ProjectClownfish is a conservative OpenClaw maintainer tool for one-cluster issue and PR cleanup.
It takes a curated GitHub issue/PR cluster, asks a Codex worker to classify the items, and applies only narrow, auditable cleanup actions when the evidence is strong. This compliments the pre-pass work on clawsweeper and act as the second-pass intent based cluster resolution.
Allowed automated close reasons:
- duplicate of a clear canonical thread
- superseded by a clear canonical thread
- fixed by a specific candidate fix
Manual backlog-cleanup jobs may also use
instructions/low-signal-prs.md for
drive-by PRs that are clearly blank-template, docs-only discoverability churn,
test-only coverage spam, refactor-only noise, third-party capabilities that
belong on ClawHub, risky unapproved infra, or dirty branches. This policy is
opt-in per job and should return needs_human for plausible bug fixes or
anything with active maintainer signal.
Everything else stays open or is escalated for maintainer review.
Security-sensitive reports are deliberately out of scope. ProjectClownfish
routes those refs to central OpenClaw security handling and keeps processing
unrelated ordinary bugs, provider gaps, and duplicate cleanup in the same
cluster. It follows OpenClaw SECURITY.md: trusted-operator exec behavior,
provider gaps, feature gaps, and hardening-only parity drift are not treated as
vulnerabilities unless there is a real trust-boundary bypass.
ProjectClownfish is intentionally smaller than ClawSweeper. ClawSweeper scans the whole OpenClaw backlog on a cadence; ProjectClownfish handles targeted clusters that were already grouped by a human, ghcrawl, or another dedupe tool.
Cluster discovery currently comes from vincentkoc/ghcrawl. That repository is expected to migrate into the OpenClaw organization soon.
The default workflow is proposal-first. It does not comment or close unless a job is explicitly promoted and the deterministic applicator confirms live GitHub state has not changed.
Last dashboard update: Apr 26, 2026, 11:56 UTC
State: Failed clusters need inspection
Scope: 57 latest cluster reports. Run attempts are tracked as audit history only.
| Metric | Count | Rate |
|---|---|---|
| Latest clusters reviewed | 57 | 100% |
| Clean completed clusters | 14 | 24.6% |
| Needs-human clusters | 41 | 71.9% |
| Latest successful clusters | 50 | 87.7% |
| Latest failed clusters | 7 | 12.3% |
| Latest cancelled clusters | 0 | 0.0% |
| Run attempts archived | 124 | audit |
| Distinct PRs touched | 235 | 100% |
| Open PRs tracked | 147 | 62.6% |
| Closed unmerged PRs tracked | 78 | 33.2% |
| Completed close actions | 22 | 39.3% |
| Completed merge actions | 0 | 0.0% |
| Duplicate closes | 22 | 100.0% |
| Superseded closes | 0 | 0.0% |
| Fixed-by-candidate closes | 0 | 0.0% |
| Low-signal PR closes | 0 | 0.0% |
| Blocked mutation attempts | 15 | 26.8% |
| Skipped mutation attempts | 19 | 33.9% |
| Target | Type | Title | Closed | Action | Cluster | Report | Run |
|---|---|---|---|---|---|---|---|
| #54429 | issue | Gateway Service Installation Failure: Missing systemd Service File | Apr 26, 2026, 03:04 UTC | close_duplicate | ghcrawl-166002-agentic-merge | report | 24946559138 |
| #67622 | issue | [Feature Request] Support file/image upload in browser Control UI (webchat) | Apr 26, 2026, 03:03 UTC | close_duplicate | ghcrawl-165992-agentic-merge | report | 24946558493 |
| #63094 | issue | [Feature Request] WebChat/Control UI support file upload | Apr 26, 2026, 03:03 UTC | close_duplicate | ghcrawl-165992-agentic-merge | report | 24946558493 |
| #56298 | issue | [Feature Request] Webchat supports image/attachment upload in UI | Apr 26, 2026, 03:03 UTC | close_duplicate | ghcrawl-165992-agentic-merge | report | 24946558493 |
| #43242 | issue | [Feature Request] Add file upload support to Control UI (Web) | Apr 26, 2026, 03:03 UTC | close_duplicate | ghcrawl-165992-agentic-merge | report | 24946558493 |
| #41992 | issue | [Feature Request] WebChat file upload support | Apr 26, 2026, 03:03 UTC | close_duplicate | ghcrawl-165992-agentic-merge | report | 24946558493 |
| #67406 | issue | image tool doesn't recognise Ollama cloud vision models | Apr 25, 2026, 19:58 UTC | close_duplicate | ghcrawl-143816-autonomous-smoke | report | 24939009401 |
| #66758 | issue | Image tool fails with 'Unknown model' for all ollama/ provider models despite #59943 fix | Apr 25, 2026, 19:57 UTC | close_duplicate | ghcrawl-143816-autonomous-smoke | report | 24939009401 |
| #65832 | issue | [Bug]: image tool fails with custom provider — ModelRegistry doesn't recognize custom providers from models.json | Apr 25, 2026, 19:57 UTC | close_duplicate | ghcrawl-143816-autonomous-smoke | report | 24939009401 |
| #70180 | issue | Bug: Image tool reports 'Unknown model' for all custom providers | Apr 25, 2026, 19:57 UTC | close_duplicate | ghcrawl-143816-autonomous-smoke | report | 24939009401 |
| #71133 | issue | memory-core: narrative session cleanup fails with missing scope: operator.admin | Apr 25, 2026, 19:53 UTC | close_duplicate | ghcrawl-143819-autonomous-smoke | report | 24939011554 |
| #70395 | issue | memory-core dreaming cleanup requires operator.admin and logs failure despite successful promotion | Apr 25, 2026, 19:53 UTC | close_duplicate | ghcrawl-143819-autonomous-smoke | report | 24939011554 |
| #70353 | issue | memory-core: dreaming subagent lacks operator.admin to delete its own session | Apr 25, 2026, 19:53 UTC | close_duplicate | ghcrawl-143819-autonomous-smoke | report | 24939011554 |
| #69886 | issue | memory-core narrative session cleanup fails with missing scope: operator.admin | Apr 25, 2026, 19:53 UTC | close_duplicate | ghcrawl-143819-autonomous-smoke | report | 24939011554 |
| #67029 | issue | [Bug]: memory-core dreaming: narrative session cleanup fails with missing scope operator.admin | Apr 25, 2026, 19:53 UTC | close_duplicate | ghcrawl-143819-autonomous-smoke | report | 24939011554 |
| #50691 | issue | openclaw status reports missing operator.read while gateway is healthy; gateway probe times out on same loopback endpoint | Apr 25, 2026, 19:46 UTC | close_duplicate | ghcrawl-143815-autonomous-smoke | report | 24939008778 |
| #50541 | issue | [Bug]: CLI cannot connect to Gateway (missing scope: operator.read) - Downgrade to 2026.3.11 works | Apr 25, 2026, 19:46 UTC | close_duplicate | ghcrawl-143815-autonomous-smoke | report | 24939008778 |
| #70373 | issue | Control UI shows async exec system events inline as if authored by the user | Apr 25, 2026, 19:45 UTC | close_duplicate | ghcrawl-143804-autonomous-smoke | report | 24939000666 |
| #65153 | issue | [Bug] Telegram media download blocked - resolves to private IP | Apr 25, 2026, 19:44 UTC | close_duplicate | ghcrawl-143805-autonomous-smoke | report | 24939001644 |
| #64750 | issue | WhatsApp message.send returns success but drops attachments and delivers text only | Apr 25, 2026, 19:44 UTC | close_duplicate | ghcrawl-143814-autonomous-smoke | report | 24939007967 |
| #69920 | issue | Unhandled promise rejection: Agent listener invoked outside active run | Apr 25, 2026, 18:35 UTC | close_duplicate | ghcrawl-143799-autonomous-smoke | report | 24937679258 |
| #65285 | issue | Gateway crashes with "Agent listener invoked outside active run" | Apr 25, 2026, 18:35 UTC | close_duplicate | ghcrawl-143799-autonomous-smoke | report | 24937679258 |
Each cluster job:
- Starts from one markdown job file under
jobs/. - Hydrates the listed issue/PR refs and first-hop linked refs.
- Builds a cluster plan and fix artifact for autonomous jobs.
- Runs Codex with repo-local policy prompts and JSON output schema in a read-only sandbox.
- Writes structured run artifacts under
.projectclownfish/runs/. - Reviews the worker artifact with deterministic safety checks.
- Executes credited fix artifacts through
scripts/execute-fix-artifact.mjswhen the fix gate is open: repair a maintainer-editable contributor branch first, otherwise raise a narrow replacement PR and close the uneditable source PR after the replacement push succeeds. - Applies guarded close/comment and explicit merge actions through
scripts/apply-result.mjs. - Publishes a sanitized result ledger back to this repo under
results/,closed/,apply-report.json, and this README dashboard.
Codex does not receive a GitHub token during classification. The runner preflights GitHub state before model execution, then Codex receives those artifacts and returns JSON only. When a reviewed fix artifact is executed, Codex gets a temporary target checkout without GitHub credentials; the deterministic executor owns commit, push, PR creation, and source-PR closeout using CLOWNFISH_GH_TOKEN. Commit author metadata defaults to projectclownfish and can be overridden with CLOWNFISH_GIT_USER_NAME and CLOWNFISH_GIT_USER_EMAIL; this is separate from the GitHub token used to push. The applicator re-fetches the target item, checks updated_at, blocks unsafe closeouts, writes idempotent close comments, closes supported duplicate/superseded/fixed-by-candidate actions, and can squash-merge explicitly allowed clean PR actions.
Merge is deliberately harder than closeout. A merge action must include merge_preflight proving security clearance, resolved human comments, resolved review-bot findings, a passed Codex /review, addressed review findings, and clean validation commands. The fix executor runs an agentic edit/review loop before it writes a fix PR: edit, validate, Codex /review, address findings, revalidate, and resolve PR review threads when permitted. The applicator also checks live unresolved GitHub review threads immediately before merge.
Replacement fix work uses a recoverable target branch named clownfish/<cluster-id>. The executor resumes that branch if it already exists and pushes checkpoint commits after agent edits and review-fix edits, then opens or updates the PR only after validation and Codex /review pass. If /review still blocks the merge after retries, the run writes a blocked fix report and leaves the checkpoint branch recoverable instead of losing the patch.
Runs for the same job path and mode are queued instead of running concurrently. The workflow uses Node 24, blacksmith-4vcpu-ubuntu-2404 for cluster planning/review, and blacksmith-16vcpu-ubuntu-2404 for fix/apply execution. Fix execution prepares the target checkout with Corepack and the target pnpm package manager before validation; the execution job caches Codex, npm, Corepack, and the target pnpm store. Fix validation is pinned to OpenClaw's fast changed-lane posture by default: pnpm check:changed plus diff checks are the hard local gate, and target validation commands normalize to pnpm check:changed unless CLOWNFISH_TARGET_VALIDATION_MODE=strict or CLOWNFISH_STRICT_TARGET_VALIDATION=1 is explicitly set. Unrelated flaky main CI, broad pnpm check, full tests, live, docker, and e2e lanes do not block narrow ProjectClownfish fixes by default.
Full worker prompts, Codex transcripts, and raw artifacts stay in GitHub Actions. The committed ledger keeps only the cluster summary, run URL, action counts, apply outcomes, closed targets, and needs-human entries.
plan: produces recommendations only.execute: can apply reviewed safe close and explicit clean merge actions from structured JSON.autonomous: adds live cluster preflight and fix-artifact generation. It may recommend and drive a canonical fix path; direct mutation still goes through the fix executor and applicator gates.route_security: quarantines true security-sensitive refs without poisoning unrelated cluster work.needs_human: only product-direction, trust-boundary, canonical-choice, merge-path, or contributor-credit decisions that remain unclear after the hydrated artifact and single-item review/check/decide pass.- Automated reviewer feedback must be cleared during autonomous PR work. Greptile, Codex, Asile, CodeRabbit, Copilot, and similar bot comments must be addressed, proven non-actionable, or escalated before any merge or post-merge closeout recommendation.
- Merge preflight: no PR can merge until security issues are cleared, comments are resolved, Codex
/reviewhas passed, findings are addressed, and changed-surface validation is clean. - Repair ladder: make the useful contributor PR mergeable when its branch is maintainer-editable; otherwise replace draft, stale, unmergeable, uneditable, or unsafe branches with a narrow credited fix PR. When fix PR mode is enabled, "wait or replace" is already answered: replace, preserve credit, then supersede only the source PR that could not be safely updated.
Requires Node 24.
# Validate all job files.
npm run validate
# Render a plan-mode prompt without running Codex.
npm run render -- jobs/openclaw/cluster-example.md --mode plan
# Dry-run a worker without calling Codex.
npm run worker -- jobs/openclaw/cluster-example.md --mode plan --dry-run
# Build an offline autonomous cluster/fix artifact.
npm run build-fix-artifact -- jobs/openclaw/autonomous-example.md --offline
# Stage low-signal PR sweep jobs from local ghcrawl data.
npm run import-low-signal -- --limit 20 --batch-size 5 --mode autonomous --sort stale
# Stage the next largest active ghcrawl clusters, skipping already-imported and
# fully security-sensitive clusters by default. Mixed clusters can route security
# refs while continuing ordinary bug/dedupe work.
npm run import-ghcrawl -- --from-ghcrawl --limit 40 --mode autonomous --suffix autonomous-smoke --allow-instant-close --allow-merge --allow-fix-pr --allow-post-merge-close
# Find failed cluster jobs that have not been superseded by a later success.
npm run self-heal
# Resolve a job from a run id or job path and show the requeue plan.
npm run requeue -- 24947178021
# Requeue one reviewed job/run into the live queue. This briefly opens both
# write gates when the job is execute/autonomous, waits for the run to start,
# then closes the gates.
npm run requeue -- 24947178021 --execute --open-execute-window \
--runner blacksmith-4vcpu-ubuntu-2404 \
--execution-runner blacksmith-16vcpu-ubuntu-2404
# Execute a reviewed fix artifact locally. Requires both execution gates and a write token.
CLOWNFISH_ALLOW_EXECUTE=1 CLOWNFISH_ALLOW_FIX_PR=1 npm run execute-fix -- jobs/openclaw/cluster-example.md --latest --dry-run
# Retry failed jobs once. This briefly opens the execution gate, waits for the
# dispatched workers to start, records the self-heal ledger, and closes the gate.
npm run self-heal -- --execute --open-execute-window --max-jobs 5 \
--runner blacksmith-4vcpu-ubuntu-2404 \
--execution-runner blacksmith-16vcpu-ubuntu-2404npm run validate
for f in scripts/*.mjs; do node --check "$f" || exit 1; done
npm run review-results -- .projectclownfish/runs
npm run publish-result -- .projectclownfish/runs
git diff --checkThe workflow needs:
- Codex/OpenAI authentication for model execution
- a read-only GitHub token for worker inspection
- a separate write-scoped GitHub token for the deterministic applicator
- execution gates that default on for execute/autonomous jobs: set
CLOWNFISH_ALLOW_EXECUTE=0orCLOWNFISH_ALLOW_FIX_PR=0only when intentionally pausing live work - optional
CLOWNFISH_CODEX_CLI_VERSIONvariable to pin and refresh the cached Codex CLI - optional
CLOWNFISH_MODELoverride for dispatch scripts; default Codex model isgpt-5.5 - optional
CLOWNFISH_CODEX_TIMEOUT_MSandCLOWNFISH_FIX_CODEX_TIMEOUT_MSvariables; both default to 30 minutes - optional
CLOWNFISH_CODEX_REVIEW_ATTEMPTSandCLOWNFISH_RESOLVE_REVIEW_THREADSvariables for agentic merge-prep review loops
Keep exact secret names, token scopes, and execution-window procedures in private operations docs or repository settings notes. Do not put token values or live operational credentials in job files.