openclaw - 💡(How to fix) Fix [Feature]: Protect main from red-baseline CI commits

Summary

Protect main from accepting normal commits that leave required CI red, and make first-bad attribution explicit when main does go red.

Problem to solve

Recent main CI failures repeatedly blocked unrelated pull requests. The affected PRs inherited red checks from main, even though their diffs did not touch the failing surfaces.

Observed examples from May 27, 2026:

• 09d2682cd8c3acab436242b09cde186e48dd83d1 (fix(openai): resolve gpt-5.5 without cached catalog) introduced a checks-node-agentic-agents failure. The failing test was src/agents/embedded-agent-runner/model.test.ts, with Unknown model: openai/gpt-5.5.
• 21d96098664d86d92b2cbee5afbfe5f9612e5112 (fix(gateway): quarantine unsupported effective tool schemas) introduced a checks-fast-bundled-protocol failure. The protocol check showed generated Swift output wanted ToolsEffectiveNotice / ToolsEffectiveResult.notices, but the checked-in generated artifact was stale.

Once main is red, later unrelated commits and open PRs appear to fail even when they only inherit the broken baseline. This creates avoidable churn: rebases, reruns, duplicate diagnosis, and contributor confusion.

Proposed solution

1. Require merge queue, or an equivalent synthetic-merge validation, for normal merges into main.
2. Include maintainer-authored changes in the same protection path by default. If direct maintainer pushes remain possible, require an explicit emergency bypass reason and treat the next commit as a red-baseline repair.
3. Pause normal merges while main is red, except commits explicitly targeting the failing baseline.
4. Make generated-artifact checks required for schema/protocol changes. For example, when gateway protocol schema files change, the generated protocol artifacts should be checked and committed before merge.
5. Add a main CI failure attribution comment or bot summary that reports:
   • head SHA
   • author and committer
   • associated PR when available
   • failed jobs
   • first failing test or generated diff snippet
   • whether the failure is first-bad or inherited from an earlier red commit

Alternatives considered

• Ask every open PR author to rebase and rerun after each main break. This does not scale and pushes baseline ownership onto unrelated contributors.
• Let contributors open test/CI-only PRs for known main failures. CONTRIBUTING.md explicitly discourages this because maintainers track known main failures, and it still leaves unrelated PRs blocked while the baseline is red.
• Rely on manual chat/PR comments to explain that a failure is inherited. This helps case-by-case, but it does not prevent the next red baseline or provide durable attribution.

Impact

• Affected users/systems/channels: contributors and maintainers working with GitHub PR CI, especially PRs that need required checks to become mergeable.
• Severity: medium to high for contributor throughput. The product may still work, but unrelated PRs become blocked by inherited main failures.
• Frequency: observed multiple times on May 27, 2026 in recent main CI history.
• Consequence: repeated CI reruns, unnecessary rebases, duplicate investigations, and difficulty distinguishing PR regressions from inherited baseline failures.

Evidence/examples

Recent main CI evidence:

• Run 26538360530 on 09d2682cd8c3acab436242b09cde186e48dd83d1 failed checks-node-agentic-agents with Unknown model: openai/gpt-5.5 in src/agents/embedded-agent-runner/model.test.ts.
• Run 26539198617 on 21d96098664d86d92b2cbee5afbfe5f9612e5112 failed both checks-node-agentic-agents and checks-fast-bundled-protocol.
• Run 26539429081 on 67277088ebeb5c90d608908a51b2659d4f342b9b still failed the same baseline checks, indicating later commits inherited the red state.
• PR #87309 was blocked by those inherited failures before a later rewrite/verification pass produced green PR CI.

Additional information

This is a process/tooling request, not a request for contributors to submit a test-only PR chasing already-red main checks. The goal is to make the default merge path prevent red baselines, and to make exceptions obvious and attributable when maintainers intentionally bypass normal protection.