Skip to content

chore(ci): forbid .ai TLD references (regression gate, both domain forms)#2387

Merged
alexey-pelykh merged 2 commits intomainfrom
chore/ci-forbid-remoteclaw-ai-gate
Apr 17, 2026
Merged

chore(ci): forbid .ai TLD references (regression gate, both domain forms)#2387
alexey-pelykh merged 2 commits intomainfrom
chore/ci-forbid-remoteclaw-ai-gate

Conversation

@alexey-pelykh
Copy link
Copy Markdown

@alexey-pelykh alexey-pelykh commented Apr 17, 2026
edited
Loading

Summary

Add a CI gate that forbids .ai TLD references involving the RemoteClaw name, in both directions:

  • Forward domain — remoteclaw.ai (URLs, hostnames)
  • Reverse-DNS — ai.remoteclaw.* (bundle IDs, launch-agent labels, package names)

The fork owns remoteclaw.org only. Without this gate, future PRs (especially upstream syncs from OpenClaw) can silently reintroduce .ai claims after #2382 cleaned the last forward-domain references.

Scope note

#2385 as filed requested the forward-domain pattern only (remoteclaw\.ai). During review the reverse-DNS form was flagged — the fork's reverse-domain is org.remoteclaw per project conventions, and ai.remoteclaw.* is the same .ai TLD claim in different notation. Expanded here to cover both forms in one PR rather than filing a separate follow-up.

Changes

  • scripts/check-no-remoteclaw-ai.mjs — Node gate over git grep -n -E "(remoteclaw\\.ai|ai\\.remoteclaw)", filtered through an allowlist (FILE:path, FILE:dir/, and substring rules). Exit codes: 0 clean / 1 violation / 2 infrastructure error.
  • scripts/ci/remoteclaw-ai-allowlist.txt — documented allowlist with concrete Example: lines per rule type. Self-exempts the two gate-infrastructure files. Also exempts src/daemon/constants{,.test}.ts — these intentionally remember the legacy ai.remoteclaw.* launch-agent labels for migration recognition.
  • package.json"lint:no-remoteclaw-ai" script entry; appended to the check aggregator so the gate runs in the existing CI lint job (AC3 — no new workflow job needed).

Acceptance criteria

  • pnpm lint:no-remoteclaw-ai exits 0 on branch HEAD (clean, with legacy labels allowlisted).
  • Introducing remoteclaw.ai URL in non-allowlisted file → gate fails (adversarial fixture: subdomain sub.remoteclaw.ai matches; remoteclaw-ai hyphen does NOT).
  • Introducing ai.remoteclaw.* reverse-DNS in non-allowlisted file → gate fails. Negative test: org.remoteclaw.* stays clean.
  • Gate runs in the same CI job that runs pnpm check (appended to aggregator; .github/workflows/ci.yml lint job runs pnpm check).
  • Allowlist format documented inline with comment examples per rule type.

Test plan

  • CI green on this PR (all gates + build + test).
  • lint job log shows No forbidden .ai TLD references detected.

Notes

  • No changes to .github/workflows/ci.yml — aggregator wire-up is sufficient per AC3.
  • Two commits on this branch (gate foundation + reverse-DNS expansion); will squash-merge.

Closes #2385

🤖 Generated with Claude Code

@alexey-pelykh
chore(ci): add remoteclaw.ai regression gate
4989b90 
Forbids `remoteclaw.ai` references in tracked files. The fork owns
remoteclaw.org only; `.ai` URLs are stale or upstream drift. Without a
gate, future PRs (especially upstream syncs from OpenClaw) can silently
reintroduce `.ai` URLs after #2382 cleaned the last ones.

- scripts/check-no-remoteclaw-ai.mjs — Node gate over `git grep -n
  "remoteclaw\.ai"`, filtered through an allowlist (supports FILE:path,
  FILE:dir/, and substring rules). Exit 0 clean / 1 violation / 2 infra
  error.
- scripts/ci/remoteclaw-ai-allowlist.txt — documented allowlist with
  concrete Example: lines per rule type. Self-exempts the two
  gate-infrastructure files.
- package.json — `lint:no-remoteclaw-ai` script; appended to the `check`
  aggregator so the gate runs in the same CI `lint` job as `pnpm check`.

Refs: #2385
@alexey-pelykh
chore(ci): expand gate to cover reverse-DNS ai.remoteclaw form
8ee382a 
The fork owns remoteclaw.org only — `.ai` TLD claims are wrong in BOTH
directions. Forward-domain `remoteclaw.ai` was covered; reverse-DNS
form `ai.remoteclaw.*` (bundle IDs, launch-agent labels, package names)
was not.

- Pattern now ERE: `(remoteclaw\.ai|ai\.remoteclaw)` via `git grep -E`.
- Header, success message, and fix hint reframed around the `.ai` TLD
  concern; fix hint suggests both canonical forms (`remoteclaw.org`,
  `org.remoteclaw.*`).
- Allowlist: exempt the legacy daemon launch-agent labels in
  src/daemon/constants{,.test}.ts — these intentionally remember old
  `ai.remoteclaw.*` bundle IDs to recognize and clean them up during
  upgrade migration. The current canonical form is `org.remoteclaw.*`.

Verified:
- Clean on branch HEAD.
- Forward violation (`https://remoteclaw.ai/...`) → exit 1.
- Reverse violation (`ai.remoteclaw.gateway`) → exit 1.
- Negative (`org.remoteclaw.ios`) → exit 0.

Refs: #2385
@alexey-pelykh alexey-pelykh changed the title chore(ci): add remoteclaw.ai regression gate chore(ci): forbid .ai TLD references (regression gate, both domain forms) Apr 17, 2026
@alexey-pelykh alexey-pelykh merged commit 12145fc into main Apr 17, 2026
12 checks passed
@alexey-pelykh alexey-pelykh deleted the chore/ci-forbid-remoteclaw-ai-gate branch April 17, 2026 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add CI gate: forbid remoteclaw.ai references (regression prevention)

1 participant

@alexey-pelykh