docs: serve ClawHub docs with shared OpenClaw renderer

[Patrick-Erichsen]

Summary

• Build ClawHub docs/ with the shared openclaw/docs renderer via the openclaw-docs-site GitHub dependency.
• Serve the generated docs from ClawHub under /docs, with ClawHub branding, the ClawHub docs corpus, and the Molty docs shell.
• Point ClawHub app, email, backend, and CLI docs links at https://clawhub.ai/docs/... instead of the old OpenClaw-hosted ClawHub docs paths.
• Restore the ClawHub site header changes: Skills, Plugins, Docs in the nav; Publishers removed; theme control in the profile dropdown.

Proof

• UI proof comment: docs: serve ClawHub docs with shared OpenClaw renderer #2609 (comment)
• Local rendered docs smoke checked /docs/, /docs/quickstart/, and /docs/plugin-validation-fixes/: all returned 200 and included the ClawHub + Ask Molty docs shell.

Tests

• bunx vitest run scripts/docs-builder.test.mjs convex/lib/emails.test.ts emails/emailTemplates.test.tsx src/__tests__/header.test.tsx src/__tests__/ui-design-contract.test.ts src/__tests__/skills-publish-route.test.tsx src/__tests__/plugins-publish-route.test.tsx src/__tests__/package-detail-route.test.tsx convex/packageInspectorNode.test.ts packages/clawhub/src/cli/commands/packages.test.ts
• bunx vitest run convex/packages.public.test.ts
• bun run docs:build && bun run docs:smoke
• bun run ci:static
• bun run ci:unit
• bun run ci:types-build
• bun run ci:packages

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clawhub	Ready	Preview, Comment	Jun 13, 2026 1:55am

[vercel]

Vite dev proxy for /ask-molty/* forwards ClawHub Cookie/Authorization headers cross-origin, bypassing the credential-stripping the Nitro server route enforces.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 12, 2026, 9:57 PM ET / 01:57 UTC.

Summary
Review failed before ClawSweeper could summarize the requested change.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Review metrics: none identified.

Merge readiness
Overall: 🌊 off-meta tidepool
Proof: 🌊 off-meta tidepool
Patch quality: 🌊 off-meta tidepool
Result: rating does not apply to this item.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• [P1] No close action taken because the review did not complete.

Maintainer options:

1. Decide the mitigation before merge
   Retry the Codex review after fixing the execution failure.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Codex review notes: model internal, reasoning high; reviewed against 4b3c2bb63020.

Label changes

Label changes:

• remove P1: Current review triage priority is none.
• remove merge-risk: 🚨 compatibility: Current PR review selected no merge-risk labels.
• remove merge-risk: 🚨 security-boundary: Current PR review selected no merge-risk labels.
• remove merge-risk: 🚨 availability: Current PR review selected no merge-risk labels.

Label justifications:

• rating: 🌊 off-meta tidepool: Overall readiness is 🌊 off-meta tidepool; proof is 🌊 off-meta tidepool and patch quality is 🌊 off-meta tidepool.

Evidence reviewed

What I checked:

• failure reason: codex execution failed.
• codex failure detail: Codex review failed for this PR with exit 1.
• codex stderr: merge main into ClawHub docs PR".

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[Patrick-Erichsen]

ClawHub UI Proof

Status: pass
Mode: feature
Scenario: ClawHub docs rendered from shared openclaw/docs builder
Provider: local-playwright
Baseline: not run for feature proof.
Candidate: pe/claw-274-docs-site

ClawHub docs quickstart renders with Molty shell

Raw proof files: https://github.com/openclaw/clawhub/tree/qa-artifacts/clawhub-ui-proof/pr-2609/proof

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm env-runner is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/nitro@3.0.260429-beta → npm/env-runner@0.1.11 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/env-runner@0.1.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm kind-of is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/kind-of@6.0.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/kind-of@6.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm markdown-it is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/markdown-it@14.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/markdown-it@14.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report