Skip to content

Stabilize dev identity paths#933

Merged
shanselman merged 1 commit into
mainfrom
stabilize-dev-identity-paths
Jul 7, 2026
Merged

Stabilize dev identity paths#933
shanselman merged 1 commit into
mainfrom
stabilize-dev-identity-paths

Conversation

@shanselman

Copy link
Copy Markdown
Contributor

Summary

  • Centralize standalone release/dev identity path resolution in OpenClaw.Shared.
  • Add --identity release|dev to openclaw and winnode, with OPENCLAW_TRAY_DATA_DIR still taking precedence for isolated runs.
  • Keep PermissionsPage exec-policy remove buttons accessible by giving each icon-only button a stable automation name/id.
  • Tighten pairing-required state publication and transition handling, and dispose the setup keepalive process wrapper after writing the marker.
  • Update winnode skill docs and add regression coverage for identity/path precedence plus source contracts for the stabilization fixes.

Validation

  • dotnet test .\tests\OpenClaw.Tray.Tests\OpenClaw.Tray.Tests.csproj --no-restore --filter "FullyQualifiedName~OperatorCli_DefersIdentityDefaultsUntilAfterArgumentParsing|FullyQualifiedName~GatewayClient_PairingRequiredFlag_UsesVolatileAccess|FullyQualifiedName~PermissionsPage_ExecPolicyRemoveButtons_HaveAccessibleNames|FullyQualifiedName~PairingRequiredDisconnectGuard_RunsInsideTransitionSemaphore|FullyQualifiedName~SetupKeepalive_DisposesProcessWrapperAfterWritingMarker" — 5 passed.
  • dotnet test .\tests\OpenClaw.Shared.Tests\OpenClaw.Shared.Tests.csproj --no-restore --filter "FullyQualifiedName~OpenClawAppIdentityTests" — 6 passed.
  • dotnet test .\tests\OpenClaw.WinNode.Cli.Tests\OpenClaw.WinNode.Cli.Tests.csproj --no-restore --filter "FullyQualifiedName~AuthTokenTests" — 29 passed.
  • .\build.ps1 — passed.
  • dotnet test .\tests\OpenClaw.Shared.Tests\OpenClaw.Shared.Tests.csproj --no-restore — 2703 passed / 31 skipped.
  • dotnet test .\tests\OpenClaw.Tray.Tests\OpenClaw.Tray.Tests.csproj --no-restore — 1584 passed.
  • dotnet test .\tests\OpenClaw.WinNode.Cli.Tests\OpenClaw.WinNode.Cli.Tests.csproj --no-restore — 126 passed.
  • dotnet test .\tests\OpenClaw.Connection.Tests\OpenClaw.Connection.Tests.csproj --no-restore — 399 passed.
  • dotnet test .\tests\OpenClaw.SetupEngine.Tests\OpenClaw.SetupEngine.Tests.csproj --no-restore — 423 passed.
  • dotnet test .\tests\OpenClaw.Tray.UITests\OpenClaw.Tray.UITests.csproj -r win-x64 --no-restore — 96 passed after one unrelated smoke-test flake reran clean.
  • dotnet build .\src\OpenClaw.Tray.WinUI -c Debug -r win-x64 -p:DevBuild=true --no-restore plus marker check — app-identity.txt: dev.
  • git --no-pager diff --check — passed.
  • Final independent code review — no findings.

Real behavior proof

  • CLI identity override repro fixed: with OPENCLAW_APP_IDENTITY=staging, openclaw --identity release --url ws://127.0.0.1:1 --token test-token --connect-timeout-ms 1000 reached runtime connection handling and did not fail argument parsing; it printed Settings file: ...\OpenClawTray\settings.json and failed only because the test URL was intentionally unreachable.
  • WinUI/Axe proof: OpenClaw.Tray.UITests passed 96/96 with -r win-x64, covering the prior PermissionsPage accessibility failure.
  • Dev identity proof: explicit DevBuild=true produced src\OpenClaw.Tray.WinUI\bin\Debug\net10.0-windows10.0.22621.0\win-x64\app-identity.txt containing dev.

Rubber-duck / review notes

  • Rubber-duck found a real openclaw --identity ordering bug and a pairing request-id publication-order risk.
  • Both were fixed and covered by source contracts / repro proof.
  • Final re-review returned no findings.

Not verified / blocked

  • I attempted to add a DevBuild CI marker lane, but GitHub rejected the push because this OAuth token does not have workflow scope. I removed the workflow edit from this PR; that lane should be added in a follow-up using credentials with workflow permission.
  • No live gateway proof was collected in this PR; the touched gateway behavior is covered by connection tests and source contracts.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
@clawsweeper

clawsweeper Bot commented Jul 7, 2026

Copy link
Copy Markdown

Codex review: needs maintainer review before merge. Reviewed July 6, 2026, 8:59 PM ET / 00:59 UTC.

Summary
The branch adds shared release/dev identity path resolution, --identity selection for openclaw and winnode, pairing/keepalive/UI accessibility stabilization, docs, and regression tests.

Reproducibility: not applicable. as a PR review rather than a standalone bug report; the branch includes a CLI identity override repro, source contracts, and UI validation for the changed behavior.

Review metrics: 2 noteworthy metrics.

  • Diff footprint: 13 files, +395/-37. The patch spans shared identity logic, two CLIs, gateway pairing, setup keepalive, permissions UI, docs, and tests.
  • Reported validation breadth: Build plus shared, tray, winnode, connection, setup, and UI tests. The PR body reports the AGENTS-required build/shared/tray closeout plus focused validation for changed winnode, setup, connection, and UI surfaces.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P2] Add a live gateway pairing-required transition proof if maintainers want runtime evidence for the concurrency guard before merge.

Risk before merge

  • [P1] The PR body explicitly says no live gateway proof was collected for the pairing-state change; tests and source contracts cover it, but maintainers may still want a runtime pairing proof before merge.

Maintainer options:

  1. Decide the mitigation before merge
    Land the stabilization after normal CI and maintainer review, preserving release identity as the default and using explicit --identity or environment selection only for dev/isolated profiles.
  2. Pause or close
    Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

  • No automated repair lane is needed; this review found no concrete patch defect, and the remaining action is normal maintainer review and CI/proof judgment.

Security
Cleared: No concrete security or supply-chain concern found; the diff adds no dependency/workflow execution changes and keeps token lookup within the existing explicit override and validation model.

Review details

Best possible solution:

Land the stabilization after normal CI and maintainer review, preserving release identity as the default and using explicit --identity or environment selection only for dev/isolated profiles.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a PR review rather than a standalone bug report; the branch includes a CLI identity override repro, source contracts, and UI validation for the changed behavior.

Is this the best way to solve the issue?

Yes; centralizing path rules in OpenClaw.Shared and threading identity into the standalone CLIs is a narrow maintainable follow-up to the existing dev/release identity model.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against af9edc74bf04.

Label changes

Label changes:

  • add P2: This is a normal-priority stabilization PR touching CLI identity, local MCP token lookup, gateway pairing state, and permissions accessibility with limited blast radius.
  • add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes copied CLI runtime output, WinUI/Axe validation, and a dev build marker proof; gateway pairing still lacks live runtime proof but is covered by tests/source contracts.
  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🦞 diamond lobster.
  • add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes copied CLI runtime output, WinUI/Axe validation, and a dev build marker proof; gateway pairing still lacks live runtime proof but is covered by tests/source contracts.

Label justifications:

  • P2: This is a normal-priority stabilization PR touching CLI identity, local MCP token lookup, gateway pairing state, and permissions accessibility with limited blast radius.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🦞 diamond lobster.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes copied CLI runtime output, WinUI/Axe validation, and a dev build marker proof; gateway pairing still lacks live runtime proof but is covered by tests/source contracts.
  • proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes copied CLI runtime output, WinUI/Axe validation, and a dev build marker proof; gateway pairing still lacks live runtime proof but is covered by tests/source contracts.
Evidence reviewed

What I checked:

  • Repository policy read and applied: AGENTS.md was read in full; its UI/MCP/gateway proof guidance is relevant because this PR touches winnode docs, permissions UI, gateway pairing state, and setup behavior. (AGENTS.md:33, af9edc74bf04)
  • PR diff surface: The PR diff adds OpenClawAppIdentity, wires identity defaults through openclaw and winnode, moves the pairing-required guard under the transition semaphore, adds accessibility automation metadata, updates skill.md, and adds focused regression tests. (8cffa00040e1)
  • Current main does not already contain the requested stabilization: Current main has no src/OpenClaw.Shared/OpenClawAppIdentity.cs and no --identity/OPENCLAW_APP_IDENTITY matches in the affected CLI/shared test paths, so the branch is not obsolete on main. (src/OpenClaw.Shared/OpenClawAppIdentity.cs, af9edc74bf04)
  • Related identity history: The GitHub search shows merged related work in feat: add dev/release side-by-side app identity #922 and Make dev app identity opt-in #932; this PR is adjacent follow-up rather than a duplicate because it adds standalone CLI/shared path resolution and stabilization tests.
  • Contributor proof and validation in PR body: The PR body reports the required build/shared/tray validation, winnode/connection/setup/UI test coverage, copied CLI identity override output, WinUI/Axe proof, and a dev build identity marker check; it also notes no live gateway proof was collected. (8cffa00040e1)
  • Feature history and routing provenance: Blame/log history ties the current gateway/client/permissions/setup areas to earlier merged work including release baseline commit 4166e0f, side-by-side identity commit dae64b6, connection snapshot commit 74604ae, setup integration commit 698efcc, and winnode CLI PR commit cdbd9e9.

Likely related people:

What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. P2 Normal priority bug or improvement with limited blast radius. labels Jul 7, 2026
@shanselman shanselman merged commit b3a2b4e into main Jul 7, 2026
21 checks passed
@shanselman shanselman deleted the stabilize-dev-identity-paths branch July 7, 2026 01:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

P2 Normal priority bug or improvement with limited blast radius. proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant