Filter ClawSweeper command status activity

[ooiuuii]

Fixes #266.

Summary

• filter bot-authored ClawSweeper command ack/status/progress comment activity before command-like activity handling
• keep explicit human ClawSweeper commands visible to the activity lane
• add a regression test using the #90328 command-status marker shape

Real Behavior Proof

Observed on openclaw/openclaw#90328 after the final manual @clawsweeper re-review: multiple ClawSweeper Dispatch runs were triggered by issue_comment events without new pushes or new manual commands, while ClawSweeper labels/rating/status churned. The status comment body contained marker-backed command/status text such as:

<!-- clawsweeper-command-status:90328:re_review:bc62b391bf7 -->
<!-- clawsweeper-command:4643099431:2026-06-07T15:28:02Z:re_review:bc62b391bf7 -->

After this patch, routineGithubActivityReason treats bot-authored activity containing ClawSweeper command ack/status/progress markers as routine activity before command-like matching, while preserving explicit human command handling.

Supported-runtime after-fix notifier proof using Node 24 and the redacted #90328 marker-backed bot issue_comment.edited event shape:

=== node24 version ===
v24.16.0
=== notifier proof: bot status comment edit is skipped ===
{"status":"skipped","sent":0,"failed":0,"exitCode":0,"reason":"routine GitHub activity filtered: ClawSweeper command status comment"}
=== report reason ===
routine GitHub activity filtered: ClawSweeper command status comment
issue_comment
edited
clawsweeper[bot]
90328

Focused Node 24 regression output, showing explicit commands still route while command-status bot edits are skipped:

✔ routineGithubActivityReason keeps explicit ClawSweeper commands visible (2.931125ms)
✔ routineGithubActivityReason filters ClawSweeper command status comment edits (0.497237ms)
ℹ tests 2
ℹ suites 0
ℹ pass 2
ℹ fail 0
ℹ cancelled 0
ℹ skipped 0
ℹ todo 0
ℹ duration_ms 202.139617

Validation

• pnpm exec oxfmt --check src/repair/notify-github-activity.ts test/repair/notify-github-activity.test.ts
• pnpm run build:repair
• npx -y node@24 dist/repair/notify-github-activity.js --input /tmp/clawsweeper-pr267-proof/status-comment-edited-event.json --event issue_comment --write-report --report /tmp/clawsweeper-pr267-proof/github-activity-report.json
• npx -y node@24 --test --test-name-pattern='routineGithubActivityReason (keeps explicit ClawSweeper commands visible|filters ClawSweeper command status comment edits)' test/repair/notify-github-activity.test.ts
• pnpm run lint:repair -- src/repair/notify-github-activity.ts

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 7, 2026, 1:07 PM ET / 17:07 UTC.

Summary
Adds an early routine-activity filter for bot-authored issue-comment activity containing ClawSweeper command ack/status/progress markers, refactors activity text extraction, and adds a regression test.

Reproducibility: yes. from source inspection: current main computes command-like activity before the bot issue-comment routine filter, so a bot-authored edited comment containing @clawsweeper text can bypass routine filtering. The PR body also documents the openclaw/openclaw#90328 incident and after-fix Node 24 notifier output.

Review metrics: 2 noteworthy metrics.

• Diff size: 2 files changed, +47/-2. The patch is small but touches the GitHub activity dispatch filter that controls automation churn.
• Reported proof surface: 1 Node 24 notifier run and 2 focused tests. The PR body now shows the after-fix skip path and the preserved explicit-command route.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• none.

Risk before merge

• [P1] This changes GitHub activity dispatch filtering; a false positive could suppress a bot-authored issue_comment that maintainers expected to reach the activity lane, although the predicate is narrowed to ClawSweeper command markers.
• [P1] The proof is redacted Node 24 notifier output rather than live post-merge Actions telemetry, so maintainers may still request a live workflow confirmation if they want end-to-end dispatch confidence.

Maintainer options:

1. Merge After Required Checks (recommended)
   Accept the narrowed automation-filtering risk after required checks because the PR includes after-fix Node 24 notifier output and focused regression coverage.
2. Request Live Dispatch Confirmation
   Ask for a redacted Actions or live notifier run if maintainers want proof that a real command-status edit no longer starts another dispatch loop.
3. Narrow The Bot Predicate Further
   If maintainers do not want any bot with ClawSweeper markers filtered, require the predicate to match only trusted ClawSweeper bot identities before merge.

Next step before merge

• No automated repair is needed; maintainers should review and accept the activity-filtering risk after required checks.

Security
Cleared: The diff changes local TypeScript filtering logic and tests without adding dependencies, permissions, secrets handling, or external code execution paths.

Review details

Best possible solution:

Land the narrow marker-backed bot issue-comment filter with its regression coverage once required checks pass and maintainers accept the automation-surface risk.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection: current main computes command-like activity before the bot issue-comment routine filter, so a bot-authored edited comment containing @clawsweeper text can bypass routine filtering. The PR body also documents the openclaw/openclaw#90328 incident and after-fix Node 24 notifier output.

Is this the best way to solve the issue?

Yes. Filtering ClawSweeper marker-backed bot issue_comment activity before command-like matching is a narrow repair that preserves explicit human commands and adds focused regression coverage.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 413ef258a1ef.

Label changes

Label changes:

• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix Node 24 terminal output showing the redacted marker-backed bot issue_comment.edited event is skipped with the expected routine reason.
• add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes after-fix Node 24 terminal output showing the redacted marker-backed bot issue_comment.edited event is skipped with the expected routine reason.
• remove status: 📣 needs proof: Current PR status label is status: 👀 ready for maintainer look.
• remove rating: 🦪 silver shellfish: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.

Label justifications:

• P1: The PR addresses repeated ClawSweeper Dispatch runs, cancellations, and label churn on real activity without new human commands.
• merge-risk: 🚨 automation: The diff changes the automation activity filter that decides whether GitHub events trigger downstream ClawSweeper dispatch handling.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes after-fix Node 24 terminal output showing the redacted marker-backed bot issue_comment.edited event is skipped with the expected routine reason.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix Node 24 terminal output showing the redacted marker-backed bot issue_comment.edited event is skipped with the expected routine reason.

Evidence reviewed

What I checked:

• Repository policy read: AGENTS.md was read fully; its automation-safe review guidance is relevant because this PR changes ClawSweeper activity filtering. (AGENTS.md:1, 413ef258a1ef)
• Current main command-like bot edits are not filtered: On current main, routineGithubActivityReason computes commandLike before the bot issue-comment filter, so bot-authored issue_comment activity containing command-like text can return null instead of a routine skip. (src/repair/notify-github-activity.ts:379, 413ef258a1ef)
• Normalized issue-comment body is available to the filter: normalizeGithubActivity stores issue_comment text in comment.body_excerpt, and the command matcher reads that field, so the marker-based filter is wired to the same compacted event payload path. (src/repair/notify-github-activity.ts:88, 413ef258a1ef)
• PR diff adds the narrow marker filter: The PR inserts hasCommandStatusMarker before command-like handling and limits the early skip to bot-authored issue_comment activity with ClawSweeper command markers. (src/repair/notify-github-activity.ts:378, 4e28966f1287)
• Regression test covers the incident shape: The PR adds a test with a bot-authored edited issue_comment containing clawsweeper-command-status and clawsweeper-command markers, matching the reported Expose model picker agent runtimes openclaw#90328 status comment. (test/repair/notify-github-activity.test.ts:395, 4e28966f1287)
• After-fix real behavior proof supplied: The updated PR body includes Node 24 terminal output from the notifier against a redacted marker-backed bot issue_comment.edited event, showing status skipped with the expected routine GitHub activity reason, plus focused Node 24 regression output showing both tests pass. (4e28966f1287)

Likely related people:

• steipete: GitHub commit history for src/repair/notify-github-activity.ts shows this account introduced the ClawSweeper event observer and later coalesced GitHub activity observer runs. (role: feature introducer and recent automation contributor; confidence: high; commits: 72b239657688, e3af45c574d3; files: src/repair/notify-github-activity.ts, test/repair/notify-github-activity.test.ts)
• brokemac79: Blame ties command ack/status marker convergence and marker parsing in the adjacent command-status paths to this contributor. (role: adjacent command-status contributor; confidence: high; commits: 556268dff3d9; files: src/repair/comment-router-core.ts, src/repair/update-command-status.ts)
• Tak Hoffman: Local blame in the current checkout attributes the existing routineGithubActivityReason block and explicit-command tests to 1ff140f, making this a useful routing signal for the present code shape. (role: current-line blame contributor; confidence: medium; commits: 1ff140ff; files: src/repair/notify-github-activity.ts, test/repair/notify-github-activity.test.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[ooiuuii]

@clawsweeper re-review

PR body now includes supported Node 24 notifier proof showing the redacted #90328-style bot command-status issue_comment.edited event is skipped with routine GitHub activity filtered: ClawSweeper command status comment, plus Node 24 focused regression output showing explicit human commands remain visible.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27099017882
• Updated: 2026-06-07T17:07:59.260Z