clawpatch 0.2.0

npm

• Version: https://www.npmjs.com/package/clawpatch/v/0.2.0
• Tarball: https://registry.npmjs.org/clawpatch/-/clawpatch-0.2.0.tgz
• Integrity: sha512-+WxItf6VGQ4Y6AY/Y+r8RWt8Mq574MtlNrfIrRXRzQN4uIqNJlOB4+jlJexZeWnUT2EEwQACiGy/Tso/xOQBBA==
• Dist tag: latest
• Published: 2026-05-17T06:38:32.027Z

CI

• CI: https://github.com/openclaw/clawpatch/actions/runs/25983601977
• CodeQL: https://github.com/openclaw/clawpatch/actions/runs/25983602004
• Commit: 4f6ac92

Changes

• Added the acpx provider for routing review, fix, and revalidate through ACP-compatible coding agents, thanks @mvanhorn.
• Added an OpenCode CLI provider for review, fix, revalidate, and doctor flows, thanks @Ashwinhegde19.
• Added a Grok CLI provider for review, fix, revalidate, and doctor flows, thanks @ebastos.
• Added clawpatch map --source auto|agent to invoke the configured provider as a read-only agent mapper when deterministic mapping is too shallow.
• Fixed agent mapping so provider-derived slices augment deterministic slices instead of retiring useful heuristic coverage on large repos.
• Fixed ACPX provider calls so stalled child agents time out instead of hanging indefinitely.
• Improved clawpatch map progress output and Rust mapping latency by reporting mapper activity on stderr and avoiding repeated Rust test discovery walks, thanks @optozorax.
• Added --since <ref> on clawpatch review and clawpatch revalidate to restrict runs to features whose owned or context files changed since the given git ref, thanks @mvanhorn.
• Improved Node/TypeScript mapping for large workspaces by splitting package source trees into bounded review groups with package-local tests.
• Added generic nested SwiftPM, Apple/Xcode, and Gradle/Android app mapping.
• Added React Router and React component mapping, thanks @moritzscheele.
• Added Next.js route mapping for src/app and src/pages layouts, thanks @obatried.
• Added Laravel/PHP feature mapping for routes, controllers, form requests, Artisan commands, jobs, services, models, migrations, seeders, Composer scripts, and PHP tests, thanks @Jonathanm10.
• Added Ruby and Rails feature mapping while excluding legacy Rails secrets from reviewable config, thanks @inertia186.
• Added FastAPI route feature mapping and kept root/web Python project detection in sync.
• Added Flask route feature mapping for Python projects, including web/ source roots, common root entry files, non-list method literals, and Python framework detection.
• Added first-pass Python mapping for project metadata, console scripts, source groups, pytest suites, and conservative validation defaults, thanks @xiamx.
• Improved Python mapping for setup.cfg/setup.py project metadata and console scripts, plus black --check . format defaults.
• Added Kotlin semantic role mapping for Gradle projects, including Android UI, ViewModel, data, external client, dependency injection, and server-side role slices, thanks @mrmans0n.
• Added JVM semantic role mapping from Java annotations, imports, inheritance, interfaces, and method signatures.
• Detected Java/Kotlin language and default Gradle build/test commands for root Gradle projects.
• Added generic C/C++ feature mapping for standalone main() files, CMake add_executable / add_library targets, and autotools bin_PROGRAMS / lib_LTLIBRARIES targets, thanks @iliaal.
• Added Turborepo task metadata mapping for workspace-aware feature validation commands.
• Added selected package script mapping for Node workspace packages.
• Added progress output for clawpatch revalidate, thanks @twidtwid.
• Fixed overlapping clawpatch review runs so feature claims use atomic lock files and can be recovered with clean-locks, thanks @rohitjavvadi.
• Fixed clawpatch fix so feature-specific validation commands run during dry-run previews and applied fix validation, thanks @rohitjavvadi.
• Fixed Codex provider parsing for Markdown-wrapped JSON output with trailing prose, thanks @pranaysuyash.
• Fixed Codex provider execution on Windows paths with spaces and npm .cmd shims, thanks @1berto.
• Fixed Ruby/Rails project detection so gems.rb uses Bundler commands and Rails JavaScript roots avoid duplicate Node feature queues.
• Added security ownership, CodeQL, Dependabot, dependency review, and a private disclosure policy for repository automation and package integrity, plus fixed the first CodeQL mapper sanitizer finding.
• Updated development, GitHub Actions, and Node type dependencies, made dependency review skip cleanly when the GitHub API is unavailable, and fixed CodeQL ReDoS findings in Laravel route parsing.