#17237: fix(update): guard post-install imports after npm global update

## Summary - Fixes a regression where `openclaw update` on npm-global installs could fail after update with `ERR_MODULE_NOT_FOUND`. - Root cause: updater code could lazily import hashed dist chunks (`daemon-cli-*`, `doctor-*`) **after** npm replaced `dist/` files. - Change: keep those imports eager in `update-command.ts` and add a focused regression test to lock behavior. - Scope boundary: no update algorithm changes, no package-manager behavior changes, no service lifecycle changes. ## Linked Issue - Closes #17225 ## User-visible Impact - No new flags/defaults. - Prevents false-looking failed updates caused by stale chunk imports post-upgrade. ## Verification ### Repro (before) 1. Install affected version: `npm i -g openclaw@2026.2.2-3` 2. Run: `openclaw update --yes` 3. Observe possible failure like: - `ERR_MODULE_NOT_FOUND` for `daemon-cli-<oldhash>.js` imported by `update-cli-<oldhash>.js` ### Validation (after) - Ran focused tests: - `pnpm -s vitest run src/cli/update-cli.test.ts src/cli/update-cli/update-command.postinstall-import.test.ts` - Confirmed updater output no longer relies on lazy post-update imports for daemon/doctor chunks. ## Security / Compatibility - Security impact: none - Backward compatible: yes - Migration/config changes: none ## Risks & Mitigation - Risk: regression test could become too tied to implementation details. - Mitigation: test asserts behavioral ordering under simulated dist replacement, not hash snapshots. ## Rollback - Revert this PR commits affecting: - `src/cli/update-cli/update-command.ts` - `src/cli/update-cli/update-command.postinstall-import.test.ts` --- AI-assisted: yes (Codex), human-reviewed and validated. <!-- greptile_comment --> <h3>Greptile Summary</h3> Prevents `ERR_MODULE_NOT_FOUND` errors during `openclaw update` on npm-global installs by ensuring `daemon-cli` and `doctor` modules are eagerly imported before npm replaces hashed dist chunks. The fix moves two imports to the top of `update-command.ts` with clear comments explaining the rationale. Includes a focused regression test that simulates the update process to lock in the behavior. The `media.test.ts` change uses `mkdtemp` for safer temporary directory handling in tests. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The changes are minimal, well-targeted, and directly address the reported issue. The fix converts two lazy imports to eager imports with clear explanatory comments. The regression test is comprehensive and validates the exact scenario that was failing. The media.test.ts change is an unrelated test infrastructure improvement that reduces CI flakiness. - No files require special attention _{Last reviewed commit: 151b61d} <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} <!-- /greptile_comment -->