{
  "error": {
    "message": "{\"error\":{\"message\":\"{\\n  \\\"error\\\": {\\n    \\\"code\\\": 403,\\n    \\\"message\\\": \\\"Your API key was reported as leaked. Please use another API key.\\\",\\n    \\\"status\\\": \\\"PERMISSION_DENIED\\\"\\n  }\\n}\\n\",\"code\":403,\"status\":\"Forbidden\"}}",
    "stack": "ApiError: {\"error\":{\"message\":\"{\\n  \\\"error\\\": {\\n    \\\"code\\\": 403,\\n    \\\"message\\\": \\\"Your API key was reported as leaked. Please use another API key.\\\",\\n    \\\"status\\\": \\\"PERMISSION_DENIED\\\"\\n  }\\n}\\n\",\"code\":403,\"status\":\"Forbidden\"}}\n    at throwErrorIfNotOK (file:///home/claude/.npm-global/lib/node_modules/@google/gemini-cli/bundle/chunk-67TFD6HC.js:36178:24)\n    at process.processTicksAndRejections (node:internal/process/task_queues:103:5)\n    at async file:///home/claude/.npm-global/lib/node_modules/@google/gemini-cli/bundle/chunk-67TFD6HC.js:35941:7\n    at async Models.generateContentStream (file:///home/claude/.npm-global/lib/node_modules/@google/gemini-cli/bundle/chunk-67TFD6HC.js:37037:16)\n    at async file:///home/claude/.npm-global/lib/node_modules/@google/gemini-cli/bundle/chunk-UQGLVPZQ.js:278827:19\n    at async file:///home/claude/.npm-global/lib/node_modules/@google/gemini-cli/bundle/chunk-UQGLVPZQ.js:255732:23\n    at async retryWithBackoff (file:///home/claude/.npm-global/lib/node_modules/@google/gemini-cli/bundle/chunk-UQGLVPZQ.js:275704:23)\n    at async GeminiChat.makeApiCallAndProcessStream (file:///home/claude/.npm-global/lib/node_modules/@google/gemini-cli/bundle/chunk-UQGLVPZQ.js:311287:28)\n    at async GeminiChat.streamWithRetries (file:///home/claude/.npm-global/lib/node_modules/@google/gemini-cli/bundle/chunk-UQGLVPZQ.js:311125:29)\n    at async Turn.run (file:///home/claude/.npm-global/lib/node_modules/@google/gemini-cli/bundle/chunk-UQGLVPZQ.js:311618:24)"
  },
  "context": [
    {
      "role": "user",
      "parts": [
        {
          "text": "<session_context>\nThis is the Gemini CLI. We are setting up the context for our chat.\nToday's date is Wednesday, June 24, 2026 (formatted according to the user's locale).\nMy operating system is: linux\nThe project's temporary directory is: /home/claude/.gemini/tmp/pr-review-irzsj5\n- **Workspace Directories:**\n  - /tmp/pr-review-iRzSj5\n- **Directory Structure:**\n\nShowing up to 200 items (files + folders).\n\n/tmp/pr-review-iRzSj5/\n\n\n\n</session_context>"
        }
      ]
    },
    {
      "role": "user",
      "parts": [
        {
          "text": "You are a dedicated code reviewer for this repository. You are deeply familiar with its conventions and codebase.\n\n## Review Task\n\nPR #809: \"build(deps): bump actions/checkout from 6.0.2 to 7.0.0\"\n\nDescription:\nBumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 7.0.0.\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/actions/checkout/releases\">actions/checkout's releases</a>.</em></p>\n<blockquote>\n<h2>v7.0.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>block checking out fork pr for pull_request_target and workflow_run by <a href=\"https://github.com/aiqiaoy\"><code>@​aiqiaoy</code></a> in <a href=\"https://redirect.github.com/actions/checkout/pull/2454\">actions/checkout#2454</a></li>\n<li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by <a href=\"https://github.com/dependabot\"><code>@​dependabot</code></a>[bot] in <a href=\"https://redirect.github.com/actions/checkout/pull/2458\">actions/checkout#2458</a></li>\n<li>Bump flatted from 3.3.1 to 3.4.2 by <a href=\"https://github.com/dependabot\"><code>@​dependabot</code></a>[bot] in <a href=\"https://redirect.github.com/actions/checkout/pull/2460\">actions/checkout#2460</a></li>\n<li>Bump js-yaml from 4.1.0 to 4.2.0 by <a href=\"https://github.com/dependabot\"><code>@​dependabot</code></a>[bot] in <a href=\"https://redirect.github.com/actions/checkout/pull/2461\">actions/checkout#2461</a></li>\n<li>Bump <code>@​actions/core</code> and <code>@​actions/tool-cache</code> and Remove uuid by <a href=\"https://github.com/dependabot\"><code>@​dependabot</code></a>[bot] in <a href=\"https://redirect.github.com/actions/checkout/pull/2459\">actions/checkout#2459</a></li>\n<li>upgrade module to esm and update dependencies by <a href=\"https://github.com/aiqiaoy\"><code>@​aiqiaoy</code></a> in <a href=\"https://redirect.github.com/actions/checkout/pull/2463\">actions/checkout#2463</a></li>\n<li>Bump the minor-npm-dependencies group across 1 directory with 3 updates by <a href=\"https://github.com/dependabot\"><code>@​dependabot</code></a>[bot] in <a href=\"https://redirect.github.com/actions/checkout/pull/2462\">actions/checkout#2462</a></li\n\nReview the diff below. Provide your response as a JSON object with these keys:\n- \"summary\": a concise markdown summary. Tag issues with severity: [blocking] for must-fix, [suggestion] for improvements, [nitpick] for style.\n- \"comments\": array of { \"path\", \"line\", \"body\" } — inline review comments with severity tags\n- \"verdict\": \"approve\" (no blocking issues) or \"request_changes\" (blocking issues found)\n- \"workflow_suggestions\": array of strings — suggestions for improving the development workflow (e.g., \"Consider splitting this PR\", \"Add a pre-commit hook for X\")\n\nFocus on meaningful issues: bugs, security, performance, correctness. Skip trivial style nits.\nReturn ONLY valid JSON, no markdown fences.\n\nDiff:\n```diff\nFile: .github/workflows/ci-bun.yml (modified, +3/-3)\n@@ -20,7 +20,7 @@ jobs:\n       bun_checks_matrix: ${{ steps.manifest.outputs.bun_checks_matrix }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           submodules: false\n \n@@ -52,7 +52,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           submodules: false\n \n@@ -84,7 +84,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.bun_checks_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           submodules: false\n \n\nFile: .github/workflows/ci.yml (modified, +15/-15)\n@@ -54,7 +54,7 @@ jobs:\n       android_matrix: ${{ steps.manifest.outputs.android_matrix }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           fetch-depth: 1\n           fetch-tags: false\n@@ -141,7 +141,7 @@ jobs:\n       PRE_COMMIT_CACHE_KEY_SUFFIX: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.sha }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           fetch-depth: 1\n           fetch-tags: false\n@@ -238,7 +238,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -288,7 +288,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.checks_fast_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -336,7 +336,7 @@ jobs:\n \n       - name: Checkout\n         if: github.event_name != 'pull_request' || matrix.task != 'compat-node22'\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -422,7 +422,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.extension_fast_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -447,7 +447,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -472,7 +472,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -627,7 +627,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -669,7 +669,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -690,7 +690,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -730,7 +730,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.checks_windows_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -844,7 +844,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.macos_node_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -899,7 +899,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -966,7 +966,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.android_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n\nFile: .github/workflows/codeql.yml (modified, +1/-1)\n@@ -70,7 +70,7 @@ jobs:\n             config_file: \"\"\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           submodules: false\n \n\nFile: .github/workflows/docker-release.yml (modified, +4/-4)\n@@ -44,7 +44,7 @@ jobs:\n           fi\n \n       - name: Checkout selected tag\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: refs/tags/${{ inputs.tag }}\n           fetch-depth: 0\n@@ -77,7 +77,7 @@ jobs:\n       slim-digest: ${{ steps.build-slim.outputs.digest }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}\n           fetch-depth: 0\n@@ -194,7 +194,7 @@ jobs:\n       slim-digest: ${{ steps.build-slim.outputs.digest }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}\n           fetch-depth: 0\n@@ -308,7 +308,7 @@ jobs:\n       contents: read\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}\n           fetch-depth: 0\n\nFile: .github/workflows/install-smoke.yml (modified, +2/-2)\n@@ -23,7 +23,7 @@ jobs:\n       run_install_smoke: ${{ steps.manifest.outputs.run_install_smoke }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           fetch-depth: 1\n           fetch-tags: false\n@@ -87,7 +87,7 @@ jobs:\n       DOCKER_BUILD_RECORD_UPLOAD: \"false\"\n     steps:\n       - name: Checkout CLI\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n \n       - name: Set up Docker Builder\n         uses: docker/setup-buildx-action@v4\n\nFile: .github/workflows/macos-release.yml (modified, +1/-1)\n@@ -39,7 +39,7 @@ jobs:\n           fi\n \n       - name: Checkout selected tag\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: refs/tags/${{ inputs.tag }}\n           fetch-depth: 0\n\nFile: .github/workflows/mcp-config-drift.yml (modified, +1/-1)\n@@ -4,7 +4,7 @@ jobs:\n   drift-warn:\n     runs-on: ubuntu-latest\n     steps:\n-      - uses: actions/checkout@v6.0.2\n+      - uses: actions/checkout@v7.0.0\n       - name: Compare against gbharg/exult-agent main\n         env:\n           # Fine-grained PAT with repo:read on gbharg/exult-agent. GITHUB_TOKEN\n\nFile: .github/workflows/mcp-config-test.yml (modified, +1/-1)\n@@ -8,7 +8,7 @@ jobs:\n   bun-test:\n     runs-on: ubuntu-latest\n     steps:\n-      - uses: actions/checkout@v6.0.2\n+      - uses: actions/checkout@v7.0.0\n       - uses: oven-sh/setup-bun@v2\n       - name: Run renderer parity tests\n         run: bun test tools/mcp-config/render.test.ts\n\nFile: .github/workflows/openclaw-npm-release.yml (modified, +2/-2)\n@@ -39,7 +39,7 @@ jobs:\n           fi\n \n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: refs/tags/${{ inputs.tag }}\n           fetch-depth: 0\n@@ -132,7 +132,7 @@ jobs:\n           fi\n \n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: refs/tags/${{ inputs.tag }}\n           fetch-depth: 0\n\nFile: .github/workflows/plugin-npm-release.yml (modified, +3/-3)\n@@ -52,7 +52,7 @@ jobs:\n       matrix: ${{ steps.plan.outputs.matrix }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.sha }}\n           fetch-depth: 0\n@@ -150,7 +150,7 @@ jobs:\n         plugin: ${{ fromJson(needs.preview_plugins_npm.outputs.matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ needs.preview_plugins_npm.outputs.ref_sha }}\n           fetch-depth: 1\n@@ -185,7 +185,7 @@ jobs:\n         plugin: ${{ fromJson(needs.preview_plugins_npm.outputs.matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ needs.preview_plugins_npm.outputs.ref_sha }}\n           fetch-depth: 1\n\nFile: .github/workflows/sandbox-common-smoke.yml (modified, +1/-1)\n@@ -27,7 +27,7 @@ jobs:\n     runs-on: blacksmith-16vcpu-ubuntu-2404\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           submodules: false\n \n\nFile: .github/workflows/workflow-sanity.yml (modified, +3/-3)\n@@ -19,7 +19,7 @@ jobs:\n     runs-on: blacksmith-16vcpu-ubuntu-2404\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n \n       - name: Fail on tabs in workflow files\n         run: |\n@@ -51,7 +51,7 @@ jobs:\n     runs-on: blacksmith-16vcpu-ubuntu-2404\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n \n       - name: Install actionlint\n         shell: bash\n@@ -80,7 +80,7 @@ jobs:\n     runs-on: blacksmith-16vcpu-ubuntu-2404\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n \n       - name: Setup Node environment\n         uses: ./.github/actions/setup-node-env\n```\n\n-"
        }
      ]
    },
    {
      "role": "user",
      "parts": [
        {
          "text": "You are a dedicated code reviewer for this repository. You are deeply familiar with its conventions and codebase.\n\n## Review Task\n\nPR #809: \"build(deps): bump actions/checkout from 6.0.2 to 7.0.0\"\n\nDescription:\nBumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 7.0.0.\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/actions/checkout/releases\">actions/checkout's releases</a>.</em></p>\n<blockquote>\n<h2>v7.0.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>block checking out fork pr for pull_request_target and workflow_run by <a href=\"https://github.com/aiqiaoy\"><code>@​aiqiaoy</code></a> in <a href=\"https://redirect.github.com/actions/checkout/pull/2454\">actions/checkout#2454</a></li>\n<li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by <a href=\"https://github.com/dependabot\"><code>@​dependabot</code></a>[bot] in <a href=\"https://redirect.github.com/actions/checkout/pull/2458\">actions/checkout#2458</a></li>\n<li>Bump flatted from 3.3.1 to 3.4.2 by <a href=\"https://github.com/dependabot\"><code>@​dependabot</code></a>[bot] in <a href=\"https://redirect.github.com/actions/checkout/pull/2460\">actions/checkout#2460</a></li>\n<li>Bump js-yaml from 4.1.0 to 4.2.0 by <a href=\"https://github.com/dependabot\"><code>@​dependabot</code></a>[bot] in <a href=\"https://redirect.github.com/actions/checkout/pull/2461\">actions/checkout#2461</a></li>\n<li>Bump <code>@​actions/core</code> and <code>@​actions/tool-cache</code> and Remove uuid by <a href=\"https://github.com/dependabot\"><code>@​dependabot</code></a>[bot] in <a href=\"https://redirect.github.com/actions/checkout/pull/2459\">actions/checkout#2459</a></li>\n<li>upgrade module to esm and update dependencies by <a href=\"https://github.com/aiqiaoy\"><code>@​aiqiaoy</code></a> in <a href=\"https://redirect.github.com/actions/checkout/pull/2463\">actions/checkout#2463</a></li>\n<li>Bump the minor-npm-dependencies group across 1 directory with 3 updates by <a href=\"https://github.com/dependabot\"><code>@​dependabot</code></a>[bot] in <a href=\"https://redirect.github.com/actions/checkout/pull/2462\">actions/checkout#2462</a></li\n\nReview the diff below. Provide your response as a JSON object with these keys:\n- \"summary\": a concise markdown summary. Tag issues with severity: [blocking] for must-fix, [suggestion] for improvements, [nitpick] for style.\n- \"comments\": array of { \"path\", \"line\", \"body\" } — inline review comments with severity tags\n- \"verdict\": \"approve\" (no blocking issues) or \"request_changes\" (blocking issues found)\n- \"workflow_suggestions\": array of strings — suggestions for improving the development workflow (e.g., \"Consider splitting this PR\", \"Add a pre-commit hook for X\")\n\nFocus on meaningful issues: bugs, security, performance, correctness. Skip trivial style nits.\nReturn ONLY valid JSON, no markdown fences.\n\nDiff:\n```diff\nFile: .github/workflows/ci-bun.yml (modified, +3/-3)\n@@ -20,7 +20,7 @@ jobs:\n       bun_checks_matrix: ${{ steps.manifest.outputs.bun_checks_matrix }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           submodules: false\n \n@@ -52,7 +52,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           submodules: false\n \n@@ -84,7 +84,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.bun_checks_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           submodules: false\n \n\nFile: .github/workflows/ci.yml (modified, +15/-15)\n@@ -54,7 +54,7 @@ jobs:\n       android_matrix: ${{ steps.manifest.outputs.android_matrix }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           fetch-depth: 1\n           fetch-tags: false\n@@ -141,7 +141,7 @@ jobs:\n       PRE_COMMIT_CACHE_KEY_SUFFIX: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.sha }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           fetch-depth: 1\n           fetch-tags: false\n@@ -238,7 +238,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -288,7 +288,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.checks_fast_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -336,7 +336,7 @@ jobs:\n \n       - name: Checkout\n         if: github.event_name != 'pull_request' || matrix.task != 'compat-node22'\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -422,7 +422,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.extension_fast_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -447,7 +447,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -472,7 +472,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -627,7 +627,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -669,7 +669,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -690,7 +690,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -730,7 +730,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.checks_windows_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -844,7 +844,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.macos_node_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -899,7 +899,7 @@ jobs:\n     timeout-minutes: 20\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n@@ -966,7 +966,7 @@ jobs:\n       matrix: ${{ fromJson(needs.preflight.outputs.android_matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           persist-credentials: false\n           submodules: false\n\nFile: .github/workflows/codeql.yml (modified, +1/-1)\n@@ -70,7 +70,7 @@ jobs:\n             config_file: \"\"\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           submodules: false\n \n\nFile: .github/workflows/docker-release.yml (modified, +4/-4)\n@@ -44,7 +44,7 @@ jobs:\n           fi\n \n       - name: Checkout selected tag\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: refs/tags/${{ inputs.tag }}\n           fetch-depth: 0\n@@ -77,7 +77,7 @@ jobs:\n       slim-digest: ${{ steps.build-slim.outputs.digest }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}\n           fetch-depth: 0\n@@ -194,7 +194,7 @@ jobs:\n       slim-digest: ${{ steps.build-slim.outputs.digest }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}\n           fetch-depth: 0\n@@ -308,7 +308,7 @@ jobs:\n       contents: read\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}\n           fetch-depth: 0\n\nFile: .github/workflows/install-smoke.yml (modified, +2/-2)\n@@ -23,7 +23,7 @@ jobs:\n       run_install_smoke: ${{ steps.manifest.outputs.run_install_smoke }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           fetch-depth: 1\n           fetch-tags: false\n@@ -87,7 +87,7 @@ jobs:\n       DOCKER_BUILD_RECORD_UPLOAD: \"false\"\n     steps:\n       - name: Checkout CLI\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n \n       - name: Set up Docker Builder\n         uses: docker/setup-buildx-action@v4\n\nFile: .github/workflows/macos-release.yml (modified, +1/-1)\n@@ -39,7 +39,7 @@ jobs:\n           fi\n \n       - name: Checkout selected tag\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: refs/tags/${{ inputs.tag }}\n           fetch-depth: 0\n\nFile: .github/workflows/mcp-config-drift.yml (modified, +1/-1)\n@@ -4,7 +4,7 @@ jobs:\n   drift-warn:\n     runs-on: ubuntu-latest\n     steps:\n-      - uses: actions/checkout@v6.0.2\n+      - uses: actions/checkout@v7.0.0\n       - name: Compare against gbharg/exult-agent main\n         env:\n           # Fine-grained PAT with repo:read on gbharg/exult-agent. GITHUB_TOKEN\n\nFile: .github/workflows/mcp-config-test.yml (modified, +1/-1)\n@@ -8,7 +8,7 @@ jobs:\n   bun-test:\n     runs-on: ubuntu-latest\n     steps:\n-      - uses: actions/checkout@v6.0.2\n+      - uses: actions/checkout@v7.0.0\n       - uses: oven-sh/setup-bun@v2\n       - name: Run renderer parity tests\n         run: bun test tools/mcp-config/render.test.ts\n\nFile: .github/workflows/openclaw-npm-release.yml (modified, +2/-2)\n@@ -39,7 +39,7 @@ jobs:\n           fi\n \n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: refs/tags/${{ inputs.tag }}\n           fetch-depth: 0\n@@ -132,7 +132,7 @@ jobs:\n           fi\n \n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: refs/tags/${{ inputs.tag }}\n           fetch-depth: 0\n\nFile: .github/workflows/plugin-npm-release.yml (modified, +3/-3)\n@@ -52,7 +52,7 @@ jobs:\n       matrix: ${{ steps.plan.outputs.matrix }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.sha }}\n           fetch-depth: 0\n@@ -150,7 +150,7 @@ jobs:\n         plugin: ${{ fromJson(needs.preview_plugins_npm.outputs.matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ needs.preview_plugins_npm.outputs.ref_sha }}\n           fetch-depth: 1\n@@ -185,7 +185,7 @@ jobs:\n         plugin: ${{ fromJson(needs.preview_plugins_npm.outputs.matrix) }}\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           ref: ${{ needs.preview_plugins_npm.outputs.ref_sha }}\n           fetch-depth: 1\n\nFile: .github/workflows/sandbox-common-smoke.yml (modified, +1/-1)\n@@ -27,7 +27,7 @@ jobs:\n     runs-on: blacksmith-16vcpu-ubuntu-2404\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n         with:\n           submodules: false\n \n\nFile: .github/workflows/workflow-sanity.yml (modified, +3/-3)\n@@ -19,7 +19,7 @@ jobs:\n     runs-on: blacksmith-16vcpu-ubuntu-2404\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n \n       - name: Fail on tabs in workflow files\n         run: |\n@@ -51,7 +51,7 @@ jobs:\n     runs-on: blacksmith-16vcpu-ubuntu-2404\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n \n       - name: Install actionlint\n         shell: bash\n@@ -80,7 +80,7 @@ jobs:\n     runs-on: blacksmith-16vcpu-ubuntu-2404\n     steps:\n       - name: Checkout\n-        uses: actions/checkout@v6.0.2\n+        uses: actions/checkout@v7.0.0\n \n       - name: Setup Node environment\n         uses: ./.github/actions/setup-node-env\n```\n\n-"
        }
      ]
    }
  ]
}