RFC: Claws#27
Conversation
|
Codex review: needs changes before merge. Reviewed July 10, 2026, 4:13 PM ET / 20:13 UTC. Summary Reproducibility: not applicable. This PR proposes new product and package behavior rather than reporting broken existing behavior. Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Maintainer decision needed
Security Review findings
Review detailsBest possible solution: Restore the standard RFC review sections without changing semantics, then have maintainers accept, narrow, or continue incubating the durable Claw package contract before changing the draft status and merging. Do we have a high-confidence way to reproduce the issue? Not applicable: this PR proposes new product and package behavior rather than reporting broken existing behavior. Is this the best way to solve the issue? No, not yet: the revised agent-centric model is coherent and responsive to review, but the document still needs the required RFC structure and the permanent compatibility contract needs explicit maintainer acceptance. Full review comments:
Overall correctness: patch is incorrect AGENTS.md: not found in the target repository. Codex review notes: model internal, reasoning high; reviewed against a8e0ba2701d6. Label changesLabel justifications:
Evidence reviewedAcceptance criteria:
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (38 earlier review cycles; latest 8 shown)
|
82394de to
97e4220
Compare
9238395 to
c063c27
Compare
c063c27 to
e145b5d
Compare
06c548e to
16fb475
Compare
8741ab7 to
5506bba
Compare
|
@clawsweeper re-review RFC refreshed to make skills, MCP servers, connectors, and doctor diagnostics the remaining first-series completion track. Update lifecycle and automations stay as later tracks. |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
I would like to request a product-model and schema revision before accepting this RFC. Mental model: a Claw is an employee you addThe current RFC treats a Claw primarily as a starter setup that is applied to a workspace. I think the clearer product model is:
Adding a Claw should therefore always:
It should never silently target, merge into, or update an existing agent. The local agent id should default from For the CLI, I suggest renaming openclaw claws add @acme/github-triage --dry-run
openclaw claws add @acme/github-triage
Proposed schema changes
Package identity should follow the ClawHub plugin precedentCurrent ClawHub plugins do not embed a publisher or registry slug in Illustrative package metadata: {
"name": "@acme/github-triage",
"version": "1.2.0",
"type": "module",
"openclaw": {
"claw": "./openclaw.claw.json"
}
}Proposed kitchen-sink ClawThis is illustrative syntax, but it shows the ownership boundaries I am proposing: {
"schemaVersion": 1,
"agent": {
"id": "github-triage",
"name": "GitHub Triage",
"description": "Reviews incoming GitHub issues and prepares a daily triage summary.",
"identity": {
"name": "Triage",
"emoji": "🔎"
},
"groupChat": {
"mentionPatterns": [
"@triage",
"@github-triage"
]
},
"sandbox": {
"mode": "all",
"scope": "agent",
"workspaceAccess": "rw"
},
"tools": {
"allow": [
"read",
"write",
"edit",
"web_fetch",
"memory_search",
"memory_get",
"github-triage-github__*"
],
"deny": [
"exec",
"browser",
"nodes"
]
},
"heartbeat": {
"every": "30m",
"activeHours": {
"start": "08:00",
"end": "18:00"
},
"lightContext": true,
"isolatedSession": true,
"skipWhenBusy": true,
"timeoutSeconds": 120
},
"humanDelay": {
"mode": "natural"
}
},
"workspace": {
"bootstrapFiles": {
"AGENTS.md": {
"source": "workspace/AGENTS.md"
},
"SOUL.md": {
"source": "workspace/SOUL.md"
},
"IDENTITY.md": {
"source": "workspace/IDENTITY.md"
},
"TOOLS.md": {
"source": "workspace/TOOLS.md"
},
"HEARTBEAT.md": {
"source": "workspace/HEARTBEAT.md"
}
},
"files": [
{
"source": "workspace/reference/triage-policy.md",
"path": "reference/triage-policy.md"
},
{
"source": "workspace/templates/issue-response.md",
"path": "templates/issue-response.md"
}
]
},
"packages": [
{
"kind": "skill",
"source": "clawhub",
"ref": "@acme/issue-triage-playbook",
"version": "1.4.0"
},
{
"kind": "plugin",
"source": "clawhub",
"ref": "@acme/github-actions",
"version": "2.1.0"
}
],
"mcpServers": {
"github-triage-github": {
"command": "npx",
"args": [
"-y",
"@acme/github-mcp"
],
"env": {
"GITHUB_TOKEN": "${GITHUB_TOKEN}"
},
"toolFilter": {
"include": [
"issues_list",
"issues_get",
"issues_comment",
"pull_requests_list"
],
"exclude": [
"repository_delete",
"repository_admin_*"
]
},
"timeout": 30,
"connectTimeout": 10
}
},
"cronJobs": [
{
"id": "weekday-triage",
"name": "Weekday GitHub triage",
"schedule": {
"cron": "0 9 * * 1-5",
"timezone": "America/New_York"
},
"session": "isolated",
"message": "Review new GitHub issues according to reference/triage-policy.md and prepare a concise triage summary.",
"delivery": {
"mode": "announce",
"channel": "last"
}
}
]
}
Resulting OpenClaw configAssuming the local agent id remains {
"agents": {
"defaults": {},
"list": [
{
"id": "main",
"default": true
},
{
"id": "github-triage",
"name": "GitHub Triage",
"description": "Reviews incoming GitHub issues and prepares a daily triage summary.",
"workspace": "~/.openclaw/workspace-github-triage",
"identity": {
"name": "Triage",
"emoji": "🔎"
},
"groupChat": {
"mentionPatterns": [
"@triage",
"@github-triage"
]
},
"sandbox": {
"mode": "all",
"scope": "agent",
"workspaceAccess": "rw"
},
"tools": {
"allow": [
"read",
"write",
"edit",
"web_fetch",
"memory_search",
"memory_get",
"github-triage-github__*"
],
"deny": [
"exec",
"browser",
"nodes"
]
},
"heartbeat": {
"every": "30m",
"activeHours": {
"start": "08:00",
"end": "18:00"
},
"lightContext": true,
"isolatedSession": true,
"skipWhenBusy": true,
"timeoutSeconds": 120
},
"humanDelay": {
"mode": "natural"
}
}
]
},
"plugins": {
"entries": {
"github-actions": {
"enabled": true
}
}
},
"mcp": {
"servers": {
"github-triage-github": {
"command": "npx",
"args": [
"-y",
"@acme/github-mcp"
],
"env": {
"GITHUB_TOKEN": "${GITHUB_TOKEN}"
},
"toolFilter": {
"include": [
"issues_list",
"issues_get",
"issues_comment",
"pull_requests_list"
],
"exclude": [
"repository_delete",
"repository_admin_*"
]
},
"timeout": 30,
"connectTimeout": 10
}
}
}
}The skill would be installed under This gives the feature one simple invariant: one Claw package adds one complete new agent for one job, without replacing the user's operator defaults or modifying an agent they already built. |
|
Addressed in The RFC now uses the invariant one Claw package adds one complete new agent for one job. It specifies:
I also added an incubation boundary for internal iteration: while the RFC is draft, the entire CLI is gated by The existing implementation PRs are now described as prototype evidence that must be rewritten/restacked around this model, not as the public contract. |
fcc497d to
845df5c
Compare
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. Re-review progress:
|
Summary
claws addcreate a newagents.list[]entry and workspace; existing agent/workspace collisions fail closed.agent,workspace,packages,mcpServers, andcronJobsownership boundaries.package.jsonplus authenticated publishing for package identity, version, and publisher ownership.agent.skills, and generic connectors from the portable contract.OPENCLAW_EXPERIMENTAL_CLAWS=1; when disabled, the command is unregistered and absent from help and completions.Lifecycle and safety
The lifecycle is
add,status,update,remove, andexport. Read-only plans precede consented mutation. Unsupported, blocked, drifted, or ambiguous ownership fails closed.Grouped update rebuilds its plan immediately before mutation, uses each owner's strongest compare-and-swap or convergence boundary, advances root provenance last, and compensates completed owners in reverse order. Uncertain config/Gateway calls and package installs without artifact rollback are reported as partial rather than cross-owner atomic.
Control UI alignment
openclaw/openclaw#103176 remains the Control UI surface for plugin inventory, installation, enablement/disablement, removal, and curated MCP connector discovery. Claws add package references to the shared lifecycle model; removing a Claw releases its reference and does not silently uninstall a shared plugin or skill. A global plugin pinned to another version by a different Claw fails update closed.
Portable MCP declarations remain direct validated
mcp.serversconfiguration and do not create a feed-backed connector identity or replace the Control UI's curated connector shelf.Implementation stack
The RFC now links the ordered eleven-PR OpenClaw stack:
Validation
git diff --check