OpenClaw Starter Packs

Engineering teams running AI code generation and getting nervous about what is merging

Code Factory

Review gates and evidence checks before agents merge code. One contract file defines what passes and what does not.

Buy for $249 Back to packs

Outcomes

  • • That PR that merged on a 3-commit-old review? That stops.
  • • Bad PRs get caught before CI spins up and you pay for it
  • • Works with whatever review tool you already use — CodeRabbit, Greptile, CodeQL, or your own

What is included

Repo safety design

  • • Single contract file structure and versioning rules
  • • Risk tiers by path and required checks mapping
  • • Docs-drift rules for workflow and policy changes

Gates and proof requirements

  • • Preflight policy gate workflow pattern
  • • Current-head SHA enforcement rules
  • • Evidence manifests for UI and critical flows

Step-by-step workflows

  • • Rerun requester dedupe by sha marker
  • • Auto-resolve bot-only threads after a clean rerun
  • • Harness-gap loop: when something breaks that checks should have caught, write a test so it cannot happen again

Conversation preview

Preview: Code Factory in action

Me

We want agents to open PRs, but we keep getting stale reviews and risky merges. Can we make this deterministic?

Code Factory

Yes. We’ll define one contract (risk tiers + required checks + evidence), add a preflight policy gate before CI fanout, and enforce current-head SHA discipline so only review/evidence tied to the PR head is accepted. Then we can add an optional remediation loop for review findings.

Illustrative conversation preview. The exact review tool can vary; the control-plane pattern stays consistent.

Memory files

  • • repo_contract.md
  • • risk_tiers.md
  • • required_checks.md
  • • evidence_manifest.md
  • • review_agent_rules.md
  • • remediation_loop.md
  • • harness_gap_log.md
  • • decisions.md

Context questions at startup

  • • Which repos are in scope and what are your risk areas (payments/auth/data migrations/UI)?
  • • What CI providers and test frameworks do you use today (GitHub Actions, Playwright, etc.)?
  • • Which review agents/tools do you want to integrate (CodeRabbit, Greptile, CodeQL, custom)?
  • • What evidence do you want to require for UI/critical changes (tests, traces, manifests)?

Tools guidance

  • • git and PR discipline, branches, head SHA, reruns
  • • CI workflows, preflight gate then fanout
  • • code review bots and check-run APIs
  • • browser testing and evidence artifacts via Playwright or Cypress

Sets up repo safety rules so AI code doesn't break things. One contract file, clear gates, no stale merges.