CI fails even when the JSON shows zero cycles

Align cwd with the config path, delete stale artifacts between jobs, and confirm other rules (for example folder boundaries) are not counted as cycles in your reducer.

The PR comment is too long

Keep three exemplar cycles inline, push the raw JSON to pipeline storage, and link with a stable job URL that does not require a reviewer login.

dependency-cruiser · circular deps · OpenClaw · 2026

2026 OpenClaw Frontend on a Remote Mac:
Parse dependency-cruiser JSON, Gate Cycles, and Merge One PR Summary

April 30, 2026 Frontend platform & architecture gates 9 min read

Audience: teams that already run dependency-cruiser in CI but want a single, skimmable pull-request digest—especially when the worker is a leased remote Mac next to Safari or Playwright jobs. This HowTo fixes one JSON path, encodes violation tiers with explicit module ceilings, and shows how an OpenClaw-style gateway or a thin script can trigger the summary and merge it with lint blocks. Pair the merge pattern with ESLint + Stylelint JSON merge on remote Mac, tighten unused surface with knip unused-export PR summaries, and keep tokens off laptops via scoped automation for summaries.

00 HowTo: reproducible checklist

Run the same command order on your laptop, hosted CI, and the remote Mac so relative paths inside graph.json stay comparable when a gateway rewrites them. The goal is not a prettier graph viewer in chat; it is a policy layer that turns machine output into one comment humans open once per push.

Commit .dependency-cruiser.js with explicit roots, excludes, and rule names you will reference in exit-code logic.
Emit JSON only to artifacts/depcruise/graph.json (create the directory in the job) and keep stdout for short human logs.
Count cycles, maximum cycle length in modules, scanned module totals, and map each bucket to info, warn, or error using the table below.
Render Markdown: headline, one-line totals, a three-row cycle table at most, then a truncation note with pipeline coordinates.
Trigger summarization only after the artifact upload finishes—webhook body carries GIT_SHA, PR_NUMBER, artifact relative path, and a thresholds_version string.
Upsert the PR comment with a stable hidden marker; concatenate dependency output after lint sections or let the gateway emit one bundled document.

When graphs get large, the remote Mac still wins on parity with designer laptops because Apple Silicon throughput matches what you ship to production bundlers—just ensure node_modules caches warm the same way everywhere.

01 JSON contract and artifact path

Treat artifacts/depcruise/graph.json as the only downstream input. Parsers should not depend on stdout shape, and you should not paste multi-megabyte JSON into LLM prompts—pass path plus version metadata to the OpenClaw worker instead.

Example command (pin versions in package.json):

npx depcruise src \
  --config .dependency-cruiser.js \
  --output-type json \
  --output artifacts/depcruise/graph.json

If summary-only reporters hide cycles you care about, log both summary tallies and detailed violations in your reducer so “green JSON” cannot disagree with the rule table.

02 Violation tiers and module ceilings

Copy the table into your repo README, bump thresholds_version whenever numbers change, and branch policy: warn rows exit 0 but prepend WARN to the Markdown title; error rows exit 1 and block merge on protected branches.

Tier	When it fires (examples)	Exit code
info	Zero cycles, or every cycle is allow-listed by module prefix.	0
warn	1–2 cycles, each cycle ≤ 6 modules, Markdown cycle rows ≤ 8, scanned modules ≤ 800.	0 (label comment WARN)
error	≥ 3 cycles, or any cycle > 7 modules, or scanned modules > 800 without an approved architecture review (forces config split).	1

Teams often promote warn → error on release branches only; encode that as a single boolean your gateway reads from the webhook payload so feature branches stay fast while trains stay strict.

03 Parsing JSON and shaping Markdown

Use jq for quick probes in shell pipelines, or a ten-line Node script if you need custom grouping (for example collapsing test-only importers). Extract: cycle count, longest path length per cycle, offending rule names, and total modules to compare against the 800 module budget in the table.

For reviewer ergonomics, print at most three cycles as a Markdown table where each cell shows at most three relative path segments joined with → . Everything else becomes “+N additional cycles (see artifact)”. That compression is what makes the digest merge cleanly with ESLint tables without blowing past provider payload limits.

If you also ship bundle-level graphs, keep dependency-cruiser authoritative for source cycles; do not double-count the same edge twice when you later add import-graph tooling.

04 Gateway webhook vs runner script

Gateway path: CI uploads graph.json, then POSTs a signed webhook to the OpenClaw worker on the remote Mac with repository coordinates, artifact path, and thresholds_version. The gateway reads the file from shared storage, runs the reducer, optionally calls an OpenAI-compatible model on the Markdown only, and returns the final body to a small service that owns the Git host token.

Script path: check in scripts/depcruise-pr-summary.mjs, invoke it from an OIDC-enabled runner after the artifact step, pipe stdout to gh pr comment or your provider SDK. Both approaches should debounce with job concurrency or a lockfile so nightly sweeps and PR pushes do not fight for the same comment revision.

Secrets never belong in repository variables that front-end developers copy for local testing; keep PATs or GitHub Apps on the gateway or CI secret store, as described in the token-auth article linked above.

05 Merging into one PR comment

Reuse the hidden HTML marker pattern from other OpenClaw digests: hash repository slug, pull number, tool name depcruise, and the SHA256 of graph.json. Search existing bot comments before creating a new thread. When merging with lint output, either (a) fetch the prior body, splice in a  block, and PATCH, or (b) have the gateway assemble lint + deps in deterministic section order so reviewers scroll one vertical rhythm.

Retry only HTTP 429 and 5xx responses with capped exponential backoff; dependency graphs are expensive to rebuild, so treat transport flakes separately from policy failures.

Public navigation: MacWww Home, Pricing, Help, and Buy / Rent are all available without creating an account first—use them when you need Apple Silicon hosts before wiring automation.

Takeaway

When graph.json lands on a fixed path and thresholds are versioned, your remote Mac gateway can own the boring parts: parse dependency-cruiser output, classify cycles, emit tight Markdown, and merge that block into the same PR comment as lint summaries—so architects see import health beside code style without opening another dashboard.

Buying signal

Circular detection walks the whole tree; validating that on a dedicated remote Mac avoids burning laptop battery and matches the CPU profile you use beside WebKit jobs. When you are ready to provision the machine that hosts the gateway scripts, open the public Buy / Rent page, confirm cycle time on Pricing, and skim Help for checkout expectations—then wire depcruise as the first stage so later jobs inherit a clean module story.

Apple Silicon · dependency gates

Host dependency-cruiser Summaries on a Remote Mac

Lease an Apple Silicon remote Mac, park OpenClaw merge scripts beside Safari or Playwright workers, and finish checkout from the public pages below—no login required to compare plans.

JSON contract One PR comment Apple Silicon

Buy / Rent — No Login View Pricing Help Center

2026 OpenClaw Frontend on a Remote Mac: Parse dependency-cruiser JSON, Gate Cycles, and Merge One PR Summary