Gate MXC E2E on GitHub Actions

[shanselman]

Summary

• Skip MXC-only E2E proofs in GitHub Actions unless OPENCLAW_RUN_MXC_E2E=1 is explicitly set
• Preserve local MXC-enabled Windows validation via the existing OPENCLAW_RUN_E2E=1 gate and runtime availability probe
• Document hosted Actions skip behavior and self-hosted opt-in guidance

Validation

• dotnet build .\tests\OpenClaw.E2ETests\OpenClaw.E2ETests.csproj -r win-x64
• dotnet test .\tests\OpenClaw.E2ETests\OpenClaw.E2ETests.csproj --no-build --no-restore --filter "FullyQualifiedName~MxcSetupAndConnectTests" --logger "trx;LogFileName=mxc-skip.trx" --results-directory <temp> -r win-x64 with OPENCLAW_RUN_E2E=1, GITHUB_ACTIONS=true, and no OPENCLAW_RUN_MXC_E2E confirmed both MXC tests report skipped / TRX NotExecuted
• .\build.ps1
• dotnet test .\tests\OpenClaw.Shared.Tests\OpenClaw.Shared.Tests.csproj --no-restore
• dotnet test .\tests\OpenClaw.Tray.Tests\OpenClaw.Tray.Tests.csproj --no-restore

Review

• python .agents\skills\autoreview\scripts\autoreview --mode local --engine copilot --model gpt-5.5 returned clean
• Default Codex helper could not start because the installed Codex CLI rejected --ignore-user-config; Claude helper could not start because installed Claude Code was below the helper's --safe-mode minimum

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 26, 2026, 11:43 AM ET / 15:43 UTC.

Summary
The branch adds a GitHub Actions-specific opt-in gate for MXC E2E tests and documents hosted-runner skip versus self-hosted MXC validation behavior.

Reproducibility: not applicable. as an issue reproduction; this is a PR review. Source inspection shows current main runs setup-connect E2E on windows-latest with OPENCLAW_RUN_E2E=1, and the PR body reports the after-change GITHUB_ACTIONS=true skip validation.

Review metrics: 2 noteworthy metrics.

• Diff size: 2 files changed, +14/-0. The patch is small, but it changes E2E execution behavior rather than only docs.
• New CI opt-in: 1 environment variable added. OPENCLAW_RUN_MXC_E2E becomes the switch for running MXC-only proofs in GitHub Actions.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• none.

Risk before merge

• [P1] Merging intentionally reduces hosted GitHub Actions MXC coverage by reporting the MXC-only proof tests as skipped unless OPENCLAW_RUN_MXC_E2E=1 is set, so maintainers should accept that the real MXC proof remains local or self-hosted opt-in.

Maintainer options:

1. Accept Hosted-Runner Skip Gate (recommended)
   Merge with the documented expectation that hosted Actions skip MXC-only proofs and MXC-enabled self-hosted runners opt in with OPENCLAW_RUN_MXC_E2E=1.
2. Require Self-Hosted Proof Wiring First
   Pause until maintainers wire or document a required self-hosted MXC job before allowing cloud CI to skip these proofs by default.

Next step before merge

• No automated repair is needed; maintainer review should decide whether the hosted Actions skip behavior is the desired MXC proof policy before merge.

Security
Cleared: No security or supply-chain concern was found; the diff only changes test skip logic and documentation, with no dependency, secret, permission, or runtime sandbox boundary change.

Review details

Best possible solution:

Land the gate if maintainers accept that hosted Actions should skip MXC-only proofs by default and local or MXC-enabled self-hosted runners remain the authoritative runtime validation path.

Do we have a high-confidence way to reproduce the issue?

Not applicable as an issue reproduction; this is a PR review. Source inspection shows current main runs setup-connect E2E on windows-latest with OPENCLAW_RUN_E2E=1, and the PR body reports the after-change GITHUB_ACTIONS=true skip validation.

Is this the best way to solve the issue?

Yes, the implementation is a narrow test gate before MXC probing and preserves local/self-hosted validation through the existing E2E gate plus explicit MXC opt-in. The remaining question is maintainer acceptance of the hosted CI coverage tradeoff.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against e70868d82bf0.

Label changes

Label changes:

• add P2: This is a normal-priority CI/E2E reliability fix with limited blast radius but real maintainer review value.
• add merge-risk: 🚨 automation: The diff changes GitHub Actions E2E skip behavior and can mask MXC proof execution unless self-hosted runners opt in explicitly.
• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body reports after-fix E2E validation with OPENCLAW_RUN_E2E=1, GITHUB_ACTIONS=true, and no MXC opt-in, confirming both MXC tests were skipped/NotExecuted in TRX output.
• add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body reports after-fix E2E validation with OPENCLAW_RUN_E2E=1, GITHUB_ACTIONS=true, and no MXC opt-in, confirming both MXC tests were skipped/NotExecuted in TRX output.

Label justifications:

• P2: This is a normal-priority CI/E2E reliability fix with limited blast radius but real maintainer review value.
• merge-risk: 🚨 automation: The diff changes GitHub Actions E2E skip behavior and can mask MXC proof execution unless self-hosted runners opt in explicitly.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body reports after-fix E2E validation with OPENCLAW_RUN_E2E=1, GITHUB_ACTIONS=true, and no MXC opt-in, confirming both MXC tests were skipped/NotExecuted in TRX output.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body reports after-fix E2E validation with OPENCLAW_RUN_E2E=1, GITHUB_ACTIONS=true, and no MXC opt-in, confirming both MXC tests were skipped/NotExecuted in TRX output.

Evidence reviewed

What I checked:

• Repository policy read: AGENTS.md was read fully; its validation and Windows-node testing guidance are relevant to this PR review, while the read-only ClawSweeper contract prevented running builds or tests locally. (AGENTS.md:1, e70868d82bf0)
• Current main runs setup-connect E2E in GitHub Actions: The setup-connect shard runs on windows-latest with OPENCLAW_RUN_E2E=1 and explicitly accepts MXC proof tests as either Passed or NotExecuted/Skipped, so a targeted hosted-runner skip fits the existing workflow shape. (.github/workflows/ci.yml:292, e70868d82bf0)
• Current main lacks the Actions-specific MXC gate: MxcE2ETestGate currently checks the general E2E opt-in and then probes MXC availability; there is no GITHUB_ACTIONS or OPENCLAW_RUN_MXC_E2E decision before the probe on main. (tests/OpenClaw.E2ETests/E2EFactAttribute.cs:38, e70868d82bf0)
• PR diff adds the narrow opt-in gate: The PR adds GITHUB_ACTIONS detection plus OPENCLAW_RUN_MXC_E2E opt-in before MXC probing, preserving the existing OPENCLAW_RUN_E2E local gate and runtime probe when not on Actions or when opted in. (tests/OpenClaw.E2ETests/E2EFactAttribute.cs:42, be2d662fd9a1)
• Related proof layer already merged: The merged Gateway system.run MXC E2E proof at Add Gateway system.run MXC runtime E2E proof #787 introduced the current MXC E2E gate and docs; this PR is a follow-up to the hosted Actions behavior, not a duplicate of that merged proof layer. (tests/OpenClaw.E2ETests/E2EFactAttribute.cs:20, e70868d82bf0)

Likely related people:

• TheAngryPit: Current main blame and history show the merged Gateway MXC E2E proof, MxcE2ETestGate, setup fixture, and Windows Node testing docs were introduced by the merged proof-layer commit. (role: recent E2E proof contributor; confidence: high; commits: e70868d82bf0; files: tests/OpenClaw.E2ETests/E2EFactAttribute.cs, tests/OpenClaw.E2ETests/Setup/MxcE2ESetupFixture.cs, tests/OpenClaw.E2ETests/Setup/MxcSetupAndConnectTests.cs)
• shanselman: Git history shows prior CI coverage work and MXC support-gate/sandbox-state changes in the same automation and MXC availability area, in addition to this PR proposal. (role: recent CI and MXC adjacent contributor; confidence: high; commits: b41fe8243cc3, f52b829a6f3c, cd02defd9942; files: .github/workflows/ci.yml, src/OpenClaw.Shared/Mxc/MxcAvailability.cs, src/OpenClaw.Tray.WinUI/Pages/SandboxPage.xaml.cs)
• Vincent Koc: History around OPENCLAW_RUN_E2E and the original workflow/test scaffold points to earlier E2E gating and CI setup work, though the current MXC-specific proof layer is newer. (role: original E2E/CI scaffold contributor; confidence: medium; commits: 6811d6a3e21b; files: tests/OpenClaw.E2ETests/E2EFactAttribute.cs, .github/workflows/ci.yml)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.