OpenClaw Core Auto-Updater: Keeping AI Assistants Current

Peter Steinberger adds a core auto-updater with dry-run preview to OpenClaw — addressing the operational challenge of keeping always-on AI assistants running the latest code without breaking active sessions.

About the Contributor

Peter Steinberger is the founder of PSPDFKit (acquired by Nutrient) and a prolific open-source contributor. His recent work on OpenClaw has focused on security hardening and operational reliability — the invisible infrastructure that makes AI assistants production-ready.

Why This Matters

AI assistants that run as persistent daemons face a unique operational challenge: they're always on, often in the middle of conversations, and can't simply be stopped and restarted like typical software. Yet they need to stay current — security patches, bug fixes, and new features arrive constantly.

The f442a35 commit introduces a core auto-updater that addresses this with two key features:

Dry-run preview: See what would be updated before committing
Graceful restart: Updates apply without disrupting active sessions

Technical Implementation

The auto-updater integrates with OpenClaw's gateway restart mechanism, which already handles graceful restarts via SIGUSR1 signals. The update flow:

1. Check for available updates (npm/git)
2. Show dry-run preview of changes
3. User confirms or auto-applies based on config
4. Download and stage updates
5. Trigger graceful restart
6. New version picks up where old left off

This is particularly elegant because it builds on existing infrastructure. The gateway already knows how to restart without dropping connections — the auto-updater just needs to orchestrate when and what.

Configuration

Based on the implementation, updates can be triggered via:

Manual command: update.run action in gateway tool
Dry-run: Preview changes without applying
Automatic: Configurable schedules (not yet enabled by default)

💡 Implications

Security patches can be applied faster without manual intervention
Reduces operational burden for self-hosted deployments
Dry-run preview builds confidence before committing to changes
Sets foundation for zero-downtime updates across entire fleet

What's Next

This commit is part of a broader operational maturity push. Related commits from the same day include network consolidation (333fbb8, f14ebd7) and security hardening for local-host and tailnet CIDR checks. Together, they signal OpenClaw is moving from "developer tool" to "production infrastructure."

Expect future iterations to add:

Automatic security-only updates
Rollback on update failure
Fleet-wide coordinated updates for multi-node deployments

View Commit → Back to Repo Pulse →