[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-701":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":30,"readmeContent":31,"aiSummary":32,"trendingCount":16,"starSnapshotCount":16,"syncStatus":33,"lastSyncTime":34,"discoverSource":35},701,"clawsweeper","openclaw\u002Fclawsweeper","openclaw","ClawSweeper scans all issues and PRs and suggest what we can close, and why. It runs every PR \u002F Issue once a week.","https:\u002F\u002Fclawsweeper.bot",null,"TypeScript",1838,239,6,14,0,123,142,233,369,20.14,"MIT License",false,"main",true,[27,28,7,29],"ai","bot","review","2026-06-12 02:00:17","# 🦞🧹 ClawSweeper\n\nClawSweeper is the conservative maintenance bot for OpenClaw repositories. It\nkeeps the backlog reviewed, keeps maintainer-visible GitHub comments tidy, and\nturns narrow trusted findings into guarded repair or automerge work.\n\nThe current production targets are `openclaw\u002Fopenclaw`, `openclaw\u002Fclawhub`, and\nself-review for `openclaw\u002Fclawsweeper`.\n\nThe OpenClaw-hosted ClawSweeper instance is not a public review service and does\nnot provide free reviews for third-party repositories. If you want ClawSweeper\nfor your own project, fork this repository, deploy it in your own organization,\nand configure that self-hosted instance for your repositories.\n\nAt a high level ClawSweeper:\n\n- reviews open issues and pull requests on a schedule and on exact GitHub events\n- writes one durable markdown report per item in generated state\n- syncs one marker-backed public review comment per issue or PR, edited in place\n- closes only unchanged, high-confidence, policy-allowed proposals\n- routes maintainer commands such as `@clawsweeper review`,\n  `@clawsweeper fix`, `@clawsweeper autofix`, and `@clawsweeper automerge`\n- repairs opted-in PRs through a bounded Codex review\u002Ffix loop before merge\n- can open guarded implementation PRs for strict, reproducible bug issues\n- reviews code-bearing commits that land on target `main` branches\n- publishes dashboard, audit, repair, and activity state to\n  `openclaw\u002Fclawsweeper-state`\n\nClawSweeper is not a generic auto-close bot. Review is proposal-only, apply is\nguarded, Codex never gets write credentials during review, and every GitHub\nmutation is rechecked against live target state immediately before it happens.\n\n## Capabilities\n\n### Issue and PR Reviews\n\nScheduled runs scan open issues and pull requests, while target repositories can\nforward exact issue\u002FPR events with `repository_dispatch` for low-latency\none-item reviews. Each review writes\n`records\u002F\u003Crepo-slug>\u002Fitems\u002F\u003Cnumber>.md` with the decision, evidence, proposed\nmaintainer-facing comment, runtime metadata, and GitHub snapshot hash.\n\nClawSweeper syncs one marker-backed public review comment per item and edits it\nin place instead of posting repeated comments. If a review starts before a\ncompleted comment exists, it first posts a short status placeholder, then\nreplaces that same comment with the final review. Pull request comments include\nhidden verdict\u002Faction markers so trusted repair and automerge flows can continue\nwithout scraping visible prose. See\n[`docs\u002Fpr-review-comments.md`](docs\u002Fpr-review-comments.md).\n\n### Apply and State\n\nApply mode re-fetches live GitHub state, checks labels, maintainer authorship,\npaired issue\u002FPR state, snapshot drift, and repository profile rules before\ncommenting or closing anything. Closed or already-closed reports move to\n`records\u002F\u003Crepo-slug>\u002Fclosed\u002F\u003Cnumber>.md`; reopened archived items move back to\n`items\u002F` as stale work.\n\nGenerated state lives in `openclaw\u002Fclawsweeper-state`: durable `records\u002F`,\n`jobs\u002F`, `results\u002F`, audit output, workflow status JSON, repair ledgers, and the\nrendered dashboard. This repository stays focused on source, workflows, docs,\nand tests.\n\n### Repair and Automerge\n\nMaintainer commands can opt PRs into `autofix` or `automerge`, dispatch a fresh\nexact-head review, and run a bounded Codex review\u002Ffix loop. Codex handles the\ncode repair and local validation loop; deterministic executor steps own every\nGitHub mutation, branch push, label update, and final merge gate.\n\nAutomerge waits for exact-head review, required checks, mergeability, and policy\ngates. If repair was needed, the mutable status comment records each review,\nrepair, re-review, and merge step with timing and links. The final merge result\nsummarizes both the original PR change and any ClawSweeper fixups.\n\nFor issues, strict bug reviews that are high-confidence reproducible, do not\nalready have a linked PR, and do not require feature\u002Fconfig expansion can\ndispatch Codex to open one guarded implementation PR labeled\n`clawsweeper:autogenerated`.\n\n### Commit Reviews\n\nPush events on target `main` branches can dispatch to\n`.github\u002Fworkflows\u002Fcommit-review.yml`. The workflow expands the commit range,\nskips non-code-only commits cheaply, starts one Codex worker per code-bearing\ncommit, and writes `records\u002F\u003Crepo-slug>\u002Fcommits\u002F\u003Csha>.md`.\n\nCommit reports are the source of truth. Optional target commit Check Runs are\ndisabled by default and can be enabled per run or repository. Reports with\n`result: findings` can dispatch to repair intake when the finding is narrow,\nnon-security, and still relevant on latest `main`.\n\n### Operations\n\nRepository-specific rules live in `src\u002Frepository-profiles.ts`, so OpenClaw,\nClawHub, and ClawSweeper can share the same engine while keeping different apply\nlimits. Both review and repair lanes support manual workflow dispatch, reruns,\nand backfills. `pnpm commit-reports -- --since 24h`, `--findings`,\n`--non-clean`, `--repo`, and `--author` query flat per-SHA commit storage\nwithout date buckets.\n\n## Guardrails\n\nClawSweeper may propose a close only when the item is clearly one of these:\n\n- implemented on current `main`\n- not reproducible on current `main`\n- better suited for ClawHub skill\u002Fplugin work than core\n- duplicate or superseded by a canonical issue\u002FPR\n- concrete but not actionable in this source repo\n- incoherent enough that no action can be taken\n- stale issue older than 60 days with too little data to verify\n\nMaintainer-authored items are never auto-closed. Everything else stays open.\nIssues with an open PR that references them using GitHub closing syntax such as\n`Fixes #123` stay open until that PR merges or is closed.\nOpen issue\u002FPR pairs from the same author stay open together unless the paired\nitem is already resolved or a maintainer explicitly asks to close one side.\n\nRepository profiles can further narrow apply. ClawHub and ClawSweeper self-review\nare intentionally stricter: they review issues and PRs, but apply may close only\nPRs where current `main` already implements the proposed change with\nsource-backed evidence.\n\n## Maintainer Commands\n\nMaintainers can steer ClawSweeper from target-repo issue and PR comments. The\npreferred form is `@clawsweeper ...`. The router also accepts\n`@clawsweeper[bot] ...`, `@openclaw-clawsweeper ...`,\n`@openclaw-clawsweeper[bot] ...`, and legacy slash aliases such as\n`\u002Fclawsweeper ...`, `\u002Freview`, `\u002Fautomerge`, `\u002Fauto merge`, and\n`\u002Fautoclose \u003Creason>`.\n\nCommon commands:\n\n```text\n@clawsweeper status\n@clawsweeper re-review\n@clawsweeper review\n@clawsweeper fix ci\n@clawsweeper address review\n@clawsweeper rebase\n@clawsweeper autofix\n@clawsweeper automerge\n@clawsweeper approve\n@clawsweeper explain\n@clawsweeper stop\n@clawsweeper why did automerge stop here?\n```\n\n- `status` and `explain` post a short target summary.\n- `review` and `re-review` dispatch a fresh ClawSweeper issue\u002FPR review without\n  starting repair.\n- Command status replies are marker-backed and edited in place per\n  issue\u002FPR, intent, and head SHA. The visible badge is one lobster plus the\n  current state: `👀` for acknowledgement, `🧹` for review, `🔧` for repair, and\n  `✅` for completed\u002Fpaused work.\n- Freeform `@clawsweeper ...` mentions dispatch a read-only assist review that\n  answers the maintainer request in the next ClawSweeper comment. Action-looking\n  prose still maps through existing safe markers and deterministic gates.\n- `fix ci`, `address review`, and `rebase` dispatch the repair worker only for\n  ClawSweeper PRs or PRs already opted into `clawsweeper:autofix` or\n  `clawsweeper:automerge`.\n- `autofix` labels an open PR, creates or reuses the adopted job, dispatches\n  review, and enters the bounded review\u002Ffix loop without merging.\n- `automerge` labels an open PR, creates or reuses the adopted job, dispatches\n  review, and enters the bounded review\u002Ffix\u002Fmerge loop. Draft PRs are fix-only\n  until GitHub marks them ready for review.\n- User-facing OpenClaw `fix`, `feat`, and `perf` automerge PRs must include a\n  `CHANGELOG.md` entry before ClawSweeper will merge them.\n- Security-sensitive findings can be repaired only after explicit\n  `autofix`\u002F`automerge` opt-in; ClawSweeper still will not merge until a later\n  exact-head review is clean.\n- `approve` lets a maintainer clear a ClawSweeper human-review pause and merge\n  only after the normal exact-head, checks, mergeability, and gate checks pass.\n- `stop` removes repair-loop labels, adds `clawsweeper:human-review`, and makes\n  older automerge\u002Fautofix comments ineligible to continue. `\u002Fautoclose \u003Creason>`\n  closes the item and bounded linked same-repo targets with an explicit\n  maintainer reason.\n\nOnly maintainers are accepted. The router checks repository collaborator\npermission (`admin`, `maintain`, or `write`) and falls back to trusted\n`author_association` values when permission lookup is unavailable. Contributor\ncommands are ignored without a reply. Scheduled comment routing is dry unless\n`CLAWSWEEPER_COMMENT_ROUTER_EXECUTE=1`; workflow dispatch with `execute=true`\ncan be used for one-off live routing.\n\n## Dashboard\n\nLive dashboard and generated state: https:\u002F\u002Fgithub.com\u002Fopenclaw\u002Fclawsweeper-state\n\n## How It Works\n\nClawSweeper is split into four operational lanes:\n\n- review lane: scheduled and event-driven issue\u002FPR reviews, durable reports, and\n  public review comment sync\n- apply lane: guarded close\u002Fcomment mutations, audit, reconcile, and state\n  publishing\n- repair lane: maintainer-command routing, autofix, automerge, issue\n  implementation PRs, and repair result publishing\n- commit review lane: main-branch commit dispatch, cheap code\u002Fnon-code\n  classification, one Codex review worker per code-bearing commit, and optional\n  target commit checks\n\n### Scheduler\n\nThe issue\u002FPR scheduler decides what to scan and how often. New and active items\nget more attention; older quiet items fall back to a slower cadence. Detailed\nscheduling, capacity, and monitoring behavior is documented in\n[`docs\u002Fscheduler.md`](docs\u002Fscheduler.md).\n\n- hot\u002Fnew and recently active items are checked hourly, with a 5-minute intake\n  schedule for the newest queue edge\n- target repositories can forward issue and PR events with\n  `repository_dispatch`; those exact item runs use a dedicated single job to\n  review one item, sync the durable comment, and apply only safe close\n  proposals for that same item\n- pull requests and issues younger than 30 days are checked daily once they\n  leave the hot window\n- older inactive issues are checked weekly\n- apply wakes every 15 minutes and exits quickly when there are no unchanged\n  high-confidence close proposals\n\n### Review Lane\n\nReview is proposal-only. It never closes items.\n\n- A planner scans open issues and PRs, then assigns exact item numbers to shards.\n- Manual runs can pass `item_number` or comma-separated `item_numbers` to review\n  exact Audit Health findings without scanning for a normal batch.\n- Each shard checks out the selected target repository at `main`.\n- Codex reviews with `gpt-5.5`, high reasoning, the default service tier, and a\n  10-minute per-item timeout.\n- Each item becomes a flat report under\n  `records\u002F\u003Crepo-slug>\u002Fitems\u002F\u003Cnumber>.md` with the decision, evidence,\n  Codex `\u002Freview`-style PR findings, suggested comment, runtime metadata, and\n  GitHub snapshot hash. When GitHub exposes a merged closing PR for an issue,\n  the report records that PR and the close comment links it as fix provenance.\n- High-confidence allowed close decisions become `proposed_close`.\n- After publish, the lane checks the selected items' single marker-backed Codex\n  review comment. Missing comments and missing metadata are synced immediately;\n  existing comments are refreshed only when stale, currently weekly.\n- PR review comments keep the top-level note concise, put source links and full\n  evidence in collapsed details, and use hidden verdict\u002Faction markers for the\n  trusted ClawSweeper repair loop; see\n  [`docs\u002Fpr-review-comments.md`](docs\u002Fpr-review-comments.md).\n\n### Apply Lane\n\nApply reads existing reports and mutates GitHub only when the stored review is\nstill valid.\n\n- Updates the single marker-backed Codex automated review comment in place.\n- Closes only unchanged high-confidence proposals.\n- Reuses the review comment when closing; no duplicate close comment.\n- Moves closed or already-closed reports to\n  `records\u002F\u003Crepo-slug>\u002Fclosed\u002F\u003Cnumber>.md`.\n- Moves reopened archived reports back to the repo’s `items\u002F` folder as stale.\n- Commits checkpoints and machine-readable status during long runs.\n\nApply wakes every 15 minutes, no-ops when there are no unchanged\nhigh-confidence close proposals, and narrows scheduled runs to the currently\neligible proposal list so idle runs do not scan unrelated keep-open records.\nIt defaults to all item kinds, no age floor, a 2-second close delay, and 50\nfresh closes per checkpoint. If it reaches the requested limit, it queues\nanother apply run with the same settings.\n\nExact event runs skip the bulk planner, shard matrix, artifact upload, and\nseparate publish job. They still use the same review and apply code paths, but\nonly for the selected item number and only with immediate-safe reasons enabled\nby default: `implemented_on_main` and `duplicate_or_superseded`.\n`stale_insufficient_info` is never applied to young items; apply requires those\nissue reports to be at least 30 days old unless a manual run explicitly changes\nthe threshold.\n\nThe external state dashboard is fleet-scoped. Each configured repository gets\nits own record folder, status JSON, audit state, cadence counts, and recent\nactivity section. The state repo aggregates those repository snapshots so event\nruns from one repo do not hide the state of another.\n\nThere is still one deterministic apply path for writes. Review can propose and\nsync stale public review comments, but closing remains guarded by apply so a\nfresh GitHub snapshot, labels, maintainer-authorship, and unchanged item state\nare checked immediately before mutation.\n\n### Repair Lane\n\nRepair starts from maintainer intent or trusted ClawSweeper review metadata. The\ncomment router accepts commands from target repositories, validates maintainer\npermissions, updates one mutable command\u002Fstatus comment, and dispatches the\nappropriate repair job.\n\n- `autofix` and `automerge` adopt the PR branch and run exact-head review before\n  making changes.\n- If review or CI finds actionable issues, Codex rebases, addresses PR review\n  comments, fixes CI, runs the requested validation, and returns a structured\n  repair artifact.\n- The deterministic executor applies the artifact, pushes only after validation,\n  re-dispatches exact-head review, and waits for required checks.\n- `automerge` merges only after review verdict, checks, mergeability, changelog,\n  security, maintainer stop\u002Fapprove state, and repository policy gates pass.\n- Issue implementation is narrower: only strict, reproducible bugs with no\n  linked PR and no feature\u002Fconfig expansion can open a generated PR.\n\nRepair internals are documented in\n[`docs\u002Frepair\u002FREADME.md`](docs\u002Frepair\u002FREADME.md), and the automerge state\nmachine is documented in\n[`docs\u002Frepair\u002Fautomerge-flow.md`](docs\u002Frepair\u002Fautomerge-flow.md).\n\n### Commit Review Lane\n\nCommit review is intentionally separate from issue\u002FPR cleanup. It never closes\nitems, writes comments, or fixes code.\n\n- Target repositories forward `push` events from `main` with\n  `repository_dispatch`.\n- Manual runs can pass `commit_sha`, optional `before_sha`, optional\n  `additional_prompt`, `enabled`, and `create_checks`.\n- The receiver verifies the selected commits are reachable from `origin\u002Fmain`.\n- Before selecting and reviewing commits, the receiver waits 60 seconds by\n  default (`CLAWSWEEPER_COMMIT_REVIEW_SETTLE_SECONDS=60`) so a push range has\n  time to settle across GitHub and the runner.\n- The plan job expands ranges, pages large backfills at GitHub's matrix limit,\n  and classifies each commit before Codex starts.\n- Pure documentation, changelog, README\u002Flicense, and asset-only commits get a\n  skipped report without spending Codex time.\n- Mixed commits and code-bearing commits start one Codex worker per commit. The\n  worker checks out current target `main` and reviews the selected commit by\n  SHA\u002Frange instead of detaching the whole repository at that commit.\n- Codex is prompted to read beyond the diff: changed files, callers\u002Fcallees,\n  runtime entry points, adjacent tests\u002Fdocs, dependency manifests, release\n  notes, advisories, web sources, and focused live tests when useful.\n- Each commit writes exactly one report at\n  `records\u002F\u003Crepo-slug>\u002Fcommits\u002F\u003C40-char-sha>.md`.\n- Reruns overwrite the same report, including reruns with an\n  `additional_prompt`.\n- Report results are `nothing_found`, `findings`, `inconclusive`, `failed`, or\n  `skipped_non_code`.\n- Optional GitHub Checks use the `ClawSweeper Commit Review` name on the target\n  commit. Clean or skipped reports are green; high-confidence high\u002Fcritical\n  findings fail; lower-severity, inconclusive, and failed reviews are neutral.\n- Finding reports are dispatched to the repair intake when\n  `CLAWSWEEPER_COMMIT_FINDINGS_ENABLED` is not `false`. ClawSweeper owns\n  the audit log and any repair PR.\n\nUse `pnpm commit-reports -- --since 24h` to review recent reports and add\n`--findings`, `--non-clean`, `--repo`, or `--author` to narrow the list. The\nstorage stays flat so a rerun can overwrite exactly one file for a commit\nwithout rediscovering a date bucket.\n\n### Safety Model\n\n- Maintainer-authored items are excluded from automated closes.\n- Protected labels block close proposals.\n- Open PRs with GitHub closing references block issue closes until the PR is\n  resolved.\n- Open same-author issue\u002FPR pairs block one-sided closes.\n- Codex runs without GitHub write tokens.\n- Issue\u002FPR event jobs create target write and report-push credentials only after\n  Codex exits.\n- Commit review workers give Codex only a read-scoped target token as `GH_TOKEN`\n  so it can inspect mentioned issues, PRs, workflow runs, and commit metadata.\n- Commit write\u002Fcheck credentials are created only after Codex exits.\n- CI makes the target checkout read-only for reviews.\n- Reviews fail if Codex leaves tracked or untracked changes behind.\n- Snapshot changes block apply unless the only change is the bot’s own review\n  comment.\n- Commit Check Runs are optional and disabled by default.\n\n### Audit\n\n`pnpm run audit` compares live GitHub state with generated records without moving\nfiles. It reports missing open records, archived open records, stale records,\nduplicates, protected-label proposed closes, and stale review-status records.\nProtected proposed closes are reported only for active repo `items\u002F` records\nbecause archived repo `closed\u002F` records are historical and cannot be applied.\nMissing open records are classified as eligible, maintainer-authored, protected,\nor recently created so strict audit mode can flag actionable drift without\ntreating expected queue lag or excluded items as failures.\nUse `--update-dashboard` to publish the latest audit state under\n`results\u002Faudit\u002F` in `openclaw\u002Fclawsweeper-state` without making every normal\nstatus update scan all open GitHub items. The state repo renders reviewable\nfindings such as missing eligible records, reopened archived records, and stale\nreviews from that state. The\nworkflow refreshes audit state on a separate six-hour schedule, and it can be run\nmanually with `audit_dashboard=true`. The read-only audit lane covers\n`openclaw\u002Fopenclaw`, `openclaw\u002Fclawhub`, and `openclaw\u002Fclawsweeper`; it falls\nback to public workflow-token reads when the ClawSweeper App token is not\navailable for a target.\n\n## Local Run\n\nRequires Node 24.\n\nIssue\u002FPR sweeper:\n\n```bash\nsource ~\u002F.profile\ncorepack enable\npnpm install\npnpm run build\npnpm run plan -- --target-repo openclaw\u002Fopenclaw --batch-size 5 --shard-count 70 --max-pages 250 --codex-model gpt-5.5 --codex-reasoning-effort high\npnpm run review -- --target-repo openclaw\u002Fopenclaw --target-dir ..\u002Fopenclaw --batch-size 5 --max-pages 250 --artifact-dir artifacts\u002Freviews --codex-model gpt-5.5 --codex-reasoning-effort high --codex-timeout-ms 600000\npnpm run apply-artifacts -- --target-repo openclaw\u002Fopenclaw --artifact-dir artifacts\u002Freviews --skip-dashboard\npnpm run audit -- --target-repo openclaw\u002Fopenclaw --max-pages 250 --sample-limit 25 --update-dashboard\npnpm run reconcile -- --target-repo openclaw\u002Fopenclaw --dry-run\n```\n\nApply unchanged proposals later:\n\n```bash\nsource ~\u002F.profile\ncorepack enable\npnpm run apply-decisions -- --target-repo openclaw\u002Fopenclaw --limit 20 --apply-kind all --skip-dashboard\n```\n\nSync durable review comments without closing:\n\n```bash\nsource ~\u002F.profile\ncorepack enable\npnpm run apply-decisions -- --target-repo openclaw\u002Fopenclaw --sync-comments-only --comment-sync-min-age-days 7 --processed-limit 1000 --limit 0 --skip-dashboard\n```\n\nList commit reports:\n\n```bash\nsource ~\u002F.profile\ncorepack enable\npnpm run build\npnpm commit-reports -- --since 24h\npnpm commit-reports -- --since 24h --findings\npnpm commit-reports -- --repo openclaw\u002Fopenclaw --author steipete --since 7d\n```\n\nManually rerun commit review through GitHub Actions:\n\n```bash\ngh workflow run commit-review.yml \\\n  --repo openclaw\u002Fclawsweeper \\\n  --ref main \\\n  -f target_repo=openclaw\u002Fopenclaw \\\n  -f commit_sha=\u003Ccommit-sha> \\\n  -f before_sha=\u003Cparent-or-range-start-sha> \\\n  -f create_checks=false \\\n  -f enabled=true \\\n  -f additional_prompt='Optional extra review focus.'\n```\n\nOmit `before_sha` for a single-commit review. Pass `before_sha` to review the\nhistoric range `before_sha..commit_sha`.\n\nManual review runs are proposal-only. Use `apply_existing=true` to apply unchanged\nproposals later. Scheduled apply runs process both issues and pull requests by\ndefault, subject to the selected repository profile; pass `target_repo`,\n`apply_kind=issue`, or `apply_kind=pull_request` to narrow a manual run.\n\nScheduled runs cover the configured product profiles. `openclaw\u002Fopenclaw` runs\nnormal backfill every 5 minutes with up to 70 review shards when the system is\nquiet; `openclaw\u002Fclawhub` runs on offset review\u002Fapply\u002Faudit crons so its reports\nlive under `records\u002Fopenclaw-clawhub\u002F` without colliding with default repo\nrecords. `openclaw\u002Fclawsweeper` has a scheduled read-only audit row and is\navailable for manual and event self-review smoke tests. Broad hot-intake sweeps\ncap scheduled fan-out at 35 one-item shards per run when quiet; exact event\nreviews still use one shard. Normal review, hot intake, and commit review are\nbackground lanes, so they shrink automatically while repair or exact-item work\nis active. Throughput defaults live in\n[docs\u002Flimits.md](docs\u002Flimits.md) and `config\u002Fautomation-limits.json`.\n\n### Worker Budget\n\nClawSweeper has one main capacity knob:\n`config\u002Fautomation-limits.json` -> `workers.max`. The current value is `100`.\nQuiet-system lane limits are derived from that number: normal review gets up to\n70 shards, hot intake up to 35 shards, commit review 5 commits per page, and\nrepair\u002Fissue implementation 40 live workers. Exact-item review, repair, and\nissue implementation are priority work; normal review, hot intake, and commit\nreview are background work and automatically yield when priority work is active.\nUse `workers.max` first when turning total Codex usage up or down; use the\nindividual environment overrides only for temporary lane-specific exceptions.\n\nTarget repositories can opt into event-level latency by installing the\ndispatcher workflow in [docs\u002Ftarget-dispatcher.md](docs\u002Ftarget-dispatcher.md).\nThe dispatcher sends `repository_dispatch` events to this repository with the\ntarget repo and exact item number; ClawSweeper then runs one event job that\nreviews, comments, and checks immediate safe apply instead of waiting for the\nnext hot-intake cron or bulk publish lane.\n\nTarget repositories can opt into main-branch commit review with\n[docs\u002Fcommit-dispatcher.md](docs\u002Fcommit-dispatcher.md). That dispatcher sends\npush ranges to this repository, where ClawSweeper expands the range and writes\none commit report per SHA.\n\n## Checks\n\n```bash\npnpm run check\npnpm run oxformat\n```\n\n`oxformat` is an alias for `oxfmt`; there is no separate `oxformat` pnpm package.\nThe `CI` GitHub Actions workflow uses the latest Node release and runs\n`pnpm run check` on pushes, pull requests, and manual dispatches. The check gate\nincludes the full test suite, a strict changed-surface coverage threshold, and a\nfull compiled-repo coverage ratchet.\n\n## GitHub Actions Setup\n\nRequired secrets:\n\n- `OPENAI_API_KEY`: OpenAI API key used by the per-job local Codex Responses\n  proxy. Codex subprocesses inherit only the proxy-backed `CODEX_HOME`, not the\n  raw API key.\n- `CLAWSWEEPER_APP_CLIENT_ID`: public GitHub App client ID for `clawsweeper`.\n  Currently `Iv23liOECG0slfuhz093`.\n- `CLAWSWEEPER_APP_PRIVATE_KEY`: private key for `clawsweeper`; plan\u002Freview\n  jobs use a short-lived GitHub App installation token for read-heavy target API\n  calls, commit review uses a read-scoped target token while Codex runs, and\n  apply\u002Fcomment-sync\u002Fcheck jobs use the app token for comments, closes, and\n  optional checks.\n  Keep App credentials scoped to the `actions\u002Fcreate-github-app-token` step.\n  Review shards run Codex over attacker-controlled issue\u002FPR text, so\n  `codexEnv()` also strips these App variables before spawning Codex.\n\nToken flow:\n\n- Review and repair jobs create an isolated per-run `CODEX_HOME`, start a local\n  Responses proxy from `OPENAI_API_KEY`, write proxy-only Codex config there,\n  and run Codex without OpenAI or Codex token environment variables.\n- ClawSweeper uses the `clawsweeper` GitHub App token for read-heavy target\n  context.\n- Apply mode uses the same app token for review comments and closes, so GitHub\n  attributes mutations to the app bot account instead of a PAT user.\n- Commit review passes Codex only a read-scoped target token as `GH_TOKEN` for\n  issue\u002FPR\u002Fworkflow\u002Fcommit hydration, then creates write\u002Fcheck credentials only\n  after Codex exits.\n- The ClawSweeper GitHub App commits generated reports back to\n  `openclaw\u002Fclawsweeper-state`.\n\nRequired `clawsweeper` app permissions:\n\n- Contents: read\u002Fwrite, for report commits, repair branches, and repository\n  dispatch inputs that need a contents-scoped installation token.\n- Issues: read\u002Fwrite, for issue comments, labels, closes, and maintainer command\n  authorization context.\n- Pull requests: read\u002Fwrite, for PR comments, labels, merge readiness, repair PRs,\n  and guarded automerge.\n- Workflows: write, for adopted automerge repairs that need to rebase or update\n  source branches containing `.github\u002Fworkflows\u002F*` changes.\n- Actions: read\u002Fwrite on `openclaw\u002Fclawsweeper`, for run cancellation, manual\n  dispatch, self-heal, and commit-review continuations.\n- Checks: write on target repositories when commit Check Runs should be\n  published.\n\nClawSweeper no longer falls back to PAT-based write tokens. If the GitHub App\ninstallation does not grant the requested permission set, the workflow fails at\ntoken creation instead of silently switching identity.\n\nTarget repository setup:\n\n- install the issue\u002FPR dispatcher from\n  [docs\u002Ftarget-dispatcher.md](docs\u002Ftarget-dispatcher.md) for exact item event\n  reviews\n- install the commit dispatcher from\n  [docs\u002Fcommit-dispatcher.md](docs\u002Fcommit-dispatcher.md) for `main` commit\n  reviews\n- set `CLAWSWEEPER_COMMIT_REVIEW_ENABLED=false` to disable commit dispatch\n  without code changes\n- set `CLAWSWEEPER_COMMIT_REVIEW_CREATE_CHECKS=true` only if commit Check Runs\n  should be published\n- optionally set `CLAWSWEEPER_COMMIT_REVIEW_SETTLE_SECONDS=0` for manual\n  backfills where the target commit range is already settled; the default is\n  `60`\n","ClawSweeper 是一个用于 OpenClaw 仓库的维护机器人，它定期扫描所有问题和拉取请求，并建议哪些可以关闭及其原因。该项目的核心功能包括自动审查未解决的问题和拉取请求、生成持久化的 Markdown 报告、同步并编辑带有标记的公开评论以及在高置信度下关闭符合条件的提案。此外，ClawSweeper 还支持维护者命令执行特定操作如审查、修复或自动合并等。该工具适用于需要保持代码库清洁、减轻维护负担的开源项目。用户可以通过分叉此仓库并在自己的组织中部署来自定义使用。",2,"2026-06-11 02:38:43","CREATED_QUERY"]