fix(memory-wiki): make wiki_lint tool output path-safe

[LLagoon3]

Summary

• Problem: wiki_lint returned the raw lint result as tool details, including an absolute reportPath, while the CLI path works normally.
• Why it matters: absolute-path-heavy tool output can interact poorly with tool-result handling and produced unable to resolve opened file path in the reported runtime path.
• What changed: the wiki_lint tool now renders vault-internal report paths relative to the wiki vault with a defensive formatter, and returns a lightweight details object instead of the raw lint result object.
• What did NOT change (scope boundary): the underlying lintMemoryWikiVault() result shape and CLI behavior are unchanged; CLI callers still receive the absolute report path they can read from disk.

AI-assisted PR: yes. I used OpenClaw/Codex assistance, reviewed the diff, and personally ran the verification below.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes memory-wiki: wiki_lint tool can fail with 'unable to resolve opened file path' while CLI lint succeeds #83420
• This PR fixes a bug or regression

Real behavior proof (required for external PRs)

• Behavior or issue addressed: wiki_lint tool output should avoid exposing the raw absolute reportPath in model-visible text and should not return the raw lint result object as details.
• Real environment tested:
  • Host: Linux 6.8.0-111-generic x64
  • Container: node:24-bookworm
  • Source: origin/main plus this patch
• Exact steps or command run after this patch:

docker run --rm \
  -v /tmp/openclaw-83420-main:/repo \
  -w /repo node:24-bookworm \
  bash -lc 'corepack enable >/dev/null && pnpm test:extension memory-wiki'

I also ran a direct Docker harness invoking createWikiLintTool(...).execute(...) against an isolated test vault with lint warnings.

• Evidence after fix (copied live output):

[test-extension] Running 23 test files for memory-wiki
...
Test Files  23 passed (23)
Tests       118 passed (118)

Direct current-head tool output after the patch (69baeae2888b1e652740c3afbdabf08f4ae84eb3):

toolText=Issues: 3 total (0 errors, 3 warnings)\nContradictions: 0\nOpen questions: 0\nProvenance gaps: 1\nReport: reports/lint.md
detailsReportPath=reports/lint.md
detailsHasVaultRoot=false
detailsContainsVaultRoot=false
toolTextContainsVaultRoot=false
coreLintReportPathAbsolute=true
coreLintReportPathContainsVaultRoot=true

• Observed result after fix: the tool-visible summary reports reports/lint.md, details.reportPath is also reports/lint.md, and the tool details no longer include or serialize the vault root. The underlying lint core result still uses an absolute report path for file-oriented callers. If a report path is not inside the vault, the formatter leaves it unchanged instead of fabricating a misleading relative path.
• What was not tested: I did not reproduce the exact full-runtime unable to resolve opened file path failure path in Docker; the direct tool harness reproduced the risky output shape and confirmed the patched output shape.
• Before evidence (optional but encouraged): before the patch, the same direct harness returned Report: /tmp/wiki-lint-repro-vault/reports/lint.md and details.reportPath: /tmp/wiki-lint-repro-vault/reports/lint.md.

Root Cause (if applicable)

• Root cause: createWikiLintTool() reused the raw lintMemoryWikiVault() result directly for both visible text and tool metadata. That raw result is appropriate for CLI/file callers but too file-path-heavy for an agent tool result.
• Missing detection / guardrail: there was no tool-level test ensuring wiki_lint normalizes report paths for tool output.
• Contributing context (if known): the CLI already logs a relative report path internally, but the returned result keeps the absolute path for CLI consumers.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: extensions/memory-wiki/src/tool.test.ts
• Scenario the test should lock in: wiki_lint returns reports/lint.md in visible text and details.reportPath, without leaking the absolute vault path in the visible summary or details payload, while preserving categorized lint details such as broken wikilinks.
• Why this is the smallest reliable guardrail: the bug is in the tool wrapper, not the underlying linter or CLI path.
• Existing test that already covers this (if any): N/A

User-visible / Behavior Changes

wiki_lint tool responses now show the lint report path relative to the vault (reports/lint.md) instead of an absolute local path. CLI lint output is unchanged.

Diagram (if applicable)

Before:
wiki_lint tool -> raw lint result -> absolute reportPath in text/details

After:
wiki_lint tool -> normalized tool payload -> relative reportPath in text/details

Security Impact (required)

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: Linux 6.8.0-111-generic x64
• Runtime/container: Docker node:24-bookworm
• Model/provider: N/A
• Integration/channel (if any): N/A
• Relevant config (redacted): isolated memory-wiki test vault under /tmp

Steps

1. Create an isolated memory-wiki vault with a lintable synthesis page.
2. Invoke createWikiLintTool(config).execute(...).
3. Inspect the visible text and details.reportPath.

Expected

• Tool text uses Report: reports/lint.md for vault-internal reports.
• Tool details.reportPath is reports/lint.md for vault-internal reports.
• The underlying CLI/linter behavior remains unchanged.

Actual

• Matches expected after this patch.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios:
  • pnpm test:extension memory-wiki passed in Docker (23 files, 118 tests).
  • Direct createWikiLintTool(...).execute(...) output now uses reports/lint.md and omits vaultRoot from tool details.
• Edge cases checked:
  • The underlying CLI/linter result shape was left unchanged so existing lint.test.ts absolute-path file reads continue to work.
• What you did not verify:
  • I did not reproduce the exact full-runtime unable to resolve opened file path failure in Docker.

Codex review:

• Ran codex review --base origin/main locally as requested by the contribution guide.
• It produced one P1 finding about scripts/e2e/telegram-user-credential.ts, but this PR does not touch that file or any credential helper path; the changed files are only extensions/memory-wiki/src/tool.ts and extensions/memory-wiki/src/tool.test.ts.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? Yes
• Config/env changes? No
• Migration needed? No
• If yes, exact upgrade steps: N/A

Risks and Mitigations

• Risk: tool consumers that expected an absolute details.reportPath may now see a relative path and no longer receive vaultRoot in the agent-tool details payload.
  • Mitigation: this is limited to the agent tool wrapper; the CLI/linter result remains unchanged for file-oriented callers, and agent-tool consumers should resolve reports/lint.md relative to their existing memory-wiki vault context rather than relying on a model-visible absolute path.

[clawsweeper]

Codex review: passed.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR changes memory-wiki's wiki_lint agent tool to return vault-relative report paths and bounded details, adds regression coverage, and adds a changelog entry.

Reproducibility: yes. for the narrowed tool-output bug: current main source clearly returns the raw linter result and absolute reportPath through wiki_lint. The full bridge-mode unable to resolve opened file path runtime failure was not reproduced in this read-only pass.

PR rating
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Summary: Good normal PR quality: proof covers the changed tool-wrapper behavior, the patch is focused, and the remaining blocker is merge-state and compatibility review rather than a code finding.

Rank-up moves:

• Resolve the current CHANGELOG.md conflict against main before merge.
• Close or mark the overlapping open PR as superseded after one canonical fix lands.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 🥚 common Tiny Diff Drake

        .--^^^^--.           
     .-'  o    o  '-.        
    /       \__/      \      
   |    /\  ____  /\   |     
   |   /  \/____\/  \  |     
    \  \_.------._/  /       
     '._  `----'  _.'        
        '-.____.-'           
       _/|_|  |_|\_          
      /__|      |__\         
       .-----------.         
      '-------------'        

Rarity: 🥚 common.
Trait: purrs at green checks.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Tiny Diff Drake in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (live_output): The PR body includes after-fix copied live output from Docker extension tests and a direct createWikiLintTool(...).execute(...) harness showing relative tool paths while the core linter stays absolute.

Risk before merge
Why this matters: - Agent-tool consumers that treated details.reportPath as an absolute filesystem path, or used details.vaultRoot, will need to resolve the new relative path against the configured wiki vault after upgrade.

• The branch currently conflicts with current main in CHANGELOG.md, so it cannot merge until the changelog is rebased or resolved.
• The overlapping open PR fix(memory-wiki): make wiki_lint report path tool-safe #83464 targets the same wiki_lint path-safe behavior; whichever branch lands should supersede the other.

Maintainer options:

1. Proceed With This Wrapper Contract (recommended)
   After rebasing the changelog conflict, merge this branch if maintainers accept wiki_lint agent-tool details becoming vault-relative while CLI, gateway, and core linter results stay absolute.
2. Add Explicit Compatibility Metadata
   If external tool consumers need absolute paths, require a separate documented field or resolver context before merge instead of restoring the raw linter result.
3. Use The Overlapping Branch Instead
   If maintainers prefer fix(memory-wiki): make wiki_lint report path tool-safe #83464 as the canonical implementation, close this PR as superseded after preserving any unique test or changelog coverage.

Next step before merge
Automerge is armed and the patch review is clean, but the current head is conflicting against main in CHANGELOG.md and needs rebase or conflict resolution before merge.

Security
Cleared: The diff narrows model-visible filesystem path exposure and adds no dependencies, network calls, secret handling, or new execution surface.

Review details

Best possible solution:

Land one canonical wrapper-level fix that keeps lint core, CLI, and gateway file-oriented report paths absolute while making agent-tool text/details vault-relative and bounded.

Do we have a high-confidence way to reproduce the issue?

Yes for the narrowed tool-output bug: current main source clearly returns the raw linter result and absolute reportPath through wiki_lint. The full bridge-mode unable to resolve opened file path runtime failure was not reproduced in this read-only pass.

Is this the best way to solve the issue?

Yes. The PR fixes the wrapper boundary rather than changing lint core or CLI behavior, and the added regression test locks the intended split between agent-tool output and file-oriented callers.

Label justifications:

• P2: This is a normal-priority memory-wiki bug fix with a limited plugin/tool-output blast radius.
• merge-risk: 🚨 compatibility: Merging intentionally changes the wiki_lint agent-tool details contract from absolute path plus vault root to a vault-relative report path without vaultRoot.

What I checked:

• Current main raw tool payload: Current main renders result.reportPath directly in wiki_lint text and returns details: result, which includes the linter's absolute report path and vault root. (extensions/memory-wiki/src/tool.ts:193, 9657b8e8cee0)
• Core linter and CLI contract: lintMemoryWikiVault() writes the report under the vault and returns the absolute reportPath; runWikiLint() still calls that core result directly for CLI/file callers. (extensions/memory-wiki/src/lint.ts:328, 9657b8e8cee0)
• PR wrapper fix: The PR adds formatWikiToolReportPath(), uses it for tool-visible text, and returns a bounded details object with relative reportPath instead of the raw linter result. (extensions/memory-wiki/src/tool.ts:15, 786e7b36ab7f)
• Regression coverage: The new tool test creates a lintable vault, asserts Report: reports/lint.md, checks details omit vaultRoot, and verifies the core linter still returns an absolute report path. (extensions/memory-wiki/src/tool.test.ts:43, 786e7b36ab7f)
• Consumer search: A repository search found no internal consumer reading details.reportPath from the wiki_lint agent tool; remaining references are tool registration/schema tests and the wrapper itself. (9657b8e8cee0)
• Merge conflict proof: git merge-tree against current main reports a conflict only in CHANGELOG.md; the memory-wiki source and test files merge cleanly. (CHANGELOG.md:42, 9657b8e8cee0)

Likely related people:

• vincentkoc: git show on 9ce4abfe558e7f1935fdd3e8d04d3ddc670095aa shows Vincent Koc added the wiki_lint agent tool and the raw result details shape in memory-wiki. (role: introduced behavior; confidence: high; commits: 9ce4abfe558e, d624ec3a0bab, d66960206b97; files: extensions/memory-wiki/src/tool.ts, extensions/memory-wiki/src/lint.ts)
• steipete: The shallow checkout's current-main blame points memory-wiki tool/lint lines at Peter Steinberger's recent repository snapshot commit, so this is a weak recent-routing signal rather than feature authorship. (role: recent adjacent contributor; confidence: low; commits: 86885f31c17e; files: extensions/memory-wiki/src/tool.ts, extensions/memory-wiki/src/lint.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 9657b8e8cee0.

[LLagoon3]

Addressed ClawSweeper's path separator finding in 0648677. The wiki_lint tool-visible reportPath now slash-normalizes the path after path.relative, and the focused test now covers backslash-to-slash normalization plus confirms lintMemoryWikiVault still returns an absolute reportPath for CLI/file callers.

Local validation: git diff --check passed. I avoided broad local test runs on this low-memory host; CI is rerunning on the updated PR head.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26014810442
• Updated: 2026-05-18T05:16:24.847Z

[LLagoon3]

@clawsweeper re-review

Updated the PR body with current-head proof for fa53598137f57fc26a1c69cc929aaf2fec90d9db: direct createWikiLintTool(...).execute(...) output now shows detailsReportPath=reports/lint.md, detailsHasVaultRoot=false, detailsContainsVaultRoot=false, and the lint core still returns an absolute report path for file-oriented callers. CI is green.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26018359682
• Updated: 2026-05-18T07:03:29.472Z

[LLagoon3]

@clawsweeper re-review

Updated #83439 to absorb the stronger implementation shape from #83464 while keeping the CLI/core contract proof: wiki_lint now uses a private defensive formatter that only returns a vault-relative path for vault-internal reports, removes the exported helper, preserves bounded lint details (including broken wikilinks), and still verifies the core linter returns an absolute report path for file-oriented callers. Docker pnpm test:extension memory-wiki passed: 23 files / 118 tests. Current head: 7791fb2823840509c2b1ee714fcab37d2a560d67.

[LLagoon3]

@clawsweeper re-review

Follow-up to the previous request: fixed the check-test-types failure by typing result.details through the existing asSchemaObject(...) helper before inspecting issuesByCategory. Docker validation now passed both pnpm test:extension memory-wiki (23 files / 118 tests) and pnpm check:test-types. Current head: 69baeae2888b1e652740c3afbdabf08f4ae84eb3.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26020422107
• Updated: 2026-05-18T07:53:13.027Z

[Takhoffman]

@clawsweeper automerge

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞🔧
ClawSweeper saw the passing review, but the PR needs another repair pass before merge.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=786e7b36ab7f6cb15dbb10188f7753aa925b737d); PR is behind or has merge conflicts and needs a cloud rebase repair before automerge
Action: repair worker queued. Run: https://github.com/openclaw/clawsweeper/actions/runs/26045601369
Model: gpt-5.5

I will update this PR branch, or open a safe credited replacement, if the repair worker finds a narrow CI fix.

Automerge progress:

• 2026-05-18 15:30:15 UTC Codex write preflight (passed) in 31s Run: https://github.com/openclaw/clawsweeper/actions/runs/26043093877 danger-full-access

• 2026-05-18 15:35:37 UTC Codex edit 1 d5d0f872d6e8 (complete) in 5m 53s Run: https://github.com/openclaw/clawsweeper/actions/runs/26043093877 exit 0

• 2026-05-18 15:39:36 UTC validation and review 1 786e7b36ab7f (complete) in 9m 52s Run: https://github.com/openclaw/clawsweeper/actions/runs/26043093877 already-current

• 2026-05-18 15:39:41 UTC repair completed 786e7b36ab7f (branch updated) in 9m 58s Run: https://github.com/openclaw/clawsweeper/actions/runs/26043093877 initial automerge rebase is delegated to Codex repair

• 2026-05-18 15:39:41 UTC review queued 786e7b36ab7f (after repair)

• 2026-05-18 15:49:45 UTC automerge wait 786e7b36ab7f (waiting) in 20m 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26043093877 mergeable state is CONFLICTING

• 2026-05-18 16:13:02 UTC review passed 786e7b36ab7f (structured ClawSweeper verdict: pass (sha=786e7b36ab7f6cb15dbb10188f7753aa925b7...)

• 2026-05-18 15:49:46 UTC repair finished 786e7b36ab7f (pushed) in 20m 2s Run: https://github.com/openclaw/clawsweeper/actions/runs/26043093877 repair_contributor_branch

• 2026-05-18 16:06:06 UTC review queued 786e7b36ab7f (queued)

• 2026-05-18 16:13:26 UTC repair queued 786e7b36ab7f (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26045601369

• 2026-05-18 16:16:51 UTC repair started (running) in 0s Run: https://github.com/openclaw/clawsweeper/actions/runs/26045601369 automerge-openclaw-openclaw-83439

• 2026-05-18 16:17:08 UTC validation plan (passed) in 17s Run: https://github.com/openclaw/clawsweeper/actions/runs/26045601369 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-18 16:17:22 UTC Codex write preflight (passed) in 32s Run: https://github.com/openclaw/clawsweeper/actions/runs/26045601369 danger-full-access

• 2026-05-18 16:21:42 UTC Codex edit 1 315c896b6ca7 (complete) in 4m 52s Run: https://github.com/openclaw/clawsweeper/actions/runs/26045601369 exit 0

• 2026-05-18 16:24:52 UTC validation and review 1 df5c7db151e6 (base moved) in 8m 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26045601369 rebased

• 2026-05-18 16:25:37 UTC repair finished df5c7db151e6 (opened) in 8m 46s Run: https://github.com/openclaw/clawsweeper/actions/runs/26045601369 open_fix_pr

[clawsweeper]

ClawSweeper 🐠 reef update

Thanks for the contribution. ClawSweeper hit a branch-permission wall on this PR, so it opened a replacement branch to keep review moving while preserving credit.

Why replacement: ClawSweeper could not update the source PR branch directly; GitHub did not grant sufficient push rights to the bot for that branch.
Replacement PR: #83687
Why close: this run explicitly closes the superseded source PR after the credited replacement PR is open, so review continues in one place.
This source PR is being closed only under the explicit source-close setting for this ClawSweeper run.
Attribution is preserved in the replacement PR body and release-note trail.
Co-author credit kept:

• @LLagoon3: Co-authored-by: LLagoon3 115124830+LLagoon3@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against df5c7db.