repair: drive target validation from per-repo toolchain config

[clawsweeper]

Makes #240 merge-ready for the ClawSweeper automerge loop.
The edit pass should inspect the live PR diff, review comments, and failing checks; rebase if needed; keep the contributor branch credited; and stop only when validation is green or an external blocker is proven.

ClawSweeper 🐠 replacement reef notes:

• Cluster: automerge-openclaw-clawsweeper-240
• Source PRs: repair: drive target validation from per-repo toolchain config #240
• Credit: Source PR: repair: drive target validation from per-repo toolchain config #240
• Validation: pnpm check:changed
• Replacement reason: ClawSweeper could not update the source PR branch directly, so it opened a writable replacement PR instead.
• Automerge requested by: @momothemage

• Repair fallback: GitHub rejected the repair branch push because it updates workflow files and the ClawSweeper app token does not have workflows permission

Co-author credit kept:

• @momothemage: Co-authored-by: Momo 35096042+momothemage@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against de017c3.

[clawsweeper]

Codex review: needs changes before merge. Reviewed June 2, 2026, 3:59 AM ET / 07:59 UTC.

Summary
The branch adds per-target toolchain config, Bun validation setup, validation-command routing changes, ignored notify checks, docs/prompts, and regression tests for repair target validation.

Reproducibility: yes. Source inspection shows current main's target validation path is pnpm-centric, and the review finding is source-reproducible from the execute job's job-level OPENAI_API_KEY plus the PR's new third-party setup step.

Review metrics: 2 noteworthy metrics.

• Workflow action added: 1 third-party action added. The new setup action runs in the execute job, so secret scope matters before merge.
• Patch surface: 13 files changed, 899 additions, 35 deletions. The diff spans runtime validation, workflow automation, config, prompts, docs, and tests rather than a single isolated helper.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🌊 off-meta tidepool
Patch quality: 🧂 unranked krab
Result: blocked by patch quality or review findings.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Scope OPENAI_API_KEY away from the setup-bun step and rerun pnpm run check.

Risk before merge

• [P1] The new pinned oven-sh/setup-bun action runs in a job that currently exposes OPENAI_API_KEY at job scope, so merging as-is broadens secret exposure to a third-party action that does not need that secret.
• [P1] The diff changes repair/automerge validation routing and workflow setup; exact-head checks are green, but the new Bun setup path remains automation-sensitive until the secret-scoping blocker is fixed.

Maintainer options:

1. Scope secrets before Bun setup (recommended)
   Move OPENAI_API_KEY to only the Codex/execution steps that need it or explicitly scrub it from the setup-bun step, then keep the pinned Bun setup and regression coverage.
2. Accept the pinned-action exposure
   Maintainers could explicitly accept that the pinned third-party Bun action runs with the execute job environment, but that should be a conscious security decision before merge.
3. Pause the workflow change
   If maintainers do not want another third-party action in the execute job, pause this PR and provision Bun through a trusted local action, runner image, or existing setup path instead.

Copy recommended automerge instruction

@clawsweeper automerge

Special instructions:
Scope `OPENAI_API_KEY` away from the new `oven-sh/setup-bun` step in `.github/workflows/repair-cluster-worker.yml` while preserving Bun setup before `repair:execute-fix`, and add or update a focused test that proves the workflow keeps setup-bun pinned and does not pass the OpenAI secret to that step. Do not edit `CHANGELOG.md`. Run `pnpm run check`.

Next step before merge

• [P2] This automerge-opted PR has one narrow, mechanical security-scoping blocker that an automated repair can attempt safely.

Security
Needs attention: The diff introduces a concrete secret-exposure concern in the repair execution workflow.

Review findings

• [P1] Scope secrets away from setup-bun — .github/workflows/repair-cluster-worker.yml:337

Review details

Best possible solution:

Keep the config-driven target validation design, but scope secrets away from the Bun setup step and let exact-head workflow checks gate the repaired branch.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows current main's target validation path is pnpm-centric, and the review finding is source-reproducible from the execute job's job-level OPENAI_API_KEY plus the PR's new third-party setup step.

Is this the best way to solve the issue?

No, not as-is. The config-driven validation path is a narrow maintainable fix, but the workflow addition needs secret scoping before it is safe to merge.

Full review comments:

• [P1] Scope secrets away from setup-bun — .github/workflows/repair-cluster-worker.yml:337
  This new third-party action runs inside the execute job, where OPENAI_API_KEY is defined at job scope. GitHub Actions job env is inherited by steps, so Bun setup receives the OpenAI secret even though it does not need it. Please move the secret to the Codex/execution steps that need it, or explicitly clear it for this setup step, before merge.
  Confidence: 0.88

Overall correctness: patch is incorrect
Overall confidence: 0.88

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against a07fc1f94275.

Label changes

Label changes:

• add merge-risk: 🚨 security-boundary: Merging as-is would expose a job-level OpenAI secret to the newly added third-party Bun setup action.
• add rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🌊 off-meta tidepool and patch quality is 🧂 unranked krab.
• remove rating: 🦐 gold shrimp: Current PR rating is rating: 🧂 unranked krab, so this older rating label is no longer current.
• remove merge-risk: 🚨 compatibility: Current PR review merge-risk labels are merge-risk: 🚨 security-boundary, merge-risk: 🚨 automation.

Label justifications:

• P1: This PR affects the active ClawSweeper repair/automerge workflow and has a merge-blocking secret-scoping issue.
• merge-risk: 🚨 security-boundary: Merging as-is would expose a job-level OpenAI secret to the newly added third-party Bun setup action.
• merge-risk: 🚨 automation: The PR changes repair validation command routing and the repair-cluster execution workflow.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🌊 off-meta tidepool and patch quality is 🧂 unranked krab.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Not applicable: This is a ClawSweeper bot replacement PR, so the external-contributor proof gate does not apply; the source PR carried screenshot proof context.

Evidence reviewed

Security concerns:

• [high] Third-party Bun setup inherits OpenAI secret — .github/workflows/repair-cluster-worker.yml:337
  The added oven-sh/setup-bun step runs in a job with job-level OPENAI_API_KEY; even pinned third-party code should not receive that secret unless needed.
  Confidence: 0.88

Acceptance criteria:

• [P1] pnpm run check.

What I checked:

• Repository policy read: Read the full target AGENTS.md; its automation-safety guidance and pnpm run check handoff expectation are relevant because this PR changes repair workflow execution and validation behavior. (AGENTS.md:1, a07fc1f94275)
• Secret-bearing execute job: Current workflow defines OPENAI_API_KEY at the execute job level, so newly added third-party uses: steps in that job inherit it unless the step or job scopes it away. (.github/workflows/repair-cluster-worker.yml:241, 9b0b0b391733)
• New third-party action in execute job: The PR adds oven-sh/setup-bun pinned to a full SHA before target validation, but the added step is still in the secret-bearing execute job. (.github/workflows/repair-cluster-worker.yml:337, e3d0b8cedbd7)
• Validation routing fix present: The PR changes requiredValidationCommands to resolve target toolchains, add configured base validation commands, preserve configured changed gates, and drop stale pnpm check:changed only when a non-gated toolchain has replacement validation commands. (src/repair/target-validation.ts:314, e3d0b8cedbd7)
• Regression coverage added: The PR adds tests for ClawHub Bun validation, stale gate sanitization, ClawSweeper changed-gate preservation, malformed config fallback, and pinned Bun setup placement. (test/repair/target-validation.test.ts:325, e3d0b8cedbd7)
• Exact-head checks: Unauthenticated check-run API showed pnpm check, CodeQL, and action analysis successful on the reviewed head, with cancelled notify runs also present. (e3d0b8cedbd7)

Likely related people:

• Tak Hoffman: git blame and git show show commit 9b0b0b3 introduced the repair target-validation module, target repository config, and repair-cluster execute workflow that this PR changes. (role: introduced behavior and adjacent owner; confidence: high; commits: 9b0b0b391733; files: src/repair/target-validation.ts, .github/workflows/repair-cluster-worker.yml, config/target-repositories.json)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

🦞✅
ClawSweeper is pausing this repair loop for human review.

Source: clawsweeper[bot]
Reason: - [P2] This is already an open automerge replacement PR; no separate fix-PR lane is needed unless exact-head checks expose a concrete failure.; Cleared: The workflow action is pinned to a full commit SHA and the command allowlist only adds Bun for declared validation commands; I found no concrete secret, permission, or supply-chain regression. (sha=de017c3ae683a6febf19d41f31291ce92a36ff17)

Why human review is needed:
This item has security-sensitive risk. ClawSweeper is pausing instead of making an autonomous change that could affect trust, credentials, permissions, or exposure.

What the maintainer can do as a next step:
If the maintainer accepts the current risk and wants ClawSweeper to continue merge gates, comment @clawsweeper approve. If the security-sensitive detail still needs changes, describe the safe path or push the fix, then comment @clawsweeper automerge. If the risk should not be automated, keep the PR paused for manual review or comment @clawsweeper stop.

I added clawsweeper:human-review and left the final call with a maintainer.

[momothemage]

@clawsweeper approve

[clawsweeper]

🦞🔧
ClawSweeper applied a repair to this PR branch.

Repair: kept the fix on this contributor branch instead of opening a replacement PR.
Validation: pnpm run check
Updated head: f7e2438ab015
Run: https://github.com/openclaw/clawsweeper/actions/runs/26806655098

Current state: exact-head review queued immediately; GitHub checks and the review verdict gate final merge.

Automerge progress:

• 2026-06-02 07:32:44 UTC repair completed e3d0b8cedbd7 (branch updated) in 19m 41s Run: https://github.com/openclaw/clawsweeper/actions/runs/26804353130 initial automerge rebase is delegated to Codex repair

• 2026-06-02 07:32:43 UTC review queued e3d0b8cedbd7 (after repair)

• 2026-06-02 07:42:46 UTC automerge wait e3d0b8cedbd7 (waiting) in 29m 43s Run: https://github.com/openclaw/clawsweeper/actions/runs/26804353130 waiting for exact-head ClawSweeper review pass

• 2026-06-02 08:00:16 UTC review requested repair e3d0b8cedbd7 (structured ClawSweeper marker: fix-required (finding=security-review sha=e3d0b8...)

• 2026-06-02 07:42:48 UTC repair finished e3d0b8cedbd7 (pushed) in 29m 45s Run: https://github.com/openclaw/clawsweeper/actions/runs/26804353130 repair_contributor_branch

• 2026-06-02 07:54:18 UTC review queued e3d0b8cedbd7 (queued)

• 2026-06-02 08:00:38 UTC repair queued e3d0b8cedbd7 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26806655098

• 2026-06-02 08:03:32 UTC repair started (running) in 0s Run: https://github.com/openclaw/clawsweeper/actions/runs/26806655098 automerge-openclaw-clawsweeper-240

• 2026-06-02 08:03:35 UTC validation plan (passed) in 4s Run: https://github.com/openclaw/clawsweeper/actions/runs/26806655098 pnpm run check

• 2026-06-02 08:03:46 UTC Codex write preflight (passed) in 15s Run: https://github.com/openclaw/clawsweeper/actions/runs/26806655098 danger-full-access

• 2026-06-02 08:14:08 UTC Codex edit 1 178cd1ccbf9f (complete) in 10m 36s Run: https://github.com/openclaw/clawsweeper/actions/runs/26806655098 exit 0

• 2026-06-02 08:20:32 UTC validation and review 1 f7e2438ab015 (complete) in 17m 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26806655098 already-current

• 2026-06-02 08:20:36 UTC repair completed f7e2438ab015 (branch updated) in 17m 5s Run: https://github.com/openclaw/clawsweeper/actions/runs/26806655098 initial automerge rebase is delegated to Codex repair

• 2026-06-02 08:20:36 UTC review queued f7e2438ab015 (after repair)

• 2026-06-02 08:20:41 UTC automerge wait f7e2438ab015 (merged) in 17m 9s Run: https://github.com/openclaw/clawsweeper/actions/runs/26806655098 pull request already merged

• 2026-06-02 08:20:42 UTC repair finished f7e2438ab015 (pushed) in 17m 11s Run: https://github.com/openclaw/clawsweeper/actions/runs/26806655098 repair_contributor_branch

[momothemage]

@clawsweeper approve

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

[momothemage]

@clawsweeper automerge

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26806351726
• Updated: 2026-06-02T08:00:41.079Z