- Refactor reviewPass function to identify states with review checks instead of specific review types.
- Introduce review policies (HUMAN, AGENT, AUTO) to control PR review processes based on developer levels.
- Update projectTick to handle review policies and step routing labels for reviewers and testers.
- Add detailed reviewer instructions to templates for clarity on review responsibilities.
- Implement role:level label management, allowing dynamic creation of labels based on project configuration.
- Enhance task_update tool to support state and level updates, ensuring at least one parameter is provided.
- Update work_finish tool to include reviewer actions (approve, reject) in task completion.
- Modify work_start tool to utilize role-level detection for better level assignment.
- Add tests for new functionalities, including review routing and level detection from labels.
- Updated role references from "QA" to "Tester" in workflow and code comments.
- Revised documentation to reflect the new role structure, including role instructions and completion rules.
- Enhanced the testing guide with clearer instructions and examples for unit and E2E tests.
- Improved tools reference to align with the new role definitions and completion rules.
- Adjusted the roadmap to highlight recent changes in role configuration and workflow state machine.
- Introduced ExecutionMode type for project execution modes (parallel, sequential).
- Updated SetupOpts to use ExecutionMode instead of string literals.
- Enhanced workflow states to include a new "In Review" state with appropriate transitions.
- Implemented TestHarness for end-to-end testing, including command interception and workspace setup.
- Created TestProvider for in-memory issue tracking during tests.
- Refactored project registration and setup tools to utilize ExecutionMode.
- Updated various tools to ensure compatibility with new workflow and execution modes.
- Added new dependencies: cockatiel for resilience and zod for schema validation.
- Added `migrate-layout.ts` to handle migration from old workspace layouts to the new `devclaw/` structure.
- Introduced `migrate-layout.test.ts` for comprehensive tests covering various migration scenarios.
- Updated `workspace.ts` to ensure default files are created post-migration, including `workflow.yaml` and role-specific prompts.
- Refactored role instruction handling to accommodate new directory structure.
- Enhanced project registration to scaffold prompt files in the new `devclaw/projects/<project>/prompts/` directory.
- Adjusted setup tool descriptions and logic to reflect changes in file structure.
- Updated templates to align with the new workflow configuration and role instructions.
- Removed the deprecated tiers.ts file and migrated all related functionality to roles/index.js.
- Updated tests and tools to reflect the new role structure, replacing references to "dev", "qa", and "architect" with "developer", "tester", and "architect".
- Adjusted workflow configurations and state management to accommodate the new role naming conventions.
- Enhanced project registration and health check tools to support dynamic role handling.
- Updated task creation, update, and completion processes to align with the new role definitions.
- Improved documentation and comments to clarify role responsibilities and usage.
- Extract Gitea URL, owner, repo from .git/config (synchronous parsing)
- Get authentication token from GITEA_TOKEN environment variable
- Dynamic label fetching from Gitea API with fallback to hardcoded IDs
- Add retry logic with exponential backoff for network errors
- Add validation for required configuration (token, URL, repo info)
- Better error messages for troubleshooting
Configuration:
- Set GITEA_TOKEN environment variable before running OpenClaw
- Automatically detects repo from git remote URL
- Fallback to hardcoded URL if git parsing fails
Known issues:
- Label transitions sometimes don't persist (edge case under investigation)
- Recommend manual label updates via Gitea UI if transition fails
- Fix label transition to use PUT /issues/{id}/labels endpoint (PATCH doesn't work)
- Add better error handling in apiRequest method
- Hardcode label IDs for reliability (temporary fix)
- Handle undefined exitCode from runCommand
- Update base URL to use public pfoster.dynu.net
Problem: Provider type (github/gitlab) was auto-detected on every
createProvider() call but never persisted, causing loss of
configuration after session restart.
Solution:
- Add 'provider' field to Project type
- Store detected provider type during project registration
- Pass stored provider type to createProvider() calls
Changes:
- lib/projects.ts: Add provider field to Project type
- lib/tools/project-register.ts: Save providerType to projects.json
- lib/tool-helpers.ts: Pass project.provider to createProvider
- lib/services/*.ts: Pass project.provider to createProvider
Impact: Issue tracker source now persists across restarts. Existing
projects will auto-detect on next use and should be re-registered or
manually edited to add provider field.
Fixes#193
Replaces the file-read-network pattern in dispatch.ts with an OpenClaw
agent:bootstrap hook that injects role instructions at agent init time.
Changes:
- Add lib/bootstrap-hook.ts with hook registration, session key parsing,
and role instruction loading (extracted from dispatch.ts)
- Register agent:bootstrap hook in index.ts
- Remove file I/O from dispatch.ts (no more fs/path imports)
- Remove role instructions from task message body (now injected via
system prompt as WORKER_INSTRUCTIONS.md)
- Add 13 tests for session key parsing and instruction loading
- Remove obsolete docs/poc-bootstrap-hook.ts
The bootstrap hook intercepts DevClaw worker session startup, parses
the session key to extract project name and role, loads the appropriate
instructions from workspace, and injects them as a virtual bootstrap
file that OpenClaw automatically includes in the agent's system prompt.
This eliminates the security audit's potential-exfiltration warning
since dispatch.ts no longer performs any file reads.
Comprehensive investigation of OpenClaw-native alternatives to the
file-read-network pattern in dispatch.ts that triggers security audits.
Key Findings:
- Bootstrap hooks are the recommended solution
- Purpose-built for dynamic workspace file injection
- Plugin-only implementation (no core changes needed)
- Eliminates audit false positive
Deliverables:
- Full research document with pros/cons analysis
- PoC code demonstrating implementation approach
- Migration checklist and testing plan
- Decision matrix comparing alternatives
Recommendation: Implement agent:bootstrap hook to inject role
instructions at system prompt construction time instead of appending
to task message payload.
Addresses issue #181
Addresses issue #179. Adds JSDoc comment to loadRoleInstructions() explaining:
- Purpose: Load role-specific instruction files from workspace
- Intent: Intentionally included in task message context for workers
- Safety: Not data exfiltration, just standard task dispatch context
This clarifies the security audit finding and prevents future false positives.
## Problem
lib/services/queue.ts was not updated during workflow refactor (#147) and still
used hardcoded queue labels: QueueLabel type, QUEUE_PRIORITY constant.
## Solution
- Add getQueueLabelsWithPriority() to derive queue labels from workflow config
- Add getQueuePriority() to get priority for any label
- Update getTaskPriority() and getRoleForLabel() to accept workflow config
- Update fetchProjectQueues() to use workflow-derived labels
- Add getTotalQueuedCount() helper
## Files Changed
- lib/services/queue.ts — use workflow config for all queue operations
- lib/tools/status.ts — handle dynamic queue labels, include queueLabels in response
## Backward Compatibility
- QueueLabel type kept as deprecated alias
- QUEUE_PRIORITY kept as deprecated constant
- All functions accept optional workflow parameter, default to DEFAULT_WORKFLOW
