openclaw: bump checkForUpdate timeout 5s/3s → 10s (#105 + #109)

[kaghni]

Fixes #105 and #109.

Why

Two AbortSignal.timeout budgets in openclaw/src/index.ts are aggressive enough to abort the npm-registry fetch on cold gateway init:

• Line 192 — checkForUpdate at startup (5s)
• Line 694 — /hivemind_version slash command (3s)

Steady-state response time from registry.npmjs.org/@deeplake/hivemind/latest is ~170ms. The aborts happen during cold start when this fetch runs concurrently with plugin discovery, Bonjour watchdogs, and TLS warm-up. Both issues track this same root cause.

Observed live on the user's gateway 2026-05-12T20:49:48 right after a systemctl --user restart openclaw-gateway:

[plugins] Auto-update check failed: The operation was aborted due to timeout

The expected ⬆️ Hivemind update available: <current> → <latest>. Run: hivemind update notice never renders for that gateway run, so users miss the upgrade prompt until the next restart hits a warm cache.

What changed

Bumped both timeouts to 10s (~60x headroom over observed steady-state latency).

• The startup site is fire-and-forget (checkForUpdate(logger).catch(() => {}) at the bottom of register()), so a longer budget does not add session-start latency. Per the team's "no session-start latency" rule, the network call is intentionally unawaited; the only effect of a longer timeout is "the abort message no longer races a slow-but-eventually-succeeding fetch."
• The /hivemind_version site is a user-invoked command — 10s is well below user-patience threshold and matches the worst cold-start latency we want to cover.

Tests

• npm run typecheck — clean
• npm test — 2380/2380 passing
• Source-only change; CI regenerates openclaw/dist/.

Test plan

• After this lands and a release publishes, on a cold openclaw gateway: journalctl --user -u openclaw-gateway -e | grep 'Auto-update check' should show no "operation was aborted due to timeout" lines.
• Run /hivemind_version from inside the agent. Should return the Update available / up to date message, not "Could not check for updates."

Summary by CodeRabbit

• Bug Fixes
  • Improved reliability of version checks and auto-update detection to better handle varying network conditions.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 8b7d240b-ca30-4027-bd2c-3b136f64fe21

📥 Commits

Reviewing files that changed from the base of the PR and between bdffdf0 and 0006045.

📒 Files selected for processing (1)

• openclaw/src/index.ts

---

📝 Walkthrough

Walkthrough

Network timeout values for npm registry version probes in OpenClaw are increased from 5 seconds and 3 seconds to a uniform 10 seconds in the background auto-update check and the /hivemind_version command handler, with updated inline comments explaining the change.

Changes

Registry Fetch Timeout Relaxation

Layer / File(s)	Summary
Increase npm registry fetch timeouts to 10 seconds openclaw/src/index.ts	checkForUpdate and hivemind_version command handler both increase fetch(VERSION_URL) abort timeouts from 5s/3s to 10s with updated comments documenting cold-start latency accommodation.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related issues

• openclaw: AbortSignal.timeout(5000) too aggressive on cold gateway init #105: Directly addresses the cold-gateway timeout issue reported, proposing the 10-second bump to checkForUpdate and relaxing the aggressive 5-second abort on initial plugin registration.

Poem

🐰 A rabbit hops through timeout trails,
where cold starts taxed the fetch details—
five seconds shrink on icy morn,
ten seconds glow, new hope is born!
Version checks now breathe with ease,
registry queries no longer freeze. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically identifies the change: bumping checkForUpdate timeout values from 5s/3s to 10s, with issue references.
Description check	✅ Passed	The description provides comprehensive context including the root cause, observed symptoms, rationale for the 10s timeout, and testing plan, but lacks a version bump field.
Linked Issues check	✅ Passed	The pull request directly addresses the timeout issue from #105 by increasing AbortSignal.timeout from 5s to 10s as suggested, meeting the primary objective.
Out of Scope Changes check	✅ Passed	All changes are focused on the specific timeout increases documented in #105; no unrelated modifications detected beyond the intended scope.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/openclaw-tier2-timeouts

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Coverage Report

No src/*.ts files changed in this PR.

_{Generated for commit 1e343a4.}

[kaghni]

Thanks @coderabbitai — no actionable findings on this one, and CI is fully green. Tiny PR (12-line diff to bump two AbortSignal timeouts from 5s/3s to 10s). Ready for human review.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@kaghni: Confirmed — the change is straightforward and well-motivated. The rationale (cold-start TLS/DNS contention inflating latency beyond the old 5s/3s budgets while steady-state sits at ~170ms) clearly supports bumping both timeouts to 10s, and since the startup call is fire-and-forget there's no added session latency. Green CI and the issue links to #105 and #109 round it out nicely. Good to go for human sign-off! 🐇 ✨