fix(openclaw): reapply WeChat channel seed after config mutations

[ericksoa]

Summary

• Re-run seed-wechat-accounts.py after OpenClaw doctor/plugin-install has had a chance to rewrite openclaw.json.
• During that late seed, restore plugins.installs.openclaw-weixin and plugins.entries.openclaw-weixin.enabled before writing channels.openclaw-weixin.
• Keep the existing seed-script semantics: no-op unless WeChat has account metadata and is in the active channel set.
• Add behavior coverage for a later OpenClaw config rewrite dropping the WeChat plugin/channel registration.

Diagnosis

The v0.0.46 candidate nightly failed only in channels-stop-start-e2e on OpenClaw WeChat. The failing run had NEMOCLAW_WECHAT_CONFIG_B64 in the Docker build args and provider/registry state contained WeChat, but final /sandbox/.openclaw/openclaw.json listed only defaults, discord, slack, telegram, and whatsapp. That meant WeChat selection and credential registration worked, but the OpenClaw channel registration was lost before the final image/config hash.

A first late-seed attempt fixed that channels assertion, but messaging-providers-e2e then exposed the remaining mismatch: the gateway rejected channels.openclaw-weixin as an unknown channel id. The refined fix restores the plugin install/entry metadata before adding the channel block, so the gateway knows the upstream WeChat channel id when validating config.

Nightly evidence: https://github.com/NVIDIA/NemoClaw/actions/runs/26129059025/job/76849779069
Advisor evidence from the first PR attempt: https://github.com/NVIDIA/NemoClaw/actions/runs/26131873648

Verification

• npx vitest run test/seed-wechat-accounts.test.ts test/generate-openclaw-config.test.ts --testTimeout 60000
• npx vitest run test/sandbox-provisioning.test.ts --testTimeout 60000
• npm run build:cli
• git diff --check

Note: local commit/push hooks were interrupted because their broad CLI coverage gate launched unrelated sandbox-style tests; the focused release-fix verification above passed.

Summary by CodeRabbit

• Tests

  • Added/updated tests to verify WeChat account seeding restores the integration, registry entries, and channel/account settings after config rewrites.

• Bug Fixes

  • Restores and re-enables the WeChat integration and its channel/account settings when configuration rewrites remove them.

• Chores

  • Ensures account seeding runs during image builds and prunes staged dependency metadata to keep builds consistent.

• Documentation

  • Clarified seeding behavior and why the WeChat registry entry is restored.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8e82664f-e4ba-4215-a6ad-4990955f9126

📥 Commits

Reviewing files that changed from the base of the PR and between 2fae26a and c0c4662.

📒 Files selected for processing (3)

• scripts/seed-wechat-accounts.py
• test/generate-openclaw-config.test.ts
• test/seed-wechat-accounts.test.ts

✅ Files skipped from review due to trivial changes (1)

• test/generate-openclaw-config.test.ts

---

📝 Walkthrough

Walkthrough

Seed script now ensures openclaw-weixin is registered/enabled; Dockerfile runs seeding after plugin install in the same layer; tests updated for the new install-entry shape and add a case restoring plugin/channel when missing.

Changes

OpenClaw WeChat Channel Seeding Build Order

Layer / File(s)	Summary
Seed script: plugin registration & config patching scripts/seed-wechat-accounts.py	Adds WECHAT_PLUGIN_ID/WECHAT_PLUGIN_SPEC and extends _patch_openclaw_config to create/repair plugins, plugins.installs, and plugins.entries, register the openclaw-weixin install entry when missing/mismatched, initialize the plugin entry, and set enabled=true before writing channel/account fields.
Dockerfile plugin-install and WeChat seed ordering Dockerfile	Updates the plugin-install RUN step to invoke seed-wechat-accounts.py in the same layer after openclaw plugins install/inspect so seeding applies to the modified openclaw.json state while keeping dependency cleanup.
Tests: fixtures and re-seeding behavior test/seed-wechat-accounts.test.ts, test/generate-openclaw-config.test.ts	Adds a Vitest that starts from an openclaw.json missing openclaw-weixin and asserts the seed re-adds the plugin install entry and enabled plugin entry, creates the channels.openclaw-weixin block, and sets accounts.primary.enabled to true. Updates fixtures to use source: "npm" + spec shape and remove resolved.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• NVIDIA/NemoClaw#3682: Also addresses cases where openclaw-weixin can be dropped during config generation; that PR preserves plugin installs during config generation while this PR re-registers/enables the plugin and re-runs seeding.

Suggested labels

fix, Integration: OpenClaw, Integration: WeChat

Suggested reviewers

• cjagwani

Poem

🐰 I hop through Docker layers, light and quick,
I stitch lost plugin entries back with a flick.
When configs forget where WeChat should be,
I plant the seed — channels wake, accounts agree.
A tiny rabbit coder, fixing state with glee.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: reapplying WeChat channel seeding after OpenClaw config mutations, which is the core issue being fixed.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/wechat-openclaw-channel-seed-after-doctor

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: channels-stop-start-e2e, messaging-providers-e2e
Optional E2E: rebuild-openclaw-e2e, cloud-onboard-e2e

Dispatch hint: channels-stop-start-e2e,messaging-providers-e2e

Auto-dispatched E2E: channels-stop-start-e2e, messaging-providers-e2e via nightly-e2e.yaml at c0c4662ce19b0ebb255bcccfe5e485606864f4f2 — nightly run

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/main
Head: HEAD
Confidence: high

Required E2E

• channels-stop-start-e2e (high (~120 min timeout)): Most directly exercises OpenClaw and Hermes channel stop/start/remove plus rebuild across telegram, discord, wechat, slack, and whatsapp. It uses fake WeChat account metadata and verifies OpenClaw maps NemoClaw's wechat channel to channels.openclaw-weixin after rebuilds, which is the runtime path changed by this PR.
• messaging-providers-e2e (medium-high (~75 min timeout)): Validates the messaging credential provider/placeholder chain and includes WeChat-specific checks for provider creation, per-account openclaw-weixin state files, accounts.json index, and no real-token leakage inside the sandbox.

Optional E2E

• rebuild-openclaw-e2e (medium (~60 min timeout)): Useful adjacent confidence for OpenClaw rebuild/upgrade behavior because this PR changes image-build-time openclaw.json mutation after plugin installation, but it is less targeted than the messaging/channel lifecycle jobs.
• cloud-onboard-e2e (medium (~45 min timeout)): Optional broad smoke for install/onboard/image build and sandbox readiness with OpenClaw. It does not specifically validate WeChat seeding, so it should not replace the required messaging tests.

New E2E recommendations

• WeChat OpenClaw plugin registry restoration (high): Existing E2E coverage validates WeChat account/channel state, but the new behavior specifically restores plugins.installs.openclaw-weixin and plugins.entries.openclaw-weixin.enabled after later OpenClaw config rewrites. Add a hard E2E assertion after install/rebuild that openclaw.json contains the expected plugin install spec and enabled entry, not only channels.openclaw-weixin.
  • Suggested test: Extend test/e2e/test-messaging-providers.sh or test/e2e/test-channels-stop-start.sh with a WeChat plugin registry assertion for plugins.installs.openclaw-weixin.source/spec and plugins.entries.openclaw-weixin.enabled after the post-plugin-install seed and after rebuild.
• WeChat enabled-channel non-skip regression (medium): test-messaging-providers.sh currently treats a missing WeChat channel block as a skip in some paths. For the non-interactive fake WeChat QR-skip path covered by this PR, missing channels.openclaw-weixin.accounts..enabled should be a failure to catch seed-wechat-accounts.py being skipped or overwritten.
  • Suggested test: Add a dedicated non-interactive WeChat provider E2E assertion that fails when channels.openclaw-weixin is absent for an enabled WeChat build with WECHAT_ACCOUNT_ID set.

Dispatch hint

• Workflow: nightly-e2e.yaml
• jobs input: channels-stop-start-e2e,messaging-providers-e2e

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26131352906
Target ref: fix/wechat-openclaw-channel-seed-after-doctor
Workflow ref: main
Requested jobs: channels-stop-start-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job	Result
channels-stop-start-e2e	⚠️ cancelled

[coderabbitai]

🧹 Nitpick comments (1)

test/seed-wechat-accounts.test.ts (1)

262-262: ⚡ Quick win

Make the channel-membership assertion order-insensitive.

This assertion is a bit brittle: channel key order can change without changing behavior. Assert presence instead of exact insertion order.

Suggested change

-    expect(Object.keys(cfg.channels)).toEqual(["telegram", "slack", "openclaw-weixin"]);
+    expect(Object.keys(cfg.channels).sort()).toEqual(
+      ["telegram", "slack", "openclaw-weixin"].sort(),
+    );

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/seed-wechat-accounts.test.ts` at line 262, The test currently asserts
exact key order with expect(Object.keys(cfg.channels)).toEqual([...]); change it
to an order-insensitive presence check: assert that Object.keys(cfg.channels)
contains the three channel names and that the length matches, e.g. replace the
equality assertion on cfg.channels keys with
expect(Object.keys(cfg.channels)).toEqual(expect.arrayContaining(["telegram","slack","openclaw-weixin"]))
plus a length assertion like expect(Object.keys(cfg.channels)).toHaveLength(3)
so the test no longer depends on key order.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@test/seed-wechat-accounts.test.ts`:
- Line 262: The test currently asserts exact key order with
expect(Object.keys(cfg.channels)).toEqual([...]); change it to an
order-insensitive presence check: assert that Object.keys(cfg.channels) contains
the three channel names and that the length matches, e.g. replace the equality
assertion on cfg.channels keys with
expect(Object.keys(cfg.channels)).toEqual(expect.arrayContaining(["telegram","slack","openclaw-weixin"]))
plus a length assertion like expect(Object.keys(cfg.channels)).toHaveLength(3)
so the test no longer depends on key order.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 2650b0c1-fe2c-48f8-a6e5-235456b838a6

📥 Commits

Reviewing files that changed from the base of the PR and between 4d6c079 and 6cc131d.

📒 Files selected for processing (1)

• test/seed-wechat-accounts.test.ts

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26131398241
Target ref: 4d6c079d4e52a0b9ae0a7f9d588fa52e04f1a493
Workflow ref: main
Requested jobs: messaging-providers-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job	Result
messaging-providers-e2e	⚠️ cancelled

[cjagwani]

Merge gate verdict: ready.

• CI: 27 checks green
• Conflicts: clean (mergeable: MERGEABLE; BLOCKED here just means awaiting approval, not DIRTY)
• CodeRabbit: no unresolved major/critical findings
• Risky-code-tested: new test in test/seed-wechat-accounts.test.ts reproduces the failing channels-stop-start-e2e scenario faithfully

Fix restores the seed invocation dropped by #3682, matching the intent already documented in scripts/generate-openclaw-config.py:539 ("The block is written AFTER 'openclaw plugins install' runs, by scripts/seed-wechat-accounts.py").

Non-blocking nit: the PR body promises a "Dockerfile ordering regression guard," but the diff only adds a script-level test. Either drop that line from the body or add a short string-assertion in test/sandbox-provisioning.test.ts that the new seed RUN token appears after openclaw plugins install /opt/nemoclaw and before the gateway-token sanitization block.

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26131873648
Target ref: 6cc131d7b62892032089f02c2ff8ea1c9c3cface
Workflow ref: main
Requested jobs: channels-stop-start-e2e,messaging-providers-e2e
Summary: 1 passed, 1 failed, 0 skipped

Job	Result
channels-stop-start-e2e	✅ success
messaging-providers-e2e	❌ failure

Failed jobs: messaging-providers-e2e. Check run artifacts for logs.

[coderabbitai]

🧹 Nitpick comments (1)

Dockerfile (1)

415-418: Run the Dockerfile E2E matrix for this layer-order change.

Since Line 415–Line 418 changes plugin install/enable/inspect and late seeding in one build layer, please run cloud-e2e, sandbox-survival-e2e, hermes-e2e, and rebuild-openclaw-e2e on this branch before merge.

As per coding guidelines, "Dockerfile ... Layer ordering, permissions, and baked config changes are only testable with a real container build" and the listed "E2E test recommendation" jobs should be run.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 415 - 418, The Dockerfile change bundles openclaw
plugin install/enable/inspect and the python seeding step into one build layer
(the RUN block invoking "openclaw plugins install /opt/nemoclaw", "openclaw
plugins enable nemoclaw", "openclaw plugins inspect nemoclaw --json", and
"python3 /usr/local/lib/nemoclaw/seed-wechat-accounts.py"), so before merging
run the full container-based E2E matrix to validate layer
ordering/permissions/config: execute cloud-e2e, sandbox-survival-e2e,
hermes-e2e, and rebuild-openclaw-e2e against this branch and confirm no failures
related to the plugin installation, inspection, or seeding steps.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Dockerfile`:
- Around line 415-418: The Dockerfile change bundles openclaw plugin
install/enable/inspect and the python seeding step into one build layer (the RUN
block invoking "openclaw plugins install /opt/nemoclaw", "openclaw plugins
enable nemoclaw", "openclaw plugins inspect nemoclaw --json", and "python3
/usr/local/lib/nemoclaw/seed-wechat-accounts.py"), so before merging run the
full container-based E2E matrix to validate layer ordering/permissions/config:
execute cloud-e2e, sandbox-survival-e2e, hermes-e2e, and rebuild-openclaw-e2e
against this branch and confirm no failures related to the plugin installation,
inspection, or seeding steps.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9a1ed534-b2c5-4202-8621-48f7baa6885d

📥 Commits

Reviewing files that changed from the base of the PR and between 6a4ae0b and 2fae26a.

📒 Files selected for processing (1)

• Dockerfile

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26133709555
Target ref: 6a4ae0bca78ec4e9023ee217dbfdaf46b10b5971
Workflow ref: main
Requested jobs: messaging-providers-e2e,channels-stop-start-e2e
Summary: 0 passed, 1 failed, 0 skipped

Job	Result
channels-stop-start-e2e	⚠️ cancelled
messaging-providers-e2e	❌ failure

Failed jobs: messaging-providers-e2e. Check run artifacts for logs.

[github-actions]

Selective E2E Results — ✅ All requested jobs passed

Run: 26134561802
Target ref: 2fae26afb02617d358ddc7c1da094b26d855d8c2
Workflow ref: main
Requested jobs: channels-stop-start-e2e,messaging-providers-e2e
Summary: 0 passed, 0 failed, 0 skipped

Job	Result
channels-stop-start-e2e	⚠️ cancelled
messaging-providers-e2e	⚠️ cancelled

[github-actions]

Selective E2E Results — ❌ Some jobs failed

Run: 26134651312
Target ref: c0c4662ce19b0ebb255bcccfe5e485606864f4f2
Workflow ref: main
Requested jobs: channels-stop-start-e2e,messaging-providers-e2e
Summary: 0 passed, 2 failed, 0 skipped

Job	Result
channels-stop-start-e2e	❌ failure
messaging-providers-e2e	❌ failure

Failed jobs: channels-stop-start-e2e, messaging-providers-e2e. Check run artifacts for logs.