Bug

When running the gateway with OPENCLAW_NIX_MODE=1 (set by the home-manager module), the applyPluginAutoEnable code path on gateway startup writes to openclaw.json unconditionally — replacing the read-only nix store symlink with a regular file.

Expected behavior

In Nix mode, the config file is managed declaratively and should not be written to at runtime. The legacy config migration already has an isNixMode guard:

// gateway-cli — initializeGateway
if (configSnapshot.legacyIssues.length > 0) {
    if (isNixMode) throw new Error("Legacy config entries detected...");
    // ...
}

But the plugin auto-enable path does not:

const autoEnable = applyPluginAutoEnable({
    config: configSnapshot.config,
    env: process.env
});
if (autoEnable.changes.length > 0) try {
    await writeConfigFile(autoEnable.config);  // writes even in Nix mode

Impact

On every gateway startup, the symlink ~/.openclaw/openclaw.json → /nix/store/... gets replaced with a regular file. This causes home-manager switch to fail on subsequent runs with:

Existing file '/home/andy/.openclaw/openclaw.json' would be clobbered

Workaround: setting home.file.".openclaw/openclaw.json".force = true in the home-manager config.

Suggested fix

Guard the writeConfigFile call in the auto-enable path with an isNixMode check, consistent with the legacy migration path. In Nix mode, plugins should be declared in the Nix config rather than auto-enabled at runtime.

Environment

• openclaw-gateway 2026.1.8-2
• NixOS, home-manager standalone mode
• nix-openclaw home-manager module