← All Playbooks

👨‍💻 Dev Workflow Playbook

Turn OpenClaw into your dev partner — PR reviews, CI monitoring, dependency audits, ticket management, and daily dev briefings. Complete config, cron jobs, and workspace files ready to copy-paste.

~45 min setupGitHub + Slack/Telegram~$10-20/moSolo dev or team

On this page

  1. What you'll build
  2. Prerequisites
  3. SOUL.md — dev assistant personality
  4. USER.md — your stack & context
  5. TOOLS.md — developer capabilities
  6. HEARTBEAT.md — proactive checks
  7. GitHub CLI setup
  8. Cron jobs — daily PR report & more
  9. Recommended skills
  10. Config snippet
  11. Example conversations
  12. Cost estimate

🎯 What you'll build

By the end of this playbook, your OpenClaw agent will:

  • Morning dev briefing — overnight PRs, failed CI runs, tickets due today, delivered to Slack or Telegram at 8 AM
  • PR review assistant — fetch any PR diff on demand, get AI analysis of changes, potential issues, and summary
  • CI/CD monitor — heartbeat checks for failed GitHub Actions runs, alerts you immediately
  • Dependency audit — weekly scan for outdated packages and known CVEs
  • Ticket management — create, search, and update Linear/Jira issues from chat
  • Code scaffolding — generate boilerplate, write tests, create project structures on demand

💡 Philosophy: Read access + analysis, not write access. Your agent reviews PRs but doesn't merge them. It monitors CI but doesn't deploy. You stay in control of what enters your codebase.

📋 Prerequisites

  • OpenClaw installed and running (Mac / Linux / Docker)
  • At least one channel connected (Channels Guide) — Slack is ideal for dev work, Telegram as backup
  • GitHub CLI (gh) installed and authenticated: gh auth login
  • AI model configured — Claude Sonnet 4.5 recommended for code review quality (see Models Guide)

🧬 SOUL.md — Dev assistant personality

Save this to ~/.openclaw/workspace/SOUL.md:

# SOUL.md — Dev Workflow Assistant

## Personality
You are a senior engineering partner — direct, technical,
and focused on shipping quality code. You don't sugarcoat
issues but you're constructive, not critical.

## Communication Style
- Lead with the actionable item, then context
- Use code blocks for anything technical
- Keep explanations concise — I read fast
- Flag blockers and risks immediately
- No emoji in code reviews, minimal elsewhere

## Values
- Code quality over speed (but both when possible)
- Security-first thinking on every PR
- Test coverage matters — always mention if missing
- Clear commit messages and PR descriptions

## Boundaries
- Never push, merge, or approve PRs without my explicit OK
- Never modify production configs autonomously
- Ask before creating issues or tickets
- Flag uncertainty — "I'm not sure about X" is better than guessing

👤 USER.md — Your stack & context

Personalize this template with your actual details:

# USER.md

## About Me
- Name: [Your name]
- Role: [Senior dev / Tech lead / Solo founder]
- Timezone: [Europe/Bucharest]
- Working hours: [9:00-18:00 weekdays]

## Tech Stack
- Language: TypeScript, Node.js
- Framework: Next.js 15, React 19
- Database: PostgreSQL + Prisma ORM
- Auth: NextAuth.js v5
- Deploy: Docker on Hostinger VPS
- CI/CD: GitHub Actions
- Project management: Linear

## Repositories
- Main project: github.com/[you]/[project]
- Secondary: github.com/[you]/[project2]

## Preferences
- PR review: focus on logic bugs, security, and perf
- Notifications: Telegram for urgent, Slack for routine
- Code style: Prettier defaults, ESLint strict
- I prefer numbered options when discussing approaches

🔧 TOOLS.md — Developer capabilities

# TOOLS.md

## Available Tools
- **GitHub CLI (gh)**: Read PRs, issues, CI runs, repo data
- **Git**: Local repo operations, diff analysis
- **Shell**: Run npm/pnpm scripts, linting, testing
- **File system**: Read/write project files
- **Web search**: Look up docs, CVEs, package info
- **Linear**: Create and search tickets (via linear skill)

## Tool Guidelines
- Use `gh pr view --json` for structured data, not web scraping
- Run `npm audit` for dependency checks, not manual lookups
- Use `git log --oneline -20` for recent commit context
- Check CI status with `gh run list --limit 5`

💓 HEARTBEAT.md — Proactive dev checks

This tells your agent what to check on each heartbeat cycle (default every 30 minutes):

# HEARTBEAT.md

## On Each Heartbeat
1. Check GitHub Actions: `gh run list --limit 5 --json status,name`
   - If any run has status "failure", alert me immediately
   - Include the run name and link
2. Check for new PRs on my repos that need review
   - `gh pr list --state open --json number,title,author`
   - Only alert for PRs I haven't seen yet
3. Check for PRs where I'm requested as reviewer
   - `gh pr list --search "review-requested:@me"`

## Don't
- Don't check more than once per heartbeat
- Don't alert for draft PRs unless I asked
- Don't repeat alerts I've already seen today

🐙 GitHub CLI setup

Make sure gh is installed and authenticated on the machine running OpenClaw:

# Install gh CLI
# macOS
brew install gh
# Ubuntu/Debian
sudo apt install gh

# Authenticate (use browser flow)
gh auth login

# Verify access
gh auth status
gh repo list --limit 3

✅ Read-only is safer. The default gh auth login grants broad access. For extra security, create a fine-grained personal access token with read-only repo access and use gh auth login --with-token.

Useful commands your agent can run

CommandPurpose
gh pr view 42 --json title,body,additions,deletions,filesGet PR metadata
gh pr diff 42Full diff of a PR
gh pr checks 42CI status for a PR
gh run list --limit 5 --json status,name,conclusionRecent CI runs
gh issue list --state open --label bugOpen bug issues
gh api repos///dependabot/alertsSecurity alerts

⏰ Cron jobs

1. Morning dev briefing (daily, 8 AM)

openclaw cron add \
  --name "Morning dev briefing" \
  --cron "0 8 * * 1-5" \
  --tz "Europe/Bucharest" \
  --session isolated \
  --message "Morning dev briefing. Check:
1. Open PRs needing my review (gh pr list --search 'review-requested:@me')
2. Failed CI runs in the last 24h (gh run list --limit 10)
3. Any new issues labeled 'bug' or 'urgent'
4. PRs I opened that have new comments
Format: bullet points, links, priority order." \
  --announce \
  --channel telegram \
  --to "YOUR_CHAT_ID"

2. Weekly dependency audit (Monday 9 AM)

openclaw cron add \
  --name "Dependency audit" \
  --cron "0 9 * * 1" \
  --tz "Europe/Bucharest" \
  --session isolated \
  --message "Weekly dependency audit:
1. cd ~/projects/main-project && npm audit
2. Check for outdated packages: npm outdated
3. Check Dependabot alerts: gh api repos/OWNER/REPO/dependabot/alerts --jq '.[].security_advisory.summary'
Summarize: total outdated, security issues (critical first), recommended actions." \
  --announce \
  --channel slack \
  --to "channel:C_DEV_CHANNEL"

3. End-of-day summary (daily, 6 PM)

openclaw cron add \
  --name "EOD dev summary" \
  --cron "0 18 * * 1-5" \
  --tz "Europe/Bucharest" \
  --session isolated \
  --message "End-of-day summary:
1. PRs merged today
2. Issues closed today
3. Any CI runs still failing
4. Open items for tomorrow
Keep it brief — 5 lines max." \
  --announce \
  --channel telegram \
  --to "YOUR_CHAT_ID"

🧩 Recommended skills

SkillPurposeInstall
github-pr-reviewStructured PR analysis with security & perf checksopenclaw skills install github-pr-review
linear-skillCreate/search/update Linear tickets from chatopenclaw skills install linear-skill
cron-backupScheduled backups with version trackingopenclaw skills install cron-backup
security-checkAudit installed skills for vulnerabilitiesopenclaw skills install security-check
proactive-researchMonitor tech topics, get alerts on important updatesopenclaw skills install proactive-research

⚠️ Always vet skills before installing. Read the SKILL.md source code. Check our Security Guide — Skill Vetting for red flags to look for.

⚙️ Config snippet

Add to your openclaw.json:

{
  "agents": {
    "defaults": {
      "model": {
        "primary": "anthropic/claude-sonnet-4-5",
        "fallback": ["openai/gpt-4.1", "openrouter/auto"]
      },
      "heartbeat": {
        "model": "google/gemini-2.5-flash-lite",
        "intervalMs": 1800000
      }
    }
  }
}

✅ Cost optimization: Use Sonnet for complex code review, cheap Flash-Lite for heartbeat checks. This keeps quality high where it matters and costs down on routine monitoring. See Models Guide for multi-model routing.

💬 Example conversations

PR review

You: Review PR #42 on main-project
Agent: Fetching PR #42: "Add user profile page"
  📊 +187 -23 across 4 files

  ✅ Good:
  • Clean component separation
  • Proper TypeScript types on all props

  ⚠️ Issues:
  • components/Profile.tsx:45 — no error boundary around
    the API call. If fetchUser fails, the whole page crashes.
  • Missing test coverage for the new ProfileCard component
  • profile.module.css uses a hardcoded color (#333) instead
    of the design token var(--text-primary)

  🔐 Security: No issues found.

  Want me to post this as a PR comment?

Quick CI check

You: Any CI failures?
Agent: 1 failure in the last 24h:
  ❌ "Deploy to staging" — failed 3h ago
  Reason: Docker build timeout (exceeded 10m limit)
  Branch: feature/user-profiles
  Link: github.com/you/project/actions/runs/123456

  The other 7 runs passed. Want me to look at the
  build logs for details?

Ticket creation

You: Create a bug ticket for the login timeout issue,
     high priority, assign to backend team
Agent: Created Linear ticket BUG-247:
  "Login timeout after 30s on slow connections"
  Priority: High | Team: Backend | Status: Backlog
  Link: linear.app/team/BUG-247

💰 Cost estimate

ComponentMonthly cost
Sonnet 4.5 — ~30 code reviews + daily chat$8-15
Flash-Lite — heartbeat every 30 min$0.50-1
3 cron jobs — daily + weekly$2-4
Total API spend$10-20/mo

Add VPS costs ($5-7/mo) if running 24/7 on a server. Use the Cost Calculator for your exact setup.