fix(control-ui): save generated raw config text

[BlackFrameAI]

What changed

• Removes the save-time rejection for raw mode when the current snapshot did not include original raw text.
• Adds a controller test proving saveConfig submits the already-generated raw config text with the snapshot base hash.

Why

applyConfigSnapshot can populate configRaw by serializing editable structured config when snapshot.raw is absent. Once that generated raw text exists, the save path should submit it like any other raw draft.

The previous guard checked only whether the snapshot originally contained raw text. That rejected a valid generated raw draft even though configRaw already held the text that should be saved.

Real behavior proof

• Behavior or issue addressed: A live Control UI raw draft generated from structured config submits through config.set even when the snapshot did not include raw text.
• Real environment tested: WSL Ubuntu 24.04 local OpenClaw setup, OpenClaw 2026.5.25, token-authenticated Control UI at http://127.0.0.1:18789/config, backed by running OpenClaw gateway processes from /home/icon/CodexOps/OpenClaw/dist/index.js.
• Exact steps or command run after this patch: Loaded the token-authenticated Control UI in headless Chrome, opened Settings -> Advanced -> Raw, confirmed the live snapshot had no raw string, staged a raw-mode draft in the page, clicked Save, and intercepted the browser client request to inspect the outgoing payload without mutating the real config file.
• Evidence after fix:

livePageBefore={"mode":"raw","snapshotRawIsString":false,"snapshotRawType":"object","hasSourceConfig":true,"hasConfig":true,"generatedRawLength":25322,"hashPrefix":"78b0f6f64637"}
capturedRequests=[{"method":"config.set","rawLength":25323,"rawPrefix":"{\n  \"meta\": {\n    \"lastTouchedVersion\": ","baseHashMatches":true},{"method":"config.get","rawLength":null,"rawPrefix":null,"baseHashMatches":false}]

• Observed result after fix: Clicking Save in raw mode produced a config.set request containing generated raw text and the live snapshot base hash even though snapshot.raw was not a string. The request was intercepted only to avoid modifying the local operator config during proof capture.
• What was not tested: No live config file write was allowed during proof capture; the payload and base hash were verified before network mutation.

Validation

• pnpm --dir ui test src/ui/controllers/config.test.ts

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed May 25, 2026, 9:06 PM ET / 01:06 UTC.

Summary
Review failed before ClawSweeper could summarize the requested change.

PR surface: Source -3, Tests +23. Total +20 across 2 files.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Review metrics: none identified.

Merge readiness
Overall: 🌊 off-meta tidepool
Proof: 🌊 off-meta tidepool
Patch quality: 🌊 off-meta tidepool
Result: rating does not apply to this item.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• No close action taken because the review did not complete.

Maintainer options:

1. Decide the mitigation before merge
   Retry the Codex review after fixing the execution failure.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Codex review notes: model gpt-5.5, reasoning high; reviewed against c9364f03dcbb.

Label changes

Label changes:

• add rating: 🌊 off-meta tidepool: Overall readiness is 🌊 off-meta tidepool; proof is 🌊 off-meta tidepool and patch quality is 🌊 off-meta tidepool.
• remove P2: Current review triage priority is none.
• remove rating: 🧂 unranked krab: Current PR rating is rating: 🌊 off-meta tidepool, so this older rating label is no longer current.
• remove merge-risk: 🚨 compatibility: Current PR review selected no merge-risk labels.
• remove merge-risk: 🚨 security-boundary: Current PR review selected no merge-risk labels.
• remove status: 📣 needs proof: Current PR status no longer selects a status label.

Label justifications:

• rating: 🌊 off-meta tidepool: Overall readiness is 🌊 off-meta tidepool; proof is 🌊 off-meta tidepool and patch quality is 🌊 off-meta tidepool.

Evidence reviewed

PR surface:

Source -3, Tests +23. Total +20 across 2 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	1	0	3	-3
Tests	1	23	0	+23
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	2	23	3	+20

What I checked:

• failure reason: timeout.
• codex failure detail: Codex review failed for this PR: spawnSync codex ETIMEDOUT.
• codex stdout: Per-item Codex failure; continuing with the rest of the shard.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg

🥚 Incubating: this PR egg is tucked into the review nest.

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[BlackFrameAI]

Closing this split PR as superseded by #86700. Raw-mode availability and generated-raw submit behavior are coupled, so they are now combined in one replacement PR.