Policy: add tool metadata conformance

[giodl73-repo]

Policy: add tool metadata conformance

Summary

This PR extends the bundled Policy plugin from channel conformance into governed tool metadata. Policy remains a read-only conformance layer over existing OpenClaw surfaces: policy.jsonc states requirements, TOOLS.md is observed as evidence, and policy check / doctor --lint report drift without mutating the workspace.

• Adds tools.requireMetadata policy support for risk, sensitivity, and owner.
• Observes TOOLS.md declarations as tool evidence, including source oc://TOOLS.md/tools/<id> references.
• Adds doctor/policy findings for missing or unknown tool metadata.
• Keeps policy check, policy check --json, policy watch, and doctor --lint read-only.
• Adds policy watch for repeated accepted-attestation drift checks, with --once for CI/supervisor probes.
• Leaves runtime tool enforcement out of scope for a dedicated follow-up PR.

Quick Start

Enable the bundled Policy plugin and author a policy requirement:

openclaw plugins enable policy

{
  "tools": {
    "requireMetadata": ["risk", "sensitivity", "owner"],
  },
}

A matching TOOLS.md declaration should carry the required metadata:

## Tools
- deploy: risk: critical sensitivity: restricted owner: ops

Run policy-only checks during authoring:

openclaw policy check
openclaw policy check --json

Watch accepted attestation drift for long-running supervisors or CI probes:

openclaw policy watch --once
openclaw policy watch --json --once

The same findings are available through openclaw doctor --lint when the Policy plugin is enabled.

Configuration

Policy config remains under plugins.entries.policy.config:

{
  "plugins": {
    "entries": {
      "policy": {
        "enabled": true,
        "config": {
          "enabled": true,
          "path": "policy.jsonc",
          "workspaceRepairs": false,
          "expectedHash": "sha256:...",
          "expectedAttestationHash": "sha256:...",
        },
      },
    },
  },
}

Audit State

policy check --json emits the stable audit tuple:

policy hash + evidence hash + findings hash + clean result -> attestation hash

The tool evidence is part of the workspace evidence hash. A clean result can be accepted by recording attestation.policy.hash as expectedHash and attestation.attestationHash as expectedAttestationHash.

Findings

This PR adds these policy findings:

Finding	Meaning
policy/tools-missing-owner	A governed tool declaration is missing owner metadata.
policy/tools-missing-risk-level	A governed tool declaration is missing risk metadata.
policy/tools-unknown-risk-level	A governed tool declaration uses an unknown risk value.
policy/tools-missing-sensitivity-token	A governed tool declaration is missing sensitivity metadata.
policy/tools-unknown-sensitivity-token	A governed tool declaration uses an unknown sensitivity value.

Findings identify both sides of the decision: target points to the observed TOOLS.md declaration and requirement points to the authored policy requirement.

Out Of Scope

This PR does not add runtime tool enforcement, approval UI, supervisor protocol changes, gateway protocol changes, Swift protocol model changes, or a cross-plugin oc-path runtime dependency. policy watch reports attestation drift from the existing policy check contract; it does not enforce tool calls at runtime. Runtime enforcement should land separately with fail-closed schema validation for invalid policy artifacts.

Real Behavior Proof

Behavior addressed: The bundled Policy plugin can now enforce authored TOOLS.md metadata conformance for tool risk, sensitivity, and owner fields through read-only policy and doctor diagnostics, and policy watch reports accepted-attestation drift from the same evidence tuple.

Real environment tested: WSL source checkout on PR head b24746d0dd9f5f8785d69d4c68d361adc0108ad1, compared against origin/main.

Exact steps or command run after this patch:

• git diff --check
• node scripts/run-vitest.mjs extensions/policy/src/policy-state.test.ts extensions/policy/src/cli.test.ts extensions/policy/src/doctor/register.test.ts test/release-check.test.ts
• node scripts/run-tsgo.mjs --project tsconfig.json --noEmit
• node scripts/run-vitest.mjs src/plugins/stage-bundled-plugin-runtime.test.ts -t "stages bundled dist plugins as runtime wrappers without linking plugin node_modules"
• node scripts/run-vitest.mjs src/plugins/loader.test.ts -t "refreshes bundled plugin-sdk aliases without deleting the shared alias directory"

Evidence after fix: Focused Policy plugin tests passed for policy state hashing, doctor registration, CLI reporting, JSON output, policy watch stale-attestation behavior, bullet and heading TOOLS.md declarations, invalid metadata keys, and read-only doctor/policy reporting. The packaging-focused smoke tests passed after removing the unnecessary oc-path package alias changes.

Observed result after fix: The focused Policy/release run passed 4 files and 87 tests. The two package-alias smoke tests each passed with unrelated tests skipped. git diff --check and tsgo passed.

What was not tested: Runtime policy enforcement, approval metadata propagation, approval UI, supervisor protocol, gateway protocol, and Swift protocol surfaces are intentionally not part of this PR.

Related

• Channels-first policy conformance: Policy: add conformance system with channel checks #80407
• Model, network, and MCP conformance examples: Policy: add model, network, and MCP conformance checks #80783
• Runtime audit metadata and attestation enforcement: Policy: add runtime audit metadata and attestation enforcement #81104

Policy stack links

This PR is part of the Policy 1.0 proof stack:

1. Policy: add conformance system with channel checks #80407 — Policy: add conformance system with channel checks
2. Policy: add tool metadata conformance #80056 — Policy: add tool metadata conformance
3. Policy: add model, network, and MCP conformance checks #80783 — Policy: add model, network, and MCP conformance checks
4. Policy: add runtime audit metadata and attestation enforcement #81104 — Policy: add runtime audit metadata and attestation enforcement
5. Policy: add secret and auth conformance checks #81974 — Policy: add secrets auth provenance checks
6. Policy: add gateway exposure checks #81981 — Policy: add gateway exposure checks

[clawsweeper]

Codex review: needs real behavior proof before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR extends the bundled Policy plugin with tools.requireMetadata checks over TOOLS.md, adds policy watch, and updates policy docs and focused tests.

Reproducibility: not applicable. This is a feature PR: current main has channel-only Policy conformance, while this branch adds a new tool metadata conformance area.

PR rating
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🐚 platinum hermit
Summary: The implementation is coherent with only a small docs bug, but merge readiness remains capped by mock-only proof for a new CLI/doctor behavior.

Rank-up moves:

• Add redacted terminal output, logs, or a terminal screenshot from a real workspace running openclaw policy check --json, policy watch --once --json, or doctor --lint with policy.jsonc and TOOLS.md.
• Fix the clean JSON example so it includes owner metadata and the actual registered check count.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Needs real behavior proof before merge: The PR provides focused tests, typechecks, CI output, and autoreview notes, but still needs redacted real workspace output or logs from the changed policy/doctor workflow before merge. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• Contributor proof is still focused tests, CI, and local command summaries rather than real workspace output from openclaw policy check, policy watch --once, or doctor --lint against policy.jsonc and TOOLS.md.
• Merging changes the Policy schema surface and makes malformed policy containers produce invalid-policy findings where current main ignores them.
• The read-only tool metadata schema may become input to later runtime governance, so maintainers should explicitly accept the boundary before stacking enforcement on it.
• The clean JSON docs example is currently inconsistent with the new owner requirement and registered check count.

Maintainer options:

1. Require proof and docs correction (recommended)
   Ask for redacted real workspace output plus the clean JSON example correction before accepting the new Policy schema surface.
2. Accept the schema boundary
   Maintainers can intentionally accept the compatibility and governance risk if this read-only slice is needed to unblock the Policy stack.
3. Pause behind runtime review
   If the runtime enforcement semantics must be settled first, keep this PR paused behind the follow-up runtime policy PR.

Next step before merge
Needs contributor real-behavior proof and maintainer acceptance of the protected Policy schema boundary; the small docs correction alone is not enough for an autonomous repair lane.

Security
Cleared: No concrete supply-chain regression was found in the final diff; the remaining security concern is maintainer acceptance of the policy governance boundary.

Review findings

• [P3] Correct the clean policy output example — docs/cli/policy.md:170-181

Review details

Best possible solution:

Land the read-only tool metadata conformance layer after real CLI/doctor proof, the docs example fix, and maintainer acceptance of the Policy schema boundary; keep runtime enforcement in the linked follow-up work.

Do we have a high-confidence way to reproduce the issue?

Not applicable. This is a feature PR: current main has channel-only Policy conformance, while this branch adds a new tool metadata conformance area.

Is this the best way to solve the issue?

Yes with caveats. A read-only Policy plugin layer is the maintainable first step, but the docs example and real behavior proof should be fixed before merge.

Label justifications:

• P2: This is a normal-priority enterprise Policy feature with limited immediate blast radius but real schema and proof review needs.
• merge-risk: 🚨 compatibility: Malformed policy container shapes that current main ignores can become invalid-policy findings after this PR.
• merge-risk: 🚨 security-boundary: The PR defines tool governance metadata that later runtime enforcement may rely on, so the schema boundary needs maintainer acceptance.
• rating: 🦪 silver shellfish: Current PR rating is 🦪 silver shellfish because proof is 🦪 silver shellfish, patch quality is 🐚 platinum hermit, and The implementation is coherent with only a small docs bug, but merge readiness remains capped by mock-only proof for a new CLI/doctor behavior.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR provides focused tests, typechecks, CI output, and autoreview notes, but still needs redacted real workspace output or logs from the changed policy/doctor workflow before merge. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Full review comments:

• [P3] Correct the clean policy output example — docs/cli/policy.md:170-181
  The example policy requires owner, but the clean JSON evidence for deploy omits owner and still reports no findings. It also says checksRun: 6, while the final branch registers 10 policy checks, so readers cannot reproduce this as a clean output.
  Confidence: 0.96

Overall correctness: patch is correct
Overall confidence: 0.84

What I checked:

• Current main policy scope: Current main policy docs describe channel conformance only; tool metadata conformance is not implemented on main. Public docs: docs/cli/policy.md. (docs/cli/policy.md:17, 6745fe8e7046)
• PR head implements tool metadata evidence parsing: The PR head adds PolicyToolEvidence and scanPolicyTools() to parse TOOLS.md declarations into policy evidence. (extensions/policy/src/policy-state.ts:140, b24746d0dd9f)
• PR head registers new checks: The PR head expands POLICY_CHECK_IDS to include missing/unknown risk, sensitivity, and owner metadata checks. (extensions/policy/src/doctor/register.ts:29, b24746d0dd9f)
• Docs example inconsistency: The docs example requires owner metadata but shows tool evidence without owner, and lists checksRun: 6 while the final code registers 10 checks. Public docs: docs/cli/policy.md. (docs/cli/policy.md:181, b24746d0dd9f)
• Maintainer review context: Earlier runtime fail-closed review comments targeted extensions/policy/src/runtime.ts; the author later removed runtime enforcement from this PR and deferred that contract to the runtime enforcement follow-up.
• CI status signal: Public check-runs for the current head show the relevant lint, docs, type, bundled-extension, and Node check lanes completed successfully; this does not replace real behavior proof. (b24746d0dd9f)

Likely related people:

• giodl73-repo: Authored the current PR commits and also authored the merged channels-first Policy stack PR that introduced the current Policy surface this PR extends. (role: feature author / policy stack contributor; confidence: high; commits: cbf72e5e26ee, 9f53dc7631dd, b24746d0dd9f; files: extensions/policy/src/doctor/register.ts, extensions/policy/src/policy-state.ts, docs/cli/policy.md)
• steipete: Local blame for the current-main Policy files points to a broad repository update/import commit by Peter Steinberger, so this is a provenance signal rather than feature ownership. (role: current-main provenance; confidence: low; commits: 94ac563399b3; files: extensions/policy/src/doctor/register.ts, extensions/policy/src/policy-state.ts, docs/cli/policy.md)
• TurboTheTurtle: Left the earlier runtime policy fail-closed review comments that shaped the current scope split by moving runtime enforcement out of this PR. (role: reviewer; confidence: medium; files: extensions/policy/src/runtime.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 6745fe8e7046.

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/25618447008
• Updated: 2026-05-10T03:13:31.835Z

[TurboTheTurtle]

Found one runtime policy fail-open risk on the updated head.

[TurboTheTurtle]

[P1] Fail closed on unknown risk values

policy.jsonc is loaded with an unchecked cast, but this evaluator only rejects unknown sensitivity values. If the runtime artifact contains a syntactically valid typo such as "risk": "critcal" or "risk": "high ", this branch misses both the critical check and the risk/sensitivity matrix, so a tool that should require approval can fall through to allow. Since this file is the runtime guard artifact, please validate risk the same way as sensitivity and deny schema-invalid entries before evaluating the matrix.

[giodl73-repo]

Good catch. We removed the runtime enforcement work from this PR, so this thread is no longer in scope for #80056. The follow-up runtime enforcement PR should carry the fail-closed schema validation contract you called out.

[TurboTheTurtle]

One more runtime validation issue in the same policy evaluator.

[TurboTheTurtle]

[P2] Treat schema-invalid policy containers as deny decisions

After parsing JSONC, loadPolicySnapshot casts the object to PolicySnapshot without validating the shape. A syntactically valid policy such as { "tools": { "entries": {} } } or a non-array denyRules value reaches this helper and can throw when the evaluator calls .find or iterates rules, instead of returning the documented fail-closed deny decision for an invalid policy. Please validate tools.entries, tools.denyRules, and top-level denyRules before evaluation and return an invalidReason when those containers are not arrays.

[giodl73-repo]

Good catch. We removed the runtime enforcement work from this PR, so this thread is no longer in scope for #80056. The follow-up runtime enforcement PR should carry the fail-closed schema validation contract you called out.

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/25618516975
• Updated: 2026-05-10T03:25:23.213Z

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/25618947447
• Updated: 2026-05-10T03:46:22.095Z

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/25621625626
• Updated: 2026-05-10T06:22:51.652Z

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/25622474591
• Updated: 2026-05-10T07:14:00.464Z

[giodl73-repo]

Resolved the main-branch conflicts by rebasing policy-doctor-consumer onto current origin/main.

Conflict handled:

• src/commands/status.summary.redaction.test.ts: kept main's typed SessionStatus fixture shape and current modelSelectionReason: null value. The policy branch's prior CI fix for the new model fields is already present on main, so no behavior change was needed there.

Verification after rebase:

node scripts/run-vitest.mjs src/commands/status.summary.redaction.test.ts extensions/policy/src/doctor/register.test.ts extensions/policy/src/runtime-tool-policy.test.ts --reporter=dot
# 3 files passed, 44 tests passed

node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.core.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/core-test-policy-80056-rebase.tsbuildinfo
# passed

git diff --check
# passed

Pushed rebased head: 140b648
GitHub now reports the PR as mergeable; checks are re-running on the new head.

[giodl73-repo]

Post-rebase CI follow-up on 4b62ad58c4daf093705b9212772476ae3c01ecc6:

• Fixed check-test-types by keeping the policy runtime test fake intentionally narrow while casting it at the registerPolicyTrustedToolPolicy boundary, with the callback parameter typed from the real registration API.
• Fixed src/infra/secret-file.test.ts to match the tryReadSecretFileSync wrapper contract: rejected reads are caught and return undefined; the throwing behavior remains covered by readSecretFileSync.

Verification run after the patch:

TMPDIR=/tmp node scripts/run-vitest.mjs src/infra/secret-file.test.ts -t 'returns undefined from the try helper for rejected files' --reporter=dot && node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.extensions.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/extensions-test-policy-80056-ci.tsbuildinfo && node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.core.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/core-test-policy-80056-ci.tsbuildinfo && node scripts/run-vitest.mjs extensions/policy/src/runtime-tool-policy.test.ts --reporter=dot && git diff --check

Observed locally:

• focused secret-file assertion: 1 passed
• runtime-tool-policy.test.ts: 17 passed
• extension test tsgo: passed
• core test tsgo: passed
• git diff --check: passed

Local caveat: the full src/infra/secret-file.test.ts file cannot run cleanly in this WSL checkout because unrelated pinned-write cases require the fs-safe Python helper / secure temp-dir setup. The failing CI assertion itself was reproduced and passed with the focused test above; full Linux CI is now rerunning on the pushed SHA.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26193451100
• Updated: 2026-05-20T22:32:33.525Z

[giodl73-repo]

Follow-up review/proof pass on a26de49c8bf8e3219edd7e98130faf2351429e4b:

• Restored openclaw policy watch with --once, --json, and --interval-ms so accepted-attestation drift has a first-class command again.
• Tightened policy container validation so doctor/check and runtime agree on malformed policy.jsonc shapes (tools, tools.settings, tools.entries, channels, and top-level object shape).
• Added focused tests for malformed policy containers, runtime invalid-container behavior, policy check --json, policy watch --json --once, and the policy evidence scanner.
• Added the Vitest resolver alias for @openclaw/oc-path/api.js, matching the existing sibling plugin API aliases used by extension tests.

Verification:

• node scripts/run-vitest.mjs extensions/policy/src/policy-state.test.ts extensions/policy/src/doctor/register.test.ts extensions/policy/src/cli.test.ts extensions/policy/src/runtime-tool-policy.test.ts --reporter=dot - 4 files, 64 tests passed.
• node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.extensions.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/extensions-test-policy-80056-autoreview-watch.tsbuildinfo - passed.
• git diff --check - passed.
• /mnt/c/src/claws-hapi/.agents/skills/autoreview/scripts/autoreview --mode branch - clean; no accepted/actionable findings reported.

Notes:

• I attempted pnpm docs:list before editing the docs page, but in this Codex worktree it entered dependency reconciliation/install and hung; I killed it after confirming there were no tracked package/lockfile changes from that attempt.
• A nested autoreview probe tried --runInBand, which Vitest v4 rejects; that was not one of the accepted proof commands above.

[giodl73-repo]

CI follow-up pushed as a4d5fb45433a9e001eff9a6956759a5e8c6f3115.

Addressed the failing gates from a26de49c8b:

• check-lint / check-additional-extension-bundled: rewrote the policy watch sleep call to avoid the oxlint unbound-method rule.
• check-docs: ran the docs formatter on docs/cli/policy.md and committed the resulting table alignment.
• checks-node-core-runtime-infra-state: restored src/infra/secret-file.test.ts to the installed fs-safe CI behavior for rejected symlink files.

Verification after the patch:

• node scripts/run-vitest.mjs extensions/policy/src/policy-state.test.ts extensions/policy/src/doctor/register.test.ts extensions/policy/src/cli.test.ts extensions/policy/src/runtime-tool-policy.test.ts --reporter=dot - 4 files, 64 tests passed.
• node scripts/run-bundled-extension-oxlint.mjs - passed.
• node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.extensions.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/extensions-test-policy-80056-ci-fixes.tsbuildinfo - passed.
• git diff --check - passed.

Local note: node scripts/format-docs.mjs --check still flags docs/reference/templates/CLAUDE.md in this WSL worktree because Git tracks it as a symlink but the local checkout materializes it as a plain file. That file is not changed in this PR; the PR docs file is now formatted.

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26199220704
• Updated: 2026-05-21T01:13:33.387Z

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26201697939
• Updated: 2026-05-21T02:30:42.144Z

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26203701068
• Updated: 2026-05-21T03:36:05.331Z