build: refresh dependency pins

[steipete]

Summary

• refresh package pins and shrinkwraps across the workspace without taking peer- or engine-breaking majors
• update Codex harness integration to @openai/codex@0.133.0, including the managed app-server version and Spark model handling
• update ACP dependencies, rebuild the @agentclientprotocol/claude-agent-acp@0.37.0 patch, and keep the package patch guard current

Verification

• pnpm peers check
• pnpm deps:shrinkwrap:check
• pnpm deps:pins:check
• pnpm deps:patches:check
• pnpm deps:vuln:gate
• pnpm docs:list
• .agents/skills/autoreview/scripts/autoreview --mode local
• node scripts/run-vitest.mjs extensions/codex/src/app-server/thread-lifecycle.test.ts src/auto-reply/thinking.test.ts extensions/openai/openclaw.plugin.test.ts test/scripts/check-package-patches.test.ts extensions/codex/src/manifest.test.ts extensions/acpx/src/claude-agent-acp-completion.test.ts extensions/acpx/src/codex-auth-bridge.test.ts extensions/acpx/src/manifest.test.ts
• pnpm check:changed
• pnpm build
• git diff --check origin/main...HEAD

Real behavior proof

Behavior addressed: dependency refresh for OpenClaw package pins, shrinkwraps, Codex app-server metadata, OpenAI Codex Spark model policy, and the ACP patched dependency.

Real environment tested: local macOS source checkout using the repo package manager and generated lock/shrinkwrap files; GitHub CI will run on this PR before landing.

Exact steps or command run after this patch: ran dependency guards, targeted Vitest files for changed runtime/policy surfaces, docs listing, autoreview, changed checks, build, and whitespace validation listed above.

Evidence after fix: dependency guards passed; package patch guard reports no new pnpm patches and 3 legacy patches allowlisted; focused Vitest run passed 8 files and 107 tests; pnpm check:changed passed tsgo, oxlint, and import-cycle checks; pnpm build completed.

Observed result after fix: Codex 0.133.0 metadata and Spark behavior are reflected in code, docs, and tests; ACP 0.37.0 remains patched for the existing completion lifecycle behavior; peer/engine-blocked majors remain intentionally pinned.

What was not tested: live provider/channel traffic, release publishing, and the peer/engine-breaking major upgrades that were intentionally skipped.

[github-actions]

Dependency Changes Detected

This PR changes dependency-related files. Maintainers should confirm these changes are intentional.

Changed files:

• extensions/acpx/npm-shrinkwrap.json
• extensions/acpx/package.json
• extensions/amazon-bedrock-mantle/npm-shrinkwrap.json
• extensions/amazon-bedrock-mantle/package.json
• extensions/amazon-bedrock/npm-shrinkwrap.json
• extensions/amazon-bedrock/package.json
• extensions/anthropic-vertex/npm-shrinkwrap.json
• extensions/anthropic-vertex/package.json
• extensions/anthropic/package.json
• extensions/browser/package.json
• extensions/canvas/package.json
• extensions/clickclack/package.json
• extensions/codex/npm-shrinkwrap.json
• extensions/codex/package.json
• extensions/diffs/npm-shrinkwrap.json
• extensions/diffs/package.json
• extensions/discord/npm-shrinkwrap.json
• extensions/discord/package.json
• extensions/feishu/npm-shrinkwrap.json
• extensions/fireworks/package.json
• extensions/github-copilot/package.json
• extensions/google/package.json
• extensions/kimi-coding/package.json
• extensions/lmstudio/package.json
• extensions/lobster/npm-shrinkwrap.json
• 24 additional dependency-related files not shown

Maintainer follow-up:

• Review whether the dependency changes are intentional.
• Inspect resolved package deltas when lockfile, shrinkwrap, or workspace dependency policy changes are present.
• Treat package-lock.json and npm-shrinkwrap.json diffs as security-review surfaces.
• Run pnpm deps:changes:report -- --base-ref origin/main --markdown /tmp/dependency-changes.md --json /tmp/dependency-changes.json locally for detailed release-style evidence.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​tencent-connect/​qqbot-connector@​1.1.0
	npm/​@​smithy/​shared-ini-file-loader@​4.5.3 ⏵ 4.5.4
	npm/​@​earendil-works/​pi-coding-agent@​0.75.4 ⏵ 0.75.5			+1
	npm/​openai@​6.26.0 ⏵ 6.39.0			+1
	npm/​@​anthropic-ai/​sdk@​0.97.1 ⏵ 0.98.0			+1
	npm/​@​zed-industries/​codex-acp@​0.15.0
	npm/​@​types/​express@​5.0.6
	npm/​@​openai/​codex@​0.132.0-win32-x64 ⏵ 0.133.0	+21		+19
	npm/​@​types/​jsonwebtoken@​9.0.10
	npm/​@​google/​genai@​2.6.0
	npm/​@​agentclientprotocol/​claude-agent-acp@​0.37.0
	npm/​@​types/​markdown-it@​14.1.2
	npm/​@​earendil-works/​pi-tui@​0.75.4 ⏵ 0.75.5	+1		+1
	npm/​@​earendil-works/​pi-ai@​0.75.4 ⏵ 0.75.5
	npm/​@​earendil-works/​pi-agent-core@​0.75.4 ⏵ 0.75.5
	npm/​acpx@​0.10.0
	npm/​@​clawdbot/​lobster@​2026.4.6 ⏵ 2026.5.22	+1
	npm/​@​vitest/​coverage-v8@​4.1.7
	npm/​@​openclaw/​fs-safe@​0.3.0
	npm/​@​copilotkit/​aimock@​1.27.1
	npm/​@​pierre/​diffs@​1.2.1 ⏵ 1.2.2	+1		+1
	npm/​chokidar@​5.0.0
	npm/​@​types/​node@​25.9.1
	npm/​@​typescript/​native-preview@​7.0.0-dev.20260524.1
	npm/​@​slack/​types@​2.21.1
	npm/​fake-indexeddb@​6.2.5
	npm/​highlight.js@​11.11.1
	npm/​zca-js@​2.1.2
	npm/​@​vitest/​browser-playwright@​4.1.7
	npm/​croner@​10.0.1
	npm/​dompurify@​3.4.5
	npm/​express@​5.2.1
See 10 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Publisher changed: npm content-type is now published by blakeembrey Author: blakeembrey From: pnpm-lock.yaml → npm/content-type@2.0.0 ℹ Read more on: This package | This alert | What is unstable ownership? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/content-type@2.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm css-tree is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/css-tree@3.2.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/css-tree@3.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm cssom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/cssom@0.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cssom@0.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm data-urls is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/data-urls@7.0.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/data-urls@7.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm date-fns is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/@a2ui/lit@0.10.0 → npm/date-fns@4.2.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/date-fns@4.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-android-arm-eabi Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-android-arm-eabi@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-android-arm-eabi@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-android-arm64 Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-android-arm64@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-android-arm64@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-darwin-arm64 Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-darwin-arm64@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-darwin-arm64@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-darwin-x64 Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-darwin-x64@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-darwin-x64@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-freebsd-x64 Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-freebsd-x64@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-freebsd-x64@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-linux-arm-gnueabihf Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-linux-arm-gnueabihf@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-linux-arm-gnueabihf@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-linux-arm64-gnu Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-linux-arm64-gnu@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-linux-arm64-gnu@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-linux-arm64-musl Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-linux-arm64-musl@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-linux-arm64-musl@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-wasm32-wasi Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-wasm32-wasi@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-wasm32-wasi@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-win32-arm64-msvc Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-win32-arm64-msvc@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-win32-arm64-msvc@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm @snazzah/davey-win32-ia32-msvc Location: Package overview From: pnpm-lock.yaml → npm/@snazzah/davey-win32-ia32-msvc@0.1.11 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@snazzah/davey-win32-ia32-msvc@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm fast-wrap-ansi Location: Package overview From: pnpm-lock.yaml → npm/@clack/prompts@1.4.0 → npm/@clack/core@1.3.1 → npm/fast-wrap-ansi@0.2.2 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/fast-wrap-ansi@0.2.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Deprecated by its maintainer: npm form-data Reason: This version has an incorrect dependency; please use v2.5.5 From: extensions/zalouser/npm-shrinkwrap.json → npm/zca-js@2.1.2 → npm/@microsoft/teams.api@2.0.11 → npm/@larksuiteoapi/node-sdk@1.65.0 → npm/form-data@2.5.4 ℹ Read more on: This package | This alert | What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/form-data@2.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Deprecated by its maintainer: npm has-own Reason: This project is not maintained. Use Object.hasOwn() instead. From: extensions/zalouser/npm-shrinkwrap.json → npm/zca-js@2.1.2 → npm/@microsoft/teams.api@2.0.11 → npm/@larksuiteoapi/node-sdk@1.65.0 → npm/has-own@1.0.1 ℹ Read more on: This package | This alert | What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/has-own@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed May 25, 2026, 4:51 PM ET / 20:51 UTC.

Summary
The PR refreshes workspace and plugin dependency pins/shrinkwraps, updates Codex 0.133.0 Spark handling and docs/tests, retargets the ACP patch allowlist, and bumps the control UI i18n Pi package version.

PR surface: Source +15, Tests +19, Docs +3, Config +1, Other +174. Total +212 across 63 files.

Reproducibility: not applicable. this is a dependency/build refresh rather than a bug report. The relevant proof is dependency guard, build, targeted test, scanner, and CI evidence for the current head.

Review metrics: 3 noteworthy metrics.

• Minimum-release-age exceptions: 14 added or changed, 13 removed. These entries bypass the release-age gate, so maintainers should confirm each refreshed package exception is intentional.
• Patched dependency target: 1 patched package retargeted. The claude-agent-acp patch moved to a new exact version, so the patch and guard need explicit compatibility and supply-chain review.
• Model catalog suppressions: 1 removed, 2 retained. The PR changes Spark visibility only for the Codex catalog while keeping direct OpenAI and Azure suppressions, which is a user-visible model-picker policy change.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🐚 platinum hermit
Patch quality: 🦐 gold shrimp
Result: needs maintainer review before merge.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Wait for current-head required CI to finish green.
• Have a maintainer explicitly accept or remediate the Socket and dependency-change warnings.

Risk before merge

• The dependency refresh changes provider, channel, Codex, ACP, and script dependency surfaces, so green unit checks alone do not prove upgrade compatibility for existing installs.
• Lockfiles, shrinkwraps, and the retargeted patched dependency are supply-chain review surfaces; the Socket neutral alert and dependency-change-awareness comment need maintainer acceptance or remediation before merge.
• Required CI was still running on the current head during review, so this should not land until the relevant dependency, build, docs, and test checks finish green.

Maintainer options:

1. Finish dependency/security sign-off (recommended)
   Proceed only after maintainers review the dependency-change-awareness and Socket alerts and the current-head CI finishes green.
2. Trim any unacceptable package delta
   If a scanner alert or package delta is not acceptable, narrow or revert that pin and regenerate the affected lock/shrinkwrap files before merge.

Next step before merge
Protected maintainer label, broad dependency churn, pending CI, and supply-chain alerts make this a maintainer review/sign-off item rather than an automated repair candidate.

Security
Needs attention: No malicious code is evident from the diff, but the dependency and lockfile refresh needs explicit supply-chain review before merge.

Review details

Best possible solution:

Land this only after maintainer dependency/security sign-off, green required checks for the current head, and explicit acceptance or remediation of the Socket/dependency-change warnings.

Do we have a high-confidence way to reproduce the issue?

Not applicable; this is a dependency/build refresh rather than a bug report. The relevant proof is dependency guard, build, targeted test, scanner, and CI evidence for the current head.

Is this the best way to solve the issue?

Yes, with maintainer sign-off: updating exact pins, shrinkwraps, docs, focused tests, and the patch allowlist together is the maintainable shape for this refresh. The safer merge path is to wait for dependency/security acceptance and current-head CI rather than splitting an automated repair from this branch.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 148db1473601.

Label changes

Label changes:

• add P2: This is a normal but broad dependency and runtime metadata refresh with limited urgency and meaningful review surface.
• add merge-risk: 🚨 compatibility: Updated provider/channel/Codex/ACP packages and model policy can change runtime behavior for existing users after upgrade.
• add merge-risk: 🚨 security-boundary: The PR changes lockfiles, shrinkwraps, package sources, and a patched dependency, which are supply-chain security surfaces under repo policy.
• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes the required real behavior proof fields with local macOS dependency guards, focused Vitest coverage, changed checks, build, and observed outcomes for the refreshed packages.
• add rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🐚 platinum hermit and patch quality is 🦐 gold shrimp.
• add status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (live_output): The PR body includes the required real behavior proof fields with local macOS dependency guards, focused Vitest coverage, changed checks, build, and observed outcomes for the refreshed packages.

Label justifications:

• P2: This is a normal but broad dependency and runtime metadata refresh with limited urgency and meaningful review surface.
• merge-risk: 🚨 compatibility: Updated provider/channel/Codex/ACP packages and model policy can change runtime behavior for existing users after upgrade.
• merge-risk: 🚨 security-boundary: The PR changes lockfiles, shrinkwraps, package sources, and a patched dependency, which are supply-chain security surfaces under repo policy.
• rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🐚 platinum hermit and patch quality is 🦐 gold shrimp.
• status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (live_output): The PR body includes the required real behavior proof fields with local macOS dependency guards, focused Vitest coverage, changed checks, build, and observed outcomes for the refreshed packages.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes the required real behavior proof fields with local macOS dependency guards, focused Vitest coverage, changed checks, build, and observed outcomes for the refreshed packages.

Evidence reviewed

PR surface:

Source +15, Tests +19, Docs +3, Config +1, Other +174. Total +212 across 63 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	22	1177	1162	+15
Tests	5	30	11	+19
Docs	3	15	12	+3
Config	29	64	63	+1
Generated	0	0	0	0
Other	4	849	675	+174
Total	63	2135	1923	+212

Security concerns:

• [medium] Review supply-chain alerts before merge — pnpm-lock.yaml:5
  Socket reported high-severity warn alerts on the dependency set, and this PR changes lockfiles/shrinkwraps that repo policy treats as security surfaces; maintainers should accept or remediate those alerts before landing.
  Confidence: 0.78
• [medium] Retargeted patch needs explicit approval — pnpm-workspace.yaml:119
  The patched @agentclientprotocol/claude-agent-acp dependency moves from 0.36.1 to 0.37.0 with a rebuilt patch hash, which should be reviewed as patched third-party code execution surface.
  Confidence: 0.82

What I checked:

• Repository policy read: Read the full root AGENTS.md and scoped guides for extensions, acpx, docs, and scripts; the policy treats plugin dependencies, patched dependencies, lockfiles, shrinkwraps, and Codex harness docs as review-sensitive. (AGENTS.md:24, 148db1473601)
• Protected PR state: Live PR metadata shows the PR is open, non-draft, mergeable but unstable, currently at head b38c5a8, and labeled maintainer plus dependencies-changed. (b38c5a84adef)
• Dependency and runtime surface: The live file list shows package manifests, pnpm-lock.yaml, root and plugin npm-shrinkwrap files, the ACP patch, Codex/OpenAI model policy files, docs, and dependency guard scripts changed together. (pnpm-lock.yaml:1, b38c5a84adef)
• Security policy anchor: Root policy says dependency patches/overrides need explicit approval and lockfiles/shrinkwraps are security surfaces to review. (AGENTS.md:204, 148db1473601)
• Published package metadata: NPM registry metadata for @openai/codex 0.133.0 and @agentclientprotocol/claude-agent-acp 0.37.0 reports the package names, versions, bins, licenses, engines, and integrities used by the proposed lockfile/shrinkwrap updates. (extensions/codex/package.json:12, b38c5a84adef)
• CI and scanner state: GitHub checks for the current head had many required checks still in progress; Socket Security PR Alerts completed neutral, while security-fast and preflight completed successfully. (b38c5a84adef)

Likely related people:

• steipete: Recent commit 9330b76 updated dependency lock/shrinkwrap policy surfaces shortly before this PR; the current PR also changes those same dependency-management files. (role: recent dependency-pin contributor; confidence: medium; commits: 9330b76a51e4; files: pnpm-lock.yaml, pnpm-workspace.yaml, npm-shrinkwrap.json)
• Vincent Koc: Recent commit 407cf8e bumped ACPX package and lock state, adjacent to this PR's ACPX package and patched claude-agent-acp retargeting. (role: recent ACPX contributor; confidence: medium; commits: 407cf8e328cb; files: extensions/acpx/package.json, extensions/acpx/npm-shrinkwrap.json, pnpm-lock.yaml)
• ai-hpc: Blame on current main points the existing Codex modern-model helper, Spark suppression entries, and OpenAI thinking policy to commit f5d2db2, which this PR updates around Spark catalog behavior. (role: current model-routing area contributor; confidence: medium; commits: f5d2db2a6042; files: extensions/codex/provider.ts, extensions/codex/src/app-server/thread-lifecycle.ts, extensions/openai/openclaw.plugin.json)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b38c5a84ad

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve Codex Spark when deprecating openai-codex refs

This change makes openai-codex/gpt-5.3-codex-spark valid by removing its suppression, but openclaw doctor --fix still rewrites every openai-codex/* model ref to openai/* via src/commands/doctor/shared/codex-route-warnings.ts (toCanonicalOpenAIModelRef). In accounts where Codex exposes Spark, running doctor will now convert a working config to openai/gpt-5.3-codex-spark, which remains suppressed and causes model-resolution errors on the next run.

Useful? React with 👍 / 👎.

[clawsweeper]

ClawSweeper PR egg

🔥 Warming up: real-behavior proof passed; findings, security review, or rank-up moves are still in progress.

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[steipete]

Verification before merge:

• Local dependency guards: pnpm peers check, pnpm deps:shrinkwrap:check, pnpm deps:pins:check, pnpm deps:patches:check, pnpm deps:vuln:gate
• Local docs/proof: pnpm docs:list, git diff --check origin/main...HEAD
• Local focused tests: node scripts/run-vitest.mjs extensions/codex/src/app-server/thread-lifecycle.test.ts src/auto-reply/thinking.test.ts extensions/openai/openclaw.plugin.test.ts test/scripts/check-package-patches.test.ts extensions/codex/src/manifest.test.ts extensions/acpx/src/claude-agent-acp-completion.test.ts extensions/acpx/src/codex-auth-bridge.test.ts extensions/acpx/src/manifest.test.ts
• Local CI-fix test: node scripts/run-vitest.mjs src/scripts/control-ui-i18n.test.ts
• Local broad checks: pnpm check:changed, pnpm build
• Autoreview: .agents/skills/autoreview/scripts/autoreview --mode local passed clean after the dependency patch and again after the CI fix.

CI on b38c5a84adefdf8ff836623a8a18bd69df6f5745:

• CI run 26419219579: green, including build-artifacts, check-dependencies, check-lint, check-prod-types, check-test-types, guards, boundary checks, node shards, and Windows node test.
• CodeQL Critical Quality run 26419219595: green for selected network-runtime-boundary; other shards skipped by selector.
• OpenGrep PR Diff run 26419219596: green.
• TUI PTY run 26419219617: green.
• Workflow Sanity run 26419219599: green.
• Dependency Change Awareness run 26419218826: green.
• Real behavior proof run 26419218829: green.

Previous CI note: first CI run caught stale scripts/control-ui-i18n.ts fallback Pi package version in build-artifacts; fixed by b38c5a84ad, and the rerun is green.

Known proof gaps: no live provider/channel traffic and no release publish was tested; peer/engine-breaking majors were intentionally left pinned.