fix: enable protected-branch automerge requests

[joshp123]

Human written summary:

The intent of this change is, as written by a human:

Well, wait a second. If ClawSweeper is broken, why aren't we creating a PR to fix it?

The rest of this PR was written by GPT-5, running in the Codex desktop harness. Full environment + prompt history appear at the end.

Changes

• Route protected-branch approved automerge through GitHub auto-merge with gh pr merge --auto.
• Share the BLOCKED merge-state allowance across the comment router and automerge shepherd so post-repair continuations can reach the router.
• Preserve the existing direct squash merge path for clean PRs; --auto is only added for mergeStateStatus: BLOCKED.
• Report an open PR with autoMergeRequest as waiting/enabled instead of claiming it merged.

Tests

• nix shell nixpkgs#nodejs_24 nixpkgs#pnpm -c pnpm run build:repair - passed.
• nix shell nixpkgs#nodejs_24 nixpkgs#pnpm -c pnpm run test:repair -- --test-name-pattern 'automerge shepherd|automerge merge args|automerge merge states|comment-router-core' - passed; the runner executed the full repair suite, 437 tests passed.
• nix shell nixpkgs#nodejs_24 nixpkgs#pnpm -c pnpm run format - passed.
• nix shell nixpkgs#nodejs_24 nixpkgs#pnpm -c pnpm run check - passed.
• Live proof attempt: dispatched repair-comment-router.yml from this branch against openclaw/telecrawl#4; run https://github.com/openclaw/clawsweeper/actions/runs/26710838589 completed successfully with CLAWSWEEPER_ALLOW_MERGE=1, app credentials, merge_state_status: BLOCKED, and 6/6 green checks. It did not reach gh pr merge --auto because the Telecrawl automerge comments were not maintainer-authorized for that target: the router saw repository permission read and author association CONTRIBUTOR. That is an external authorization blocker for this proof target, not the merge-state bug fixed here.

Risks

• Low/moderate: this changes the final approved automerge path for protected-branch PRs, but keeps existing readiness checks, preserves direct merge for clean PRs, and still uses --match-head-commit.

Follow-ups

• Prove the final autoMergeRequest state on a maintainer-authorized protected-branch target before merging if ClawSweeper still requires live behavior proof.
• After this lands, re-run/verify Telecrawl fix: isolate Codex home for local review runs #6 and only handle fix: guard missing Codex process output #7 after its author/security-boundary labels are resolved.

Prompt History

Environment

Harness: Codex desktop
Model: GPT-5
Thinking level: not exposed by harness
Terminal: zsh
System: macOS, local checkout /Users/josh/code/research/clawsweeper

Prompts

ISO-8601	Prompt
2026-05-31T12:45:05+02:00	Well, wait a second. If ClawSweeper is broken, why aren't we creating a PR to fix it?

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed May 31, 2026, 7:14 AM ET / 11:14 UTC.

Summary
The PR allows BLOCKED protected-branch automerge targets through shepherd/router readiness, uses gh pr merge --auto only for BLOCKED targets, fetches autoMergeRequest, and adds repair-lane regression tests.

Reproducibility: yes. from source, but not from a full authorized live target: current main blocks mergeStateStatus: BLOCKED in both router and shepherd readiness, while the linked run stopped before the final auto-merge request path.

Review metrics: 2 noteworthy metrics.

• Changed surface: 3 repair files and 2 test files. The diff is localized, but it touches the live automerge execution path rather than a documentation-only or test-only surface.
• Live proof coverage: 1 workflow run, 0 authorized auto-merge enablements. The linked run supports part of the routing story but did not prove the final protected-branch auto-merge request.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🦪 silver shellfish
Patch quality: 🐚 platinum hermit
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Add redacted terminal or log proof from a maintainer-authorized protected-branch target showing gh pr merge --auto succeeds and autoMergeRequest is non-null.

Proof guidance:

• [P1] Needs stronger real behavior proof before merge: The linked run is useful partial proof, but it stopped before gh pr merge --auto and a fetched non-null autoMergeRequest; add redacted terminal/log proof in the PR body so ClawSweeper re-reviews, or ask a maintainer to comment @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• [P1] The documented live run succeeded as a workflow but did not exercise the final authorized gh pr merge --auto call or prove that a non-null autoMergeRequest is created.
• [P1] The diff changes ClawSweeper's approved merge path for protected-branch BLOCKED PRs, so repositories with incompatible or disabled GitHub auto-merge setup could still fail or wait at runtime.

Maintainer options:

1. Require authorized protected-branch proof (recommended)
   Before merge, run the router against a protected-branch target where the requester is maintainer-authorized and show redacted terminal or log output proving GitHub accepted the auto-merge request.
2. Accept the live-proof gap
   A maintainer can intentionally merge based on source and test coverage, owning the risk that target-repo auto-merge availability or permissions still fail in production.

Next step before merge

• [P1] The remaining blocker is maintainer-authorized live proof or an explicit proof override, not a narrow code repair for an automated worker.

Security
Cleared: No concrete security or supply-chain regression was found; the diff adds no dependency, action ref, permission, secret, or downloaded-code surface.

Review details

Best possible solution:

Land this after an authorized protected-branch run shows gh pr merge --auto leaves the PR open with a non-null autoMergeRequest, while preserving direct squash merge for CLEAN/HAS_HOOKS targets and existing exact-head/check gates.

Do we have a high-confidence way to reproduce the issue?

Yes from source, but not from a full authorized live target: current main blocks mergeStateStatus: BLOCKED in both router and shepherd readiness, while the linked run stopped before the final auto-merge request path.

Is this the best way to solve the issue?

Yes for the code direction: using GitHub auto-merge only for BLOCKED while preserving direct squash merges is the narrow maintainable fix; the remaining issue is proof, not an obvious code defect.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against c91028476c06.

Label changes

Label changes:

• add rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• remove rating: 🧂 unranked krab: Current PR rating is rating: 🦐 gold shrimp, so this older rating label is no longer current.

Label justifications:

• P1: The PR targets a broken ClawSweeper automerge path for protected-branch PRs, which can block real repair/automerge workflows.
• merge-risk: 🚨 automation: The diff changes comment-router and shepherd behavior that decides whether ClawSweeper can automatically merge approved PRs.
• merge-risk: 🚨 compatibility: Protected-branch targets now rely on GitHub auto-merge availability and permissions instead of the previous direct merge-or-block behavior.
• rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The linked run is useful partial proof, but it stopped before gh pr merge --auto and a fetched non-null autoMergeRequest; add redacted terminal/log proof in the PR body so ClawSweeper re-reviews, or ask a maintainer to comment @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

What I checked:

• Repository policy read: AGENTS.md was read in full; it identifies repair lane code under src/repair/ and emphasizes narrow, automation-safe changes. (AGENTS.md:1, c91028476c06)
• Current main router blocks BLOCKED merge state: On current main, validateAutomergeReadiness only accepts CLEAN, HAS_HOOKS, or a limited UNSTABLE case, so BLOCKED returns a merge-state blocker before the merge command. (src/repair/comment-router.ts:2485, c91028476c06)
• Current main shepherd blocks BLOCKED continuation: On current main, automergeShepherdReadiness waits on any merge state outside CLEAN, HAS_HOOKS, or UNSTABLE, so post-repair BLOCKED PRs do not reach the router merge path. (src/repair/automerge-shepherd.ts:59, c91028476c06)
• PR diff narrows --auto to BLOCKED: The PR adds a shared automergeMergeStateAllowsAutoMerge helper, passes auto: true only when the latest target merge state is BLOCKED, and reports an open PR with autoMergeRequest as waiting instead of merged. (src/repair/comment-router.ts:2355, 8779174f2734)
• Regression tests added: The diff adds tests for shepherd BLOCKED readiness, BLOCKED as an allowed automerge state, --auto merge args, and waiting output for GitHub auto-merge enablement. (test/repair/comment-router-core.test.ts:2244, 8779174f2734)
• GitHub CLI option support checked: The installed gh pr merge --help lists both --auto and --match-head-commit, and gh pr view --json lists autoMergeRequest as an available field.

Likely related people:

• Tak Hoffman: Recent repair/comment-router commits touched automerge and command routing behavior, and the AGENTS-policy merge commit lists Tak Hoffman as a co-author on the broad prompt/review-policy change that currently blames much of this file in the shallow checkout. (role: recent area contributor; confidence: medium; commits: c01469876a85, 8db024ba0503, 9b0b0b391733; files: src/repair/comment-router.ts, src/repair/comment-router-core.ts, test/repair/comment-router-core.test.ts)
• brokemac79: Recent commits changed command-router parsing and duplicate acknowledgement behavior in the same router/core test surface, which is adjacent to automerge command dispatch and response handling. (role: recent adjacent contributor; confidence: medium; commits: 485f71abc664, 556268dff3d9; files: src/repair/comment-router.ts, src/repair/comment-router-core.ts, test/repair/comment-router-core.test.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[joshp123]

@clawsweeper re-review

Updated the branch and PR body after the first review:

• shepherd now shares the BLOCKED allowance with the router.
• clean PRs keep the direct squash merge path; --auto is only used for BLOCKED targets.
• local full check and remote CI are green on 8779174.
• live proof attempt against LC Tele PR: complete media archive handling telecrawl#4 is documented; that target is authorization-blocked because the router sees the requester as read/CONTRIBUTOR on telecrawl.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26710945816
• Updated: 2026-05-31T11:14:54.845Z