited<ReturnType<typeof runGatewayUpdate>>; let result: Awaited<ReturnType<typeof runGatewayUpdate>>;
try { try {
const config = loadConfig();
const configChannel = normalizeUpdateChannel(config.update?.channel);
const root = const root =
(await resolveOpenClawPackageRoot({ (await resolveOpenClawPackageRoot({
moduleUrl: import.meta.url, moduleUrl: import.meta.url,
@@ -58,6 +62,7 @@ export const updateHandlers: GatewayRequestHandlers = {
timeoutMs, timeoutMs,
cwd: root, cwd: root,
argv1: process.argv[1], argv1: process.argv[1],
channel: configChannel ?? undefined,
}); });
} catch (err) { } catch (err) {
result = { result = {

33
src/gateway/server.roles-allowlist-update.e2e.test.ts
View File

@@ -16,6 +16,8 @@ vi.mock("../infra/update-runner.js", () => ({
})), })),
})); }));
import { writeConfigFile } from "../config/config.js";
import { runGatewayUpdate } from "../infra/update-runner.js";
import { sleep } from "../utils.js"; import { sleep } from "../utils.js";
import { import {
connectOk, connectOk,
@@ -193,6 +195,37 @@ describe("gateway update.run", () => {
process.off("SIGUSR1", sigusr1); process.off("SIGUSR1", sigusr1);
} }
}); });
test("uses configured update channel", async () => {
const sigusr1 = vi.fn();
process.on("SIGUSR1", sigusr1);
try {
await writeConfigFile({ update: { channel: "beta" } });
const updateMock = vi.mocked(runGatewayUpdate);
updateMock.mockClear();
const id = "req-update-channel";
ws.send(
JSON.stringify({
type: "req",
id,
method: "update.run",
params: {
restartDelayMs: 0,
},
}),
);
const res = await onceMessage<{ ok: boolean; payload?: unknown }>(
ws,
(o) => o.type === "res" && o.id === id,
);
expect(res.ok).toBe(true);
expect(updateMock.mock.calls[0]?.[0]?.channel).toBe("beta");
} finally {
process.off("SIGUSR1", sigusr1);
}
});
}); });
describe("gateway node command allowlist", () => { describe("gateway node command allowlist", () => {

48
src/infra/update-runner.test.ts
View File

@@ -208,6 +208,54 @@ describe("runGatewayUpdate", () => {
expect(calls.some((call) => call === "npm i -g openclaw@latest")).toBe(true); expect(calls.some((call) => call === "npm i -g openclaw@latest")).toBe(true);
}); });
it("uses update channel for global npm installs when tag is omitted", async () => {
const nodeModules = path.join(tempDir, "node_modules");
const pkgRoot = path.join(nodeModules, "openclaw");
await fs.mkdir(pkgRoot, { recursive: true });
await fs.writeFile(
path.join(pkgRoot, "package.json"),
JSON.stringify({ name: "openclaw", version: "1.0.0" }),
"utf-8",
);
const calls: string[] = [];
const runCommand = async (argv: string[]) => {
const key = argv.join(" ");
calls.push(key);
if (key === `git -C ${pkgRoot} rev-parse --show-toplevel`) {
return { stdout: "", stderr: "not a git repository", code: 128 };
}
if (key === "npm root -g") {
return { stdout: nodeModules, stderr: "", code: 0 };
}
if (key === "npm i -g openclaw@beta") {
await fs.writeFile(
path.join(pkgRoot, "package.json"),
JSON.stringify({ name: "openclaw", version: "2.0.0" }),
"utf-8",
);
return { stdout: "ok", stderr: "", code: 0 };
}
if (key === "pnpm root -g") {
return { stdout: "", stderr: "", code: 1 };
}
return { stdout: "", stderr: "", code: 0 };
};
const result = await runGatewayUpdate({
cwd: pkgRoot,
runCommand: async (argv, _options) => runCommand(argv),
timeoutMs: 5000,
channel: "beta",
});
expect(result.status).toBe("ok");
expect(result.mode).toBe("npm");
expect(result.before?.version).toBe("1.0.0");
expect(result.after?.version).toBe("2.0.0");
expect(calls.some((call) => call === "npm i -g openclaw@beta")).toBe(true);
});
it("cleans stale npm rename dirs before global update", async () => { it("cleans stale npm rename dirs before global update", async () => {
const nodeModules = path.join(tempDir, "node_modules"); const nodeModules = path.join(tempDir, "node_modules");
const pkgRoot = path.join(nodeModules, "openclaw"); const pkgRoot = path.join(nodeModules, "openclaw");

13
src/infra/update-runner.ts
View File

@@ -3,7 +3,14 @@ import os from "node:os";
import path from "node:path"; import path from "node:path";
import { type CommandOptions, runCommandWithTimeout } from "../process/exec.js"; import { type CommandOptions, runCommandWithTimeout } from "../process/exec.js";
import { trimLogTail } from "./restart-sentinel.js"; import { trimLogTail } from "./restart-sentinel.js";
import { DEV_BRANCH, isBetaTag, isStableTag, type UpdateChannel } from "./update-channels.js"; import {
channelToNpmTag,
DEFAULT_PACKAGE_CHANNEL,
DEV_BRANCH,
isBetaTag,
isStableTag,
type UpdateChannel,
} from "./update-channels.js";
import { compareSemverStrings } from "./update-check.js"; import { compareSemverStrings } from "./update-check.js";
import { import {
cleanupGlobalRenameDirs, cleanupGlobalRenameDirs,
@@ -800,7 +807,9 @@ export async function runGatewayUpdate(opts: UpdateRunnerOptions = {}): Promise<
globalRoot: path.dirname(pkgRoot), globalRoot: path.dirname(pkgRoot),
packageName, packageName,
}); });
const spec = `${packageName}@${normalizeTag(opts.tag)}`; const channel = opts.channel ?? DEFAULT_PACKAGE_CHANNEL;
const tag = normalizeTag(opts.tag ?? channelToNpmTag(channel));
const spec = `${packageName}@${tag}`;
const updateStep = await runStep({ const updateStep = await runStep({
runCommand, runCommand,
name: "global update", name: "global update",