.agents/skills/openclaw-ci-limits/SKILL.md
Use this skill for CI capacity changes, not ordinary test failure triage. The goal is to keep OpenClaw fast while staying below GitHub's self-hosted runner registration edge limit.
openclaw currently report a 10,000 per
5-minute bucket in actions_runner_registration. Verify the live bucket
before each tuning pass because GitHub can change it. The openclaw
organization shares one bucket.actions_runner_registration separately; core quota can be healthy while
runner registration is throttled.Before changing CI, collect current pressure:
ghx api rate_limit --jq '{core:.resources.core,graphql:.resources.graphql,search:.resources.search,actions_runner_registration:.resources.actions_runner_registration}'
ghx run list -R openclaw/openclaw --limit 20 --json databaseId,status,conclusion,workflowName,event,headBranch,createdAt,updatedAt,url
ghx run list -R openclaw/clawsweeper --limit 20 --json databaseId,status,conclusion,workflowName,event,headBranch,createdAt,updatedAt,url
curl -fsS https://clawsweeper.openclaw.ai/api/status | jq '{generated_at,fleet,diagnostics:{errors:.diagnostics.errors}}'
curl -fsS https://clawsweeper.openclaw.ai/api/exact-review-queue | jq '.'
node scripts/ci-run-timings.mjs --latest-main
node scripts/ci-run-timings.mjs --recent 10
Read:
.github/workflows/ci.yml.github/workflows/codeql-critical-quality.ymldocs/ci.mdtest/scripts/ci-workflow-guards.test.tsscripts/lib/*ci*, scripts/lib/*test-plan*, or
scripts/ci-changed-scope.mjsClassify the issue before changing caps:
generate-jitconfig, and API core quota is still healthy. Treat 422 as this
signal only when the request payload is otherwise valid. Fix burstiness and
Blacksmith job count.$openclaw-test-performance instead of runner tuning.$github:gh-fix-ci or
$openclaw-testing, not this skill.openclaw/clawsweeper, not OpenClaw CI.Estimate worst-case registrations for a change before editing:
new Blacksmith registrations ~= number of Blacksmith jobs that can become queued
inside one 5 minute window
For matrix jobs, count every row that can start in the 5-minute window.
strategy.max-parallel only caps simultaneous rows; short rows can turn over
and register more runners before the window resets. Use job duration, retries,
and queue turnover to justify any lower estimate. Add non-matrix Blacksmith jobs
such as preflight, security-fast, build-artifacts, and platform lanes.
For repeated pushes, multiply by the number of runs expected to reach
Blacksmith admission in the same 5-minute window, including runs canceled after
admission. The debounce only suppresses pushes that arrive while
runner-admission is still sleeping; once Blacksmith jobs register, those
registrations are spent even if a later push cancels the run. If timing is
uncertain, count every sequential push in the window.
Reject a change unless the org-level worst case stays below about 60% of the live bucket. With the current 10,000-registration bucket, keep planned Blacksmith burst load under 6,000 registrations per 5 minutes with headroom for ClawSweeper, ClawHub, Clownfish, OpenClaw RTT, and Clawbench.
Prefer these in order:
main runs before Blacksmith work starts.runner-admission hosted debounce for canonical main pushes.
Change OPENCLAW_MAIN_CI_DEBOUNCE_SECONDS only with evidence.ubuntu-24.04.strategy.max-parallel for bursty Blacksmith matrices.$openclaw-test-performance; do not hide a slow
test problem by registering more runners.Do not:
max-parallel values at once;workflow_dispatch runs cancel normal push/PR validation;These are intentionally guarded by test/scripts/ci-workflow-guards.test.ts:
CI concurrency key version and cancel-in-progress for PRs and canonical
main pushes.runner-admission on ubuntu-24.04 with
OPENCLAW_MAIN_CI_DEBOUNCE_SECONDS=90.preflight and security-fast needing runner-admission.build-artifacts on blacksmith-16vcpu-ubuntu-2404.blacksmith-4vcpu-ubuntu-2404.blacksmith-8vcpu-ubuntu-2404.ubuntu-24.04 with no blacksmith- labels.When changing one knob, update docs/ci.md and the guard test in the same PR.
For workflow-only or docs/skill-only changes in a Codex worktree:
node scripts/run-vitest.mjs test/scripts/ci-workflow-guards.test.ts
node scripts/check-workflows.mjs
node scripts/docs-list.js
./node_modules/.bin/oxfmt --check .github/workflows/ci.yml .github/workflows/codeql-critical-quality.yml docs/ci.md test/scripts/ci-workflow-guards.test.ts .agents/skills/openclaw-ci-limits/SKILL.md .agents/skills/openclaw-ci-limits/agents/openai.yaml
git diff --check
If pnpm docs:list tries to reconcile dependencies in a linked Codex worktree,
stop and use node scripts/docs-list.js.
For a PR before requesting maintainer approval:
.agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main
ghx pr checks <pr> -R openclaw/openclaw --watch --interval 15
Use hosted exact-head gates for CI workflow tuning. Do not burn local
pnpm test on unrelated full-suite proof.
Only after the maintainer explicitly asks you to prepare or land the PR, run the repo-native mutating wrapper:
scripts/pr review-init <pr>
scripts/pr review-artifacts-init <pr>
scripts/pr review-validate-artifacts <pr>
OPENCLAW_TESTBOX=1 scripts/pr prepare-run <pr>
prepare-run can push a prepared commit to the PR branch. Only run
scripts/pr merge-run <pr> after the maintainer has explicitly asked you to
land the PR. Both commands mutate GitHub state.
After merge, watch at least one fresh main cycle and the adjacent repos:
ghx run list -R openclaw/openclaw --limit 20 --json databaseId,status,conclusion,workflowName,event,headBranch,createdAt,updatedAt,url
for repo in openclaw/clawsweeper openclaw/clawhub openclaw/clownfish openclaw/openclaw-rtt openclaw/clawbench; do
ghx run list -R "$repo" --limit 12 --json databaseId,status,conclusion,workflowName,event,headBranch,createdAt,updatedAt,url
done
curl -fsS https://clawsweeper.openclaw.ai/api/exact-review-queue | jq '.'
Report: