feat: add local-review command for offline branch review

[anagnorisis2peripeteia]

Summary

Adds a local-review command that reviews a local git branch without needing a GitHub PR. This enables pre-push code review: stage changes on a branch, run local-review, fix findings, then push and create the PR.

Self-contained: includes all prerequisites for local runs (CODEX_BIN, shell: win32, CLAWSWEEPER_CODEX_LOGIN_METHOD) applied to all 4 Codex subprocess launchers.

How it works

The existing review command fetches PR metadata from GitHub (fetchItem, collectItemContext) and runs Codex against the checkout. local-review constructs the same Item and ItemContext from local git state:

• Item: repo from git remote, title from commit message, author from git config
• ItemContext: diff from git diff <base>...HEAD, changed files from git diff --name-only, commits from git log
• PR body: from --pr-body-file flag or commit message body
• Review engine: identical runCodex() call with the same prompt, schema, and decision output

No GitHub API calls are made. The decision is written to ~/.clawsweeper-local-reviews/local-review.json and printed to stdout.

Prerequisites included

This PR subsumes the changes from #250 (Windows spawn fix) and #251 (OAuth login method):

• CODEX_BIN env var for Windows .cmd wrapper compatibility
• shell: true on win32 for all Codex spawnSync calls
• CLAWSWEEPER_CODEX_LOGIN_METHOD env var for ChatGPT Pro OAuth login (centralized in codex-env.ts with validation)
• Applied to all 4 Codex subprocess launchers: clawsweeper.ts (review + assist), commit-sweeper.ts, pr-close-coverage-proof.ts

Merge order: if this lands first, close #250 and #251 as superseded. If either lands first, this PR needs a trivial rebase (identical changes on the same lines).

Usage

# Basic: review current branch against main
node dist/clawsweeper.js local-review --target-dir /path/to/repo --repo owner/repo --base main

# With a PR body containing proof
node dist/clawsweeper.js local-review --target-dir /path/to/repo --repo owner/repo --pr-body-file body.md

# Auth: works with OPENAI_API_KEY or ChatGPT OAuth (codex login)
CLAWSWEEPER_CODEX_LOGIN_METHOD=chatgpt node dist/clawsweeper.js local-review ...

After-fix proof

Successfully reviewed the crabbox bootstrap-mount fix (openclaw/crabbox#204) locally before the GitHub PR existed:

$ node dist/clawsweeper.js local-review --target-dir ../.crabbox-pr --repo openclaw/crabbox --base main --pr-body-file body.md
[local-review] repo=openclaw/crabbox base=main files=2 diff=1958 chars
[local-review] title: fix(local-container): mount bootstrap script instead of passing inline
[local-review] model=gpt-5.5 reasoning=high
{ decision: keep_open, prRating: { proofTier: A, patchTier: B, overallTier: B } }

Then self-reviewed this PR's own diff (meta!), which found and fixed a --pr-body-file silent-fallback bug.

Changes

• src/clawsweeper.ts: ~100 lines - localReviewCommand() function + command dispatch entry
• src/codex-env.ts: resolveCodexLoginMethod() + codexLoginMethodConfig() with validation
• src/commit-sweeper.ts: CODEX_BIN + shell + login method
• src/pr-close-coverage-proof.ts: CODEX_BIN + shell + login method
• Flags: --target-dir, --repo, --base, --pr-body-file, --output-dir, plus all existing --codex-* flags

Test plan

• pnpm build compiles clean
• Reviewed openclaw/crabbox local branch -- correct decision, accepted proof from PR body
• Re-review with PR body upgraded proof tier from F to A
• Self-reviewed this PR's own diff -- found and fixed body-file bug
• resolveCodexLoginMethod tests: default api, chatgpt override, invalid rejection
• codexLoginMethodConfig test: valid TOML config string
• Synthetic local-review Item/ItemContext shape accepted by runCodexForTest

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 4, 2026, 7:22 AM ET / 11:22 UTC.

Summary
The PR adds a local-review CLI command, centralizes a Codex login-method override, updates four Codex subprocess launch paths for Windows/CODEX_BIN handling, and adds focused tests.

Reproducibility: not applicable. as a bug reproduction; this is a feature PR. The PR body provides terminal proof for the new local-review happy path, and source inspection covers the patched launcher paths.

Review metrics: 2 noteworthy metrics.

• Changed surface: 5 files, 307 additions, 12 deletions. The patch is compact but touches the central review runner, auth helper, two additional Codex launchers, and tests.
• Codex launch paths: 4 spawn paths updated. The PR intentionally changes automation execution behavior across review, assist, commit-sweeper, and PR close coverage proof paths.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P2] Run pnpm run check on Node 24 before merge, per repository policy.
• Decide whether this branch or the narrower prerequisite PRs should carry the Windows/OAuth launcher changes.

Risk before merge

• [P1] This branch changes Codex subprocess invocation and a new local review workflow; Linux CI and the included proof do not fully settle Windows shell/CODEX_BIN behavior or ChatGPT OAuth local-run behavior.
• [P1] This branch subsumes open fix: resolve Windows Codex spawn failures for local review runs #250 and feat: support CLAWSWEEPER_CODEX_LOGIN_METHOD for local OAuth runs #251, so maintainers should choose the intended merge order before closing either prerequisite PR.

Maintainer options:

1. Accept the local automation surface (recommended)
   Merge after normal maintainer validation if the local-only command, CODEX_BIN behavior, and OAuth login override are acceptable with the provided terminal proof and tests.
2. Land prerequisite PRs first
   If maintainers want a smaller merge path, land fix: resolve Windows Codex spawn failures for local review runs #250 and feat: support CLAWSWEEPER_CODEX_LOGIN_METHOD for local OAuth runs #251 first, then rebase this branch to keep only the local-review command.

Next step before merge

• [P2] No narrow ClawSweeper repair remains; maintainers should decide whether to accept the new local CLI and launcher/auth surface with the provided proof.

Security
Cleared: No concrete security or supply-chain regression was found; the diff adds no dependencies or workflow permissions and keeps auth changes operator-controlled through a validated environment value.

Review details

Best possible solution:

Land the local-review command if maintainers accept the new CLI/env surface, preserving the Windows-safe launcher handling and stale-output cleanup with focused tests.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a bug reproduction; this is a feature PR. The PR body provides terminal proof for the new local-review happy path, and source inspection covers the patched launcher paths.

Is this the best way to solve the issue?

Yes, pending maintainer acceptance of the feature surface. Reusing the existing review prompt/schema engine is the narrowest maintainable path for local branch review, with the remaining concern being merge-order and platform validation rather than a code defect.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 74f63a090af7.

Label changes

Label changes:

• add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
• add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes terminal output from an after-fix local-review run and a self-review using the new command, which directly demonstrates the changed CLI behavior.
• remove status: ⏳ waiting on author: Current PR status label is status: 👀 ready for maintainer look.
• remove rating: 🦐 gold shrimp: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.

Label justifications:

• P3: This is a useful local workflow feature with limited direct production blast radius.
• merge-risk: 🚨 automation: The PR changes Codex subprocess launching/auth behavior and adds a new review automation command whose Windows/OAuth paths are not fully settled by ordinary Linux CI.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes terminal output from an after-fix local-review run and a self-review using the new command, which directly demonstrates the changed CLI behavior.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes terminal output from an after-fix local-review run and a self-review using the new command, which directly demonstrates the changed CLI behavior.

Evidence reviewed

What I checked:

• AGENTS.md policy read: The full target repository AGENTS.md was read; its conservative automation-safety and release-owned changelog guidance applies because this PR changes ClawSweeper review automation and tests. (AGENTS.md:1, 74f63a090af7)
• Latest PR diff inspected: The latest head 3569490 changes five files with a new local-review command, Codex login-method helpers, Windows-safe Codex launching in the main review/assist, commit-sweeper, and PR-close proof paths, plus tests. (src/clawsweeper.ts:6174, 3569490e022d)
• Previous blockers addressed: The diff now routes the src/clawsweeper.ts review and assist runners through CODEX_BIN, codexLoginMethodConfig(), and win32 shell handling, and localReviewCommand removes the persistent 0.json before invoking Codex. (src/clawsweeper.ts:17010, 3569490e022d)
• Real behavior proof reviewed: The PR body includes terminal output from a real local-review run against an openclaw/crabbox branch and a self-review of this PR's own diff, which is sufficient proof for the happy-path local CLI behavior. (3569490e022d)
• Current review engine provenance: Git blame shows the current runCodex and runCodexAssist paths that this PR extends date to f2ec021, with adjacent commit-sweeper and proof-model launchers introduced in later automation work. (src/clawsweeper.ts:6135, f2ec021eb55c)

Likely related people:

• brokemac79: git blame ties the current runCodex and most of runCodexAssist that this PR extends to f2ec021. (role: introduced current review engine path; confidence: high; commits: f2ec021eb55c; files: src/clawsweeper.ts, src/codex-env.ts, src/commit-sweeper.ts)
• Peter Steinberger: Git history shows commit-sweeper and local read-review related Codex automation work in the same subprocess/review area touched by this PR. (role: adjacent local/commit review contributor; confidence: medium; commits: c0fee089d714, 2807d0d6d1ef; files: src/commit-sweeper.ts, src/clawsweeper.ts)
• Jesse Merhi: git blame shows the PR close coverage proof Codex launcher modified by this PR was introduced in 2af278e. (role: adjacent proof-model launcher contributor; confidence: medium; commits: 2af278ebe246; files: src/pr-close-coverage-proof.ts, test/clawsweeper.test.ts)
• Tak Hoffman: Recent history includes proof nudge and review automation changes near the same ClawSweeper review surface. (role: recent adjacent review automation contributor; confidence: medium; commits: 54422d977482, 9f434e810ec9; files: src/clawsweeper.ts, test/clawsweeper.test.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[anagnorisis2peripeteia]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26942858567
• Updated: 2026-06-04T09:29:33.737Z

[anagnorisis2peripeteia]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26944784680
• Updated: 2026-06-04T10:06:46.915Z

[anagnorisis2peripeteia]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26948321931
• Updated: 2026-06-04T11:22:52.729Z