fix: harden macOS gateway updates

docs/cli/daemon.md

@@ -50,6 +50,7 @@ Notes:
 - When token auth requires a token and `gateway.auth.token` is SecretRef-managed, `install` validates that the SecretRef is resolvable but does not persist the resolved token into service environment metadata.
 - If token auth requires a token and the configured token SecretRef is unresolved, install fails closed.
 - If both `gateway.auth.token` and `gateway.auth.password` are configured and `gateway.auth.mode` is unset, install is blocked until mode is set explicitly.
+- On macOS, `install` keeps LaunchAgent plists owner-only and loads managed service environment values through an owner-only file and wrapper instead of serializing API keys or auth-profile env refs into `EnvironmentVariables`.
 - If you intentionally run multiple gateways on one host, isolate ports, config/state, and workspaces; see [/gateway#multiple-gateways-same-host](/gateway#multiple-gateways-same-host).
 
 ## Prefer

docs/cli/update.md

@@ -96,6 +96,14 @@ keeps packaged sidecars and channel-owned plugin records aligned with the
 installed OpenClaw build while leaving full plugin-command completion rebuilds to
 explicit `openclaw completion --write-state` runs.
 
+When a local managed Gateway service is installed and restart is enabled,
+package-manager updates stop the running service before replacing the package
+tree, then refresh the service metadata from the updated install, restart the
+service, and verify the restarted Gateway reports the expected version. With
+`--no-restart`, package replacement still runs but the managed service is not
+stopped or restarted, so the running Gateway may keep old code until you restart
+it manually.
+
 ## Git checkout flow
 
 ### Channel selection