Skip to content

Commit d3179bc

Browse files
committed
Merge remote-tracking branch 'origin/main' into pr/acpx-stop-reason
# Conflicts: # CHANGELOG.md # src/provider.ts
2 parents ceec900 + d364822 commit d3179bc

39 files changed

Lines changed: 7786 additions & 908 deletions

.oxfmtrc.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
{
22
"$schema": "./node_modules/oxfmt/configuration_schema.json",
3+
"tabWidth": 2,
4+
"useTabs": false,
35
"ignorePatterns": []
46
}

CHANGELOG.md

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,16 +5,38 @@
55
- Added `clawpatch ci` to initialize, map, review, write a report, and append a GitHub Actions step summary in one CI-friendly command.
66
- Added `clawpatch open-pr --patch <id>` to turn an applied patch attempt into an explicit GitHub pull request.
77
- Added review prompt provenance and budget accounting for included files, omitted files, prompt bytes, and approximate tokens.
8+
- Added retries for transient acpx JSON review failures via `--prompt-retries` and `CLAWPATCH_REVIEW_RETRIES`, thanks @coletebou.
89
- Hardened review ingestion so provider findings must cite included files with valid line ranges and matching evidence quotes.
10+
- Fixed provider review to preserve valid sibling findings when per-finding schema or evidence validation fails, recording drops in `run.errors` as non-fatal `schema-drop` or `validation-drop` entries, thanks @coletebou.
11+
- Improved provider schema validation failures so `run.errors[].message` shows compact one-line Zod issue summaries, thanks @coletebou.
12+
- Added `total` and `results` aliases on `clawpatch report --json` output while keeping the legacy `findings` count, thanks @coletebou.
913
- Fixed `clawpatch open-pr` so repositories without default-branch metadata use a dedicated patch branch and let GitHub choose the PR base.
1014
- Fixed `clawpatch open-pr` retries to push the recorded patch commit instead of any later local branch tip.
1115
- Fixed first-time `clawpatch open-pr` branch creation to start from the recorded patch base.
1216
- Fixed command execution so providers that exit before reading stdin do not surface benign `EPIPE` errors.
1317
- Fixed `clawpatch ci --since` empty-review output so it reports `reviewed: 0`.
14-
- Fixed acpx provider error reporting by reading the terminal `result.stopReason` envelope and surfacing non-`end_turn` reasons as typed `ClawpatchError` codes (`agent-cancelled`, `agent-refused`, `agent-truncated`) instead of opaque `malformed-output`.
18+
- Fixed formatter configuration so `oxfmt` uses two-space indentation consistently across platforms.
19+
- Added generic package-less monorepo app-root mapping for Node/Next projects under roots such as `apps/*` and `packages/*` when positive source or framework signals are present.
20+
- Added Maven project mapping for root, nested, and multi-module Java/Kotlin projects with Spring role slices, Maven validation defaults, and `pom.xml` detection, thanks @julianshess.
21+
- Added a release-prep checklist for auditing changelog, package metadata, and dry-run package contents without publishing.
22+
- Improved bounded source grouping so large flat directories split repeated filename families like command, plugin, doctor, and runtime files into more coherent review slices.
23+
- Fixed acpx provider error reporting by reading the terminal `result.stopReason` envelope and surfacing non-`end_turn` reasons as typed `ClawpatchError` codes (`agent-cancelled`, `agent-refused`, `agent-truncated`) instead of opaque `malformed-output`, thanks @coletebou.
1524
- Improved OpenCode malformed JSON diagnostics with output length, event kinds, and a bounded preview, thanks @rohitjavvadi.
25+
- Fixed finding signatures so equivalent evidence remains stable across re-reviews, thanks @rohitjavvadi.
26+
- Fixed provider exit-code classification for stdout-only authentication and quota failures, thanks @rohitjavvadi.
27+
- Improved Node route mapping to preserve literal Express and Hono mount prefixes, thanks @rohitjavvadi.
28+
- Improved Flask route mapping to preserve static blueprint URL prefixes, thanks @rohitjavvadi.
29+
- Improved Django route mapping to preserve literal `include()` route prefixes, thanks @rohitjavvadi.
30+
- Added conservative Rails route mapping for literal root and HTTP verb routes, thanks @rohitjavvadi.
31+
- Fixed heuristic feature mapping to honor configured path include/exclude filters, thanks @schedawg74.
1632
- Fixed Express route mapping for aliased Router imports that follow block comment banners, thanks @rohitjavvadi.
33+
- Fixed Laravel route mapping to include array-style `Route::group` prefixes, thanks @rohitjavvadi.
34+
- Fixed Fastify route-object mapping to emit static method arrays while ignoring dynamic entries, thanks @rohitjavvadi.
35+
- Fixed Fastify plugin callback route mapping for typed parameters and plugin aliases, thanks @rohitjavvadi.
36+
- Fixed FastAPI route mapping to include static `APIRouter(prefix=...)` values, thanks @AsishKumarDalal.
37+
- Added `--include-dirty` to review, CI, and revalidation file filters for auditing uncommitted worktree changes, thanks @AsishKumarDalal.
1738
- Fixed Bun package-manager detection to recognize the text `bun.lock` lockfile, thanks @austinm911.
39+
- Fixed review-output schema to tolerate optional `reproduction` and `minimumFixScope` fields and zero-valued evidence line numbers (normalized to `null`), recovering 4 of 28 zod issue patterns observed in run `20260517T190759-3c9e9e` (78 errors over 1000 features) that previously dropped whole-feature output instead of the affected finding.
1840

1941
## 0.3.0 - 2026-05-18
2042

README.md

Lines changed: 29 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,10 +52,14 @@ validation commands and records a patch attempt under `.clawpatch/`.
5252
`lint`, `typecheck`, `format`
5353
- Node/TypeScript workspace packages under `apps/*`, `packages/*`, and package
5454
workspace patterns
55+
- package-less Node/TypeScript app roots under monorepo folders such as
56+
`apps/*` and `packages/*` when source or positive framework signals are
57+
present
5558
- generic extension/plugin packages under workspace roots such as `extensions/*`
5659
and `plugins/*`, including package metadata, source, docs, and nearby tests
5760
- semantic Node source groups for large packages, including runtime, commands,
58-
auth, storage, monitor, webhook, setup, server, and client slices
61+
auth, storage, monitor, webhook, setup, server, client, and repeated filename
62+
family slices
5963
- Nx project metadata from `project.json`, including project-scoped validation
6064
targets
6165
- Turborepo task metadata for workspace-aware validation commands and feature
@@ -64,7 +68,8 @@ validation commands and records a patch attempt under `.clawpatch/`.
6468
- React Router routes and React components
6569
- Go package slices from `go list ./...`, including command packages
6670
- Go package tests and same-repo imports as review context
67-
- Java/Kotlin Gradle source groups and root Gradle build/test commands
71+
- Java/Kotlin Gradle source groups, Maven source groups, and root Gradle/Maven
72+
build/test commands
6873
- JVM semantic roles from Java and Kotlin code evidence such as annotations,
6974
imports, interfaces, inheritance, supertypes, and method signatures
7075
- Kotlin Android semantic roles for UI entrypoints, ViewModels, data
@@ -161,6 +166,28 @@ Useful flags:
161166

162167
Unknown flags fail fast.
163168

169+
### `report --json` shape
170+
171+
`clawpatch report --json` returns:
172+
173+
```json
174+
{
175+
"total": 12,
176+
"items": [
177+
/* finding summaries */
178+
],
179+
"results": [
180+
/* alias for items */
181+
],
182+
"findings": 12,
183+
"output": "/path/or/null"
184+
}
185+
```
186+
187+
- `total` and `items` are the canonical keys.
188+
- `results` is an alias for `items` with the same array for parity with `{count, results}` consumers.
189+
- `findings: <number>` is kept for backwards compatibility but is **deprecated**. Note that in `--json` output `findings` is a _count_, not the array — use `items` (or `results`) for the array. The next breaking release (v0.4) will drop `findings: <number>` and `results`, landing on `{ total, items, output }`.
190+
164191
## State
165192

166193
State is project-local by default:

docs/feature-mapping.md

Lines changed: 28 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,14 @@ Supported deterministic mappers today:
3131
- npm package bins
3232
- selected root and workspace package scripts
3333
- Node/TypeScript workspace packages from `package.json` workspaces, `pnpm-workspace.yaml`, and common package folders
34+
- package-less Node/TypeScript app roots under monorepo folders such as
35+
`apps/*` and `packages/*` when source files or positive framework signals are
36+
present
3437
- Nx project metadata from `project.json`, including project names, source roots, project types, and target names
3538
- Turborepo `turbo.json` metadata for workspace-aware validation commands and feature context
36-
- bounded Node/TypeScript source groups under `src/`, `lib/`, `app/`, `pages/`, and `scripts/`
39+
- bounded Node/TypeScript source groups under `src/`, `lib/`, `app/`,
40+
`pages/`, `scripts/`, `server/`, and `api/`, with oversized flat
41+
directories split by repeated filename families
3742
- React Router `<Route path element>` declarations and React components in
3843
root or nested frontend packages such as `frontend/`, `client/`, `web/`,
3944
workspaces, and packages under `apps/` or `packages/`
@@ -57,6 +62,8 @@ Supported deterministic mappers today:
5762
- nested SwiftPM packages
5863
- Apple/Xcode projects from `project.yml`, `.xcodeproj`, or `.xcworkspace`
5964
- Java/Kotlin Gradle modules from `settings.gradle(.kts)` and `build.gradle(.kts)`
65+
- Java/Kotlin Maven modules from root and nested `pom.xml` files, including
66+
multi-module projects
6067
- Laravel/PHP projects from `composer.json` and `artisan`, including controllers
6168
referenced by routes, form requests, Artisan commands, jobs, services, models,
6269
migrations, seeders, Composer scripts, and grouped PHP test suites
@@ -95,10 +102,13 @@ and `plugins/*` are tagged as extension packages and keep package metadata,
95102
source, docs, and tests together as review context.
96103

97104
In JavaScript/TypeScript monorepos, project discovery runs before framework
98-
mapping. Workspace packages and Nx projects are normalized into project roots,
99-
so framework mappers can apply the same heuristics to `apps/*` and `packages/*`
100-
that they apply at the repository root. Feature tags include project name and
101-
project root metadata, enabling commands such as:
105+
mapping. Workspace packages, Nx projects, and package-less app roots with source
106+
or positive framework signals are normalized into project roots, so framework
107+
mappers can apply the same heuristics to `apps/*` and `packages/*` that they
108+
apply at the repository root. Hoisted Next route mapping uses positive evidence
109+
such as local Next commands, local Next config, App Router files, or Pages API
110+
files instead of trying to enumerate every non-Next config file. Feature tags
111+
include project name and project root metadata, enabling commands such as:
102112

103113
```bash
104114
clawpatch review --project apps/web --limit 10
@@ -122,12 +132,15 @@ lazy import, and also maps page/component files under `src/pages` and
122132
`src/components` as UI-flow slices.
123133
Native app mappers use the same bounded grouping model. SwiftPM packages can be
124134
discovered below the repo root, Apple projects are grouped by Swift source area,
125-
and Gradle modules are grouped from `src/main`, `src/test`, and `src/androidTest`.
126-
Root Gradle projects get default `gradle`/`./gradlew` build and test commands.
127-
Java and Kotlin files in Gradle modules also get role-oriented review slices
128-
when code evidence identifies web entrypoints, services, persistence boundaries,
129-
external clients, configuration, framework components, extension boundaries,
130-
Android UI entrypoints, ViewModels, data boundaries, or dependency injection.
135+
Gradle modules are grouped from `src/main`, `src/test`, and `src/androidTest`,
136+
and Maven modules are grouped from `src/main` and `src/test`. Root Gradle
137+
projects get default `gradle`/`./gradlew` build and test commands; root Maven
138+
projects get default `mvn`/`./mvnw` compile and test commands.
139+
Java and Kotlin files in Gradle modules, plus Java files in Maven modules, also
140+
get role-oriented review slices when code evidence identifies web entrypoints,
141+
services, persistence boundaries, external clients, configuration, framework
142+
components, extension boundaries, Android UI entrypoints, ViewModels, data
143+
boundaries, or dependency injection.
131144
Kotlin dependency-injection evidence includes Hilt, Dagger, Koin, and Metro
132145
annotations and imports.
133146

@@ -153,12 +166,13 @@ pytest files; Flask `@*.route(...)` handlers; FastAPI `@*.get(...)` /
153166
`re_path(...)`, and legacy `url(...)` declarations. Flask and FastAPI route
154167
methods are read from list, tuple, or set literals. FastAPI paths can be
155168
positional strings or literal `path=` keywords. Django route paths are normalized
156-
from literal route strings and simple named regex groups; includes are mapped as
157-
their own URL groups without recursively expanding imported URL configs. Default
169+
from literal route strings and simple named regex groups, and literal
170+
`include("module.urls")` routes are expanded under their mount prefixes. Default
158171
Python command detection covers pytest, ruff, mypy, pyright, and black.
159172

160173
Ruby mapping covers project metadata, executables, source groups, RSpec and
161-
Minitest suites, and Rails app structure. Rails legacy `config/secrets.yml`,
174+
Minitest suites, Rails app structure, and literal Rails root and HTTP verb
175+
routes. Rails legacy `config/secrets.yml`,
162176
`config/database.yml`, and `config/initializers/secret_token.rb` are not mapped
163177
as reviewable config because they can contain provider-sensitive secrets.
164178

docs/index.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ stderr so pipes stay parseable.
3030

3131
## What clawpatch does
3232

33-
- **Semantic feature mapping.** Detects npm bins, Next.js routes, React Router routes, Python packages and Flask/FastAPI/Django routes, Ruby/Rails slices, Laravel/PHP slices, Java/Kotlin Gradle modules, C#/.NET projects and ASP.NET endpoints, Go packages, Rust crates, C/C++ build targets, SwiftPM targets, and common config files as reviewable units.
33+
- **Semantic feature mapping.** Detects npm bins, Next.js routes, React Router routes, Python packages and Flask/FastAPI/Django routes, Ruby/Rails slices, Laravel/PHP slices, Java/Kotlin Gradle and Maven modules, C#/.NET projects and ASP.NET endpoints, Go packages, Rust crates, C/C++ build targets, SwiftPM targets, and common config files as reviewable units.
3434
- **Automated code review.** Reviews features with AI providers (Codex CLI today), persists findings with severity, category, and line locations.
3535
- **Explicit fix workflow.** `clawpatch fix` runs validated patches for one finding at a time, never commits or pushes automatically.
3636
- **Stable state model.** All features, findings, patches live in `.clawpatch/` as JSON, resumable across runs.
@@ -59,6 +59,7 @@ stderr so pipes stay parseable.
5959
- [Validation](validation.md)
6060
- [Providers](providers.md)
6161
- [Safety](safety.md)
62+
- [Release Prep](release-prep.md)
6263
- [E2E with Gitcrawl](e2e-gitcrawl.md)
6364
- [Initialization](initialization.md)
6465

docs/quickstart.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ This discovers reviewable features:
4747
- npm package bins and root/workspace scripts
4848
- Next.js routes
4949
- Go packages and commands
50-
- Java/Kotlin Gradle modules
50+
- Java/Kotlin Gradle and Maven modules
5151
- Python packages, console scripts, Flask/FastAPI/Django routes, and pytest suites
5252
- C#/.NET projects, ASP.NET endpoints, source groups, and test projects
5353
- JVM semantic role groups

docs/release-prep.md

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
---
2+
title: Release Prep
3+
description: "No-publish checks for preparing a clawpatch release"
4+
---
5+
6+
# Release Prep
7+
8+
This checklist audits release readiness only. It does not publish, tag, create a
9+
GitHub release, or change the package version.
10+
11+
## Current Snapshot
12+
13+
As of 2026-05-18:
14+
15+
- GitHub latest full release: `v0.3.0`
16+
- `package.json` version: `0.3.0`
17+
- npm `clawpatch` version: `0.3.0`
18+
- `pnpm pack:smoke` passed
19+
- `npm pack --dry-run --json --ignore-scripts` included expected package
20+
contents such as `dist/`, `README.md`, `LICENSE`, and `package.json`
21+
22+
Prepare the next release only after the maintainer confirms the target version
23+
and timing.
24+
25+
## Audit Commands
26+
27+
```bash
28+
gh release list --repo openclaw/clawpatch --limit 20 --json tagName,isPrerelease,isDraft,publishedAt,isLatest
29+
node -p "require('./package.json').version"
30+
npm view clawpatch version --json
31+
```
32+
33+
## Validation Commands
34+
35+
```bash
36+
pnpm typecheck
37+
pnpm lint
38+
pnpm format:check
39+
pnpm exec vitest run --maxWorkers=1
40+
pnpm build
41+
pnpm pack:smoke
42+
npm pack --dry-run --json --ignore-scripts
43+
```
44+
45+
## Manual Checks
46+
47+
- Confirm `CHANGELOG.md` has all user-visible, operational, or security-relevant
48+
changes under the next unreleased version.
49+
- Confirm README and docs mention any new mapper behavior, commands, or safety
50+
constraints.
51+
- Confirm the dry-run package includes built `dist/` files and excludes local
52+
state, fixtures that should not ship, and private paths.
53+
- Confirm no release action has been run unless release timing is explicitly
54+
approved.

0 commit comments

Comments
 (0)