fix(agents): separate heartbeat runtime template

[hxy91819]

Summary

• Move the runtime HEARTBEAT.md bootstrap template to src/agents/templates/ so docs edits no longer change heartbeat behavior.
• Keep non-heartbeat workspace templates loading from docs templates, and update package/release guards so the new runtime template is shipped.
• Add doctor repair for legacy fenced/Related heartbeat templates while preserving user-authored content.

Verification

• pnpm docs:list
• node scripts/run-vitest.mjs src/agents/workspace-templates.test.ts src/commands/doctor-heartbeat-template-repair.test.ts src/flows/doctor-health-contributions.test.ts src/auto-reply/heartbeat.test.ts
• node scripts/run-vitest.mjs test/openclaw-npm-release-check.test.ts
• node scripts/run-vitest.mjs src/commands/doctor-heartbeat-template-repair.test.ts
• node scripts/run-vitest.mjs src/flows/doctor-health-conversion-plan.test.ts
• pnpm exec node scripts/test-projects.mjs test/vitest/vitest.unit-src.config.ts test/vitest/vitest.unit-security.config.ts
• npm pack --dry-run --json --ignore-scripts confirmed src/agents/templates/HEARTBEAT.md is included
• git diff --check

Real behavior proof

Behavior addressed: Default heartbeat workspaces no longer receive docs-only HEARTBEAT.md content that makes an otherwise empty heartbeat file trigger model calls.
Real environment tested: Local Linux worktree with Node 22.21.1 using repo test wrappers.
Exact steps or command run after this patch: Ran the verification commands listed above, including targeted runtime-template, doctor-repair, heartbeat empty-content, release pack guard, and npm dry-run package inclusion checks.
Evidence after fix: Runtime template tests assert src/agents/templates/HEARTBEAT.md has no frontmatter and is effectively empty; doctor repair tests cover legacy fenced/Related templates and user-authored fenced content; npm dry-run includes the runtime heartbeat template path.
Observed result after fix: Targeted Vitest checks passed, the core src/security shard passed after adding the doctor conversion-plan entry, the npm dry-run pack list included src/agents/templates/HEARTBEAT.md, and git diff --check passed.
What was not tested: Full pnpm check/full suite and installed package smoke were not run locally.

---

Package/doctor black-box verification (v2 — updated)

• Provider: docker via Crabbox
• CrabBox run ID: cbx_6dadb5d505eb
• PR head SHA: 6e9d23e
• Tarball filename: openclaw-2026.5.25.tgz

Commands run

Clone at SHA 6e9d23eef3b047f3a50f396e1cf7f4c2f0c2be56 → pnpm install --frozen-lockfile → pnpm pack → npm install -g <tarball> → openclaw doctor --fix (8 workspace variants) → openclaw doctor (diagnostic mode)

Evidence

• Tarball includes package/src/agents/templates/HEARTBEAT.md
• Installed package bootstrap creates clean HEARTBEAT.md
• Bootstrap does not emit "Missing workspace template"
• Doctor repairs fenced+Related legacy heartbeat template (VAL-VRFY-004)
• Doctor repairs plain fenced legacy heartbeat template (VAL-VRFY-008)
• Doctor repairs heading+fenced docs boilerplate heartbeat template (VAL-VRFY-009)
• Doctor preserves user-authored heartbeat content (fenced + - Check email) (VAL-VRFY-005)
• Doctor preserves user-authored heartbeat content (prose + - Run daily check) (VAL-VRFY-010)
• Doctor no-op on clean template (VAL-VRFY-006)
• Doctor diagnostic mode detects legacy template without modifying it (VAL-VRFY-007)

Result: PASS

Gaps/blockers

None

[github-actions]

Dependency Changes Detected

This PR changes dependency-related files. Maintainers should confirm these changes are intentional.

Changed files:

• package.json

Maintainer follow-up:

• Review whether the dependency changes are intentional.
• Inspect resolved package deltas when lockfile, shrinkwrap, or workspace dependency policy changes are present.
• Treat package-lock.json and npm-shrinkwrap.json diffs as security-review surfaces.
• Run pnpm deps:changes:report -- --base-ref origin/main --markdown /tmp/dependency-changes.md --json /tmp/dependency-changes.json locally for detailed release-style evidence.

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

[clawsweeper]

Codex review: passed. Reviewed May 27, 2026, 8:29 AM ET / 12:29 UTC.

Summary
The PR moves the runtime HEARTBEAT.md bootstrap template into src/agents/templates, keeps docs templates as secondary roots for other workspace files, adds a legacy heartbeat-template doctor repair, and updates package guards/tests.

PR surface: Source +281, Tests +283, Docs +11, Config +1, Other 0. Total +576 across 15 files.

Reproducibility: yes. from source inspection: current main loads HEARTBEAT.md from the docs template, and that template includes docs-only lines that make an otherwise empty heartbeat file non-empty to the runtime. I did not run a live heartbeat repro in this read-only review.

Review metrics: 1 noteworthy metric.

• Compatibility Surfaces: 1 default workspace template split, 1 doctor repair added, 1 package files allowlist changed. These surfaces affect fresh installs, packaged runtime bootstrap, and upgrade repair behavior, so they need maintainer-visible compatibility review before merge.

Merge readiness
Overall: 🦞 diamond lobster
Proof: 🦞 diamond lobster
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• Compatibility remains the main merge risk: openclaw doctor --fix may rewrite existing default-agent HEARTBEAT.md files that exactly match known legacy docs templates, so maintainers should intentionally accept that upgrade behavior and keep exact-head package/doctor checks green.

Maintainer options:

1. Accept With Exact-Head Gates (recommended)
   Merge after required CI confirms the current head, accepting the tested doctor repair for pure legacy heartbeat templates.
2. Refresh Package/Doctor Proof
   If maintainers want stricter upgrade evidence, rerun the package install plus openclaw doctor --fix matrix on the current head before merge.
3. Pause If Rewrite Policy Is Unwanted
   Pause or close this branch if maintainers do not want doctor to rewrite legacy heartbeat files automatically, even for exact template matches.

Next step before merge
No ClawSweeper repair is indicated; keep merge gated on exact-head CI/automerge and maintainer acceptance of the compatibility-sensitive doctor repair.

Security
Cleared: No concrete security or supply-chain regression found; the package.json change only expands the npm files allowlist for a runtime template and no lockfile, dependency, script, permission, or download path is changed.

Review details

Best possible solution:

Land the template split with the narrow doctor repair if maintainers accept the compatibility behavior; otherwise keep the runtime/docs separation and revise the repair policy before merge.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection: current main loads HEARTBEAT.md from the docs template, and that template includes docs-only lines that make an otherwise empty heartbeat file non-empty to the runtime. I did not run a live heartbeat repro in this read-only review.

Is this the best way to solve the issue?

Yes. Separating the runtime template from the docs page and adding a narrow doctor repair is the maintainable fix; the compatibility-sensitive part is the exact policy for rewriting legacy user files.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 3e351b718e28.

Label changes

Label justifications:

• P2: This is a normal-priority runtime/doctor bug fix with limited blast radius but real upgrade behavior.
• merge-risk: 🚨 compatibility: Merging changes the shipped heartbeat template source and adds a doctor repair that can rewrite existing legacy workspace files.
• rating: 🦞 diamond lobster: Overall readiness is 🦞 diamond lobster; proof is 🦞 diamond lobster and patch quality is 🦞 diamond lobster.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (terminal): The PR body includes targeted local verification plus a Crabbox docker package/doctor black-box run showing package inclusion, clean bootstrap, legacy repair, diagnostic detection, and user-authored content preservation.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes targeted local verification plus a Crabbox docker package/doctor black-box run showing package inclusion, clean bootstrap, legacy repair, diagnostic detection, and user-authored content preservation.

Evidence reviewed

PR surface:

Source +281, Tests +283, Docs +11, Config +1, Other 0. Total +576 across 15 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	6	306	25	+281
Tests	5	289	6	+283
Docs	2	11	0	+11
Config	1	1	0	+1
Generated	0	0	0	0
Other	1	1	1	0
Total	15	608	32	+576

What I checked:

• Current-main behavior still uses docs template source: On current main, workspace bootstrap template loading still resolves a single docs template directory and docs/reference/templates/HEARTBEAT.md includes fenced docs content plus a Related link, matching the reported coupling between docs edits and runtime heartbeat content. (src/agents/workspace.ts:111, 3e351b718e28)
• PR separates heartbeat runtime loading from docs fallback: The proposed loader uses the runtime template directory for HEARTBEAT.md while searching runtime plus docs directories for non-heartbeat workspace templates. (src/agents/workspace.ts:113, e34e85864c57)
• PR adds bounded doctor repair: The new repair recognizes known legacy docs-wrapped heartbeat templates, leaves custom/unrecognized content unchanged, and only writes the clean runtime template for pure legacy wrappers. (src/commands/doctor-heartbeat-template-repair.ts:98, e34e85864c57)
• Regression tests cover repair and preservation cases: The added tests cover legacy prose, fenced docs templates, current docs-page boilerplate, user-authored fenced content, custom tasks, unrecognized dirty shapes, and pure-template rewrite behavior. (src/commands/doctor-heartbeat-template-repair.test.ts:44, e34e85864c57)
• Package guard includes the new runtime template: The PR allowlists src/agents/templates/ in package.json and updates the npm release check to require src/agents/templates/HEARTBEAT.md rather than the docs heartbeat page. (package.json:118, e34e85864c57)
• Whitespace check passed for the proposed diff: git diff --check produced no output for the PR diff against its recorded base. (e34e85864c57)

Likely related people:

• Peter Steinberger: History shows Peter introduced the docs-backed workspace-template loader and later moved doctor orchestration into flow contributions, both central to this PR's surface. (role: introduced adjacent behavior; confidence: high; commits: 319b4d02a0ab, 7d6d642cb825; files: src/agents/workspace.ts, src/flows/doctor-health-contributions.ts)
• JustYannicc: The effectively-empty heartbeat behavior that makes docs boilerplate matter traces to the heartbeat skip feature commit. (role: introduced heartbeat skip behavior; confidence: medium; commits: dd060288273d; files: src/auto-reply/heartbeat.ts, docs/reference/templates/HEARTBEAT.md)
• Vincent Koc: Current main blame and history show recent broad maintenance on the workspace-template, heartbeat, and doctor-flow files, plus packaged-template release checks. (role: recent area contributor; confidence: medium; commits: 4dfc2cf14a3f, e3c58e04c9; files: src/agents/workspace.ts, src/agents/workspace-templates.ts, src/flows/doctor-health-contributions.ts)
• hxy91819: The PR author also appears in prior merged history as Mason Huang on command/test/dependency surfaces, so they are relevant beyond merely opening this PR. (role: recent contributor on adjacent command/test surfaces; confidence: medium; commits: fbccc18e74, edfa074e0f, d2edb559b9; files: src/commands, test/openclaw-npm-release-check.test.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: ✨ glimmer Cosmic Proofling

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: ✨ glimmer.
Trait: collects tiny proofs.
Image traits: location CI tidepool; accessory tiny test log scroll; palette charcoal, cyan, and signal green; mood sparkly; pose holding its accessory up for inspection; shell paper lantern shell; lighting moonlit rim light; background small green status lights.
Share on X: post this hatch
Copy: My PR egg hatched a ✨ glimmer Cosmic Proofling in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[hxy91819]

@clawsweeper automerge

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=e34e85864c5743692a230020328e84462e8caf05)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-05-27T12:30:24Z
Merge commit: 75221e0550ec

What merged:

• The PR moves the runtime HEARTBEAT.md bootstrap template into src/agents/templates, keeps docs templates ... or other workspace files, adds a legacy heartbeat-template doctor repair, and updates package guards/tests.
• PR surface: Source +281, Tests +283, Docs +11, Config +1, Other 0. Total +576 across 15 files.
• Reproducibility: yes. from source inspection: current main loads HEARTBEAT.md from the docs template, and ... pty heartbeat file non-empty to the runtime. I did not run a live heartbeat repro in this read-only review.

Automerge notes:

• PR branch already contained follow-up commit before automerge: fix(doctor): recognize heartbeat docs boilerplate
• PR branch already contained follow-up commit before automerge: fix(agents): update heartbeat workspace test
• PR branch already contained follow-up commit before automerge: fix(doctor): tighten heartbeat template repair

The automerge loop is complete.

Automerge progress:

• 2026-05-27 09:21:07 UTC review queued 6e9d23eef3b0 (queued)

• 2026-05-27 09:22:01 UTC repair queued 6e9d23eef3b0 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26502611981

• 2026-05-27 09:23:19 UTC repair started (running) in 0s Run: https://github.com/openclaw/clawsweeper/actions/runs/26502611981 automerge-openclaw-openclaw-85416

• 2026-05-27 09:23:37 UTC validation plan (passed) in 18s Run: https://github.com/openclaw/clawsweeper/actions/runs/26502611981 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-27 09:23:53 UTC Codex write preflight (passed) in 34s Run: https://github.com/openclaw/clawsweeper/actions/runs/26502611981 danger-full-access

• 2026-05-27 09:33:35 UTC Codex edit 1 5d7168413271 (complete) in 10m 17s Run: https://github.com/openclaw/clawsweeper/actions/runs/26502611981 exit 0

• 2026-05-27 09:38:46 UTC validation and review 1 e34e85864c57 (base moved) in 15m 27s Run: https://github.com/openclaw/clawsweeper/actions/runs/26502611981 rebased

• 2026-05-27 09:38:50 UTC repair completed e34e85864c57 (branch updated) in 15m 32s Run: https://github.com/openclaw/clawsweeper/actions/runs/26502611981 initial automerge rebase is delegated to Codex repair

• 2026-05-27 09:38:50 UTC review queued e34e85864c57 (after repair)

• 2026-05-27 09:47:22 UTC automerge wait e34e85864c57 (ready) in 24m 3s Run: https://github.com/openclaw/clawsweeper/actions/runs/26502611981 checks and exact-head review are ready

• 2026-05-27 12:30:06 UTC review passed e34e85864c57 (structured ClawSweeper verdict: pass (sha=e34e85864c5743692a230020328e84462e8ca...)

• 2026-05-27 09:47:23 UTC repair finished e34e85864c57 (pushed) in 24m 5s Run: https://github.com/openclaw/clawsweeper/actions/runs/26502611981 repair_contributor_branch

• 2026-05-27 12:22:22 UTC review queued e34e85864c57 (queued)

• 2026-05-27 12:30:27 UTC merged e34e85864c57 (merged by ClawSweeper automerge)