Skip to content

Prototype graph-grounded deep regression review for high-risk OpenClaw PRs #439

Description

@100yenadmin

Plain-English Goal

ClawSweeper is trusted to help review OpenClaw pull requests. The problem is that some PRs can look fine in tests but still break important behavior, especially when they touch core runtime, auth, sessions, provider routing, release automation, or default configuration.

This issue tracks a prototype that makes ClawSweeper more cautious on those risky PRs. Instead of saying a risky PR is safe too quickly, ClawSweeper should:

  • Notice when a PR touches dangerous parts of OpenClaw.
  • Ask a harder set of review questions for those PRs.
  • Use optional code-map context when available.
  • Clearly say what evidence it used.
  • Clearly say what it could not prove.
  • Tell maintainers when a human architecture review is still needed.

Implementation PR: #440

Current PR head: 08d97656a837922c03ed48c848f12f2c6c400370

TLDR

This is not a promise that ClawSweeper can prevent every bad release. It is a safer review path for high-risk OpenClaw PRs.

Before this change, a review could pass while still being unclear about whether it had enough context to catch a deep regression. After this change, ClawSweeper has a specific place to say: "this PR touches risky code, here is what I checked, here is what worries me, and here is what a maintainer must decide."

The stale bot-comment cleanup was removed from this work and moved to #441. This issue is about better review judgment, not deleting old GitHub comments.

flowchart LR
  PR["OpenClaw PR"] --> Risk{"Touches risky code?"}
  Risk -->|"No"| Normal["Normal ClawSweeper review"]
  Risk -->|"Yes"| Deep["Harder regression review"]
  Map["Optional code map"] --> Deep
  Deep --> Report["Clear report: evidence, uncertainty, maintainer action"]
Loading

What The New Code Is For

The code in PR #440 adds a default-off prototype. "Default-off" means it does not turn on the optional code-map feature unless maintainers explicitly configure it.

The code mainly does five things:

  1. It detects high-risk OpenClaw PRs.

    Example: a PR that touches auth/session/core runtime code should get a tougher review than a docs-only PR.

  2. It adds a new review section called deepRegressionReview.

    This is where ClawSweeper must say whether the PR looks safe, needs attention, or should be blocked until a maintainer reviews the design.

  3. It can include optional GitNexus context.

    GitNexus is just a code map. It helps answer questions like "what other files or symbols are related to this change?" It is only advisory. GitHub's actual diff and checked-out code remain the source of truth.

  4. It records context limits.

    If ClawSweeper does not know its context-window size, it now records unknown instead of implying it had enough room to understand the whole repo.

  5. It fails closed around sensitive output.

    If the optional code-map output looks like it may contain a secret, ClawSweeper omits that context instead of putting it into a prompt or report.

Why This Is Worth The Size

The PR is large because this touches the whole review pipeline, not because it adds one giant new algorithm.

The change has to update:

  • how ClawSweeper classifies risky PRs,
  • what it asks the model to review,
  • what response shape the model must return,
  • how reports are rendered,
  • how review-cache keys are built,
  • how automation markers decide whether a PR needs a human,
  • documentation,
  • and tests for the risky failure cases.

That is why the diff is big. The purpose is still simple: make ClawSweeper less likely to give overconfident approval on risky OpenClaw PRs.

Terms In Normal Language

  • GitNexus: a searchable map of the codebase. It can suggest related files, but it does not replace reading the actual PR diff.
  • High-risk classifier: a checklist that says "this PR touches sensitive code, review it more carefully."
  • Context-window telemetry: a note saying how much code ClawSweeper was configured to fit into its model context, or unknown if it cannot tell.
  • Fail closed: if something looks unsafe or unclear, ClawSweeper lowers confidence instead of pretending everything is fine.
  • Deep regression: a bug that does not show up as a simple test failure but breaks important behavior because the architecture or assumptions are wrong.

Current Validation

Local validation on 08d9765:

pnpm run build: passed
node --test test/repair/update-command-status.test.ts: tests 14, pass 14, fail 0
pnpm run lint:src: passed
pnpm run format:check: passed
git diff --check: passed

Remote validation on 08d9765:

pnpm check: SUCCESS
CodeQL / Analyze (actions): SUCCESS
CodeQL / Analyze (javascript-typescript): SUCCESS
Windows Codex launcher: SUCCESS
Socket Security / Pull Request Alerts: SUCCESS
Socket Security / Project Report: SUCCESS
Merge state: CLEAN
Current-head review threads: none

Maintainer Decision

Maintainers need to decide whether this default-off review contract belongs in ClawSweeper now.

A good merge decision is not "this guarantees safe releases." It does not.

A good merge decision is: "this gives ClawSweeper a clearer, more honest way to handle risky OpenClaw PRs, and we accept the default-off GitNexus/code-map boundary."

Not Included

  • No OpenClaw runtime changes.
  • No auto-merge behavior is enabled by default.
  • No claim that ClawSweeper has or needs a 1M-token context window.
  • No claim that this proves release readiness.
  • No stale comment deletion; that separate decision is tracked in Evaluate stale re-review command-status comment cleanup #441.

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Normal priority bug or improvement with limited blast radius.clawsweeper:linked-pr-openClawSweeper found an open linked pull request for this issue.clawsweeper:needs-maintainer-reviewClawSweeper marked this issue as needing maintainer review before automation.clawsweeper:needs-product-decisionClawSweeper marked this issue as needing a product or behavior decision.clawsweeper:needs-security-reviewClawSweeper marked this issue as needing security-sensitive review.clawsweeper:no-new-fix-prClawSweeper does not recommend queueing a new automated fix PR for this issue.impact:securityThis issue is about security boundaries, credentials, authz, sandboxing, or sensitive data.issue-rating: 🌊 off-meta tidepoolIssue quality rating does not apply to this item.

    Type

    No type

    Fields

    Priority

    None yet

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions