fix: move config pre-flight before onNotLoaded in runServiceRestart (Codex P2)

The config check was positioned after onNotLoaded, which could send
SIGUSR1 to an unmanaged process before config was validated.

src/cli/daemon-cli/lifecycle-core.ts

@@ -333,6 +333,19 @@ export async function runServiceRestart(params: {
   if (loaded === null) {
     return false;
   }
+
+  // Pre-flight config validation: check before any restart action (including
+  // onNotLoaded which may send SIGUSR1 to an unmanaged process). (#35862)
+  {
+    const configError = await getConfigValidationError();
+    if (configError) {
+      fail(
+        `${params.serviceNoun} aborted: config is invalid.\n${configError}\nFix the config and retry, or run "openclaw doctor" to repair.`,
+      );
+      return false;
+    }
+  }
+
   if (!loaded) {
     try {
       handledNotLoaded = (await params.onNotLoaded?.({ json, stdout, fail })) ?? null;
@@ -388,17 +401,6 @@ export async function runServiceRestart(params: {
     }
   }
 
-  // Pre-flight config validation (#35862)
-  {
-    const configError = await getConfigValidationError();
-    if (configError) {
-      fail(
-        `${params.serviceNoun} aborted: config is invalid.\n${configError}\nFix the config and retry, or run "openclaw doctor" to repair.`,
-      );
-      return false;
-    }
-  }
-
   try {
     if (loaded) {
       await params.service.restart({ env: process.env, stdout });