Fix Workboard status persistence

[BunsDev]

Summary

• Fixes Workboard status persistence so explicit manual choices from edit saves and drag/move operations are not bounced by stale linked session/task lifecycle sync.
• Records lifecycle status provenance with metadata.lifecycleStatusSourceUpdatedAt and persists it through the Workboard SQLite store so stale Gateway writes cannot survive reloads or other tabs.
• Keeps non-status lifecycle syncs working after manual edits, including execution/stale metadata updates, and fixes edit-modal selected-value persistence in the Lit view.
• Adds store/controller guards for stale lifecycle responses that arrive after a newer manual status transition, including status-only stale writes that should be true no-ops.

Closes #88592.
Supersedes the partial approach in #88957: generic updatedAt freshness is not specific enough to distinguish manual status intent from lifecycle status provenance, and it does not cover persisted/store-side stale writes.

Verification

• node scripts/run-vitest.mjs ui/src/ui/controllers/workboard.test.ts ui/src/ui/views/workboard.test.ts extensions/workboard/src/store.test.ts extensions/workboard/src/gateway.test.ts --reporter=verbose -> 85 UI tests and 77 Workboard extension/gateway tests passed.
• node scripts/run-vitest.mjs --config test/vitest/vitest.ui-e2e.config.ts --configLoader runner ui/src/ui/e2e/workboard-status-persistence.e2e.test.ts --reporter=verbose -> browser E2E passed after the final head, proving edit/reopen persistence and drag/status persistence against mocked Gateway traffic.
• node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.core.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/core-test.tsbuildinfo -> passed.
• node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.extensions.test.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/extensions-test.tsbuildinfo -> passed.
• node scripts/run-oxlint.mjs extensions/workboard/src/sqlite-store.ts extensions/workboard/src/store.test.ts extensions/workboard/src/store.ts extensions/workboard/src/types.ts ui/src/ui/controllers/workboard.test.ts ui/src/ui/controllers/workboard.ts ui/src/ui/e2e/workboard-status-persistence.e2e.test.ts ui/src/ui/views/workboard.test.ts ui/src/ui/views/workboard.ts -> passed.
• git diff --check -> passed.
• .agents/skills/autoreview/scripts/autoreview --mode local --no-web-search -> clean, no accepted/actionable findings on the final E2E lint fix before commit 9a8ae5a8ec.

[Copilot]

Pull request overview

This PR fixes Workboard card edit + drag status persistence by recording lifecycle-status provenance (metadata.lifecycleStatusSourceUpdatedAt) and using it to prevent stale linked session/task lifecycle sync from overwriting explicit operator moves/edits, including across reloads and persisted SQLite state.

Changes:

• Add lifecycle status provenance (lifecycleStatusSourceUpdatedAt) to card metadata, propagate it through UI lifecycle sync and persist it in the Workboard SQLite store.
• Add lifecycle-sync guards (including in-flight manual transitions) so stale lifecycle updates don’t “bounce” cards back to prior statuses while still allowing execution/stale-metadata sync.
• Fix edit modal select-value persistence and add controller/view + Playwright E2E regression coverage.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
ui/src/ui/views/workboard.ts	Updates modal <select> rendering so draft selections persist correctly on rerender/reopen.
ui/src/ui/views/workboard.test.ts	Adds view regression coverage for reopened modal reflecting saved values.
ui/src/ui/e2e/workboard-status-persistence.e2e.test.ts	Adds Playwright E2E covering edit persistence + drag-to-running not bouncing due to stale lifecycle.
ui/src/ui/controllers/workboard.ts	Introduces lifecycle provenance tracking + stale/in-flight guards for lifecycle status sync.
ui/src/ui/controllers/workboard.test.ts	Adds controller regressions for stale/fresh lifecycle behaviors around manual save/drag and response races.
extensions/workboard/src/types.ts	Extends metadata type to include lifecycle provenance field.
extensions/workboard/src/store.ts	Persists lifecycle provenance and adds store-side stale-write defense logic.
extensions/workboard/src/store.test.ts	Adds store regressions ensuring provenance is stored/cleared correctly and blocks stale lifecycle writes.
extensions/workboard/src/sqlite-store.ts	Bumps schema version and persists provenance field through SQLite column + read/write plumbing.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 3, 2026, 8:00 AM ET / 12:00 UTC.

Summary
The branch adds Workboard lifecycle status provenance, persists it through SQLite, guards UI/store stale lifecycle status writes, fixes modal selected-state persistence, and adds focused unit/E2E coverage.

PR surface: Source +278, Tests +1729. Total +2007 across 10 files.

Reproducibility: yes. at source level: current main can write linked lifecycle status and then replace card state after manual edit/move paths, matching the reported bounce and non-persistence behavior. I did not run the UI because this review was read-only.

Review metrics: 1 noteworthy metric.

• Persisted Workboard state surfaces: 1 SQLite column added, 1 metadata field added. The migration and metadata round trip are the main upgrade-sensitive surfaces maintainers should notice before merge.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• none.

Risk before merge

• [P1] The PR adds one persisted Workboard SQLite column and one metadata field, so existing Workboard databases depend on the schema migration and round trip remaining correct on the final merge head.
• [P1] The PR intentionally changes Workboard session-state precedence so manual/non-default card status is not overwritten by older linked session/task lifecycle status, while non-status lifecycle metadata still syncs.

Maintainer options:

1. Accept the Workboard precedence change (recommended)
   A maintainer can land after explicitly accepting that manual Workboard choices outrank older linked lifecycle writes and final required checks are green.
2. Require upgrade proof first
   If the persisted-state risk is not yet acceptable, ask for or run an upgrade smoke against an existing v1 Workboard SQLite database before merge.
3. Pause if lifecycle should stay authoritative
   If maintainers want linked session/task lifecycle to remain the source of truth for status, pause this PR and choose a narrower policy before landing either competing implementation.

Next step before merge

• [P2] Protected maintainer-labeled PR has no narrow automated repair finding; a maintainer should accept the upgrade/session-state risks and land or redirect it.

Security
Cleared: The diff does not add dependencies, workflows, secrets handling, or new third-party execution; the SQLite schema helper uses internal constant table/column definitions.

Review details

Best possible solution:

Land this PR only after maintainer acceptance of the Workboard SQLite provenance migration and manual-over-stale-lifecycle precedence; after merge, retire the superseded partial approach at #88957.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level: current main can write linked lifecycle status and then replace card state after manual edit/move paths, matching the reported bounce and non-persistence behavior. I did not run the UI because this review was read-only.

Is this the best way to solve the issue?

Yes, this appears to be the best maintainable fix shape: it stores lifecycle-specific provenance and enforces the stale-status guard in both UI and store, instead of relying on host-local state or generic card updatedAt freshness.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 409d1a713541.

Label changes

Label changes:

• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body and final-head comment provide concrete local unit/E2E commands plus browser and live Gateway proof descriptions for the changed Workboard behavior.

Label justifications:

• P2: This is a normal-priority Workboard bug fix with limited blast radius but real session-state impact for users of the optional Workboard plugin.
• merge-risk: 🚨 compatibility: The PR adds persisted SQLite schema and metadata state that existing Workboard databases must migrate and preserve correctly.
• merge-risk: 🚨 session-state: The PR changes how linked session/task lifecycle status competes with manual Workboard status changes.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (logs): The PR body and final-head comment provide concrete local unit/E2E commands plus browser and live Gateway proof descriptions for the changed Workboard behavior.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body and final-head comment provide concrete local unit/E2E commands plus browser and live Gateway proof descriptions for the changed Workboard behavior.

Evidence reviewed

PR surface:

Source +278, Tests +1729. Total +2007 across 10 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	5	298	20	+278
Tests	5	1733	4	+1729
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	10	2031	24	+2007

What I checked:

• Repository policy read: Root AGENTS.md plus scoped extensions/AGENTS.md and ui/AGENTS.md were read; root policy treats persisted state, plugin behavior, and session-state precedence as compatibility-sensitive review surfaces. (AGENTS.md:17, 409d1a713541)
• Current-main bug path: Current main syncs linked lifecycle status into card updates whenever shouldSyncCardStatus is true and then replaces local card state with the full update response, which explains stale lifecycle responses bouncing manual status choices. (ui/src/ui/controllers/workboard.ts:1624, 409d1a713541)
• PR controller fix: The PR adds lifecycle source timestamps, pending status transition guards, stale lifecycle status suppression, and response-time stale replacement checks in the Workboard controller. (ui/src/ui/controllers/workboard.ts:1428, 3bd0e2da5d93)
• PR store and migration fix: The PR adds a lifecycle_status_source_updated_at SQLite column, reads/writes it into metadata, and strips stale status writes while preserving non-status metadata updates in the store. (extensions/workboard/src/store.ts:2637, 3bd0e2da5d93)
• Regression coverage: The PR adds store/controller regressions for manual status provenance, stale lifecycle suppression, non-status stale metadata updates, creation status preservation, and a browser E2E for edit/reopen plus drag persistence. (ui/src/ui/e2e/workboard-status-persistence.e2e.test.ts:187, 3bd0e2da5d93)
• Dependency and protocol contract spot-check: The gateway TaskSummary protocol allows optional updatedAt, but the core tasks.list mapper supplies updatedAt from task timing; the PR also explicitly tests that sessions without lifecycle provenance do not drive status sync. (src/gateway/server-methods/tasks.ts:66, 409d1a713541)

Likely related people:

• BunsDev: Authored this PR and the recently merged Workboard keyboard movement controls that use the same status movement path; also recent Workboard dialog hardening appears under the same display name in git history. (role: recent area contributor; confidence: high; commits: be336cc1e489, 529282dcff29, 3bd0e2da5d93; files: ui/src/ui/views/workboard.ts, ui/src/ui/controllers/workboard.ts, extensions/workboard/src/store.ts)
• Vincent Koc: The shallow current-main blame points the central Workboard files at the current main baseline commit, but the commit subject is not Workboard-specific, so this is a weak routing signal only. (role: adjacent recent integrator; confidence: low; commits: 6d788a237c3a; files: ui/src/ui/controllers/workboard.ts, extensions/workboard/src/store.ts, extensions/workboard/src/sqlite-store.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[BunsDev]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26848867147
• Updated: 2026-06-02T21:30:32.045Z

[BunsDev]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26858678353
• Updated: 2026-06-03T01:52:37.187Z

[BunsDev]

Final-head Workboard proof for 3bd0e2da5d93da9fc09a67e04e19fb5ee35dad87 after rebasing onto current origin/main.

Verification run locally:

• node scripts/run-vitest.mjs extensions/workboard/src/store.test.ts extensions/workboard/src/gateway.test.ts --reporter=verbose
• node scripts/run-vitest.mjs ui/src/ui/controllers/workboard.test.ts ui/src/ui/views/workboard.test.ts --reporter=verbose
• node scripts/run-vitest.mjs --config test/vitest/vitest.ui-e2e.config.ts --configLoader runner ui/src/ui/e2e/workboard-status-persistence.e2e.test.ts ui/src/ui/e2e/workboard.e2e.test.ts --reporter=verbose
• corepack pnpm tsgo:core:test
• corepack pnpm tsgo:extensions:test
• node scripts/run-oxlint.mjs extensions/workboard/src/sqlite-store.ts extensions/workboard/src/store.test.ts extensions/workboard/src/store.ts extensions/workboard/src/types.ts ui/src/ui/controllers/workboard.test.ts ui/src/ui/controllers/workboard.ts ui/src/ui/e2e/workboard-status-persistence.e2e.test.ts ui/src/ui/e2e/workboard.e2e.test.ts ui/src/ui/views/workboard.test.ts ui/src/ui/views/workboard.ts
• git diff --check
• .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main clean: no accepted/actionable findings.

Browser proof artifacts:

• /Users/buns/.codex/worktrees/74e7/openclaw/.artifacts/control-ui-e2e/workboard/manifest.json
• videos: workboard-writable.webm, workboard-read-only.webm
• artifact dir contains only the named screenshots, named videos, and manifest.json; no raw page@*.webm leftovers.

Live Gateway proof:

• /Users/buns/.codex/worktrees/74e7/openclaw/.artifacts/live-workboard/proof/12-live-review-success.png
• Real model/auth path verified with a successful Gateway session moving the Workboard card to Review.

Remaining live gap:

• Read-only operator behavior is covered by the mocked browser E2E, not by the live Gateway run.

Maintainer acceptance note:

• This PR intentionally changes persisted Workboard state by adding lifecycle status provenance metadata and a SQLite column.
• It also changes precedence so manual/non-default creation Workboard status is not overwritten by older linked session/task lifecycle status, while non-status lifecycle data still syncs.