| .agents/skills/projectclownfish-cluster-worker | ||
| .github/workflows | ||
| .projectclownfish/runs | ||
| closed/openclaw | ||
| docs | ||
| instructions | ||
| jobs/openclaw | ||
| prompts | ||
| results | ||
| schemas | ||
| scripts | ||
| .env.example | ||
| .gitignore | ||
| AGENTS.md | ||
| apply-report.json | ||
| package.json | ||
| README.md | ||
🐠 Project Clownfish
ProjectClownfish is a conservative OpenClaw maintainer tool for one-cluster issue and PR cleanup.
It takes a curated GitHub issue/PR cluster, asks a Codex worker to classify the items, and applies only narrow, auditable cleanup actions when the evidence is strong. This compliments the pre-pass work on clawsweeper and act as the second-pass intent based cluster resolution.
Allowed automated close reasons:
- duplicate of a clear canonical thread
- superseded by a clear canonical thread
- fixed by a specific candidate fix
Manual backlog-cleanup jobs may also use
instructions/low-signal-prs.md for
drive-by PRs that are clearly blank-template, docs-only discoverability churn,
test-only coverage spam, refactor-only noise, third-party capabilities that
belong on ClawHub, risky unapproved infra, or dirty branches. This policy is
opt-in per job and should return needs_human for plausible bug fixes or
anything with active maintainer signal.
Everything else stays open or is escalated for maintainer review.
Security-sensitive clusters are deliberately out of scope. Anything that smells like a vulnerability, advisory, leaked secret, credential/token exposure, plaintext secret storage, SSRF/XSS/CSRF/RCE, security-class injection, or sensitive-data exposure is skipped at import time and routed to central OpenClaw security handling. ProjectClownfish is a backlog cleanup tool, not a security triage queue.
Status
ProjectClownfish is intentionally smaller than ClawSweeper. ClawSweeper scans the whole OpenClaw backlog on a cadence; ProjectClownfish handles targeted clusters that were already grouped by a human, ghcrawl, or another dedupe tool.
Cluster discovery currently comes from vincentkoc/ghcrawl. That repository is expected to migrate into the OpenClaw organization soon.
The default workflow is proposal-first. It does not comment or close unless a job is explicitly promoted and the deterministic applicator confirms live GitHub state has not changed.
Dashboard
Last dashboard update: Apr 26, 2026, 03:05 UTC
State: Failed clusters need inspection
Scope: 57 latest cluster reports. Run attempts are tracked as audit history only.
| Metric | Count | Rate |
|---|---|---|
| Latest clusters reviewed | 57 | 100% |
| Clean completed clusters | 14 | 24.6% |
| Needs-human clusters | 42 | 73.7% |
| Latest successful clusters | 48 | 84.2% |
| Latest failed clusters | 9 | 15.8% |
| Latest cancelled clusters | 0 | 0.0% |
| Run attempts archived | 77 | audit |
| Distinct PRs touched | 222 | 100% |
| Open PRs tracked | 193 | 86.9% |
| Closed unmerged PRs tracked | 23 | 10.4% |
| Completed close actions | 22 | 59.5% |
| Completed merge actions | 0 | 0.0% |
| Duplicate closes | 22 | 100.0% |
| Superseded closes | 0 | 0.0% |
| Fixed-by-candidate closes | 0 | 0.0% |
| Low-signal PR closes | 0 | 0.0% |
| Blocked mutation attempts | 15 | 40.5% |
| Skipped mutation attempts | 0 | 0.0% |
Latest ProjectClownfish Closures
| Target | Type | Title | Closed | Action | Cluster | Report | Run |
|---|---|---|---|---|---|---|---|
| #54429 | issue | Gateway Service Installation Failure: Missing systemd Service File | Apr 26, 2026, 03:04 UTC | close_duplicate | ghcrawl-166002-agentic-merge | report | 24946559138 |
| #67622 | issue | [Feature Request] Support file/image upload in browser Control UI (webchat) | Apr 26, 2026, 03:03 UTC | close_duplicate | ghcrawl-165992-agentic-merge | report | 24946558493 |
| #63094 | issue | [Feature Request] WebChat/Control UI support file upload | Apr 26, 2026, 03:03 UTC | close_duplicate | ghcrawl-165992-agentic-merge | report | 24946558493 |
| #56298 | issue | [Feature Request] Webchat supports image/attachment upload in UI | Apr 26, 2026, 03:03 UTC | close_duplicate | ghcrawl-165992-agentic-merge | report | 24946558493 |
| #43242 | issue | [Feature Request] Add file upload support to Control UI (Web) | Apr 26, 2026, 03:03 UTC | close_duplicate | ghcrawl-165992-agentic-merge | report | 24946558493 |
| #41992 | issue | [Feature Request] WebChat file upload support | Apr 26, 2026, 03:03 UTC | close_duplicate | ghcrawl-165992-agentic-merge | report | 24946558493 |
| #67406 | issue | image tool doesn't recognise Ollama cloud vision models | Apr 25, 2026, 19:58 UTC | close_duplicate | ghcrawl-143816-autonomous-smoke | report | 24939009401 |
| #66758 | issue | Image tool fails with 'Unknown model' for all ollama/ provider models despite #59943 fix | Apr 25, 2026, 19:57 UTC | close_duplicate | ghcrawl-143816-autonomous-smoke | report | 24939009401 |
| #65832 | issue | [Bug]: image tool fails with custom provider — ModelRegistry doesn't recognize custom providers from models.json | Apr 25, 2026, 19:57 UTC | close_duplicate | ghcrawl-143816-autonomous-smoke | report | 24939009401 |
| #70180 | issue | Bug: Image tool reports 'Unknown model' for all custom providers | Apr 25, 2026, 19:57 UTC | close_duplicate | ghcrawl-143816-autonomous-smoke | report | 24939009401 |
| #71133 | issue | memory-core: narrative session cleanup fails with missing scope: operator.admin | Apr 25, 2026, 19:53 UTC | close_duplicate | ghcrawl-143819-autonomous-smoke | report | 24939011554 |
| #70395 | issue | memory-core dreaming cleanup requires operator.admin and logs failure despite successful promotion | Apr 25, 2026, 19:53 UTC | close_duplicate | ghcrawl-143819-autonomous-smoke | report | 24939011554 |
| #70353 | issue | memory-core: dreaming subagent lacks operator.admin to delete its own session | Apr 25, 2026, 19:53 UTC | close_duplicate | ghcrawl-143819-autonomous-smoke | report | 24939011554 |
| #69886 | issue | memory-core narrative session cleanup fails with missing scope: operator.admin | Apr 25, 2026, 19:53 UTC | close_duplicate | ghcrawl-143819-autonomous-smoke | report | 24939011554 |
| #67029 | issue | [Bug]: memory-core dreaming: narrative session cleanup fails with missing scope operator.admin | Apr 25, 2026, 19:53 UTC | close_duplicate | ghcrawl-143819-autonomous-smoke | report | 24939011554 |
| #50691 | issue | openclaw status reports missing operator.read while gateway is healthy; gateway probe times out on same loopback endpoint | Apr 25, 2026, 19:46 UTC | close_duplicate | ghcrawl-143815-autonomous-smoke | report | 24939008778 |
| #50541 | issue | [Bug]: CLI cannot connect to Gateway (missing scope: operator.read) - Downgrade to 2026.3.11 works | Apr 25, 2026, 19:46 UTC | close_duplicate | ghcrawl-143815-autonomous-smoke | report | 24939008778 |
| #70373 | issue | Control UI shows async exec system events inline as if authored by the user | Apr 25, 2026, 19:45 UTC | close_duplicate | ghcrawl-143804-autonomous-smoke | report | 24939000666 |
| #65153 | issue | [Bug] Telegram media download blocked - resolves to private IP | Apr 25, 2026, 19:44 UTC | close_duplicate | ghcrawl-143805-autonomous-smoke | report | 24939001644 |
| #64750 | issue | WhatsApp message.send returns success but drops attachments and delivers text only | Apr 25, 2026, 19:44 UTC | close_duplicate | ghcrawl-143814-autonomous-smoke | report | 24939007967 |
| #69920 | issue | Unhandled promise rejection: Agent listener invoked outside active run | Apr 25, 2026, 18:35 UTC | close_duplicate | ghcrawl-143799-autonomous-smoke | report | 24937679258 |
| #65285 | issue | Gateway crashes with "Agent listener invoked outside active run" | Apr 25, 2026, 18:35 UTC | close_duplicate | ghcrawl-143799-autonomous-smoke | report | 24937679258 |
How It Works
Each cluster job:
- Starts from one markdown job file under
jobs/. - Hydrates the listed issue/PR refs and first-hop linked refs.
- Builds a cluster plan and fix artifact for autonomous jobs.
- Runs Codex with repo-local policy prompts and JSON output schema in a read-only sandbox.
- Writes structured run artifacts under
.projectclownfish/runs/. - Reviews the worker artifact with deterministic safety checks.
- Executes credited fix artifacts through
scripts/execute-fix-artifact.mjswhen the fix gate is open: repair a maintainer-editable contributor branch first, otherwise raise a narrow replacement PR and close the uneditable source PR after the replacement push succeeds. - Applies guarded close/comment and explicit merge actions through
scripts/apply-result.mjs. - Publishes a sanitized result ledger back to this repo under
results/,closed/,apply-report.json, and this README dashboard.
Codex does not receive a GitHub token during classification. The runner preflights GitHub state before model execution, then Codex receives those artifacts and returns JSON only. When a reviewed fix artifact is executed, Codex gets a temporary target checkout without GitHub credentials; the deterministic executor owns commit, push, PR creation, and source-PR closeout. The applicator re-fetches the target item, checks updated_at, blocks unsafe closeouts, writes idempotent close comments, closes supported duplicate/superseded/fixed-by-candidate actions, and can squash-merge explicitly allowed clean PR actions.
Merge is deliberately harder than closeout. A merge action must include merge_preflight proving security clearance, resolved human comments, resolved review-bot findings, a passed Codex /review, addressed review findings, and clean validation commands. The fix executor runs an agentic edit/review loop before it writes a fix PR: edit, validate, Codex /review, address findings, revalidate, and resolve PR review threads when permitted. The applicator also checks live unresolved GitHub review threads immediately before merge.
Runs for the same job path and mode are queued instead of running concurrently. The workflow uses Node 24 and ubuntu-latest for ClawSweeper parity; other hosted runners are opt-in.
Full worker prompts, Codex transcripts, and raw artifacts stay in GitHub Actions. The committed ledger keeps only the cluster summary, run URL, action counts, apply outcomes, closed targets, and needs-human entries.
Modes
plan: produces recommendations only.execute: can apply reviewed safe close and explicit clean merge actions from structured JSON.autonomous: adds live cluster preflight and fix-artifact generation. It may recommend and drive a canonical fix path; direct mutation still goes through the fix executor and applicator gates.needs_human: any unclear canonical choice, stale cluster state, failing checks, conflict, broad fix, or independent report should land here.- Automated reviewer feedback must be cleared during autonomous PR work. Greptile, Codex, Asile, CodeRabbit, Copilot, and similar bot comments must be addressed, proven non-actionable, or escalated before any merge or post-merge closeout recommendation.
- Merge preflight: no PR can merge until security issues are cleared, comments are resolved, Codex
/reviewhas passed, findings are addressed, and focused validation is clean. - Repair ladder: make the useful contributor PR mergeable when its branch is maintainer-editable; otherwise replace it with a narrow credited fix PR plan, close/supersede the uneditable PR only after that replacement path is explicit, and carry contributor credit into the PR body and changelog plan.
Local Run
Requires Node 24.
# Validate all job files.
npm run validate
# Render a plan-mode prompt without running Codex.
npm run render -- jobs/openclaw/cluster-example.md --mode plan
# Dry-run a worker without calling Codex.
npm run worker -- jobs/openclaw/cluster-example.md --mode plan --dry-run
# Build an offline autonomous cluster/fix artifact.
npm run build-fix-artifact -- jobs/openclaw/autonomous-example.md --offline
# Stage low-signal PR sweep jobs from local ghcrawl data.
npm run import-low-signal -- --limit 20 --batch-size 5 --mode autonomous --sort stale
# Stage the next largest active ghcrawl clusters, skipping already-imported and
# security-sensitive clusters by default.
npm run import-ghcrawl -- --from-ghcrawl --limit 40 --mode autonomous --suffix autonomous-smoke --allow-instant-close --allow-merge --allow-fix-pr --allow-post-merge-close
# Find failed cluster jobs that have not been superseded by a later success.
npm run self-heal
# Execute a reviewed fix artifact locally. Requires both execution gates and a write token.
CLOWNFISH_ALLOW_EXECUTE=1 CLOWNFISH_ALLOW_FIX_PR=1 npm run execute-fix -- jobs/openclaw/cluster-example.md --latest --dry-run
# Retry failed jobs once. This briefly opens the execution gate, waits for the
# dispatched workers to start, records the self-heal ledger, and closes the gate.
npm run self-heal -- --execute --open-execute-window --max-jobs 5 --runner ubuntu-latest
Checks
npm run validate
for f in scripts/*.mjs; do node --check "$f" || exit 1; done
npm run review-results -- .projectclownfish/runs
npm run publish-result -- .projectclownfish/runs
git diff --check
GitHub Actions Setup
The workflow needs:
- Codex/OpenAI authentication for model execution
- a read-only GitHub token for worker inspection
- a separate write-scoped GitHub token for the deterministic applicator
- execution gates that default off:
CLOWNFISH_ALLOW_EXECUTEfor all mutations andCLOWNFISH_ALLOW_FIX_PRfor branch repair/replacement PRs - optional
CLOWNFISH_CODEX_CLI_VERSIONvariable to pin and refresh the cached Codex CLI - optional
CLOWNFISH_CODEX_REVIEW_ATTEMPTSandCLOWNFISH_RESOLVE_REVIEW_THREADSvariables for agentic merge-prep review loops
Keep exact secret names, token scopes, and execution-window procedures in private operations docs or repository settings notes. Do not put token values or live operational credentials in job files.