-
Notifications
You must be signed in to change notification settings - Fork 275
Prototype graph-grounded deep regression review for high-risk OpenClaw PRs #439
Copy link
Copy link
Closed
Labels
P2Normal priority bug or improvement with limited blast radius.Normal priority bug or improvement with limited blast radius.clawsweeper:linked-pr-openClawSweeper found an open linked pull request for this issue.ClawSweeper found an open linked pull request for this issue.clawsweeper:needs-maintainer-reviewClawSweeper marked this issue as needing maintainer review before automation.ClawSweeper marked this issue as needing maintainer review before automation.clawsweeper:needs-product-decisionClawSweeper marked this issue as needing a product or behavior decision.ClawSweeper marked this issue as needing a product or behavior decision.clawsweeper:needs-security-reviewClawSweeper marked this issue as needing security-sensitive review.ClawSweeper marked this issue as needing security-sensitive review.clawsweeper:no-new-fix-prClawSweeper does not recommend queueing a new automated fix PR for this issue.ClawSweeper does not recommend queueing a new automated fix PR for this issue.impact:securityThis issue is about security boundaries, credentials, authz, sandboxing, or sensitive data.This issue is about security boundaries, credentials, authz, sandboxing, or sensitive data.issue-rating: 🌊 off-meta tidepoolIssue quality rating does not apply to this item.Issue quality rating does not apply to this item.
Description
Metadata
Metadata
Assignees
Labels
P2Normal priority bug or improvement with limited blast radius.Normal priority bug or improvement with limited blast radius.clawsweeper:linked-pr-openClawSweeper found an open linked pull request for this issue.ClawSweeper found an open linked pull request for this issue.clawsweeper:needs-maintainer-reviewClawSweeper marked this issue as needing maintainer review before automation.ClawSweeper marked this issue as needing maintainer review before automation.clawsweeper:needs-product-decisionClawSweeper marked this issue as needing a product or behavior decision.ClawSweeper marked this issue as needing a product or behavior decision.clawsweeper:needs-security-reviewClawSweeper marked this issue as needing security-sensitive review.ClawSweeper marked this issue as needing security-sensitive review.clawsweeper:no-new-fix-prClawSweeper does not recommend queueing a new automated fix PR for this issue.ClawSweeper does not recommend queueing a new automated fix PR for this issue.impact:securityThis issue is about security boundaries, credentials, authz, sandboxing, or sensitive data.This issue is about security boundaries, credentials, authz, sandboxing, or sensitive data.issue-rating: 🌊 off-meta tidepoolIssue quality rating does not apply to this item.Issue quality rating does not apply to this item.
Type
Fields
Priority
None yet
Plain-English Goal
ClawSweeper is trusted to help review OpenClaw pull requests. The problem is that some PRs can look fine in tests but still break important behavior, especially when they touch core runtime, auth, sessions, provider routing, release automation, or default configuration.
This issue tracks a prototype that makes ClawSweeper more cautious on those risky PRs. Instead of saying a risky PR is safe too quickly, ClawSweeper should:
Implementation PR: #440
Current PR head:
08d97656a837922c03ed48c848f12f2c6c400370TLDR
This is not a promise that ClawSweeper can prevent every bad release. It is a safer review path for high-risk OpenClaw PRs.
Before this change, a review could pass while still being unclear about whether it had enough context to catch a deep regression. After this change, ClawSweeper has a specific place to say: "this PR touches risky code, here is what I checked, here is what worries me, and here is what a maintainer must decide."
The stale bot-comment cleanup was removed from this work and moved to #441. This issue is about better review judgment, not deleting old GitHub comments.
flowchart LR PR["OpenClaw PR"] --> Risk{"Touches risky code?"} Risk -->|"No"| Normal["Normal ClawSweeper review"] Risk -->|"Yes"| Deep["Harder regression review"] Map["Optional code map"] --> Deep Deep --> Report["Clear report: evidence, uncertainty, maintainer action"]What The New Code Is For
The code in PR #440 adds a default-off prototype. "Default-off" means it does not turn on the optional code-map feature unless maintainers explicitly configure it.
The code mainly does five things:
It detects high-risk OpenClaw PRs.
Example: a PR that touches auth/session/core runtime code should get a tougher review than a docs-only PR.
It adds a new review section called
deepRegressionReview.This is where ClawSweeper must say whether the PR looks safe, needs attention, or should be blocked until a maintainer reviews the design.
It can include optional GitNexus context.
GitNexus is just a code map. It helps answer questions like "what other files or symbols are related to this change?" It is only advisory. GitHub's actual diff and checked-out code remain the source of truth.
It records context limits.
If ClawSweeper does not know its context-window size, it now records
unknowninstead of implying it had enough room to understand the whole repo.It fails closed around sensitive output.
If the optional code-map output looks like it may contain a secret, ClawSweeper omits that context instead of putting it into a prompt or report.
Why This Is Worth The Size
The PR is large because this touches the whole review pipeline, not because it adds one giant new algorithm.
The change has to update:
That is why the diff is big. The purpose is still simple: make ClawSweeper less likely to give overconfident approval on risky OpenClaw PRs.
Terms In Normal Language
unknownif it cannot tell.Current Validation
Local validation on
08d9765:Remote validation on
08d9765:Maintainer Decision
Maintainers need to decide whether this default-off review contract belongs in ClawSweeper now.
A good merge decision is not "this guarantees safe releases." It does not.
A good merge decision is: "this gives ClawSweeper a clearer, more honest way to handle risky OpenClaw PRs, and we accept the default-off GitNexus/code-map boundary."
Not Included