[Repo Assist] refactor: share web-login result parsing while preserving API

[github-actions]

🤖 This is an automated pull request from Repo Assist, an AI assistant for this repository.

Summary

WebLoginStartResult and WebLoginWaitResult have the same gateway wire shape, but they are part of the public OpenClaw.Shared API. This PR now preserves those public result types and the existing IOperatorGatewayClient signatures while consolidating the duplicate JSON response parsing inside OpenClawGatewayClient.

Changes

File	Change
src/OpenClaw.Shared/ChannelsSnapshot.cs	Preserve public WebLoginStartResult and WebLoginWaitResult types
src/OpenClaw.Shared/IOperatorGatewayClient.cs	Preserve WebLoginStartAsync / WebLoginWaitAsync return types
src/OpenClaw.Shared/OpenClawGatewayClient.cs	Add shared private ParseWebLoginResponse helper used by both RPC methods
tests/OpenClaw.Tray.Tests/OnboardingChatBootstrapperTests.cs	Keep the fake client aligned with the preserved interface contract

ChannelsPage.xaml.cs continues to use both methods through the existing result properties and required no changes.

Rationale

• Avoids the source-breaking public API removal flagged by ClawSweeper.
• Keeps one parsing path for the identical web.login.start / web.login.wait response payload.
• Leaves future divergence possible by retaining separate public start/wait result types.

After-fix proof

• Public API compatibility: WebLoginStartResult, WebLoginWaitResult, and the original IOperatorGatewayClient method signatures are present after the fix.
• Repo autoreview: clean with no accepted/actionable findings using the repo autoreview helper's Copilot engine.
• Redacted web-login API smoke: a disposable local WebSocket API harness exercised the real OpenClawGatewayClient handshake and the actual WebLoginStartAsync / WebLoginWaitAsync methods against connect.challenge, connect, web.login.start, and web.login.wait frames. Output:

OpenClaw web-login API proof (redacted)
handshake.ready=True
observed.methods=connect,web.login.start,web.login.wait
start.type=WebLoginStartResult connected=False qrPrefix=data:image/png;base64,<redacted> rawHasQr=True
wait.type=WebLoginWaitResult connected=True qrPrefix=data:image/png;base64,<redacted> rawHasConnected=True

• ./build.ps1: passed from a short NTFS junction (C:\oc728) pointing at this worktree; the direct long worktree path hit WinUI PRI path-sensitive tooling before the same build passed through the junction.
• dotnet test .\tests\OpenClaw.Shared.Tests\OpenClaw.Shared.Tests.csproj --no-restore: passed, 2262 passed / 29 skipped.
• dotnet test .\tests\OpenClaw.Tray.Tests\OpenClaw.Tray.Tests.csproj --no-restore: passed, 1088 passed.

Generated by 🌈 Repo Assist, see workflow run. Learn more.

Add this agentic workflows to your repo

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/repo-assist.md@97143ac59cb3a13ef2a77581f929f06719c7402a

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 18, 2026, 4:13 AM ET / 08:13 UTC.

Summary
The PR preserves the public web-login result types and gateway client signatures while moving duplicated web-login JSON response parsing into a private helper.

Reproducibility: not applicable. as a bug reproduction; this is a cleanup PR. Source and diff inspection confirm the branch preserves the existing API and only centralizes duplicated parsing.

Review metrics: 2 noteworthy metrics.

• Net diff surface: 2 files changed; 23 added, 10 removed. The updated PR is a small shared-client cleanup after the earlier public API removal was reverted.
• Public signature changes: 0 interface signature changes. The final diff leaves IOperatorGatewayClient and both web-login result type names intact, resolving the prior compatibility blocker.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🐚 platinum hermit
Result: blocked until real behavior proof from a real setup is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Add redacted after-fix proof of the web-login start/wait path in a real tray or API setup, then update the PR body for re-review.

Proof guidance:

• [P1] Needs real behavior proof before merge: The PR body reports source/API checks and build/test results only; it does not show a real after-fix web-login, tray, API, log, or terminal run for the changed behavior. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• [P1] The PR still lacks redacted after-change proof from a real web-login/tray/API run, so maintainers cannot yet verify the refactor against the live gateway path.

Maintainer options:

1. Decide the mitigation before merge
   Land the private parser helper only after the draft PR includes redacted real web-login or tray/API proof and continues preserving the public API.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P2] The remaining blocker is contributor or maintainer proof from a real setup, not a code repair that automation can supply.

Security
Cleared: The diff only changes C# parsing structure and XML comments; it does not alter dependencies, workflows, secrets, downloads, or security boundaries.

Review details

Best possible solution:

Land the private parser helper only after the draft PR includes redacted real web-login or tray/API proof and continues preserving the public API.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a bug reproduction; this is a cleanup PR. Source and diff inspection confirm the branch preserves the existing API and only centralizes duplicated parsing.

Is this the best way to solve the issue?

Yes. The updated approach is the narrow maintainable solution for the cleanup because it keeps the public contract and shares parsing privately; the remaining gap is proof, not code shape.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 234fa8ff097f.

Label changes

Label changes:

• add P3: This is a low-risk cleanup PR with a narrow diff and no remaining line-level correctness blocker, but it still needs proof before merge.
• remove P2: Current review triage priority is P3, so this older priority label is no longer current.
• remove merge-risk: 🚨 compatibility: Current PR review selected no merge-risk labels.

Label justifications:

• P3: This is a low-risk cleanup PR with a narrow diff and no remaining line-level correctness blocker, but it still needs proof before merge.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body reports source/API checks and build/test results only; it does not show a real after-fix web-login, tray, API, log, or terminal run for the changed behavior. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

What I checked:

• AGENTS.md policy read: Read the full repository AGENTS.md; its validation and connection-surface guidance applies to this shared gateway client change. (AGENTS.md:1, 234fa8ff097f)
• Current main public API: Current main exposes WebLoginStartAsync as Task<WebLoginStartResult?> and WebLoginWaitAsync as Task<WebLoginWaitResult?>. (src/OpenClaw.Shared/IOperatorGatewayClient.cs:110, 234fa8ff097f)
• Current main still has duplicated parsing: Current main repeats the same message, qrDataUrl, connected, and raw response extraction in both web-login methods, so the cleanup is not already implemented on main. (src/OpenClaw.Shared/OpenClawGatewayClient.cs:1224, 234fa8ff097f)
• PR head preserves API while sharing parsing: The PR head keeps the existing interface signatures and maps both result types from a private ParseWebLoginResponse helper. (src/OpenClaw.Shared/OpenClawGatewayClient.cs:1275, 7601ceaab110)
• Net PR file list: GitHub's PR file API shows the final net diff modifies only ChannelsSnapshot comments and OpenClawGatewayClient; IOperatorGatewayClient is no longer changed. (7601ceaab110)
• Validation and proof state: The PR body and Build and Test workflow report passing build/tests, but the body does not include a real web-login, tray, API, log, or terminal proof of the changed behavior. (7601ceaab110)

Likely related people:

• Christine Yan: git log -S WebLoginStartResult and git show trace the shared web-login models and gateway client files to commit 85445c7 in the release-history branch. (role: release-history introducer; confidence: medium; commits: 85445c78066b; files: src/OpenClaw.Shared/ChannelsSnapshot.cs, src/OpenClaw.Shared/IOperatorGatewayClient.cs, src/OpenClaw.Shared/OpenClawGatewayClient.cs)
• AlexAlves87: git blame on current main points the web-login result types, interface signatures, and implementation lines to d5543b9, which added the current shared files in this checkout. (role: current-main import owner; confidence: medium; commits: d5543b904507; files: src/OpenClaw.Shared/ChannelsSnapshot.cs, src/OpenClaw.Shared/IOperatorGatewayClient.cs, src/OpenClaw.Shared/OpenClawGatewayClient.cs)
• ranjeshj: Recent main history includes gateway connection and pairing hardening in OpenClawGatewayClient, and the same collaborator requested this re-review after the branch update. (role: recent area contributor; confidence: medium; commits: ea36b12f9e4c; files: src/OpenClaw.Shared/OpenClawGatewayClient.cs)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[ranjeshj]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27751126744
• Updated: 2026-06-18T10:28:07.420Z

[ranjeshj]

@clawsweeper re-review

[shanselman]

Closing this one as deprecated Repo Assist churn. It preserves behavior, but the repo-assist automation is being removed and this refactor does not materially improve user outcomes or maintenance risk enough to carry forward.