Clownfish is a conservative OpenClaw maintainer tool for one-cluster issue and PR cleanup.

It takes a curated GitHub issue/PR cluster, asks a Codex worker to classify the items, and applies only narrow, auditable cleanup actions when the evidence is strong. This compliments the pre-pass work on clawsweeper and act as the second-pass intent based cluster resolution.

Allowed automated close reasons:

• duplicate of a clear canonical thread
• superseded by a clear canonical thread
• fixed by a specific candidate fix

Manual backlog-cleanup jobs may also use instructions/low-signal-prs.md for drive-by PRs that are clearly blank-template, docs-only discoverability churn, test-only coverage spam, refactor-only noise, third-party capabilities that belong on ClawHub, risky unapproved infra, or dirty branches. This policy is opt-in per job and should return needs_human for plausible bug fixes or anything with active maintainer signal.

Everything else stays open or is escalated for maintainer review.

Security-sensitive reports are deliberately out of scope. Clownfish routes those refs to central OpenClaw security handling and keeps processing unrelated ordinary bugs, provider gaps, and duplicate cleanup in the same cluster. It follows OpenClaw SECURITY.md: trusted-operator exec behavior, provider gaps, feature gaps, and hardening-only parity drift are not treated as vulnerabilities unless there is a real trust-boundary bypass.

Clownfish is intentionally smaller than ClawSweeper. ClawSweeper scans the whole OpenClaw backlog on a cadence; Clownfish handles targeted clusters that were already grouped by a human, gitcrawl, or another dedupe tool.

Cluster discovery currently comes from openclaw/gitcrawl.

The default workflow is proposal-first. It does not comment or close unless a job is explicitly promoted and the deterministic applicator confirms live GitHub state has not changed.

Last dashboard update: Jun 10, 2026, 16:29 UTC

State: Failed clusters need inspection

Scope: 357 active latest cluster reports. 4 policy-archived cluster(s) are excluded from health stats; run attempts are tracked as audit history only.

For a maintainer-facing architecture map of the automation lanes, see docs/INTERNAL_FEATURES.md.

For the ClawSweeper feedback loop that updates existing generated PRs, see docs/auto-update-prs.md.

That loop is marker-driven. ClawSweeper comments use hidden clawsweeper-verdict:* markers, and only actionable PR feedback includes clawsweeper-action:fix-required. Clownfish skips stale head SHAs and caps automatic repairs at five per PR and one per PR head SHA.

Maintainers can opt an existing Clownfish PR into the bounded merge loop with /clownfish automerge. That adds clownfish:automerge, dispatches ClawSweeper for the current head, lets Clownfish repair trusted needs-changes findings for up to five rounds, and merges only after a trusted pass verdict for the exact current head plus green checks, clean mergeability, and explicit CLOWNFISH_ALLOW_MERGE=1 and CLOWNFISH_ALLOW_AUTOMERGE=1 gates.

ClawSweeper commit findings have a separate intake lane. A clawsweeper_commit_finding dispatch fetches the latest markdown commit report, writes an audit record under results/commit-findings/, and only sends the finding into the PR executor when the issue is narrow, non-security, and still worth repairing on latest main.

Each cluster job:

1. Starts from one markdown job file under jobs/.
2. Hydrates the listed issue/PR refs and first-hop linked refs.
3. Builds a cluster plan and fix artifact for autonomous jobs.
4. Runs Codex with repo-local policy prompts and JSON output schema in a read-only sandbox.
5. Writes structured run artifacts under .projectclownfish/runs/.
6. Reviews the worker artifact with deterministic safety checks.
7. Executes credited fix artifacts through scripts/execute-fix-artifact.mjs when the fix gate is open: repair a maintainer-editable contributor branch first, otherwise raise a narrow replacement PR, add non-bot source PR authors as replacement co-authors, and close the uneditable source PR after the replacement push succeeds.
8. Applies guarded close/comment and explicit merge actions through scripts/apply-result.mjs.
9. Publishes a sanitized result ledger back to this repo under results/, jobs/openclaw/closed/, apply-report.json, and this README dashboard.

Codex does not receive a GitHub token during classification. The runner preflights GitHub state before model execution, then Codex receives those artifacts and returns JSON only. When a reviewed fix artifact is executed, Codex gets a temporary target checkout without GitHub credentials; the deterministic executor owns commit, push, PR creation, and source-PR closeout using CLOWNFISH_GH_TOKEN. Commit author metadata defaults to projectclownfish and can be overridden with CLOWNFISH_GIT_USER_NAME and CLOWNFISH_GIT_USER_EMAIL; this is separate from the GitHub token used to push. The applicator re-fetches the target item, checks updated_at, blocks unsafe closeouts, writes idempotent close comments, closes supported duplicate/superseded/fixed-by-candidate actions, and can squash-merge explicitly allowed clean PR actions.

Merge is deliberately harder than closeout. A merge action must include merge_preflight proving security clearance, resolved human comments, resolved review-bot findings, a passed Codex /review, addressed review findings, and clean validation commands. The fix executor runs an agentic edit/review loop before it writes a fix PR: edit, validate, Codex /review, address findings, revalidate, and resolve PR review threads when permitted. The applicator also checks live unresolved GitHub review threads immediately before merge.

Replacement fix work uses a recoverable target branch named clownfish/<cluster-id>. The executor resumes that branch if it already exists and pushes checkpoint commits after agent edits and review-fix edits, adding Co-authored-by trailers for non-bot source PR authors when a contributor PR is replaced. It then opens or updates the PR only after validation and Codex /review pass. If /review still blocks the merge after retries, the run writes a blocked fix report and leaves the checkpoint branch recoverable instead of losing the patch.

Runs for the same job path and mode are queued instead of running concurrently. The workflow uses Node 24, blacksmith-4vcpu-ubuntu-2404 for cluster planning/review, and blacksmith-16vcpu-ubuntu-2404 for fix/apply execution. Fix execution prepares the target checkout with Corepack and the target pnpm package manager before validation; the execution job caches Codex, npm, Corepack, and the target pnpm store. Fix validation is pinned to OpenClaw's fast changed-lane posture by default: pnpm check:changed plus diff checks are the hard local gate, and target validation commands normalize to pnpm check:changed unless CLOWNFISH_TARGET_VALIDATION_MODE=strict or CLOWNFISH_STRICT_TARGET_VALIDATION=1 is explicitly set. Unrelated flaky main CI, broad pnpm check, full tests, live, docker, and e2e lanes do not block narrow ProjectClownfish fixes by default.

Full worker prompts, Codex transcripts, and raw artifacts stay in GitHub Actions. The committed ledger keeps only the cluster summary, run URL, action counts, apply outcomes, closed targets, and needs-human entries.

• plan: produces recommendations only.
• execute: can apply reviewed safe close and explicit clean merge actions from structured JSON.
• autonomous: adds live cluster preflight and fix-artifact generation. It may recommend and drive a canonical fix path; direct mutation still goes through the fix executor and applicator gates.
• route_security: quarantines true security-sensitive refs without poisoning unrelated cluster work.
• needs_human: only product-direction, trust-boundary, canonical-choice, merge-path, or contributor-credit decisions that remain unclear after the hydrated artifact and single-item review/check/decide pass.
• Automated reviewer feedback must be cleared during autonomous PR work. Greptile, Codex, Asile, CodeRabbit, Copilot, and similar bot comments must be addressed, proven non-actionable, or escalated before any merge or post-merge closeout recommendation.
• Merge preflight: no PR can merge until CLOWNFISH_ALLOW_MERGE=1, security issues are cleared, comments are resolved, Codex /review has passed, findings are addressed, and changed-surface validation is clean. With the merge gate closed, ProjectClownfish labels merge-ready targets for human review instead of merging.
• Repair ladder: make the useful contributor PR mergeable when its branch is maintainer-editable; otherwise replace draft, stale, unmergeable, uneditable, or unsafe branches with a narrow credited fix PR. When fix PR mode is enabled, "wait or replace" is already answered: replace, preserve credit, then supersede only the source PR that could not be safely updated.

Clownfish can route maintainer comments from target repositories back into the cloud repair workflow. It recognizes both command styles:

/clownfish status
@openclaw-clownfish status

Do not use @clownfish; that is a separate GitHub user. The accepted mention is @openclaw-clownfish or @openclaw-clownfish[bot].

Only maintainers can trigger it. The router checks GitHub author_association and accepts OWNER, MEMBER, and COLLABORATOR by default. Contributor and unknown comments are ignored without a reply.

Supported commands:

/clownfish status
/clownfish fix ci
/clownfish address review
/clownfish rebase
/clownfish explain
/clownfish stop
@openclaw-clownfish fix ci

status and explain post a short status reply. fix ci, address review, and rebase dispatch the normal cluster-worker.yml repair path, but only for existing Clownfish PRs identified by the clownfish label or clownfish/* branch. stop labels the item for human review.

The router writes an idempotency marker into each reply and records processed comments in results/comment-router.json. The scheduled workflow is dry by default; set CLOWNFISH_COMMENT_ROUTER_EXECUTE=1 to let scheduled runs post replies and dispatch workers.

Requires Node 24.

# Validate all job files.
npm run validate

# Render a plan-mode prompt without running Codex.
npm run render -- jobs/openclaw/inbox/cluster-example.md --mode plan

# Dry-run a worker without calling Codex.
npm run worker -- jobs/openclaw/inbox/cluster-example.md --mode plan --dry-run

# Build an offline autonomous cluster/fix artifact.
npm run build-fix-artifact -- jobs/openclaw/inbox/autonomous-example.md --offline

# Stage low-signal PR sweep jobs from local gitcrawl data.
npm run import-gitcrawl-low-signal -- --limit 20 --batch-size 5 --mode autonomous --sort stale

# Stage the next largest active gitcrawl clusters, skipping already-imported and
# fully security-sensitive clusters by default. Mixed clusters can route security
# refs while continuing ordinary bug/dedupe work.
npm run import-gitcrawl -- --from-gitcrawl --limit 40 --mode autonomous --suffix autonomous-smoke --allow-instant-close --allow-merge --allow-fix-pr --allow-post-merge-close

# Dispatch reviewed jobs. Dispatch, requeue, and self-heal refuse to exceed
# 50 live cluster-worker runs by default; tune with CLOWNFISH_MAX_LIVE_WORKERS
# or --max-live-workers. With --wait-for-capacity, dispatch can drain a larger
# file list in capacity-sized waves instead of refusing the whole batch.
CLOWNFISH_MAX_LIVE_WORKERS=50 npm run dispatch -- jobs/openclaw/inbox/cluster-example.md \
  --mode autonomous \
  --runner blacksmith-4vcpu-ubuntu-2404 \
  --execution-runner blacksmith-16vcpu-ubuntu-2404

# Find failed cluster jobs that have not been superseded by a later success.
npm run self-heal

# Resolve a job from a run id or job path and show the requeue plan.
npm run requeue -- 24947178021

# Requeue one reviewed job/run into the live queue. This briefly opens both
# write gates when the job is execute/autonomous, waits for the run to start,
# then closes the gates.
npm run requeue -- 24947178021 --execute --open-execute-window \
  --runner blacksmith-4vcpu-ubuntu-2404 \
  --execution-runner blacksmith-16vcpu-ubuntu-2404

# Execute a reviewed fix artifact locally. Requires both execution gates and a write token.
CLOWNFISH_ALLOW_EXECUTE=1 CLOWNFISH_ALLOW_FIX_PR=1 npm run execute-fix -- jobs/openclaw/inbox/cluster-example.md --latest --dry-run

# Rebuild the open Clownfish PR finalization report without mutating GitHub.
npm run finalize-open-prs -- --write-report

# Dry-run maintainer comment routing. Recognizes `/clownfish ...` and
# `@openclaw-clownfish ...` in recent issue/PR comments.
npm run comment-router -- --repo openclaw/openclaw --lookback-minutes 180

# Execute maintainer comment routing: post replies and dispatch repair workers
# for existing Clownfish PRs when maintainers ask for `fix ci`,
# `address review`, or `rebase`.
npm run comment-router -- --repo openclaw/openclaw --execute --wait-for-capacity

# Dry-run job hygiene: classify old smoke jobs, outbox-ready jobs, unprocessed
# jobs, and requeue candidates without deleting, moving, or dispatching.
npm run sweep-openclaw-jobs -- --live

# Apply reviewed job hygiene. This deletes old smoke jobs, moves finalized jobs
# to jobs/openclaw/outbox/finalized, and parks never-run backlog in
# jobs/openclaw/outbox/stuck; it never dispatches workers.
npm run sweep-openclaw-jobs -- --live --apply-delete-tests --apply-outbox --apply-stuck

# Dry-run a parked-backlog promotion from outbox/stuck back into inbox.
npm run promote-stuck-jobs -- --limit 20

# Promote the largest parked-backlog jobs into the active queue.
npm run promote-stuck-jobs -- --sort size --limit 20 --apply

# Promote every parked-backlog job, largest clusters first.
npm run promote-stuck-jobs -- --sort size --limit all --apply

# Dry-run the Clownfish label backfill. This verifies live GitHub state and
# reports the exact PRs/issues that would receive the "clownfish" label.
npm run tag-clownfish -- --live

# Apply the label backfill after reviewing the dry-run report.
CLOWNFISH_ALLOW_EXECUTE=1 npm run tag-clownfish -- --live --apply

# Retry failed jobs once. This briefly opens the execution gate, waits for the
# dispatched workers to start, records the self-heal ledger, and closes the gate.
npm run self-heal -- --execute --open-execute-window --max-jobs 5 \
  --max-live-workers 50 \
  --runner blacksmith-4vcpu-ubuntu-2404 \
  --execution-runner blacksmith-16vcpu-ubuntu-2404

npm run validate
for f in scripts/*.mjs; do node --check "$f" || exit 1; done
npm run review-results -- .projectclownfish/runs
npm run publish-result -- .projectclownfish/runs
git diff --check

The workflow needs:

• Codex/OpenAI authentication for model execution
• a read-only GitHub token for worker inspection
• a separate write-scoped GitHub token for the deterministic applicator
• execution gates that default closed: set CLOWNFISH_ALLOW_EXECUTE=1 and CLOWNFISH_ALLOW_FIX_PR=1 only for an intentional execution window; otherwise execute/autonomous dispatches render plan-only output and skip mutation steps
• merge is separately gated by CLOWNFISH_ALLOW_MERGE; automerge additionally requires CLOWNFISH_ALLOW_AUTOMERGE; both default to 0, and merge-ready PRs are labeled clownfish:human-review and clownfish:merge-ready for a maintainer to merge manually
• optional CLOWNFISH_CODEX_CLI_VERSION variable to pin and refresh the cached Codex CLI
• optional CLOWNFISH_MODEL override for dispatch scripts; default Codex model is gpt-5.5
• optional CLOWNFISH_MAX_LIVE_WORKERS variable for dispatch/requeue/self-heal worker fan-out; default is 50
• optional CLOWNFISH_MAX_ACTIVE_PRS_PER_AREA variable for replacement PR backpressure; default is 50 open Clownfish PRs per touched area, 0 disables the area cap, and common changelog/release-note files are ignored for this check
• ClawSweeper commit-finding repair PRs are labeled clownfish:commit-finding
• optional CLOWNFISH_CODEX_TIMEOUT_MS and CLOWNFISH_FIX_CODEX_TIMEOUT_MS variables; worker planning defaults to 30 minutes, while fix execution defaults to a 20 minute Codex budget inside the 30 minute build-PR step so timeout artifacts can be written
• optional CLOWNFISH_CODEX_REVIEW_ATTEMPTS and CLOWNFISH_RESOLVE_REVIEW_THREADS variables for agentic merge-prep review loops
• optional CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_PR and CLOWNFISH_CLAWSWEEPER_MAX_REPAIRS_PER_HEAD variables for trusted ClawSweeper review feedback; defaults are 5 automatic repair iterations per PR and 1 repair per PR head SHA. The per-PR cap is total across changing head SHAs and stops the automatic review/repair loop.
• optional CLOWNFISH_COMMENT_ROUTER_EXECUTE=1 to let the scheduled comment router respond to maintainer-only /clownfish ... and @openclaw-clownfish ... commands. Without it, scheduled runs only write a dry report.

Keep exact secret names, token scopes, and execution-window procedures in private operations docs or repository settings notes. Do not put token values or live operational credentials in job files.