fix(memory-wiki): make wiki_lint report path tool-safe

[ThiagoCAltoe]

Summary

• Problem: wiki_lint can surface the linter's absolute report path in agent-tool text/details even though CLI lint succeeds.
• Root cause: createWikiLintTool() reused the raw lintMemoryWikiVault() result for both visible text and tool metadata. That raw result is correct for CLI/file callers because they need an absolute reportPath, but it is too path-heavy for model-visible tool output.
• Fix: keep lintMemoryWikiVault() and CLI behavior unchanged, but have the wiki_lint tool render and return a vault-relative reportPath such as reports/lint.md.
• Scope boundary: this only changes the memory-wiki agent tool wrapper and its regression test.

AI-assisted PR: yes. I used OpenClaw/Codex assistance, reviewed the diff, and verified the behavior below.

Compatibility note

• This intentionally changes only the wiki_lint agent tool result shape.
• details.reportPath returned by the agent tool is now vault-relative, for example reports/lint.md.
• The agent tool no longer returns raw vaultRoot in details, so tool output does not expose the local vault root.
• The lower-level lintMemoryWikiVault() result is unchanged and still returns the absolute reportPath plus vaultRoot.
• CLI and gateway callers are unchanged: openclaw wiki lint and wiki.lint gateway calls still consume the raw linter result.
• Repo search found no internal consumer reading details.reportPath from the wiki_lint agent tool outside the new regression test.
• External consumers that used the agent tool details.reportPath as an absolute filesystem path should resolve the relative path against the configured wiki vault root, or call the CLI/gateway/linter surface that still returns absolute paths.

Change Type

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

Closes #83420.

Real Behavior Proof

• Behavior or issue addressed: wiki_lint tool output should not expose the raw absolute lint report path in model-visible text or return the raw linter result object as tool details.
• Real environment tested: local OpenClaw checkout on Linux arm64, branch fix-memory-wiki-lint-tool-output, with an isolated temporary memory-wiki vault.
• Exact steps or command run after this patch: ran a direct node --import tsx -e ... harness that created a temporary wiki vault, wrote a lintable page, invoked createWikiLintTool(config).execute(...), inspected the tool text/details, and compared that with the underlying linter/CLI report path shape.
• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output): copied live console output from the after-fix harness:

toolText=Issues: 3 total (0 errors, 3 warnings)
Contradictions: 0
Open questions: 0
Provenance gaps: 1
Report: reports/lint.md
toolDetailsReportPath=reports/lint.md
toolTextContainsVaultRoot=false
toolDetailsContainsVaultRoot=false
cliReportPathAbsolute=true

• Observed result after fix: the tool-visible summary and details.reportPath use reports/lint.md, while the underlying linter/CLI path remains absolute for file-oriented callers.
• What was not tested: I did not reproduce the exact full-runtime unable to resolve opened file path bridge failure. The proof covers the risky output shape at the tool wrapper where this patch changes behavior.
• Before evidence (optional but encouraged): before the patch, createWikiLintTool() rendered result.reportPath directly and returned details: result, so the direct tool output included the absolute vault report path.

Regression Test Plan

• Added a focused regression in extensions/memory-wiki/src/tool.test.ts for wiki_lint tool output.
• The test asserts the visible report path is reports/lint.md, does not include the vault root, details.reportPath is relative, and the details payload does not include vaultRoot.

Validation

Passed locally before opening this PR:

git diff --check
OPENCLAW_VITEST_MAX_WORKERS=1 pnpm test extensions/memory-wiki/src/tool.test.ts -- --reporter=verbose
OPENCLAW_VITEST_MAX_WORKERS=1 pnpm test:extension memory-wiki -- --reporter=verbose
pnpm build
codex review --base origin/main

Results:

focused tool test: passed
memory-wiki extension lane: 23 files passed, 112 tests passed
pnpm build: passed
codex review: no actionable findings on this patch

Not run locally: full pnpm check and full pnpm test. This was intentionally left to CI/Testbox because the local host is a low-memory Raspberry Pi-class machine and repo-wide checks overloaded the session.

User-visible / Behavior Changes

wiki_lint tool responses now show the lint report path relative to the vault (reports/lint.md) instead of an absolute local filesystem path. CLI lint behavior is unchanged.

Security Impact

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No

Risks and Mitigations

• Risk: a tool consumer that treated details.reportPath as an absolute path will now receive a vault-relative path.
• Mitigation: this is limited to the agent tool wrapper. lintMemoryWikiVault() and CLI/file callers still receive the absolute report path. The agent-facing tool payload avoids exposing the local vault root in text or details.

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The branch changes the memory-wiki wiki_lint agent tool to display and return a vault-relative lint report path with bounded details, plus a focused regression test.

Reproducibility: no. not for the exact full-runtime bridge error. Source inspection does show current main returns the raw absolute-path-heavy linter result from wiki_lint, and the PR body supplies direct after-fix live output from the changed tool wrapper.

PR rating
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Summary: Focused patch with direct live tool-output proof and no blocking findings, with one explicit compatibility decision left for maintainers.

Rank-up moves:

• Maintainer accepts or revises the relative details.reportPath contract before merge.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Sufficient (live_output): The PR body includes copied live output from a local harness invoking the real createWikiLintTool() against a temporary vault after the patch, showing the relative report path and no vault-root exposure.

Risk before merge
Why this matters: - Existing consumers of the agent-tool details.reportPath that expect an absolute filesystem path will now receive a vault-relative path and must resolve it against the configured wiki vault root or use the CLI/gateway/linter surface.

• The exact full-runtime unable to resolve opened file path bridge failure was not reproduced here; the evidence proves the implicated tool-output shape and the after-fix wrapper behavior.

Maintainer options:

1. Accept relative tool details (recommended)
   Merge the scoped wrapper change because file-oriented CLI/gateway/linter callers still receive absolute paths while the agent tool stops exposing the local vault root.
2. Keep absolute details contract
   If maintainers want details.reportPath to remain absolute for external consumers, revise the PR to add a separate relative/display field instead of changing the existing detail field.
3. Pause for canonical PR choice
   If the duplicate PR is preferred, close this PR as superseded only after choosing which branch owns the linked issue fix.

Next step before merge
No automated repair is needed; the remaining action is maintainer review of the compatibility tradeoff and normal CI/merge handling.

Security
Cleared: The diff only reshapes local memory-wiki tool result data and adds a test; it introduces no dependency, network, command execution, permission, or secret-handling surface.

Review details

Best possible solution:

Merge this wrapper/test fix after CI and maintainer acceptance of the relative agent-tool details contract, then close the linked issue and supersede the companion PR at #83439 if this lands first.

Do we have a high-confidence way to reproduce the issue?

No, not for the exact full-runtime bridge error. Source inspection does show current main returns the raw absolute-path-heavy linter result from wiki_lint, and the PR body supplies direct after-fix live output from the changed tool wrapper.

Is this the best way to solve the issue?

Yes. Keeping lintMemoryWikiVault(), CLI, and gateway behavior unchanged while reshaping only the agent tool wrapper is the narrowest maintainable solution, subject to maintainer acceptance of the detail-field compatibility change.

Label justifications:

• P2: This is a normal-priority memory-wiki tool bug fix with limited blast radius and a focused wrapper/test change.
• merge-risk: 🚨 compatibility: The PR intentionally changes the existing agent-tool details.reportPath value from absolute to vault-relative for consumers of that tool result.

What I checked:

• Current main raw tool payload: On current main, createWikiLintTool() renders result.reportPath in model-visible text and returns details: result, so the agent tool exposes the raw linter payload including vaultRoot and absolute reportPath. (extensions/memory-wiki/src/tool.ts:193, 56024b782814)
• Underlying linter remains file-oriented: lintMemoryWikiVault() still returns vaultRoot and the absolute reportPath, while only its log detail stores a relative path; this supports keeping CLI/gateway behavior unchanged while sanitizing the agent wrapper. (extensions/memory-wiki/src/lint.ts:369, 56024b782814)
• CLI and gateway caller boundary: The gateway wiki.lint method and CLI runWikiLint() still consume lintMemoryWikiVault(config) directly, so the PR's intended behavior split between agent tool output and file-oriented callers is consistent with current source. (extensions/memory-wiki/src/gateway.ts:240, 56024b782814)
• Proposed wrapper/test diff: The PR commit adds formatWikiToolReportPath(), uses the relative report path in visible text and details.reportPath, removes raw vaultRoot from tool details, and adds a test asserting no vault-root leakage. (extensions/memory-wiki/src/tool.ts:93, 9280a677b733)
• Patch hygiene check: The exact PR commit diff has no whitespace errors in the touched files. (9280a677b733)
• Feature history: The agent lint tool and issue-category surface appears to date to 9ce4abfe558e7f1935fdd3e8d04d3ddc670095aa, which added createWikiLintTool() returning the raw lint result as details. (extensions/memory-wiki/src/tool.ts, 9ce4abfe558e)

Likely related people:

• @vincentkoc: Introduced the memory-wiki lint tool and has the dominant history on the relevant memory-wiki tool/lint files. (role: feature owner; confidence: high; commits: 9ce4abfe558e, 947a43dae311; files: extensions/memory-wiki/src/tool.ts, extensions/memory-wiki/src/lint.ts, extensions/memory-wiki/src/tool.test.ts)
• @joshavant: Current checkout blame for the relevant createWikiLintTool() and lintMemoryWikiVault() lines maps to a recent commit that carried the memory-wiki files into current main. (role: recent area contributor; confidence: medium; commits: 395bd578d262; files: extensions/memory-wiki/src/tool.ts, extensions/memory-wiki/src/lint.ts, extensions/memory-wiki/src/tool.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 56024b782814.

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞🔧
ClawSweeper automerge is enabled.

• Head: 9280a677b733
• Label: clawsweeper:automerge
• Action: repair worker queued. Run: https://github.com/openclaw/clawsweeper/actions/runs/26049084888
• Flow: review this head, repair/rebase only if needed, then re-review the exact repaired head before merge.

Draft PRs stay fix-only until GitHub marks them ready for review. Pause with /clawsweeper stop.

Automerge progress:

• 2026-05-18 17:18:48 UTC review queued 9280a677b733 (queued)

• 2026-05-18 17:21:26 UTC repair queued 9280a677b733 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26049084888

• 2026-05-18 17:24:21 UTC repair started (running) in 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26049084888 automerge-openclaw-openclaw-83464

• 2026-05-18 17:24:36 UTC validation plan (passed) in 16s Run: https://github.com/openclaw/clawsweeper/actions/runs/26049084888 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-18 17:24:48 UTC Codex write preflight (passed) in 28s Run: https://github.com/openclaw/clawsweeper/actions/runs/26049084888 danger-full-access

• 2026-05-18 17:28:56 UTC Codex edit 1 57028585538c (complete) in 4m 35s Run: https://github.com/openclaw/clawsweeper/actions/runs/26049084888 exit 0

• 2026-05-18 17:34:19 UTC validation and review 1 81808ec8d0c1 (base moved) in 9m 58s Run: https://github.com/openclaw/clawsweeper/actions/runs/26049084888 rebased

• 2026-05-18 17:39:48 UTC Codex edit 1 cb408bb06b1a (complete) in 15m 27s Run: https://github.com/openclaw/clawsweeper/actions/runs/26049084888 exit 0

• 2026-05-18 17:40:51 UTC validation and review 1 da27925d9f61 (base moved) in 16m 31s Run: https://github.com/openclaw/clawsweeper/actions/runs/26049084888 rebased

• 2026-05-18 17:41:24 UTC repair finished da27925d9f61 (opened) in 17m 4s Run: https://github.com/openclaw/clawsweeper/actions/runs/26049084888 open_fix_pr

[clawsweeper]

ClawSweeper 🐠 reef update

Thanks for the work on this. ClawSweeper could not push to this branch with the permissions available, so it opened a narrow replacement PR to keep the fix swimming forward without losing the contributor trail. not your fault, just GitHub branch-permission tides.

Why replacement: ClawSweeper could not update the source PR branch directly; GitHub did not grant sufficient push rights to the bot for that branch.
Replacement PR: #83714
Why close: this run explicitly closes the superseded source PR after the credited replacement PR is open, so review continues in one place.
This source PR is being closed only under the explicit source-close setting for this ClawSweeper run.
The replacement PR keeps the contributor trail visible for review and changelog credit.
Co-author credit kept:

• @ThiagoCAltoe: Co-authored-by: Thiago Costa 71539514+ThiagoCAltoe@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against da27925.