fix: correct backup recovery command

[steipete]

Summary

• replace unsupported telecrawl --sync never status in generated backup recovery docs with telecrawl status
• add a regression test that rejects the stale flag and requires the supported command
• record the user-visible documentation fix in the changelog

status is already a read-only archive command; it does not import or call Telegram APIs.

Verification

• focused backup README regression test
• GOWORK=off go vet ./...
• GOWORK=off go test -count=1 ./...
• gofumpt v0.10.0: clean
• built CLI local-archive status/metadata/list smoke with private content suppressed
• Codex autoreview: clean, no accepted/actionable findings

No release or version change.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 19, 2026, 7:25 AM ET / 11:25 UTC.

Summary
The PR changes generated backup recovery docs from telecrawl --sync never status to telecrawl status, adds a regression test for that README text, and adds a changelog entry.

Reproducibility: yes. from source inspection: current internal/backup/backup.go emits telecrawl --sync never status, while internal/cli/cli.go defines no global --sync option. I did not run tests or CLI smoke commands because this review is read-only and must avoid checkout artifacts.

Review metrics: 1 noteworthy metric.

• Changed surface: 3 files: 1 generator, 1 test, 1 changelog. The functional fix is narrow, and the only extra surface is release-owned text.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🐚 platinum hermit
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Add redacted terminal output, logs, or a screenshot showing the generated recovery README uses telecrawl status and the command succeeds against a local archive.
• Remove the CHANGELOG.md entry and keep the release-note context in the PR body.

Proof guidance:

• [P1] Needs stronger real behavior proof before merge: The PR body lists a private local smoke run but does not include inspectable after-fix output or media; please add redacted terminal output, logs, a screenshot, or a recording to the PR body, which should trigger re-review or can be followed by a maintainer comment of @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• [P1] The contributor included a CHANGELOG.md edit even though OpenClaw release notes are release-owned; the PR body already carries the release-note context maintainers need.
• [P1] The PR body says a private local smoke was run, but it does not include redacted terminal output, logs, or a screenshot/recording that reviewers can inspect before merge.

Maintainer options:

1. Decide the mitigation before merge
   Land the generated backup README command fix and regression test without contributor-owned changelog churn once real behavior proof is added or explicitly accepted by maintainers.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P1] Human follow-up is needed because the contributor must add inspectable real behavior proof and remove release-owned changelog churn; automation cannot produce proof from the contributor’s local setup.

Security
Cleared: The diff only changes generated documentation text, a regression test, and release-note text; no security or supply-chain path is broadened.

Review findings

• [P3] Remove the changelog edit — CHANGELOG.md:18

Review details

Best possible solution:

Land the generated backup README command fix and regression test without contributor-owned changelog churn once real behavior proof is added or explicitly accepted by maintainers.

Do we have a high-confidence way to reproduce the issue?

Yes from source inspection: current internal/backup/backup.go emits telecrawl --sync never status, while internal/cli/cli.go defines no global --sync option. I did not run tests or CLI smoke commands because this review is read-only and must avoid checkout artifacts.

Is this the best way to solve the issue?

Yes for the core fix: replacing the unsupported command in the generator and pinning it with a focused test is the narrow maintainable solution. The changelog line is not the best path because release owners curate CHANGELOG.md.

Full review comments:

• [P3] Remove the changelog edit — CHANGELOG.md:18
CHANGELOG.md is release-owned for OpenClaw PRs, and the release-note context is already captured in the PR body. Please drop this entry so release owners can curate the changelog separately.
  Confidence: 0.86

Overall correctness: patch is correct
Overall confidence: 0.84

AGENTS.md: not found in the target repository.

Codex review notes: model internal, reasoning high; reviewed against 3e856baea51c.

Label changes

Label changes:

• add P2: The PR fixes a real generated recovery-instruction bug with limited backup-documentation blast radius.
• add rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• add status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The PR body lists a private local smoke run but does not include inspectable after-fix output or media; please add redacted terminal output, logs, a screenshot, or a recording to the PR body, which should trigger re-review or can be followed by a maintainer comment of @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Label justifications:

• P2: The PR fixes a real generated recovery-instruction bug with limited backup-documentation blast radius.
• rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The PR body lists a private local smoke run but does not include inspectable after-fix output or media; please add redacted terminal output, logs, a screenshot, or a recording to the PR body, which should trigger re-review or can be followed by a maintainer comment of @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

What I checked:

• Target repository AGENTS check: No AGENTS.md was found inside the target telecrawl checkout; a parent workspace AGENTS file was outside the target repository.
• Current main still has stale generated recovery text: The generated backup README template on current main still tells users to run telecrawl --sync never status. (internal/backup/backup.go:449, 3e856baea51c)
• CLI supports status but has no global --sync flag: The global CLI flags are --json, --db, --source, and --version; status parses its own empty flag set, so --sync never is unsupported. (internal/cli/cli.go:64, 3e856baea51c)
• PR patch fixes the generator and adds a focused regression test: The PR replaces the stale recovery command in writeBackupReadme and adds TestBackupReadmeUsesSupportedStatusCommand. (internal/backup/backup_test.go:532, c1c42b727941)
• Latest release still contains the stale command: The v0.2.0 release tag contains telecrawl --sync never status in the backup README generator, so the central problem has not shipped fixed. (internal/backup/backup.go:593, 49930fd7e801)
• PR head is not on main or a release tag: No local branch or tag contains the PR head commit, so this is still unmerged work rather than implemented-on-main cleanup. (c1c42b727941)

Likely related people:

• steipete: Current-main blame attributes both the generated recovery text and the CLI flag surface to Peter Steinberger, and recent backup-history work also touched the backup generator and tests. (role: introduced behavior and recent area contributor; confidence: high; commits: 49930fd7e801, e07a15d9b42f; files: internal/backup/backup.go, internal/backup/backup_test.go, internal/cli/cli.go)
• the sun gif man: Recent history shows adjacent contributions in internal/cli/cli.go, README.md, and CHANGELOG.md, but not the specific generated backup README line. (role: adjacent area contributor; confidence: medium; commits: 9ef3b111c008, 9df81dcf3183, 01eeecc55fc0; files: internal/cli/cli.go, README.md, CHANGELOG.md)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[steipete]

Landed as 4e6fb27.

Verification:

• focused generated-README regression test: passed
• local vet, full Go tests, and gofumpt v0.10.0: passed
• built CLI local-archive status, metadata, chats, messages, and contacts smoke: passed with private content suppressed
• no Telegram API, import, backup push, or private payload output used
• Codex autoreview: clean, no accepted/actionable findings
• exact-head checks: CI lint/test/deps/secrets, Docker smoke, Go and Actions CodeQL, and GoReleaser snapshot passed

No caveats observed.