fix(changelog): reject bot/app handles as Thanks attribution and require explicit human credit (#81357)

hxy91819 · clawsweeper[bot] · web-flow · commit 83d7ab0d362f · 2026-05-14T15:04:43.000Z
Summary: - The PR expands forbidden changelog `Thanks` attribution rules for bot/app handles, shares the Node predicate ... ngelog gate, requires explicit human credit for bot/app-authored changelog entries, and adds focused tests. - Reproducibility: yes. Current main source shows bot/app changelog authors can skip human attribution and bot/app `Thanks` handles are not all rejected; I did not execute tests because this review was read-only. Automerge notes: - PR branch already contained follow-up commit before automerge: fix: simplify bot changelog credit guard - PR branch already contained follow-up commit before automerge: fix: share changelog credit attribution rule - PR branch already contained follow-up commit before automerge: fix: tighten changelog attribution scanning - PR branch already contained follow-up commit before automerge: test: cover legacy changelog credit exclusions - PR branch already contained follow-up commit before automerge: fix: express changelog credit exclusions as union sets - PR branch already contained follow-up commit before automerge: fix: avoid substring changelog credit exclusions Validation: - ClawSweeper review passed for head 1e6d0f5. - Required merge gates passed before the squash merge. Prepared head SHA: 1e6d0f5 Review: #81357 (comment) Co-authored-by: Mason Huang <masonxhuang@tencent.com> Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -244,6 +244,7 @@ Docs: https://docs.openclaw.ai
 - Codex app-server: keep the short post-tool completion watchdog armed across dynamic tool completion bookkeeping so embedded Codex runs fail fast and release their session lane when Codex goes quiet after a tool result. (#81697) Thanks @mbelinky.
 - Models: restore authenticated CLI runtime providers in the `/models` picker while keeping legacy runtime aliases hidden from setup/default model choices. Closes #81212. (#81239) Thanks @anagnorisis2peripeteia.
 - Agents/cron: honor a cron payload's explicit `timeoutSeconds` for the LLM idle watchdog even when it numerically equals `agents.defaults.timeoutSeconds`, preserving explicit per-run timeout intent and preventing stalled streaming replies from being cut to the implicit 120s cap. (#79426) Thanks @legolaz8451.
+- Changelog gates: reject bot/app handles as `Thanks` attribution and require explicit human credit for bot/app-authored changelog entries. (#81357) Thanks @hxy91819.
 
 ### Changes
 
@@ -8650,7 +8651,7 @@ Docs: https://docs.openclaw.ai
 - Gateway/Commands: keep webchat command authorization on the internal `webchat` context instead of inferring another provider from channel allowlists, fixing dropped `/new`/`/status` commands in Control UI when channel allowlists are configured. (#7189) Thanks @karlisbergmanis-lv.
 - Control UI: prevent stored XSS via assistant name/avatar by removing inline script injection, serving bootstrap config as JSON, and enforcing `script-src 'self'`. Thanks @Adam55A-code.
 - Agents/Security: sanitize workspace paths before embedding into LLM prompts (strip Unicode control/format chars) to prevent instruction injection via malicious directory names. Thanks @aether-ai-agent.
-- Agents/Sandbox: clarify system prompt path guidance so sandbox `bash/exec` uses container paths (for example `/workspace`) while file tools keep host-bridge mapping, avoiding first-attempt path misses from host-only absolute paths in sandbox command execution. (#17693) Thanks @app/juniordevbot.
+- Agents/Sandbox: clarify system prompt path guidance so sandbox `bash/exec` uses container paths (for example `/workspace`) while file tools keep host-bridge mapping, avoiding first-attempt path misses from host-only absolute paths in sandbox command execution. (#17693)
 - Agents/Context: apply configured model `contextWindow` overrides after provider discovery so `lookupContextTokens()` honors operator config values (including discovery-failure paths). (#17404) Thanks @michaelbship and @vignesh07.
 - Agents/Context: derive `lookupContextTokens()` from auth-available model metadata and keep the smallest discovered context window for duplicate model ids, preventing cross-provider cache collisions from overestimating session context limits. (#17586) Thanks @githabideri and @vignesh07.
 - Agents/OpenAI: force `store=true` for direct OpenAI Responses/Codex runs to preserve multi-turn server-side conversation state, while leaving proxy/non-OpenAI endpoints unchanged. (#16803) Thanks @mark9232 and @vignesh07.
diff --git a/scripts/check-changelog-attributions.mjs b/scripts/check-changelog-attributions.mjs
@@ -4,25 +4,99 @@ import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
 
-export const FORBIDDEN_CHANGELOG_THANKS_HANDLES = ["codex", "openclaw", "steipete"];
+export const FORBIDDEN_CHANGELOG_THANKS_HANDLES = [
+  "codex",
+  "openclaw",
+  "steipete",
+  "clawsweeper",
+  "openclaw-clawsweeper",
+  "clawsweeper[bot]",
+  "openclaw-clawsweeper[bot]",
+];
+export const FORBIDDEN_CHANGELOG_THANKS_HANDLE_PREFIXES = ["app/"];
+export const FORBIDDEN_CHANGELOG_THANKS_HANDLE_SUFFIXES = ["[bot]"];
+export const CHANGELOG_THANKS_REQUIRE_HUMAN_CREDIT_HANDLES = [
+  "clawsweeper",
+  "openclaw-clawsweeper",
+  "clawsweeper[bot]",
+  "openclaw-clawsweeper[bot]",
+];
+export const CHANGELOG_THANKS_REQUIRE_HUMAN_CREDIT_HANDLE_PREFIXES = ["app/"];
+export const CHANGELOG_THANKS_REQUIRE_HUMAN_CREDIT_HANDLE_SUFFIXES = ["[bot]"];
 
-const HANDLE_PATTERN = FORBIDDEN_CHANGELOG_THANKS_HANDLES.join("|");
-const FORBIDDEN_THANKS_PATTERN = new RegExp(
-  `\\bThanks\\b[^\\n]*@(${HANDLE_PATTERN})(?=\\b|[^A-Za-z0-9-])`,
-  "iu",
-);
+const THANKS_PATTERN = /\bThanks\b/iu;
+const THANKED_HANDLE_PATTERN = /@([-_/A-Za-z0-9]+(?:\[bot\])?)/giu;
+
+export function isForbiddenChangelogThanksHandle(handle, options = {}) {
+  const { strictBotHandle = false } = options;
+  const normalized = handle.toLowerCase();
+  if (normalized === "" || normalized === "null") {
+    // Empty/null input is not a GitHub handle, but the shell query path may pass it through.
+    return true;
+  }
+  if (
+    FORBIDDEN_CHANGELOG_THANKS_HANDLES.includes(normalized) ||
+    FORBIDDEN_CHANGELOG_THANKS_HANDLE_PREFIXES.some((prefix) => normalized.startsWith(prefix)) ||
+    FORBIDDEN_CHANGELOG_THANKS_HANDLE_SUFFIXES.some((suffix) => normalized.endsWith(suffix))
+  ) {
+    return true;
+  }
+  if (strictBotHandle) {
+    // PR-author checks should not reject a real human whose login merely contains a bot keyword.
+    return false;
+  }
+  return false;
+}
+
+export function requiresExplicitHumanChangelogThanks(handle) {
+  const normalized = handle.toLowerCase();
+  if (normalized === "" || normalized === "null") {
+    return false;
+  }
+  return (
+    CHANGELOG_THANKS_REQUIRE_HUMAN_CREDIT_HANDLES.includes(normalized) ||
+    CHANGELOG_THANKS_REQUIRE_HUMAN_CREDIT_HANDLE_PREFIXES.some((prefix) =>
+      normalized.startsWith(prefix),
+    ) ||
+    CHANGELOG_THANKS_REQUIRE_HUMAN_CREDIT_HANDLE_SUFFIXES.some((suffix) =>
+      normalized.endsWith(suffix),
+    )
+  );
+}
 
 export function findForbiddenChangelogThanks(content) {
   return content
     .split(/\r?\n/u)
     .map((text, index) => {
-      const match = text.match(FORBIDDEN_THANKS_PATTERN);
-      return match ? { line: index + 1, handle: match[1].toLowerCase(), text } : null;
+      if (!THANKS_PATTERN.test(text)) {
+        return null;
+      }
+      // A single changelog line may thank multiple handles; scan all of them.
+      for (const match of text.matchAll(THANKED_HANDLE_PATTERN)) {
+        if (isForbiddenChangelogThanksHandle(match[1])) {
+          return { line: index + 1, handle: match[1].toLowerCase(), text };
+        }
+      }
+      return null;
     })
     .filter(Boolean);
 }
 
 export async function main(argv = process.argv.slice(2)) {
+  if (argv[0] === "--is-forbidden-handle") {
+    process.exitCode = isForbiddenChangelogThanksHandle(argv[1] ?? "", {
+      strictBotHandle: true,
+    })
+      ? 0
+      : 1;
+    return;
+  }
+
+  if (argv[0] === "--requires-explicit-human-thanks") {
+    process.exitCode = requiresExplicitHumanChangelogThanks(argv[1] ?? "") ? 0 : 1;
+    return;
+  }
+
   const changelogPath = argv[0] ?? "CHANGELOG.md";
   const absolutePath = path.resolve(process.cwd(), changelogPath);
   const content = fs.readFileSync(absolutePath, "utf8");
@@ -37,7 +111,9 @@ export async function main(argv = process.argv.slice(2)) {
     console.error(`- ${relativePath}:${violation.line} uses Thanks @${violation.handle}`);
   }
   console.error(
-    `Use a credited external GitHub username instead of ${FORBIDDEN_CHANGELOG_THANKS_HANDLES.map((handle) => `@${handle}`).join(", ")}.`,
+    `Use a credited external GitHub username instead of ${FORBIDDEN_CHANGELOG_THANKS_HANDLES.map(
+      (handle) => `@${handle}`,
+    ).join(", ")}.`,
   );
   process.exitCode = 1;
 }
diff --git a/scripts/pr-lib/changelog.sh b/scripts/pr-lib/changelog.sh
@@ -1,3 +1,11 @@
+changelog_helper_root() {
+  cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd
+}
+
+changelog_attribution_script() {
+  printf '%s\n' "$(changelog_helper_root)/scripts/check-changelog-attributions.mjs"
+}
+
 normalize_pr_changelog_entries() {
   local pr="$1"
   local changelog_path="CHANGELOG.md"
@@ -156,23 +164,23 @@ EOF_NODE
 }
 
 validate_changelog_attribution_policy() {
-  node scripts/check-changelog-attributions.mjs CHANGELOG.md
+  node "$(changelog_attribution_script)" CHANGELOG.md
 }
 
 changelog_thanks_required_for_contributor() {
   local contrib="${1:-}"
-  local normalized
-  normalized=$(printf '%s' "$contrib" | tr '[:upper:]' '[:lower:]')
-
-  case "$normalized" in
-    ""|"null"|"app/"*|"codex"|"openclaw"|"clawsweeper"|"openclaw-clawsweeper"|"clawsweeper[bot]"|"openclaw-clawsweeper[bot]"|"steipete")
-      return 1
-      ;;
-  esac
+  [ -n "$contrib" ] || return 1
+  node "$(changelog_attribution_script)" --is-forbidden-handle "$contrib" && return 1
 
   return 0
 }
 
+changelog_explicit_human_thanks_required_for_contributor() {
+  local contrib="${1:-}"
+  [ -n "$contrib" ] || return 1
+  node "$(changelog_attribution_script)" --requires-explicit-human-thanks "$contrib"
+}
+
 validate_changelog_entry_for_pr() {
   local pr="$1"
   local contrib="$2"
@@ -339,7 +347,20 @@ END {
     return 0
   fi
 
-  echo "changelog validated: found PR #$pr (no eligible human contributor handle, skipping thanks check)"
+  if ! changelog_explicit_human_thanks_required_for_contributor "$contrib"; then
+    echo "changelog validated: found PR #$pr (no eligible human contributor handle, skipping thanks check)"
+    return 0
+  fi
+
+  local with_pr_and_any_thanks
+  with_pr_and_any_thanks=$(printf '%s\n' "$added_lines" | rg -in "$pr_pattern" | rg -i '\bthanks[[:space:]]+@' || true)
+  if [ -z "$with_pr_and_any_thanks" ]; then
+    echo "CHANGELOG.md update for bot/app/non-creditable author $contrib must include an explicit human Thanks @handle on the PR #$pr entry line."
+    echo "Choose the credited original contributor, or stop for maintainer input if authorship is unclear."
+    exit 1
+  fi
+
+  echo "changelog validated: found PR #$pr + explicit thanks for bot/app/non-creditable author $contrib"
 }
 
 validate_changelog_merge_hygiene() {
diff --git a/test/scripts/check-changelog-attributions.test.ts b/test/scripts/check-changelog-attributions.test.ts
@@ -1,6 +1,61 @@
-import { readFileSync } from "node:fs";
+import { execFileSync } from "node:child_process";
+import { mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
 import { describe, expect, it } from "vitest";
-import { findForbiddenChangelogThanks } from "../../scripts/check-changelog-attributions.mjs";
+import {
+  findForbiddenChangelogThanks,
+  isForbiddenChangelogThanksHandle,
+  requiresExplicitHumanChangelogThanks,
+} from "../../scripts/check-changelog-attributions.mjs";
+
+const changelogScriptPath = path.join(process.cwd(), "scripts", "pr-lib", "changelog.sh");
+
+function run(cwd: string, command: string, args: string[], env?: NodeJS.ProcessEnv): string {
+  return execFileSync(command, args, {
+    cwd,
+    encoding: "utf8",
+    env: env ? { ...process.env, ...env } : process.env,
+  }).trim();
+}
+
+function createRepoWithPrChangelogDiff(entry: string): string {
+  const repo = mkdtempSync(path.join(os.tmpdir(), "openclaw-changelog-credit-"));
+  run(repo, "git", ["init", "-q", "--initial-branch=main"]);
+  run(repo, "git", ["config", "user.email", "test@example.com"]);
+  run(repo, "git", ["config", "user.name", "Test User"]);
+  writeFileSync(repo + "/CHANGELOG.md", "# Changelog\n\n## Unreleased\n\n### Fixes\n\n", "utf8");
+  run(repo, "git", ["add", "CHANGELOG.md"]);
+  run(repo, "git", ["commit", "-qm", "seed"]);
+  const baseSha = run(repo, "git", ["rev-parse", "HEAD"]);
+  // validate_changelog_entry_for_pr reads origin/main...HEAD, so the test
+  // fixture needs a real base ref plus a feature-branch changelog diff.
+  run(repo, "git", ["update-ref", "refs/remotes/origin/main", baseSha]);
+  run(repo, "git", ["checkout", "-qb", "feature"]);
+  writeFileSync(
+    repo + "/CHANGELOG.md",
+    `# Changelog\n\n## Unreleased\n\n### Fixes\n\n${entry}\n`,
+    "utf8",
+  );
+  run(repo, "git", ["add", "CHANGELOG.md"]);
+  run(repo, "git", ["commit", "-qm", "add changelog entry"]);
+  return repo;
+}
+
+function validateChangelogEntry(repo: string, contrib: string): string {
+  return run(
+    repo,
+    "bash",
+    [
+      "-c",
+      'source "$OPENCLAW_PR_CHANGELOG_SH"; validate_changelog_entry_for_pr 123 "$OPENCLAW_TEST_CONTRIB"',
+    ],
+    {
+      OPENCLAW_PR_CHANGELOG_SH: changelogScriptPath,
+      OPENCLAW_TEST_CONTRIB: contrib,
+    },
+  );
+}
 
 describe("check-changelog-attributions", () => {
   it("flags forbidden bot, org, and maintainer thanks attributions", () => {
@@ -9,13 +64,19 @@ describe("check-changelog-attributions", () => {
       "- Org-owned fix. Thanks @openclaw.",
       "- Maintainer-owned fix. Thanks @steipete.",
       "- Mixed credit. Thanks @contributor and @OpenClaw.",
+      "- Bot repair. Thanks @clawsweeper[bot].",
+      "- Dependency bump. Thanks @dependabot[bot].",
+      "- App repair. Thanks @app/clawsweeper.",
     ].join("\n");
 
     expect(findForbiddenChangelogThanks(content)).toEqual([
       { line: 1, handle: "codex", text: "- Internal cleanup. Thanks @codex." },
       { line: 2, handle: "openclaw", text: "- Org-owned fix. Thanks @openclaw." },
       { line: 3, handle: "steipete", text: "- Maintainer-owned fix. Thanks @steipete." },
       { line: 4, handle: "openclaw", text: "- Mixed credit. Thanks @contributor and @OpenClaw." },
+      { line: 5, handle: "clawsweeper[bot]", text: "- Bot repair. Thanks @clawsweeper[bot]." },
+      { line: 6, handle: "dependabot[bot]", text: "- Dependency bump. Thanks @dependabot[bot]." },
+      { line: 7, handle: "app/clawsweeper", text: "- App repair. Thanks @app/clawsweeper." },
     ]);
   });
 
@@ -27,6 +88,82 @@ describe("check-changelog-attributions", () => {
     ).toStrictEqual([]);
   });
 
+  it("checks every thanked handle on a changelog line", () => {
+    expect(
+      findForbiddenChangelogThanks("- Mixed credit (#123). Thanks @openclaw and @alice."),
+    ).toEqual([
+      {
+        line: 1,
+        handle: "openclaw",
+        text: "- Mixed credit (#123). Thanks @openclaw and @alice.",
+      },
+    ]);
+  });
+
+  it("uses one attribution predicate for scanner and shell checks", () => {
+    expect(isForbiddenChangelogThanksHandle("")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("null")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("app/any-bot")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("codex")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("openclaw")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("steipete")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("app/clawsweeper")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("clawsweeper")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("clawsweeper[bot]")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("openclaw-clawsweeper")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("openclaw-clawsweeper[bot]")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("dependabot[bot]")).toBe(true);
+    expect(isForbiddenChangelogThanksHandle("dependabot[bot]", { strictBotHandle: true })).toBe(
+      true,
+    );
+    expect(isForbiddenChangelogThanksHandle("alice")).toBe(false);
+    expect(isForbiddenChangelogThanksHandle("human-clawsweeper-fan")).toBe(false);
+    expect(
+      isForbiddenChangelogThanksHandle("human-clawsweeper-fan", { strictBotHandle: true }),
+    ).toBe(false);
+
+    expect(requiresExplicitHumanChangelogThanks("clawsweeper")).toBe(true);
+    expect(requiresExplicitHumanChangelogThanks("clawsweeper[bot]")).toBe(true);
+    expect(requiresExplicitHumanChangelogThanks("dependabot[bot]")).toBe(true);
+    expect(requiresExplicitHumanChangelogThanks("app/clawsweeper")).toBe(true);
+    expect(requiresExplicitHumanChangelogThanks("human-clawsweeper-fan")).toBe(false);
+    expect(requiresExplicitHumanChangelogThanks("steipete")).toBe(false);
+    expect(requiresExplicitHumanChangelogThanks("")).toBe(false);
+  });
+
+  it("requires explicit human thanks for bot PR changelog entries", () => {
+    const repo = createRepoWithPrChangelogDiff("- Bot repair (#123).");
+    try {
+      let output = "";
+      try {
+        validateChangelogEntry(repo, "dependabot[bot]");
+      } catch (error) {
+        output = String((error as { stdout?: unknown }).stdout ?? error);
+      }
+      expect(output).toContain("must include an explicit human Thanks @handle");
+    } finally {
+      rmSync(repo, { recursive: true, force: true });
+    }
+  });
+
+  it("accepts explicit human thanks for bot PR changelog entries", () => {
+    const repo = createRepoWithPrChangelogDiff("- Bot repair (#123). Thanks @alice.");
+    try {
+      expect(validateChangelogEntry(repo, "dependabot[bot]")).toContain("explicit thanks");
+    } finally {
+      rmSync(repo, { recursive: true, force: true });
+    }
+  });
+
+  it("keeps non-bot forbidden contributors on the no-thanks fallback", () => {
+    const repo = createRepoWithPrChangelogDiff("- Maintainer repair (#123).");
+    try {
+      expect(validateChangelogEntry(repo, "steipete")).toContain("skipping thanks check");
+    } finally {
+      rmSync(repo, { recursive: true, force: true });
+    }
+  });
+
   it("keeps PR changelog gates on the same attribution policy", () => {
     const commonLib = readFileSync("scripts/pr-lib/common.sh", "utf8");
     const changelogLib = readFileSync("scripts/pr-lib/changelog.sh", "utf8");
@@ -36,10 +173,12 @@ describe("check-changelog-attributions", () => {
 
     expect(commonLib).toContain("pr_contributor_allows_human_trailers");
     expect(commonLib).toContain("resolve_contributor_coauthor_email");
-    expect(changelogLib).toContain("node scripts/check-changelog-attributions.mjs CHANGELOG.md");
+    expect(changelogLib).toContain("changelog_attribution_script");
+    expect(changelogLib).toContain("--is-forbidden-handle");
+    expect(changelogLib).toContain("--requires-explicit-human-thanks");
     expect(changelogLib).toContain("changelog_thanks_required_for_contributor");
-    expect(changelogLib).toContain('"app/"*');
-    expect(changelogLib).toContain('"clawsweeper"');
+    expect(changelogLib).toContain("changelog_explicit_human_thanks_required_for_contributor");
+    expect(changelogLib).toContain("Choose the credited original contributor");
     expect(gates).toContain("validate_changelog_attribution_policy");
     expect(prepareCore).toContain("resolve_contributor_coauthor_email");
     expect(mergeLib).toContain("pr_contributor_allows_human_trailers");
