openclaw/clownfish
openclaw/clownfish
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: openclaw:main
Branches Tags
openclaw:main
openclaw:fix/clownfish-run-guardrails
openclaw:ops/github-app-token
..
compare: openclaw:ops/github-app-token
Branches Tags
openclaw:main
openclaw:fix/clownfish-run-guardrails
openclaw:ops/github-app-token

5 Commits
main ... ops/github

Author SHA1 Message Date
Vincent Koc
d41346b090
chore(queue): park failed clownfish drip jobs 2026-04-28 20:04:55 -07:00
Vincent Koc
f235dafeb1
chore(queue): park failed clownfish wave jobs 2026-04-28 17:53:31 -07:00
Vincent Koc
cf213a8d7d
chore(queue): park timed out clownfish job 2026-04-28 17:10:59 -07:00
Vincent Koc
c9abff105d
fix(auth): narrow clownfish app token permissions 2026-04-28 13:05:44 -07:00
Vincent Koc
e94a689db5
chore(auth): use clownfish app tokens 2026-04-28 13:02:17 -07:00
1248 changed files with 4549 additions and 106568 deletions
Show Stats Expand all files Collapse all files

177
.agents/skills/clownfish-cloud-pr/SKILL.md
View File

@ -1,177 +0,0 @@
---
name: clownfish-cloud-pr
description: Use when launching Clownfish in GitHub Actions to create or update one guarded GitHub implementation PR from issue/PR refs, a ClawSweeper report, a custom maintainer prompt, or opt any PR into ClawSweeper-reviewed Clownfish automerge.
---
# Clownfish Cloud PR
Use this skill when the user wants Codex to ask Clownfish to create a PR in the
cloud from issue/PR refs plus a custom prompt.
## Start
```bash
cd ~/Projects/clownfish
git status --short --branch
gh variable list --repo openclaw/clownfish --json name,value \
--jq 'map(select(.name|test("^CLOWNFISH_"))) | sort_by(.name) | .[] | {name,value}'
```
Keep merge gated unless Peter explicitly opens it. Execute/fix gates are closed
unless the repo variables are literally `1`; normal fix-PR work needs an
intentional execution window:
```bash
gh variable set CLOWNFISH_ALLOW_EXECUTE --repo openclaw/clownfish --body 1
gh variable set CLOWNFISH_ALLOW_FIX_PR --repo openclaw/clownfish --body 1
gh variable set CLOWNFISH_ALLOW_MERGE --repo openclaw/clownfish --body 0
gh variable set CLOWNFISH_ALLOW_AUTOMERGE --repo openclaw/clownfish --body 0
```
Reset `CLOWNFISH_ALLOW_EXECUTE=0` and `CLOWNFISH_ALLOW_FIX_PR=0` after the
window. If those vars are absent or not `1`, execute/autonomous workflow runs
stay plan-only/no-mutation.
## Create One Job
From refs and a custom prompt:
```bash
npm run create-job -- \
--repo openclaw/openclaw \
--refs 123,456 \
--prompt-file /tmp/clownfish-prompt.md
```
From a ClawSweeper report:
```bash
npm run create-job -- \
--from-report ../clawsweeper/records/openclaw-openclaw/items/123.md
```
The script checks for an existing open PR/body match and remote branch named
`clownfish/<cluster-id>` before writing a duplicate job. Use `--dry-run` to
inspect the exact job body and `--force` only after deciding the duplicate check
is stale.
## Ask For A Replacement PR
The skill can trigger replacement PR writing through the normal `create-job`
and `dispatch` path. Put the maintainer decision in the prompt:
```md
Treat #123 as useful source work. If the source branch cannot be safely updated
because it is uneditable, stale, draft-only, unmergeable, or unsafe, create a
narrow Clownfish replacement PR instead of waiting. Preserve the source PR
author as co-author, credit the source PR in the replacement PR body, and close
only that source PR after the replacement PR is opened.
```
The worker should emit `repair_strategy=replace_uneditable_branch` and list the
source PR URL in `source_prs`. The deterministic executor opens or updates
`clownfish/<cluster-id>`, adds non-bot source PR authors as `Co-authored-by`
trailers, and closes the superseded source PR only after the replacement PR
exists. New replacement PRs are blocked when the touched area already has
`CLOWNFISH_MAX_ACTIVE_PRS_PER_AREA` open Clownfish PRs.
## Validate And Dispatch
```bash
npm run validate:job -- jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-123.md
npm run render -- jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-123.md --mode autonomous >/tmp/clownfish-rendered-prompt.md
git add jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-123.md
git commit -m "chore: add ClawSweeper promoted job"
git push origin main
npm run dispatch -- jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-123.md \
--mode autonomous \
--runner blacksmith-4vcpu-ubuntu-2404 \
--execution-runner blacksmith-16vcpu-ubuntu-2404 \
--model gpt-5.5
```
Do not use `--dispatch` until the job is committed and pushed; the workflow
reads the job path from GitHub.
## Maintainer Comment Commands
Clownfish can also be asked from target repo comments, but only by maintainers.
Use `/clownfish ...` or `@openclaw-clownfish ...`; do not use `@clownfish`
because that is a separate GitHub user.
Supported commands:
```text
/clownfish status
/clownfish fix ci
/clownfish address review
/clownfish rebase
/clownfish automerge
/clownfish explain
/clownfish stop
@openclaw-clownfish fix ci
```
The router accepts `OWNER`, `MEMBER`, and `COLLABORATOR` comments by default.
Contributor comments are ignored without a reply. Repair commands dispatch
`cluster-worker.yml` for existing Clownfish PRs and for PRs explicitly opted
into `clownfish:automerge`.
```bash
npm run comment-router -- --repo openclaw/openclaw --lookback-minutes 180
npm run comment-router -- --repo openclaw/openclaw --execute --wait-for-capacity
```
Scheduled routing stays dry until `CLOWNFISH_COMMENT_ROUTER_EXECUTE=1` is set in
`openclaw/clownfish` repo variables.
## Bounded ClawSweeper-Reviewed Automerge
Use this on any open target-repo PR:
```text
/clownfish automerge
```
The router verifies the commenter is a maintainer, adds
`clownfish:automerge`, creates a durable adopted job under
`jobs/<owner>/inbox/automerge-<owner>-<repo>-<pr>.md` when the PR is not
already backed by a Clownfish job, dispatches ClawSweeper for the current PR
head, and waits for trusted ClawSweeper markers. `needs-changes` /
`fix-required` dispatches the normal repair worker. The worker updates the
source branch when safe, otherwise opens a credited replacement or returns
`needs_human`. `pass`, `approved`, or `no-changes` may merge only when the
marker SHA matches the current PR head, checks are green, GitHub says the PR is
mergeable, no `clownfish:human-review` label is present, and both merge gates
are open:
```bash
gh variable set CLOWNFISH_ALLOW_MERGE --repo openclaw/clownfish --body 1
gh variable set CLOWNFISH_ALLOW_AUTOMERGE --repo openclaw/clownfish --body 1
```
The actual merge command is pinned with GitHub's head-match guard, so a branch
push after ClawSweeper reviewed cannot merge an unreviewed head. If either
merge gate is closed when ClawSweeper passes, Clownfish labels the PR
`clownfish:merge-ready` only after readiness checks have passed; failing checks,
stale heads, conflicts, draft state, or human-review labels must not get that
label. Pause with `/clownfish stop`, which adds `clownfish:human-review`.
The repair loop is capped by `CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_PR`
(default `5`) and `CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_HEAD` (default `1`).
## Guardrails
- One cluster, one branch, one PR: `clownfish/<cluster-id>`.
- For adopted automerge PRs, the worker may repair the source branch only when
GitHub reports it is safe to update; router-owned merge still requires a
fresh ClawSweeper pass for the exact head.
- No security-sensitive work.
- New replacement PRs are capped per touched area by
`CLOWNFISH_MAX_ACTIVE_PRS_PER_AREA`.
- Do not merge from Clownfish unless Peter explicitly asks.
- Do not open `CLOWNFISH_ALLOW_AUTOMERGE` unless Peter explicitly asks for an
automerge window.
- Do not close duplicates before the fix PR path exists, lands, or is proven
unnecessary.
- Codex workers do not get GitHub tokens; deterministic scripts own writes.

162
.github/workflows/cluster-worker.yml vendored
View File

@ -60,8 +60,8 @@ jobs:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }}
CLOWNFISH_ALLOWED_OWNER: ${{ vars.CLOWNFISH_ALLOWED_OWNER || 'openclaw' }}
CLOWNFISH_ALLOW_EXECUTE: ${{ (inputs.mode == 'execute' || inputs.mode == 'autonomous') && vars.CLOWNFISH_ALLOW_EXECUTE == '1' && '1' || '0' }}
CLOWNFISH_ALLOW_FIX_PR: ${{ (inputs.mode == 'execute' || inputs.mode == 'autonomous') && vars.CLOWNFISH_ALLOW_FIX_PR == '1' && '1' || '0' }}
CLOWNFISH_ALLOW_EXECUTE: ${{ (inputs.mode == 'execute' || inputs.mode == 'autonomous') && (vars.CLOWNFISH_ALLOW_EXECUTE || '1') || '0' }}
CLOWNFISH_ALLOW_FIX_PR: ${{ (inputs.mode == 'execute' || inputs.mode == 'autonomous') && (vars.CLOWNFISH_ALLOW_FIX_PR || '1') || '0' }}
CLOWNFISH_ALLOW_MERGE: ${{ (inputs.mode == 'execute' || inputs.mode == 'autonomous') && (vars.CLOWNFISH_ALLOW_MERGE || '0') || '0' }}
CLOWNFISH_HYDRATE_CLUSTER_REFS: ${{ vars.CLOWNFISH_HYDRATE_CLUSTER_REFS || '1' }}
CLOWNFISH_HYDRATE_COMMENTS: ${{ vars.CLOWNFISH_HYDRATE_COMMENTS || '1' }}
@ -73,21 +73,11 @@ jobs:
CLOWNFISH_MODEL: ${{ inputs.model || vars.CLOWNFISH_MODEL || 'gpt-5.5' }}
CODEX_CLI_VERSION: ${{ vars.CLOWNFISH_CODEX_CLI_VERSION || '0.125.0' }}
OPENCLAW_LOCAL_CHECK: "0"
CLOWNFISH_APP_ID: ${{ vars.CLOWNFISH_APP_ID || secrets.CLOWNFISH_APP_ID }}
CLOWNFISH_APP_AUTH_ENABLED: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY != '' && (vars.CLOWNFISH_APP_ID != '' || secrets.CLOWNFISH_APP_ID != '') && '1' || '0' }}
steps:
- uses: actions/checkout@v5
- name: Create GitHub App token
id: app_token
continue-on-error: true
uses: actions/create-github-app-token@v3
with:
app-id: ${{ vars.CLOWNFISH_APP_ID }}
private-key: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY }}
owner: ${{ vars.CLOWNFISH_ALLOWED_OWNER || github.repository_owner }}
permission-contents: read
permission-issues: read
permission-pull-requests: read
- name: Capture execution gates
id: capture_gates
run: |
@ -111,29 +101,30 @@ jobs:
restore-keys: |
${{ runner.os }}-node24-codex-
- name: Select GitHub read token
- name: Create GitHub App read token
id: read_app_token
if: ${{ env.CLOWNFISH_APP_AUTH_ENABLED == '1' }}
uses: actions/create-github-app-token@v3
with:
app-id: ${{ env.CLOWNFISH_APP_ID }}
private-key: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY }}
owner: openclaw
repositories: |
openclaw
clownfish
permission-contents: read
permission-issues: read
permission-pull-requests: read
- name: Verify GitHub read token
env:
CLOWNFISH_APP_GH_TOKEN: ${{ steps.app_token.outputs.token }}
CLOWNFISH_READ_GH_TOKEN: ${{ secrets.CLOWNFISH_READ_GH_TOKEN }}
CLOWNFISH_WRITE_GH_TOKEN: ${{ secrets.CLOWNFISH_GH_TOKEN }}
GITHUB_TOKEN: ${{ github.token }}
GH_TOKEN: ${{ steps.read_app_token.outputs.token || secrets.CLOWNFISH_READ_GH_TOKEN }}
run: |
set -euo pipefail
for candidate in CLOWNFISH_READ_GH_TOKEN CLOWNFISH_WRITE_GH_TOKEN CLOWNFISH_APP_GH_TOKEN GITHUB_TOKEN; do
token="${!candidate:-}"
if [ -z "$token" ]; then
continue
fi
if GH_TOKEN="$token" gh api "repos/${CLOWNFISH_ALLOWED_OWNER}/openclaw" --jq .full_name >/dev/null 2>/tmp/clownfish-gh-token-check.err; then
echo "GH_TOKEN=$token" >> "$GITHUB_ENV"
echo "selected $candidate for GitHub read access"
exit 0
fi
echo "::warning::$candidate failed GitHub read probe"
sed 's/./*/g' /tmp/clownfish-gh-token-check.err | head -n 1 || true
done
echo "no GitHub token could read repos/${CLOWNFISH_ALLOWED_OWNER}/openclaw"
exit 1
if [ -z "${GH_TOKEN:-}" ]; then
echo "CLOWNFISH_APP_ID + CLOWNFISH_APP_PRIVATE_KEY or CLOWNFISH_READ_GH_TOKEN is required"
exit 1
fi
gh auth status
- name: Install Codex CLI
run: |
@ -158,13 +149,10 @@ jobs:
run: npm run validate:job -- "${{ inputs.job }}"
- name: Run worker
env:
GH_TOKEN: ${{ steps.read_app_token.outputs.token || secrets.CLOWNFISH_READ_GH_TOKEN }}
run: |
worker_mode="${{ inputs.mode }}"
if [ "$worker_mode" != "plan" ] && [ "${CLOWNFISH_ALLOW_EXECUTE}" != "1" ]; then
echo "CLOWNFISH_ALLOW_EXECUTE is not explicitly 1; rendering plan-only output for requested $worker_mode run"
worker_mode="plan"
fi
args=("${{ inputs.job }}" --mode "$worker_mode")
args=("${{ inputs.job }}" --mode "${{ inputs.mode }}")
if [ "${{ inputs.dry_run }}" = "true" ]; then
args+=(--dry-run)
fi
@ -204,8 +192,8 @@ jobs:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }}
CLOWNFISH_ALLOWED_OWNER: ${{ vars.CLOWNFISH_ALLOWED_OWNER || 'openclaw' }}
CLOWNFISH_ALLOW_EXECUTE: ${{ needs.cluster.outputs.allow_execute == '1' && '1' || '0' }}
CLOWNFISH_ALLOW_FIX_PR: ${{ needs.cluster.outputs.allow_fix_pr == '1' && '1' || '0' }}
CLOWNFISH_ALLOW_EXECUTE: ${{ needs.cluster.outputs.allow_execute || '1' }}
CLOWNFISH_ALLOW_FIX_PR: ${{ needs.cluster.outputs.allow_fix_pr || '1' }}
CLOWNFISH_ALLOW_MERGE: ${{ needs.cluster.outputs.allow_merge || '0' }}
CLOWNFISH_CODEX_REASONING_EFFORT: ${{ vars.CLOWNFISH_CODEX_REASONING_EFFORT || 'medium' }}
CLOWNFISH_CODEX_REVIEW_ATTEMPTS: ${{ vars.CLOWNFISH_CODEX_REVIEW_ATTEMPTS || '2' }}
@ -218,64 +206,15 @@ jobs:
CLOWNFISH_MODEL: ${{ inputs.model || vars.CLOWNFISH_MODEL || 'gpt-5.5' }}
CLOWNFISH_TARGET_VALIDATION_MODE: ${{ vars.CLOWNFISH_TARGET_VALIDATION_MODE || 'changed-only' }}
CLOWNFISH_POST_FLIGHT_IGNORE_CHECKS: ${{ vars.CLOWNFISH_POST_FLIGHT_IGNORE_CHECKS || 'auto-response,Labeler,Stale' }}
CLOWNFISH_MAX_ACTIVE_PRS_PER_AREA: ${{ vars.CLOWNFISH_MAX_ACTIVE_PRS_PER_AREA || '50' }}
CLOWNFISH_CLOSE_SUPERSEDED_SOURCE_PRS: ${{ vars.CLOWNFISH_CLOSE_SUPERSEDED_SOURCE_PRS || '0' }}
CLOWNFISH_GIT_USER_NAME: ${{ vars.CLOWNFISH_GIT_USER_NAME || 'projectclownfish' }}
CLOWNFISH_GIT_USER_EMAIL: ${{ vars.CLOWNFISH_GIT_USER_EMAIL || 'projectclownfish@users.noreply.github.com' }}
CODEX_CLI_VERSION: ${{ vars.CLOWNFISH_CODEX_CLI_VERSION || '0.125.0' }}
OPENCLAW_LOCAL_CHECK: "0"
CLOWNFISH_APP_ID: ${{ vars.CLOWNFISH_APP_ID || secrets.CLOWNFISH_APP_ID }}
CLOWNFISH_APP_AUTH_ENABLED: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY != '' && (vars.CLOWNFISH_APP_ID != '' || secrets.CLOWNFISH_APP_ID != '') && '1' || '0' }}
steps:
- uses: actions/checkout@v5
- name: Create GitHub App token
id: app_token
continue-on-error: true
uses: actions/create-github-app-token@v3
with:
app-id: ${{ vars.CLOWNFISH_APP_ID }}
private-key: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY }}
owner: ${{ vars.CLOWNFISH_ALLOWED_OWNER || github.repository_owner }}
permission-contents: write
permission-issues: write
permission-pull-requests: write
- name: Create workflow-capable GitHub App token
id: workflow_app_token
continue-on-error: true
uses: actions/create-github-app-token@v3
with:
app-id: ${{ vars.CLOWNFISH_APP_ID }}
private-key: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY }}
owner: ${{ vars.CLOWNFISH_ALLOWED_OWNER || github.repository_owner }}
permission-contents: write
permission-issues: write
permission-pull-requests: write
permission-workflows: write
- name: Select GitHub write token
env:
CLOWNFISH_APP_GH_TOKEN: ${{ steps.app_token.outputs.token }}
CLOWNFISH_WORKFLOW_APP_GH_TOKEN: ${{ steps.workflow_app_token.outputs.token }}
CLOWNFISH_WRITE_GH_TOKEN: ${{ secrets.CLOWNFISH_GH_TOKEN }}
GITHUB_TOKEN: ${{ github.token }}
run: |
set -euo pipefail
for candidate in CLOWNFISH_WRITE_GH_TOKEN CLOWNFISH_WORKFLOW_APP_GH_TOKEN CLOWNFISH_APP_GH_TOKEN GITHUB_TOKEN; do
token="${!candidate:-}"
if [ -z "$token" ]; then
continue
fi
if GH_TOKEN="$token" gh api "repos/${CLOWNFISH_ALLOWED_OWNER}/openclaw" --jq .full_name >/dev/null 2>/tmp/clownfish-gh-token-check.err; then
echo "GH_TOKEN=$token" >> "$GITHUB_ENV"
echo "selected $candidate for GitHub write/apply access"
exit 0
fi
echo "::warning::$candidate failed GitHub write/apply probe"
sed 's/./*/g' /tmp/clownfish-gh-token-check.err | head -n 1 || true
done
echo "no GitHub token could reach repos/${CLOWNFISH_ALLOWED_OWNER}/openclaw"
exit 1
- uses: actions/setup-node@v5
with:
node-version: "24"
@ -293,6 +232,31 @@ jobs:
${{ runner.os }}-node24-codex-${{ env.CODEX_CLI_VERSION }}-target-pnpm-
${{ runner.os }}-node24-codex-
- name: Create GitHub App write token
id: write_app_token
if: ${{ env.CLOWNFISH_APP_AUTH_ENABLED == '1' }}
uses: actions/create-github-app-token@v3
with:
app-id: ${{ env.CLOWNFISH_APP_ID }}
private-key: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY }}
owner: openclaw
repositories: |
openclaw
clownfish
permission-contents: write
permission-issues: write
permission-pull-requests: write
- name: Verify GitHub write token
env:
GH_TOKEN: ${{ steps.write_app_token.outputs.token || secrets.CLOWNFISH_GH_TOKEN }}
run: |
if [ -z "${GH_TOKEN:-}" ]; then
echo "CLOWNFISH_APP_ID + CLOWNFISH_APP_PRIVATE_KEY or CLOWNFISH_GH_TOKEN is required"
exit 1
fi
gh auth status
- name: Install Codex CLI
run: |
set -euo pipefail
@ -324,22 +288,32 @@ jobs:
- name: Execute credited fix artifact
if: ${{ env.CLOWNFISH_ALLOW_EXECUTE == '1' && env.CLOWNFISH_ALLOW_FIX_PR == '1' }}
timeout-minutes: 30
env:
GH_TOKEN: ${{ steps.write_app_token.outputs.token || secrets.CLOWNFISH_GH_TOKEN }}
run: npm run execute-fix -- "${{ inputs.job }}" --latest
- name: Apply safe closure actions
if: ${{ env.CLOWNFISH_ALLOW_EXECUTE == '1' }}
env:
GH_TOKEN: ${{ steps.write_app_token.outputs.token || secrets.CLOWNFISH_GH_TOKEN }}
run: npm run apply-result -- "${{ inputs.job }}" --latest
- name: Post-flight finalize fix PRs
if: ${{ env.CLOWNFISH_ALLOW_EXECUTE == '1' && env.CLOWNFISH_ALLOW_FIX_PR == '1' }}
env:
GH_TOKEN: ${{ steps.write_app_token.outputs.token || secrets.CLOWNFISH_GH_TOKEN }}
run: npm run post-flight -- "${{ inputs.job }}" --latest
- name: Apply post-flight closeouts
if: ${{ env.CLOWNFISH_ALLOW_EXECUTE == '1' }}
env:
GH_TOKEN: ${{ steps.write_app_token.outputs.token || secrets.CLOWNFISH_GH_TOKEN }}
run: npm run apply-result -- "${{ inputs.job }}" --latest
- name: Tag Clownfish targets
if: ${{ always() && env.CLOWNFISH_ALLOW_EXECUTE == '1' }}
env:
GH_TOKEN: ${{ steps.write_app_token.outputs.token || secrets.CLOWNFISH_GH_TOKEN }}
run: npm run tag-clownfish -- .projectclownfish/runs --apply --live --open-branches false --report .projectclownfish/runs/clownfish-label-report.json
- name: Upload final worker artifacts

131
.github/workflows/comment-router.yml vendored
View File

@ -1,131 +0,0 @@
name: comment router
on:
workflow_dispatch:
inputs:
execute:
description: "Post replies and dispatch repair workers"
required: true
default: false
type: boolean
target_repo:
description: "Repository to scan for Clownfish commands"
required: true
default: openclaw/openclaw
type: string
lookback_minutes:
description: "How far back to scan comments"
required: true
default: "180"
type: string
since:
description: "Optional ISO timestamp lower bound for scanned comments"
required: false
default: ""
type: string
max_comments:
description: "Maximum recent comments to inspect"
required: true
default: "100"
type: string
runner:
description: "Runner label for repair planning/review work"
required: true
default: blacksmith-4vcpu-ubuntu-2404
type: string
execution_runner:
description: "Runner label for fix/apply execution work"
required: true
default: blacksmith-16vcpu-ubuntu-2404
type: string
schedule:
- cron: "*/10 * * * *"
permissions:
contents: write
actions: write
issues: write
pull-requests: write
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
jobs:
route-comments:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Create GitHub App token
id: app_token
continue-on-error: true
uses: actions/create-github-app-token@v3
with:
app-id: ${{ vars.CLOWNFISH_APP_ID }}
private-key: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY }}
owner: ${{ vars.CLOWNFISH_ALLOWED_OWNER || github.repository_owner }}
permission-actions: write
permission-contents: write
permission-issues: write
permission-pull-requests: write
- uses: actions/setup-node@v5
with:
node-version: "24"
- name: Route Clownfish comments
env:
GH_TOKEN: ${{ steps.app_token.outputs.token || secrets.CLOWNFISH_GH_TOKEN || github.token }}
CLOWNFISH_CLAWSWEEPER_GH_TOKEN: ${{ secrets.CLOWNFISH_GH_TOKEN || steps.app_token.outputs.token || github.token }}
CLOWNFISH_ALLOW_AUTOMERGE: ${{ vars.CLOWNFISH_ALLOW_AUTOMERGE || '0' }}
CLOWNFISH_ALLOW_MERGE: ${{ vars.CLOWNFISH_ALLOW_MERGE || '0' }}
run: |
set -euo pipefail
target_repo="${{ github.event_name == 'workflow_dispatch' && inputs.target_repo || vars.CLOWNFISH_TARGET_REPO || 'openclaw/openclaw' }}"
lookback_minutes="${{ github.event_name == 'workflow_dispatch' && inputs.lookback_minutes || vars.CLOWNFISH_COMMENT_LOOKBACK_MINUTES || '180' }}"
since="${{ github.event_name == 'workflow_dispatch' && inputs.since || '' }}"
max_comments="${{ github.event_name == 'workflow_dispatch' && inputs.max_comments || vars.CLOWNFISH_COMMENT_MAX_COMMENTS || '100' }}"
runner="${{ github.event_name == 'workflow_dispatch' && inputs.runner || vars.CLOWNFISH_WORKER_RUNNER || 'blacksmith-4vcpu-ubuntu-2404' }}"
execution_runner="${{ github.event_name == 'workflow_dispatch' && inputs.execution_runner || vars.CLOWNFISH_EXECUTION_RUNNER || 'blacksmith-16vcpu-ubuntu-2404' }}"
args=(
--write-report
--repo "$target_repo"
--lookback-minutes "$lookback_minutes"
--max-comments "$max_comments"
--runner "$runner"
--execution-runner "$execution_runner"
--wait-for-capacity
)
if [ -n "$since" ]; then
args+=(--since "$since")
fi
if { [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ "${{ inputs.execute }}" = "true" ]; } ||
{ [ "${{ github.event_name }}" = "schedule" ] && [ "${{ vars.CLOWNFISH_COMMENT_ROUTER_EXECUTE || '0' }}" = "1" ]; }; then
args+=(--execute)
fi
npm run comment-router -- "${args[@]}"
- name: Commit comment router ledger
if: always()
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add results/comment-router.json results/comment-router-latest.json jobs/ 2>/dev/null || true
if git diff --cached --quiet; then
echo "No comment router changes"
exit 0
fi
git commit -m "chore: record Clownfish comment routing"
for attempt in 1 2 3; do
echo "Push attempt ${attempt}"
if git push; then
exit 0
fi
git fetch origin main
git rebase -X theirs origin/main
done
git push

226
.github/workflows/commit-finding-intake.yml vendored
View File

@ -1,226 +0,0 @@
name: commit finding intake
on:
repository_dispatch:
types: [clawsweeper_commit_finding]
workflow_dispatch:
inputs:
enabled:
description: "Run commit finding intake"
required: false
default: "true"
type: string
target_repo:
description: "Target repository"
required: true
default: "openclaw/openclaw"
type: string
commit_sha:
description: "Commit SHA with a ClawSweeper finding"
required: true
type: string
report_repo:
description: "Repository containing the ClawSweeper report"
required: false
default: "openclaw/clawsweeper"
type: string
report_path:
description: "Path to the ClawSweeper report"
required: false
default: ""
type: string
report_url:
description: "Public report URL"
required: false
default: ""
type: string
permissions:
contents: write
actions: read
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
CODEX_CLI_VERSION: ${{ vars.CLOWNFISH_CODEX_CLI_VERSION || '0.125.0' }}
CLOWNFISH_ALLOWED_OWNER: ${{ vars.CLOWNFISH_ALLOWED_OWNER || 'openclaw' }}
CLOWNFISH_ALLOW_EXECUTE: ${{ vars.CLOWNFISH_ALLOW_EXECUTE == '1' && '1' || '0' }}
CLOWNFISH_ALLOW_FIX_PR: ${{ vars.CLOWNFISH_ALLOW_FIX_PR == '1' && '1' || '0' }}
CLOWNFISH_ALLOW_MERGE: "0"
CLOWNFISH_CODEX_REASONING_EFFORT: ${{ vars.CLOWNFISH_CODEX_REASONING_EFFORT || 'medium' }}
CLOWNFISH_CODEX_REVIEW_ATTEMPTS: ${{ vars.CLOWNFISH_CODEX_REVIEW_ATTEMPTS || '2' }}
CLOWNFISH_REBASE_REPAIR_ATTEMPTS: ${{ vars.CLOWNFISH_REBASE_REPAIR_ATTEMPTS || '4' }}
CLOWNFISH_FIX_CODEX_TIMEOUT_MS: ${{ vars.CLOWNFISH_FIX_CODEX_TIMEOUT_MS || '1200000' }}
CLOWNFISH_FIX_STEP_TIMEOUT_MS: "1500000"
CLOWNFISH_FIX_TIMEOUT_RESERVE_MS: ${{ vars.CLOWNFISH_FIX_TIMEOUT_RESERVE_MS || '300000' }}
CLOWNFISH_FIX_PREFLIGHT_TIMEOUT_MS: ${{ vars.CLOWNFISH_FIX_PREFLIGHT_TIMEOUT_MS || '120000' }}
CLOWNFISH_MODEL: ${{ vars.CLOWNFISH_MODEL || 'gpt-5.5' }}
CLOWNFISH_TARGET_VALIDATION_MODE: ${{ vars.CLOWNFISH_TARGET_VALIDATION_MODE || 'changed-only' }}
CLOWNFISH_RESOLVE_REVIEW_THREADS: ${{ vars.CLOWNFISH_RESOLVE_REVIEW_THREADS || '1' }}
CLOWNFISH_MAX_ACTIVE_PRS_PER_AREA: ${{ vars.CLOWNFISH_MAX_ACTIVE_PRS_PER_AREA || '50' }}
CLOWNFISH_GIT_USER_NAME: ${{ vars.CLOWNFISH_GIT_USER_NAME || 'openclaw-clownfish[bot]' }}
CLOWNFISH_GIT_USER_EMAIL: ${{ vars.CLOWNFISH_GIT_USER_EMAIL || '280122609+openclaw-clownfish[bot]@users.noreply.github.com' }}
concurrency:
group: commit-finding-${{ github.event.inputs.target_repo || github.event.client_payload.target_repo || 'openclaw/openclaw' }}-${{ github.event.inputs.commit_sha || github.event.client_payload.commit_sha || github.run_id }}
cancel-in-progress: false
jobs:
intake:
runs-on: ${{ vars.CLOWNFISH_COMMIT_FINDING_RUNNER || 'blacksmith-16vcpu-ubuntu-2404' }}
timeout-minutes: 75
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
- uses: actions/setup-node@v5
with:
node-version: "24"
- name: Create GitHub App token
id: app_token
continue-on-error: true
uses: actions/create-github-app-token@v3
with:
app-id: ${{ vars.CLOWNFISH_APP_ID }}
private-key: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY }}
owner: ${{ vars.CLOWNFISH_ALLOWED_OWNER || github.repository_owner }}
permission-contents: write
permission-issues: write
permission-pull-requests: write
permission-workflows: write
permission-actions: read
- name: Prepare commit finding intake
id: prepare
env:
GH_TOKEN: ${{ steps.app_token.outputs.token || secrets.CLOWNFISH_READ_GH_TOKEN || github.token }}
ENABLED: ${{ github.event.inputs.enabled || github.event.client_payload.enabled || vars.CLOWNFISH_COMMIT_FINDING_INTAKE_ENABLED || 'true' }}
TARGET_REPO: ${{ github.event.inputs.target_repo || github.event.client_payload.target_repo || 'openclaw/openclaw' }}
COMMIT_SHA: ${{ github.event.inputs.commit_sha || github.event.client_payload.commit_sha }}
REPORT_REPO: ${{ github.event.inputs.report_repo || github.event.client_payload.report_repo || 'openclaw/clawsweeper' }}
REPORT_PATH: ${{ github.event.inputs.report_path || github.event.client_payload.report_path }}
REPORT_URL: ${{ github.event.inputs.report_url || github.event.client_payload.report_url }}
run: |
set -euo pipefail
args=(
prepare
--enabled "$ENABLED"
--target-repo "$TARGET_REPO"
--commit-sha "$COMMIT_SHA"
--report-repo "$REPORT_REPO"
)
if [ -n "${REPORT_PATH:-}" ]; then
args+=(--report-path "$REPORT_PATH")
fi
if [ -n "${REPORT_URL:-}" ]; then
args+=(--report-url "$REPORT_URL")
fi
npm run commit-finding-intake -- "${args[@]}"
- name: Cache Codex CLI, npm, and target pnpm downloads
if: ${{ steps.prepare.outputs.should_repair == 'true' }}
uses: actions/cache@v5
with:
path: |
~/.npm
~/.cache/node/corepack
~/.local/share/pnpm/store
~/.projectclownfish/codex
key: ${{ runner.os }}-node24-codex-${{ env.CODEX_CLI_VERSION }}-target-pnpm-v1
restore-keys: |
${{ runner.os }}-node24-codex-${{ env.CODEX_CLI_VERSION }}-target-pnpm-
${{ runner.os }}-node24-codex-
- name: Install Codex CLI
if: ${{ steps.prepare.outputs.should_repair == 'true' }}
run: |
set -euo pipefail
npm config set prefix "$HOME/.projectclownfish/codex"
npm config set cache "$HOME/.npm"
echo "$HOME/.projectclownfish/codex/bin" >> "$GITHUB_PATH"
export PATH="$HOME/.projectclownfish/codex/bin:$PATH"
if ! command -v codex >/dev/null 2>&1 || ! codex --version | grep -Fq "$CODEX_CLI_VERSION"; then
npm install -g "@openai/codex@$CODEX_CLI_VERSION" --prefer-offline --no-audit --no-fund
fi
codex --version
- name: Authenticate Codex
if: ${{ steps.prepare.outputs.should_repair == 'true' }}
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }}
run: |
test -n "${OPENAI_API_KEY:-}"
test -n "${CODEX_API_KEY:-}"
printenv OPENAI_API_KEY | codex login --with-api-key >/dev/null
- name: Review synthetic result
if: ${{ steps.prepare.outputs.should_repair == 'true' }}
run: npm run review-results -- "${{ steps.prepare.outputs.result_path }}"
- name: Execute credited fix artifact
id: execute
if: ${{ steps.prepare.outputs.should_repair == 'true' && env.CLOWNFISH_ALLOW_EXECUTE == '1' && env.CLOWNFISH_ALLOW_FIX_PR == '1' }}
continue-on-error: true
timeout-minutes: 35
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
CODEX_API_KEY: ${{ secrets.CODEX_API_KEY || secrets.OPENAI_API_KEY }}
GH_TOKEN: ${{ steps.app_token.outputs.token || secrets.CLOWNFISH_GH_TOKEN || github.token }}
run: npm run execute-fix -- "${{ steps.prepare.outputs.job_path }}" "${{ steps.prepare.outputs.result_path }}"
- name: Post-flight finalize fix PRs
if: ${{ steps.prepare.outputs.should_repair == 'true' && steps.execute.outcome == 'success' && env.CLOWNFISH_ALLOW_EXECUTE == '1' && env.CLOWNFISH_ALLOW_FIX_PR == '1' }}
env:
GH_TOKEN: ${{ steps.app_token.outputs.token || secrets.CLOWNFISH_GH_TOKEN || github.token }}
run: npm run post-flight -- "${{ steps.prepare.outputs.job_path }}" "${{ steps.prepare.outputs.result_path }}"
- name: Publish local result ledger
if: ${{ always() && steps.prepare.outputs.should_repair == 'true' }}
env:
GH_TOKEN: ${{ steps.app_token.outputs.token || secrets.CLOWNFISH_READ_GH_TOKEN || github.token }}
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
run: |
npm run publish-result -- "${{ steps.prepare.outputs.run_dir }}" \
--run-id "${{ github.run_id }}" \
--run-url "$RUN_URL" \
--head-sha "${{ github.sha }}" \
--conclusion "${{ steps.execute.outcome == 'success' && 'success' || steps.execute.outcome == 'failure' && 'failure' || 'skipped' }}"
- name: Finalize commit finding audit
if: always()
run: |
if [ -n "${{ steps.prepare.outputs.audit_path }}" ]; then
npm run commit-finding-intake -- finalize \
--audit-path "${{ steps.prepare.outputs.audit_path }}" \
--run-dir "${{ steps.prepare.outputs.run_dir }}" \
--status "${{ steps.prepare.outputs.should_repair == 'true' && (steps.execute.outcome || 'skipped') || steps.prepare.outputs.status }}"
fi
- name: Commit intake ledger
if: always()
run: |
set -euo pipefail
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add jobs results README.md apply-report.json
if git diff --cached --quiet; then
echo "No intake ledger changes"
exit 0
fi
git commit -m "chore: record commit finding intake"
for _attempt in 1 2 3; do
if git pull --rebase && git push; then
exit 0
fi
git rebase --abort || true
git fetch origin main
git rebase origin/main
done
git push
- name: Fail on repair failure
if: ${{ steps.prepare.outputs.should_repair == 'true' && steps.execute.outcome == 'failure' }}
run: exit 1

10
.github/workflows/finalize-open-prs.yml vendored
View File

@ -48,8 +48,8 @@ jobs:
- name: Finalize open ProjectClownfish PRs
env:
GH_TOKEN: ${{ secrets.CLOWNFISH_GH_TOKEN || github.token }}
CLOWNFISH_ALLOW_EXECUTE: ${{ inputs.execute && vars.CLOWNFISH_ALLOW_EXECUTE == '1' && '1' || '0' }}
CLOWNFISH_ALLOW_FIX_PR: ${{ inputs.execute && vars.CLOWNFISH_ALLOW_FIX_PR == '1' && '1' || '0' }}
CLOWNFISH_ALLOW_EXECUTE: ${{ inputs.execute && (vars.CLOWNFISH_ALLOW_EXECUTE || '1') || '0' }}
CLOWNFISH_ALLOW_FIX_PR: ${{ inputs.execute && (vars.CLOWNFISH_ALLOW_FIX_PR || '1') || '0' }}
run: |
args=(
--write-report
@ -58,10 +58,8 @@ jobs:
--runner "${{ inputs.runner }}"
--execution-runner "${{ inputs.execution_runner }}"
)
if [ "${{ inputs.execute }}" = "true" ] && [ "${CLOWNFISH_ALLOW_EXECUTE}" = "1" ] && [ "${CLOWNFISH_ALLOW_FIX_PR}" = "1" ]; then
if [ "${{ inputs.execute }}" = "true" ]; then
args+=(--execute)
elif [ "${{ inputs.execute }}" = "true" ]; then
echo "execution requested, but Clownfish execute/fix gates are not explicitly 1; writing report without dispatching repairs"
fi
npm run finalize-open-prs -- "${args[@]}"
npm run publish-result
@ -79,7 +77,7 @@ jobs:
exit 0
fi
git commit -m "chore: record open PR finalizer"
for _ in 1 2 3; do
for attempt in 1 2 3; do
if git push; then
exit 0
fi

58
.github/workflows/publish-results.yml vendored
View File

@ -14,6 +14,8 @@ permissions:
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
CLOWNFISH_APP_ID: ${{ vars.CLOWNFISH_APP_ID || secrets.CLOWNFISH_APP_ID }}
CLOWNFISH_APP_AUTH_ENABLED: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY != '' && (vars.CLOWNFISH_APP_ID != '' || secrets.CLOWNFISH_APP_ID != '') && '1' || '0' }}
concurrency:
group: projectclownfish-publish-results
@ -32,6 +34,21 @@ jobs:
with:
node-version: "24"
- name: Create GitHub App read token
id: read_app_token
if: ${{ env.CLOWNFISH_APP_AUTH_ENABLED == '1' }}
uses: actions/create-github-app-token@v3
with:
app-id: ${{ env.CLOWNFISH_APP_ID }}
private-key: ${{ secrets.CLOWNFISH_APP_PRIVATE_KEY }}
owner: openclaw
repositories: |
openclaw
clownfish
permission-contents: read
permission-issues: read
permission-pull-requests: read
- name: Download worker artifacts
env:
GH_TOKEN: ${{ github.token }}
@ -50,42 +67,33 @@ jobs:
- name: Publish and commit result ledger
env:
GH_TOKEN: ${{ secrets.CLOWNFISH_READ_GH_TOKEN || github.token }}
GH_TOKEN: ${{ steps.read_app_token.outputs.token || secrets.CLOWNFISH_READ_GH_TOKEN || github.token }}
RUN_ID: ${{ github.event.workflow_run.id }}
RUN_URL: ${{ github.event.workflow_run.html_url }}
HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
CONCLUSION: ${{ github.event.workflow_run.conclusion }}
run: |
set -euo pipefail
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git fetch origin main
git checkout -B main origin/main
npm run publish-result -- artifacts \
--run-id "$RUN_ID" \
--run-url "$RUN_URL" \
--head-sha "$HEAD_SHA" \
--conclusion "$CONCLUSION"
npm run finalize-open-prs -- --write-report
npm run publish-result
git add README.md results jobs/openclaw/closed apply-report.json
if git diff --cached --quiet; then
echo "No result changes"
exit 0
fi
git commit -m "chore: publish cluster result"
for attempt in 1 2 3; do
if git push origin HEAD:main; then
git fetch origin main
git checkout -B main origin/main
npm run publish-result -- artifacts \
--run-id "$RUN_ID" \
--run-url "$RUN_URL" \
--head-sha "$HEAD_SHA" \
--conclusion "$CONCLUSION"
npm run finalize-open-prs -- --write-report
npm run publish-result
git add README.md results jobs/openclaw/closed apply-report.json
if git diff --cached --quiet; then
echo "No result changes"
exit 0
fi
echo "Push attempt ${attempt} failed; rebasing existing ledger commit onto origin/main"
git fetch origin main
if git rebase origin/main; then
continue
git commit -m "chore: publish cluster result"
if git push origin main; then
exit 0
fi
git rebase --abort || true
exit 1
done
exit 1

3
.github/workflows/validate.yml vendored
View File

@ -24,9 +24,6 @@ jobs:
- name: Validate job specs
run: npm run validate
- name: Run script tests
run: npm test
- name: Render example prompt
run: npm run render -- jobs/openclaw/inbox/cluster-example.md --mode plan > /tmp/projectclownfish-prompt.md

232
README.md
View File

@ -1,4 +1,4 @@
<img width="1584" height="672" alt="clownfish_banner" src="https://github.com/user-attachments/assets/6b2a0d0f-aca8-47e5-8a1f-eb266c760646" />
<img width="1584" height="672" alt="image" src="https://github.com/user-attachments/assets/ba1571d9-785e-47df-92b6-ce90681ca8e4" />
# 🐠 Clownfish
@ -41,79 +41,74 @@ The default workflow is proposal-first. It does not comment or close unless a jo
## Dashboard
Last dashboard update: Apr 30, 2026, 02:08 UTC
Last dashboard update: Apr 28, 2026, 18:43 UTC
<!-- projectclownfish-dashboard:start -->
State: Failed clusters need inspection
Scope: 360 active latest cluster reports. 1 policy-archived cluster(s) are excluded from health stats; run attempts are tracked as audit history only.
Scope: 220 active latest cluster reports. 1 policy-archived cluster(s) are excluded from health stats; run attempts are tracked as audit history only.
| Metric | Count | Rate |
| --- | ---: | ---: |
| Latest clusters reviewed | 360 | 100% |
| Latest clusters reviewed | 220 | 100% |
| Policy-archived clusters | 1 | audit |
| Clean completed clusters | 183 | 50.8% |
| Needs-human clusters | 51 | 14.2% |
| Latest successful clusters | 332 | 92.2% |
| Latest failed clusters | 4 | 1.1% |
| Clean completed clusters | 98 | 44.5% |
| Needs-human clusters | 40 | 18.2% |
| Latest successful clusters | 218 | 99.1% |
| Latest failed clusters | 2 | 0.9% |
| Latest cancelled clusters | 0 | 0.0% |
| Run attempts archived | 613 | audit |
| Fix action attempts | 164 | audit |
| Run attempts archived | 453 | audit |
| Fix action attempts | 151 | audit |
| Fix actions executed | 0 | 0.0% |
| Fix actions failed | 35 | 21.3% |
| Fix actions blocked | 50 | 30.5% |
| Latest clusters with fix failures | 44 | 12.2% |
| Distinct PRs touched | 1079 | 100% |
| Open PRs tracked | 430 | 39.9% |
| Closed unmerged PRs tracked | 530 | 49.1% |
| Completed close actions | 30 | 10.4% |
| Completed merge actions | 23 | 8.0% |
| Fix actions failed | 34 | 22.5% |
| Fix actions blocked | 44 | 29.1% |
| Latest clusters with fix failures | 40 | 18.2% |
| Distinct PRs touched | 813 | 100% |
| Open PRs tracked | 325 | 40.0% |
| Closed unmerged PRs tracked | 395 | 48.6% |
| Completed close actions | 30 | 11.0% |
| Completed merge actions | 23 | 8.5% |
| Duplicate closes | 22 | 73.3% |
| Superseded closes | 0 | 0.0% |
| Fixed-by-candidate closes | 0 | 0.0% |
| Low-signal PR closes | 0 | 0.0% |
| Blocked mutation attempts | 119 | 41.2% |
| Skipped mutation attempts | 117 | 40.5% |
| Blocked mutation attempts | 100 | 36.8% |
| Skipped mutation attempts | 119 | 43.8% |
### Clusters Needing Inspection
| Cluster | State | Source job | Reason | Report | Run |
| --- | --- | --- | --- | --- | --- |
| [gitcrawl-2955-dedupe-only-20260429d](results/openclaw/gitcrawl-2955-dedupe-only-20260429d.md) | needs human | jobs/openclaw/inbox/gitcrawl-2955-dedupe-only-20260429d.md | #47365: decide whether the fix must preserve the released --local-time flag alongside --utc, use an explicit deprecation path, or be repl... | [report](results/openclaw/gitcrawl-2955-dedupe-only-20260429d.md) | [25142253912](https://github.com/openclaw/clownfish/actions/runs/25142253912) |
| [gitcrawl-17200-dedupe-only-20260429d](results/openclaw/gitcrawl-17200-dedupe-only-20260429d.md) | needs human | jobs/openclaw/inbox/gitcrawl-17200-dedupe-only-20260429d.md | Maintainer decision needed before merge or automated repair: choose the canonical Firecrawl self-hosting network-policy shape for #63877,... | [report](results/openclaw/gitcrawl-17200-dedupe-only-20260429d.md) | [25142106015](https://github.com/openclaw/clownfish/actions/runs/25142106015) |
| [gitcrawl-3154-dedupe-only-20260429d](results/openclaw/gitcrawl-3154-dedupe-only-20260429d.md) | needs human | jobs/openclaw/inbox/gitcrawl-3154-dedupe-only-20260429d.md | #53522 requires maintainer branch/split decision: it overlaps the focused #53441 Synology fix, includes already-shipped web_fetch/status ... | [report](results/openclaw/gitcrawl-3154-dedupe-only-20260429d.md) | [25142072560](https://github.com/openclaw/clownfish/actions/runs/25142072560) |
| [gitcrawl-9101-dedupe-only-20260429-remote](results/openclaw/gitcrawl-9101-dedupe-only-20260429-remote.md) | needs human | jobs/openclaw/inbox/gitcrawl-9101-dedupe-only-20260429-remote.md | Choose the intended desktop Cron editor layout before superseding or closing either #55978 or #47582: preserve sticky New/Edit Job behavi... | [report](results/openclaw/gitcrawl-9101-dedupe-only-20260429-remote.md) | [25137271613](https://github.com/openclaw/clownfish/actions/runs/25137271613) |
| [gitcrawl-5707-dedupe-only-20260429-remote](results/openclaw/gitcrawl-5707-dedupe-only-20260429-remote.md) | needs human | jobs/openclaw/inbox/gitcrawl-5707-dedupe-only-20260429-remote.md | #40044 and #66312 need maintainer product/API direction on the prompt-visible Runtime session identifier before either PR can be treated ... | [report](results/openclaw/gitcrawl-5707-dedupe-only-20260429-remote.md) | [25136426946](https://github.com/openclaw/clownfish/actions/runs/25136426946) |
| [gitcrawl-2880-dedupe-only-20260429-remote](results/openclaw/gitcrawl-2880-dedupe-only-20260429-remote.md) | apply blocked | jobs/openclaw/inbox/gitcrawl-2880-dedupe-only-20260429-remote.md | target changed since worker review | [report](results/openclaw/gitcrawl-2880-dedupe-only-20260429-remote.md) | [25134553126](https://github.com/openclaw/clownfish/actions/runs/25134553126) |
| [gitcrawl-2733-dedupe-only-20260429-remote](results/openclaw/gitcrawl-2733-dedupe-only-20260429-remote.md) | apply blocked | jobs/openclaw/inbox/gitcrawl-2733-dedupe-only-20260429-remote.md | target changed since worker review | [report](results/openclaw/gitcrawl-2733-dedupe-only-20260429-remote.md) | [25134075609](https://github.com/openclaw/clownfish/actions/runs/25134075609) |
| [gitcrawl-2477-dedupe-only-20260429-remote](results/openclaw/gitcrawl-2477-dedupe-only-20260429-remote.md) | apply blocked | jobs/openclaw/inbox/gitcrawl-2477-dedupe-only-20260429-remote.md | candidate fix is not listed in job refs | [report](results/openclaw/gitcrawl-2477-dedupe-only-20260429-remote.md) | [25133514336](https://github.com/openclaw/clownfish/actions/runs/25133514336) |
| [gitcrawl-2282-dedupe-only-20260429-remote](results/openclaw/gitcrawl-2282-dedupe-only-20260429-remote.md) | apply blocked | jobs/openclaw/inbox/gitcrawl-2282-dedupe-only-20260429-remote.md | candidate fix is not listed in job refs | [report](results/openclaw/gitcrawl-2282-dedupe-only-20260429-remote.md) | [25132458580](https://github.com/openclaw/clownfish/actions/runs/25132458580) |
| [gitcrawl-2111-dedupe-only-20260429-remote](results/openclaw/gitcrawl-2111-dedupe-only-20260429-remote.md) | apply blocked | jobs/openclaw/inbox/gitcrawl-2111-dedupe-only-20260429-remote.md | target changed since worker review | [report](results/openclaw/gitcrawl-2111-dedupe-only-20260429-remote.md) | [25131909532](https://github.com/openclaw/clownfish/actions/runs/25131909532) |
| [gitcrawl-1972-dedupe-only-20260429-remote](results/openclaw/gitcrawl-1972-dedupe-only-20260429-remote.md) | needs human | jobs/openclaw/inbox/gitcrawl-1972-dedupe-only-20260429-remote.md | #43443: maintainer decision needed on launchd EIO retry plus SIGKILL/PID identity semantics before any automated replacement or rebase. | [report](results/openclaw/gitcrawl-1972-dedupe-only-20260429-remote.md) | [25131315944](https://github.com/openclaw/clownfish/actions/runs/25131315944) |
| [gitcrawl-1998-dedupe-only-20260429-remote](results/openclaw/gitcrawl-1998-dedupe-only-20260429-remote.md) | needs human | jobs/openclaw/inbox/gitcrawl-1998-dedupe-only-20260429-remote.md | #64731 requires maintainer product-direction choice: Telegram-specific fallback notices outside verbose mode versus the broader unhydrate... | [report](results/openclaw/gitcrawl-1998-dedupe-only-20260429-remote.md) | [25131329587](https://github.com/openclaw/clownfish/actions/runs/25131329587) |
| [gitcrawl-1957-dedupe-only-20260429-remote](results/openclaw/gitcrawl-1957-dedupe-only-20260429-remote.md) | needs human | jobs/openclaw/inbox/gitcrawl-1957-dedupe-only-20260429-remote.md | #49408 requires maintainer policy judgment on whether root-escaping symlinked managed skills should be supported or explicitly documented... | [report](results/openclaw/gitcrawl-1957-dedupe-only-20260429-remote.md) | [25131311478](https://github.com/openclaw/clownfish/actions/runs/25131311478) |
| [gitcrawl-1953-dedupe-only-20260429-remote](results/openclaw/gitcrawl-1953-dedupe-only-20260429-remote.md) | needs human | jobs/openclaw/inbox/gitcrawl-1953-dedupe-only-20260429-remote.md | No single open canonical issue or PR clearly replaces closed representative #43551. The open candidates should be split by maintainers in... | [report](results/openclaw/gitcrawl-1953-dedupe-only-20260429-remote.md) | [25131307011](https://github.com/openclaw/clownfish/actions/runs/25131307011) |
| [gitcrawl-16529-dedupe-only-20260429-remote](results/openclaw/gitcrawl-16529-dedupe-only-20260429-remote.md) | apply blocked | jobs/openclaw/inbox/gitcrawl-16529-dedupe-only-20260429-remote.md | candidate fix is not listed in job refs | [report](results/openclaw/gitcrawl-16529-dedupe-only-20260429-remote.md) | [25130299053](https://github.com/openclaw/clownfish/actions/runs/25130299053) |
| [gitcrawl-12535-dedupe-only-20260429-remote](results/openclaw/gitcrawl-12535-dedupe-only-20260429-remote.md) | needs human | jobs/openclaw/inbox/gitcrawl-12535-dedupe-only-20260429-remote.md | Codex worker timed out after 1800000ms | [report](results/openclaw/gitcrawl-12535-dedupe-only-20260429-remote.md) | [25109664831](https://github.com/openclaw/clownfish/actions/runs/25109664831) |
| [gitcrawl-12851-dedupe-only-20260429-remote](results/openclaw/gitcrawl-12851-dedupe-only-20260429-remote.md) | workflow failure | jobs/openclaw/inbox/gitcrawl-12851-dedupe-only-20260429-remote.md | No close, merge, label, or fix action is safe from this dedupe-only pass. The canonical hint #67816 and related QR follow-up #67820 have ... | [report](results/openclaw/gitcrawl-12851-dedupe-only-20260429-remote.md) | [25109675769](https://github.com/openclaw/clownfish/actions/runs/25109675769) |
| [gitcrawl-238838-dedupe-only-20260429c](results/openclaw/gitcrawl-238838-dedupe-only-20260429c.md) | apply blocked | jobs/openclaw/inbox/gitcrawl-238838-dedupe-only-20260429c.md | target is not listed in job candidates | [report](results/openclaw/gitcrawl-238838-dedupe-only-20260429c.md) | [25108831266](https://github.com/openclaw/clownfish/actions/runs/25108831266) |
| [gitcrawl-238871-dedupe-only-20260429c](results/openclaw/gitcrawl-238871-dedupe-only-20260429c.md) | needs human | jobs/openclaw/inbox/gitcrawl-238871-dedupe-only-20260429c.md | Choose the canonical Feishu group-thread mention API and implementation path between #48945 threadFollowUp active/topic/off and #40530 re... | [report](results/openclaw/gitcrawl-238871-dedupe-only-20260429c.md) | [25107991613](https://github.com/openclaw/clownfish/actions/runs/25107991613) |
| [gitcrawl-238843-dedupe-only-20260429c](results/openclaw/gitcrawl-238843-dedupe-only-20260429c.md) | apply blocked | jobs/openclaw/inbox/gitcrawl-238843-dedupe-only-20260429c.md | target changed since worker review | [report](results/openclaw/gitcrawl-238843-dedupe-only-20260429c.md) | [25105238272](https://github.com/openclaw/clownfish/actions/runs/25105238272) |
| [gitcrawl-238856-dedupe-only-20260429c](results/openclaw/gitcrawl-238856-dedupe-only-20260429c.md) | apply blocked | jobs/openclaw/inbox/gitcrawl-238856-dedupe-only-20260429c.md | target changed since worker review | [report](results/openclaw/gitcrawl-238856-dedupe-only-20260429c.md) | [25105234648](https://github.com/openclaw/clownfish/actions/runs/25105234648) |
| [low-signal-pr-sweep-20260425T2355-03](results/openclaw/low-signal-pr-sweep-20260425t2355-03.md) | apply blocked | jobs/openclaw/inbox/low-signal-pr-sweep-20260425T2355-03.md | target changed since worker review | [report](results/openclaw/low-signal-pr-sweep-20260425t2355-03.md) | [25105232771](https://github.com/openclaw/clownfish/actions/runs/25105232771) |
| [low-signal-pr-sweep-20260427T0530-01](results/openclaw/low-signal-pr-sweep-20260427t0530-01.md) | apply blocked | jobs/openclaw/inbox/low-signal-pr-sweep-20260427T0530-01.md | target changed since worker review | [report](results/openclaw/low-signal-pr-sweep-20260427t0530-01.md) | [25105230558](https://github.com/openclaw/clownfish/actions/runs/25105230558) |
| [automerge-openclaw-openclaw-74126](results/openclaw/automerge-openclaw-openclaw-74126.md) | needs human | jobs/openclaw/inbox/automerge-openclaw-openclaw-74126.md | #74126: maintainer needs to complete the live automerge adoption smoke check and close the PR manually if appropriate; the hydrated artif... | [report](results/openclaw/automerge-openclaw-openclaw-74126.md) | [25101630563](https://github.com/openclaw/clownfish/actions/runs/25101630563) |
| [gitcrawl-238884-dedupe-only-20260429c](results/openclaw/gitcrawl-238884-dedupe-only-20260429c.md) | apply blocked | jobs/openclaw/inbox/gitcrawl-238884-dedupe-only-20260429c.md | target changed since worker review | [report](results/openclaw/gitcrawl-238884-dedupe-only-20260429c.md) | [25100259952](https://github.com/openclaw/clownfish/actions/runs/25100259952) |
| [ghcrawl-156679-autonomous-smoke](results/openclaw/ghcrawl-156679-autonomous-smoke.md) | apply blocked | jobs/openclaw/inbox/ghcrawl-156679-autonomous-smoke.md | merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | [report](results/openclaw/ghcrawl-156679-autonomous-smoke.md) | [25070625859](https://github.com/openclaw/clownfish/actions/runs/25070625859) |
| [ghcrawl-156675-autonomous-smoke](results/openclaw/ghcrawl-156675-autonomous-smoke.md) | apply blocked | jobs/openclaw/inbox/ghcrawl-156675-autonomous-smoke.md | merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | [report](results/openclaw/ghcrawl-156675-autonomous-smoke.md) | [25070590154](https://github.com/openclaw/clownfish/actions/runs/25070590154) |
| [ghcrawl-156682-autonomous-smoke](results/openclaw/ghcrawl-156682-autonomous-smoke.md) | apply blocked | jobs/openclaw/inbox/ghcrawl-156682-autonomous-smoke.md | target is not listed in job candidates | [report](results/openclaw/ghcrawl-156682-autonomous-smoke.md) | [25070632559](https://github.com/openclaw/clownfish/actions/runs/25070632559) |
| [ghcrawl-156720-autonomous-smoke](results/openclaw/ghcrawl-156720-autonomous-smoke.md) | apply skipped | jobs/openclaw/inbox/ghcrawl-156720-autonomous-smoke.md | Closeout is blocked on the canonical fix path landing. | [report](results/openclaw/ghcrawl-156720-autonomous-smoke.md) | [25070819579](https://github.com/openclaw/clownfish/actions/runs/25070819579) |
| [ghcrawl-156594-autonomous-smoke](results/openclaw/ghcrawl-156594-autonomous-smoke.md) | apply blocked | jobs/openclaw/inbox/ghcrawl-156594-autonomous-smoke.md | merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | [report](results/openclaw/ghcrawl-156594-autonomous-smoke.md) | [25069740030](https://github.com/openclaw/clownfish/actions/runs/25069740030) |
| [ghcrawl-156593-autonomous-smoke](results/openclaw/ghcrawl-156593-autonomous-smoke.md) | apply blocked | jobs/openclaw/inbox/ghcrawl-156593-autonomous-smoke.md | merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | [report](results/openclaw/ghcrawl-156593-autonomous-smoke.md) | [25069738606](https://github.com/openclaw/clownfish/actions/runs/25069738606) |
| [ghcrawl-156627-autonomous-smoke](results/openclaw/ghcrawl-156627-autonomous-smoke.md) | fix blocked | jobs/openclaw/inbox/ghcrawl-156627-autonomous-smoke.md | fix artifact is too broad for autonomous execution; split into narrower jobs or explicitly set CLOWNFISH_ALLOW_BROAD_FIX_ARTIFACTS=1 | [report](results/openclaw/ghcrawl-156627-autonomous-smoke.md) | [25070489790](https://github.com/openclaw/clownfish/actions/runs/25070489790) |
| [ghcrawl-156585-autonomous-smoke](results/openclaw/ghcrawl-156585-autonomous-smoke.md) | fix failed | jobs/openclaw/inbox/ghcrawl-156585-autonomous-smoke.md | Codex produced no target repo changes after 3 edit attempt(s). | [report](results/openclaw/ghcrawl-156585-autonomous-smoke.md) | [25069725706](https://github.com/openclaw/clownfish/actions/runs/25069725706) |
| [ghcrawl-156586-autonomous-smoke](results/openclaw/ghcrawl-156586-autonomous-smoke.md) | fix blocked | jobs/openclaw/inbox/ghcrawl-156586-autonomous-smoke.md | Codex /review failed: structured output was not written to replacement-codex-review-1.json; stdout={"type":"thread.started","thread_id":"... | [report](results/openclaw/ghcrawl-156586-autonomous-smoke.md) | [25069727471](https://github.com/openclaw/clownfish/actions/runs/25069727471) |
| [ghcrawl-156582-autonomous-smoke](results/openclaw/ghcrawl-156582-autonomous-smoke.md) | fix blocked | jobs/openclaw/inbox/ghcrawl-156582-autonomous-smoke.md | validation command failed (pnpm check:changed): [check:changed] lanes=all [check:changed] extension-impacting surface; extension typechec... | [report](results/openclaw/ghcrawl-156582-autonomous-smoke.md) | [25069721873](https://github.com/openclaw/clownfish/actions/runs/25069721873) |
| [ghcrawl-156595-autonomous-smoke](results/openclaw/ghcrawl-156595-autonomous-smoke.md) | apply blocked | jobs/openclaw/inbox/ghcrawl-156595-autonomous-smoke.md | merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | [report](results/openclaw/ghcrawl-156595-autonomous-smoke.md) | [25069741964](https://github.com/openclaw/clownfish/actions/runs/25069741964) |
| [ghcrawl-156860-autonomous-smoke](results/openclaw/ghcrawl-156860-autonomous-smoke.md) | fix failed | jobs/openclaw/inbox/ghcrawl-156860-autonomous-smoke.md | base branch advanced after validation and projectclownfish/repair-ghcrawl-156860-autonomous-smoke-53667 needs a fresh rebase pass: Rebasi... | [report](results/openclaw/ghcrawl-156860-autonomous-smoke.md) | [25043323244](https://github.com/openclaw/clownfish/actions/runs/25043323244) |
| [ghcrawl-156991-autonomous-smoke](results/openclaw/ghcrawl-156991-autonomous-smoke.md) | apply blocked | jobs/openclaw/inbox/ghcrawl-156991-autonomous-smoke.md | merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | [report](results/openclaw/ghcrawl-156991-autonomous-smoke.md) | [25040442199](https://github.com/openclaw/clownfish/actions/runs/25040442199) |
| [ghcrawl-157006-autonomous-smoke](results/openclaw/ghcrawl-157006-autonomous-smoke.md) | fix failed | jobs/openclaw/inbox/ghcrawl-157006-autonomous-smoke.md | Codex /review failed: structured output was not written to repair-codex-review-1.json; stdout={"type":"thread.started","thread_id":"019dd... | [report](results/openclaw/ghcrawl-157006-autonomous-smoke.md) | [25040511075](https://github.com/openclaw/clownfish/actions/runs/25040511075) |
| [ghcrawl-156843-autonomous-smoke](results/openclaw/ghcrawl-156843-autonomous-smoke.md) | fix failed | jobs/openclaw/inbox/ghcrawl-156843-autonomous-smoke.md | base branch advanced after validation and projectclownfish/repair-ghcrawl-156843-autonomous-smoke-49981 needs a fresh rebase pass: Rebasi... | [report](results/openclaw/ghcrawl-156843-autonomous-smoke.md) | [25039684300](https://github.com/openclaw/clownfish/actions/runs/25039684300) |
| [ghcrawl-156899-autonomous-smoke](results/openclaw/ghcrawl-156899-autonomous-smoke.md) | apply blocked | jobs/openclaw/inbox/ghcrawl-156899-autonomous-smoke.md | merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | [report](results/openclaw/ghcrawl-156899-autonomous-smoke.md) | [25040053806](https://github.com/openclaw/clownfish/actions/runs/25040053806) |
| [ghcrawl-156914-autonomous-smoke](results/openclaw/ghcrawl-156914-autonomous-smoke.md) | apply blocked | jobs/openclaw/inbox/ghcrawl-156914-autonomous-smoke.md | merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | [report](results/openclaw/ghcrawl-156914-autonomous-smoke.md) | [25040098128](https://github.com/openclaw/clownfish/actions/runs/25040098128) |
| [ghcrawl-156832-autonomous-smoke](results/openclaw/ghcrawl-156832-autonomous-smoke.md) | fix failed | jobs/openclaw/inbox/ghcrawl-156832-autonomous-smoke.md | Codex /review did not pass after 2 attempt(s): Blocked: the branch is narrow and `pnpm check:changed` plus `git diff --check` pass, but t... | [report](results/openclaw/ghcrawl-156832-autonomous-smoke.md) | [25039623993](https://github.com/openclaw/clownfish/actions/runs/25039623993) |
| [ghcrawl-156946-autonomous-smoke](results/openclaw/ghcrawl-156946-autonomous-smoke.md) | fix blocked | jobs/openclaw/inbox/ghcrawl-156946-autonomous-smoke.md | fix artifact is too broad for autonomous execution; split into narrower jobs or explicitly set CLOWNFISH_ALLOW_BROAD_FIX_ARTIFACTS=1 | [report](results/openclaw/ghcrawl-156946-autonomous-smoke.md) | [25040211577](https://github.com/openclaw/clownfish/actions/runs/25040211577) |
| [ghcrawl-156873-autonomous-smoke](results/openclaw/ghcrawl-156873-autonomous-smoke.md) | apply blocked | jobs/openclaw/inbox/ghcrawl-156873-autonomous-smoke.md | merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | [report](results/openclaw/ghcrawl-156873-autonomous-smoke.md) | [25039876456](https://github.com/openclaw/clownfish/actions/runs/25039876456) |
| [ghcrawl-156879-autonomous-smoke](results/openclaw/ghcrawl-156879-autonomous-smoke.md) | fix blocked | jobs/openclaw/inbox/ghcrawl-156879-autonomous-smoke.md | fix artifact is too broad for autonomous execution; split into narrower jobs or explicitly set CLOWNFISH_ALLOW_BROAD_FIX_ARTIFACTS=1 | [report](results/openclaw/ghcrawl-156879-autonomous-smoke.md) | [25039930706](https://github.com/openclaw/clownfish/actions/runs/25039930706) |
| [ghcrawl-156868-autonomous-smoke](results/openclaw/ghcrawl-156868-autonomous-smoke.md) | fix blocked | jobs/openclaw/inbox/ghcrawl-156868-autonomous-smoke.md | fix artifact is too broad for autonomous execution; split into narrower jobs or explicitly set CLOWNFISH_ALLOW_BROAD_FIX_ARTIFACTS=1 | [report](results/openclaw/ghcrawl-156868-autonomous-smoke.md) | [25039867359](https://github.com/openclaw/clownfish/actions/runs/25039867359) |
| [ghcrawl-156864-autonomous-smoke](results/openclaw/ghcrawl-156864-autonomous-smoke.md) | fix blocked | jobs/openclaw/inbox/ghcrawl-156864-autonomous-smoke.md | fix artifact is too broad for autonomous execution; split into narrower jobs or explicitly set CLOWNFISH_ALLOW_BROAD_FIX_ARTIFACTS=1 | [report](results/openclaw/ghcrawl-156864-autonomous-smoke.md) | [25039821052](https://github.com/openclaw/clownfish/actions/runs/25039821052) |
| [ghcrawl-156741-autonomous-smoke](results/openclaw/ghcrawl-156741-autonomous-smoke.md) | fix failed | jobs/openclaw/inbox/ghcrawl-156741-autonomous-smoke.md | base branch advanced after validation and projectclownfish/repair-ghcrawl-156741-autonomous-smoke-59382 needs a fresh rebase pass: Rebasi... | [report](results/openclaw/ghcrawl-156741-autonomous-smoke.md) | [25039129783](https://github.com/openclaw/clownfish/actions/runs/25039129783) |
| [ghcrawl-156805-autonomous-smoke](results/openclaw/ghcrawl-156805-autonomous-smoke.md) | fix blocked | jobs/openclaw/inbox/ghcrawl-156805-autonomous-smoke.md | validation command failed (pnpm check:changed): [check:changed] lanes=extensions, extensionTests, docs [check:changed] extensions/telegra... | [report](results/openclaw/ghcrawl-156805-autonomous-smoke.md) | [25039479679](https://github.com/openclaw/clownfish/actions/runs/25039479679) |
### Fix Failure Queue
| Cluster | Status | Target | Branch/PR | Reason | Run |
| --- | --- | --- | --- | --- | --- |
| [clawsweeper-commit-openclaw-openclaw-6a4c866b6a8b](results/openclaw/clawsweeper-commit-openclaw-openclaw-6a4c866b6a8b.md) | blocked | | | fix artifact is too broad for autonomous execution; split into narrower jobs or explicitly set CLOWNFISH_ALLOW_BROAD_FIX_ARTIFACTS=1 | [25094690632](https://github.com/openclaw/clownfish/actions/runs/25094690632) |
| [ghcrawl-166004-agentic-merge](results/openclaw/ghcrawl-166004-agentic-merge.md) | blocked | | | Codex /review did not pass after 2 attempt(s): Cannot perform the review without inspecting the repository diff and validation state. | [25087637821](https://github.com/openclaw/clownfish/actions/runs/25087637821) |
| [ghcrawl-156717-autonomous-smoke](results/openclaw/ghcrawl-156717-autonomous-smoke.md) | blocked | | | validation command failed (pnpm check:changed): [check:changed] lanes=core, coreTests, docs [check:changed] ui/src/styles/chat/layout.css... | [25085937628](https://github.com/openclaw/clownfish/actions/runs/25085937628) |
| [ghcrawl-156593-autonomous-smoke](results/openclaw/ghcrawl-156593-autonomous-smoke.md) | failed | | | To https://github.com/LiaoyuanNing/openclaw.git ! [remote rejected] HEAD -> fix/feishu-p2p-thread-reply (refusing to allow a GitHub App t... | [25084314903](https://github.com/openclaw/clownfish/actions/runs/25084314903) |
| [ghcrawl-156593-autonomous-smoke](results/openclaw/ghcrawl-156593-autonomous-smoke.md) | blocked | | | Codex /review did not pass after 2 attempt(s): Blocked. The diff is narrow and has no visible secret, dependency, workflow, install, or s... | [25084314903](https://github.com/openclaw/clownfish/actions/runs/25084314903) |
| [ghcrawl-156627-autonomous-smoke](results/openclaw/ghcrawl-156627-autonomous-smoke.md) | blocked | | | fix artifact is too broad for autonomous execution; split into narrower jobs or explicitly set CLOWNFISH_ALLOW_BROAD_FIX_ARTIFACTS=1 | [25070489790](https://github.com/openclaw/clownfish/actions/runs/25070489790) |
| [ghcrawl-156585-autonomous-smoke](results/openclaw/ghcrawl-156585-autonomous-smoke.md) | failed | | | Codex produced no target repo changes after 3 edit attempt(s). | [25069725706](https://github.com/openclaw/clownfish/actions/runs/25069725706) |
| [ghcrawl-156585-autonomous-smoke](results/openclaw/ghcrawl-156585-autonomous-smoke.md) | blocked | | | Codex produced no target repo changes after 3 edit attempt(s). | [25069725706](https://github.com/openclaw/clownfish/actions/runs/25069725706) |
@ -134,34 +129,55 @@ Scope: 360 active latest cluster reports. 1 policy-archived cluster(s) are exclu
| [ghcrawl-156741-autonomous-smoke](results/openclaw/ghcrawl-156741-autonomous-smoke.md) | failed | | | base branch advanced after validation and projectclownfish/repair-ghcrawl-156741-autonomous-smoke-59382 needs a fresh rebase pass: Rebasi... | [25039129783](https://github.com/openclaw/clownfish/actions/runs/25039129783) |
| [ghcrawl-156741-autonomous-smoke](results/openclaw/ghcrawl-156741-autonomous-smoke.md) | blocked | | | base branch advanced after validation and projectclownfish/repair-ghcrawl-156741-autonomous-smoke-59382 needs a fresh rebase pass: Rebasi... | [25039129783](https://github.com/openclaw/clownfish/actions/runs/25039129783) |
| [ghcrawl-156805-autonomous-smoke](results/openclaw/ghcrawl-156805-autonomous-smoke.md) | blocked | | | validation command failed (pnpm check:changed): [check:changed] lanes=extensions, extensionTests, docs [check:changed] extensions/telegra... | [25039479679](https://github.com/openclaw/clownfish/actions/runs/25039479679) |
| [ghcrawl-156789-autonomous-smoke](results/openclaw/ghcrawl-156789-autonomous-smoke.md) | failed | | | validation command failed (pnpm check:changed): [check:changed] lanes=apps, docs [check:changed] apps/shared/OpenClawKit/Sources/OpenClaw... | [25039373452](https://github.com/openclaw/clownfish/actions/runs/25039373452) |
| [ghcrawl-156789-autonomous-smoke](results/openclaw/ghcrawl-156789-autonomous-smoke.md) | blocked | | | validation command failed (pnpm check:changed): [check:changed] lanes=apps, docs [check:changed] apps/shared/OpenClawKit/Sources/OpenClaw... | [25039373452](https://github.com/openclaw/clownfish/actions/runs/25039373452) |
| [ghcrawl-156782-autonomous-smoke](results/openclaw/ghcrawl-156782-autonomous-smoke.md) | blocked | | | fix artifact is too broad for autonomous execution; split into narrower jobs or explicitly set CLOWNFISH_ALLOW_BROAD_FIX_ARTIFACTS=1 | [25039337140](https://github.com/openclaw/clownfish/actions/runs/25039337140) |
| [ghcrawl-156739-autonomous-smoke](results/openclaw/ghcrawl-156739-autonomous-smoke.md) | failed | | | validation command failed (pnpm check:changed): [check:changed] lanes=core, coreTests, docs [check:changed] src/daemon/launchd-plist.ts: ... | [25039125475](https://github.com/openclaw/clownfish/actions/runs/25039125475) |
| [ghcrawl-156739-autonomous-smoke](results/openclaw/ghcrawl-156739-autonomous-smoke.md) | blocked | | | validation command failed (pnpm check:changed): [check:changed] lanes=core, coreTests, docs [check:changed] src/daemon/launchd-plist.ts: ... | [25039125475](https://github.com/openclaw/clownfish/actions/runs/25039125475) |
### Top Blocked Reasons
| Reason | Latest count | Example cluster |
| --- | ---: | --- |
| action status is blocked | 89 | [ghcrawl-156636-autonomous-smoke](results/openclaw/ghcrawl-156636-autonomous-smoke.md) |
| target changed since worker review | 18 | [gitcrawl-2880-dedupe-only-20260429-remote](results/openclaw/gitcrawl-2880-dedupe-only-20260429-remote.md) |
| close requires ProjectClownfish fix PR opened/pushed or merge executed first | 13 | [ghcrawl-156593-autonomous-smoke](results/openclaw/ghcrawl-156593-autonomous-smoke.md) |
| close requires ProjectClownfish fix PR opened/pushed or merge executed first | 12 | [ghcrawl-156722-autonomous-smoke](results/openclaw/ghcrawl-156722-autonomous-smoke.md) |
| merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | 11 | [ghcrawl-156679-autonomous-smoke](results/openclaw/ghcrawl-156679-autonomous-smoke.md) |
| merge state status is UNSTABLE | 10 | [ghcrawl-156647-autonomous-smoke](results/openclaw/ghcrawl-156647-autonomous-smoke.md) |
| merge requires CLOWNFISH_ALLOW_MERGE=1; labeled for human review | 9 | [ghcrawl-156679-autonomous-smoke](results/openclaw/ghcrawl-156679-autonomous-smoke.md) |
| job does not allow merge | 5 | [clawsweeper-commit-openclaw-openclaw-fda8cc2a9d9a](results/openclaw/clawsweeper-commit-openclaw-openclaw-fda8cc2a9d9a.md) |
| target changed since worker review | 9 | [ghcrawl-156624-autonomous-smoke](results/openclaw/ghcrawl-156624-autonomous-smoke.md) |
| mergeable state is CONFLICTING | 5 | [ghcrawl-156651-autonomous-smoke](results/openclaw/ghcrawl-156651-autonomous-smoke.md) |
| target is not listed in job candidates | 5 | [gitcrawl-238838-dedupe-only-20260429c](results/openclaw/gitcrawl-238838-dedupe-only-20260429c.md) |
| candidate fix is not listed in job refs | 3 | [gitcrawl-2477-dedupe-only-20260429-remote](results/openclaw/gitcrawl-2477-dedupe-only-20260429-remote.md) |
| target is not listed in job candidates | 4 | [ghcrawl-156682-autonomous-smoke](results/openclaw/ghcrawl-156682-autonomous-smoke.md) |
| candidate fix is not merged | 2 | [ghcrawl-191459-agentic-merge](results/openclaw/ghcrawl-191459-agentic-merge.md) |
| canonical is not listed in job refs | 2 | [ghcrawl-156658-autonomous-smoke](results/openclaw/ghcrawl-156658-autonomous-smoke.md) |
| Clearly superseded by the canonical PR path, but closure is blocked until the canonical fix lands. | 2 | [ghcrawl-156879-autonomous-smoke](results/openclaw/ghcrawl-156879-autonomous-smoke.md) |
| Fix-first policy blocks superseded closeout until #49430 is repaired and merged. | 2 | [ghcrawl-156585-autonomous-smoke](results/openclaw/ghcrawl-156585-autonomous-smoke.md) |
| maintainer issue comment blocks low-signal auto-close | 2 | [low-signal-pr-sweep-20260425T2346-01](results/openclaw/low-signal-pr-sweep-20260425t2346-01.md) |
| require_fix_before_close blocks superseded PR closeout until the canonical fix path is landed or opened as a concrete fix PR. | 2 | [ghcrawl-156789-autonomous-smoke](results/openclaw/ghcrawl-156789-autonomous-smoke.md) |
| candidate fix is not merged | 1 | [ghcrawl-191459-agentic-merge](results/openclaw/ghcrawl-191459-agentic-merge.md) |
| Clear covered issue, but closeout is blocked on the canonical fix path landing. | 1 | [ghcrawl-156739-autonomous-smoke](results/openclaw/ghcrawl-156739-autonomous-smoke.md) |
| Clear duplicate of the live canonical umbrella, but closeout is blocked on the canonical fix path or fix PR because require_fix_before_cl... | 1 | [ghcrawl-156756-autonomous-smoke](results/openclaw/ghcrawl-156756-autonomous-smoke.md) |
### Open PR Finalizer Queue
| PR | Title | Cluster | Branch | Blockers | Next action |
| --- | --- | --- | --- | --- | --- |
| [#73744](https://github.com/openclaw/openclaw/pull/73744) | feat(ui): show persistent chat context usage | ghcrawl-156717-autonomous-smoke | clownfish/ghcrawl-156717-autonomous-smoke | needs_merge_state:UNSTABLE, needs_checks:CI / checks-fast-bundled:IN_PROGRESS; CI / checks-node-extensions-shard-4:FAILURE; CI / checks-n... | repair failing checks or document unrelated main flake with touched-surface proof |
| [#73739](https://github.com/openclaw/openclaw/pull/73739) | fix(feishu): recover WebSocket after SDK retry exhaustion | ghcrawl-156682-autonomous-smoke | clownfish/ghcrawl-156682-autonomous-smoke | needs_merge_state:UNSTABLE, unresolved review threads remain, needs_checks:CI / checks-fast-bundled:IN_PROGRESS; CI / checks-node-extensi... | repair failing checks or document unrelated main flake with touched-surface proof |
| [#73737](https://github.com/openclaw/openclaw/pull/73737) | fix(gateway): reduce session-store clone memory growth | ghcrawl-156648-autonomous-smoke | clownfish/ghcrawl-156648-autonomous-smoke | needs_merge_state:UNSTABLE, unresolved review threads remain, needs_checks:CI / checks-fast-bundled:FAILURE; CI / checks-node-extensions-... | repair failing checks or document unrelated main flake with touched-surface proof |
| [#73724](https://github.com/openclaw/openclaw/pull/73724) | fix(cli): avoid false local gateway unreachable on probe timeout | ghcrawl-156625-autonomous-smoke | clownfish/ghcrawl-156625-autonomous-smoke | security_hold, needs_rebase:CONFLICTING, needs_merge_state:DIRTY, needs_checks:CI / checks-fast-bundled:FAILURE; CI / checks-node-extensi... | route to central security triage |
| [#73403](https://github.com/openclaw/openclaw/pull/73403) | fix(agent): route explicit channel targets per recipient | ghcrawl-157028-autonomous-smoke | clownfish/ghcrawl-157028-autonomous-smoke | needs_rebase:CONFLICTING, needs_merge_state:DIRTY, unresolved review threads remain, needs_checks:ClawSweeper Dispatch / dispatch:FAILURE... | resume branch, rebase onto current main, repair conflicts, run changed checks, rerun review |
| [#73402](https://github.com/openclaw/openclaw/pull/73402) | fix(tui): subscribe to live session transcript updates | ghcrawl-156978-autonomous-smoke | clownfish/ghcrawl-156978-autonomous-smoke | needs_rebase:CONFLICTING, needs_merge_state:DIRTY, unresolved review threads remain, needs_checks:ClawSweeper Dispatch / dispatch:FAILURE... | resume branch, rebase onto current main, repair conflicts, run changed checks, rerun review |
| [#73401](https://github.com/openclaw/openclaw/pull/73401) | fix(agents): load symlinked workspace bootstrap files | ghcrawl-156975-autonomous-smoke | clownfish/ghcrawl-156975-autonomous-smoke | needs_rebase:CONFLICTING, needs_merge_state:DIRTY, unresolved review threads remain, needs_checks:ClawSweeper Dispatch / dispatch:FAILURE... | resume branch, rebase onto current main, repair conflicts, run changed checks, rerun review |
| [#73399](https://github.com/openclaw/openclaw/pull/73399) | fix(feishu): carry forward DM fallback and topic labels | ghcrawl-156980-autonomous-smoke | clownfish/ghcrawl-156980-autonomous-smoke | needs_rebase:CONFLICTING, needs_merge_state:DIRTY, unresolved review threads remain, needs_checks:ClawSweeper Dispatch / dispatch:FAILURE... | resume branch, rebase onto current main, repair conflicts, run changed checks, rerun review |
| [#73395](https://github.com/openclaw/openclaw/pull/73395) | fix(discord): cool down Cloudflare HTML 429 REST failures | ghcrawl-156979-autonomous-smoke | clownfish/ghcrawl-156979-autonomous-smoke | security_hold, needs_rebase:CONFLICTING, needs_merge_state:DIRTY, unresolved review threads remain, needs_checks:ClawSweeper Dispatch / d... | route to central security triage |
| [#73393](https://github.com/openclaw/openclaw/pull/73393) | feat(whatsapp): support newsletter targets in message tool | ghcrawl-156943-autonomous-smoke | clownfish/ghcrawl-156943-autonomous-smoke | needs_rebase:CONFLICTING, needs_merge_state:DIRTY, needs_merge_preflight, needs_result_backfill | resume branch, rebase onto current main, repair conflicts, run changed checks, rerun review |
| [#73388](https://github.com/openclaw/openclaw/pull/73388) | Fix Trinity main-session compatibility mismatch | ghcrawl-156908-autonomous-smoke | clownfish/ghcrawl-156908-autonomous-smoke | needs_rebase:CONFLICTING, needs_merge_state:DIRTY, needs_checks:CI / checks-node-core-fast-support:FAILURE; CI / checks-node-core:FAILURE... | resume branch, rebase onto current main, repair conflicts, run changed checks, rerun review |
| [#73374](https://github.com/openclaw/openclaw/pull/73374) | fix: gate same-model retries to idempotent calls | ghcrawl-156725-autonomous-smoke | clownfish/ghcrawl-156725-autonomous-smoke | needs_rebase:CONFLICTING, needs_merge_state:DIRTY, needs_checks:Parity gate / Run the OpenAI / Opus 4.6 parity gate against the qa-lab mo... | resume branch, rebase onto current main, repair conflicts, run changed checks, rerun review |
| [#73365](https://github.com/openclaw/openclaw/pull/73365) | fix: allow steer messages during active non-streaming runs | ghcrawl-156681-autonomous-smoke | clownfish/ghcrawl-156681-autonomous-smoke | needs_merge_state:UNSTABLE, needs_checks:Parity gate / Run the OpenAI / Opus 4.6 parity gate against the qa-lab mock:FAILURE; CI / checks... | repair failing checks or document unrelated main flake with touched-surface proof |
| [#72409](https://github.com/openclaw/openclaw/pull/72409) | fix(plugins): suppress false duplicate-id warnings across origins | ghcrawl-207039-agentic-merge | clownfish/ghcrawl-207039-agentic-merge | security_route, needs_rebase:CONFLICTING, needs_merge_state:DIRTY, needs_checks:CI / checks-fast-bundled:FAILURE; CI / checks-node-agenti... | route to central security triage |
| [#73732](https://github.com/openclaw/openclaw/pull/73732) | fix(whatsapp): recover group inbound after reconnect churn | ghcrawl-156581-autonomous-smoke | clownfish/ghcrawl-156581-autonomous-smoke | needs_merge_state:UNSTABLE, needs_checks:CI / checks-fast-bundled:FAILURE; CI / checks-node-extensions-shard-4:FAILURE; CI / checks-node-... | repair failing checks or document unrelated main flake with touched-surface proof |
| [#73725](https://github.com/openclaw/openclaw/pull/73725) | fix(webchat): create dashboard sessions from New Chat | ghcrawl-156619-autonomous-smoke | clownfish/ghcrawl-156619-autonomous-smoke | needs_rebase:CONFLICTING, needs_merge_state:DIRTY, unresolved review threads remain, needs_checks:CI / checks-fast-bundled:FAILURE; CI / ... | resume branch, rebase onto current main, repair conflicts, run changed checks, rerun review |
| [#73390](https://github.com/openclaw/openclaw/pull/73390) | Add configurable WebChat send shortcut | ghcrawl-156934-autonomous-smoke | clownfish/ghcrawl-156934-autonomous-smoke | needs_rebase:CONFLICTING, needs_merge_state:DIRTY, unresolved review threads remain, needs_merge_preflight, needs_result_backfill | resume branch, rebase onto current main, repair conflicts, run changed checks, rerun review |
| [#73389](https://github.com/openclaw/openclaw/pull/73389) | feat(slack): publish App Home tab views | ghcrawl-156940-autonomous-smoke | clownfish/ghcrawl-156940-autonomous-smoke | needs_rebase:CONFLICTING, needs_merge_state:DIRTY, needs_merge_preflight, needs_result_backfill | resume branch, rebase onto current main, repair conflicts, run changed checks, rerun review |
| [#73385](https://github.com/openclaw/openclaw/pull/73385) | fix: gate sandbox write tools on writable workspace access | ghcrawl-156881-autonomous-smoke | clownfish/ghcrawl-156881-autonomous-smoke | needs_merge_preflight, needs_result_backfill | backfill merge preflight: security cleared, comments resolved, Codex /review passed, validation recorded |
| [#73385](https://github.com/openclaw/openclaw/pull/73385) | fix: gate sandbox write tools on writable workspace access | ghcrawl-156881-autonomous-smoke | clownfish/ghcrawl-156881-autonomous-smoke | needs_merge_state:UNSTABLE, needs_checks:Parity gate / Run the OpenAI / Opus 4.6 parity gate against the qa-lab mock:FAILURE; CI / checks... | repair failing checks or document unrelated main flake with touched-surface proof |
### Latest ProjectClownfish Closures
@ -196,31 +212,6 @@ Scope: 360 active latest cluster reports. 1 policy-archived cluster(s) are exclu
## How It Works
For a maintainer-facing architecture map of the automation lanes, see
[`docs/INTERNAL_FEATURES.md`](docs/INTERNAL_FEATURES.md).
For the ClawSweeper feedback loop that updates existing generated PRs, see
[`docs/auto-update-prs.md`](docs/auto-update-prs.md).
That loop is marker-driven. ClawSweeper comments use hidden
`clawsweeper-verdict:*` markers, and only actionable PR feedback includes
`clawsweeper-action:fix-required`. Clownfish skips stale head SHAs and caps
automatic repairs at five per PR and one per PR head SHA.
Maintainers can opt an existing Clownfish PR into the bounded merge loop with
`/clownfish automerge`. That adds `clownfish:automerge`, dispatches
ClawSweeper for the current head, lets Clownfish repair trusted
`needs-changes` findings for up to five rounds, and merges only after a trusted
pass verdict for the exact current head plus green checks, clean mergeability,
and explicit `CLOWNFISH_ALLOW_MERGE=1` and `CLOWNFISH_ALLOW_AUTOMERGE=1`
gates.
ClawSweeper commit findings have a separate intake lane. A
`clawsweeper_commit_finding` dispatch fetches the latest markdown commit report,
writes an audit record under `results/commit-findings/`, and only sends the
finding into the PR executor when the issue is narrow, non-security, and still
worth repairing on latest `main`.
Each cluster job:
1. Starts from one markdown job file under `jobs/`.
@ -229,20 +220,24 @@ Each cluster job:
4. Runs Codex with repo-local policy prompts and JSON output schema in a read-only sandbox.
5. Writes structured run artifacts under `.projectclownfish/runs/`.
6. Reviews the worker artifact with deterministic safety checks.
7. Executes credited fix artifacts through `scripts/execute-fix-artifact.mjs` when the fix gate is open: repair a maintainer-editable contributor branch first, otherwise raise a narrow replacement PR, add non-bot source PR authors as replacement co-authors, and close the uneditable source PR after the replacement push succeeds.
7. Executes credited fix artifacts through `scripts/execute-fix-artifact.mjs` when the fix gate is open: repair a maintainer-editable contributor branch first, otherwise raise a narrow replacement PR and close the uneditable source PR after the replacement push succeeds.
8. Applies guarded close/comment and explicit merge actions through `scripts/apply-result.mjs`.
9. Publishes a sanitized result ledger back to this repo under `results/`, `jobs/openclaw/closed/`, `apply-report.json`, and this README dashboard.
Codex does not receive a GitHub token during classification. The runner preflights GitHub state before model execution, then Codex receives those artifacts and returns JSON only. When a reviewed fix artifact is executed, Codex gets a temporary target checkout without GitHub credentials; the deterministic executor owns commit, push, PR creation, and source-PR closeout using `CLOWNFISH_GH_TOKEN`. Commit author metadata defaults to `projectclownfish` and can be overridden with `CLOWNFISH_GIT_USER_NAME` and `CLOWNFISH_GIT_USER_EMAIL`; this is separate from the GitHub token used to push. The applicator re-fetches the target item, checks `updated_at`, blocks unsafe closeouts, writes idempotent close comments, closes supported duplicate/superseded/fixed-by-candidate actions, and can squash-merge explicitly allowed clean PR actions.
Codex does not receive a GitHub token during classification. The runner preflights GitHub state before model execution, then Codex receives those artifacts and returns JSON only. The preferred GitHub auth path is a short-lived installation token minted from `CLOWNFISH_APP_ID` and `CLOWNFISH_APP_PRIVATE_KEY`; legacy `CLOWNFISH_READ_GH_TOKEN` and `CLOWNFISH_GH_TOKEN` secrets remain fallbacks. The read token is narrowed to read-only issue, PR, content, checks, and status access. When a reviewed fix artifact is executed, Codex gets a temporary target checkout without GitHub credentials; the deterministic executor owns commit, push, PR creation, and source-PR closeout using a write-scoped GitHub App token or `CLOWNFISH_GH_TOKEN`. Commit author metadata defaults to `projectclownfish` and can be overridden with `CLOWNFISH_GIT_USER_NAME` and `CLOWNFISH_GIT_USER_EMAIL`; this is separate from the GitHub token used to push. The applicator re-fetches the target item, checks `updated_at`, blocks unsafe closeouts, writes idempotent close comments, closes supported duplicate/superseded/fixed-by-candidate actions, and can squash-merge explicitly allowed clean PR actions.
Merge is deliberately harder than closeout. A merge action must include `merge_preflight` proving security clearance, resolved human comments, resolved review-bot findings, a passed Codex `/review`, addressed review findings, and clean validation commands. The fix executor runs an agentic edit/review loop before it writes a fix PR: edit, validate, Codex `/review`, address findings, revalidate, and resolve PR review threads when permitted. The applicator also checks live unresolved GitHub review threads immediately before merge.
Replacement fix work uses a recoverable target branch named `clownfish/<cluster-id>`. The executor resumes that branch if it already exists and pushes checkpoint commits after agent edits and review-fix edits, adding `Co-authored-by` trailers for non-bot source PR authors when a contributor PR is replaced. It then opens or updates the PR only after validation and Codex `/review` pass. If `/review` still blocks the merge after retries, the run writes a blocked fix report and leaves the checkpoint branch recoverable instead of losing the patch.
Replacement fix work uses a recoverable target branch named `clownfish/<cluster-id>`. The executor resumes that branch if it already exists and pushes checkpoint commits after agent edits and review-fix edits, then opens or updates the PR only after validation and Codex `/review` pass. If `/review` still blocks the merge after retries, the run writes a blocked fix report and leaves the checkpoint branch recoverable instead of losing the patch.
Runs for the same job path and mode are queued instead of running concurrently. The workflow uses Node 24, `blacksmith-4vcpu-ubuntu-2404` for cluster planning/review, and `blacksmith-16vcpu-ubuntu-2404` for fix/apply execution. Fix execution prepares the target checkout with Corepack and the target `pnpm` package manager before validation; the execution job caches Codex, npm, Corepack, and the target pnpm store. Fix validation is pinned to OpenClaw's fast changed-lane posture by default: `pnpm check:changed` plus diff checks are the hard local gate, and target validation commands normalize to `pnpm check:changed` unless `CLOWNFISH_TARGET_VALIDATION_MODE=strict` or `CLOWNFISH_STRICT_TARGET_VALIDATION=1` is explicitly set. Unrelated flaky main CI, broad `pnpm check`, full tests, live, docker, and e2e lanes do not block narrow ProjectClownfish fixes by default.
Full worker prompts, Codex transcripts, and raw artifacts stay in GitHub Actions. The committed ledger keeps only the cluster summary, run URL, action counts, apply outcomes, closed targets, and needs-human entries.
## GitHub App Auth
Create a GitHub App installed on `openclaw/openclaw` and `openclaw/clownfish`. Give it `Contents: write`, `Issues: write`, and `Pull requests: write`; leave webhooks disabled. Store the App ID as repository variable `CLOWNFISH_APP_ID` and the downloaded private key PEM as repository secret `CLOWNFISH_APP_PRIVATE_KEY` in `openclaw/clownfish`. The workflows mint per-job tokens with the minimum permission level needed for that job, so classification stays read-only and execution gets write access only after the execution gate opens. Merge remains disabled unless `CLOWNFISH_ALLOW_MERGE=1`.
## Modes
- `plan`: produces recommendations only.
@ -251,48 +246,9 @@ Full worker prompts, Codex transcripts, and raw artifacts stay in GitHub Actions
- `route_security`: quarantines true security-sensitive refs without poisoning unrelated cluster work.
- `needs_human`: only product-direction, trust-boundary, canonical-choice, merge-path, or contributor-credit decisions that remain unclear after the hydrated artifact and single-item review/check/decide pass.
- Automated reviewer feedback must be cleared during autonomous PR work. Greptile, Codex, Asile, CodeRabbit, Copilot, and similar bot comments must be addressed, proven non-actionable, or escalated before any merge or post-merge closeout recommendation.
- Merge preflight: no PR can merge until `CLOWNFISH_ALLOW_MERGE=1`, security issues are cleared, comments are resolved, Codex `/review` has passed, findings are addressed, and changed-surface validation is clean. With the merge gate closed, ProjectClownfish labels merge-ready targets for human review instead of merging.
- Merge preflight: no PR can merge until `CLOWNFISH_ALLOW_MERGE=1`, security issues are cleared, comments are resolved, Codex `/review` has passed, findings are addressed, and changed-surface validation is clean. With the merge gate closed, ProjectClownfish applies the single `clownfish` label and leaves the final merge to a maintainer.
- Repair ladder: make the useful contributor PR mergeable when its branch is maintainer-editable; otherwise replace draft, stale, unmergeable, uneditable, or unsafe branches with a narrow credited fix PR. When fix PR mode is enabled, "wait or replace" is already answered: replace, preserve credit, then supersede only the source PR that could not be safely updated.
## Maintainer Comment Commands
Clownfish can route maintainer comments from target repositories back into the
cloud repair workflow. It recognizes both command styles:
```text
/clownfish status
@openclaw-clownfish status
```
Do not use `@clownfish`; that is a separate GitHub user. The accepted mention is
`@openclaw-clownfish` or `@openclaw-clownfish[bot]`.
Only maintainers can trigger it. The router checks GitHub `author_association`
and accepts `OWNER`, `MEMBER`, and `COLLABORATOR` by default. Contributor and
unknown comments are ignored without a reply.
Supported commands:
```text
/clownfish status
/clownfish fix ci
/clownfish address review
/clownfish rebase
/clownfish explain
/clownfish stop
@openclaw-clownfish fix ci
```
`status` and `explain` post a short status reply. `fix ci`, `address review`,
and `rebase` dispatch the normal `cluster-worker.yml` repair path, but only for
existing Clownfish PRs identified by the `clownfish` label or `clownfish/*`
branch. `stop` labels the item for human review.
The router writes an idempotency marker into each reply and records processed
comments in `results/comment-router.json`. The scheduled workflow is dry by
default; set `CLOWNFISH_COMMENT_ROUTER_EXECUTE=1` to let scheduled runs post
replies and dispatch workers.
## Local Run
Requires Node 24.
@ -346,15 +302,6 @@ CLOWNFISH_ALLOW_EXECUTE=1 CLOWNFISH_ALLOW_FIX_PR=1 npm run execute-fix -- jobs/o
# Rebuild the open Clownfish PR finalization report without mutating GitHub.
npm run finalize-open-prs -- --write-report
# Dry-run maintainer comment routing. Recognizes `/clownfish ...` and
# `@openclaw-clownfish ...` in recent issue/PR comments.
npm run comment-router -- --repo openclaw/openclaw --lookback-minutes 180
# Execute maintainer comment routing: post replies and dispatch repair workers
# for existing Clownfish PRs when maintainers ask for `fix ci`,
# `address review`, or `rebase`.
npm run comment-router -- --repo openclaw/openclaw --execute --wait-for-capacity
# Dry-run job hygiene: classify old smoke jobs, outbox-ready jobs, unprocessed
# jobs, and requeue candidates without deleting, moving, or dispatching.
npm run sweep-openclaw-jobs -- --live
@ -405,23 +352,12 @@ The workflow needs:
- Codex/OpenAI authentication for model execution
- a read-only GitHub token for worker inspection
- a separate write-scoped GitHub token for the deterministic applicator
- execution gates that default closed: set `CLOWNFISH_ALLOW_EXECUTE=1` and `CLOWNFISH_ALLOW_FIX_PR=1` only for an intentional execution window; otherwise execute/autonomous dispatches render plan-only output and skip mutation steps
- merge is separately gated by `CLOWNFISH_ALLOW_MERGE`; automerge additionally requires `CLOWNFISH_ALLOW_AUTOMERGE`; both default to `0`, and merge-ready PRs are labeled `clownfish:human-review` and `clownfish:merge-ready` for a maintainer to merge manually
- execution gates that default on for execute/autonomous jobs: set `CLOWNFISH_ALLOW_EXECUTE=0` or `CLOWNFISH_ALLOW_FIX_PR=0` only when intentionally pausing live work
- merge is separately gated by `CLOWNFISH_ALLOW_MERGE`; it defaults to `0`, and merge-ready PRs keep only the orange `clownfish` label for a maintainer to merge manually
- optional `CLOWNFISH_CODEX_CLI_VERSION` variable to pin and refresh the cached Codex CLI
- optional `CLOWNFISH_MODEL` override for dispatch scripts; default Codex model is `gpt-5.5`
- optional `CLOWNFISH_MAX_LIVE_WORKERS` variable for dispatch/requeue/self-heal worker fan-out; default is `50`
- optional `CLOWNFISH_MAX_ACTIVE_PRS_PER_AREA` variable for replacement PR backpressure; default is `50` open Clownfish PRs per touched area, `0` disables the area cap, and common changelog/release-note files are ignored for this check
- ClawSweeper commit-finding repair PRs are labeled `clownfish:commit-finding`
- optional `CLOWNFISH_CODEX_TIMEOUT_MS` and `CLOWNFISH_FIX_CODEX_TIMEOUT_MS` variables; worker planning defaults to 30 minutes, while fix execution defaults to a 20 minute Codex budget inside the 30 minute build-PR step so timeout artifacts can be written
- optional `CLOWNFISH_CODEX_REVIEW_ATTEMPTS` and `CLOWNFISH_RESOLVE_REVIEW_THREADS` variables for agentic merge-prep review loops
- optional `CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_PR` and
`CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_HEAD` variables for trusted
ClawSweeper review feedback; defaults are `5` automatic repair iterations per
PR and `1` repair per PR head SHA. The per-PR cap is total across changing
head SHAs and stops the automatic review/repair loop.
- optional `CLOWNFISH_COMMENT_ROUTER_EXECUTE=1` to let the scheduled comment
router respond to maintainer-only `/clownfish ...` and
`@openclaw-clownfish ...` commands. Without it, scheduled runs only write a
dry report.
Keep exact secret names, token scopes, and execution-window procedures in private operations docs or repository settings notes. Do not put token values or live operational credentials in job files.

400
apply-report.json
View File

@ -5918,405 +5918,5 @@
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25084314903",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25084314903",
"cluster_id": "ghcrawl-156593-autonomous-smoke",
"published_at": "2026-04-29T00:57:36.846Z",
"target": "#44118",
"action": "close_superseded",
"status": "blocked",
"classification": "superseded",
"canonical": "#42228",
"candidate_fix": null,
"title": null,
"idempotency_key": "ghcrawl-156593-autonomous-smoke:close_superseded:#44118:2026-04-27T04:43:20Z",
"reason": "close requires ProjectClownfish fix PR opened/pushed or merge executed first",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25085277561",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25085277561",
"cluster_id": "clawsweeper-openclaw-openclaw-73880",
"published_at": "2026-04-29T01:00:44.092Z",
"target": "#73902",
"action": "merge_canonical",
"status": "blocked",
"classification": "fix_pr",
"canonical": null,
"candidate_fix": null,
"title": null,
"idempotency_key": null,
"reason": "job does not allow merge",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25086686616",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25086686616",
"cluster_id": "ghcrawl-156863-autonomous-smoke",
"published_at": "2026-04-29T01:56:43.711Z",
"target": "#73940",
"action": "merge_canonical",
"status": "blocked",
"classification": "fix_pr",
"canonical": null,
"candidate_fix": null,
"title": "fix(feishu): supervise WebSocket retry exhaustion",
"idempotency_key": null,
"reason": "merge requires CLOWNFISH_ALLOW_MERGE=1; labeled clownfish",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25089704776",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25089704776",
"cluster_id": "clawsweeper-commit-openclaw-openclaw-d130a77a3b1e",
"published_at": "2026-04-29T03:44:52.699Z",
"target": "#74049",
"action": "merge_canonical",
"status": "blocked",
"classification": "fix_pr",
"canonical": null,
"candidate_fix": null,
"title": null,
"idempotency_key": null,
"reason": "job does not allow merge",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25090570865",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25090570865",
"cluster_id": "clawsweeper-commit-openclaw-openclaw-5435591f6a1a",
"published_at": "2026-04-29T04:24:16.584Z",
"target": "#74065",
"action": "merge_canonical",
"status": "blocked",
"classification": "fix_pr",
"canonical": null,
"candidate_fix": null,
"title": null,
"idempotency_key": null,
"reason": "job does not allow merge",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25093937673",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25093937673",
"cluster_id": "clawsweeper-commit-openclaw-openclaw-4eba70b532f8",
"published_at": "2026-04-29T06:24:24.988Z",
"target": "#74140",
"action": "merge_canonical",
"status": "blocked",
"classification": "fix_pr",
"canonical": null,
"candidate_fix": null,
"title": null,
"idempotency_key": null,
"reason": "job does not allow merge",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25095715904",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25095715904",
"cluster_id": "clawsweeper-commit-openclaw-openclaw-fda8cc2a9d9a",
"published_at": "2026-04-29T07:17:06.839Z",
"target": "#74180",
"action": "merge_canonical",
"status": "blocked",
"classification": "fix_pr",
"canonical": null,
"candidate_fix": null,
"title": null,
"idempotency_key": null,
"reason": "job does not allow merge",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25100259952",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25100259952",
"cluster_id": "gitcrawl-238884-dedupe-only-20260429c",
"published_at": "2026-04-29T09:11:24.718Z",
"target": "#45129",
"action": "close_superseded",
"status": "blocked",
"classification": "superseded",
"canonical": "#62195",
"candidate_fix": "#62195",
"title": null,
"idempotency_key": "gitcrawl-238884-dedupe-only-20260429c:#45129:close_superseded_by:#62195",
"reason": "target changed since worker review",
"merged_at": null,
"merge_commit_sha": null,
"live_state": "closed",
"live_updated_at": "2026-04-29T09:10:51Z"
},
{
"repo": "openclaw/openclaw",
"run_id": "25105234648",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25105234648",
"cluster_id": "gitcrawl-238856-dedupe-only-20260429c",
"published_at": "2026-04-29T11:19:47.392Z",
"target": "#72963",
"action": "close_duplicate",
"status": "blocked",
"classification": "duplicate",
"canonical": "#72578",
"candidate_fix": null,
"title": null,
"idempotency_key": "gitcrawl-238856-dedupe-only-20260429c:#72963:close-duplicate-of-72578:v1",
"reason": "target changed since worker review",
"merged_at": null,
"merge_commit_sha": null,
"live_state": "closed",
"live_updated_at": "2026-04-29T11:08:43Z"
},
{
"repo": "openclaw/openclaw",
"run_id": "25105230558",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25105230558",
"cluster_id": "low-signal-pr-sweep-20260427T0530-01",
"published_at": "2026-04-29T11:18:00.820Z",
"target": "#55104",
"action": "close_low_signal",
"status": "blocked",
"classification": "low_signal",
"canonical": null,
"candidate_fix": null,
"title": null,
"idempotency_key": "low-signal-pr-sweep-20260427T0530-01:#55104:close_low_signal:2026-03-26T11:09:41Z",
"reason": "target changed since worker review",
"merged_at": null,
"merge_commit_sha": null,
"live_state": "closed",
"live_updated_at": "2026-04-29T11:07:45Z"
},
{
"repo": "openclaw/openclaw",
"run_id": "25105232771",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25105232771",
"cluster_id": "low-signal-pr-sweep-20260425T2355-03",
"published_at": "2026-04-29T11:18:54.853Z",
"target": "#55573",
"action": "close_low_signal",
"status": "blocked",
"classification": "low_signal",
"canonical": null,
"candidate_fix": null,
"title": null,
"idempotency_key": "openclaw/openclaw:low-signal-pr-sweep-20260425T2355-03:#55573:close_low_signal:2026-03-27T09:18:28Z",
"reason": "target changed since worker review",
"merged_at": null,
"merge_commit_sha": null,
"live_state": "closed",
"live_updated_at": "2026-04-29T11:06:47Z"
},
{
"repo": "openclaw/openclaw",
"run_id": "25105238272",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25105238272",
"cluster_id": "gitcrawl-238843-dedupe-only-20260429c",
"published_at": "2026-04-29T11:21:34.657Z",
"target": "#59787",
"action": "close_superseded",
"status": "blocked",
"classification": "superseded",
"canonical": "#59752",
"candidate_fix": null,
"title": null,
"idempotency_key": "gitcrawl-238843-dedupe-only-20260429c:close_superseded:#59787:#59752:2026-04-29T09:20:54Z",
"reason": "target changed since worker review",
"merged_at": null,
"merge_commit_sha": null,
"live_state": "closed",
"live_updated_at": "2026-04-29T11:07:44Z"
},
{
"repo": "openclaw/openclaw",
"run_id": "25105238272",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25105238272",
"cluster_id": "gitcrawl-238843-dedupe-only-20260429c",
"published_at": "2026-04-29T11:21:34.657Z",
"target": "#59795",
"action": "close_superseded",
"status": "blocked",
"classification": "superseded",
"canonical": "#59752",
"candidate_fix": null,
"title": null,
"idempotency_key": "gitcrawl-238843-dedupe-only-20260429c:close_superseded:#59795:#59752:2026-04-09T02:23:45Z",
"reason": "target changed since worker review",
"merged_at": null,
"merge_commit_sha": null,
"live_state": "closed",
"live_updated_at": "2026-04-29T11:07:48Z"
},
{
"repo": "openclaw/openclaw",
"run_id": "25108831266",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25108831266",
"cluster_id": "gitcrawl-238838-dedupe-only-20260429c",
"published_at": "2026-04-29T12:52:53.446Z",
"target": "#42538",
"action": "close_fixed_by_candidate",
"status": "blocked",
"classification": "fixed_by_candidate",
"canonical": "#72417",
"candidate_fix": "#72417",
"title": null,
"idempotency_key": "gitcrawl-238838-dedupe-only-20260429c-close-fixed-by-candidate-42538-v1",
"reason": "target is not listed in job candidates",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25130299053",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25130299053",
"cluster_id": "gitcrawl-16529-dedupe-only-20260429-remote",
"published_at": "2026-04-29T19:53:18.250Z",
"target": "#61970",
"action": "close_fixed_by_candidate",
"status": "blocked",
"classification": "fixed_by_candidate",
"canonical": null,
"candidate_fix": "#64394",
"title": null,
"idempotency_key": "gitcrawl-16529-dedupe-only-20260429-remote|#61970|close_fixed_by_candidate|#64394|2026-04-07T01:42:36Z",
"reason": "candidate fix is not listed in job refs",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25131909532",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25131909532",
"cluster_id": "gitcrawl-2111-dedupe-only-20260429-remote",
"published_at": "2026-04-29T20:34:11.576Z",
"target": "#42261",
"action": "close_fixed_by_candidate",
"status": "blocked",
"classification": "fixed_by_candidate",
"canonical": "#47613",
"candidate_fix": "#47613",
"title": null,
"idempotency_key": "gitcrawl-2111-dedupe-only-20260429-remote:#42261:close_fixed_by_candidate:#47613:2026-04-28T18:42:11Z",
"reason": "target changed since worker review",
"merged_at": null,
"merge_commit_sha": null,
"live_state": "closed",
"live_updated_at": "2026-04-29T20:33:06Z"
},
{
"repo": "openclaw/openclaw",
"run_id": "25132458580",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25132458580",
"cluster_id": "gitcrawl-2282-dedupe-only-20260429-remote",
"published_at": "2026-04-29T20:41:36.630Z",
"target": "#66169",
"action": "close_fixed_by_candidate",
"status": "blocked",
"classification": "fixed_by_candidate",
"canonical": null,
"candidate_fix": "#73942",
"title": null,
"idempotency_key": "pcf:gitcrawl-2282-dedupe-only-20260429-remote:#66169:close_fixed_by_candidate:#73942:2026-04-29T00:56:16Z",
"reason": "candidate fix is not listed in job refs",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25133514336",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25133514336",
"cluster_id": "gitcrawl-2477-dedupe-only-20260429-remote",
"published_at": "2026-04-29T21:01:06.358Z",
"target": "#65745",
"action": "close_fixed_by_candidate",
"status": "blocked",
"classification": "fixed_by_candidate",
"canonical": null,
"candidate_fix": "#73915",
"title": null,
"idempotency_key": "gitcrawl-2477-dedupe-only-20260429-remote:#65745:close_fixed_by_candidate:#73915:2026-04-27T02:30:54Z",
"reason": "candidate fix is not listed in job refs",
"merged_at": null,
"merge_commit_sha": null,
"live_state": null,
"live_updated_at": null
},
{
"repo": "openclaw/openclaw",
"run_id": "25134075609",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25134075609",
"cluster_id": "gitcrawl-2733-dedupe-only-20260429-remote",
"published_at": "2026-04-29T21:23:37.495Z",
"target": "#40760",
"action": "close_superseded",
"status": "blocked",
"classification": "superseded",
"canonical": "#41957",
"candidate_fix": null,
"title": null,
"idempotency_key": "gitcrawl-2733-dedupe-only-20260429-remote:#40760:close_superseded_by:#41957",
"reason": "target changed since worker review",
"merged_at": null,
"merge_commit_sha": null,
"live_state": "closed",
"live_updated_at": "2026-04-29T21:19:40Z"
},
{
"repo": "openclaw/openclaw",
"run_id": "25134553126",
"run_url": "https://github.com/openclaw/clownfish/actions/runs/25134553126",
"cluster_id": "gitcrawl-2880-dedupe-only-20260429-remote",
"published_at": "2026-04-29T21:27:27.619Z",
"target": "#46494",
"action": "close_duplicate",
"status": "blocked",
"classification": "duplicate",
"canonical": "#59287",
"candidate_fix": null,
"title": null,
"idempotency_key": "gitcrawl-2880-dedupe-only-20260429-remote:#46494:close_duplicate:#59287:2026-04-29T07:41:24Z",
"reason": "target changed since worker review",
"merged_at": null,
"merge_commit_sha": null,
"live_state": "closed",
"live_updated_at": "2026-04-29T21:26:32Z"
}
]

504
docs/INTERNAL_FEATURES.md
View File

@ -1,504 +0,0 @@
# Clownfish Internal Feature Map
Read when: changing Clownfish automation, debugging a generated PR, wiring
comment commands, or deciding where a new lane belongs.
This document explains how the current Clownfish features fit together. It is
an internal maintainer map, not a runbook with secrets. Keep token values,
private key material, and one-off execution windows out of this file.
## Design Shape
Clownfish is a conservative, targeted automation layer for OpenClaw issue and
PR maintenance. It does not scan the whole backlog by itself. It takes a known
cluster, hydrates current GitHub state, asks Codex for a structured decision,
then lets deterministic scripts perform the allowed writes.
The core invariants:
- One cluster maps to one job file.
- One implementation path maps to one branch: `clownfish/<cluster-id>`.
- One branch should produce or update one PR.
- Codex workers do not get GitHub write tokens.
- GitHub writes happen through deterministic scripts with live-state checks.
- Merge stays closed unless a maintainer explicitly opens the merge gate.
- Security-sensitive work is out of scope and must be routed elsewhere.
## Main Objects
### Job File
Path: `jobs/<repo-slug>/inbox/*.md`
A job file is the durable request. It contains frontmatter for the repo,
cluster id, refs, mode, allowed actions, gates, and the maintainer prompt. It
is committed before dispatch because Actions reads the job file from GitHub.
Common creation paths:
- `npm run create-job -- --repo openclaw/openclaw --refs 123 --prompt-file /tmp/prompt.md`
- `npm run create-job -- --from-report ../clawsweeper/records/.../items/123.md`
- gitcrawl import scripts for larger clustered backlog batches
`create-job` checks for an existing matching PR or branch before writing a new
job. That is the primary duplicate-PR guard.
### Cluster Plan
Path: `.projectclownfish/runs/<run>/cluster-plan.json`
Created by `scripts/plan-cluster.mjs`. It hydrates the listed GitHub refs,
linked refs, labels, bodies, comments, PR files, PR reviews, PR review
comments, checks, and current `main` state. The Codex worker receives this as
its live evidence bundle.
### Worker Result
Path: `.projectclownfish/runs/<run>/result.json`
Created by `scripts/run-worker.mjs` via `codex exec` using
`schemas/codex-result.schema.json`. The worker can recommend actions and fix
artifacts, but it must not mutate GitHub directly.
`scripts/review-results.mjs` validates the result before any follow-up lane
trusts it.
### Fix Artifact
Path: `.projectclownfish/runs/<run>/fix-artifact.json` and embedded result
fields.
A fix artifact tells the deterministic executor how to repair a contributor
branch or create/update a Clownfish replacement branch. It includes likely
files, validation commands, credit notes, changelog requirements, source PRs,
and the planned PR title/body.
### Published Ledger
Paths:
- `results/runs/*.json`
- `results/openclaw/*.md`
- `apply-report.json`
- `README.md` dashboard sections
These are the sanitized durable record. Full prompts, transcripts, and raw run
artifacts stay in Actions artifacts or local `.projectclownfish/runs`.
## Modes
### `plan`
Read-only recommendation mode. The worker classifies the cluster and returns
structured JSON. No GitHub writes should happen.
### `execute`
Structured-result application mode. It can apply reviewed safe comments,
closures, and explicit merge actions, but only through deterministic scripts
and only when gates permit.
### `autonomous`
Full targeted repair mode. Clownfish hydrates live state, asks Codex to produce
or refine a fix plan, then `execute-fix-artifact` can repair a branch or open a
replacement PR. Direct mutation still happens outside Codex.
## Cloud Worker Flow
Workflow: `.github/workflows/cluster-worker.yml`
The cluster worker has two jobs:
1. `cluster`
- checks out Clownfish
- mints a read GitHub App token when configured
- installs Codex
- validates the job
- hydrates the cluster
- runs Codex in read-only mode
- reviews the structured result
- uploads transfer artifacts
2. `execute`
- runs only for `execute` or `autonomous`
- mints a write GitHub App token when configured
- downloads worker artifacts
- runs `execute-fix-artifact`
- runs `apply-result`
- runs `post-flight`
- labels Clownfish targets
- uploads final artifacts
The workflow concurrency group is based on job path and mode, so repeat
dispatches of the same job queue instead of racing each other.
## Creating Implementation PRs
Script: `scripts/execute-fix-artifact.mjs`
This is the PR creation and branch repair engine.
It can:
- update a maintainer-editable contributor branch when that path is safe
- fall back to a replacement branch when the source branch is uneditable or
unsafe
- create or update `clownfish/<cluster-id>`
- push checkpoint commits after Codex edits
- run changed-surface validation
- run Codex `/review`
- address Codex review findings
- open or update the target PR
- post an idempotent adopted-automerge outcome comment when no executable fix
artifact is available
- preserve contributor credit in co-author trailers, PR body, and closeout comments
The executor prepares a temporary checkout of the target repo. Codex edits that
checkout without GitHub credentials. The deterministic executor commits,
pushes, opens PRs, and comments using the GitHub token.
When replacing a meaningful contributor PR, the executor fetches the source PR
author, skips bot authors, adds `Co-authored-by` trailers to replacement
checkpoint commits, records carried-forward credit in the replacement PR body,
and says in the source close comment that the contribution is carried forward
rather than rejected.
Generated Clownfish PRs are marked by:
- branch prefix: `clownfish/`
- `clownfish` label from `scripts/tag-clownfish-targets.mjs`
- author usually `app/openclaw-clownfish`
Current operational gotcha: OpenClaw's PR queue policy can close PRs when the
Clownfish app author has more than 10 active PRs. That is a target-repo policy
interaction, not evidence that the generated PR is invalid. Reduce or land the
active Clownfish queue before reopening those PRs.
Replacement PR creation also has a per-area backpressure guard. Before opening a
new `clownfish/*` replacement branch, `execute-fix-artifact` groups the proposed
`likely_files` into touched areas such as `extensions/discord`, `src/core`, or
`docs`, reads open Clownfish PRs in the target repo, and blocks if the same area
already has `CLOWNFISH_MAX_ACTIVE_PRS_PER_AREA` open Clownfish PRs. The default
limit is `50`; set it to `0` only for a deliberately uncapped execution window.
Common changelog and release-note files are ignored for this backpressure check
because they are shared support files rather than a meaningful repair area.
## ClawSweeper Commit Findings
Workflow: `.github/workflows/commit-finding-intake.yml`
Script: `scripts/commit-finding-intake.mjs`
ClawSweeper can dispatch `clawsweeper_commit_finding` when a main-branch commit
review report has `result: findings`. Clownfish treats that report as a source
finding, not as an order to open a PR.
The intake step fetches the report from latest `openclaw/clawsweeper@main`,
writes one audit file, and then decides whether an automatic repair PR is
allowed:
- audit path: `results/commit-findings/<repo-slug>/<sha>.md`
- job path: `jobs/<owner>/inbox/clawsweeper-commit-<repo-slug>-<shortsha>.md`
- branch: `clownfish/clawsweeper-commit-<repo-slug>-<shortsha>`
Non-finding, disabled, security/privacy/supply-chain, and broad findings stop
at the audit record. Eligible ordinary bug/regression/reliability findings get a
deterministic synthetic Clownfish result and fix artifact. That skips the normal
cluster-planning Codex pass and sends the report straight to
`execute-fix-artifact`, where Codex is used for the repair loop against latest
target `main`.
Commit-finding fix artifacts set `allow_no_pr: true`. If the repair loop
verifies the report but produces no target-repo diff, Clownfish records a clean
skipped no-PR outcome instead of failing the workflow.
The generated job uses `source: clawsweeper_commit` and may have no issue/PR
`candidates`. The fix artifact uses `repair_strategy: new_fix_pr`; merge and
close actions remain blocked.
## Applying Comments, Closures, And Merges
Script: `scripts/apply-result.mjs`
This script owns safe GitHub mutations from reviewed worker results.
It re-fetches every live target before writing. It blocks when:
- the target changed since review
- the target is closed
- the target is maintainer-authored and not explicitly allowed
- the target is security-sensitive
- the job does not allow the action
- the action lacks required canonical/fix evidence
- merge preflight is incomplete
Close comments include idempotency markers so reruns do not post duplicates.
Merging is intentionally hard. Merge requires:
- job allows merge
- `allow_merge: true`
- `CLOWNFISH_ALLOW_MERGE=1`
- clean merge state
- clean relevant checks
- resolved human review threads
- resolved review-bot findings
- passed Codex `/review`
- validation evidence
- security clearance
With merge gated closed, Clownfish labels ready candidates for human review
instead of merging.
## Post-Flight Finalization
Script: `scripts/post-flight.mjs`
Post-flight watches the PRs that `execute-fix-artifact` opened or repaired.
It waits for merge readiness, validates merge preflight, and either:
- merges when the merge gate is explicitly open, or
- labels the PR with human-review/merge-ready labels, or
- records the exact blocker.
After a canonical fix lands, post-flight can apply planned post-merge closeouts
for duplicate or superseded items covered by that fix.
## Open PR Finalizer
Workflow: `.github/workflows/finalize-open-prs.yml`
Script: `scripts/finalize-open-prs.mjs`
The finalizer scans open Clownfish PRs in the target repo. It finds PRs by the
`clownfish` label and `clownfish/*` branch prefix. It classifies blockers:
- draft
- stale/conflicting branch
- dirty or unknown merge state
- failing or pending checks
- unresolved review threads
- review required or changes requested
- missing merge preflight
- missing result backfill
- security hold
When `--dispatch-repairs --execute` is enabled, it dispatches the existing
cluster job back through `cluster-worker.yml` instead of creating another PR.
The idempotency key includes target repo, PR number, and head SHA, so the same
PR/head is not repeatedly repaired unless `--allow-repeat` is used.
This is the lane to extend for richer CI self-repair. The next improvement is
to fetch compact failed-check logs, classify transient infra failures, rerun
clearly transient jobs, and pass branch-caused failures into the repair prompt.
## Self-Heal Failed Clownfish Runs
Workflow: `.github/workflows/self-heal.yml`
Script: `scripts/self-heal-failed-runs.mjs`
Self-heal retries failed Clownfish cluster-worker runs. It reads published
`results/runs/*.json`, selects the latest failed run per source job, skips jobs
already retried unless `--allow-repeat` is set, and dispatches fresh worker
runs.
Important distinction: this heals failed Clownfish worker runs. It does not
currently inspect target PR CI logs. Target PR repair belongs in the open PR
finalizer/comment command repair path.
## Maintainer Comment Routing
Workflow: `.github/workflows/comment-router.yml`
Scripts:
- `scripts/comment-router.mjs`
- `scripts/comment-router-core.mjs`
Comment routing scans recent target-repo issue/PR comments and accepts only
maintainer-authored commands. Default allowed GitHub `author_association`
values:
- `OWNER`
- `MEMBER`
- `COLLABORATOR`
Contributor comments are ignored without a reply.
The generated-PR auto-update design is documented in
[`docs/auto-update-prs.md`](auto-update-prs.md). That lane lets trusted
ClawSweeper comments dispatch a repair run for an existing Clownfish PR or a
PR explicitly opted into `clownfish:automerge` without allowing arbitrary
comment authors to trigger work.
Accepted command styles:
```text
/clownfish status
@openclaw-clownfish status
@openclaw-clownfish[bot] status
```
Do not use `@clownfish`; that is a separate GitHub user.
Supported commands:
```text
/clownfish status
/clownfish fix ci
/clownfish address review
/clownfish rebase
/clownfish automerge
/clownfish explain
/clownfish stop
@openclaw-clownfish fix ci
```
Behavior:
- `status` and `explain`: post a short status response.
- `fix ci`: dispatch the existing Clownfish PR's job for repair.
- `address review`: dispatch the existing Clownfish PR's job for repair.
- `rebase`: dispatch the existing Clownfish PR's job for repair.
- `automerge`: label any open PR with `clownfish:automerge`, create an
adopted job if needed, and dispatch a ClawSweeper review for the current
head.
- `stop`: label the item for human review.
Repair commands apply to existing Clownfish PRs and PRs opted into
`clownfish:automerge`. The router finds Clownfish PRs by `clownfish` label,
`clownfish/*` branch, or configured Clownfish author login, resolves or creates
the backing job, posts one idempotent response marker, and dispatches
`cluster-worker.yml`.
Trusted ClawSweeper comments become `clawsweeper_auto_repair`. Preferred
comments use hidden `clawsweeper-verdict:*` markers and include
`clawsweeper-action:fix-required` only when Clownfish should wake up. For PRs
already opted into `clownfish:automerge`, a trusted `needs-human` verdict also
wakes the bounded repair/rebase loop; explicit `human-review` still pauses the
loop. The default caps are five automatic repair iterations per PR and one
dispatch per PR head SHA. The per-PR cap is total across head SHA changes, so
repeated findings on the same commit do not stampede the branch and a single PR
cannot loop forever.
For PRs labeled `clownfish:automerge`, trusted ClawSweeper `pass`, `approved`,
or `no-changes` verdict markers become `clawsweeper_auto_merge`. The router
merges only when the marker SHA matches the current PR head, checks are green,
GitHub mergeability is clean, no human-review label is present, and both
`CLOWNFISH_ALLOW_MERGE=1` and `CLOWNFISH_ALLOW_AUTOMERGE=1` are set. Otherwise
it leaves the PR open and labels it `clownfish:merge-ready` when appropriate.
The scheduled workflow is dry by default. Set
`CLOWNFISH_COMMENT_ROUTER_EXECUTE=1` to let scheduled runs post replies and
dispatch workers. Manual workflow dispatch can also pass `execute=true`.
Branch mutation still requires the downstream `CLOWNFISH_ALLOW_EXECUTE=1` and
`CLOWNFISH_ALLOW_FIX_PR=1` gates.
Ledgers:
- `results/comment-router.json`: processed command ledger
- `results/comment-router-latest.json`: latest scan report
## Label Backfill
Script: `scripts/tag-clownfish-targets.mjs`
This script labels Clownfish-created or Clownfish-tracked PRs/issues in the
target repo. It helps downstream tools and maintainers distinguish generated
work from ordinary contributor work.
The exact label is `clownfish`. The script intentionally refuses alternate
label names to keep the marker stable.
## Job Hygiene
Scripts:
- `scripts/sweep-openclaw-jobs.mjs`
- `scripts/promote-stuck-jobs.mjs`
- `scripts/requeue-job.mjs`
These scripts manage the Clownfish backlog:
- move finalized jobs out of inbox
- park old or never-run jobs in outbox/stuck
- promote parked jobs back into inbox
- resolve a run id or job path and requeue it
They should not create new implementation PRs by themselves. They control job
inventory and dispatch pressure.
## Dashboard Publishing
Workflow: `.github/workflows/publish-results.yml`
Script: `scripts/publish-result.mjs`
Publishing turns raw run artifacts into durable, sanitized summaries. It updates
the README dashboard, per-cluster markdown reports, and aggregate JSON ledgers.
The README dashboard is the public status surface, but it is derived from the
latest published artifacts. For live truth, check GitHub Actions and the target
PR directly.
## Gates And Variables
Important gates:
- `CLOWNFISH_ALLOW_EXECUTE`: allows deterministic write lanes. Workflows treat
any value except literal `1` as closed.
- `CLOWNFISH_ALLOW_FIX_PR`: allows branch repair and replacement PR creation.
Workflows treat any value except literal `1` as closed.
- `CLOWNFISH_ALLOW_MERGE`: allows Clownfish to merge. Keep this `0` unless a
maintainer explicitly opens it.
- `CLOWNFISH_ALLOW_AUTOMERGE`: allows the comment router to merge a
`clownfish:automerge` PR after ClawSweeper passes the exact current head.
Keep this `0` unless a maintainer explicitly opens an automerge window.
- `CLOWNFISH_COMMENT_ROUTER_EXECUTE`: lets scheduled comment routing post
replies and dispatch workers.
Important defaults:
- `CLOWNFISH_MODEL`: default worker model, usually `gpt-5.5`.
- `CLOWNFISH_CODEX_REASONING_EFFORT`: model reasoning effort; use `xhigh` for
difficult repair work.
- `CLOWNFISH_MAX_LIVE_WORKERS`: dispatch capacity guard.
- `CLOWNFISH_MAX_ACTIVE_PRS_PER_AREA`: replacement PR area backpressure; default
is `50` open Clownfish PRs per touched area, and `0` disables the cap.
- ClawSweeper commit-finding repair PRs get the `clownfish:commit-finding`
label in addition to the standard `clownfish` tracking label.
- `CLOWNFISH_TARGET_VALIDATION_MODE`: changed-only validation by default.
- `CLOWNFISH_RESOLVE_REVIEW_THREADS`: lets fix execution resolve threads after
it addresses them.
## Where To Add New Behavior
- New issue/PR-to-PR entrypoint: extend `create-job` or add an importer that
writes the same job schema.
- Better CI self-repair: extend `finalize-open-prs` to collect failed check
logs and classify rerun vs repair.
- New maintainer command: extend `comment-router-core.mjs` parsing and
`comment-router.mjs` execution.
- New mutation type: add schema support, worker prompt policy, result review
validation, and deterministic application in `apply-result`.
- New dashboard field: publish it from `publish-result`, not from ad hoc README
edits.
## Safety Checklist For Changes
Before shipping automation changes:
```bash
npm run validate
for f in scripts/*.mjs; do node --check "$f" || exit 1; done
actionlint .github/workflows/<changed-workflow>.yml
git diff --check
```
For live lanes, dry-run first when available:
```bash
npm run comment-router -- --repo openclaw/openclaw --lookback-minutes 180
npm run finalize-open-prs -- --write-report
npm run tag-clownfish -- --live
```
Do not treat a dry report as permission to mutate. A maintainer still needs to
open the relevant execution gate or run the workflow with `execute=true`.

156
docs/OPERATIONS.md
View File

@ -1,18 +1,5 @@
# Operations
For the internal feature map across job creation, PR generation, comment
commands, finalizers, self-heal, gates, and ledgers, see
[`docs/INTERNAL_FEATURES.md`](INTERNAL_FEATURES.md).
For the trusted ClawSweeper-to-Clownfish PR repair loop, see
[`docs/auto-update-prs.md`](auto-update-prs.md).
For commit-review findings, ClawSweeper dispatches
`clawsweeper_commit_finding` to this repository. Clownfish fetches the latest
markdown report, writes `results/commit-findings/<repo-slug>/<sha>.md`, and
only opens a PR when the finding is an ordinary narrow bug/regression candidate.
Security/privacy/supply-chain and broad findings are audit-only.
## Batch Flow
1. Create or export cluster job markdown files under `jobs/<repo>/`.
@ -37,74 +24,9 @@ Security/privacy/supply-chain and broad findings are audit-only.
10. Dispatch execute/autonomous jobs for reviewed clusters only. Workers still return JSON; `execute-fix-artifact` owns branch repair/replacement PR creation, and `apply-result` performs remaining safe GitHub mutations afterward.
11. Reset `CLOWNFISH_ALLOW_EXECUTE=0` and `CLOWNFISH_ALLOW_FIX_PR=0`.
## Manual Fix PR From Issue or PR Refs
Use `scripts/create-job.mjs` when ClawSweeper or a maintainer has identified a
valid issue/PR cluster that should get one implementation PR. It writes one
idempotent job file and checks for an existing open PR or branch before creating
another job.
```bash
npm run create-job -- \
--repo openclaw/openclaw \
--refs 123,456 \
--prompt-file /tmp/clownfish-prompt.md
```
From a ClawSweeper report, reuse the stored work prompt, related refs,
validation, and likely files:
```bash
npm run create-job -- --from-report ../clawsweeper/records/openclaw-openclaw/items/123.md
```
The generated job defaults to `mode: autonomous`, `allow_fix_pr: true`,
`allow_instant_close: false`, `allow_merge: false`, and
`require_fix_before_close: true`. `close_duplicate` actions can still consolidate
duplicate threads, but `close_fixed_by_candidate` waits for a merged candidate
fix unless a maintainer explicitly sets `allow_unmerged_fix_close: true`.
Commit and push the new job file, then dispatch it:
```bash
npm run validate:job -- jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-123.md
npm run dispatch -- jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-123.md --mode autonomous
```
To ask for a replacement PR from an existing useful but uneditable source PR,
make the prompt explicit:
```md
Treat #123 as useful source work. If the branch cannot be safely updated
because it is uneditable, stale, draft-only, or unsafe, create a narrow
Clownfish replacement PR instead of waiting. Preserve the source PR author as
co-author, credit the source PR in the replacement PR body, and close only that
source PR after the replacement PR is opened.
```
Keep `CLOWNFISH_ALLOW_MERGE=0` unless a human explicitly opens the merge gate.
## Manual Fix PR From Commit Finding
Use the `commit finding intake` workflow for a ClawSweeper commit report:
```bash
gh workflow run commit-finding-intake.yml \
--repo openclaw/clownfish \
-f target_repo=openclaw/openclaw \
-f commit_sha=<sha> \
-f report_repo=openclaw/clawsweeper \
-f report_path=records/openclaw-openclaw/commits/<sha>.md
```
The workflow is idempotent for the commit SHA. It updates the same audit file,
job file, branch, and PR path on rerun.
If latest `main` no longer needs a fix, the generated artifact allows a clean
no-PR outcome and the audit file records the skip.
## Security Boundary
Security-sensitive work is centrally managed outside ProjectClownfish. The importer skips those clusters by default, the job schema rejects `security_sensitive: true`, the planner marks hydrated security-sensitive items only from explicit security labels or structured ClawSweeper security markers, `review-results` fails mutating recommendations against those items, and live merge/close finalizers re-check those deterministic signals before mutating.
Security-sensitive work is centrally managed outside ProjectClownfish. The importer skips those clusters by default, the job schema rejects `security_sensitive: true`, the planner marks any hydrated security-sensitive item, `review-results` fails mutating recommendations against those items, and `apply-result` blocks live targets with security-sensitive labels/title/body.
Use the central OpenClaw security path for:
@ -113,7 +35,6 @@ Use the central OpenClaw security path for:
- SSRF, XSS, CSRF, RCE, auth-token leakage, or similar security-class bugs.
This boundary is intentionally conservative. If a cluster is borderline, do not stage it here.
For adopted automerge jobs, do not classify security from review prose at planning, repair, merge, or closeout time. ClawSweeper must emit a deterministic marker such as `<!-- clawsweeper-security:security-sensitive item=<pr> sha=<head-sha> -->` when the automerge loop should route the PR to central security handling.
## Auto-Closure
@ -130,8 +51,6 @@ It only applies closure actions when all of these are true:
- GitHub still reports the same `updated_at`;
- the target is open and not maintainer-authored.
- the target is not security-sensitive.
- `close_fixed_by_candidate` has a merged candidate fix unless
`allow_unmerged_fix_close: true` was set by a maintainer.
The applicator writes an idempotency marker into the close comment before closing. Re-runs skip already-applied comments/closures instead of posting twice.
@ -162,81 +81,12 @@ npm run dispatch -- jobs/openclaw/cluster-*.md --mode plan --runner blacksmith-4
The workflow uses Node 24 and logs Codex in with `OPENAI_API_KEY`, while also passing `CODEX_API_KEY` to `codex exec`. Set `CODEX_API_KEY` to the same value unless you intentionally separate CI auth.
Codex runs in a read-only sandbox for classification and receives no GitHub token. GitHub read access is scoped to deterministic preflight scripts. For reviewed fix artifacts, `execute-fix-artifact` gives Codex a temporary target checkout without GitHub credentials, then the deterministic executor commits, pushes, opens the replacement PR, and closes uneditable source PRs only after the replacement exists. When a replacement carries contributor work forward, non-bot source PR authors are added as `Co-authored-by` trailers and named in the replacement PR body and source close comment. Remaining write access is scoped to `apply-result`.
Codex runs in a read-only sandbox for classification and receives no GitHub token. GitHub read access is scoped to deterministic preflight scripts. For reviewed fix artifacts, `execute-fix-artifact` gives Codex a temporary target checkout without GitHub credentials, then the deterministic executor commits, pushes, opens the replacement PR, and closes uneditable source PRs only after the replacement exists. Remaining write access is scoped to `apply-result`.
Runs for the same job path and mode share a concurrency group. Different cluster jobs can still run in parallel.
Live preflight hydrates job-provided refs by default and records linked refs without expanding them. Set repo variables `CLOWNFISH_MAX_LINKED_REFS` above `0` only for small clusters that need first-hop context and `CLOWNFISH_HYDRATE_COMMENTS=1` when comment bodies are necessary evidence; normal scale runs use issue/PR metadata, body excerpts, PR files, and PR checks.
## Maintainer Comment Routing
`npm run comment-router` scans recent issue and PR comments in the target repo.
It accepts only maintainer-authored commands, gated by GitHub
`author_association` values `OWNER`, `MEMBER`, or `COLLABORATOR` by default.
Contributor comments are ignored without a reply.
Supported triggers:
```text
/clownfish status
/clownfish fix ci
/clownfish address review
/clownfish rebase
/clownfish explain
/clownfish stop
@openclaw-clownfish fix ci
```
Repair commands apply to existing Clownfish PRs and to PRs opted into
`clownfish:automerge`. Existing Clownfish PRs are identified by the
`clownfish` label or `clownfish/*` branch prefix. Opted-in non-Clownfish PRs
get an adopted job at `jobs/<owner>/inbox/automerge-<owner>-<repo>-<pr>.md`.
The router posts one idempotent reply with a hidden marker and dispatches the
normal `cluster-worker.yml` repair path. It records processed comment versions
in `results/comment-router.json`. For durable ClawSweeper comments,
idempotency is per comment id plus GitHub `updated_at`, and response markers
include the target PR head SHA. That lets edited ClawSweeper comments wake
Clownfish again after the PR branch changes while unchanged comment versions
remain idempotent.
If the adopted automerge worker returns no executable fix artifact, the
executor posts one idempotent outcome comment on the opted-in PR. That status
comment is the audit trail for no-op repair passes: it says no branch update,
replacement PR, merge, or new ClawSweeper review was started, then lists the
worker summary and actions.
The router also has a trusted automation path for ClawSweeper comments on
Clownfish PRs and PRs labeled `clownfish:automerge`. Default trusted authors
are `clawsweeper[bot]` and `openclaw-clawsweeper[bot]`; override with
`CLOWNFISH_TRUSTED_BOTS`. Preferred
ClawSweeper comments include `clawsweeper-verdict:*` markers plus a
`clawsweeper-action:fix-required` marker when Clownfish should wake up. The
router dispatches at most five automatic repair iterations per PR and at most
one auto-repair per PR head SHA by default, controlled by
`CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_PR` and
`CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_HEAD`. The per-PR cap is total across
head SHA changes, so the automatic loop stops after five ClawSweeper-triggered
repair passes.
Maintainers can start the bounded review/fix/merge loop on any open PR with
`/clownfish automerge`. The router adds `clownfish:automerge`, creates an
adopted job when needed, dispatches ClawSweeper for the current head, and then
reacts to trusted ClawSweeper markers. `needs-changes` repairs the source
branch when safe or opens a credited replacement when it is not; `pass`,
`approved`, or `no-changes` may merge only when the marker SHA matches the
current head, checks and mergeability are clean, no human-review label is
present, and both `CLOWNFISH_ALLOW_MERGE=1` and
`CLOWNFISH_ALLOW_AUTOMERGE=1` are set. A trusted `needs-human` verdict on an
opted-in PR dispatches the repair/rebase loop so Clownfish can reconcile the
branch before asking again. `/clownfish stop` or an explicit `human-review`
verdict adds `clownfish:human-review` and pauses the loop.
The scheduled workflow is dry by default. Set
`CLOWNFISH_COMMENT_ROUTER_EXECUTE=1` in repo variables to let scheduled runs
post replies and dispatch workers. Manual workflow dispatch can also pass
`execute=true`. Branch mutation still requires the downstream execution gates,
including `CLOWNFISH_ALLOW_EXECUTE=1` and `CLOWNFISH_ALLOW_FIX_PR=1`.
## Token Strategy
Prefer a fine-grained token or GitHub App token.
@ -245,7 +95,7 @@ Minimum useful permissions depend on action tier:
- `CLOWNFISH_READ_GH_TOKEN`: metadata, issues read, pull requests read, contents read; do not use a broad PAT here
- `CLOWNFISH_GH_TOKEN`: issues write, pull requests write
- merge/automerge: contents write, pull requests write, issues write
- merge: contents write and pull requests write
- fix PRs: contents write, pull requests write, issues write
Do not put tokens in job files. Codex receives no GitHub token; the read token is scoped to preflight, and the write token is scoped to the deterministic apply step.

280
docs/auto-update-prs.md
View File

@ -1,280 +0,0 @@
# Auto-Updating Clownfish PRs
Read when: changing Clownfish PR repair automation, ClawSweeper review
integration, comment routing, duplicate dispatch guards, or generated-PR
marking.
## Goal
Clownfish-created PRs and maintainer-opted existing PRs should keep improving
after they are opened. When ClawSweeper reviews an opted-in PR and leaves
actionable feedback, Clownfish can dispatch the backing job again and update
the existing branch when safe. It must not create another PR for the same issue
cluster unless the source branch cannot be safely updated, and it must not
react to ordinary contributor comments.
The loop is intentionally small:
1. Clownfish opens `clownfish/<cluster-id>` or a maintainer comments
`/clownfish automerge` on any open PR.
2. Clownfish dispatches ClawSweeper's item-specific `repository_dispatch` lane
to review that PR head.
3. The comment router sees trusted ClawSweeper feedback.
4. Clownfish dispatches the existing or adopted job through
`cluster-worker.yml`.
5. The repair worker pushes another commit to the source branch if it finds a
safe, narrow fix, or opens a credited replacement when the source branch
cannot be safely updated.
6. ClawSweeper reviews the updated PR again.
## Trust Model
There are two accepted input lanes.
Maintainer commands:
- author association must be `OWNER`, `MEMBER`, or `COLLABORATOR` by default;
- when GitHub App tokens return a weaker association for a maintainer, the
router falls back to repository collaborator permission and accepts `admin`,
`maintain`, or `write` by default;
- supported commands are `/clownfish fix ci`, `/clownfish address review`,
`/clownfish rebase`, `/clownfish automerge`, `/clownfish status`,
`/clownfish explain`, and `/clownfish stop`;
- commands from contributors are ignored without a reply.
Trusted automation:
- author login must be in `CLOWNFISH_TRUSTED_BOTS`;
- default trusted bot logins are `clawsweeper[bot]` and
`openclaw-clawsweeper[bot]`;
- the target must be a Clownfish PR or a PR labeled `clownfish:automerge`;
- the action becomes `clawsweeper_auto_repair`.
The trusted automation lane exists only for review bots we control. It does
not treat random `@clownfish`, `@openclaw-clownfish`, or contributor prose as
permission to spend workers or push commits.
## Review Comment Shape
ClawSweeper comments are meant to be readable by maintainers and parseable by
Clownfish. The visible text should say whether the PR needs changes, what
change is required before merge, what acceptance criteria would prove the fix,
what evidence was checked, and what risk remains.
The hidden markers at the bottom are the automation contract. Clownfish should
prefer markers over prose whenever they exist. The action marker is omitted for
pass, approved, needs-human, failed, or inconclusive reviews.
## Clownfish PR Markers
The router considers a PR to be from Clownfish when any of these are true:
- branch starts with `clownfish/`;
- the PR has the `clownfish` label;
- PR author login is in `CLOWNFISH_AUTHOR_LOGINS`.
The branch prefix is the durable identity because it maps directly back to the
cluster id and job path. The label and author checks are compatibility markers
for already-open PRs and dashboard tools.
## Automerge Opt-In
Maintainers can opt any open PR into the bounded merge loop with:
```text
/clownfish automerge
```
The command adds `clownfish:automerge`, asks ClawSweeper to review the current
PR head, creates a durable adopted Clownfish job when the PR is not already
backed by one, and leaves an idempotent comment. The adopted job lives at
`jobs/<owner>/inbox/automerge-<owner>-<repo>-<pr>.md`; it lets the normal
repair worker update the contributor branch when GitHub says that is safe, or
open a credited replacement when it is not. `/clownfish stop` pauses the loop
by adding `clownfish:human-review`.
If the repair worker completes without an executable fix artifact, the executor
posts an idempotent outcome comment on the opted-in PR. That comment records
that no branch push, rebase, replacement PR, merge, or ClawSweeper re-review
was started, and includes the worker summary plus planned/skipped actions.
Automerge has two explicit gates:
```bash
CLOWNFISH_ALLOW_MERGE=1
CLOWNFISH_ALLOW_AUTOMERGE=1
```
If ClawSweeper passes the exact current head while either gate is closed,
Clownfish labels the PR `clownfish:merge-ready` and comments instead of
merging.
## ClawSweeper Trigger
Preferred ClawSweeper comments should include hidden verdict and action
markers:
```html
<!-- clawsweeper-verdict:needs-changes sha=<head-sha> finding=<id> -->
<!-- clawsweeper-action:fix-required sha=<head-sha> finding=<id> -->
```
Positive or human-only reviews should use a verdict marker without a repair
action:
```html
<!-- clawsweeper-verdict:pass sha=<head-sha> -->
<!-- clawsweeper-verdict:needs-human sha=<head-sha> -->
```
Accepted marker actions:
- `fix-required`
- `repair-required`
- `address-review`
- `fix-ci`
Accepted repair verdicts:
- `needs-changes`
- `changes-requested`
- `fix-required`
- `repair-required`
`pass`, `approved`, and `no-changes` verdicts never repair. On a PR opted into
`clownfish:automerge`, a pass verdict for the exact current head can merge only
after required checks, mergeability, review state, and both merge gates are
green. `needs-human` still wakes the bounded repair/rebase loop for an opted-in
PR so Clownfish can reconcile conflicts, failing checks, and review follow-up
before asking again. `human-review` and `/clownfish stop` pause automerge by
adding `clownfish:human-review`.
The router also has a conservative fallback for current ClawSweeper review
comments. It only applies to trusted bot authors and looks for phrases like
`keep this PR open`, `needs follow-up`, `still missing`, `unresolved review`,
or `failing checks`. It ignores positive summaries such as `no actionable`,
`looks good`, `safe to merge`, and `no findings`.
The marker is still the preferred contract. It is easier to audit and safer
than relying on prose.
## Duplicate Guards
Clownfish has three layers of duplicate protection:
- job creation checks for an existing open PR or branch before writing a new
job;
- the comment router writes an idempotency marker in its reply and records
processed comment versions in `results/comment-router.json`;
- trusted ClawSweeper repairs are capped per PR and per PR head SHA.
The default caps are five automatic repair iterations per PR and one
auto-repair dispatch per PR head SHA:
```bash
CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_PR=5
CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_HEAD=1
```
That means many ClawSweeper comments on the same commit trigger at most one
repair run. If Clownfish pushes a new commit, the PR head SHA changes and a
new ClawSweeper finding can trigger one more repair run, until the PR reaches
five automatic ClawSweeper-triggered repair iterations. The per-PR cap is total
across all head SHAs and stops the automatic review/repair loop even when every
iteration produces a new commit.
Runs for the same job path and mode share the `cluster-worker.yml` concurrency
group, so repeated dispatches queue instead of racing the same branch.
ClawSweeper edits one durable review comment in place. The router keys its
ledger by comment id plus `updated_at`, and response markers include the target
PR head SHA, so an edited ClawSweeper comment can trigger a new repair after
Clownfish has pushed a new commit while unchanged comment versions remain
idempotent.
## Failure Behavior
The router does not dispatch when:
- the comment author is not trusted automation and is not a maintainer;
- the issue or PR is closed;
- the target is not a PR;
- the PR is neither a Clownfish PR nor labeled `clownfish:automerge`;
- the PR cannot be mapped to or adopted into a job file;
- the same comment version was already processed;
- the same PR already reached the total auto-repair cap;
- the same PR head SHA already reached the per-head auto-repair cap;
- the ClawSweeper marker names a stale PR head SHA.
Automerge also refuses to merge when:
- `clownfish:automerge` is missing;
- `clownfish:human-review` is present;
- the pass marker does not name the reviewed head SHA;
- the PR is draft, not based on `main`, not mergeable, or has non-green checks;
- GitHub reports requested changes or required review;
- `CLOWNFISH_ALLOW_MERGE` or `CLOWNFISH_ALLOW_AUTOMERGE` is not `1`.
For trusted automation comments, these blocked cases are silent skips. That
keeps Clownfish from replying to every ordinary contributor PR that
ClawSweeper reviews.
Security-sensitive reports stay out of this lane. Those should be routed to the
central OpenClaw security process rather than auto-repaired from review
comments. The automerge planner does not infer security status from prose; it
uses explicit security labels or structured ClawSweeper security markers such
as:
```html
<!-- clawsweeper-security:security-sensitive item=<pr> sha=<head-sha> -->
```
## Implementation Map
Workflow:
- `.github/workflows/comment-router.yml`
Scripts:
- `scripts/comment-router.mjs`
- `scripts/comment-router-core.mjs`
- `scripts/comment-router-utils.mjs`
Durable state:
- `results/comment-router.json`
- `results/comment-router-latest.json`
Important knobs:
- `CLOWNFISH_COMMENT_ROUTER_EXECUTE=1` enables scheduled writes and dispatches;
- `CLOWNFISH_TRUSTED_BOTS` controls trusted automation authors;
- `CLOWNFISH_AUTHOR_LOGINS` controls PR author identities treated as Clownfish;
- `CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_PR` controls total automatic repair
iterations per PR; default `5`.
- `CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_HEAD` controls per-head repair caps;
default `1`.
## Verification
Syntax and workflow checks:
```bash
node --check scripts/comment-router.mjs
node --check scripts/comment-router-core.mjs
node --check scripts/comment-router-utils.mjs
actionlint .github/workflows/comment-router.yml
```
Dry-run the router against live recent comments:
```bash
npm run comment-router -- \
--repo openclaw/openclaw \
--lookback-minutes 180 \
--max-comments 100
```
The scheduled workflow remains dry unless `CLOWNFISH_COMMENT_ROUTER_EXECUTE=1`
is set or a maintainer manually dispatches the workflow with `execute=true`.

2
instructions/closure-policy.md
View File

@ -30,7 +30,7 @@ Never close:
Useful contributor PR replacement exception:
- close or supersede the PR only after the run has a concrete replacement fix plan or PR path;
- the close comment must say why Clownfish cannot safely update or land the branch;
- the close comment must say why ProjectClownfish cannot safely update or land the branch;
- the comment must name the replacement path and state that the contributor will be credited;
- the comment must explicitly contain credit wording such as `credit`, `attribution`, `Thanks @user`, or `source PR`;
- the fix artifact must include the contributor username, original PR URL, validation plan, and changelog attribution when the fix is user-facing.

46
jobs/openclaw/inbox/automerge-openclaw-openclaw-74067.md
View File

@ -1,46 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: automerge-openclaw-openclaw-74067
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical:
- #74067
candidates:
- #74067
cluster_refs:
- #74067
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: true
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/automerge-openclaw-openclaw-74067
source: pr_automerge
---
# Clownfish automerge repair candidate
Maintainer opted #74067 into Clownfish automerge.
Source PR: https://github.com/openclaw/openclaw/pull/74067
Title: fix: Found one bug in the new compile-cache prune path: it removes a d
Clownfish should use this job only for the bounded ClawSweeper review/fix loop:
- If ClawSweeper requests changes, returns `needs-human`, or finds failing checks/rebase work, and the PR branch is safe to update, emit a fix artifact with `repair_strategy: "repair_contributor_branch"` and `source_prs: ["https://github.com/openclaw/openclaw/pull/74067"]`.
- If the PR branch cannot be safely updated, emit a narrow credited replacement only when the artifact can preserve the original contributor credit; otherwise return `needs_human`.
- Do not merge, close, or bypass review gates from the worker. The comment router owns final merge only after a passing ClawSweeper verdict for the exact current head.
- Keep repair scope limited to actionable ClawSweeper findings, failing relevant checks, and required review feedback on this PR.

46
jobs/openclaw/inbox/automerge-openclaw-openclaw-74105.md
View File

@ -1,46 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: automerge-openclaw-openclaw-74105
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical:
- #74105
candidates:
- #74105
cluster_refs:
- #74105
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: true
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/automerge-openclaw-openclaw-74105
source: pr_automerge
---
# Clownfish automerge repair candidate
Maintainer opted #74105 into Clownfish automerge.
Source PR: https://github.com/openclaw/openclaw/pull/74105
Title: refactor(gateway): consolidate lifecycle lazy boundary
Clownfish should use this job only for the bounded ClawSweeper review/fix loop:
- If ClawSweeper requests changes and the PR branch is safe to update, emit a fix artifact with `repair_strategy: "repair_contributor_branch"` and `source_prs: ["https://github.com/openclaw/openclaw/pull/74105"]`.
- If the PR branch cannot be safely updated, emit a narrow credited replacement only when the artifact can preserve the original contributor credit; otherwise return `needs_human`.
- Do not merge, close, or bypass review gates from the worker. The comment router owns final merge only after a passing ClawSweeper verdict for the exact current head.
- Keep repair scope limited to actionable ClawSweeper findings, failing relevant checks, and required review feedback on this PR.

46
jobs/openclaw/inbox/automerge-openclaw-openclaw-74126.md
View File

@ -1,46 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: automerge-openclaw-openclaw-74126
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical:
- #74126
candidates:
- #74126
cluster_refs:
- #74126
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: true
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/automerge-openclaw-openclaw-74126
source: pr_automerge
---
# Clownfish automerge repair candidate
Maintainer opted #74126 into Clownfish automerge.
Source PR: https://github.com/openclaw/openclaw/pull/74126
Title: test: exercise Clownfish any-PR automerge opt-in
Clownfish should use this job only for the bounded ClawSweeper review/fix loop:
- If ClawSweeper requests changes and the PR branch is safe to update, emit a fix artifact with `repair_strategy: "repair_contributor_branch"` and `source_prs: ["https://github.com/openclaw/openclaw/pull/74126"]`.
- If the PR branch cannot be safely updated, emit a narrow credited replacement only when the artifact can preserve the original contributor credit; otherwise return `needs_human`.
- Do not merge, close, or bypass review gates from the worker. The comment router owns final merge only after a passing ClawSweeper verdict for the exact current head.
- Keep repair scope limited to actionable ClawSweeper findings, failing relevant checks, and required review feedback on this PR.

46
jobs/openclaw/inbox/automerge-openclaw-openclaw-74156.md
View File

@ -1,46 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: automerge-openclaw-openclaw-74156
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical:
- #74156
candidates:
- #74156
cluster_refs:
- #74156
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: true
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/automerge-openclaw-openclaw-74156
source: pr_automerge
---
# Clownfish automerge repair candidate
Maintainer opted #74156 into Clownfish automerge.
Source PR: https://github.com/openclaw/openclaw/pull/74156
Title: fix(auth): scope external CLI auth status overlays
Clownfish should use this job only for the bounded ClawSweeper review/fix loop:
- If ClawSweeper requests changes and the PR branch is safe to update, emit a fix artifact with `repair_strategy: "repair_contributor_branch"` and `source_prs: ["https://github.com/openclaw/openclaw/pull/74156"]`.
- If the PR branch cannot be safely updated, emit a narrow credited replacement only when the artifact can preserve the original contributor credit; otherwise return `needs_human`.
- Do not merge, close, or bypass review gates from the worker. The comment router owns final merge only after a passing ClawSweeper verdict for the exact current head.
- Keep repair scope limited to actionable ClawSweeper findings, failing relevant checks, and required review feedback on this PR.

112
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-07104c80b3bc.md
View File

@ -1,112 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-07104c80b3bc
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-07104c80b3bc
source: clawsweeper_commit
commit_sha: 07104c80b3bc879647d171f8877b2b5e792253ca
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/07104c80b3bc879647d171f8877b2b5e792253ca.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-07104c80b3bc`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/07104c80b3bc879647d171f8877b2b5e792253ca
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/07104c80b3bc879647d171f8877b2b5e792253ca.md
- Latest main at intake: e3bc985a6ea2d8ab89c08ce9f64ae25fdef876f2
## ClawSweeper Report
```md
---
sha: 07104c80b3bc879647d171f8877b2b5e792253ca
parent: 7994833fac212be4b383b9019a9cfd24e15cdc7e
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T05:54:29+01:00"
commit_committed_at: "2026-04-29T05:54:35+01:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T04:57:24Z
---
# Commit 07104c80
## Summary
The runtime forwarding change is intact, but the new hand-written Discord facade types no longer match the runtime API they wrap.
## Findings
### Medium: Discord component edit facade now advertises the wrong TypeScript contract
- Kind: compatibility
- File: `src/plugin-sdk/discord.ts`
- Line: 57
- Evidence: `DiscordComponentSendOpts` now makes `cfg` optional at `src/plugin-sdk/discord.ts:57`, but the wrapped runtime function requires it and immediately calls `requireRuntimeConfig(opts.cfg, "Discord component edit")` in `extensions/discord/src/send.components.ts:330`. The same facade also types the return as `{ id?: string; channel_id?: string }` at `src/plugin-sdk/discord.ts:71`, while the actual runtime return type is normalized `{ messageId: string; channelId: string }` from `extensions/discord/src/send.types.ts:29` and `extensions/discord/src/send.components.ts:330`.
- Impact: Existing typed callers of deprecated `openclaw/plugin-sdk/discord` lose the `messageId`/`channelId` contract, and new callers can compile without `cfg` even though that path throws at runtime. This is a public SDK compatibility regression for the retained compatibility facade.
- Suggested fix: Keep the facade decoupled from extension internals, but copy the runtime-compatible structural types: make `cfg` required unless the wrapper fills it, and type the edit result as `{ messageId: string; channelId: string }`. Prefer copying the full component spec/build result shapes too, or intentionally expose opaque aliases only where existing users do not depend on fields.
- Confidence: high
## Reviewed
- Diff: `7994833fac212be4b383b9019a9cfd24e15cdc7e..07104c80b3bc879647d171f8877b2b5e792253ca`
- Changed files: `src/plugin-sdk/discord.ts`, `src/plugin-sdk/telegram-account.ts`
- Code read: changed files in full, scoped `src/plugin-sdk/AGENTS.md`, Discord `api.ts`, `runtime-api.ts`, component/send/account types, Telegram account API/types, SDK docs entries for deprecated facades
- Dependencies/web: no external lookup needed; regression is in local public TypeScript/runtime contract
## Tests / Live Checks
- `pnpm docs:list` succeeded
- `pnpm install` run once because `node_modules` was missing
- `pnpm test src/plugin-sdk/discord.test.ts src/plugin-sdk/telegram-account.test.ts` passed: 2 files, 4 tests
- `git diff --check 7994833fac212be4b383b9019a9cfd24e15cdc7e..07104c80b3bc879647d171f8877b2b5e792253ca` passed
- `pnpm plugin-sdk:api:check` failed on both this commit and a temp archive of the base commit with the same baseline hash drift, so I did not attribute that failure to this commit
## Limitations
- Did not run full `pnpm build` or broad changed gates; focused source tracing and facade tests were sufficient for this finding.
```

105
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-07631fb931fc.md
View File

@ -1,105 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-07631fb931fc
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-07631fb931fc
source: clawsweeper_commit
commit_sha: 07631fb931fca5522c80d3c9481a589dde134345
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/07631fb931fca5522c80d3c9481a589dde134345.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-07631fb931fc`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/07631fb931fca5522c80d3c9481a589dde134345
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/07631fb931fca5522c80d3c9481a589dde134345.md
- Latest main at intake: 2b0b61441799f85f274fe49102453eb704512181
## ClawSweeper Report
```md
---
sha: 07631fb931fca5522c80d3c9481a589dde134345
parent: f7aebf8cb78ccce7cfc7f3947468c93a3d334aa2
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T06:06:59+01:00"
commit_committed_at: "2026-04-29T06:07:12+01:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T05:10:55Z
---
# Commit 07631fb
## Summary
Found one compatibility regression in the Discord public runtime sidecar. The queue/runtime behavior itself is covered by focused tests and matches the stated “no Discord-owned agent turn timeout” intent.
## Findings
### Medium: Discord runtime sidecar drops previously exported timeout helpers
- Kind: compatibility
- File: `extensions/discord/runtime-api.ts`
- Line: 94
- Evidence: `runtime-api.ts` now only re-exports timeout constants plus `mergeAbortSignals`, removing `isAbortError`, `normalizeDiscordInboundWorkerTimeoutMs`, `normalizeDiscordListenerTimeoutMs`, and `runDiscordTaskWithTimeout` from the prior public export set. The sidecar is treated as public/runtime surface: `src/plugins/bundled-plugin-metadata.test.ts:234` includes `runtime-api.js` in Discord public artifacts and runtime sidecars, and `extensions/discord/runtime-setter-api.ts:1` says `runtime-api.js` remains the broad compatibility barrel. The commit also updates `src/plugins/contracts/plugin-sdk-runtime-api-guardrails.test.ts:23` to accept the smaller export set, so the regression is now baked into the guard.
- Impact: any external plugin or operator script importing these named exports from `@openclaw/discord/runtime-api.js` will fail at module import time after upgrade, even though the exported helpers can remain deprecated and unused by Discords own queue.
- Suggested fix: restore the removed named exports as deprecated compatibility exports in `extensions/discord/src/monitor/timeouts.ts` and `extensions/discord/runtime-api.ts`, while keeping them unwired from the Discord message run queue. If the API removal is intentional, handle it as a documented public-surface break with version/compat follow-through.
- Confidence: high
## Reviewed
- Diff: `f7aebf8cb78ccce7cfc7f3947468c93a3d334aa2..07631fb931fca5522c80d3c9481a589dde134345`
- Changed files: all 23 files from the commit
- Code read: Discord message listener/handler/run queue, deleted inbound worker, timeout helpers, provider startup wiring, config metadata/types, changed queue tests, Discord docs
- Dependencies/web: inspected installed `@buape/carbon@0.16.0` `EventQueue` source for listener timeout behavior; no web lookup needed
- Commands: `pnpm docs:list`; `pnpm install`; `pnpm test extensions/discord/src/monitor/message-handler.queue.test.ts extensions/discord/src/monitor/provider.test.ts src/plugins/contracts/plugin-sdk-runtime-api-guardrails.test.ts -- --reporter=verbose` passed, 39 tests
## Limitations
- No live Discord gateway smoke was run; this finding is based on static public API compatibility.
```

118
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-0bbbc99980b8.md
View File

@ -1,118 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-0bbbc99980b8
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-0bbbc99980b8
source: clawsweeper_commit
commit_sha: 0bbbc99980b89d9dfc7d77b782fd609c6abe4d93
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/0bbbc99980b89d9dfc7d77b782fd609c6abe4d93.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-0bbbc99980b8`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/0bbbc99980b89d9dfc7d77b782fd609c6abe4d93
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/0bbbc99980b89d9dfc7d77b782fd609c6abe4d93.md
- Latest main at intake: e71d7d48fb2805fadc643bd154a6005b0cd9ad75
## ClawSweeper Report
```md
---
sha: 0bbbc99980b89d9dfc7d77b782fd609c6abe4d93
parent: 20c7a98fb8b34bcc71caee029ff5d27ab82cc7a0
repository: openclaw/openclaw
author: "tmimmanuel"
committer: "GitHub"
github_author: tmimmanuel
github_committer: web-flow
co_authors: []
commit_authored_at: "2026-04-29T08:57:04+02:00"
commit_committed_at: "2026-04-29T01:57:04-05:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T07:00:53+00:00
---
# Commit 0bbbc999
## Summary
Found one queued-message lifecycle bug. The commit preserves queued items across a session switch, but if the original run finishes while the user is viewing another session, the restored queued item is never drained when the user comes back.
## Findings
### Medium: Restored queue can stay stuck after the active run finishes off-screen
- Kind: reliability
- File: `ui/src/ui/app-render.helpers.ts`
- Line: 107
- Evidence: `resetChatStateForSessionSwitch()` saves the previous session queue and restores it later, but `switchChatSession()` only reloads history/session options after restore and never drains an idle restored queue. Queue draining only happens from terminal chat-event handling via `flushChatQueueForEvent()` in `ui/src/ui/app-gateway.ts:551`, but `handleChatEvent()` returns `null` for events whose `payload.sessionKey` differs from the currently selected session in `ui/src/ui/controllers/chat.ts:717`. Therefore, if session A has queued message B, the user switches to session C, and A's run finishes while C is active, the terminal event is ignored for queue purposes. Returning to A restores B into `state.chatQueue`, but no terminal event remains to trigger `flushChatQueue()`.
- Impact: The issue fixed by this PR is only partially fixed. The linked issue expects the queued follow-up to remain visible and get processed after message A finishes; in this timing, the follow-up is visible again but sits in the UI queue indefinitely until some unrelated future run happens to trigger another drain.
- Suggested fix: Track enough per-session run state to know whether the saved queue is still waiting on an active run, or update terminal event handling to notice stored queues for `payload.sessionKey` and drain/mark them when that session becomes idle. Add a regression test where the queued sessions final chat event arrives while another session is selected, then switching back processes or explicitly resumes the saved queue.
- Confidence: high
## Reviewed
- Diff: `20c7a98fb8b34bcc71caee029ff5d27ab82cc7a0..0bbbc99980b89d9dfc7d77b782fd609c6abe4d93`
- Changed files: `ui/src/ui/app-render.helpers.node.test.ts`, `ui/src/ui/app-render.helpers.ts`, `ui/src/ui/app-render.ts`, `ui/src/ui/app-view-state.ts`, `ui/src/ui/app.ts`
- Code read: changed files, `ui/src/ui/app-chat.ts`, `ui/src/ui/app-gateway.ts`, `ui/src/ui/controllers/chat.ts`, `ui/src/ui/chat/chat-queue.ts`, `ui/src/ui/views/chat.ts`, `ui/src/ui/views/overview.ts`
- Issue/PR context: PR `#73679`, issue `#73621`
- Docs: `docs/web/control-ui.md`
## Tests / Live Checks
- `pnpm docs:list`: passed.
- `pnpm install`: needed because `node_modules` was missing.
- `pnpm test ui/src/ui/app-render.helpers.node.test.ts ui/src/ui/app-chat.test.ts -- --run`: passed selected helper shard, 47 tests.
- `node scripts/run-vitest.mjs run --config test/vitest/vitest.unit-ui.config.ts ui/src/ui/app-chat.test.ts --run`: passed, 26 tests.
- `git diff --check 20c7a98fb8b34bcc71caee029ff5d27ab82cc7a0..0bbbc99980b89d9dfc7d77b782fd609c6abe4d93 -- ...`: passed.
## Dependency / Web Checks
- No dependency changes.
- No external web facts needed.
## Limitations
- No live browser reproduction was run; finding is based on the direct source event path and focused tests.
```

112
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-1c4262ef87e9.md
View File

@ -1,112 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-1c4262ef87e9
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-1c4262ef87e9
source: clawsweeper_commit
commit_sha: 1c4262ef87e9397f14a3f2f88514b95b6816111b
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/1c4262ef87e9397f14a3f2f88514b95b6816111b.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-1c4262ef87e9`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/1c4262ef87e9397f14a3f2f88514b95b6816111b
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/1c4262ef87e9397f14a3f2f88514b95b6816111b.md
- Latest main at intake: 9d8de70c2009d2562c835a226440e540115d3fd7
## ClawSweeper Report
```md
---
sha: 1c4262ef87e9397f14a3f2f88514b95b6816111b
parent: f3f614fae6971e0cf2f6e1e7f4a7503de1bb5b60
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T08:56:41+01:00"
commit_committed_at: "2026-04-29T08:56:48+01:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T07:59:49+00:00
---
# Commit 1c4262e
## Summary
Found one regression in the extracted Docker wait helper usage: the Open WebUI smoke now fails before the Open WebUI container is ever started.
## Findings
### Medium: Open WebUI Docker smoke waits on a container that does not exist yet
- Kind: regression
- File: `scripts/e2e/openwebui-docker.sh`
- Line: 127
- Evidence: `scripts/e2e/openwebui-docker.sh:127` calls `docker_e2e_wait_container_bash_while_running "$OW_NAME" "$GW_NAME" ...` while waiting for the gateway HTTP surface. The helper in `scripts/lib/docker-e2e-container.sh:27` immediately returns failure if its first container argument is not running. But `$OW_NAME` is only started later at `scripts/e2e/openwebui-docker.sh:140`, so this readiness check always fails before probing the already-started gateway container.
- Impact: `pnpm test:docker:openwebui` is a documented live smoke and package script. With this commit it reports “Gateway failed to start” even when the gateway is healthy, blocking that validation lane and hiding real Open WebUI compatibility regressions.
- Suggested fix: use the gateway container as the running guard for the gateway readiness check, e.g. `docker_e2e_wait_container_bash "$GW_NAME" ...`. For the later Open WebUI readiness check at `scripts/e2e/openwebui-docker.sh:164`, use `docker_e2e_wait_container_bash_while_running "$OW_NAME" "$GW_NAME" ...` if preserving the old “stop early when Open WebUI exits” behavior matters.
- Confidence: high
## Reviewed
- Diff: `f3f614fae6971e0cf2f6e1e7f4a7503de1bb5b60..1c4262ef87e9397f14a3f2f88514b95b6816111b`
- Changed files: all 10 changed files in the prompt
- Code read: changed scripts in full, extracted Docker helper, existing Docker harness helpers, old parent version of `scripts/e2e/openwebui-docker.sh`, package/docs references for `test:docker:openwebui`
- Dependencies/web: no dependency files changed; no web lookup needed
## Tests / Live Checks
- `pnpm docs:list`
- `bash -n` on all changed shell scripts: passed
- `node --check scripts/e2e/lib/onboard/assert-config.mjs`: passed
- `git diff --check`: passed
- Simulated `docker_e2e_wait_container_bash_while_running` with a temporary fake Docker command: confirmed `ow gw ...` fails when `ow` is absent/running false, while `gw gw ...` succeeds
## Limitations
- Did not run the full Open WebUI Docker smoke. Docker is available, but no `OPENAI_API_KEY` was present in the environment or shell profile, and the static/helper simulation proves the preflight failure path without pulling/building images.
```

112
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-1d0e9a907e6d.md
View File

@ -1,112 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-1d0e9a907e6d
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-1d0e9a907e6d
source: clawsweeper_commit
commit_sha: 1d0e9a907e6d98329f852409bce18a52332a9a22
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/1d0e9a907e6d98329f852409bce18a52332a9a22.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-1d0e9a907e6d`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/1d0e9a907e6d98329f852409bce18a52332a9a22
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/1d0e9a907e6d98329f852409bce18a52332a9a22.md
- Latest main at intake: a62c7e5a2741b6f45a8649ec6965af1807255194
## ClawSweeper Report
```md
---
sha: 1d0e9a907e6d98329f852409bce18a52332a9a22
parent: eb7f305737f71f19c166eb79eebc0520a2e7538a
repository: openclaw/openclaw
author: "Vincent Koc"
committer: "Vincent Koc"
github_author: vincentkoc
github_committer: vincentkoc
co_authors: []
commit_authored_at: "2026-04-29T00:28:35-07:00"
commit_committed_at: "2026-04-29T00:39:18-07:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T07:45:20Z
---
# Commit 1d0e9a9
## Summary
Found one concrete migration bug in the new TTS enabled-toggle repair. The cron schema deprecation metadata change looks safe.
## Findings
### Medium: TTS enabled migration rewrites unsupported locations and drops/misses real legacy toggles
- Kind: data_loss
- File: `src/commands/doctor/shared/legacy-config-migrations.runtime.tts.ts`
- Line: 202
- Evidence: The new visitor migrates `agents.defaults.tts` and every `channels.<id>.tts` / `channels.<id>.accounts.<id>.tts` block generically (`src/commands/doctor/shared/legacy-config-migrations.runtime.tts.ts:200`, `src/commands/doctor/shared/legacy-config-migrations.runtime.tts.ts:216`, `src/commands/doctor/shared/legacy-config-migrations.runtime.tts.ts:222`). Live validation shows `agents.defaults.tts.auto` is rejected with `Unrecognized key: "tts"`, while `agents.list[].tts.auto` is valid. The same check shows `channels.discord.tts.auto` and `channels.discord.accounts.primary.tts.auto` are rejected, while Discords supported TTS override path is `voice.tts` per its doctor contract (`extensions/discord/src/doctor-contract.ts:184`, `extensions/discord/src/doctor-contract.ts:190`). Because doctors unknown-key cleanup runs after legacy migration (`src/commands/doctor-config-flow.ts:229`), `doctor --fix` can remove the migrated block instead of preserving the users intended TTS toggle.
- Impact: Users with legacy toggles at these paths can run `openclaw doctor --fix` and lose the TTS setting, or still be left with unmigrated supported Discord `channels.discord.voice.tts.enabled` / account `voice.tts.enabled` toggles. The added test currently asserts invalid Discord/account/defaults paths, so it does not catch this.
- Suggested fix: Limit the generic migration to schema-supported core locations (`messages.tts`, `agents.list[].tts`, and channel/account paths that actually expose root `tts`), remove or remap `agents.defaults.tts`, and add plugin-owned migrations for supported Discord `voice.tts.enabled` paths.
- Confidence: high
## Reviewed
- Diff: `eb7f305737f71f19c166eb79eebc0520a2e7538a..1d0e9a907e6d98329f852409bce18a52332a9a22`
- Changed files: `CHANGELOG.md`, doctor TTS migration/tests, deprecation inventory, cron schema/test.
- Code read: TTS migration framework, config legacy detection/application, doctor config flow, TTS config resolution, config schemas, Discord TTS doctor contract, TTS and cron docs.
- Dependencies/web: no dependency changes; no web lookup needed.
## Tests / Live Checks
- `pnpm install` run once because `node_modules` was missing.
- `pnpm test src/commands/doctor/shared/legacy-config-migrate.provider-shapes.test.ts src/cron/cron-protocol-schema.test.ts` passed.
- `pnpm exec oxfmt --check --threads=1 ...` passed.
- `git diff --check eb7f305737f71f19c166eb79eebc0520a2e7538a..1d0e9a907e6d98329f852409bce18a52332a9a22` passed.
- Focused `tsx` validation confirmed the invalid migrated paths and valid `agents.list[].tts` / Discord `voice.tts` behavior.
## Limitations
- Did not run a broad changed gate; the targeted checks and live schema probes were sufficient for this commit review.
```

110
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-1e168b17b79e.md
View File

@ -1,110 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-1e168b17b79e
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-1e168b17b79e
source: clawsweeper_commit
commit_sha: 1e168b17b79e269d26b5bc2b37b06e3f287b09b8
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/1e168b17b79e269d26b5bc2b37b06e3f287b09b8.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-1e168b17b79e`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/1e168b17b79e269d26b5bc2b37b06e3f287b09b8
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/1e168b17b79e269d26b5bc2b37b06e3f287b09b8.md
- Latest main at intake: f2405c830bd925bd24f91b6bac5d417c6d36e5ba
## ClawSweeper Report
```md
---
sha: 1e168b17b79e269d26b5bc2b37b06e3f287b09b8
parent: 0f11dcd15f761101dacf3a489248f0d133142fed
repository: openclaw/openclaw
author: "Vincent Koc"
committer: "Vincent Koc"
github_author: vincentkoc
github_committer: vincentkoc
co_authors: []
commit_authored_at: "2026-04-29T00:48:31-07:00"
commit_committed_at: "2026-04-29T00:50:56-07:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T07:54:19Z
---
# Commit 1e168b1
## Summary
Found one CI regression: the commit makes `extensions/browser/tsconfig.json` diverge from the shared package-boundary tsconfig contract without updating the shared exclude constant or generated configs.
## Findings
### Medium: Browser package-boundary tsconfig now fails the plugin contract test
- Kind: regression
- File: `extensions/browser/tsconfig.json`
- Line: 12
- Evidence: The commit adds `./src/**/test-support/**` only to the browser plugin config, but `scripts/lib/extension-package-boundary.ts:8` still defines the shared `EXTENSION_PACKAGE_BOUNDARY_EXCLUDE` without that entry. The existing contract test at `src/plugins/contracts/extension-package-project-boundaries.test.ts:131` asserts every opt-in plugin tsconfig uses exactly the shared exclude list. Running `pnpm test src/plugins/contracts/extension-package-project-boundaries.test.ts` fails with the added browser exclude shown as the unexpected received entry.
- Impact: This breaks the existing `contracts-plugin` test lane on the reviewed main commit, so CI can fail even though the intended TypeScript exclusion itself is small.
- Suggested fix: Add `./src/**/test-support/**` to `EXTENSION_PACKAGE_BOUNDARY_EXCLUDE` and regenerate/update all opt-in plugin tsconfigs, or explicitly model browser as an allowed custom tsconfig if this one-off divergence is intentional.
- Confidence: high
## Reviewed
- Diff: `0f11dcd15f761101dacf3a489248f0d133142fed..1e168b17b79e269d26b5bc2b37b06e3f287b09b8`
- Changed files: `extensions/browser/tsconfig.json`, `tsconfig.extensions.json`
- Code read: `extensions/AGENTS.md`, `docs/ci.md`, `extensions/tsconfig.package-boundary.base.json`, `scripts/lib/extension-package-boundary.ts`, `src/plugins/contracts/extension-package-project-boundaries.test.ts`, `scripts/check-extension-package-tsc-boundary.mjs`
- Dependencies/web: no external dependency or web lookup needed; config-only commit
- Commands: `pnpm docs:list`, `pnpm install`, `pnpm test src/plugins/contracts/extension-package-project-boundaries.test.ts`, `git diff --check 0f11dcd15f761101dacf3a489248f0d133142fed..1e168b17b79e269d26b5bc2b37b06e3f287b09b8`
## Tests / Live Checks
- `pnpm test src/plugins/contracts/extension-package-project-boundaries.test.ts` failed: 1 failed, 6 passed. Failure is the shared exclude-list assertion at `src/plugins/contracts/extension-package-project-boundaries.test.ts:131`.
- Initial test attempt could not start because `node_modules` was missing; `pnpm install` completed successfully, then the focused test was retried.
## Limitations
- Did not run broad `pnpm check:changed`; the focused contract test already reproduces the actionable regression.
```

110
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-3aadeba93fde.md
View File

@ -1,110 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-3aadeba93fde
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-3aadeba93fde
source: clawsweeper_commit
commit_sha: 3aadeba93fdebc34a2ea6f5fea8bf3f58b48cd4a
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/3aadeba93fdebc34a2ea6f5fea8bf3f58b48cd4a.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-3aadeba93fde`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/3aadeba93fdebc34a2ea6f5fea8bf3f58b48cd4a
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/3aadeba93fdebc34a2ea6f5fea8bf3f58b48cd4a.md
- Latest main at intake: 9e34fb9febe2918f274ab7d86e12d64e4829eb51
## ClawSweeper Report
```md
---
sha: 3aadeba93fdebc34a2ea6f5fea8bf3f58b48cd4a
parent: b85edb3f0cf6c2a8bec06537af9211a044266a6c
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T05:36:51+01:00"
commit_committed_at: "2026-04-29T05:37:29+01:00"
result: findings
confidence: high
highest_severity: high
check_conclusion: failure
reviewed_at: 2026-04-29T04:40:32Z
---
# Commit 3aadeba93f
## Summary
Found one regression: the changed doctor config-write path fails core typecheck, and the same call can dereference an undefined env object at runtime when doctor needs to write config.
## Findings
### High: Doctor config write passes optional env to required update guard
- Kind: regression
- File: `src/flows/doctor-health-contributions.ts`
- Line: 522
- Evidence: `DoctorHealthFlowContext.env` is optional, and `doctorCommand` builds the production context in `src/flows/doctor-health.ts` without `env`. This commit changed the call from `env: ctx.env ?? process.env` to `env: ctx.env`, while `shouldSkipLegacyUpdateDoctorConfigWrite` immediately reads `params.env.OPENCLAW_UPDATE_IN_PROGRESS`.
- Impact: `pnpm tsgo:core` fails on this commit with `TS2322: Type 'ProcessEnv | undefined' is not assignable to type 'ProcessEnv'`. If typechecking is bypassed, doctor can also throw when `shouldWriteConfig` is true and no test-supplied `ctx.env` exists.
- Suggested fix: restore the fallback at the call site (`env: ctx.env ?? process.env`) or make/populate `ctx.env` required in the production doctor context.
- Confidence: high
## Reviewed
- Diff: `b85edb3f0cf6c2a8bec06537af9211a044266a6c..3aadeba93fdebc34a2ea6f5fea8bf3f58b48cd4a`
- Changed files: `src/flows/doctor-health-contributions.ts`, `src/flows/doctor-health-contributions.test.ts`
- Code read: changed files, `src/flows/doctor-health.ts`, `src/commands/doctor-config-flow.ts`, update runner/env call sites, installer update path, doctor docs
- Dependencies/web: no dependency files changed; no web lookup needed
## Tests / Live Checks
- `pnpm docs:list`: passed
- `pnpm test src/flows/doctor-health-contributions.test.ts`: passed after installing missing deps
- `pnpm tsgo:core`: failed with the type error above
## Limitations
- Full suite not run because the focused core typecheck already fails on the reviewed commit.
```

119
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-450607847b7b.md
View File

@ -1,119 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-450607847b7b
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-450607847b7b
source: clawsweeper_commit
commit_sha: 450607847b7b5c9f6ce848c72afbeb571c41e10c
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/450607847b7b5c9f6ce848c72afbeb571c41e10c.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-450607847b7b`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/450607847b7b5c9f6ce848c72afbeb571c41e10c
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/450607847b7b5c9f6ce848c72afbeb571c41e10c.md
- Latest main at intake: 66b4324d41e1c44c1262acf521bc661dcf2a7a29
## ClawSweeper Report
```md
---
sha: 450607847b7b5c9f6ce848c72afbeb571c41e10c
parent: 364c67bcb5b7f26a6d41024eb07b6a709de782bb
repository: openclaw/openclaw
author: "samzong"
committer: "web-flow"
github_author: samzong
github_committer: web-flow
co_authors: ["samzong", "frankekn"]
commit_authored_at: "2026-04-29T13:23:36+08:00"
commit_committed_at: "2026-04-29T13:23:36+08:00"
result: findings
confidence: high
highest_severity: low
check_conclusion: neutral
reviewed_at: 2026-04-29T05:27:54+00:00
---
# Commit 4506078
## Summary
Found one low-severity parity bug in the new REM harness preview.
## Findings
### Low: REM harness preview can include stale recall entries that real REM skips
- Kind: bug
- File: `extensions/memory-core/src/rem-harness.ts`
- Line: 133
- Evidence: `previewRemHarness` reads recall entries, applies only `filterRecallEntriesWithinLookback`, then passes them directly to `previewRemDreaming` at `extensions/memory-core/src/rem-harness.ts:133` and `extensions/memory-core/src/rem-harness.ts:142`. The actual REM phase wraps the same lookback-filtered entries in `filterLiveShortTermRecallEntries` at `extensions/memory-core/src/dreaming-phases.ts:1641`, which checks that the source file still exists via `extensions/memory-core/src/short-term-promotion.ts:901`. The existing regression test at `extensions/memory-core/src/dreaming-phases.test.ts:2240` verifies actual REM excludes vanished source snippets, and that focused test passed locally.
- Impact: `doctor.memory.remHarness` can show deleted/stale short-term memory snippets in `rem.reflections`, `rem.candidateTruths`, and `rem.bodyLines`, even though a real REM run would not use them. That makes the gateway RPC an inaccurate preview and can expose stale snippets still lingering in the short-term store to `operator.read` clients.
- Suggested fix: apply `filterLiveShortTermRecallEntries({ workspaceDir, entries: ... })` inside `previewRemHarness` before calling `previewRemDreaming`, and add a preview-specific test mirroring the vanished-source REM regression.
- Confidence: high
## Reviewed
- Diff: `364c67bcb5b7f26a6d41024eb07b6a709de782bb..450607847b7b5c9f6ce848c72afbeb571c41e10c`
- Changed files: all 14 files in the diff summary.
- Code read: gateway handler/scopes/method list, memory-core REM harness, dreaming phase filtering, short-term recall source filtering, SDK facade, CLI rem-harness path, relevant docs/tests.
- PR context: `gh pr view 66673 --repo openclaw/openclaw`.
## Tests / Live Checks
- `pnpm install` after initial test run failed because `node_modules` was missing.
- `pnpm test src/gateway/server-methods/doctor.test.ts -t "doctor.memory.remHarness"`: passed.
- `pnpm test extensions/memory-core/src/dreaming-phases.test.ts -t "filterRecallEntriesWithinLookback|previewRemHarness"`: passed.
- `pnpm test src/plugin-sdk/memory-core-bundled-runtime.test.ts`: passed.
- `pnpm test extensions/memory-core/src/dreaming-phases.test.ts -t "skips REM short-term candidates whose source file disappeared"`: passed.
- `git diff --check 364c67bcb5b7f26a6d41024eb07b6a709de782bb..450607847b7b5c9f6ce848c72afbeb571c41e10c`: passed.
## Dependency / Web Checks
- No dependency files changed.
- No web lookup needed; review was source/test/PR-context based.
## Limitations
- Did not run full `pnpm check` or `pnpm build`.
- A direct `pnpm exec tsx -e ...` temp-workspace smoke was attempted but not relied on because direct module loading hit an unrelated package export boundary that the repos Vitest setup avoids.
```

112
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-4932e91517ad.md
View File

@ -1,112 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-4932e91517ad
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-4932e91517ad
source: clawsweeper_commit
commit_sha: 4932e91517ad04797ae57283a602bd5c2ac92199
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/4932e91517ad04797ae57283a602bd5c2ac92199.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-4932e91517ad`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/4932e91517ad04797ae57283a602bd5c2ac92199
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/4932e91517ad04797ae57283a602bd5c2ac92199.md
- Latest main at intake: 67e8d35f1cf8ef4b8173d963e250c776af355099
## ClawSweeper Report
```md
---
sha: 4932e91517ad04797ae57283a602bd5c2ac92199
parent: 39513771bb76aedef021675b95a1d65985b73cb5
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T06:35:00+01:00"
commit_committed_at: "2026-04-29T06:35:54+01:00"
result: findings
confidence: high
highest_severity: low
check_conclusion: neutral
reviewed_at: 2026-04-29T05:40:08Z
---
# Commit 4932e91
## Summary
Found one low-severity reliability issue in the Windows smoke recovery change: the new retry/recovery loop still aborts on the first failed probe under `set -e`, so the added deadline and `gateway start` recovery path do not run for the unavailable-gateway case it is meant to handle.
## Findings
### Low: failed gateway probes still exit before the recovery loop can run
- Kind: reliability
- File: `scripts/e2e/parallels-windows-smoke.sh`
- Line: 2405
- Evidence: `scripts/e2e/parallels-windows-smoke.sh` runs with `set -euo pipefail`, and `verify_gateway_reachable` assigns `probe_json="$(guest_run_openclaw ... gateway probe ... --json)"` before the retry/recovery logic. A failed `gateway probe --json` exits with status 1 when no gateway is reachable, even though it prints JSON. Under `set -e`, that assignment exits the helper immediately, before `run_gateway_daemon_action start` at line 2422 can execute. I verified locally with `node scripts/run-node.mjs gateway probe --url ws://127.0.0.1:9 --timeout 250 --json`, which returned `rc=1` with `{ "ok": false, ... }`, and with a Bash `set -e` command-substitution smoke showing the function exits before later statements.
- Impact: the Windows Parallels smoke can still fail immediately when the gateway is unavailable instead of waiting up to `TIMEOUT_GATEWAY_S` and attempting the new start recovery.
- Suggested fix: capture the probe exit status without triggering `errexit`, for example `if probe_json="$(guest_run_openclaw ...)"; then probe_rc=0; else probe_rc=$?; fi`, then parse any JSON output and continue into the retry/recovery path on non-ok results.
- Confidence: high
## Reviewed
- Diff: `39513771bb76aedef021675b95a1d65985b73cb5..4932e91517ad04797ae57283a602bd5c2ac92199`
- Changed files: `scripts/e2e/parallels-windows-smoke.sh`, `test/scripts/parallels-smoke-model.test.ts`
- Code read: changed helper, gateway daemon action helper, fresh/upgrade call sites, phase timeout wrapper, gateway probe CLI output/exit behavior
- Dependencies/web: no dependency changes; no web lookup needed
## Tests / Live Checks
- `pnpm install` to restore missing local dependencies
- `pnpm test test/scripts/parallels-smoke-model.test.ts` passed
- `bash -n scripts/e2e/parallels-windows-smoke.sh` passed
- `git diff --check 39513771bb76aedef021675b95a1d65985b73cb5..4932e91517ad04797ae57283a602bd5c2ac92199` passed
- Local CLI probe against unused port verified `gateway probe --json` exits 1 on unreachable gateway
## Limitations
- Did not run the full Parallels Windows smoke VM lane.
```

111
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-4cf228466770.md
View File

@ -1,111 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-4cf228466770
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-4cf228466770
source: clawsweeper_commit
commit_sha: 4cf228466770c9358fb5e7507edaa4b7e7dacb02
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/4cf228466770c9358fb5e7507edaa4b7e7dacb02.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-4cf228466770`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/4cf228466770c9358fb5e7507edaa4b7e7dacb02
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/4cf228466770c9358fb5e7507edaa4b7e7dacb02.md
- Latest main at intake: be445dd1c12840b77055965dd7da1f659236f8f4
## ClawSweeper Report
```md
---
sha: 4cf228466770c9358fb5e7507edaa4b7e7dacb02
parent: ef08f59b9f39b8a87d0bf77f7f318554775e25ae
repository: openclaw/openclaw
author: "jesse-merhi"
committer: "jesse-merhi"
github_author: jesse-merhi
github_committer: jesse-merhi
co_authors: []
commit_authored_at: "2026-04-29T13:09:20+10:00"
commit_committed_at: "2026-04-29T13:51:42+10:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T04:02:53Z
---
# Commit 4cf2284
## Summary
Found one LINE webhook regression for configured paths with a trailing slash.
## Findings
### Medium: LINE webhook targets cannot be resolved when `webhookPath` ends with `/`
- Kind: regression
- File: `extensions/line/src/monitor.ts`
- Line: 321
- Evidence: `normalizedPath` is computed with `normalizePluginHttpPath`, which preserves a trailing slash. The target is then registered through `registerWebhookTargetWithPluginRoute`, whose target registration canonicalizes paths with `normalizeWebhookPath` and strips the trailing slash. The route handler later looks up `lineWebhookTargets.get(normalizedPath)` at line 343, so a configured path like `/line/webhook/` stores the target under `/line/webhook` but looks it up under `/line/webhook/`. That leaves `targets` empty, causing valid POSTs to fail signature target resolution and non-POST verification to return 404.
- Impact: existing LINE configs or webhook URLs that use a trailing slash can stop receiving webhooks after this commit, even with a valid LINE signature.
- Suggested fix: use one canonical path value for both registration and lookup, for example by normalizing with `normalizeWebhookPath` before registration or by using the `registered.target.path` returned from `registerWebhookTargetWithPluginRoute` in the handler closure.
- Confidence: high
## Reviewed
- Diff: `ef08f59b9f39b8a87d0bf77f7f318554775e25ae..4cf228466770c9358fb5e7507edaa4b7e7dacb02`
- Changed files: `extensions/line/src/monitor.ts`, `extensions/line/src/monitor.lifecycle.test.ts`, `extensions/zalo/src/monitor.ts`, `extensions/zalo/src/monitor.polling.media-reply.test.ts`
- Code read: LINE monitor, LINE webhook body/signature helpers, LINE bot handler entry, Zalo monitor, Zalo webhook target helper, Zalo outbound media hosting, SDK webhook target helpers, plugin HTTP registry/matching/path normalization
- Dependencies/web: no dependency changes; no external web lookup needed
## Tests / Live Checks
- `pnpm docs:list`
- `pnpm install`
- `pnpm test extensions/line/src/monitor.lifecycle.test.ts extensions/zalo/src/monitor.polling.media-reply.test.ts` passed
- Attempted an inline LINE route smoke for the trailing-slash case, but the ad hoc `tsx` harness hit unrelated module/export issues before reaching the route logic.
## Limitations
- No full suite or Testbox gate run; review used focused code tracing and targeted tests.
```

113
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-4eba70b532f8.md
View File

@ -1,113 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-4eba70b532f8
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-4eba70b532f8
source: clawsweeper_commit
commit_sha: 4eba70b532f8b54c6cceac20c407526c9ea9121d
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/4eba70b532f8b54c6cceac20c407526c9ea9121d.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-4eba70b532f8`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/4eba70b532f8b54c6cceac20c407526c9ea9121d
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/4eba70b532f8b54c6cceac20c407526c9ea9121d.md
- Latest main at intake: ad761975dead160e1ac2a86e6511eea1a159d32e
## ClawSweeper Report
```md
---
sha: 4eba70b532f8b54c6cceac20c407526c9ea9121d
parent: 7d74c1f4b99ec40b834ae02eb1b8043b052aa5f9
repository: openclaw/openclaw
author: "Vincent Koc"
committer: "Vincent Koc"
github_author: vincentkoc
github_committer: vincentkoc
co_authors: []
commit_authored_at: "2026-04-28T23:06:45-07:00"
commit_committed_at: "2026-04-28T23:10:10-07:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T06:17:08Z
---
# Commit 4eba70b
## Summary
Found one generated-baseline regression. The code changes are JSDoc/type-doc only, but they touch public plugin SDK surfaces and leave the tracked SDK API hash stale.
## Findings
### Medium: Plugin SDK API baseline hash is stale
- Kind: regression
- File: `docs/.generated/plugin-sdk-api-baseline.sha256`
- Line: 1
- Evidence: `pnpm plugin-sdk:api:check` fails with `Plugin SDK API baseline drift detected` and points to `docs/.generated/plugin-sdk-api-baseline.sha256`. Rendering the baseline in `/tmp` shows the committed hash remains `21c1ddb7...` / `b4e011ed...`, while this commit renders `835d600...` / `48ab32a...`. The drift is caused by public SDK source-line/comment changes in files such as `src/channels/plugins/types.core.ts:115`, `src/channels/plugins/types.core.ts:410`, `src/plugins/types.ts:1217`, and `src/plugin-sdk/channel-config-schema-legacy.ts:2`.
- Impact: The repositorys plugin SDK API check now fails on `main` for this commit. Release/check gates that include `pnpm plugin-sdk:api:check` will reject the tree until the generated hash is updated.
- Suggested fix: If the deprecation annotations are intentional, run `pnpm plugin-sdk:api:gen` and commit the updated `docs/.generated/plugin-sdk-api-baseline.sha256`.
- Confidence: high
## Reviewed
- Diff: `7d74c1f4b99ec40b834ae02eb1b8043b052aa5f9..4eba70b532f8b54c6cceac20c407526c9ea9121d`
- Changed files: all 15 listed files; verified the diff is comment/JSDoc-only.
- Code read: scoped AGENTS for `src/plugin-sdk`, `src/channels`, `src/plugins`; plugin SDK API baseline generator; relevant SDK migration/entrypoint/overview docs.
- Dependencies/web: no dependency file changes; no web lookup needed.
## Tests / Live Checks
- `pnpm docs:list`: passed.
- `git diff --check 7d74c1f4...4eba70b`: passed.
- `pnpm exec oxfmt --check --threads=1 <15 changed files>`: passed after `pnpm install`.
- `pnpm config:docs:check`: passed.
- `pnpm plugin-sdk:api:check`: failed with SDK API baseline drift.
- Initial focused checks could not start because `node_modules` was missing; ran `pnpm install` once per repo instructions, then retried.
## Limitations
- Did not run broad `pnpm check:changed`; the actionable issue is covered by the focused generated API check.
```

115
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-5435591f6a1a.md
View File

@ -1,115 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-5435591f6a1a
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-5435591f6a1a
source: clawsweeper_commit
commit_sha: 5435591f6a1a8cd2f9c3f5b131457f9a73547923
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/5435591f6a1a8cd2f9c3f5b131457f9a73547923.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-5435591f6a1a`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/5435591f6a1a8cd2f9c3f5b131457f9a73547923
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/5435591f6a1a8cd2f9c3f5b131457f9a73547923.md
- Latest main at intake: 0382ac5f7dbf0c5438fae1869dd3f0387274cbb8
## ClawSweeper Report
```md
---
sha: 5435591f6a1a8cd2f9c3f5b131457f9a73547923
parent: 68ef37011ec785a71c9e3476d335e8b2a7b1ae26
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T04:07:31+01:00"
commit_committed_at: "2026-04-29T04:07:39+01:00"
result: findings
confidence: high
highest_severity: low
check_conclusion: neutral
reviewed_at: 2026-04-29T03:25:28Z
---
# Commit 5435591
## Summary
Found one low-severity block-reply edge case in the new split-tag buffering. The main Gateway SSE regression is covered and the focused tests pass.
## Findings
### Low: text-end block replies can drop a literal trailing final-tag prefix
- Kind: bug
- File: `src/agents/pi-embedded-subscribe.ts`
- Line: 709
- Evidence: `stripBlockTags` now buffers a trailing possible tag fragment in `state.pendingTagFragment`, but `emitBlockChunk` calls it without `{ final: true }`. A local probe with `onBlockReply`, `blockReplyBreak: "text_end"`, and streamed text `Answer ends with <fi` emitted `{"text":"Answer ends with"}` instead of preserving `<fi`. If `message_end` arrives after the text-end flush, the safety fallback skips because `lastBlockReplyText` is already set.
- Impact: channel/block-reply deliveries can silently lose a literal trailing `<`, `<fi`, `</fi`, etc. The commits tests cover this preservation for assistant stream events, but not for `onBlockReply`.
- Suggested fix: final-flush `state.blockState.pendingTagFragment` at text-end/block-reply flush, likely by letting `emitBlockChunk` accept a final option or by calling `stripBlockTags("", state.blockState, { final: true })` and emitting/accumulating the returned literal tail before setting `lastBlockReplyText`.
- Confidence: high
## Reviewed
- Diff: `68ef37011ec785a71c9e3476d335e8b2a7b1ae26..5435591f6a1a8cd2f9c3f5b131457f9a73547923`
- Changed files: `CHANGELOG.md`, `src/agents/pi-embedded-subscribe.handlers.messages.ts`, `src/agents/pi-embedded-subscribe.handlers.types.ts`, `src/agents/pi-embedded-subscribe.subscribe-embedded-pi-session.filters-final-suppresses-output-without-start-tag.test.ts`, `src/agents/pi-embedded-subscribe.ts`, `src/gateway/openai-http.test.ts`
- Code read: changed files, `src/gateway/openai-http.ts`, `src/gateway/agent-event-assistant-text.ts`, `src/infra/agent-events.ts`, `src/agents/pi-embedded-block-chunker.ts`, `src/agents/pi-embedded-subscribe.e2e-harness.ts`, `docs/pi.md`
- Issue context: inspected GitHub issue `#63325`
## Tests / Live Checks
- `pnpm test src/agents/pi-embedded-subscribe.subscribe-embedded-pi-session.filters-final-suppresses-output-without-start-tag.test.ts src/gateway/openai-http.test.ts` passed.
- `git diff --check 68ef37011ec785a71c9e3476d335e8b2a7b1ae26..5435591f6a1a8cd2f9c3f5b131457f9a73547923` passed.
- Ran a focused `pnpm exec tsx --eval` probe for the block-reply edge; it reproduced the truncation.
## Dependency / Web Checks
- No dependency files changed.
- Ran `pnpm docs:list` and read the relevant streaming section in `docs/pi.md`.
## Limitations
- No broad `pnpm check:changed` run; this was a focused commit review.
```

118
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-548c280eff60.md
View File

@ -1,118 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-548c280eff60
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-548c280eff60
source: clawsweeper_commit
commit_sha: 548c280eff60d1851473fdb455cfdc82dd552779
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/548c280eff60d1851473fdb455cfdc82dd552779.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-548c280eff60`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/548c280eff60d1851473fdb455cfdc82dd552779
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/548c280eff60d1851473fdb455cfdc82dd552779.md
- Latest main at intake: 4932e91517ad04797ae57283a602bd5c2ac92199
## ClawSweeper Report
```md
---
sha: 548c280eff60d1851473fdb455cfdc82dd552779
parent: 66b4324d41e1c44c1262acf521bc661dcf2a7a29
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T06:29:36+01:00"
commit_committed_at: "2026-04-29T06:29:44+01:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T05:35:10Z
---
# Commit 548c280
## Summary
Found one concrete regression: the commit expands the public Plugin SDK channel contract but does not update the generated API baseline hash, so the SDK API check fails.
## Findings
### Medium: Plugin SDK API baseline is stale after exporting `ChannelOutboundPayloadHint`
- Kind: regression
- File: `src/plugin-sdk/channel-contract.ts`
- Line: 41
- Evidence: the commit adds `ChannelOutboundPayloadHint` to the public `channel-contract` export surface, but does not update `docs/.generated/plugin-sdk-api-baseline.sha256`. Running `pnpm plugin-sdk:api:check` fails with `Plugin SDK API baseline drift detected` and `Hash mismatch: docs/.generated/plugin-sdk-api-baseline.sha256`.
- Impact: changed/API gates will fail for this main commit, and the recorded public Plugin SDK baseline no longer matches the shipped contract.
- Suggested fix: verify the new export is intentional, then run `pnpm plugin-sdk:api:gen` and commit the updated `docs/.generated/plugin-sdk-api-baseline.sha256`.
- Confidence: high
## Reviewed
- Diff: `66b4324d41e1c44c1262acf521bc661dcf2a7a29..548c280eff60d1851473fdb455cfdc82dd552779`
- Changed files: changelog/docs, Discord approval code, dispatch tests, native approval route coordinator, channel outbound types, plugin SDK channel contract.
- Code read: changed implementation files, coordinator tests, dispatch approval flow, Discord approval capability/runtime paths, gateway send path, approval filter/account helpers.
- GitHub context: inspected issue `#73954` and PR `#74027`.
- Docs: ran `pnpm docs:list`; read Discord and exec approval docs.
## Tests / Live Checks
- `pnpm install` because `node_modules` was missing.
- `pnpm test src/infra/approval-native-route-coordinator.test.ts src/agents/system-prompt.test.ts src/auto-reply/reply/dispatch-from-config.test.ts -- -t "native delivery reaches no targets|keeps approval slug guidance|local discord exec approval tool prompts"`: passed 3 Vitest shards.
- `git diff --check 66b4324d41e1c44c1262acf521bc661dcf2a7a29..548c280eff60d1851473fdb455cfdc82dd552779`: passed.
- `pnpm plugin-sdk:api:check`: failed with API baseline drift.
## Dependency / Web Checks
- No dependency changes in this commit.
- No external web lookup needed for the finding.
## Limitations
- No live Discord/Ollama approval roundtrip was run.
- Full `pnpm check` was not run; the focused Plugin SDK API check already exposed a gate failure.
```

112
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-5eb9b3da3401.md
View File

@ -1,112 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-5eb9b3da3401
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-5eb9b3da3401
source: clawsweeper_commit
commit_sha: 5eb9b3da3401f4f3e600b6e1c480e915edcbe9f2
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/5eb9b3da3401f4f3e600b6e1c480e915edcbe9f2.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-5eb9b3da3401`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/5eb9b3da3401f4f3e600b6e1c480e915edcbe9f2
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/5eb9b3da3401f4f3e600b6e1c480e915edcbe9f2.md
- Latest main at intake: 0fc303232506cdcce42306ff71a2b3c657fe2d31
## ClawSweeper Report
```md
---
sha: 5eb9b3da3401f4f3e600b6e1c480e915edcbe9f2
parent: 806a0119f3cd0683c1b7797f835dc09203253948
repository: openclaw/openclaw
author: "steipete"
committer: "steipete"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T05:25:27+01:00"
commit_committed_at: "2026-04-29T05:25:42+01:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T04:29:47Z
---
# Commit 5eb9b3d
## Summary
Found one reliability regression in the QA live transport memory suppression path.
## Findings
### Medium: Memory-core is still selected by the default plugin slot in packaged live lanes
- Kind: reliability
- File: `extensions/qa-lab/src/live-transports/shared/live-gateway.runtime.ts`
- Line: 49
- Evidence: `prepareLiveTransportGatewayConfig` removes `memory-core` from `plugins.allow` and `plugins.entries`, but it does not set `plugins.slots.memory` to `"none"` or explicitly disable the entry. The plugin config normalizer defaults an unset memory slot to `memory-core` (`src/plugins/config-normalization-shared.ts:155`, `src/plugins/slots.ts:17`), and activation enables a plugin selected by that slot before the allowlist rejection path (`src/plugins/config-activation-shared.ts:203`). This matters for installed/package Telegram QA because `sutOpenClawCommand` sets `usePackagedPlugins: true` (`extensions/qa-lab/src/live-transports/telegram/telegram-live.runtime.ts:1202`), and that bypasses the source-tree staging filter that would otherwise omit `memory-core` from `OPENCLAW_BUNDLED_PLUGINS_DIR` (`extensions/qa-lab/src/gateway-child.ts:621`).
- Impact: packaged live Telegram release/package validation can still load the `memory-core` runtime even though this commit is trying to slim transport-only startup. That preserves the startup cost and side effects the change is meant to remove, and can keep the release transport lane vulnerable to startup timeouts.
- Suggested fix: when preparing transport-only gateway config, also set `plugins.slots.memory = "none"` or set `plugins.entries["memory-core"].enabled = false`; add a test that runs the mutated config through the plugin activation/normalization contract, not only an allowlist/entry assertion.
- Confidence: high
## Reviewed
- Diff: `806a0119f3cd0683c1b7797f835dc09203253948..5eb9b3da3401f4f3e600b6e1c480e915edcbe9f2`
- Changed files: `.github/workflows/openclaw-release-checks.yml`, `extensions/qa-lab/src/gateway-child.ts`, `extensions/qa-lab/src/live-transports/shared/live-gateway.runtime.ts`, `src/gateway/server-startup-post-attach.ts`, and adjacent tests.
- Code read: QA gateway config/build/staging, live transport Telegram/Discord callers, gateway startup prewarm sidecar, plugin config normalization/activation/slot handling.
- Dependencies/web: no external web lookup needed; no dependency manifests changed.
## Tests / Live Checks
- `pnpm docs:list`
- `pnpm test extensions/qa-lab/src/live-transports/shared/live-gateway.runtime.test.ts extensions/qa-lab/src/gateway-child.test.ts src/gateway/server-startup.test.ts` initially failed because `node_modules` was missing.
- `pnpm install`
- Retried targeted tests: passed, 3 files / 59 tests.
- `pnpm test src/plugins/config-state.test.ts`: passed, 47 tests.
## Limitations
- Did not run full release QA or package Telegram live lanes; finding is based on source trace plus existing plugin-slot contract tests.
```

112
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-6a4c866b6a8b.md
View File

@ -1,112 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-6a4c866b6a8b
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-6a4c866b6a8b
source: clawsweeper_commit
commit_sha: 6a4c866b6a8b09360f1f51aa99aac9e682b0fef1
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/6a4c866b6a8b09360f1f51aa99aac9e682b0fef1.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-6a4c866b6a8b`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/6a4c866b6a8b09360f1f51aa99aac9e682b0fef1
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/6a4c866b6a8b09360f1f51aa99aac9e682b0fef1.md
- Latest main at intake: 3367cfaa1466c50a345234970d2d87252904c464
## ClawSweeper Report
```md
---
sha: 6a4c866b6a8b09360f1f51aa99aac9e682b0fef1
parent: 1d87d757e964a204f64f2ba512d10905c0a94411
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T07:36:51+01:00"
commit_committed_at: "2026-04-29T07:36:55+01:00"
result: findings
confidence: high
highest_severity: low
check_conclusion: neutral
reviewed_at: 2026-04-29T06:40:47Z
---
# Commit 6a4c866
## Summary
Found one low-severity release-process regression: the CI docs were updated for Android opt-in, but the release guide still claims and demonstrates manual CI as if Android runs by default.
## Findings
### Low: Release guide manual CI command no longer runs documented Android coverage
- Kind: regression
- File: `docs/reference/RELEASING.md`
- Line: 129
- Evidence: The commit changes manual CI so Android only runs when `full_release_validation` or `include_android` is true in `.github/workflows/ci.yml:135`, and the Android job is gated by `run_android_job` at `.github/workflows/ci.yml:2158`. `docs/ci.md:362` was updated to say standalone manual CI needs `include_android=true`, but `docs/reference/RELEASING.md:129` still says direct manual CI forces “Windows, macOS, Android,” and `docs/reference/RELEASING.md:335` still shows `gh workflow run ci.yml --ref main -f target_ref=release/YYYY.M.D` without `-f include_android=true`.
- Impact: A release maintainer following the release guide for “full normal CI coverage” can now skip Android validation unintentionally.
- Suggested fix: Update the release guide to either add `-f include_android=true` to direct manual CI examples or direct release candidates through `full-release-validation.yml` when Android coverage is required.
- Confidence: high
## Reviewed
- Diff: `1d87d757e964a204f64f2ba512d10905c0a94411..6a4c866b6a8b09360f1f51aa99aac9e682b0fef1`
- Changed files: `.github/actions/setup-node-env/action.yml`, `.github/workflows/ci.yml`, `docs/ci.md`, `scripts/lib/extension-test-plan.mjs`, `test/scripts/plugin-prerelease-test-plan.test.ts`
- Code read: CI preflight manifest, Android job gating/setup, setup-node-env cache/install action, extension shard planner, plugin prerelease workflow test, release CI docs
- Dependencies/web: no dependency files changed; no external web lookup needed
## Tests / Live Checks
- `pnpm docs:list`
- `git diff --check 1d87d757e964a204f64f2ba512d10905c0a94411..6a4c866b6a8b09360f1f51aa99aac9e682b0fef1`
- `pnpm install` to restore missing local dependencies
- `pnpm test test/scripts/plugin-prerelease-test-plan.test.ts test/scripts/test-extension.test.ts` passed: 35 tests
- `pnpm check:workflows` passed
## Limitations
- Did not dispatch a live GitHub Actions CI run or run the full CI/Testbox gate.
```

111
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-7662a17b08bb.md
View File

@ -1,111 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-7662a17b08bb
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-7662a17b08bb
source: clawsweeper_commit
commit_sha: 7662a17b08bbc99483dad95b2657f869377df1b7
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/7662a17b08bbc99483dad95b2657f869377df1b7.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-7662a17b08bb`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/7662a17b08bbc99483dad95b2657f869377df1b7
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/7662a17b08bbc99483dad95b2657f869377df1b7.md
- Latest main at intake: a0fd105e5e41fafd7f537843af0dea9bd1a7336f
## ClawSweeper Report
```md
---
sha: 7662a17b08bbc99483dad95b2657f869377df1b7
parent: 9ddd10b84cf2d2d6ea899daeced4984851a56da0
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T08:15:48+01:00"
commit_committed_at: "2026-04-29T08:16:17+01:00"
result: findings
confidence: high
highest_severity: low
check_conclusion: neutral
reviewed_at: 2026-04-29T07:21:07Z
---
# Commit 7662a17
## Summary
Found one release-smoke reliability issue: the cross-OS release script removes `memory-core` from `plugins.allow`, but does not disable the default memory slot, so later broad runtime plugin loads still treat `memory-core` as enabled.
## Findings
### Low: Cross-OS smoke still leaves `memory-core` selected through the default memory slot
- Kind: reliability
- File: `scripts/openclaw-cross-os-release-checks.ts`
- Line: 58
- Evidence: The release allowlist no longer includes `memory-core`, and the script only writes `plugins.allow` at `scripts/openclaw-cross-os-release-checks.ts:1863` and `scripts/openclaw-cross-os-release-checks.ts:2633`. It never writes `plugins.slots.memory = "none"`. The config normalizer defaults an unset memory slot to `memory-core` (`src/plugins/config-normalization-shared.ts:148`, `src/plugins/slots.ts:17`), and agent runs call `ensureRuntimePluginsLoaded` before execution (`src/agents/pi-embedded-runner/run.ts:346`). A focused probe confirmed this exact release allowlist makes `memory-core` `enabled: true` in a broad loader snapshot; adding `slots: { memory: "none" }` disables it.
- Impact: The commits cross-OS release smoke path can still load/register the memory plugin during the agent turn, so the intended memory startup reduction is incomplete and can still carry the memory/plugin startup cost this change is trying to avoid.
- Suggested fix: When the release smoke script writes `plugins.allow`, also set `plugins.slots.memory` to `"none"` for both installed and dev paths, mirroring the new QA live gateway config behavior.
- Confidence: high
## Reviewed
- Diff: `9ddd10b84cf2d2d6ea899daeced4984851a56da0..7662a17b08bbc99483dad95b2657f869377df1b7`
- Changed files: `extensions/qa-lab/src/live-transports/shared/live-gateway.runtime.ts`, `extensions/qa-lab/src/live-transports/shared/live-gateway.runtime.test.ts`, `scripts/openclaw-cross-os-release-checks.ts`, `test/scripts/openclaw-cross-os-release-checks.test.ts`
- Code read: QA live gateway config/test, QA gateway child config staging, cross-OS release config writes, plugin slot normalization, activation policy, runtime plugin loading, memory plugin manifest/entrypoint.
- Dependencies/web: no dependency files changed; no web lookup needed.
## Tests / Live Checks
- `pnpm install`
- `pnpm test extensions/qa-lab/src/live-transports/shared/live-gateway.runtime.test.ts test/scripts/openclaw-cross-os-release-checks.test.ts` passed.
- `pnpm exec tsx -e ...` probe confirmed the release allowlist without `plugins.slots.memory` keeps `memory-core` enabled in a broad plugin load, while `slots.memory = "none"` disables it.
- `git diff --check 9ddd10b84cf2d2d6ea899daeced4984851a56da0..7662a17b08bbc99483dad95b2657f869377df1b7` passed.
## Limitations
- Did not run the full cross-OS release smoke; the focused static trace and runtime loader probe covered the changed contract directly.
```

110
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-7877182b6f59.md
View File

@ -1,110 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-7877182b6f59
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-7877182b6f59
source: clawsweeper_commit
commit_sha: 7877182b6f59dbd11bc8245a4eb815a4b4126d78
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/7877182b6f59dbd11bc8245a4eb815a4b4126d78.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-7877182b6f59`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/7877182b6f59dbd11bc8245a4eb815a4b4126d78
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/7877182b6f59dbd11bc8245a4eb815a4b4126d78.md
- Latest main at intake: 88237faed3c5edc69a821d7296e82172c399a91b
## ClawSweeper Report
```md
---
sha: 7877182b6f59dbd11bc8245a4eb815a4b4126d78
parent: 1a936f225e7e05a856cb7e43504c7d9846a5920c
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T09:15:34+01:00"
commit_committed_at: "2026-04-29T09:15:54+01:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T08:20:17Z
---
# Commit 7877182
## Summary
Found one concrete regression: a focused gateway test file now fails because its module mock was not updated for the new runtime-deps cleanup export.
## Findings
### Medium: Gateway startup plugin tests fail after new runtime-deps import
- Kind: regression
- File: `src/gateway/server-startup-plugins.test.ts`
- Line: 122
- Evidence: `src/gateway/server-startup-plugins.ts:8` now imports `pruneUnknownBundledRuntimeDepsRoots`, and `prestageGatewayBundledRuntimeDeps()` calls it at `src/gateway/server-startup-plugins.ts:58`. The existing Vitest mock for `../plugins/bundled-runtime-deps.js` only exports `repairBundledRuntimeDepsInstallRootAsync`, `resolveBundledRuntimeDependencyPackageInstallRoot`, and `scanBundledPluginRuntimeDeps`, so `pnpm test src/gateway/server-startup-plugins.test.ts` fails four tests with: `No "pruneUnknownBundledRuntimeDepsRoots" export is defined on the "../plugins/bundled-runtime-deps.js" mock`.
- Impact: The gateway startup test shard is red, so changed-gate or full CI can fail on main and the affected tests no longer exercise the intended startup dependency staging behavior.
- Suggested fix: Add a hoisted `pruneUnknownBundledRuntimeDepsRoots` mock returning `{ scanned: 0, removed: 0, skippedLocked: 0 }`, export it from the mocked module, reset it in `beforeEach`, and optionally assert the startup cleanup call in the runtime-deps staging tests.
- Confidence: high
## Reviewed
- Diff: `1a936f225e7e05a856cb7e43504c7d9846a5920c..7877182b6f59dbd11bc8245a4eb815a4b4126d78`
- Changed files: `CHANGELOG.md`, `docs/automation/cron-jobs.md`, `src/cron/service.restart-catchup.test.ts`, `src/cron/service/ops.ts`, `src/cron/service/state.ts`, `src/cron/service/timer.ts`, `src/gateway/server-startup-plugins.ts`, `src/plugins/bundled-runtime-deps.test.ts`, `src/plugins/bundled-runtime-deps.ts`
- Code read: full changed cron startup/timer paths, gateway plugin bootstrap path, bundled runtime-deps cleanup/locking code, adjacent gateway startup plugin test mock, cron docs.
- Dependencies/web: no external web facts needed; ran `pnpm install` once because `node_modules` was missing.
## Tests / Live Checks
- `pnpm docs:list` passed.
- `pnpm test src/cron/service.restart-catchup.test.ts src/plugins/bundled-runtime-deps.test.ts` passed: 9 cron tests, 88 plugin tests.
- `pnpm test src/gateway/server-startup-plugins.test.ts` failed as described above.
## Limitations
- Did not run broad `pnpm check:changed` or full test suite after the focused gateway test exposed the actionable failure.
```

111
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-7c7561f5a33e.md
View File

@ -1,111 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-7c7561f5a33e
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-7c7561f5a33e
source: clawsweeper_commit
commit_sha: 7c7561f5a33e45080f791cd22c1be32374bca531
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/7c7561f5a33e45080f791cd22c1be32374bca531.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-7c7561f5a33e`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/7c7561f5a33e45080f791cd22c1be32374bca531
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/7c7561f5a33e45080f791cd22c1be32374bca531.md
- Latest main at intake: 450607847b7b5c9f6ce848c72afbeb571c41e10c
## ClawSweeper Report
```md
---
sha: 7c7561f5a33e45080f791cd22c1be32374bca531
parent: 2f04731a48ec99f052356e47bea7a4642a295673
repository: openclaw/openclaw
author: "Vincent Koc"
committer: "Vincent Koc"
github_author: vincentkoc
github_committer: vincentkoc
co_authors: []
commit_authored_at: "2026-04-28T22:19:07-07:00"
commit_committed_at: "2026-04-28T22:19:34-07:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T05:23:12Z
---
# Commit 7c7561f5a3
## Summary
Found one regression in the new scoped fallback load: configured workspace/external capability plugins are excluded because the scope is derived only from bundled manifest owners.
## Findings
### Medium: Cold capability resolution now drops configured non-bundled providers
- Kind: regression
- File: `src/plugins/capability-provider-runtime.ts`
- Line: 272
- Evidence: `resolveBundledCapabilityCompatPluginIds` only returns plugins where `plugin.origin === "bundled"` (`src/plugins/capability-provider-runtime.ts:58`). The new fallback then always passes `onlyPluginIds: pluginIds` into `resolveRuntimePluginRegistry` (`src/plugins/capability-provider-runtime.ts:272`), so when `pluginIds` is empty for a configured workspace/external provider, the loader gets an explicit empty scope and loads no plugins. I verified this with a temp native plugin configured through `plugins.load.paths`, `allow`, and `entries`, with `contracts.imageGenerationProviders: ["external-image"]` and `api.registerImageGenerationProvider(...)`: direct unscoped `resolveRuntimePluginRegistry({ config, activate: false })` returned `["external-image"]`, while `resolvePluginCapabilityProviders({ key: "imageGenerationProviders", cfg: config })` returned `[]`.
- Impact: cold provider registry paths can no longer discover configured third-party/native capability providers before an active runtime registry exists. This affects public capability surfaces such as image/video/music/media/speech/realtime providers, despite the plugin architecture docs describing capabilities as the public native plugin model and allowing native capability discovery snapshots.
- Suggested fix: build the scoped load from all manifest owners relevant to the current config, not only bundled compat owners, or omit `onlyPluginIds` when `cfg` explicitly configures non-bundled capability plugins. Keep the bundled narrowing, but include configured workspace/installed owners with matching capability contracts.
- Confidence: high
## Reviewed
- Diff: `2f04731a48ec99f052356e47bea7a4642a295673..7c7561f5a33e45080f791cd22c1be32374bca531`
- Changed files: `src/plugins/capability-provider-runtime.ts`, `src/plugins/capability-provider-runtime.test.ts`
- Code read: changed files in full, loader `onlyPluginIds` handling, plugin scope helpers, bundled compat helpers, provider registry callers, plugin architecture docs.
- Dependencies/web: no external dependency or web checks needed; this is internal loader/runtime behavior.
## Tests / Live Checks
- `pnpm docs:list`
- `pnpm install` because `node_modules` was missing
- `pnpm test src/plugins/capability-provider-runtime.test.ts` passed: 19 tests
- Ad-hoc temp plugin smoke reproduced the regression described above.
## Limitations
- Did not run full `pnpm check:changed`; focused review and targeted tests were sufficient for the touched surface and concrete regression.
```

111
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-806a0119f3cd.md
View File

@ -1,111 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-806a0119f3cd
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-806a0119f3cd
source: clawsweeper_commit
commit_sha: 806a0119f3cd0683c1b7797f835dc09203253948
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/806a0119f3cd0683c1b7797f835dc09203253948.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-806a0119f3cd`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/806a0119f3cd0683c1b7797f835dc09203253948
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/806a0119f3cd0683c1b7797f835dc09203253948.md
- Latest main at intake: 0fc303232506cdcce42306ff71a2b3c657fe2d31
## ClawSweeper Report
```md
---
sha: 806a0119f3cd0683c1b7797f835dc09203253948
parent: aa84b738b6eaeb00689d4d0952c5904cece57137
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T05:25:23+01:00"
commit_committed_at: "2026-04-29T05:25:42+01:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T04:29:34Z
---
# Commit 806a011
## Summary
Found one release-CI regression in the new shared live-test Docker image path.
## Findings
### Medium: Shared live-test image omits plugin dependencies required by reused Docker live suites
- Kind: regression
- File: `.github/workflows/openclaw-live-and-e2e-checks-reusable.yml`
- Line: 1328
- Evidence: The new shared image is built once with only `OPENCLAW_EXTENSIONS=matrix`, then `validate_live_docker_provider_suites` runs all Docker live backend suites with `OPENCLAW_LIVE_IMAGE` and `OPENCLAW_SKIP_DOCKER_BUILD=1`. Existing suite wrappers still declare extra build requirements: `scripts/test-live-acp-bind-docker.sh:238` appends `acpx`, and `scripts/test-live-codex-harness-docker.sh:221` appends `codex`, before calling `scripts/test-live-build-docker.sh`. But `scripts/test-live-build-docker.sh:25` exits after inspecting/pulling the image when `OPENCLAW_SKIP_DOCKER_BUILD=1`, so those appended extension build args are never applied. `extensions/acpx/package.json:6` depends on packages such as `acpx`, `@zed-industries/codex-acp`, and `@agentclientprotocol/claude-agent-acp`, which are not root dependencies.
- Impact: Release live/E2E Docker provider suites that exercise ACP bind, and potentially Codex harness behavior, can now pull the shared `matrix`-only image and run without the plugin dependency set they previously built into their lane image. This can break the release validation path even when product code is healthy.
- Suggested fix: Build the shared live-test image with the union of plugin extensions required by all reused Docker live suites, at least `matrix codex acpx`, or keep separate image variants keyed by required extension set. Alternatively, do not set `OPENCLAW_SKIP_DOCKER_BUILD=1` for lanes that need additional build extensions.
- Confidence: high
## Reviewed
- Diff: `aa84b738b6eaeb00689d4d0952c5904cece57137..806a0119f3cd0683c1b7797f835dc09203253948`
- Changed files: `.github/workflows/openclaw-live-and-e2e-checks-reusable.yml`, `docs/ci.md`, `docs/help/testing.md`
- Code read: changed workflow in full around live/E2E jobs, prior workflow version, Docker live wrapper scripts, live staging script, Dockerfile build target, ACPX/Codex package manifests, relevant live tests
- Dependencies/web: no external web needed; issue is established from local workflow and script contracts
## Tests / Live Checks
- `pnpm docs:list`
- `pnpm check:workflows` passed
- `git diff --check aa84b738b6eaeb00689d4d0952c5904cece57137..806a0119f3cd0683c1b7797f835dc09203253948` passed
- `gh api repos/openclaw/openclaw/commits/806a0119f3cd0683c1b7797f835dc09203253948/pulls` returned no associated PRs
## Limitations
- Did not build/push or run the GHCR/Blacksmith live Docker suites locally; the finding is based on traced workflow/script behavior.
```

117
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-8b71d2347f2b.md
View File

@ -1,117 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-8b71d2347f2b
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-8b71d2347f2b
source: clawsweeper_commit
commit_sha: 8b71d2347f2b31d829582471efa850a2353937ef
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/8b71d2347f2b31d829582471efa850a2353937ef.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-8b71d2347f2b`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/8b71d2347f2b31d829582471efa850a2353937ef
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/8b71d2347f2b31d829582471efa850a2353937ef.md
- Latest main at intake: 023d3371a533266dd465c34102f86768726f173b
## ClawSweeper Report
```md
---
sha: 8b71d2347f2b31d829582471efa850a2353937ef
parent: 64387ad8e2cc504dcb727af3bec882057f6452d8
repository: openclaw/openclaw
author: "Vincent Koc"
committer: "Vincent Koc"
github_author: vincentkoc
github_committer: vincentkoc
co_authors: []
commit_authored_at: "2026-04-28T23:55:26-07:00"
commit_committed_at: "2026-04-29T00:04:17-07:00"
result: findings
confidence: high
highest_severity: low
check_conclusion: neutral
reviewed_at: 2026-04-29T07:09:25+00:00
---
# Commit 8b71d23
## Summary
Found one concrete low-severity regression: the runtime `diffs` config schema changed, but the static plugin manifest was not kept in sync.
## Findings
### Low: Diffs config schema now drifts from the plugin manifest
- Kind: regression
- File: `extensions/diffs/src/config.ts`
- Line: 149
- Evidence: `extensions/diffs/src/config.ts:149` and `extensions/diffs/src/config.ts:156`-`170` add `.describe(...)` to deprecated config aliases, so `diffsPluginConfigSchema.jsonSchema` now contains `description` fields. `extensions/diffs/openclaw.plugin.json:139`-`175` still lists those same alias properties without descriptions. The existing sync test at `extensions/diffs/src/config.test.ts:322` fails, showing the runtime schema has new descriptions for `format`, `imageFormat`, `imageQuality`, `imageScale`, and `imageMaxWidth` that the manifest lacks.
- Impact: Manifest-first plugin discovery/config surfaces keep serving the stale static schema, and the targeted `diffs` config test fails on this commit.
- Suggested fix: Update `extensions/diffs/openclaw.plugin.json` `configSchema.properties.defaults.properties` for the five alias fields to include the new descriptions, or remove the runtime descriptions if the manifest should remain unchanged. Then rerun the targeted `diffs` config test.
- Confidence: high
## Reviewed
- Diff: `64387ad8e2cc504dcb727af3bec882057f6452d8..8b71d2347f2b31d829582471efa850a2353937ef`
- Changed files read: all 11 changed files
- Code read: `extensions/diffs/src/config.test.ts`, `extensions/diffs/src/tool.test.ts`, `extensions/diffs/openclaw.plugin.json`, `src/plugins/config-schema.ts`, provider/tool schema normalization paths
- Docs: ran `pnpm docs:list`; read relevant `diffs`, provider, TTS, cron, and exec docs
- Dependencies: installed missing deps once; inspected local TypeBox 1.1.33 types/source behavior
## Tests / Live Checks
- `pnpm test extensions/diffs/src/config.test.ts extensions/diffs/src/tool.test.ts --run` failed: `extensions/diffs/src/config.test.ts` manifest/runtime schema sync test failed.
- `pnpm tsgo:extensions` passed.
- `git diff --check 64387ad8e2cc504dcb727af3bec882057f6452d8..8b71d2347f2b31d829582471efa850a2353937ef` passed.
- `git status --short` was clean after dependency install.
## Dependency / Web Checks
- No web lookup was needed.
- Local TypeBox check confirmed `deprecated: true` is preserved as a schema keyword and is type-compatible through `TSchemaOptions`.
## Limitations
- I did not run broad `pnpm check:changed`; the focused test already reproduced the concrete regression.
```

117
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-a0fd105e5e41.md
View File

@ -1,117 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-a0fd105e5e41
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-a0fd105e5e41
source: clawsweeper_commit
commit_sha: a0fd105e5e41fafd7f537843af0dea9bd1a7336f
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/a0fd105e5e41fafd7f537843af0dea9bd1a7336f.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-a0fd105e5e41`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/a0fd105e5e41fafd7f537843af0dea9bd1a7336f
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/a0fd105e5e41fafd7f537843af0dea9bd1a7336f.md
- Latest main at intake: bd5afadc5c7a0575093d4e15fe518fe22d9792cb
## ClawSweeper Report
```md
---
sha: a0fd105e5e41fafd7f537843af0dea9bd1a7336f
parent: 9b1967e5efe2389e8387dcf9c2803f5bba4b7842
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T08:20:06+01:00"
commit_committed_at: "2026-04-29T08:21:12+01:00"
result: findings
confidence: high
highest_severity: low
check_conclusion: neutral
reviewed_at: 2026-04-29T07:26:06Z
---
# Commit a0fd105
## Summary
Found one low-severity release-operator documentation regression. The workflow split itself looks wired and covered by focused tests, but the release policy still describes the old child-workflow set in one approval paragraph.
## Findings
### Low: Release checklist omits the new plugin prerelease child from approval criteria
- Kind: regression
- File: `docs/reference/RELEASING.md`
- Line: 245
- Evidence: `full-release-validation.yml` now dispatches `plugin-prerelease.yml` as its own `plugin_prerelease` child and the final verifier requires `plugin_prerelease` success unless skipped (`.github/workflows/full-release-validation.yml:274`, `.github/workflows/full-release-validation.yml:713`). The release docs still say Full Release Validation dispatches only manual `CI`, `OpenClaw Release Checks`, and optional Telegram, and says a full run is acceptable when `normal_ci` and `release_checks` are successful plus optional `npm_telegram` (`docs/reference/RELEASING.md:245`, `docs/reference/RELEASING.md:251`).
- Impact: A release operator following this paragraph can miss the separate `Plugin Prerelease` evidence box and approve based on an incomplete checklist, especially when reviewing child run URLs or rerun evidence outside the parent verifier.
- Suggested fix: Update this paragraph to include `Plugin Prerelease`, and require `plugin_prerelease` success for full runs unless the rerun group intentionally skipped it.
- Confidence: high
## Reviewed
- Diff: `9b1967e5efe2389e8387dcf9c2803f5bba4b7842..a0fd105e5e41fafd7f537843af0dea9bd1a7336f`
- Changed files: `.github/workflows/ci.yml`, `.github/workflows/full-release-validation.yml`, `.github/workflows/plugin-prerelease.yml`, CI/testing docs, and workflow-plan tests.
- Code read: changed workflows in full, old CI release-only plugin lanes, reusable Docker E2E workflow call path, node/plugin prerelease plan helpers, release docs.
- GitHub checks: exact-sha broad CI was cancelled/superseded; Workflow Sanity/actionlint check on the commit completed successfully.
## Tests / Live Checks
- `pnpm docs:list`
- `pnpm install` after the first focused test attempt reported missing `node_modules`
- `pnpm test test/scripts/plugin-prerelease-test-plan.test.ts test/scripts/ci-node-test-plan.test.ts -- --reporter=verbose` passed, 17 tests.
- `node scripts/check-workflows.mjs` passed.
- `git diff --check 9b1967e5efe2389e8387dcf9c2803f5bba4b7842..a0fd105e5e41fafd7f537843af0dea9bd1a7336f` passed.
- Parsed the three changed workflow YAML files with the repos `yaml` dependency.
## Dependency / Web Checks
Checked `actions/checkout` documentation for the new SHA checkout usage; its `ref` input accepts a branch, tag, or SHA and `fetch-depth` defaults to one commit, matching the workflows target-SHA checkout pattern. ([github.com](https://github.com/actions/checkout))
## Limitations
- Did not run full CI, Docker, or release validation locally; this was a report-only review and the broad exact-sha CI run on GitHub was cancelled by later main activity.
```

113
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-a7c375532725.md
View File

@ -1,113 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-a7c375532725
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-a7c375532725
source: clawsweeper_commit
commit_sha: a7c375532725cd135b0735b96f5f9fbc2dd1e4bb
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/a7c375532725cd135b0735b96f5f9fbc2dd1e4bb.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-a7c375532725`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/a7c375532725cd135b0735b96f5f9fbc2dd1e4bb
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/a7c375532725cd135b0735b96f5f9fbc2dd1e4bb.md
- Latest main at intake: 83df409d9482e54f9d261462c85fc97f440299e7
## ClawSweeper Report
```md
---
sha: a7c375532725cd135b0735b96f5f9fbc2dd1e4bb
parent: 67e8d35f1cf8ef4b8173d963e250c776af355099
repository: openclaw/openclaw
author: "Vincent Koc"
committer: "Vincent Koc"
github_author: vincentkoc
github_committer: vincentkoc
co_authors: []
commit_authored_at: "2026-04-28T22:35:51-07:00"
commit_committed_at: "2026-04-28T22:41:23-07:00"
result: findings
confidence: high
highest_severity: low
check_conclusion: neutral
reviewed_at: 2026-04-29T05:45:02Z
---
# Commit a7c3755
## Summary
The runtime change is comment-only and the compatibility facades still expose the same exports and loader paths, but the SDK API baseline check now fails because the tracked generated hash was not updated.
## Findings
### Low: Plugin SDK API baseline hash is stale
- Kind: regression
- File: `docs/.generated/plugin-sdk-api-baseline.sha256`
- Line: 1
- Evidence: `pnpm plugin-sdk:api:check` fails with `Plugin SDK API baseline drift detected` and points at `docs/.generated/plugin-sdk-api-baseline.sha256`. The commit changes public SDK facade JSDoc in `src/plugin-sdk/channel-config-schema-legacy.ts`, `src/plugin-sdk/discord.ts`, and `src/plugin-sdk/telegram-account.ts`, but does not update the tracked generated hash.
- Impact: The SDK API drift gate will fail for this commit even though the intended API surface change is documentation/deprecation metadata only.
- Suggested fix: Run `pnpm plugin-sdk:api:gen` and commit the updated `docs/.generated/plugin-sdk-api-baseline.sha256`, or revert the SDK comment changes if no public-surface drift was intended.
- Confidence: high
## Reviewed
- Diff: `67e8d35f1cf8ef4b8173d963e250c776af355099..a7c375532725cd135b0735b96f5f9fbc2dd1e4bb`
- Changed files: `src/plugin-sdk/channel-config-schema-legacy.ts`, `src/plugin-sdk/discord.ts`, `src/plugin-sdk/telegram-account.ts`
- Code read: full changed files, parent versions, SDK entrypoint/export metadata, API baseline generator, relevant SDK docs, adjacent facade/boundary tests
- Dependencies/web: no dependency files changed; no external lookup needed
## Tests / Live Checks
- `pnpm docs:list`: passed
- `git diff --check 67e8d35f1cf8ef4b8173d963e250c776af355099..a7c375532725cd135b0735b96f5f9fbc2dd1e4bb`: passed
- `pnpm exec oxfmt --check --threads=1 src/plugin-sdk/channel-config-schema-legacy.ts src/plugin-sdk/discord.ts src/plugin-sdk/telegram-account.ts`: passed after `pnpm install`
- `pnpm plugin-sdk:check-exports`: passed
- `pnpm plugin-sdk:api:check`: failed with SDK API baseline drift
- `pnpm test src/plugin-sdk/telegram-account.test.ts test/extension-test-boundary.test.ts`: passed
## Limitations
- none
```

111
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-a887a512ef8e.md
View File

@ -1,111 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-a887a512ef8e
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-a887a512ef8e
source: clawsweeper_commit
commit_sha: a887a512ef8eded87891832611806f47a97331c7
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/a887a512ef8eded87891832611806f47a97331c7.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-a887a512ef8e`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/a887a512ef8eded87891832611806f47a97331c7
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/a887a512ef8eded87891832611806f47a97331c7.md
- Latest main at intake: d28500ffd6cd66417b04618caac9657667b7dd71
## ClawSweeper Report
```md
---
sha: a887a512ef8eded87891832611806f47a97331c7
parent: a9f58d34a28b1dcf682759fcc99bc486f5b1b8d0
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T07:01:08+01:00"
commit_committed_at: "2026-04-29T07:01:09+01:00"
result: findings
confidence: high
highest_severity: high
check_conclusion: failure
reviewed_at: 2026-04-29T06:04:01Z
---
# Commit a887a512
## Summary
Found one concrete CI regression. The commit adds duplicate `run_checks_node_extensions` keys in the workflow output map and manifest object.
## Findings
### High: Duplicate extension output key breaks workflow sanity and keeps the empty-shard guard ineffective
- Kind: regression
- File: `.github/workflows/ci.yml`
- Line: 59
- Evidence: `pnpm check:workflows` fails with actionlint: `key "run_checks_node_extensions" is duplicated in "outputs" section. previously defined at line:56,col:7`. The manifest also defines `run_checks_node_extensions` twice at lines 305 and 310; a focused Node smoke with an empty extension shard matrix produced `{"matrix":{"include":[]},"run_checks_node_extensions":true}`, proving the later `runReleaseOnlyPluginSuites` value overwrites the new `extensionShardMatrix.include.length > 0` guard.
- Impact: workflow sanity now fails for this workflow change, and the intended fix does not work. Full release validation can still run the `checks-node-extensions` aggregate when the extension shard matrix is empty, causing the aggregate to see a skipped shard job and fail.
- Suggested fix: keep only one `preflight.outputs.run_checks_node_extensions` entry, and keep only one manifest property set to `extensionShardMatrix.include.length > 0`.
- Confidence: high
## Reviewed
- Diff: `a9f58d34a28b1dcf682759fcc99bc486f5b1b8d0..a887a512ef8eded87891832611806f47a97331c7`
- Changed files: `.github/workflows/ci.yml`
- Code read: full `.github/workflows/ci.yml`, relevant `scripts/lib/extension-test-plan.mjs`, `docs/ci.md`, `docs/reference/RELEASING.md`
- Dependencies/web: no dependency changes; no web lookup needed
## Tests / Live Checks
- `pnpm docs:list`
- `git diff --check a9f58d34a28b1dcf682759fcc99bc486f5b1b8d0..a887a512ef8eded87891832611806f47a97331c7`
- `pnpm check:workflows` failed as described above
- Focused Node manifest smoke confirmed duplicate object overwrite behavior
## Limitations
- Did not run broad CI; the targeted workflow sanity check reproduced the regression directly.
```

120
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-afc4f06ca3c7.md
View File

@ -1,120 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-afc4f06ca3c7
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-afc4f06ca3c7
source: clawsweeper_commit
commit_sha: afc4f06ca3c7ffcf19db61e17601bd317b7e428f
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/afc4f06ca3c7ffcf19db61e17601bd317b7e428f.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-afc4f06ca3c7`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/afc4f06ca3c7ffcf19db61e17601bd317b7e428f
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/afc4f06ca3c7ffcf19db61e17601bd317b7e428f.md
- Latest main at intake: 1dd500c4951ce78747e260a9022325b8db61a54b
## ClawSweeper Report
```md
---
sha: afc4f06ca3c7ffcf19db61e17601bd317b7e428f
parent: 7e5d6dba80016a5d3502fa6cfc5589aa58a072af
repository: openclaw/openclaw
author: "steipete"
committer: "steipete"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T08:08:36+01:00"
commit_committed_at: "2026-04-29T08:14:08+01:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T07:19:40Z
---
# Commit afc4f06
## Summary
Found two QMD freshness regressions around the new one-shot startup path and watcher ignore matching.
## Findings
### Medium: Interval-only QMD background refresh no longer starts at gateway startup
- Kind: regression
- File: `src/gateway/server-startup-memory.ts`
- Line: 11
- Evidence: `shouldRunQmdStartupBootSync` now returns only `qmd.update.onBoot`, and `startGatewayMemoryBackend` skips manager creation when that is false. The actual periodic timers are only installed by the full QMD manager in `extensions/memory-core/src/memory/qmd-manager.ts:455`, so configs with `memory.qmd.update.onBoot=false` but `update.interval` or `update.embedInterval` enabled no longer arm those background refreshes during gateway startup. The previous predicate included `qmd.update.intervalMs > 0 || qmd.update.embedIntervalMs > 0`.
- Impact: Operators can disable boot refresh to avoid startup work while still expecting periodic QMD updates, as described by the config help for `memory.qmd.update.interval`. After this commit, those refreshes do not begin until an interactive memory manager is opened, leaving QMD indexes, session exports, or embeddings stale on idle gateways.
- Suggested fix: Keep interval/embed scheduling independent from boot sync, for example by preserving the interval/embed predicate and adding a lightweight startup mode that can arm timers without creating the full file watcher.
- Confidence: high
### Medium: Watcher ignores explicit collection roots named build/dist/vendor/.cache
- Kind: bug
- File: `extensions/memory-core/src/memory/qmd-manager.ts`
- Line: 194
- Evidence: `shouldIgnoreMemoryWatchPath` splits the absolute watched path and ignores it if any segment matches the expanded set at `extensions/memory-core/src/memory/qmd-manager.ts:80`. That means a configured collection rooted at a directory named `build`, `dist`, `vendor`, or `.cache` is ignored entirely. QMD itself ignores `**/build/**`, `**/dist/**`, etc. relative to the collection cwd; I checked `@tobilu/qmd@2.1.0` package source and verified with `fast-glob` that a collection root named `build` still indexes `notes.md`.
- Impact: Explicit QMD paths or workspaces under common directory names like `build` or `dist` can be indexed by QMD but never trigger OpenClaws watch sync, so updates are silently delayed until an interval/manual refresh.
- Suggested fix: Make the watcher ignore logic relative to each collection root, or avoid applying dependency/build segment ignores to the collection root itself.
- Confidence: high
## Reviewed
- Diff: `7e5d6dba80016a5d3502fa6cfc5589aa58a072af..afc4f06ca3c7ffcf19db61e17601bd317b7e428f`
- Changed files: `CHANGELOG.md`, `docs/concepts/memory-qmd.md`, `docs/reference/memory-config.md`, `extensions/memory-core/src/memory/qmd-manager.ts`, `extensions/memory-core/src/memory/qmd-manager.test.ts`, `src/gateway/server-startup-memory.ts`, `src/gateway/server-startup-memory.test.ts`, `src/plugins/memory-runtime.ts`, `src/plugins/memory-state.ts`
- Code read: QMD manager initialization/sync/watch paths, memory runtime manager caching, gateway startup hook, memory config resolver/help, related tests.
- Dependencies/web: inspected `@tobilu/qmd@2.1.0` package source from npm for scanner ignore semantics.
- Commands: `pnpm docs:list`; `pnpm install`; `pnpm test src/gateway/server-startup-memory.test.ts extensions/memory-core/src/memory/qmd-manager.test.ts`; `git diff --check ...`; focused `fast-glob` scanner check.
## Tests / Live Checks
- Targeted tests passed: gateway startup memory test and QMD manager test, 108 tests total.
- The focused scanner check showed QMD-style `fast-glob` ignores still include `notes.md` when the collection root itself is named `build`.
## Limitations
- No full changed gate or build was run; review used focused tests and source tracing only.
```

116
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-be445dd1c128.md
View File

@ -1,116 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-be445dd1c128
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-be445dd1c128
source: clawsweeper_commit
commit_sha: be445dd1c12840b77055965dd7da1f659236f8f4
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/be445dd1c12840b77055965dd7da1f659236f8f4.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-be445dd1c128`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/be445dd1c12840b77055965dd7da1f659236f8f4
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/be445dd1c12840b77055965dd7da1f659236f8f4.md
- Latest main at intake: be445dd1c12840b77055965dd7da1f659236f8f4
## ClawSweeper Report
```md
---
sha: be445dd1c12840b77055965dd7da1f659236f8f4
parent: 34ef403cb2a21a8013cb4bcef3d319c8b26a31cf
repository: openclaw/openclaw
author: "openclaw-clownfish[bot]"
committer: "web-flow"
github_author: openclaw-clownfish[bot]
github_committer: web-flow
co_authors: []
commit_authored_at: "2026-04-28T21:04:20-07:00"
commit_committed_at: "2026-04-28T21:04:20-07:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T04:07:38Z
---
# Commit be445dd1
## Summary
Found one concrete incomplete-fix bug: the merged normalizer handles leading `U+FFFD/U+FFFE/U+FFFF/FEFF`, but the linked issue and carried-forward PR evidence also describe leading C0/C1 control bytes from `imsg` attributedBody extraction. Those still miss the echo cache and can re-trigger duplicate/looping iMessage replies.
## Findings
### Medium: Leading control-byte echo corruption is still not normalized
- Kind: bug
- File: `extensions/imessage/src/monitor/echo-cache.ts`
- Line: 25
- Evidence: `LEADING_ATTRIBUTED_BODY_CORRUPTION_MARKERS` only matches `\uFEFF`, `\uFFFD`, `\uFFFE`, and `\uFFFF`. The linked issue `#59973` and carried-forward PR `#62191` both call out leading control characters as part of the attributedBody corruption; the earlier PR patch stripped `\u0000-\u001f` and `\u007f-\u009f`. A local cache smoke check on this commit returned `false` for `\u0000Delayed echo reply` while returning `true` for `\uFFFDDelayed echo reply`.
- Impact: Reflected iMessage echoes that start with a control byte still bypass dedupe, so the assistant can ingest its own outbound reply as fresh inbound text and send duplicate or recursive replies.
- Suggested fix: Extend the leading-only normalizer to include the documented C0/C1 control-byte ranges while preserving interior text, and add a focused test with a leading control byte.
- Confidence: high
## Reviewed
- Diff: `34ef403cb2a21a8013cb4bcef3d319c8b26a31cf..be445dd1c12840b77055965dd7da1f659236f8f4`
- Changed files: `CHANGELOG.md`, `extensions/imessage/src/monitor/echo-cache.ts`, `extensions/imessage/src/monitor/monitor-provider.echo-cache.test.ts`
- Code read: `extensions/AGENTS.md`, `docs/channels/imessage.md`, `extensions/imessage/src/monitor/inbound-processing.ts`, `extensions/imessage/src/monitor/deliver.ts`, `extensions/imessage/src/monitor/self-chat-cache.ts`, relevant self-chat/echo tests
- GitHub context: inspected `#59973`, `#59980`, and `#62191`
## Tests / Live Checks
- `pnpm docs:list`
- `pnpm install` after the first test attempt reported missing `vitest/package.json`
- `pnpm test extensions/imessage/src/monitor/monitor-provider.echo-cache.test.ts extensions/imessage/src/monitor/self-chat-cache.test.ts extensions/imessage/src/monitor/self-chat-dedupe.test.ts` passed: 3 files, 38 tests
- `pnpm exec tsx -e ...` cache smoke: leading `\u0000` did not match; leading `\uFFFD` matched
## Dependency / Web Checks
- No dependency changes.
- No general web lookup needed; current facts came from repo source and GitHub issue/PR metadata via `gh`.
## Limitations
- No live macOS/iMessage roundtrip was run.
```

116
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-c01244e85927.md
View File

@ -1,116 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-c01244e85927
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-c01244e85927
source: clawsweeper_commit
commit_sha: c01244e859279a2e60f50423174c94f6fc9e3e8f
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/c01244e859279a2e60f50423174c94f6fc9e3e8f.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-c01244e85927`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/c01244e859279a2e60f50423174c94f6fc9e3e8f
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/c01244e859279a2e60f50423174c94f6fc9e3e8f.md
- Latest main at intake: 2a02b3bcec6cd9443c635372e09722baad07dd5d
## ClawSweeper Report
```md
---
sha: c01244e859279a2e60f50423174c94f6fc9e3e8f
parent: bd5afadc5c7a0575093d4e15fe518fe22d9792cb
repository: openclaw/openclaw
author: "Vincent Koc"
committer: "Vincent Koc"
github_author: vincentkoc
github_committer: vincentkoc
co_authors: []
commit_authored_at: "2026-04-29T00:28:02-07:00"
commit_committed_at: "2026-04-29T00:28:02-07:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T07:42:05Z
---
# Commit c01244e
## Summary
Found one concrete CI/boundary regression. The helper behavior still works in a targeted browser test, but the new filename is still treated as channel/plugin runtime source by the raw-fetch guard, so the boundaries check now fails.
## Findings
### Medium: moved fetch helper still fails the raw-fetch boundary guard
- Kind: regression
- File: `extensions/browser/src/browser/test-support-fetch.ts`
- Line: 24
- Evidence: `test-support-fetch.ts` contains raw `fetch(...)` and `globalThis.fetch(...)` calls at lines 24 and 27. `node scripts/check-no-raw-channel-fetch.mjs` fails with:
- `extensions/browser/src/browser/test-support-fetch.ts:24`
- `extensions/browser/src/browser/test-support-fetch.ts:27`
- Impact: The commit moves the calls away from the old allowlisted file, but the guard does not skip `test-support-fetch.ts`; `scripts/run-additional-boundary-checks.mjs` includes `lint:tmp:no-raw-channel-fetch`, and `.github/workflows/ci.yml` runs that boundary group. This makes the boundary CI lane fail on this commit.
- Suggested fix: Put the helper behind an actually skipped test-helper shape, such as a `.test-harness.ts` helper imported only from tests, or update the raw-fetch guards test-file classification consistently. Avoid just leaving the raw fetch calls in a prod-scanned filename.
- Confidence: high
## Reviewed
- Diff: `bd5afadc5c7a0575093d4e15fe518fe22d9792cb..c01244e859279a2e60f50423174c94f6fc9e3e8f`
- Changed files: `extensions/browser/src/browser/test-fetch.ts`, `extensions/browser/src/browser/test-support-fetch.ts`
- Code read: changed files, browser plugin tsconfig, root extension tsconfig, raw-fetch guard, callsite guard utilities, additional boundary checks, CI boundary wiring, relevant imports/callers
- Dependencies/web: no dependency changes; no web lookup needed
## Tests / Live Checks
- `pnpm docs:list`: passed
- `pnpm install`: passed after missing local dependencies blocked the first guard run
- `node scripts/check-no-raw-channel-fetch.mjs`: failed with the two touched-file violations above
- `pnpm test extensions/browser/src/browser/server.auth-token-gates-http.test.ts`: passed, 1 file / 3 tests
- `pnpm exec oxfmt --check --threads=1 extensions/browser/src/browser/test-fetch.ts extensions/browser/src/browser/test-support-fetch.ts`: passed
- `git diff --check bd5afadc5c7a0575093d4e15fe518fe22d9792cb..c01244e859279a2e60f50423174c94f6fc9e3e8f`: passed
## Limitations
- Did not run a broad changed gate; the focused boundary check already reproduces the actionable failure.
- A direct targeted `tsgo` probe for `extensions/browser/tsconfig.json` failed early on missing generated plugin SDK declarations, so it was not used as evidence for the finding.
```

112
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-d130a77a3b1e.md
View File

@ -1,112 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-d130a77a3b1e
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-d130a77a3b1e
source: clawsweeper_commit
commit_sha: d130a77a3b1e9a66c769e55d946360350fd3f651
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/d130a77a3b1e9a66c769e55d946360350fd3f651.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-d130a77a3b1e`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/d130a77a3b1e9a66c769e55d946360350fd3f651
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/d130a77a3b1e9a66c769e55d946360350fd3f651.md
- Latest main at intake: aa1bccfe8017f8d14ce3c2a858637704b79fba6b
## ClawSweeper Report
```md
---
sha: d130a77a3b1e9a66c769e55d946360350fd3f651
parent: e27fe55aa8e345806e252c2e1d12f9a442b894d4
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T04:34:59+01:00"
commit_committed_at: "2026-04-29T04:35:03+01:00"
result: findings
confidence: high
highest_severity: low
check_conclusion: neutral
reviewed_at: 2026-04-29T03:38:20Z
---
# Commit d130a77
## Summary
The executable defaults now use `openai/gpt-5.5`, and the pinned upstream model catalog includes `gpt-5.5`, so I did not find a runtime regression in the smoke path. I did find a low-severity help-text regression: all four scripts still advertise the old `openai/gpt-5.4` default.
## Findings
### Low: Smoke script help still documents the old OpenAI default
- Kind: bug
- File: `scripts/e2e/parallels-linux-smoke.sh`
- Line: 109
- Evidence: `bash <script> --help` still prints `Default: openai/gpt-5.4 for the OpenAI lane` in all changed scripts, while the provider switch now defaults `OPENCLAW_PARALLELS_OPENAI_MODEL` to `openai/gpt-5.5` at `scripts/e2e/parallels-linux-smoke.sh:212`, `scripts/e2e/parallels-macos-smoke.sh:269`, `scripts/e2e/parallels-npm-update-smoke.sh:217`, and `scripts/e2e/parallels-windows-smoke.sh:260`.
- Impact: Operators relying on `--help` can run the OpenAI lane believing it uses `gpt-5.4` while it actually uses `gpt-5.5`, which affects expected model behavior and billing.
- Suggested fix: Update the four `usage()` blocks to say `Default: openai/gpt-5.5 for the OpenAI lane`.
- Confidence: high
## Reviewed
- Diff: `e27fe55aa8e345806e252c2e1d12f9a442b894d4..d130a77a3b1e9a66c769e55d946360350fd3f651`
- Changed files: `scripts/e2e/parallels-linux-smoke.sh`, `scripts/e2e/parallels-macos-smoke.sh`, `scripts/e2e/parallels-npm-update-smoke.sh`, `scripts/e2e/parallels-windows-smoke.sh`
- Code read: provider option parsing, `MODEL_ID` defaults, `openclaw models set` call sites, onboard/auth setup call sites, OpenAI provider defaults and catalog handling
- Dependencies/web: checked pinned `@mariozechner/pi-ai@0.70.5` tarball; it includes direct `openai` `gpt-5.5` catalog metadata. OpenAIs own release note says GPT-5.5 and GPT-5.5 Pro became API-available on April 24, 2026. ([openai.com](https://openai.com/index/introducing-gpt-5-5/))
## Tests / Live Checks
- `pnpm docs:list`
- `bash -n` on all four changed scripts
- `bash <script> --help | rg 'Default: openai/gpt-5\.'` on all four changed scripts
- `git diff --check e27fe55aa8e345806e252c2e1d12f9a442b894d4..d130a77a3b1e9a66c769e55d946360350fd3f651`
- Live Parallels smoke not run: `prlctl` unavailable and no `OPENAI_API_KEY` in env or `~/.profile`.
## Limitations
- Full Parallels E2E execution was not feasible in this runner.
```

118
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-eb7f305737f7.md
View File

@ -1,118 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-eb7f305737f7
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-eb7f305737f7
source: clawsweeper_commit
commit_sha: eb7f305737f71f19c166eb79eebc0520a2e7538a
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/eb7f305737f71f19c166eb79eebc0520a2e7538a.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-eb7f305737f7`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/eb7f305737f71f19c166eb79eebc0520a2e7538a
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/eb7f305737f71f19c166eb79eebc0520a2e7538a.md
- Latest main at intake: 2a02b3bcec6cd9443c635372e09722baad07dd5d
## ClawSweeper Report
```md
---
sha: eb7f305737f71f19c166eb79eebc0520a2e7538a
parent: c01244e859279a2e60f50423174c94f6fc9e3e8f
repository: openclaw/openclaw
author: "Vincent Koc"
committer: "Vincent Koc"
github_author: vincentkoc
github_committer: vincentkoc
co_authors: []
commit_authored_at: "2026-04-29T00:36:24-07:00"
commit_committed_at: "2026-04-29T00:36:24-07:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T07:41:59Z
---
# Commit eb7f305
## Summary
Found one merge regression in the browser test-support relocation. The new import path cannot resolve, and the raw-fetch guard still sees the helper outside the skipped `test-support/` subtree.
## Findings
### Medium: Browser test-support fetch wrapper points at a missing module
- Kind: regression
- File: `extensions/browser/src/browser/test-support/fetch.ts`
- Line: 1
- Evidence: `test-support/fetch.ts` now re-exports from `./test-support-fetch.js`, which resolves to `extensions/browser/src/browser/test-support/test-support-fetch.js`; that file does not exist. The actual helper is `extensions/browser/src/browser/test-support-fetch.ts`. A focused run of `pnpm test extensions/browser/src/browser/server.auth-token-gates-http.test.ts` fails before running tests with `Cannot find module './test-support-fetch.js' imported from extensions/browser/src/browser/test-support/fetch.ts`.
- Impact: Every browser test importing `./test-support/fetch.js` fails to load. The same merge shape also leaves the raw fetch implementation at `extensions/browser/src/browser/test-support-fetch.ts:24` and `:27`, outside the new `/test-support/` skip in `scripts/check-no-raw-channel-fetch.mjs:97`; `node scripts/check-no-raw-channel-fetch.mjs` fails on those two callsites.
- Suggested fix: Keep the implementation under `extensions/browser/src/browser/test-support/fetch.ts` or change the re-export to `../test-support-fetch.js` and update the raw-fetch guard to skip/allow the actual helper location. The cleaner fix is to keep the raw-fetch test helper inside `test-support/`, matching the guard.
- Confidence: high
## Reviewed
- Diff: `c01244e859279a2e60f50423174c94f6fc9e3e8f..eb7f305737f71f19c166eb79eebc0520a2e7538a`
- Changed files: workflow reaction policy, changelog, browser test fetch relocation, Ollama stream cancellation fix/tests, raw-fetch guard, Docker e2e harness/probe scripts, hooks README.
- Code read: changed files in full where relevant, `src/infra/net/fetch-guard.ts`, `src/utils/fetch-timeout.ts`, `scripts/lib/callsite-guard.mjs`, `scripts/lib/ts-guard-utils.mjs`, Docker e2e helper callers.
- Issue context: inspected `#74133`; the Ollama change matches the intended cancellation fix.
## Tests / Live Checks
- `pnpm docs:list`: passed.
- `pnpm install`: completed after initial test run found missing local dependencies.
- `pnpm test extensions/browser/src/browser/server.auth-token-gates-http.test.ts`: failed with missing `./test-support-fetch.js`.
- `node scripts/check-no-raw-channel-fetch.mjs`: failed on `extensions/browser/src/browser/test-support-fetch.ts:24` and `:27`.
- `pnpm test extensions/ollama/src/stream-runtime.test.ts`: passed, 67 tests.
- `git diff --check c01244e859279a2e60f50423174c94f6fc9e3e8f..eb7f305737f71f19c166eb79eebc0520a2e7538a`: passed.
## Dependency / Web Checks
- No dependency or lockfile changes.
- Used `gh issue view 74133` for referenced PR context; no external package/advisory lookup was needed.
## Limitations
- Full suite was not run; the focused browser failure is directly reproduced, and broad gates are Testbox work by repo policy.
```

113
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-f6a2cf15c09c.md
View File

@ -1,113 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-f6a2cf15c09c
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-f6a2cf15c09c
source: clawsweeper_commit
commit_sha: f6a2cf15c09c61520ea7f2af98a5554c5d100e85
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/f6a2cf15c09c61520ea7f2af98a5554c5d100e85.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-f6a2cf15c09c`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/f6a2cf15c09c61520ea7f2af98a5554c5d100e85
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/f6a2cf15c09c61520ea7f2af98a5554c5d100e85.md
- Latest main at intake: 275b0f00b079fe3f030bfc5db1b4e90ad020782a
## ClawSweeper Report
```md
---
sha: f6a2cf15c09c61520ea7f2af98a5554c5d100e85
parent: bd5afadc5c7a0575093d4e15fe518fe22d9792cb
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T08:27:57+01:00"
commit_committed_at: "2026-04-29T08:27:57+01:00"
result: findings
confidence: high
highest_severity: medium
check_conclusion: neutral
reviewed_at: 2026-04-29T07:31:55Z
---
# Commit f6a2cf15c0
## Summary
Found one CI/boundary-check regression. The moved browser test fetch helper is still scanned by the raw-fetch runtime guard, but the allowlist still points at the old path.
## Findings
### Medium: Browser test fetch move breaks the raw-fetch boundary check
- Kind: regression
- File: `extensions/browser/src/browser/test-support/fetch.ts`
- Line: 24
- Evidence: The renamed helper still contains raw fetch calls at `extensions/browser/src/browser/test-support/fetch.ts:24` and `extensions/browser/src/browser/test-support/fetch.ts:27`. `scripts/check-no-raw-channel-fetch.mjs:21` and `scripts/check-no-raw-channel-fetch.mjs:22` still allow only the removed `extensions/browser/src/browser/test-fetch.ts` path, and the shared scanner in `scripts/lib/ts-guard-utils.mjs:14` only skips test-like suffixes, not `test-support/` directories. Running `pnpm run lint:tmp:no-raw-channel-fetch` fails with:
`extensions/browser/src/browser/test-support/fetch.ts:24`
`extensions/browser/src/browser/test-support/fetch.ts:27`
- Impact: The CI additional boundary checks include `lint:tmp:no-raw-channel-fetch` via `scripts/run-additional-boundary-checks.mjs` and `.github/workflows/ci.yml:1464`, so this commit makes that boundary job fail even though the helper was intended to be kept out of runtime scanning.
- Suggested fix: Teach this guard to skip test-support helpers consistently, or rename the helper with an existing skipped suffix such as `.test-harness.ts` / `.test-support.ts`. If allowlisting is preferred, update the allowlist to the new path and remove the stale old entries.
- Confidence: high
## Reviewed
- Diff: `bd5afadc5c7a0575093d4e15fe518fe22d9792cb..f6a2cf15c09c61520ea7f2af98a5554c5d100e85`
- Changed files: 5 browser tests plus `extensions/browser/src/browser/test-fetch.ts` renamed to `extensions/browser/src/browser/test-support/fetch.ts`
- Code read: all changed files, `scripts/check-no-raw-channel-fetch.mjs`, `scripts/lib/callsite-guard.mjs`, `scripts/lib/ts-guard-utils.mjs`, `scripts/run-additional-boundary-checks.mjs`, `extensions/browser/tsconfig.json`, relevant browser docs
- Dependencies/web: no dependency files changed; no web lookup needed
## Tests / Live Checks
- `pnpm run lint:tmp:no-raw-channel-fetch` failed as described above
- `pnpm test extensions/browser/src/browser/server.agent-contract-core.test.ts extensions/browser/src/browser/server.agent-contract-form-layout-act-commands.test.ts extensions/browser/src/browser/server.auth-token-gates-http.test.ts extensions/browser/src/browser/server.evaluate-disabled-does-not-block-storage.test.ts` passed: 4 files, 39 tests
- `pnpm exec oxfmt --check --threads=1 <changed files>` passed
- `git diff --check bd5afadc5c7a0575093d4e15fe518fe22d9792cb..f6a2cf15c09c61520ea7f2af98a5554c5d100e85` passed
## Limitations
- Full suite/Testbox was not run; focused checks were sufficient to reproduce the concrete regression.
```

112
jobs/openclaw/inbox/clawsweeper-commit-openclaw-openclaw-fda8cc2a9d9a.md
View File

@ -1,112 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-commit-openclaw-openclaw-fda8cc2a9d9a
mode: autonomous
allowed_actions:
- comment
- label
- fix
- raise_pr
blocked_actions:
- close
- merge
require_human_for:
- close
- merge
canonical: []
candidates: []
cluster_refs: []
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: false
require_fix_before_close: false
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-commit-openclaw-openclaw-fda8cc2a9d9a
source: clawsweeper_commit
commit_sha: fda8cc2a9d9ab1e3b9c6a254a884e26a6e68e809
clawsweeper_report_repo: openclaw/clawsweeper
clawsweeper_report_path: records/openclaw-openclaw/commits/fda8cc2a9d9ab1e3b9c6a254a884e26a6e68e809.md
---
# ClawSweeper commit finding repair
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-commit-openclaw-openclaw-fda8cc2a9d9a`
if the finding is still valid on latest `openclaw/openclaw@main`.
## Operator Prompt
Use the ClawSweeper commit report below as the source finding. Do not redo a
broad audit of the commit. Check latest `main`, verify the reported problem is
still present, and make the narrowest safe fix. If latest `main` already fixed
it, make no code changes and report that outcome.
Do not merge. Do not close issues. Do not handle security-sensitive findings in
this lane.
## Commit Finding
- Commit: https://github.com/openclaw/openclaw/commit/fda8cc2a9d9ab1e3b9c6a254a884e26a6e68e809
- Report: https://github.com/openclaw/clawsweeper/blob/main/records/openclaw-openclaw/commits/fda8cc2a9d9ab1e3b9c6a254a884e26a6e68e809.md
- Latest main at intake: 023d3371a533266dd465c34102f86768726f173b
## ClawSweeper Report
```md
---
sha: fda8cc2a9d9ab1e3b9c6a254a884e26a6e68e809
parent: cfcb8f4edac0c570696f4ff01d1c632f52ae3c43
repository: openclaw/openclaw
author: "Peter Steinberger"
committer: "Peter Steinberger"
github_author: steipete
github_committer: steipete
co_authors: []
commit_authored_at: "2026-04-29T06:49:00+01:00"
commit_committed_at: "2026-04-29T06:49:05+01:00"
result: findings
confidence: high
highest_severity: high
check_conclusion: failure
reviewed_at: 2026-04-29T05:52:56Z
---
# Commit fda8cc2
## Summary
Found one CI regression: normal full Node CI now emits an empty extension-shard matrix, but the existing aggregate job still runs and treats the skipped shard job as a failure.
## Findings
### High: Normal CI will fail when extension shards are intentionally omitted
- Kind: regression
- File: `.github/workflows/ci.yml`
- Line: 1069
- Evidence: This commit changes `extensionShardMatrix` to `[]` unless `runReleaseOnlyPluginSuites` is true (`.github/workflows/ci.yml:232`). For normal PR/main/manual CI with `runNodeFull=true` and `full_release_validation=false`, local manifest simulation produced `run_checks_fast: true` and `extensionMatrixIncludeLength: 0`. The `checks-node-extensions` aggregate still runs on `needs.preflight.outputs.run_checks_fast == 'true'` and exits unless `needs.checks-node-extensions-shard.result` is exactly `success` (`.github/workflows/ci.yml:1069`, `.github/workflows/ci.yml:1077`). The exact push run for this SHA showed an empty dynamic matrix check named `matrix.check_name` as `skipped` and also started `checks-node-extensions` before the run was cancelled by a newer main push. GitHub documents that skipped jobs propagate through `needs` unless an `always()` conditional continues the dependent job, which is exactly what this aggregate uses. ([docs.github.com](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax))
- Impact: Normal PR/main CI can fail in the aggregate verifier even though skipping the heavy extension batch is intended, blocking unrelated changes or making the new CI policy unusable outside Full Release Validation.
- Suggested fix: Add a manifest output such as `run_checks_node_extensions: extensionShardMatrix.include.length > 0`, use it for both the shard and aggregate job, or make the aggregate accept `skipped` only when the matrix is intentionally empty. Add a workflow/manifest regression test for normal CI (`full_release_validation=false`) proving the aggregate does not fail.
- Confidence: high
## Reviewed
- Diff: `cfcb8f4edac0c570696f4ff01d1c632f52ae3c43..fda8cc2a9d9ab1e3b9c6a254a884e26a6e68e809`
- Changed files: `.github/workflows/ci.yml`, `scripts/lib/ci-node-test-plan.mjs`, `test/scripts/ci-node-test-plan.test.ts`, `docs/help/testing.md`, `.agents/skills/openclaw-testing/SKILL.md`
- Code read: full changed script/test/workflow regions, downstream CI aggregate jobs, `docs/ci.md`, `docs/help/testing.md`, `docs/reference/test.md`, `scripts/lib/extension-test-plan.mjs`, related plugin prerelease workflow test
- Dependencies/web: GitHub Actions workflow syntax docs for skipped `needs` behavior
- Commands: `pnpm docs:list`; `git diff --check`; targeted manifest `node --input-type=module`; `pnpm install`; `pnpm test test/scripts/ci-node-test-plan.test.ts -- --reporter=verbose`; `gh run list/view` for exact SHA; `actionlint` check attempted but unavailable
## Tests / Live Checks
- `pnpm test test/scripts/ci-node-test-plan.test.ts -- --reporter=verbose` passed after installing missing deps.
- Targeted manifest simulation confirmed normal CI has `extensionMatrixIncludeLength: 0` while `run_checks_fast` remains true.
- Exact-SHA GitHub push run was cancelled/superseded before aggregate completion, but it showed the empty matrix as skipped and the aggregate job starting.
## Limitations
- `actionlint` was not installed.
- I did not dispatch a new workflow or run full CI.
```

78
jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-73880.md
View File

@ -1,78 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-openclaw-openclaw-73880
mode: autonomous
allowed_actions:
- comment
- label
- close
- fix
- raise_pr
blocked_actions:
- merge
require_human_for:
- merge
canonical:
- #73880
candidates:
- #73880
cluster_refs:
- #73880
allow_instant_close: false
allow_fix_pr: true
allow_merge: false
allow_post_merge_close: true
require_fix_before_close: true
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-openclaw-openclaw-73880
source: clawsweeper
---
# ClawSweeper-promoted fix PR candidate
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-openclaw-openclaw-73880`.
## Operator Prompt
Fix openclaw/openclaw#73880 with one narrow implementation PR.
Problem: `openclaw update --channel stable --yes --no-restart --json` can succeed at updating the core package but still exit 1 because post-update plugin sync tries to update a tracked ClawHub plugin that is explicitly disabled in config, then treats a transient ClawHub 429 as a fatal `post-update-plugins` failure. Disabled tracked plugins should be no-op for post-update sync.
Expected behavior:
- Before ClawHub/npm/marketplace network calls in post-update plugin sync, determine the effective enabled state for each tracked install.
- Explicitly disabled tracked plugins must be skipped, or reported as non-fatal skipped/warning results, so they do not make a successful core update fail.
- Preserve fail-closed behavior for enabled plugin update failures, integrity drift, and real install/update failures.
- Preserve disabled-but-configured install metadata and package-id migration behavior; do not delete disabled installs or lose config.
Likely files:
- src/cli/update-cli/update-command.ts
- src/plugins/update.ts
- src/plugins/update.test.ts
- docs/cli/update.md only if user-facing failure policy text changes
Validation:
- Add regression coverage for a disabled ClawHub install record that would otherwise hit a ClawHub 429/error and prove post-update sync treats it as skipped/non-fatal.
- Add/keep coverage that enabled plugin update failures remain fatal.
- Run the narrow plugin/update test lane and `pnpm check:changed` if available.
Keep the PR small. Do not change general update failure policy beyond explicitly disabled tracked plugins. Add a changelog entry if the target repo expects one.
## Related Refs
- #73880
## Likely Files
- unknown
## Validation
- choose the narrowest repo-native validation for the touched surface
## Guardrails
- Do not merge.
- Do not close issues before a fix PR is opened, landed, or explicitly proven unnecessary.
- Keep one PR for this cluster; reuse `clownfish/clawsweeper-openclaw-openclaw-73880` if it already exists.
- Preserve contributor credit and add a changelog entry when the target repo expects one.

109
jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-73964-73872.md
View File

@ -1,109 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: clawsweeper-openclaw-openclaw-73964-73872
mode: autonomous
allowed_actions:
- comment
- label
- close
- fix
- raise_pr
blocked_actions:
- merge
require_human_for:
- merge
canonical:
- #73964
candidates:
- #73964
- #73872
cluster_refs:
- #73964
- #73872
allow_instant_close: false
allow_fix_pr: true
allow_broad_fix_artifacts: true
allow_merge: false
allow_unmerged_fix_close: false
allow_post_merge_close: true
require_fix_before_close: true
security_policy: central_security_only
security_sensitive: false
target_branch: clownfish/clawsweeper-openclaw-openclaw-73964-73872
source: clawsweeper
---
# ClawSweeper-promoted fix PR candidate
ProjectClownfish should create or update one implementation PR from `clownfish/clawsweeper-openclaw-openclaw-73964-73872`.
## Operator Prompt
Create a narrow replacement PR for openclaw/openclaw based on the useful lifecycle portion of PR #73964.
Context:
- Source PR #73964 is open but stale and mixed. It includes private sensitive-command routing work plus one gateway lifecycle-loader build fix.
- The private routing work was already merged separately as PR #73872 (`Route sensitive group commands to the owner privately`, merge commit `4aa8da375659f34914d243ef4c0bb532d17f591b`). Do not re-implement or re-land that part here.
- Current target should be latest `origin/main`, observed at `ab39f2b272a1f794d0cb4ed2aed78a9e763be889` during maintainer triage.
- PR #73964 head is `9ea4916905ef0496c462a9647674cffeefea9361` and merge-base with current main is old (`d3683a61c5f8b7a42e66c291d6646dd67eafc1a5`), so do not merge or replay the whole branch.
Bug / desired behavior:
- Gateway restart/shutdown paths use lazy dynamic imports from `src/cli/gateway-cli/run-loop.ts`.
- Those modules can be loaded late during shutdown, restart, respawn, diagnostic bundle writing, process command queue cleanup, or runtime cleanup.
- If the installed package is rebuilt or updated and only hash-named chunks exist, late dynamic imports can fail because the old chunk filenames are no longer present.
- The lifecycle modules that can be reached late should have stable package dist entries in `tsdown.config.ts`, so runtime imports resolve through stable `dist/<entry>.js` files rather than transient hash chunks.
Implementation target:
- Add a focused helper to `tsdown.config.ts` for gateway lifecycle lazy entries.
- Include every first-hop lazy loader from `src/cli/gateway-cli/run-loop.ts` that is used during restart/shutdown/lifecycle handling:
- `agents/pi-embedded-runner/runs`: `src/agents/pi-embedded-runner/runs.ts`
- `config/config`: `src/config/config.ts`
- `infra/process-respawn`: `src/infra/process-respawn.ts`
- `infra/restart`: `src/infra/restart.ts`
- `infra/restart-sentinel`: `src/infra/restart-sentinel.ts`
- `infra/supervisor-markers`: `src/infra/supervisor-markers.ts`
- `logging/diagnostic-stability-bundle`: `src/logging/diagnostic-stability-bundle.ts`
- `plugins/bundled-runtime-deps-activity`: `src/plugins/bundled-runtime-deps-activity.ts`
- `process/command-queue`: `src/process/command-queue.ts`
- `tasks/runtime-internal`: `src/tasks/runtime-internal.ts`
- If current main still has other late lifecycle dynamic imports that are not listed above, include them too, but do not add unrelated entries.
- Current main already has `config/config` indirectly via Docker E2E harness entries. Still include it in the lifecycle helper/test so the lifecycle contract owns that requirement explicitly. Avoid churn if a duplicate key with the same source path would be noisy; the final unified entry map must include it with the same source.
- Preserve the current `run-loop.ts` logic on main, especially the bounded restart deferral behavior that calls `resolveGatewayRestartDeferralTimeoutMs`.
- Do not touch private command routing files, docs, changelog, Telegram tests, or other files from the stale PR unless absolutely necessary for this lifecycle-only fix.
Tests:
- Extend `src/infra/tsdown-config.test.ts` to assert that gateway lifecycle lazy loader modules have stable entries in the unified dist graph.
- Prefer a drift-catching test that derives or at least centrally lists the lifecycle loaders from current `run-loop.ts`, including `config/config`.
- Keep test scope focused on the build entry contract.
Validation:
- Run `pnpm test src/infra/tsdown-config.test.ts`.
- Run `pnpm build` if feasible because this changes the build graph / published dist entries.
- If a broad gate is needed, use the repo's Testbox policy rather than heavy local validation.
PR hygiene:
- Create a replacement Clownfish PR against current `main`; do not edit the source contributor branch directly.
- Credit PR #73964 in the new PR body as source context.
- Preserve the source author `pashpashpash` as co-author if the implementation uses their lifecycle idea/code.
- Do not merge the replacement PR automatically.
- Do not close or comment on PR #73964 unless the deterministic replacement workflow requires a superseded-source comment after the replacement PR exists.
## Related Refs
- #73964
- #73872
## Likely Files
- unknown
## Validation
- choose the narrowest repo-native validation for the touched surface
## Guardrails
- Do not merge.
- Do not close issues before a fix PR is opened, landed, or explicitly proven unnecessary.
- Keep one PR for this cluster; reuse `clownfish/clawsweeper-openclaw-openclaw-73964-73872` if it already exists.
- Preserve contributor credit and add a changelog entry when the target repo expects one.

233
jobs/openclaw/inbox/gitcrawl-1-dedupe-only-20260429-remote.md
View File

@ -1,233 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-1-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#69236"
candidates:
- "#60551"
- "#64316"
- "#64819"
- "#66063"
- "#66755"
- "#67461"
- "#67586"
- "#67916"
- "#68418"
- "#68669"
- "#68765"
- "#69201"
- "#69346"
- "#69363"
- "#69394"
- "#69943"
- "#69961"
- "#70347"
- "#70418"
- "#70664"
- "#70681"
- "#70734"
- "#70824"
- "#70900"
cluster_refs:
- "#55983"
- "#57707"
- "#60551"
- "#62008"
- "#64316"
- "#64380"
- "#64819"
- "#65554"
- "#65979"
- "#66054"
- "#66063"
- "#66407"
- "#66755"
- "#67326"
- "#67461"
- "#67586"
- "#67790"
- "#67799"
- "#67916"
- "#68157"
- "#68339"
- "#68418"
- "#68471"
- "#68669"
- "#68765"
- "#68991"
- "#69201"
- "#69236"
- "#69278"
- "#69346"
- "#69363"
- "#69394"
- "#69834"
- "#69920"
- "#69943"
- "#69961"
- "#70037"
- "#70053"
- "#70066"
- "#70067"
- "#70068"
- "#70071"
- "#70088"
- "#70089"
- "#70101"
- "#70104"
- "#70139"
- "#70142"
- "#70250"
- "#70301"
- "#70347"
- "#70360"
- "#70364"
- "#70367"
- "#70389"
- "#70417"
- "#70418"
- "#70465"
- "#70534"
- "#70619"
- "#70664"
- "#70665"
- "#70681"
- "#70734"
- "#70743"
- "#70772"
- "#70808"
- "#70816"
- "#70824"
- "#70860"
- "#70900"
- "#70947"
- "#70975"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #69236 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 1 on 2026-04-29."
---
# Gitcrawl Cluster 1
Generated from local gitcrawl run cluster 1 for `openclaw/openclaw`.
Display title:
> fix(agents): exclude volatile inbound metadata from CLI session reuse hash (#68471)
Cluster shape from gitcrawl:
- total members: 73
- issues: 23
- pull requests: 50
- open candidates in local store: 24
- representative: #69236, currently closed in local store
- latest member update: 2026-04-29T11:09:44.776113908Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #55983 sessions: tree visibility honors spawn lineage before cross-agent gate [AI assisted with amp code]
- #57707 feat: support all file types as webchat attachments
- #62008 fix: preserve audio transcription multipart and upload filenames
- #64380 Agents/CLI backends: exclude inbound-meta from CLI session-reuse hash
- #65554 Jdc4429 media support v2 - Updated to work with latest version 2026.4.11
- #65979 fix(cron): normalize missing persisted job state
- #66054 fix(cron): guard against missing job.state in start() (#66016)
- #66407 fix(acp): bypass ACP dispatch for /acp text commands in bound threads
- #67326 fix: Issue 67056 image runtime headers
- #67790 fix(agents): make sessions_spawn mode=session errors actionable when thread binding is unavailable (#67400)
- #67799 [Bug] sessions_spawn fails with gateway closed (1008): pairing required - scope-upgrade to operator.admin
- #68157 [Bug] Cron isolated agentTurn: "already-running" survives restart, run history always empty
- #68339 fix(nvidia): wire onboarding auth and document NIM endpoint
- #68471 [Bug]: Heartbeat triggers unnecessary `cli session reset: reason=system-prompt` every 30 minutes
- #68991 fix(auto-reply): don't persist automatic fallback runtime as next-turn selected model
- #69236 fix(agents): exclude volatile inbound metadata from CLI session reuse hash (#68471)
- #69278 fix(agents): stop injecting heartbeat system prompt on non-heartbeat runs (#69079)
- #69834 fix(cron): validate delivery.channel ambiguity at add/edit time
- #69920 Unhandled promise rejection: Agent listener invoked outside active run
- #70037 fix(agents): preserve CLI session across heartbeat runs and gateway restarts
- #70053 sub-agent dispatch: in-process spawn hits gateway pairing gate (no in-process lane shortcut)
- #70066 [Plan Mode 2/6] Core backend MVP
- #70067 [Plan Mode 3/6] Advanced plan interactions
- #70068 [Plan Mode 4/6] Web UI + i18n
- #70071 [Plan Mode FULL] Integrated bundle for testing (Parts 1\u20136 + automation + executing-state lifecycle)
- #70088 [Plan Mode INJECTIONS] Typed pending-injection queue foundation
- #70089 [Plan Mode AUTOMATION] Cron nudges + auto-enable + subagent follow-ups
- #70101 [Plan Mode] Master tracker for the 9-PR upstream rollout
- #70104 [Bug]: Dreaming REM phase re-pins to stale corpus after state reset; signal pipeline never accumulates hits (0 promoted every night)
- #70139 gateway/chat.send: attachment branch race — chatAbortControllers check/set separated by image+media I/O spawns duplicate agent runs
- #70142 fix(gateway): re-check chatAbortControllers after attachment parse (protect user abort pathway)
- #70250 feat(openai-responses): add llmStateful incremental transmission via previous_response_id
- #70301 fix(qqbot): auth-gate bot approve command
- #70360 Cron: jobs without sessionTarget crash with TypeError in assertSupportedJobSpec (load path bypasses normalize defaulter)
- #70364 [Bug]: MCP child process leak: sessions_send via gateway never calls disposeSessionMcpRuntime
- #70367 fix(cron): default missing sessionTarget on load and guard assertSupportedJobSpec
- #70389 Subagent bundle-MCP runtimes can leak stdio child processes across sessions
- #70417 Heartbeat runs defeat their own cache-keep-alive purpose via tool-set and system-prompt divergence
- #70465 fix(gateway): cleanup MCP runtime for nested-lane agent runs to plug sessions_send leak (#70364)
- #70534 [Bug]: Dreaming fallback triggers constantly when using named agent (agents/<name>/sessions/ path not recognized)
- #70619 [Bug]: isolated cron run session rows can inherit stale lifecycle fields (status/startedAt/endedAt) from prior runs
- #70665 fix(discord): repair ACP child thread binding
- #70743 [codex] Harden GPT-5.4 runtime paths
- #70772 [codex] Add Pi/Codex harness extension seams
- #70808 [Bug] Gateway never disposes stdio MCP runtimes on session end — child processes accumulate
- #70816 fix(agents): preserve explicit input modalities through provider merge (#70557)
- #70860 [Bug]: ACP Claude sessions leave orphaned processes after completion (memory leak)
- #70947 fix(webchat): support non-image file attachments
- #70975 Beta blocker: ollama - qwen3.5:9b produces garbage output under full agent system prompt
Open candidates:
- #60551 Strip leaked reasoning preambles before outbound send
- #64316 fix(agents): release bundle MCP runtime on mid-run session reset
- #64819 feat(cli): add --spawn flag for isolated subagent sessions
- #66063 fix(cron): guard legacy jobs without state on startup
- #66755 fix(auto-reply): detect silent NO_REPLY wrapped in model reasoning
- #67461 Gateway leaks undici sockets on every streamed Anthropic API call (buildManagedResponse missing finalize on GC)
- #67586 fix: register AbortController for agent RPC runs so chat.abort works
- #67916 fix(ui): don't block local attachments before bootstrap roots load
- #68418 fix(agents): unpack typed-block delta.content arrays in openai-completions stream
- #68669 fix(agents): dedupe subagent browser session cleanup wrapper with dispatch flag
- #68765 fix(gateway): preserve chat history across compaction checkpoint chains
- #69201 fix(delivery-context): drop fallback threadId on `to` mismatch and orphan-threadId merges
- #69346 fix(embedded-runner): actionable diagnostic for empty-stream config errors
- #69363 fix(agents): ignore SessionStart hook session_ids when resuming claude-cli
- #69394 fix(auto-reply): suppress entire payload when trailing NO_REPLY token present
- #69943 [Bug]: session-memory hook persists raw chat-template tokens and unparsed tool calls — re-injected context creates self-reinforcing poisoning loop, agents emit role tokens / NO_REPLY across all subsequent /new sessions
- #69961 fix(hooks/session-memory): sanitize chat-template tokens + tool_call XML before persisting (closes #69943)
- #70347 Cron outer timeout should emit lifecycle.error so sessions.json finalizes immediately
- #70418 Proposal: Cache TTL Warmer — preserve Anthropic prompt-cache across idle periods independent of heartbeats
- #70664 [Bug]: [macOS] findGatewayPidsOnPortSync drops all PIDs due to lsof p_comm vs argv[0] mismatch
- #70681 fix(infra/restart): verify gateway PIDs via ps argv on Unix, not lsof p_comm
- #70734 [Bug]: Fresh-session `[object Object]` hallucination persists after session/database wipe on fix branch for #69079
- #70824 fix: merge mode no longer drops image attachments when one provider lacks apiKey
- #70900 fix(runner): gate surface_error throw on failoverFailure

70
jobs/openclaw/inbox/gitcrawl-10014-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10014-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#59022"
candidates:
- "#59022"
cluster_refs:
- "#59022"
- "#62609"
- "#64252"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #59022 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10014 on 2026-04-29."
---
# Gitcrawl Cluster 10014
Generated from local gitcrawl run cluster 10014 for `openclaw/openclaw`.
Display title:
> [Gateway] A2UI host not reachable
Cluster shape from gitcrawl:
- total members: 3
- issues: 3
- pull requests: 0
- open candidates in local store: 1
- representative: #59022, currently open in local store
- latest member update: 2026-04-28T05:49:57.944573688Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #62609 macOS Canvas default A2UI home fails with Unauthorized / A2UI_HOST_UNAVAILABLE under loopback + Tailscale Serve
- #64252 [Bug]: UNAVAILABLE: A2UI_HOST_UNAVAILABLE
Open candidates:
- #59022 [Gateway] A2UI host not reachable

70
jobs/openclaw/inbox/gitcrawl-10073-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10073-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#59210"
candidates:
- "#59210"
cluster_refs:
- "#59210"
- "#61884"
- "#61902"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #59210 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10073 on 2026-04-29."
---
# Gitcrawl Cluster 10073
Generated from local gitcrawl run cluster 10073 for `openclaw/openclaw`.
Display title:
> docs(whatsapp): clarify remote QR pairing limitations
Cluster shape from gitcrawl:
- total members: 3
- issues: 0
- pull requests: 3
- open candidates in local store: 1
- representative: #59210, currently open in local store
- latest member update: 2026-04-27T22:51:36.264417592Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #61884 Updated doc with more clear instructions
- #61902 Updated doc with more clear instructions this is a issue for new users as there is no instruction or clear indication on how to use it
Open candidates:
- #59210 docs(whatsapp): clarify remote QR pairing limitations

70
jobs/openclaw/inbox/gitcrawl-10140-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10140-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#59429"
candidates:
- "#59429"
cluster_refs:
- "#59429"
- "#63090"
- "#67789"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #59429 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10140 on 2026-04-29."
---
# Gitcrawl Cluster 10140
Generated from local gitcrawl run cluster 10140 for `openclaw/openclaw`.
Display title:
> feat: add claude-memory-optimizer skill
Cluster shape from gitcrawl:
- total members: 3
- issues: 0
- pull requests: 3
- open candidates in local store: 1
- representative: #59429, currently open in local store
- latest member update: 2026-04-25T17:12:54.212Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #63090 feat: add memory-layer skill
- #67789 feat(skill): add willow-memory-health ClawHub skill
Open candidates:
- #59429 feat: add claude-memory-optimizer skill

70
jobs/openclaw/inbox/gitcrawl-10227-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10227-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#59726"
candidates:
- "#58313"
cluster_refs:
- "#58313"
- "#59726"
- "#61247"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #59726 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 10227 on 2026-04-29."
---
# Gitcrawl Cluster 10227
Generated from local gitcrawl run cluster 10227 for `openclaw/openclaw`.
Display title:
> test: Add unit tests for utility functions
Cluster shape from gitcrawl:
- total members: 3
- issues: 0
- pull requests: 3
- open candidates in local store: 1
- representative: #59726, currently closed in local store
- latest member update: 2026-04-27T22:51:36.448577289Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #59726 test: Add unit tests for utility functions
- #61247 fix(utils): add missing test coverage for sliceUtf16Safe and truncateUtf16Safe
Open candidates:
- #58313 test(infra): add unit tests for semver-compare version utilities

70
jobs/openclaw/inbox/gitcrawl-10251-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10251-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#59782"
candidates:
- "#59782"
- "#68457"
cluster_refs:
- "#59782"
- "#68457"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #59782 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10251 on 2026-04-30."
---
# Gitcrawl Cluster 10251
Generated from local gitcrawl run cluster 10251 for `openclaw/openclaw`.
Display title:
> feat: Add silentErrorReplies / suppressAgentErrors support for WhatsApp channel
Cluster shape from gitcrawl:
- total members: 2
- issues: 2
- pull requests: 0
- open candidates in local store: 2
- representative: #59782, currently open in local store
- latest member update: 2026-04-28T18:04:42.573138603Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #59782 feat: Add silentErrorReplies / suppressAgentErrors support for WhatsApp channel
- #68457 Add channels.whatsapp.silentErrorReplies (parity with Telegram)

75
jobs/openclaw/inbox/gitcrawl-10267-dedupe-only-20260429-remote.md
View File

@ -1,75 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10267-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#59857"
candidates:
- "#44168"
- "#59857"
cluster_refs:
- "#38366"
- "#43985"
- "#44168"
- "#44945"
- "#59857"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #59857 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10267 on 2026-04-29."
---
# Gitcrawl Cluster 10267
Generated from local gitcrawl run cluster 10267 for `openclaw/openclaw`.
Display title:
> fix: cool down flaky upstream ws-stream handshakes
Cluster shape from gitcrawl:
- total members: 5
- issues: 0
- pull requests: 5
- open candidates in local store: 2
- representative: #59857, currently open in local store
- latest member update: 2026-04-28T04:44:23.825049177Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #38366 fix(openai-ws): guard against malformed content entries in message conversion
- #43985 fix(agents): skip tool calls without valid name on model switch
- #44945 fix(agents): avoid stale websocket continuation parent
Open candidates:
- #44168 fix(agents): guard OpenAI WS first response timeouts
- #59857 fix: cool down flaky upstream ws-stream handshakes

73
jobs/openclaw/inbox/gitcrawl-10287-dedupe-only-20260429-remote.md
View File

@ -1,73 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10287-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#59897"
candidates:
- "#59897"
- "#69491"
- "#70821"
cluster_refs:
- "#59897"
- "#69491"
- "#70821"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #59897 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10287 on 2026-04-29."
---
# Gitcrawl Cluster 10287
Generated from local gitcrawl run cluster 10287 for `openclaw/openclaw`.
Display title:
> fix(amazon-bedrock): enable assistant-first ordering fix for non-Claude models [AI-assisted]
Cluster shape from gitcrawl:
- total members: 3
- issues: 0
- pull requests: 3
- open candidates in local store: 3
- representative: #59897, currently open in local store
- latest member update: 2026-04-24T18:56:23.228Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #59897 fix(amazon-bedrock): enable assistant-first ordering fix for non-Claude models [AI-assisted]
- #69491 feat(amazon-bedrock): forward default Anthropic betas through the bedrock-converse stream route
- #70821 fix(amazon-bedrock): expose xhigh thinking for Claude Opus 4.7

70
jobs/openclaw/inbox/gitcrawl-10299-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10299-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#59913"
candidates:
- "#59913"
- "#62070"
cluster_refs:
- "#59913"
- "#62070"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #59913 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10299 on 2026-04-30."
---
# Gitcrawl Cluster 10299
Generated from local gitcrawl run cluster 10299 for `openclaw/openclaw`.
Display title:
> OpenAI compat gateway images bypass sanitization/resize, hit Anthropic 5MB limit
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #59913, currently open in local store
- latest member update: 2026-04-28T18:04:42.560215371Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #59913 OpenAI compat gateway images bypass sanitization/resize, hit Anthropic 5MB limit
- #62070 fix: sanitize OpenAI compat gateway images and surface streaming errors

85
jobs/openclaw/inbox/gitcrawl-10342-dedupe-only-20260429-remote.md
View File

@ -1,85 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10342-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#60325"
candidates:
- "#55121"
- "#60047"
cluster_refs:
- "#55121"
- "#55846"
- "#56719"
- "#56724"
- "#57554"
- "#60047"
- "#60058"
- "#60325"
- "#62832"
- "#68296"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #60325 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 10342 on 2026-04-29."
---
# Gitcrawl Cluster 10342
Generated from local gitcrawl run cluster 10342 for `openclaw/openclaw`.
Display title:
> fix: accept read path aliases in diagnostic guard
Cluster shape from gitcrawl:
- total members: 10
- issues: 0
- pull requests: 10
- open candidates in local store: 2
- representative: #60325, currently closed in local store
- latest member update: 2026-04-27T22:51:36.941751644Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #55846 feat: INFO-level tool call observability with duration and redacted args
- #56719 fix(agents): check all accepted parameter names in read tool path warning
- #56724 fix: check all accepted parameter names for read tool path validation
- #57554 fix: tool parameter validation diagnostics and read path alias coverage
- #60058 fix(pi): use resolvePathArg for read tool path alias in handler
- #60325 fix: accept read path aliases in diagnostic guard
- #62832 fix: add "file" param alias to tool display path resolution
- #68296 fix(agents): add file and filePath aliases to read tool diagnostic path check
Open candidates:
- #55121 fix(tool-display): show file path when args use file alias
- #60047 fix: add 'file' param alias to resolvePathArg for verbose tool summaries

77
jobs/openclaw/inbox/gitcrawl-10404-dedupe-only-20260429-remote.md
View File

@ -1,77 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10404-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#60247"
candidates:
- "#50887"
- "#59076"
- "#60247"
- "#68442"
cluster_refs:
- "#50887"
- "#59076"
- "#60247"
- "#63315"
- "#68442"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #60247 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10404 on 2026-04-29."
---
# Gitcrawl Cluster 10404
Generated from local gitcrawl run cluster 10404 for `openclaw/openclaw`.
Display title:
> Control UI: JSON parse error on streaming Chinese/CJK content (UTF-8 multi-byte boundary split)
Cluster shape from gitcrawl:
- total members: 5
- issues: 5
- pull requests: 0
- open candidates in local store: 4
- representative: #60247, currently open in local store
- latest member update: 2026-04-28T18:04:42.536457849Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #63315 Control UI: JSON parse error when tool output contains multiline strings or special characters
Open candidates:
- #50887 [Bug]: Streaming Chinese character corruption - random single characters replaced with U+FFFD
- #59076 JSON parse error leaked to Discord when streaming tool calls with long CJK text
- #60247 Control UI: JSON parse error on streaming Chinese/CJK content (UTF-8 multi-byte boundary split)
- #68442 UI chat freeze when edit tool is called with non-ASCII characters in oldText/newText

70
jobs/openclaw/inbox/gitcrawl-10424-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10424-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#60335"
candidates:
- "#60335"
- "#60353"
cluster_refs:
- "#60335"
- "#60353"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #60335 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10424 on 2026-04-30."
---
# Gitcrawl Cluster 10424
Generated from local gitcrawl run cluster 10424 for `openclaw/openclaw`.
Display title:
> Slack: thread replies re-attach parent message media on every reply
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #60335, currently open in local store
- latest member update: 2026-04-24T18:56:24.160Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #60335 Slack: thread replies re-attach parent message media on every reply
- #60353 fix(slack): never hydrate thread starter media for thread replies

70
jobs/openclaw/inbox/gitcrawl-10439-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10439-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#60388"
candidates:
- "#60388"
- "#62682"
cluster_refs:
- "#60388"
- "#62682"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #60388 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10439 on 2026-04-30."
---
# Gitcrawl Cluster 10439
Generated from local gitcrawl run cluster 10439 for `openclaw/openclaw`.
Display title:
> Don't trigger model fallback when abort reason is the run's own timeout budget
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #60388, currently open in local store
- latest member update: 2026-04-28T18:04:42.524653371Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #60388 Don't trigger model fallback when abort reason is the run's own timeout budget
- #62682 fix(agents): distinguish terminal aborts from retryable failures (#60388)

72
jobs/openclaw/inbox/gitcrawl-1051-dedupe-only-20260429-remote.md
View File

@ -1,72 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-1051-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#69879"
candidates:
- "#70630"
cluster_refs:
- "#48475"
- "#69879"
- "#69888"
- "#70630"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #69879 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 1051 on 2026-04-29."
---
# Gitcrawl Cluster 1051
Generated from local gitcrawl run cluster 1051 for `openclaw/openclaw`.
Display title:
> Fix/telegram humandelay
Cluster shape from gitcrawl:
- total members: 4
- issues: 0
- pull requests: 4
- open candidates in local store: 1
- representative: #69879, currently closed in local store
- latest member update: 2026-04-27T22:51:34.014849167Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #48475 [AI-assisted] Telegram: clear status reactions after terminal states
- #69879 Fix/telegram humandelay
- #69888 Fix/chat bubble copy padding
Open candidates:
- #70630 fix(telegram): keep no-visible direct turns silent

73
jobs/openclaw/inbox/gitcrawl-10539-dedupe-only-20260429-remote.md
View File

@ -1,73 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10539-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#60695"
candidates:
- "#62503"
- "#67841"
cluster_refs:
- "#48497"
- "#60695"
- "#62503"
- "#67841"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #60695 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 10539 on 2026-04-29."
---
# Gitcrawl Cluster 10539
Generated from local gitcrawl run cluster 10539 for `openclaw/openclaw`.
Display title:
> Add initial devcontainer configuration
Cluster shape from gitcrawl:
- total members: 4
- issues: 0
- pull requests: 4
- open candidates in local store: 2
- representative: #60695, currently closed in local store
- latest member update: 2026-04-28T11:40:36.218928708Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #48497 Create apisec-scan.ymlapi scan
- #60695 Add initial devcontainer configuration
Open candidates:
- #62503 feat: add devcontainer for cross-platform development
- #67841 Add Dev Container, Benchmarking & SBOM workflows

70
jobs/openclaw/inbox/gitcrawl-10712-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10712-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#61192"
candidates:
- "#61192"
- "#62441"
cluster_refs:
- "#61192"
- "#62441"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #61192 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10712 on 2026-04-30."
---
# Gitcrawl Cluster 10712
Generated from local gitcrawl run cluster 10712 for `openclaw/openclaw`.
Display title:
> [Bug]: Telegram forum topic: 400 invalid_request_body with OpenAI models due to unsanitized name field in chat history
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #61192, currently open in local store
- latest member update: 2026-04-28T18:04:42.442802022Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #61192 [Bug]: Telegram forum topic: 400 invalid_request_body with OpenAI models due to unsanitized name field in chat history
- #62441 fix: sanitize sender name for model API compatibility

77
jobs/openclaw/inbox/gitcrawl-1075-dedupe-only-20260429-remote.md
View File

@ -1,77 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-1075-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#69979"
candidates:
- "#34528"
- "#66406"
cluster_refs:
- "#34528"
- "#40952"
- "#41020"
- "#53887"
- "#66406"
- "#69979"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #69979 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 1075 on 2026-04-29."
---
# Gitcrawl Cluster 1075
Generated from local gitcrawl run cluster 1075 for `openclaw/openclaw`.
Display title:
> [Bug] Feishu reaction returns HTTP 400 - emoji reaction fails while text send works
Cluster shape from gitcrawl:
- total members: 6
- issues: 6
- pull requests: 0
- open candidates in local store: 2
- representative: #69979, currently closed in local store
- latest member update: 2026-04-28T22:51:07.228074361Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #40952 [Feature]: Slack statusReactions support (lifecycle reaction parity with Telegram/Discord)
- #41020 [Feature Request] Feishu message reactions (emoji responses)
- #53887 Feature: Status Reactions support for Feishu/Lark channel
- #69979 [Bug] Feishu reaction returns HTTP 400 - emoji reaction fails while text send works
Open candidates:
- #34528 Feishu: reaction message_id with suffix causes 400 error on API calls
- #66406 [Bug]: Feishu reactions API 返回 reaction type is invalid (code: 231001)

70
jobs/openclaw/inbox/gitcrawl-10968-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-10968-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#62099"
candidates:
- "#62099"
- "#67077"
cluster_refs:
- "#62099"
- "#67077"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #62099 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 10968 on 2026-04-30."
---
# Gitcrawl Cluster 10968
Generated from local gitcrawl run cluster 10968 for `openclaw/openclaw`.
Display title:
> EPERM on auth-profiles.json causes full gateway failure cascade (Windows)
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #62099, currently open in local store
- latest member update: 2026-04-27T22:51:29.004263954Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #62099 EPERM on auth-profiles.json causes full gateway failure cascade (Windows)
- #67077 fix(auth-profiles): make post-success bookkeeping saves non-fatal

70
jobs/openclaw/inbox/gitcrawl-11010-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11010-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#62267"
candidates:
- "#62267"
cluster_refs:
- "#41486"
- "#45597"
- "#62267"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #62267 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 11010 on 2026-04-29."
---
# Gitcrawl Cluster 11010
Generated from local gitcrawl run cluster 11010 for `openclaw/openclaw`.
Display title:
> Performance: Slow Ollama qwen3:14b prompt ingestion in long-context OpenClaw runs
Cluster shape from gitcrawl:
- total members: 3
- issues: 3
- pull requests: 0
- open candidates in local store: 1
- representative: #62267, currently open in local store
- latest member update: 2026-04-28T07:04:52.260652102Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #41486 Ollama cron jobs: lightContext mode still sends large system prompt, causing timeouts on small local models
- #45597 [Bug]: Recurring Ollama context overflow errors - prompt too long
Open candidates:
- #62267 Performance: Slow Ollama qwen3:14b prompt ingestion in long-context OpenClaw runs

70
jobs/openclaw/inbox/gitcrawl-111-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-111-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#39298"
candidates:
- "#39365"
cluster_refs:
- "#39298"
- "#39365"
- "#48869"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #39298 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 111 on 2026-04-29."
---
# Gitcrawl Cluster 111
Generated from local gitcrawl run cluster 111 for `openclaw/openclaw`.
Display title:
> Docs: Document `openclaw system event` as the programmatic agent wake mechanism
Cluster shape from gitcrawl:
- total members: 3
- issues: 2
- pull requests: 1
- open candidates in local store: 1
- representative: #39298, currently closed in local store
- latest member update: 2026-04-27T22:51:35.824419253Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #39298 Docs: Document `openclaw system event` as the programmatic agent wake mechanism
- #48869 Docs: Wakeup Script Best Practices — Avoid Silent Agent Wake Failures
Open candidates:
- #39365 docs: add system events recipes page for programmatic agent wake

75
jobs/openclaw/inbox/gitcrawl-11116-dedupe-only-20260429-remote.md
View File

@ -1,75 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11116-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#62551"
candidates:
- "#41657"
- "#63905"
cluster_refs:
- "#41657"
- "#50129"
- "#62551"
- "#63905"
- "#67676"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #62551 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 11116 on 2026-04-29."
---
# Gitcrawl Cluster 11116
Generated from local gitcrawl run cluster 11116 for `openclaw/openclaw`.
Display title:
> [Bug]: Agent is not being able to read files that were sent on Slack
Cluster shape from gitcrawl:
- total members: 5
- issues: 5
- pull requests: 0
- open candidates in local store: 2
- representative: #62551, currently closed in local store
- latest member update: 2026-04-28T21:55:43.813739568Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #50129 Slack connector silently drops file attachments in DM messages
- #62551 [Bug]: Agent is not being able to read files that were sent on Slack
- #67676 Slack: file_id and url_private dropped from inbound file_shared events
Open candidates:
- #41657 Slack: Include file attachment metadata in inbound message delivery to agents
- #63905 bug(slack): inbound attachments in container sandbox fail with placeholder-only turn and fetch error 'invalid onRequestStart method'

70
jobs/openclaw/inbox/gitcrawl-11247-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11247-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#62981"
candidates:
- "#62981"
- "#66646"
cluster_refs:
- "#62981"
- "#66646"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #62981 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 11247 on 2026-04-30."
---
# Gitcrawl Cluster 11247
Generated from local gitcrawl run cluster 11247 for `openclaw/openclaw`.
Display title:
> session file locked when gateway times out and falls back to embedded runner
Cluster shape from gitcrawl:
- total members: 2
- issues: 2
- pull requests: 0
- open candidates in local store: 2
- representative: #62981, currently open in local store
- latest member update: 2026-04-28T19:37:21.879687975Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #62981 session file locked when gateway times out and falls back to embedded runner
- #66646 [Bug]: Session file lock errors cascade through model fallback chain

71
jobs/openclaw/inbox/gitcrawl-1125-dedupe-only-20260429-remote.md
View File

@ -1,71 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-1125-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#70151"
candidates:
- "#61020"
- "#67662"
cluster_refs:
- "#61020"
- "#67662"
- "#70151"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #70151 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 1125 on 2026-04-29."
---
# Gitcrawl Cluster 1125
Generated from local gitcrawl run cluster 1125 for `openclaw/openclaw`.
Display title:
> Avoid false empty-turn failures when the assistant reply lands late
Cluster shape from gitcrawl:
- total members: 3
- issues: 0
- pull requests: 3
- open candidates in local store: 2
- representative: #70151, currently closed in local store
- latest member update: 2026-04-28T07:04:52.079079764Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #70151 Avoid false empty-turn failures when the assistant reply lands late
Open candidates:
- #61020 fix(pi-embedded-runner): scope lastAssistant to current turn to prevent stale response replay on idle timeout
- #67662 fix(run): preserve model-scoped cooldown writes on incomplete turns

70
jobs/openclaw/inbox/gitcrawl-11263-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11263-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#63019"
candidates:
- "#56498"
cluster_refs:
- "#45756"
- "#56498"
- "#63019"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #63019 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 11263 on 2026-04-29."
---
# Gitcrawl Cluster 11263
Generated from local gitcrawl run cluster 11263 for `openclaw/openclaw`.
Display title:
> bug(control-ui): WhatsApp relink can stay stuck on logging in even when backend wait succeeds
Cluster shape from gitcrawl:
- total members: 3
- issues: 3
- pull requests: 0
- open candidates in local store: 1
- representative: #63019, currently closed in local store
- latest member update: 2026-04-28T05:49:57.67385852Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #45756 WhatsApp QR login hangs after scan — 515 restart not handled in startWebLoginWithQr
- #63019 bug(control-ui): WhatsApp relink can stay stuck on logging in even when backend wait succeeds
Open candidates:
- #56498 [Bug]: unable to connect WhatsApp and Telegram accounts

70
jobs/openclaw/inbox/gitcrawl-11278-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11278-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#63069"
candidates:
- "#63069"
- "#63082"
cluster_refs:
- "#63069"
- "#63082"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #63069 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 11278 on 2026-04-30."
---
# Gitcrawl Cluster 11278
Generated from local gitcrawl run cluster 11278 for `openclaw/openclaw`.
Display title:
> [Bug]: hell completion writes to wrong profile path when ZDOTDIR or XDG_CONFIG_HOME is set
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #63069, currently open in local store
- latest member update: 2026-04-29T20:41:59.894720156Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #63069 [Bug]: hell completion writes to wrong profile path when ZDOTDIR or XDG_CONFIG_HOME is set
- #63082 fix(cli): respect ZDOTDIR and XDG_CONFIG_HOME in shell completion pro…

70
jobs/openclaw/inbox/gitcrawl-11359-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11359-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#63265"
candidates:
- "#63265"
- "#63268"
cluster_refs:
- "#63265"
- "#63268"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #63265 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 11359 on 2026-04-30."
---
# Gitcrawl Cluster 11359
Generated from local gitcrawl run cluster 11359 for `openclaw/openclaw`.
Display title:
> [Bug]: `openclaw doctor --fix` creates minimal config at /root/.openclaw/ that silently overrides real config, breaking elevated permissions
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #63265, currently open in local store
- latest member update: 2026-04-28T22:51:07.284682881Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #63265 [Bug]: `openclaw doctor --fix` creates minimal config at /root/.openclaw/ that silently overrides real config, breaking elevated permissions
- #63268 fix(doctor): warn when config path diverges from running gateway

70
jobs/openclaw/inbox/gitcrawl-11370-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11370-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#63308"
candidates:
- "#63308"
- "#64699"
cluster_refs:
- "#63308"
- "#64699"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #63308 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 11370 on 2026-04-30."
---
# Gitcrawl Cluster 11370
Generated from local gitcrawl run cluster 11370 for `openclaw/openclaw`.
Display title:
> sessions_send schema encourages invalid sessionKey+label calls
Cluster shape from gitcrawl:
- total members: 2
- issues: 2
- pull requests: 0
- open candidates in local store: 2
- representative: #63308, currently open in local store
- latest member update: 2026-04-27T22:51:29.097667663Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #63308 sessions_send schema encourages invalid sessionKey+label calls
- #64699 [Bug]: sessions_send unexpectedly injects label, causing mutual-exclusion error with sessionKey

77
jobs/openclaw/inbox/gitcrawl-11625-dedupe-only-20260429-remote.md
View File

@ -1,77 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11625-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#64060"
candidates:
- "#50994"
- "#52858"
- "#64060"
- "#66543"
cluster_refs:
- "#49979"
- "#50994"
- "#52858"
- "#64060"
- "#66543"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #64060 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 11625 on 2026-04-29."
---
# Gitcrawl Cluster 11625
Generated from local gitcrawl run cluster 11625 for `openclaw/openclaw`.
Display title:
> fix: cron text payload silently ignores model override
Cluster shape from gitcrawl:
- total members: 5
- issues: 0
- pull requests: 5
- open candidates in local store: 4
- representative: #64060, currently open in local store
- latest member update: 2026-04-28T22:51:07.258791311Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #49979 fix(cron): preserve nested object properties in payload normalization
Open candidates:
- #50994 fix(cron): preserve empty expr field instead of silently deleting
- #52858 [Bug] Fix legacy systemEvent cron payloads loaded with message instead of text
- #64060 fix: cron text payload silently ignores model override
- #66543 fix(cron): strip internal whitespace from model IDs in cron job normalization

70
jobs/openclaw/inbox/gitcrawl-11867-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11867-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#64783"
candidates:
- "#64783"
- "#64820"
cluster_refs:
- "#64783"
- "#64820"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #64783 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 11867 on 2026-04-30."
---
# Gitcrawl Cluster 11867
Generated from local gitcrawl run cluster 11867 for `openclaw/openclaw`.
Display title:
> [Bug]: ReferenceError: Cannot access 'utils_1' before initialization when mentioning bot in Feishu group
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #64783, currently open in local store
- latest member update: 2026-04-27T22:51:29.432541511Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #64783 [Bug]: ReferenceError: Cannot access 'utils_1' before initialization when mentioning bot in Feishu group
- #64820 fix(feishu): break circular module init causing ReferenceError on group mention

90
jobs/openclaw/inbox/gitcrawl-11913-dedupe-only-20260429-remote.md
View File

@ -1,90 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11913-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#64905"
candidates:
- "#48623"
- "#57281"
- "#58565"
cluster_refs:
- "#47720"
- "#48548"
- "#48623"
- "#54073"
- "#55862"
- "#57281"
- "#58565"
- "#62412"
- "#64905"
- "#68241"
- "#70973"
- "#71126"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #64905 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 11913 on 2026-04-29."
---
# Gitcrawl Cluster 11913
Generated from local gitcrawl run cluster 11913 for `openclaw/openclaw`.
Display title:
> [Bug]: Cached auth-profile failure state (cooldown) persists across gateway restarts — stale backoff causes silent primary bypass
Cluster shape from gitcrawl:
- total members: 12
- issues: 12
- pull requests: 0
- open candidates in local store: 3
- representative: #64905, currently closed in local store
- latest member update: 2026-04-28T21:55:43.66696921Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #47720 [Bug]: HTTP 401/403 misclassified as rate_limit with exponential cooldown — no self-recovery path
- #48548 [Bug]: Auth profile cooldown not propagating across concurrent subagents (77 redundant 401s)
- #54073 anthropic-vertex: built-in provider not registered in models.json — 'Unknown model' at startup, 404 at runtime
- #55862 [BUG] Gateway stuck in retry loop after provider outage — no self-recovery
- #62412 [Bug]: New sessions inherit authProfileOverride from cooldown/rate-limited backup profile instead of using default
- #64905 [Bug]: Cached auth-profile failure state (cooldown) persists across gateway restarts — stale backoff causes silent primary bypass
- #68241 [Bug]: claude-opus-4-7 rejected as "Unknown model" on 2026.4.15 despite being in codebase and accepted by Anthropic API
- #70973 [Bug]: CLI sessions: Gemini CLI not covered by Claude CLI session persistence fixes (#69679 / #70106 / #70132) — gateway restart still mints a fresh conversation
- #71126 [Bug]: Gemini model usage can lock the gateway/session loop until gateway restart
Open candidates:
- #48623 Auth profile failover: lastGood not respected for ordering + shared timeout budget causes cascade failures
- #57281 Auth profile failover blocked by file lock contention on rate_limit errors
- #58565 Auth profile failover should differentiate 401 (dead key) from 429/529 (transient)

70
jobs/openclaw/inbox/gitcrawl-11942-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-11942-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#64993"
candidates:
- "#64993"
- "#67376"
cluster_refs:
- "#64993"
- "#67376"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #64993 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 11942 on 2026-04-30."
---
# Gitcrawl Cluster 11942
Generated from local gitcrawl run cluster 11942 for `openclaw/openclaw`.
Display title:
> [Security] High: MCP loopback scope spoofing via mutable request headers
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #64993, currently open in local store
- latest member update: 2026-04-28T07:04:52.127225649Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #64993 [Security] High: MCP loopback scope spoofing via mutable request headers
- #67376 fix(gateway): bind loopback MCP scope to per-backend bearer token (#64993)

74
jobs/openclaw/inbox/gitcrawl-12021-dedupe-only-20260429-remote.md
View File

@ -1,74 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12021-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#65238"
candidates:
- "#53242"
cluster_refs:
- "#53242"
- "#65238"
- "#65660"
- "#67773"
- "#68218"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #65238 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 12021 on 2026-04-29."
---
# Gitcrawl Cluster 12021
Generated from local gitcrawl run cluster 12021 for `openclaw/openclaw`.
Display title:
> [Bug]: [chat.history omitted: message too large] placeholder appears frequently in webchat since 2026.4.11
Cluster shape from gitcrawl:
- total members: 5
- issues: 5
- pull requests: 0
- open candidates in local store: 1
- representative: #65238, currently closed in local store
- latest member update: 2026-04-28T07:04:52.38851308Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #65238 [Bug]: [chat.history omitted: message too large] placeholder appears frequently in webchat since 2026.4.11
- #65660 [Bug]: Persisted TTS audio base64 blobs inflate context token estimate, causing compaction death spiral and session restart
- #67773 WebChat: TTS audio blobs stored inline cause chat.history placeholder noise
- #68218 TTS audio base64 stored inline in session history causes immediate context overflow
Open candidates:
- #53242 Bug: chat.history truncates long assistant messages at 12k chars even when they fit the history budget

70
jobs/openclaw/inbox/gitcrawl-12088-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12088-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#65419"
candidates:
- "#65419"
cluster_refs:
- "#65419"
- "#67644"
- "#67924"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #65419 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12088 on 2026-04-29."
---
# Gitcrawl Cluster 12088
Generated from local gitcrawl run cluster 12088 for `openclaw/openclaw`.
Display title:
> fix(exec): skip script preflight validation when elevated=full
Cluster shape from gitcrawl:
- total members: 3
- issues: 0
- pull requests: 3
- open candidates in local store: 1
- representative: #65419, currently open in local store
- latest member update: 2026-04-27T22:51:29.245054948Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #67644 fix: avoid python preflight false positives for $ tokens in string literals
- #67924 fix(exec): tolerate inside Python/JS string literals during preflight
Open candidates:
- #65419 fix(exec): skip script preflight validation when elevated=full

70
jobs/openclaw/inbox/gitcrawl-12089-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12089-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#65422"
candidates:
- "#69249"
cluster_refs:
- "#52112"
- "#65422"
- "#69249"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #65422 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 12089 on 2026-04-29."
---
# Gitcrawl Cluster 12089
Generated from local gitcrawl run cluster 12089 for `openclaw/openclaw`.
Display title:
> Slack threads do not reliably auto-recover after gateway restart
Cluster shape from gitcrawl:
- total members: 3
- issues: 3
- pull requests: 0
- open candidates in local store: 1
- representative: #65422, currently closed in local store
- latest member update: 2026-04-28T05:49:58.2848884Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #52112 Discord: Thread context lost on gateway restart — no ThreadHistoryBody parity with Slack
- #65422 Slack threads do not reliably auto-recover after gateway restart
Open candidates:
- #69249 Gateway restart can silently abort an in-flight Discord turn, with no automatic recovery message to the user

70
jobs/openclaw/inbox/gitcrawl-12126-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12126-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#65522"
candidates:
- "#65522"
- "#66395"
cluster_refs:
- "#65522"
- "#66395"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #65522 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12126 on 2026-04-30."
---
# Gitcrawl Cluster 12126
Generated from local gitcrawl run cluster 12126 for `openclaw/openclaw`.
Display title:
> Control UI: refreshing chat data during an active turn can stall the run and wedge the page/gateway
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #65522, currently open in local store
- latest member update: 2026-04-30T00:06:34.458162116Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #65522 Control UI: refreshing chat data during an active turn can stall the run and wedge the page/gateway
- #66395 Fix/disable refresh during active turn

70
jobs/openclaw/inbox/gitcrawl-12245-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12245-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#65860"
candidates:
- "#65860"
- "#65939"
cluster_refs:
- "#65860"
- "#65939"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #65860 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12245 on 2026-04-30."
---
# Gitcrawl Cluster 12245
Generated from local gitcrawl run cluster 12245 for `openclaw/openclaw`.
Display title:
> [Bug]: Error message references nonexistent docs anchor `tools/plugin#runtime-helpers`
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #65860, currently open in local store
- latest member update: 2026-04-27T22:51:33.762573164Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #65860 [Bug]: Error message references nonexistent docs anchor `tools/plugin#runtime-helpers`
- #65939 fix(gateway): point fallback override guidance to valid docs page

74
jobs/openclaw/inbox/gitcrawl-12255-dedupe-only-20260429-remote.md
View File

@ -1,74 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12255-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#65894"
candidates:
- "#52261"
- "#53459"
- "#65894"
cluster_refs:
- "#52261"
- "#53459"
- "#65894"
- "#68702"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #65894 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12255 on 2026-04-29."
---
# Gitcrawl Cluster 12255
Generated from local gitcrawl run cluster 12255 for `openclaw/openclaw`.
Display title:
> fix: add local build context to docker-compose
Cluster shape from gitcrawl:
- total members: 4
- issues: 0
- pull requests: 4
- open candidates in local store: 3
- representative: #65894, currently open in local store
- latest member update: 2026-04-27T22:51:33.756058885Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #68702 fix(docker): enable host.docker.internal for local providers
Open candidates:
- #52261 1. add WAHA comments
- #53459 fix(config): replace hardcoded API keys with env var substitution
- #65894 fix: add local build context to docker-compose

70
jobs/openclaw/inbox/gitcrawl-12355-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12355-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#66208"
candidates:
- "#66210"
cluster_refs:
- "#66208"
- "#66209"
- "#66210"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #66208 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 12355 on 2026-04-29."
---
# Gitcrawl Cluster 12355
Generated from local gitcrawl run cluster 12355 for `openclaw/openclaw`.
Display title:
> feat(m365): add calendar copilot approvals
Cluster shape from gitcrawl:
- total members: 3
- issues: 0
- pull requests: 3
- open candidates in local store: 1
- representative: #66208, currently closed in local store
- latest member update: 2026-04-27T22:51:37.024747665Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #66208 feat(m365): add calendar copilot approvals
- #66209 feat(m365): add Outlook triage approvals
Open candidates:
- #66210 feat(msteams): add thread copilot approvals

70
jobs/openclaw/inbox/gitcrawl-12406-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12406-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#66429"
candidates:
- "#66429"
- "#66844"
cluster_refs:
- "#66429"
- "#66844"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #66429 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12406 on 2026-04-30."
---
# Gitcrawl Cluster 12406
Generated from local gitcrawl run cluster 12406 for `openclaw/openclaw`.
Display title:
> fix(memory): allow capability fallback lookup for missing runtime embedding provider
Cluster shape from gitcrawl:
- total members: 2
- issues: 0
- pull requests: 2
- open candidates in local store: 2
- representative: #66429, currently open in local store
- latest member update: 2026-04-24T18:56:21.168Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #66429 fix(memory): allow capability fallback lookup for missing runtime embedding provider
- #66844 fix(memory): recognize ollama as valid embedding provider

70
jobs/openclaw/inbox/gitcrawl-12445-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12445-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#66535"
candidates:
- "#66535"
- "#66894"
cluster_refs:
- "#66535"
- "#66894"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #66535 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12445 on 2026-04-30."
---
# Gitcrawl Cluster 12445
Generated from local gitcrawl run cluster 12445 for `openclaw/openclaw`.
Display title:
> [Bug]: /compact command cannot be canceled while in progress
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #66535, currently open in local store
- latest member update: 2026-04-27T22:51:29.035733793Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #66535 [Bug]: /compact command cannot be canceled while in progress
- #66894 Fix #66535: wire up abort signal for /compact command

70
jobs/openclaw/inbox/gitcrawl-12496-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12496-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#66744"
candidates:
- "#66744"
- "#66761"
cluster_refs:
- "#66744"
- "#66761"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #66744 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12496 on 2026-04-30."
---
# Gitcrawl Cluster 12496
Generated from local gitcrawl run cluster 12496 for `openclaw/openclaw`.
Display title:
> HTTP /v1/chat/completions fails: provider?.models?.some is not a function
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #66744, currently open in local store
- latest member update: 2026-04-27T22:51:27.610042925Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #66744 HTTP /v1/chat/completions fails: provider?.models?.some is not a function
- #66761 fix(models): guard provider.models against non-array values (#66744)

71
jobs/openclaw/inbox/gitcrawl-12535-dedupe-only-20260429-remote.md
View File

@ -1,71 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12535-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#66862"
candidates:
- "#66862"
- "#69426"
cluster_refs:
- "#66862"
- "#69426"
- "#70863"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #66862 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12535 on 2026-04-29."
---
# Gitcrawl Cluster 12535
Generated from local gitcrawl run cluster 12535 for `openclaw/openclaw`.
Display title:
> fix: return 1M context for Anthropic Opus/Sonnet 4 without requiring context1m flag
Cluster shape from gitcrawl:
- total members: 3
- issues: 0
- pull requests: 3
- open candidates in local store: 2
- representative: #66862, currently open in local store
- latest member update: 2026-04-27T22:51:38.944357106Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #70863 fix: enable claude-cli 1m context override
Open candidates:
- #66862 fix: return 1M context for Anthropic Opus/Sonnet 4 without requiring context1m flag
- #69426 agents/context: unlock context1m on proxied Anthropic 1M-capable models (#69353)

72
jobs/openclaw/inbox/gitcrawl-1255-dedupe-only-20260429-remote.md
View File

@ -1,72 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-1255-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#70546"
candidates:
- "#54559"
cluster_refs:
- "#34574"
- "#54559"
- "#60111"
- "#70546"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #70546 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 1255 on 2026-04-29."
---
# Gitcrawl Cluster 1255
Generated from local gitcrawl run cluster 1255 for `openclaw/openclaw`.
Display title:
> loopDetection: generic_repeat detector only emits warning, never blocks execution
Cluster shape from gitcrawl:
- total members: 4
- issues: 4
- pull requests: 0
- open candidates in local store: 1
- representative: #70546, currently closed in local store
- latest member update: 2026-04-28T04:44:24.719752552Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #34574 loopDetection does not catch repeated exec tool calls
- #60111 [Bug]: `generic_repeat` loop detector never escalates to blocking — `criticalThreshold` has no effect
- #70546 loopDetection: generic_repeat detector only emits warning, never blocks execution
Open candidates:
- #54559 loopDetection: genericRepeat detector never escalates to critical — tools blocked only by warn-level only

77
jobs/openclaw/inbox/gitcrawl-12558-dedupe-only-20260429-remote.md
View File

@ -1,77 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12558-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#66943"
candidates:
- "#55788"
- "#55986"
cluster_refs:
- "#41489"
- "#55788"
- "#55986"
- "#66943"
- "#66955"
- "#69073"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #66943 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 12558 on 2026-04-29."
---
# Gitcrawl Cluster 12558
Generated from local gitcrawl run cluster 12558 for `openclaw/openclaw`.
Display title:
> feat: add SenseAudio audio transcription provider
Cluster shape from gitcrawl:
- total members: 6
- issues: 0
- pull requests: 6
- open candidates in local store: 2
- representative: #66943, currently closed in local store
- latest member update: 2026-04-27T22:51:38.806257982Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #41489 feat(media): add AssemblyAI audio transcription provider
- #66943 feat: add SenseAudio audio transcription provider
- #66955 feat: add SenseAudio music generation provider
- #69073 Add @openclaw/speech-hands-provider: self-reflection ASR media-understanding provider
Open candidates:
- #55788 Fix/OpenAI codex audio media understanding
- #55986 Add OpenRouter audio transcription support

70
jobs/openclaw/inbox/gitcrawl-12608-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12608-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#67088"
candidates:
- "#67088"
- "#67115"
cluster_refs:
- "#67088"
- "#67115"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #67088 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12608 on 2026-04-30."
---
# Gitcrawl Cluster 12608
Generated from local gitcrawl run cluster 12608 for `openclaw/openclaw`.
Display title:
> [Bug]: openclaw dashboard falsely reports “No GUI detected” on macOS when SSH_* env vars are present (for example Tailscale SSH / reused shell)
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #67088, currently open in local store
- latest member update: 2026-04-28T07:04:52.142087354Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #67088 [Bug]: openclaw dashboard falsely reports “No GUI detected” on macOS when SSH_* env vars are present (for example Tailscale SSH / reused shell)
- #67115 fix #67088: detect GUI on macOS correctly when SSH env vars are present

70
jobs/openclaw/inbox/gitcrawl-12645-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12645-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#67192"
candidates:
- "#67192"
- "#67203"
cluster_refs:
- "#67192"
- "#67203"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #67192 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12645 on 2026-04-30."
---
# Gitcrawl Cluster 12645
Generated from local gitcrawl run cluster 12645 for `openclaw/openclaw`.
Display title:
> [Bug]: Mistral reasoning (/think) crashes channel with [object object] due to missing stream wrapper
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #67192, currently open in local store
- latest member update: 2026-04-27T22:51:28.992925146Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #67192 [Bug]: Mistral reasoning (/think) crashes channel with [object object] due to missing stream wrapper
- #67203 fix(mistral): handle content blocks array in reasoning stream

71
jobs/openclaw/inbox/gitcrawl-12706-dedupe-only-20260429-remote.md
View File

@ -1,71 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12706-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#67399"
candidates:
- "#58726"
- "#66010"
cluster_refs:
- "#58726"
- "#66010"
- "#67399"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #67399 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 12706 on 2026-04-29."
---
# Gitcrawl Cluster 12706
Generated from local gitcrawl run cluster 12706 for `openclaw/openclaw`.
Display title:
> Circuit breaker for repeated tool failures in agent loop
Cluster shape from gitcrawl:
- total members: 3
- issues: 3
- pull requests: 0
- open candidates in local store: 2
- representative: #67399, currently closed in local store
- latest member update: 2026-04-28T17:25:21.419541134Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #67399 Circuit breaker for repeated tool failures in agent loop
Open candidates:
- #58726 Loop detector should hard-abort agent after N identical tool calls, not just warn
- #66010 [improvement] Sub-agent cascade circuit breaker for multi-agent team reliability

70
jobs/openclaw/inbox/gitcrawl-12734-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12734-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#67478"
candidates:
- "#67478"
- "#67509"
cluster_refs:
- "#67478"
- "#67509"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #67478 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12734 on 2026-04-30."
---
# Gitcrawl Cluster 12734
Generated from local gitcrawl run cluster 12734 for `openclaw/openclaw`.
Display title:
> [Bug]: 1-Click Droplet has no guard against running openclaw as root — causes state corruption, crash loop, and backup failures
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #67478, currently open in local store
- latest member update: 2026-04-29T23:07:50.982215792Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #67478 [Bug]: 1-Click Droplet has no guard against running openclaw as root — causes state corruption, crash loop, and backup failures
- #67509 fix: add root guard to prevent CLI execution as root (#67478)

70
jobs/openclaw/inbox/gitcrawl-12738-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12738-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#67488"
candidates:
- "#67488"
- "#67551"
cluster_refs:
- "#67488"
- "#67551"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #67488 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12738 on 2026-04-30."
---
# Gitcrawl Cluster 12738
Generated from local gitcrawl run cluster 12738 for `openclaw/openclaw`.
Display title:
> Cron job result serialization fails on special characters in edit tool arguments
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #67488, currently open in local store
- latest member update: 2026-04-28T07:04:52.104213682Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #67488 Cron job result serialization fails on special characters in edit tool arguments
- #67551 Fix #67488: Handle Unicode smart quotes in tool call argument JSON

70
jobs/openclaw/inbox/gitcrawl-12748-dedupe-only-20260429d.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12748-dedupe-only-20260429d
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#67511"
candidates:
- "#67511"
- "#71135"
cluster_refs:
- "#67511"
- "#71135"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: false
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #67511 is open; worker must verify it is still the best live canonical."
notes: "Generated from gitcrawl run cluster 12748 on 2026-04-30."
---
# Gitcrawl Cluster 12748
Generated from local gitcrawl run cluster 12748 for `openclaw/openclaw`.
Display title:
> Persist per-session working context across compact/new flows
Cluster shape from gitcrawl:
- total members: 2
- issues: 1
- pull requests: 1
- open candidates in local store: 2
- representative: #67511, currently open in local store
- latest member update: 2026-04-28T17:25:21.41322248Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- none
Open candidates:
- #67511 Persist per-session working context across compact/new flows
- #71135 feat(agents): add session working-context capsule (MVP for #67511)

70
jobs/openclaw/inbox/gitcrawl-12776-dedupe-only-20260429-remote.md
View File

@ -1,70 +0,0 @@
---
repo: openclaw/openclaw
cluster_id: gitcrawl-12776-dedupe-only-20260429-remote
mode: autonomous
allowed_actions:
- comment
- label
- close
blocked_actions:
- force_push
- bypass_checks
- merge
- fix
- raise_pr
require_human_for:
- security_sensitive
- failing_checks
- conflicting_prs
- unclear_canonical
- broad_code_delta
canonical:
- "#67601"
candidates:
- "#68774"
cluster_refs:
- "#67442"
- "#67601"
- "#68774"
security_policy: central_security_only
security_sensitive: false
allow_instant_close: true
allow_fix_pr: false
allow_merge: false
allow_post_merge_close: false
require_fix_before_close: false
canonical_hint: "gitcrawl representative #67601 is closed; worker must verify whether an open canonical should replace it."
notes: "Generated from gitcrawl run cluster 12776 on 2026-04-29."
---
# Gitcrawl Cluster 12776
Generated from local gitcrawl run cluster 12776 for `openclaw/openclaw`.
Display title:
> fix(memory-core): stop dreaming from promoting transport metadata
Cluster shape from gitcrawl:
- total members: 3
- issues: 1
- pull requests: 2
- open candidates in local store: 1
- representative: #67601, currently closed in local store
- latest member update: 2026-04-28T05:49:58.772840418Z
## Goal
Run one live autonomous classification pass. Classify open candidates only, verify live GitHub state, choose the current canonical issue or PR if the representative is obsolete, and emit only high-confidence planned close/comment/label actions. Closed context refs are evidence only and must not receive close actions.
## Member Inventory
Closed context refs:
- #67442 [Bug]: Dreaming can promote transport/session metadata into MEMORY.md as durable memory
- #67601 fix(memory-core): stop dreaming from promoting transport metadata
Open candidates:
- #68774 fix(memory-core): prevent staged dream candidates from leaking into MEMORY.md

Some files were not shown because too many files have changed in this diff Show More