fix(codex): remove spurious migration warnings

[kevinslin]

Summary

• Problem: Codex migration emitted broad warnings for planned curated plugins, unverified app-backed plugins, cached bundles, and archive-only config/hooks even when those states were expected.
• Why it matters: These warnings made normal Codex migration plans look riskier than they were and added noise to dry-run/apply output.
• What changed: Removed those spurious warning emissions and deleted the CLI warning filter that only existed for the removed app-verification warning.
• What did NOT change (scope boundary): Plugin eligibility, manual/archive migration items, app verification behavior, install behavior, and subscription-gate warnings are unchanged.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes #
• Related #
• This PR fixes a bug or regression

Real behavior proof (required for external PRs)

• Behavior addressed: Codex migration no longer emits the four spurious warning messages for normal planned/manual/archive Codex migration state.
• Real environment tested: Local OpenClaw source checkout on macOS in the active Codex worktree, running the real openclaw migrate codex --dry-run --json command against local Codex migration state.
• Exact steps or command run after this patch: pnpm openclaw migrate codex --dry-run --json > /tmp/openclaw-codex-migrate-dry-run.json followed by a local JSON parse that checked the four removed warning strings.
• Evidence after fix (copied live terminal output):

$ pnpm openclaw migrate codex --dry-run --json > /tmp/openclaw-codex-migrate-dry-run.json
$ node -e '/* parse dry-run JSON and count removed warning strings */'
providerId=codex
targetedWarningMatches=0
warningsCount=1
summary={"total":106,"planned":9,"migrated":0,"skipped":5,"conflicts":92,"errors":0,"sensitive":0}

• Observed result after fix: The real dry-run output contained zero matches for the removed spurious warning strings. One unrelated warning remained, which confirms warnings are still preserved when the provider emits a real warning.
• What was not tested: Broad pnpm check/full suite was not run locally because this is a Codex worktree and repo policy routes broad proof through Testbox/Crabbox rather than local pnpm gates.
• Before evidence (optional but encouraged): Existing provider tests expected the removed warnings in normal Codex migration plans.

Root Cause (if applicable)

• Root cause: The Codex migration planner treated expected informational state as warnings.
• Missing detection / guardrail: Tests asserted the warning noise instead of asserting quiet normal plans.
• Contributing context (if known): The app-verification warning had additional CLI filtering to hide it after plugin selection, which became unnecessary once the warning itself was removed.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: extensions/codex/src/migration/provider.test.ts; src/commands/migrate.test.ts.
• Scenario the test should lock in: Default Codex app-backed plugin planning remains quiet while provider warnings still serialize through JSON dry-run output.
• Why this is the smallest reliable guardrail: These tests exercise the migration planner and CLI output path directly without broad runtime setup.
• Existing test that already covers this (if any): Updated plans app-backed plugins without source app/list by default; updated JSON warning output coverage.
• If no new test is added, why not: Existing tests covered the exact emission paths and were updated to assert the new behavior.

User-visible / Behavior Changes

Codex migration output no longer shows the removed spurious warning messages. Migration item details and actual blocking warnings remain available.

Diagram (if applicable)

N/A

Security Impact (required)

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: macOS
• Runtime/container: Local OpenClaw source checkout in Codex worktree
• Model/provider: N/A
• Integration/channel (if any): Codex migration
• Relevant config (redacted): N/A

Steps

1. Run pnpm openclaw migrate codex --dry-run --json > /tmp/openclaw-codex-migrate-dry-run.json and parse the JSON for removed warning strings.
2. Run node scripts/run-vitest.mjs extensions/codex/src/migration/provider.test.ts src/commands/migrate.test.ts.
3. Run pnpm exec oxfmt --check --threads=1 extensions/codex/src/migration/plan.ts extensions/codex/src/migration/provider.test.ts src/commands/migrate.ts src/commands/migrate.test.ts.
4. Run git diff --check.

Expected

• Live Codex migration dry-run reports zero targeted warning matches.
• Focused migration tests pass.
• Formatting check passes.
• Diff whitespace check passes.

Actual

• Live Codex migration dry-run reported targetedWarningMatches=0.
• Focused migration tests passed: 58 tests.
• Formatting check passed.
• Diff whitespace check passed.

[clawsweeper]

Codex review: needs maintainer review before merge.

Summary
The PR removes Codex migration warnings for expected planned/manual/archive states, deletes the now-unused Codex app-verification warning filter, and updates focused migration tests.

Reproducibility: yes. from source: current main's Codex migration planner emits the reported plan-level warnings for normal migratable plugin and archive state, and the PR body provides a real dry-run command showing zero targeted warning matches after the patch.

Real behavior proof
Sufficient (terminal): The PR body includes after-fix copied terminal output from a real openclaw migrate codex --dry-run --json run showing the targeted warning strings are gone while an unrelated warning remains.

Next step before merge
Protected maintainer label and pending status checks call for normal maintainer merge handling; there is no narrow ClawSweeper repair to queue.

Security
Cleared: Cleared; the diff only changes Codex migration warning construction, CLI filtering, and focused tests, with no dependency, workflow, secret, network, or execution-surface changes.

Review details

Best possible solution:

Land the narrow warning-removal change after required checks finish and protected-label maintainer handling is complete, while keeping real conflict, discovery, subscription, and provider warnings serialized.

Do we have a high-confidence way to reproduce the issue?

Yes, from source: current main's Codex migration planner emits the reported plan-level warnings for normal migratable plugin and archive state, and the PR body provides a real dry-run command showing zero targeted warning matches after the patch.

Is this the best way to solve the issue?

Yes; removing the warning emissions at the provider source and deleting the now-unused CLI filter is the narrow maintainable fix, and the diff leaves provider warning serialization covered by tests.

Acceptance criteria:

• Wait for the required status rollup on a1bc3886a2aa158c28430b2ecbf5cb99c0fee97d, especially build-artifacts.
• Use the PR's focused proof set for landing context: node scripts/run-vitest.mjs extensions/codex/src/migration/provider.test.ts src/commands/migrate.test.ts, focused oxfmt --check, and git diff --check.

What I checked:

• PR diff scope: The latest head removes three warning emissions from Codex migration planning and removes the CLI-side filterSelectionScopedWarnings helper that only handled the deleted app-verification warning. (extensions/codex/src/migration/plan.ts:429, a1bc3886a2aa)
• Current main emits the reported noise: Current main builds the plan-level warning array from normal migratable Codex plugins, unverified app-backed plugins, and archive paths, which matches the PR's stated noisy-output behavior. (extensions/codex/src/migration/plan.ts:432, 9f99464119a6)
• Current main had a CLI warning filter for one deleted warning: selectMigrationItems currently applies filterSelectionScopedWarnings; the PR removes that helper after the provider stops emitting the corresponding warning. (src/commands/migrate.ts:48, 9f99464119a6)
• Docs support the intended quiet default state: The migration docs describe app-backed plugins being planned without source app/list verification by default and using --verify-plugin-apps only when the operator wants that stricter gate, so the removed app-verification warning was documenting an expected default path as a warning. Public docs: docs/cli/migrate.md. (docs/cli/migrate.md:166, 9f99464119a6)
• Tests updated at the right seams: The PR changes the Codex provider test to expect no normal-plan warnings and keeps JSON dry-run warning serialization covered with a generic provider warning. (extensions/codex/src/migration/provider.test.ts:374, a1bc3886a2aa)
• Real behavior proof: The PR body includes copied terminal output from pnpm openclaw migrate codex --dry-run --json showing targetedWarningMatches=0, warningsCount=1, and a real Codex migration summary after the patch. (a1bc3886a2aa)

Likely related people:

• kevinslin: GitHub path history shows multiple recent merged Codex migration and native plugin commits on the same planner/CLI surfaces, including app readiness, plugin destructive-action defaults, selection UX, and native plugin app support. (role: recent feature owner; confidence: high; commits: 9ff5250792, 8954c03231, d922edd861; files: extensions/codex/src/migration/plan.ts, src/commands/migrate.ts)
• sjf: Recent commits on the migration CLI path include preview/result output polish and selection affordance changes, which are adjacent to warning presentation and JSON/CLI output behavior. (role: recent adjacent contributor; confidence: medium; commits: d7d1fba74b, a197e31abb; files: extensions/codex/src/migration/plan.ts, src/commands/migrate.ts)
• vincentkoc: Recent path history includes touches to the Codex migration planner and CLI guidance/lint-adjacent migration command work near the reviewed surface. (role: recent area contributor; confidence: medium; commits: 5b418c3c4f, 56916bc8bf, 62375ae860; files: extensions/codex/src/migration/plan.ts, src/commands/migrate.ts, src/commands/doctor/shared/legacy-config-core-normalizers.ts)
• pashpashpash: Local git blame on the current warning/filter lines points at the shallow checkout root commit, so this is a weak but concrete current-source provenance signal. (role: current-line provenance in local checkout; confidence: low; commits: 28550a798cf7; files: extensions/codex/src/migration/plan.ts, src/commands/migrate.ts)

Remaining risk / open question:

• The latest head still had build-artifacts in progress at inspection time, so merge should wait for final required status resolution.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 9f99464119a6.