Policy: add secret and auth conformance checks

[giodl73-repo]

Summary

Adds Policy 1.0 secret provenance and auth-profile conformance checks with redacted config evidence.

Logical base: merged #80783. This PR intentionally stays config-level only: it reads existing OpenClaw config and reports policy conformance findings through doctor --lint; it does not add runtime enforcement and it does not take on secrets management.

• Records managed SecretRef/provider provenance without storing secret values.
• Reports unmanaged SecretRefs, denied secret provider sources, insecure secret provider posture, missing auth profile metadata, and unapproved auth profile modes.
• Documents the offered policy syntax and evidence shape.

Policy syntax

{
  "secrets": {
    "requireManagedProviders": true,
    "denySources": ["exec"],
    "allowInsecureProviders": false
  },
  "auth": {
    "profiles": {
      "requireMetadata": ["provider", "mode"],
      "allowModes": ["api_key", "token"]
    }
  }
}

Safety

This is policy conformance, not secrets regulation or storage management. doctor --lint reads config-level declarations, emits redacted findings, and leaves credential stores and runtime behavior to the existing auth/credential systems.

Real behavior proof

Behavior addressed: config-level Policy conformance for redacted secret provenance and auth-profile metadata/mode rules.

Real environment tested: WSL checkout at /root/src/openclaw-81974-policy on Ubuntu-24.04; PR head d72baa8115b12041a1c532479e919480c46eda57 is signed and GitHub-verified.

Exact steps or command run after this patch:

• git push fork policy-81974-config:policy-secrets-auth-provenance
• OPENCLAW_CONFIG_PATH=/tmp/policy-proof-81974/openclaw.json timeout 180 node scripts/run-node.mjs doctor --lint --json --severity-min error
• Earlier same-head verification: pnpm exec oxfmt extensions/policy/src/doctor/register.ts extensions/policy/src/policy-state.ts
• Earlier same-head verification: git diff --check
• Earlier same-head verification: pnpm run lint:extensions:bundled
• Earlier same-head verification: node scripts/run-vitest.mjs extensions/policy/src/doctor/register.test.ts extensions/policy/src/cli.test.ts --run --reporter=dot
• Earlier same-head verification: node node_modules/@typescript/native-preview/bin/tsgo.js -p test/tsconfig/tsconfig.extensions.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/extensions-test-policy-81974-original-lint.tsbuildinfo
• Earlier same-head verification: autoreview local pass fix: add @lid format support and allowFrom wildcard handling #1 and Login fails with 'WebSocket Error (socket hang up)' ECONNRESET #2 clean, no accepted/actionable findings

Evidence after fix: the real doctor --lint CLI run loaded a temp workspace policy and config, ran 37 checks, and returned four redacted policy errors:

{
  "ok": false,
  "checksRun": 37,
  "checksSkipped": 0,
  "findings": [
    {
      "checkId": "policy/auth-profile-unapproved-mode",
      "ocPath": "oc://openclaw.config/auth/profiles/oauth",
      "requirement": "oc://policy.jsonc/auth/profiles/allowModes",
      "message": "Auth profile 'oauth' uses mode 'oauth' outside the policy allowlist."
    },
    {
      "checkId": "policy/secrets-denied-provider-source",
      "ocPath": "oc://openclaw.config/secrets/providers/command",
      "requirement": "oc://policy.jsonc/secrets/denySources",
      "message": "Secret provider 'command' uses denied source 'exec'."
    },
    {
      "checkId": "policy/secrets-insecure-provider",
      "ocPath": "oc://openclaw.config/secrets/providers/vault",
      "requirement": "oc://policy.jsonc/secrets/allowInsecureProviders",
      "message": "Secret provider 'vault' enables insecure posture: allowInsecurePath."
    },
    {
      "checkId": "policy/secrets-unmanaged-provider",
      "ocPath": "oc://openclaw.config/models/providers/anthropic/apiKey",
      "requirement": "oc://policy.jsonc/secrets/requireManagedProviders",
      "message": "SecretRef uses unmanaged provider 'missing'."
    }
  ]
}

Observed result after fix: the CLI reported the expected secret/auth conformance findings through doctor --lint without printing private secret values.

What was not tested: no live Gateway was launched; this is config-level policy conformance proof only.

Related

• Policy: add model, network, and MCP conformance checks #80783 - Policy: add model, network, and MCP conformance checks
• Policy: add gateway exposure checks #81981 - Policy: add gateway exposure checks

[clawsweeper]

Codex review: needs real behavior proof before merge.

Latest ClawSweeper review: 2026-05-22 19:45 UTC / May 22, 2026, 3:45 PM ET.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR extends the bundled Policy plugin and docs with config-level SecretRef/provider provenance and auth-profile conformance checks, focused doctor/CLI tests, and a test helper export.

Reproducibility: not applicable. this is a feature PR rather than a bug report. The behavior is reviewable from the PR source, tests, docs, and proof comments, but the current head still needs real CLI proof.

PR rating
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🐚 platinum hermit
Summary: The implementation signal is solid and covered by focused tests, but overall readiness is capped by stale current-head real behavior proof.

Rank-up moves:

• Add redacted current-head doctor --lint or openclaw policy check output for bb5a226 or newer.
• Get explicit maintainer acceptance of the opt-in secret/auth conformance semantics.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Needs stronger real behavior proof before merge: Stale terminal proof exists, but it does not show the current PR head after the final bearer-token scanner commit; the contributor should add redacted current-head CLI output. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• Current-head real behavior proof is insufficient because the visible CLI/proof text does not show the current bb5a226 head after the final bearer-token coverage commit.
• Enabled secret/auth Policy rules can intentionally make doctor --lint or openclaw policy check fail for existing configs, so maintainers need to accept that opt-in conformance behavior before merge.
• The scanner feeds security/audit evidence; missed or overbroad SecretRef/auth-profile classification would affect attestation confidence even though the patch does not expose secret values.

Maintainer options:

1. Require current-head CLI proof (recommended)
   Ask for a fresh redacted doctor --lint or openclaw policy check run on bb5a226 or newer that shows secret/auth findings without secret values.
2. Accept opt-in conformance failures
   If maintainers agree that enabled secret/auth Policy rules should fail conformance for matching configs, they can treat the compatibility impact as intentional after proof is refreshed.
3. Pause for runtime policy scope
   If secret/auth evidence should wait for the broader runtime audit stack, pause this PR until the linked runtime Policy work settles.

Next step before merge
Protected, security-adjacent Policy work needs maintainer approval and refreshed contributor proof rather than an automated repair PR.

Security
Cleared: No concrete secret leak, dependency, workflow permission, package-resolution, or code-execution regression was found in the reviewed Policy/docs/test diff.

Review details

Best possible solution:

Land only after a maintainer accepts the opt-in secret/auth Policy semantics and the contributor adds redacted current-head doctor --lint or openclaw policy check output for bb5a226 or newer.

Do we have a high-confidence way to reproduce the issue?

Not applicable: this is a feature PR rather than a bug report. The behavior is reviewable from the PR source, tests, docs, and proof comments, but the current head still needs real CLI proof.

Is this the best way to solve the issue?

Yes for the owner boundary: implementing this as config-level Policy plugin conformance over existing SecretRef/auth metadata is the maintainable direction. Merge readiness still depends on current-head proof and maintainer acceptance of the policy semantics.

Label justifications:

• P2: This is a normal-priority Policy feature with limited blast radius because it is opt-in conformance reporting, not runtime enforcement.
• merge-risk: 🚨 compatibility: Merging this adds opt-in Policy rules that can make existing configurations fail doctor --lint or policy checks when operators enable them.
• merge-risk: 🚨 security-boundary: The PR classifies SecretRef and auth-profile posture for audit evidence, so coverage or redaction mistakes would affect security conformance signals.
• rating: 🦪 silver shellfish: Current PR rating is 🦪 silver shellfish because proof is 🦪 silver shellfish, patch quality is 🐚 platinum hermit, and The implementation signal is solid and covered by focused tests, but overall readiness is capped by stale current-head real behavior proof.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: Stale terminal proof exists, but it does not show the current PR head after the final bearer-token scanner commit; the contributor should add redacted current-head CLI output. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

What I checked:

• Current main lacks the proposed secret/auth checks: A current-main search found no existing Policy secret/auth conformance check IDs or evidence types, so the PR is adding new Policy behavior rather than duplicating an implemented main feature. (extensions/policy/src/doctor/register.ts:1, 63545693a0fa)
• Secret evidence collection: The PR head adds scanPolicySecrets() and config traversal that records provider posture plus SecretRef inputs while omitting raw SecretRef ids/values from the evidence object. (extensions/policy/src/policy-state.ts:314, bb5a2265be8c)
• Policy doctor integration: The PR head conditionally includes secret/auth evidence only when matching policy rules exist and emits unmanaged-provider, denied-source, insecure-provider, missing-metadata, and unapproved-mode findings through the existing health-check path. (extensions/policy/src/doctor/register.ts:437, bb5a2265be8c)
• SecretInput contract checked: The current config contract defines SecretInput-capable provider request fields under headers, auth token/value, proxy TLS, and TLS material; the PR explicitly covers those surfaces in the Policy scanner and tests. (src/config/types.provider-request.ts:38, 63545693a0fa)
• Canonical SecretRef surface checked: The current docs list supported openclaw.json SecretRef targets including model providers, provider requests, plugin web search keys, gateway auth, and channel credentials; this is the dependency contract the PR’s scanner must remain aligned with. Public docs: docs/reference/secretref-credential-surface.md. (docs/reference/secretref-credential-surface.md:23, 63545693a0fa)
• Focused regression coverage: The PR head adds tests for secret provider findings, model/provider request SecretRefs, media request paths, provider-source mismatch, MCP env exclusion, channel SecretRefs, and auth-profile policy validation. (extensions/policy/src/doctor/register.test.ts:1541, bb5a2265be8c)

Likely related people:

• giodl73-repo: Authored the merged Policy stack PRs that introduced and extended the same Policy plugin source/docs path now being changed here. (role: feature-history author; confidence: high; commits: cbf72e5e26ee, a30ac3f8d7cb, 6dbd5bd4460e; files: extensions/policy/src/policy-state.ts, extensions/policy/src/doctor/register.ts, docs/cli/policy.md)
• galiniliev: Provided concrete review feedback on SecretInput coverage for provider request and media request paths in this PR discussion, directly shaping the current scanner coverage. (role: reviewer; confidence: medium; files: extensions/policy/src/policy-state.ts, extensions/policy/src/doctor/register.test.ts)
• Peter Steinberger: Current checkout blame is shallow/grafted but points the Policy files at a recent repository-wide commit; this is a weaker routing signal than the merged Policy PR history. (role: recent area contributor; confidence: low; commits: d5247d0bfb16; files: extensions/policy/src/policy-state.ts, extensions/policy/src/doctor/register.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 63545693a0fa.

[giodl73-repo]

Restacked this branch onto current upstream/main and pushed the follow-ups needed by validation:

• refreshed the shared Swift protocol model for PluginApprovalRequestParams.metadata
• fixed current lint-rule drift in the stacked policy/OC-path/doctor surfaces
• reran pnpm protocol:check
• reran pnpm check:changed

I also updated the PR body with the required Real behavior proof fields.

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

[galiniliev]

This PR adds Policy plugin evidence and doctor/policy-check findings for redacted secret/auth provenance. That is the right ownership boundary for this config-level conformance work, but the new scanner currently misses several schema-backed SecretInput surfaces, so secrets.disallowInline is not reliable yet.

Findings

• [P1] Secret scanner misses configured provider request SecretInput fields. ConfiguredProviderRequest allows inline secrets in request.auth.value, request.tls.ca/cert/key/passphrase, proxy TLS fields, and arbitrary request.headers.*, and ModelProviderSchema exposes that request object under models.providers.*.request. The new recursive scanner only records keys matching the hardcoded name list here, so a policy with secrets.disallowInline: true will not report inline TLS keys, passphrases, header auth values, or custom header secrets. That leaves real OpenClaw config secret inputs outside the evidence and attestation payload. Please drive this from the schema/secret-target contract or explicitly cover the provider request SecretInput paths, and add regression tests for at least models.providers.openai.request.auth.value, models.providers.openai.request.tls.key, and models.providers.openai.request.headers.Authorization.

Bug/behavior: new policy conformance feature for config-derived secret/auth provenance.
Affected surface: Policy plugin doctor --lint / policy check evidence and findings, plus attestation hashes.
Provenance: N/A, feature PR.
Best-fix verdict: keep this in the Policy plugin, but make the secret input discovery complete for the config contract before merge.

Reviewed code paths: extensions/policy/src/policy-state.ts, extensions/policy/src/doctor/register.ts, extensions/policy/src/doctor/register.test.ts, src/config/types.provider-request.ts, and src/config/zod-schema.core.ts.

[galiniliev]

This key-name heuristic misses several real SecretInput fields from the config contract. ConfiguredProviderRequest exposes auth.value, TLS ca/cert/key/passphrase, proxy TLS, and arbitrary headers.* as SecretInput, and model providers carry that under models.providers.*.request. With the current allowlist, inline values at those paths are not added to evidence, so secrets.disallowInline: true and attestation hashes do not cover them. Please drive discovery from the schema/secret-target contract or explicitly handle these request paths, with regressions for request.auth.value, request.tls.key, and request.headers.Authorization.

[giodl73-repo]

Addressed in signed commit 1e187e7d1b240b73be147f6c120b90e1e35bc721.

What changed:

• Added explicit secret-input path coverage for provider request fields: request.headers.*, request.auth.value, request.tls.{ca,cert,key,passphrase}, and proxy TLS.
• Added matching coverage for the existing audio request/header surfaces and MCP env plugin config surfaces.
• Kept secret evidence based on the raw config file when available so ${ENV} SecretRef-style markers are not misclassified after env substitution.
• Added regressions for models.providers.openai.request.auth.value, models.providers.openai.request.tls.key, models.providers.openai.request.headers.Authorization, and raw ${OPENAI_API_KEY} handling.

Proof run:

• git diff --check
• node scripts/run-vitest.mjs extensions/policy/src/doctor/register.test.ts extensions/policy/src/cli.test.ts --run --reporter=dot -> 93 tests passed
• node node_modules/@typescript/native-preview/bin/tsgo.js -p test/tsconfig/tsconfig.extensions.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/extensions-test-policy-81974-galin3.tsbuildinfo
• /mnt/c/src/claws-hapi/.agents/skills/autoreview/scripts/autoreview --mode branch --reviewer codex --fallback-reviewer none -> no accepted/actionable findings

CI on the pushed head is green for preflight, check-dependencies, and Real behavior proof. Please re-review when you have a chance.

[galiniliev]

This PR adds Policy evidence and findings for secret/auth provenance, which is the right surface for enforcing inline-secret and auth-profile conformance. The latest update closes the model-provider request gap, but the same SecretInput-bearing request contract is still only partially covered for media config.

Bug/behavior: policy conformance can miss inline media provider request secrets.
Affected surface: Policy plugin secret evidence/attestation scanning.
Provenance: N/A, feature coverage in this PR.
Best-fix verdict: keep this in the Policy plugin, but align SecretInput discovery with the config/schema secret-target contract or add the missing media request patterns plus regressions before merge.

[galiniliev]

[P1] Cover all media ConfiguredProviderRequest paths. This still only covers root tools.media.audio.request.*. The same request contract is also available on tools.media.models[], tools.media.image, tools.media.video, and each section's models[] entries through MediaUnderstandingRuntimeFields, so inline values like tools.media.models[].request.headers.Authorization, tools.media.image.request.auth.value, or tools.media.video.request.tls.key are not recorded in evidence. That means secrets.disallowInline and workspace attestation can report clean while inline media request secrets remain in config. Please either drive discovery from the config/secret-target contract or add the missing media request patterns with regressions for shared models and image/video section requests.

[giodl73-repo]

@

[giodl73-repo]

Fixed in 676fdc7.

Changed the secret scanner from one-off provider/media regexes to a configured provider request helper and applied it to the media request categories:

• tools.media.models[].request.*
• tools.media.audio.request.* and tools.media.audio.models[].request.*
• tools.media.image.request.* and tools.media.image.models[].request.*
• tools.media.video.request.* and tools.media.video.models[].request.*

Added regressions for shared media model headers, audio model proxy TLS passphrase, image request auth value, and video request TLS key, with assertions that evidence/findings do not leak inline values.

Proof:

• git diff --check
• node scripts/run-vitest.mjs extensions/policy/src/doctor/register.test.ts extensions/policy/src/cli.test.ts --run --reporter=dot
• node node_modules/@typescript/native-preview/bin/tsgo.js -p test/tsconfig/tsconfig.extensions.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/extensions-test-policy-81974-media-requests.tsbuildinfo
• /mnt/c/src/claws-hapi/.agents/skills/autoreview/scripts/autoreview --mode local -> clean, no accepted/actionable findings

[giodl73-repo]

Pushed signed commit 72edf5b with the lint-only cleanup after restoring the original combined #81974 shape.

Verification:

• pnpm exec oxfmt extensions/policy/src/doctor/register.ts extensions/policy/src/policy-state.ts
• git diff --check
• pnpm run lint:extensions:bundled
• node scripts/run-vitest.mjs extensions/policy/src/doctor/register.test.ts extensions/policy/src/cli.test.ts --run --reporter=dot (93 tests)
• node node_modules/@typescript/native-preview/bin/tsgo.js -p test/tsconfig/tsconfig.extensions.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/extensions-test-policy-81974-original-lint.tsbuildinfo
• autoreview local pass fix: add @lid format support and allowFrom wildcard handling #1: clean, no accepted/actionable findings
• autoreview local pass Login fails with 'WebSocket Error (socket hang up)' ECONNRESET #2: clean, no accepted/actionable findings

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26291101174
• Updated: 2026-05-22T13:47:09.669Z

[giodl73-repo]

Addressed the latest SecretInput coverage blocker on current head 1894868815d1567f8a8c7e8d2020123c90c3cc55.

Behavior addressed: Policy secret evidence now explicitly covers configured-provider request.auth.token bearer-token SecretInputs, including model provider requests and media request variants, without adding runtime enforcement.
Real environment tested: WSL checkout at /root/src/openclaw-81974-policy.
Exact steps or command run after this patch:

• pnpm exec oxfmt --write --threads=1 extensions/policy/src/policy-state.ts extensions/policy/src/doctor/register.test.ts
• git diff --check
• node scripts/run-vitest.mjs extensions/policy/src/doctor/register.test.ts extensions/policy/src/cli.test.ts --run --reporter=dot (2 files / 92 tests passed)
• node node_modules/@typescript/native-preview/bin/tsgo.js -p test/tsconfig/tsconfig.extensions.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/extensions-test-policy-81974-auth-token-fix.tsbuildinfo
  Evidence after fix: extensions/policy/src/policy-state.ts now treats both request.auth.value and request.auth.token as configured-provider auth SecretInputs; extensions/policy/src/doctor/register.test.ts asserts evidence/findings for models.providers.*.request.auth.token, tools.media.models[].request.auth.token, tools.media.audio.request.auth.token, and tools.media.image.models[].request.auth.token.
  Observed result after fix: focused policy tests and extension test typecheck passed on the signed pushed commit.
  What was not tested: broad CI is restarting on GitHub for the new head.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26299157179
• Updated: 2026-05-22T16:27:45.637Z

[giodl73-repo]

Superseded by the corrected proof comment below. The previous body was corrupted by shell command substitution while posting.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Superseded
• Detail: A newer re-review for this item started before this run finished, so GitHub cancelled this older run. Check the latest ClawSweeper run for the current result.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26306491126
• Updated: 2026-05-22T19:03:03.612Z

[giodl73-repo]

Rebased on current origin/main and fixed the CI guard failure on current head 4ae8ad27a6.

Behavior addressed: refreshed root and plugin npm-shrinkwrap.json files after the rebase so the existing deps:shrinkwrap:check guard passes. No runtime enforcement was added; the policy changes remain config-level conformance/evidence.
Real environment tested: WSL checkout at /root/src/openclaw-81974-policy.
Exact steps or command run after this patch:

• pnpm deps:shrinkwrap:generate
• pnpm deps:shrinkwrap:check
• git diff --check
• node scripts/run-vitest.mjs extensions/policy/src/doctor/register.test.ts extensions/policy/src/cli.test.ts --run --reporter=dot (2 files / 92 tests passed)
• node node_modules/@typescript/native-preview/bin/tsgo.js -p test/tsconfig/tsconfig.extensions.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/extensions-test-policy-81974-rebase-shrinkwrap.tsbuildinfo
• codex review --base origin/main
  Evidence after fix: pnpm deps:shrinkwrap:check reports every root/plugin shrinkwrap as current; Codex review reported no actionable correctness issues.
  Observed result after fix: the previously failing check-guards shrinkwrap step is clean locally on the rebased branch.
  What was not tested: broad CI is restarting on GitHub for the new pushed head.

@clawsweeper re-review

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26300858898
• Updated: 2026-05-22T17:05:38.844Z

[giodl73-repo]

Superseded by the corrected proof comment below. The previous body was corrupted by shell command substitution while posting.

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26305761601
• Updated: 2026-05-22T18:52:10.032Z

[giodl73-repo]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper could not start a re-review for this item.

Reason: re-review requires an open issue or PR.