fix(cli): preserve equals in root option values [AI-assisted]

[ThiagoCAltoe]

Summary

• Problem: root option values passed inline with = were truncated after the second = character, corrupting tokens, secrets, base64 padding, and URLs with query strings.
• Solution: parse inline values by slicing after the first = instead of using split("=", 2).
• What changed: Updated takeCliRootOptionValue() and added focused regression coverage for embedded = values.
• What did NOT change (scope boundary): No root option names, command routing, profile/container semantics, env loading, or non-inline option parsing changed.

AI-assisted: yes.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes Option value truncated when it contains '=' characters #83882
• This PR fixes a bug or regression

Motivation

• Root options can carry token-like or URL-like values. Silently truncating after an embedded = can corrupt secrets, base64-padded values, or URLs without any warning.

Real behavior proof (required for external PRs)

• Behavior or issue addressed: Inline root option values preserve all characters after the first = separator.
• Real environment tested: Local OpenClaw checkout on Linux with Node v22.21.1.
• Exact steps or command run after this patch:
  • node --import tsx -e 'const { takeCliRootOptionValue } = await import("./src/cli/root-option-value.ts"); for (const raw of ["--token=abc=def", "--token=abc==", "--url=https://example.test/cb?a=b"]) console.log(${raw} -> ${JSON.stringify(takeCliRootOptionValue(raw, undefined))});'
• Evidence after fix (copied live terminal output):

--token=abc=def -> {"value":"abc=def","consumedNext":false}
--token=abc== -> {"value":"abc==","consumedNext":false}
--url=https://example.test/cb?a=b -> {"value":"https://example.test/cb?a=b","consumedNext":false}

• Observed result after fix: Embedded equals signs are preserved for token, base64-padding, and URL-like option values.
• What was not tested: Full repository suite; live command invocation with a real external token.
• Before evidence: Issue Option value truncated when it contains '=' characters #83882 documents the pre-fix raw.split("=", 2) behavior where --token=abc=def produced only abc.

Root Cause (if applicable)

• Root cause: raw.split("=", 2) discarded everything after the second split segment, so only the text between the first and second = survived.
• Missing detection / guardrail: There was no direct test for takeCliRootOptionValue() with embedded equals signs.
• Contributing context (if known): Inline option parsing only needs to treat the first = as the key/value separator; later = characters belong to the value.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: src/cli/root-option-value.test.ts
• Scenario the test should lock in: --token=abc=def and --token=abc== preserve embedded equals signs, while --token= remains missing and space-separated values still consume the next token.
• Why this is the smallest reliable guardrail: The bug is entirely inside the root-option value helper, so direct helper coverage catches it without invoking the full CLI.
• Existing test that already covers this (if any): None.
• If no new test is added, why not: N/A.

User-visible / Behavior Changes

Inline root option values containing = are no longer truncated.

Diagram (if applicable)

Before:
--token=abc=def -> abc

After:
--token=abc=def -> abc=def

Security Impact (required)

• New permissions/capabilities? (Yes/No): No
• Secrets/tokens handling changed? (Yes/No): No
• New/changed network calls? (Yes/No): No
• Command/tool execution surface changed? (Yes/No): No
• Data access scope changed? (Yes/No): No
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: Linux
• Runtime/container: Node v22.21.1, local checkout
• Model/provider: N/A
• Integration/channel (if any): CLI root option parsing
• Relevant config (redacted): N/A

Steps

1. Call takeCliRootOptionValue("--token=abc=def", undefined).
2. Call takeCliRootOptionValue("--token=abc==", undefined).
3. Call takeCliRootOptionValue("--url=https://example.test/cb?a=b", undefined).

Expected

• All characters after the first = are preserved as the value.

Actual

• All characters after the first = are preserved as the value.

Evidence

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Focused validation run:

OPENCLAW_VITEST_MAX_WORKERS=1 node scripts/run-vitest.mjs run --config test/vitest/vitest.cli.config.ts src/cli/root-option-value.test.ts

Test Files  1 passed (1)
Tests  3 passed (3)

Whitespace validation:

git diff --check

No output; clean.

Human Verification (required)

• Verified scenarios: Focused CLI helper unit tests; live tsx smoke of token/base64/URL-like inline values; git diff --check.
• Edge cases checked: Empty inline value still returns null; space-separated value parsing still consumes the next token.
• What you did not verify: Full repository suite; live external CLI command carrying a real token.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? (Yes/No): Yes
• Config/env changes? (Yes/No): No
• Migration needed? (Yes/No): No
• If yes, exact upgrade steps: N/A

Risks and Mitigations

• Risk: Changing inline parsing could affect existing root options that contain =.
  • Mitigation: This change preserves the documented separator behavior while retaining the existing trim/null handling; direct tests cover both embedded equals and existing empty/space-separated paths.

[clawsweeper]

Codex review: needs maintainer review before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The branch replaces split("=", 2) with first-separator slicing in takeCliRootOptionValue() and adds a colocated Vitest regression test for embedded equals, empty inline values, and space-separated values.

Reproducibility: yes. at source level: current main uses split("=", 2) in the helper, and the same JavaScript expression drops everything after the second equals sign. I did not run a full CLI command or repo test because this review was required to keep the checkout read-only.

PR rating
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Summary: Normal good PR quality: focused implementation, appropriate regression coverage, supplied real behavior proof, and no blocking findings.

Rank-up moves:

• none

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

PR egg
✨ Hatched: 🌱 uncommon Cosmic Patch Peep

       /\  .---.  /\         
      /  \/     \/  \        
     /   ( -   - )   \       
    |       ._.       |      
    |   /|  ===  |\   |      
     \  \|______/|/  /       
      '._  `--'  _.'         
         '-.__.-'            
       _/|_|  |_|\_          
      /__|      |__\         
       .-----------.         
      '-------------'        

Rarity: 🌱 uncommon.
Trait: collects tiny proofs.
Share on X: post this hatch
Copy: My PR egg hatched a 🌱 uncommon Cosmic Patch Peep in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• How to hatch it: reach status: 👀 ready for maintainer look or status: 🚀 automerge armed; that usually means sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

Real behavior proof
Sufficient (live_output): The PR body supplies after-fix copied live terminal output from a local Linux/Node checkout plus a focused passing Vitest command for the changed helper.

Risk before merge
Why this matters: - I did not run repository tests in this read-only review; merge should still rely on CI or the focused command reported in the PR body.

• Inline invalid profile values such as --profile=foo=bar will now reach profile validation as foo=bar instead of being silently truncated to foo, which is consistent with the fix but is the main behavior delta to be aware of.

Maintainer options:

1. Decide the mitigation before merge
   Land the focused parser fix with its regression test after normal CI/merge checks, then let the linked bug close through the PR.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
No repair lane is needed because the proposed branch already contains the focused code and test change; the remaining action is normal review, CI, and merge judgment.

Security
Cleared: The diff only changes in-repo CLI parsing and adds tests; it introduces no dependencies, workflows, network calls, permissions, or credential exposure.

Review details

Best possible solution:

Land the focused parser fix with its regression test after normal CI/merge checks, then let the linked bug close through the PR.

Do we have a high-confidence way to reproduce the issue?

Yes at source level: current main uses split("=", 2) in the helper, and the same JavaScript expression drops everything after the second equals sign. I did not run a full CLI command or repo test because this review was required to keep the checkout read-only.

Is this the best way to solve the issue?

Yes; slicing after the first separator is the narrow maintainable fix for inline --flag=value parsing, and the added helper tests cover both the regression and existing empty/space-separated behavior.

Label justifications:

• P2: This is a normal-priority CLI parsing bug fix with limited blast radius and focused coverage.

What I checked:

• Current source truncates embedded equals: Current main still uses raw.split("=", 2) in takeCliRootOptionValue(), and a read-only Node expression showed --container=abc=def resolves to abc under that split behavior while the proposed slice resolves to abc=def. (src/cli/root-option-value.ts:11, ff871e162aaf)
• Affected helper is on the root option path: parseCliProfileArgs() and parseCliContainerArgs() both call takeCliRootOptionValue() for inline root options, so the helper change is on the implicated CLI parsing path. (src/cli/profile.ts:54, ff871e162aaf)
• PR diff is focused: The provided PR diff changes one parser line to raw.slice(raw.indexOf("=") + 1) and adds src/cli/root-option-value.test.ts coverage for embedded equals signs, empty inline values, and space-separated values. (src/cli/root-option-value.ts:11, 4486b7ec518c)
• Proof supplied in PR body: The PR body includes copied live terminal output from a local Linux Node v22.21.1 checkout showing abc=def, abc==, and a URL query value preserved after the patch, plus a focused node scripts/run-vitest.mjs ... src/cli/root-option-value.test.ts run passing 3 tests. (src/cli/root-option-value.test.ts:1, 4486b7ec518c)
• Feature history and provenance: The current helper line blames to the release-prep/appcast commits, while the underlying CLI root-option features trace to prior profile and container CLI work by Peter Steinberger and Sally O'Malley. (src/cli/root-option-value.ts:11, 46d53d3b593a)

Likely related people:

• Peter Steinberger: Introduced --dev/--profile CLI profiles and recently refactored shared CLI routing metadata around the affected root-option path. (role: recent CLI area contributor; confidence: high; commits: c6de1b1f7d1f, f43aba40a2c5, 50a2481652b6; files: src/cli/profile.ts, src/infra/cli-root-options.ts, src/cli/root-option-value.ts)
• Sally O'Malley: Authored the containerized CLI targeting feature that added --container parsing and tests on the same root-option helper path. (role: container CLI feature introducer; confidence: medium; commits: 91adc5e718eb, e5d0d810e118; files: src/cli/container-target.ts, src/cli/container-target.test.ts, src/infra/cli-root-options.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against ff871e162aaf.

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞🔧
ClawSweeper automerge is enabled.

• Head: 4486b7ec518c
• Label: clawsweeper:automerge
• Action: repair worker queued. Run: https://github.com/openclaw/clawsweeper/actions/runs/26093891867
• Flow: review this head, repair/rebase only if needed, then re-review the exact repaired head before merge.

Draft PRs stay fix-only until GitHub marks them ready for review. Pause with /clawsweeper stop.

Automerge progress:

• 2026-05-19 11:19:02 UTC review queued 4486b7ec518c (queued)

• 2026-05-19 11:21:10 UTC repair queued 4486b7ec518c (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26093891867

• 2026-05-19 11:23:59 UTC repair started (running) in 0s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093891867 automerge-openclaw-openclaw-83995

• 2026-05-19 11:24:15 UTC validation plan (passed) in 16s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093891867 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-19 11:24:30 UTC Codex write preflight (passed) in 31s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093891867 danger-full-access

• 2026-05-19 11:27:49 UTC Codex edit 1 a4bef79bfe08 (complete) in 3m 51s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093891867 exit 0

• 2026-05-19 11:32:11 UTC validation and review 1 8a15801e7994 (complete) in 8m 12s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093891867 already-current

• 2026-05-19 11:32:53 UTC repair finished 8a15801e7994 (opened) in 8m 55s Run: https://github.com/openclaw/clawsweeper/actions/runs/26093891867 open_fix_pr

[clawsweeper]

ClawSweeper 🐠 reef update

Thanks for the contribution here. ClawSweeper could not safely push to this branch, so it opened a replacement PR from a writable branch and carried the contributor trail along with it.

Why replacement: ClawSweeper could not update the source PR branch directly; GitHub did not grant sufficient push rights to the bot for that branch.
Replacement PR: #84107
Why close: this run explicitly closes the superseded source PR after the credited replacement PR is open, so review continues in one place.
Closing this source PR only because source-PR closing was explicitly enabled for this run.
The original contribution stays credited in the replacement PR context.
Co-author credit kept:

• @ThiagoCAltoe: Co-authored-by: Thiago Costa 71539514+ThiagoCAltoe@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against 8a15801.