fix: use target default branch in repair plans

[TurboTheTurtle]

Summary

• Preserve target repository default branches in repair planning instead of hard-coding main.
• Preserve target_branch through repair comment-router dispatch, event review payload resolution, and both sweep.yml manual/scheduled planning fallbacks.
• Restore the manual apply_min_age_minutes workflow input; to keep the workflow_dispatch input count under GitHub's limit, retire only the manual apply_progress_every logging-cadence input and keep the internal default at 10.
• Avoid passing an empty router target_branch argument so omitted branch dispatches stay omitted instead of becoming true.

Review follow-up

• Follow-up 3da99c9137 added the manual target_branch input and first fallback path.
• Follow-up 9c987f3e24 fixed the second sweep.yml planning resolver that still ignored github.event.inputs.target_branch.
• Follow-up 7af72ed163 restores minute-level apply throttling by bringing back apply_min_age_minutes, preserving it through continuation dispatches, and dropping only apply_progress_every from the manual input surface.
• Follow-up 5b2df8c102 appends --target-branch only when non-empty in both repair comment-router jobs, with config coverage for the omitted-branch default.
• Regression coverage requires both sweep.yml target-branch resolver blocks to read github.event.inputs.target_branch under workflow_dispatch before falling back to client_payload or main, verifies the dispatch input count stays under GitHub's limit, and verifies the router only passes --target-branch when non-empty.

Live proof

Direct GitHub Actions workflow dispatch from this account is still blocked by repository permissions:

gh workflow run sweep.yml --repo openclaw/clawsweeper --ref codex/clawsweeper-default-branch \
  -f target_repo=openclaw/voice-community \
  -f target_branch=regional-ops-sop \
  -f batch_size=1 \
  -f shard_count=1 \
  -f codex_timeout_ms=120000 \
  -f apply_after_review=false

could not create workflow dispatch event: HTTP 403: Must have admin rights to Repository.

Positive non-main-default checkout proof against the real OpenClaw target repo:

proof-target repo=openclaw/voice-community branch=regional-ops-sop
default-branch=regional-ops-sop
remote-head=17778d416139f5b468e88ddbdeb6ba99fb20b0ea
Cloning into '/var/folders/sl/5dkd3zq12dv65j6jx57zq1hc0000gn/T/tmp.jyZgQnh3qg/target'...
checked-out-branch=regional-ops-sop
checked-out-head=17778d416139f5b468e88ddbdeb6ba99fb20b0ea
tracked-remote=origin/regional-ops-sop

Validation

• pnpm run format && pnpm run build:repair && node --test test/repair/workflow-sparse-checkout.test.ts test/clawsweeper.test.ts --test-name-pattern 'sweep workflow preserves|workflow_dispatch input count|review continuations' (371 tests passed)
• pnpm run format && pnpm run build:repair && node --test test/repair/workflow-sparse-checkout.test.ts test/repair/comment-router-config.test.ts test/clawsweeper.test.ts --test-name-pattern 'target branch|comment router|workflow_dispatch input count|review continuations' (373 tests passed)
• pnpm run check (passed on Node v24.15.0: active surface, limits, build, lint, unit, repair, changed coverage, full coverage, format)

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 14, 2026, 4:08 PM ET / 20:08 UTC.

Summary
The PR preserves target branch/default-branch routing across repair planning, comment-router dispatch, sweep workflow fallback paths, and focused repair tests.

Reproducibility: yes. Current main is source-reproducible: plan-cluster.ts hard-codes branches/main, and both relevant sweep.yml branch resolvers fall back to main when the target branch is not carried through.

Review metrics: 2 noteworthy metrics.

• Workflow input surface: 1 added, 1 removed. The PR adds manual target_branch and removes manual apply_progress_every, so saved workflow_dispatch callers are the main compatibility surface.
• Changed surface: 2 workflows, 3 repair source files, 4 test files. The behavior crosses GitHub Actions, comment-router config/dispatch, and repair planning, so focused tests do not fully settle live automation risk.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• none.

Risk before merge

• [P1] Retiring the manual apply_progress_every workflow_dispatch input can break saved operator dispatch commands that still pass that input, even though the runtime default stays at 10.
• [P1] The branch-routing changes affect live review, repair, and comment-router dispatch paths; the PR has focused tests and terminal checkout proof, but no successful direct sweep.yml dispatch because GitHub rejected the contributor's workflow_dispatch attempt with HTTP 403.

Maintainer options:

1. Accept the input tradeoff
   Maintainers can merge this as-is if preserving target-branch routing is worth retiring manual apply_progress_every and keeping the fixed internal progress default.
2. Choose a different input tradeoff
   If apply_progress_every compatibility matters more, revise the workflow input surface before merge while keeping the same target-branch propagation coverage.

Next step before merge

• [P2] Maintainers need to accept or revise the manual workflow input compatibility tradeoff before merge; there is no narrow automation repair to request.

Security
Cleared: The diff changes workflows and repair dispatch code but does not add third-party execution, broaden secrets or permissions, or introduce a concrete supply-chain concern.

Review details

Best possible solution:

Merge the branch-preservation fix only after maintainers accept or revise the manual workflow input compatibility tradeoff for operators.

Do we have a high-confidence way to reproduce the issue?

Yes. Current main is source-reproducible: plan-cluster.ts hard-codes branches/main, and both relevant sweep.yml branch resolvers fall back to main when the target branch is not carried through.

Is this the best way to solve the issue?

Yes, with a maintainer tradeoff. Preserving target_branch through planning and router dispatch is the narrow fix, but retiring one manual workflow input is a compatibility decision maintainers need to own.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against a9b17a1e94ca.

Label changes

Label justifications:

• P1: The PR fixes branch routing in live ClawSweeper review and repair automation, which can block real non-main-default target repos.
• merge-risk: 🚨 compatibility: The workflow input surface changes by retiring manual apply_progress_every, which can break saved operator dispatch commands.
• merge-risk: 🚨 automation: The diff changes GitHub Actions and comment-router dispatch payloads that control review and repair job routing.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes terminal proof that a real non-main-default OpenClaw target repo checked out the expected branch and explains why direct workflow dispatch proof was blocked by repository permissions.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes terminal proof that a real non-main-default OpenClaw target repo checked out the expected branch and explains why direct workflow dispatch proof was blocked by repository permissions.

Evidence reviewed

What I checked:

• Repository policy read: AGENTS.md was read fully; its conservative automation-safety guidance is relevant because this PR changes sweep and repair workflow behavior. (AGENTS.md:3, a9b17a1e94ca)
• Current main hard-codes repair plan branch lookup: Current main still fetches repos/${repo}/branches/main and labels the result as main in fetchMainBranch, so the central behavior is not already implemented on main. (src/repair/plan-cluster.ts:717, a9b17a1e94ca)
• Current main drops manual/event target branch fallback: Current main resolves the event review and sweep target branch from client_payload.target_branch || 'main', including the second planning resolver that ignores workflow_dispatch target_branch. (.github/workflows/sweep.yml:180, a9b17a1e94ca)
• PR diff threads branch state through routing: The PR adds target_branch config/dispatch handling, fetches the target repository default branch before branch hydration, and adds focused workflow/config tests for non-empty and omitted target branches. (src/repair/comment-router.ts:1976, 600df9e0cbea)
• Related issue remains canonical context: clawsweeper re-review fails for repos with default branch of 'master' instead of 'main' #252 is open and reports the same non-main default-branch re-review failure mode; this PR is a useful implementation candidate rather than obsolete work.
• Real target proof matches PR body: The reported proof target openclaw/voice-community currently advertises regional-ops-sop as its default branch, and that branch resolves to the SHA shown in the PR body.

Likely related people:

• Peter Steinberger: Current-main blame for fetchMainBranch, sweep target-branch fallback, and repair comment-router workflow lines points to cd1594bc; recent logs show repeated changes across the same automation files. (role: current automation surface owner and recent area contributor; confidence: high; commits: cd1594bc3794, 86d0ca37755b, 10ed1f76d15d; files: src/repair/plan-cluster.ts, .github/workflows/sweep.yml, src/repair/comment-router.ts)
• joshavant: Recent commits changed exact-review capacity and workflow defaults in .github/workflows/sweep.yml, which is adjacent to the branch-routing and workflow input surface touched here. (role: recent workflow contributor; confidence: medium; commits: be65dd0db8a3, 2e4282b3acfc, 4e6f4135e291; files: .github/workflows/sweep.yml)
• Momo: Recent merged work touched workflow status publishing and comment-router-adjacent behavior in the same automation area. (role: adjacent workflow/status contributor; confidence: low; commits: 429a73be116e; files: .github/workflows/sweep.yml, src/repair/comment-router.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[TurboTheTurtle]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27193200784
• Updated: 2026-06-09T08:23:39.322Z

[TurboTheTurtle]

@clawsweeper re-review

Follow-up pushed in 3da99c9: sweep.yml now preserves manual target_branch fallback, keeps the workflow_dispatch input count under the GitHub limit by dropping the minute-level apply input, and the body includes the full pnpm run check validation.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

[TurboTheTurtle]

@clawsweeper re-review

Follow-up pushed in 9c987f3: fixed the second sweep.yml planning resolver that still ignored github.event.inputs.target_branch, strengthened the regression test to require both resolver blocks, and updated the body with full pnpm run check validation plus the GitHub 403 blocker for live manual workflow proof.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27195102261
• Updated: 2026-06-09T09:01:20.722Z

[TurboTheTurtle]

@clawsweeper re-review

Follow-up pushed in 7af72ed: restored apply_min_age_minutes and preserved it through apply continuation dispatches, while retiring only the manual apply_progress_every logging input to stay under the workflow_dispatch input limit. The PR body now includes full pnpm run check validation and positive non-main-default checkout proof for openclaw/voice-community on regional-ops-sop.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27240111076
• Updated: 2026-06-09T22:32:34.893Z

[TurboTheTurtle]

@clawsweeper re-review

Follow-up pushed in 5b2df8c: fixed the empty target_branch router path by appending --target-branch only when non-empty in both route and retry jobs, added omitted-branch config coverage, and reran the requested focused validation plus pnpm run check.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27241334843
• Updated: 2026-06-09T23:06:05.816Z