ci: make package acceptance legacy-safe

docs/ci.md

@@ -23,7 +23,9 @@ published npm spec, a trusted `package_ref` built with the selected
 from another GitHub Actions run, uploads it as `package-under-test`, then reuses
 the Docker release/E2E scheduler with that tarball instead of repacking the
 workflow checkout. Profiles cover smoke, package, product, full, and custom
-Docker lane selections. The optional Telegram lane reuses the
+Docker lane selections. The `package` profile uses offline plugin coverage so
+published-package validation is not gated on live ClawHub availability. The
+optional Telegram lane reuses the
 `package-under-test` artifact in the `NPM Telegram Beta E2E` workflow, with the
 published npm spec path kept for standalone dispatches.
 
@@ -77,7 +79,8 @@ Profiles map to Docker coverage:
 
 - `smoke`: `npm-onboard-channel-agent`, `gateway-network`, `config-reload`
 - `package`: `install-e2e`, `npm-onboard-channel-agent`, `doctor-switch`,
-  `update-channel-switch`, `bundled-channel-deps`, `plugins`, `plugin-update`
+  `update-channel-switch`, `bundled-channel-deps`, `plugins-offline`,
+  `plugin-update`
 - `product`: `package` plus `mcp-channels`, `cron-mcp-cleanup`,
   `openai-web-search-minimal`, `openwebui`
 - `full`: full Docker release-path chunks with OpenWebUI

docs/reference/RELEASING.md

@@ -118,7 +118,7 @@ the maintainer-only release runbook.
   Example: `gh workflow run package-acceptance.yml --ref main -f workflow_ref=main -f source=npm -f package_spec=openclaw@beta -f suite_profile=product -f telegram_mode=mock-openai`
   Common profiles:
   - `smoke`: install/channel/agent, gateway network, and config reload lanes
-  - `package`: package/update/plugin lanes without OpenWebUI
+  - `package`: package/update/plugin lanes without OpenWebUI or live ClawHub
   - `product`: package profile plus MCP channels, cron/subagent cleanup,
     OpenAI web search, and OpenWebUI
   - `full`: Docker release-path chunks with OpenWebUI
@@ -371,11 +371,12 @@ Supported candidate sources:
 `OpenClaw Release Checks` runs Package Acceptance with `source=ref`,
 `package_ref=<release-ref>`, `suite_profile=package`, and
 `telegram_mode=mock-openai`. That profile covers install, update, plugin
-package contracts, and Telegram package QA against the same resolved tarball,
-and is the GitHub-native replacement for most of the package/update coverage
-that previously required Parallels. Cross-OS release checks still matter for
-OS-specific onboarding, installer, and platform behavior, but package/update
-product validation should prefer Package Acceptance.
+package contracts through offline plugin fixtures, and Telegram package QA
+against the same resolved tarball. It is the GitHub-native replacement for most
+of the package/update coverage that previously required Parallels. Cross-OS
+release checks still matter for OS-specific onboarding, installer, and platform
+behavior, but package/update product validation should prefer Package
+Acceptance.
 
 Use broader Package Acceptance profiles when the release question is about an
 actual installable package:
@@ -393,7 +394,7 @@ Common package profiles:
 
 - `smoke`: quick package install/channel/agent, gateway network, and config
   reload lanes
-- `package`: install/update/plugin package contracts; this is the release-check
+- `package`: install/update/plugin package contracts without live ClawHub; this is the release-check
   default
 - `product`: `package` plus MCP channels, cron/subagent cleanup, OpenAI web
   search, and OpenWebUI