fix: use target default branch in repair plans

[TurboTheTurtle]

Summary

• Preserve target repository default branches in repair planning instead of hard-coding main.
• Preserve target_branch through repair comment-router dispatch, event review payload resolution, and both sweep.yml manual/scheduled planning fallbacks.
• Restore the manual apply_min_age_minutes workflow input; to keep the workflow_dispatch input count under GitHub's limit, retire only the manual apply_progress_every logging-cadence input and keep the internal default at 10.
• Avoid passing an empty router target_branch argument so omitted branch dispatches stay omitted instead of becoming true.

Review follow-up

• Follow-up 3da99c9137 added the manual target_branch input and first fallback path.
• Follow-up 9c987f3e24 fixed the second sweep.yml planning resolver that still ignored github.event.inputs.target_branch.
• Follow-up 7af72ed163 restores minute-level apply throttling by bringing back apply_min_age_minutes, preserving it through continuation dispatches, and dropping only apply_progress_every from the manual input surface.
• Follow-up 5b2df8c102 appends --target-branch only when non-empty in both repair comment-router jobs, with config coverage for the omitted-branch default.
• Regression coverage requires both sweep.yml target-branch resolver blocks to read github.event.inputs.target_branch under workflow_dispatch before falling back to client_payload or main, verifies the dispatch input count stays under GitHub's limit, and verifies the router only passes --target-branch when non-empty.

Live proof

Direct GitHub Actions workflow dispatch from this account is still blocked by repository permissions:

gh workflow run sweep.yml --repo openclaw/clawsweeper --ref codex/clawsweeper-default-branch \
  -f target_repo=openclaw/voice-community \
  -f target_branch=regional-ops-sop \
  -f batch_size=1 \
  -f shard_count=1 \
  -f codex_timeout_ms=120000 \
  -f apply_after_review=false

could not create workflow dispatch event: HTTP 403: Must have admin rights to Repository.

Positive non-main-default checkout proof against the real OpenClaw target repo:

proof-target repo=openclaw/voice-community branch=regional-ops-sop
default-branch=regional-ops-sop
remote-head=17778d416139f5b468e88ddbdeb6ba99fb20b0ea
Cloning into '/var/folders/sl/5dkd3zq12dv65j6jx57zq1hc0000gn/T/tmp.jyZgQnh3qg/target'...
checked-out-branch=regional-ops-sop
checked-out-head=17778d416139f5b468e88ddbdeb6ba99fb20b0ea
tracked-remote=origin/regional-ops-sop

Validation

• pnpm run format && pnpm run build:repair && node --test test/repair/workflow-sparse-checkout.test.ts test/clawsweeper.test.ts --test-name-pattern 'sweep workflow preserves|workflow_dispatch input count|review continuations' (371 tests passed)
• pnpm run format && pnpm run build:repair && node --test test/repair/workflow-sparse-checkout.test.ts test/repair/comment-router-config.test.ts test/clawsweeper.test.ts --test-name-pattern 'target branch|comment router|workflow_dispatch input count|review continuations' (373 tests passed)
• pnpm run check (passed on Node v24.15.0: active surface, limits, build, lint, unit, repair, changed coverage, full coverage, format)

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 9, 2026, 7:16 PM ET / 23:16 UTC.

Summary
Updates repair planning, comment-router dispatch, and sweep workflow branch resolution to preserve target default branches while replacing the manual apply_progress_every input with a fixed internal default.

Reproducibility: yes. from source inspection: current main falls back to main in sweep workflow target resolution and fetches branches/main in repair planning. I did not run the live workflow because this review must keep the checkout read-only and the PR body reports workflow dispatch is permission-blocked.

Review metrics: 3 noteworthy metrics.

• Changed surface: 9 files affected. The diff touches two live workflows plus repair planner/router code, so maintainers should review it as automation-critical.
• Manual workflow inputs: 1 added, 1 removed in sweep.yml. Adding target_branch is paired with retiring manual apply_progress_every, which is the main compatibility tradeoff.
• Targeted tests: 5 added tests. The new tests cover branch preservation in planner, router config, router workflow args, and both sweep resolver blocks.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• none.

Risk before merge

• [P1] Removing the manual apply_progress_every workflow_dispatch input means saved operator commands that still pass that input may fail until updated, even though the internal default remains 10.
• [P1] The changed branch-routing paths affect live review, repair, and comment-router dispatches; the PR has focused tests and terminal checkout proof, but not a successful direct sweep.yml workflow dispatch on the target repository.

Maintainer options:

1. Accept the workflow input tradeoff (recommended)
   Merge as-is if maintainers are comfortable replacing manual apply_progress_every with the fixed internal default so target_branch can fit within the manual input surface.
2. Preserve the logging-cadence knob elsewhere
   Revise the workflow/config path before merge if operators still need to pass an ad-hoc apply progress cadence through manual dispatches.
3. Wait for live workflow proof
   Pause merge if maintainers want direct sweep.yml dispatch proof on a non-main target branch rather than accepting the posted checkout proof and focused tests.

Next step before merge

• [P2] Maintainers need to accept or revise the workflow input compatibility tradeoff and decide whether the posted proof is enough for this automation path; I did not find a narrow repair for automation to request.

Security
Cleared: No concrete security or supply-chain regression was found; the diff does not add dependencies, new action refs, broader permissions, or secret exposure.

Review details

Best possible solution:

Land the branch-preservation fix after maintainers explicitly accept the workflow input compatibility tradeoff, or revise the input surface before merge if manual apply_progress_every compatibility must be preserved.

Do we have a high-confidence way to reproduce the issue?

Yes, from source inspection: current main falls back to main in sweep workflow target resolution and fetches branches/main in repair planning. I did not run the live workflow because this review must keep the checkout read-only and the PR body reports workflow dispatch is permission-blocked.

Is this the best way to solve the issue?

Yes for the core bug: preserving target_branch and hydrating the repository default branch is the narrow maintainable fix. The remaining question is product/operations policy around replacing the manual apply_progress_every input with a fixed default.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 205a27a9d70d.

Label changes

Label justifications:

• P1: Incorrect branch routing can break real ClawSweeper review and repair workflows for repositories whose default branch is not main.
• merge-risk: 🚨 compatibility: The PR intentionally removes a manual workflow_dispatch input that existing operator commands may still pass.
• merge-risk: 🚨 automation: The diff changes live review, repair, and comment-router dispatch paths where CI cannot fully prove production GitHub Actions behavior.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes after-fix terminal proof of a real non-main-default target checkout plus reported full validation, which is sufficient for this automation change despite the documented dispatch permission blocker.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix terminal proof of a real non-main-default target checkout plus reported full validation, which is sufficient for this automation change despite the documented dispatch permission blocker.

Evidence reviewed

What I checked:

• Repository policy read: The full target AGENTS.md was read; its workflow/repair-lane guidance makes this an automation-sensitive review and says normal PRs should not be asked to edit CHANGELOG.md. (AGENTS.md:1, 205a27a9d70d)
• Current main hard-codes main in target resolution: Current main resolves the event and plan target branch from client_payload.target_branch or falls back to main, so manual workflow dispatch cannot currently choose a non-main target branch. (.github/workflows/sweep.yml:180, 205a27a9d70d)
• Current repair planner fetches branches/main: Current main uses repos/${repo}/branches/main in fetchMainBranch, which fails the central requested behavior for repositories whose default branch is not named main. (src/repair/plan-cluster.ts:717, 205a27a9d70d)
• PR patch covers the branch propagation paths: The PR diff adds target_branch propagation in the repair comment router, resolves workflow-dispatch target branches in both sweep planning blocks, and switches repair planning to hydrate the repository default branch before fetching branch metadata. (src/repair/plan-cluster.ts:717, 5b2df8c10298)
• Regression coverage added: The diff adds targeted tests for comment-router target branch config, default-branch repair planning, omitted router branch args, and both sweep workflow target-branch resolver blocks. (test/repair/workflow-sparse-checkout.test.ts:29, 5b2df8c10298)
• Contributor proof and validation: The PR body includes terminal proof of a real openclaw/voice-community checkout on default branch regional-ops-sop plus reported pnpm run check validation on Node 24.15.0; direct workflow dispatch was blocked by repository permissions. (5b2df8c10298)

Likely related people:

• Dallin Romney: Blame ties the current sweep target-branch fallback and repair-planner branches/main lookup to commit 1aff86c, and recent workflow retry commits also touched the affected automation surface. (role: recent area contributor; confidence: high; commits: 1aff86c63e59, bf59027ad874, 40568e1fc23d; files: .github/workflows/sweep.yml, src/repair/plan-cluster.ts, .github/workflows/repair-comment-router.yml)
• brokemac79: Recent merged work changed issue-author re-review command parsing and duplicate command acknowledgements in the comment-router area affected by this PR. (role: recent comment-router contributor; confidence: medium; commits: 485f71ab, 556268df; files: src/repair/comment-router.ts)
• Tak Hoffman: Recent commits changed ClawSweeper command dispatch/options and repair comment-routing behavior adjacent to the target-branch propagation path. (role: adjacent repair routing contributor; confidence: medium; commits: 756f3412, c0146987, d873d34d; files: src/repair/comment-router.ts, src/repair/comment-router-core.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[TurboTheTurtle]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27193200784
• Updated: 2026-06-09T08:23:39.322Z

[TurboTheTurtle]

@clawsweeper re-review

Follow-up pushed in 3da99c9: sweep.yml now preserves manual target_branch fallback, keeps the workflow_dispatch input count under the GitHub limit by dropping the minute-level apply input, and the body includes the full pnpm run check validation.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

[TurboTheTurtle]

@clawsweeper re-review

Follow-up pushed in 9c987f3: fixed the second sweep.yml planning resolver that still ignored github.event.inputs.target_branch, strengthened the regression test to require both resolver blocks, and updated the body with full pnpm run check validation plus the GitHub 403 blocker for live manual workflow proof.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27195102261
• Updated: 2026-06-09T09:01:20.722Z

[TurboTheTurtle]

@clawsweeper re-review

Follow-up pushed in 7af72ed: restored apply_min_age_minutes and preserved it through apply continuation dispatches, while retiring only the manual apply_progress_every logging input to stay under the workflow_dispatch input limit. The PR body now includes full pnpm run check validation and positive non-main-default checkout proof for openclaw/voice-community on regional-ops-sop.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27240111076
• Updated: 2026-06-09T22:32:34.893Z

[TurboTheTurtle]

@clawsweeper re-review

Follow-up pushed in 5b2df8c: fixed the empty target_branch router path by appending --target-branch only when non-empty in both route and retry jobs, added omitted-branch config coverage, and reran the requested focused validation plus pnpm run check.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27241334843
• Updated: 2026-06-09T23:06:05.816Z