AgentSkillsCN

clawcommit

在软件交付流水线中集成并运行ClawCommit的提交-揭示决策日志功能。适用于设置链上AI决策证明、对接CI/CD工作流、执行提交/揭示操作、重放验证揭示交易、排查确定性哈希不匹配问题,或启用OpenClaw Native的PR/合并决策追踪功能的场景。

SKILL.md
--- frontmatter
name: clawcommit
description: Integrate and operate ClawCommit commit-reveal decision logging for software delivery pipelines. Use when setting up onchain AI decision attestations, wiring CI/CD workflows, running commit/reveal operations, replay-verifying reveal transactions, troubleshooting deterministic hash mismatches, or enabling OpenClaw Native PR/merge decision tracking.

ClawCommit

Overview

Use this skill to add tamper-evident AI decision logs to engineering workflows with a commit-reveal flow and deterministic replay verification. Prioritize deterministic payload handling, secret hygiene, and reproducible verification artifacts.

Integration Modes

  • CLI scripts: Use when a repo already has ClawCommit scripts.
  • GitHub Action: Use for PR, merge, and release automation.
  • SDK: Use for application-level integrations.
  • MCP server: Use for agent tool-use integrations.
  • OpenClaw Native: Use for deterministic PR validation payloads, redacted PR comments, and artifact-driven merge reveal automation.

Detect available surfaces first:

  • scripts/commit.ts, scripts/reveal.ts, scripts/replay.ts
  • integrations/github-action/action.yml
  • integrations/sdk/package.json
  • integrations/mcp-server/index.js

If none exist, propose one integration mode and implement only what the user requested.

For OpenClaw-specific requests, prioritize:

  • .github/workflows/openclaw-pr-commit.yml
  • .github/workflows/openclaw-merge-reveal.yml
  • scripts/integration/build-openclaw-payload.js
  • scripts/integration/post-cycle-links.js
  • skills/openclaw-native/

Required Configuration

  • BSC_RPC_URL: RPC endpoint.
  • CLAWCOMMIT_CONTRACT: deployed contract address.
  • PRIVATE_KEY: required for commit/reveal writes.
  • NETWORK: Hardhat network name.
  • ALLOW_MAINNET_WRITES: set true only with explicit user confirmation.

Workflow

  1. Normalize payload deterministically.
  • Keep prompt, output, modelVersion, and nonce byte-identical between commit and reveal.
  • Persist commitId and nonce to artifact storage (.clawcommit/*.json or CI artifacts).
  1. Execute commit.
bash
npx hardhat run scripts/commit.ts --network "$NETWORK" -- \
  --contract "$CLAWCOMMIT_CONTRACT" \
  --prompt "$PROMPT" \
  --output "$OUTPUT" \
  --model-version "$MODEL_VERSION" \
  --nonce "$NONCE" \
  --allow-mainnet-writes "${ALLOW_MAINNET_WRITES:-false}" \
  --log-sensitive false
  1. Execute reveal.
bash
npx hardhat run scripts/reveal.ts --network "$NETWORK" -- \
  --contract "$CLAWCOMMIT_CONTRACT" \
  --commit-id "$COMMIT_ID" \
  --prompt "$PROMPT" \
  --output "$OUTPUT" \
  --model-version "$MODEL_VERSION" \
  --nonce "$NONCE" \
  --allow-mainnet-writes "${ALLOW_MAINNET_WRITES:-false}" \
  --log-sensitive false
  1. Verify deterministic replay.
bash
npx ts-node scripts/replay.ts --tx "$REVEAL_TX_HASH" --rpc "$BSC_RPC_URL"

Treat replay mismatch as a release blocker.

  1. Publish verification artifacts.
  • Capture commit tx, reveal tx, contract address, and replay verification output.
  • Attach artifacts to CI runs or release evidence.

GitHub Action Path

When integrations/github-action/action.yml exists:

  • Use uses: <owner>/<repo>/integrations/github-action@<ref>.
  • Provide private-key, rpc-url, and contract-address from secrets.
  • Use action: commit for pre-merge workflows and action: reveal for post-merge or release workflows.
  • Persist commit metadata (commit id, nonce, payload) between jobs using artifacts.

Troubleshooting

  • insufficient funds: fund signer with BNB for gas.
  • could not detect network: verify RPC URL and selected network.
  • Replay hash mismatch: recover exact original payload and nonce.
  • Mainnet write blocked: set explicit allow flag only after user confirmation.

Output Expectations

Return:

  • exact commands run,
  • files changed,
  • verification status for commit/reveal/replay,
  • unresolved risks (secret scope, artifact retention, mainnet safety).