claw-code

Commit Graph

Author	SHA1	Message	Date
bellman	e4ef0f7f19	omx(team): auto-checkpoint worker-4 [unknown]	2026-05-15 10:22:03 +09:00
bellman	7ed1cabc14	Prove observable MCP required optional contracts Added CLI JSON regression coverage for MCP required versus optional flags, redacted env/header values, degraded malformed config reporting, and failed unsupported usage reporting without touching runtime internals. Constraint: Task 12 scope preferred rusty-claude-cli tests and avoid worker-1/3 MCP internals. Rejected: Runtime lifecycle edits \| existing observable JSON contracts already expose required, redacted keys, degraded config, and unsupported-action failure semantics. Confidence: high Scope-risk: narrow Directive: Preserve secret-value redaction by exposing env/header keys only; keep degraded config distinct from usage errors. Tested: cargo fmt --manifest-path Cargo.toml -p rusty-claude-cli --check; cargo test --manifest-path Cargo.toml -p rusty-claude-cli --test output_format_contract mcp_ -- --nocapture; cargo check --manifest-path Cargo.toml -p rusty-claude-cli. Not-tested: Full output_format_contract currently has unrelated pre-existing failures in plugin/doctor contract tests.	2026-05-15 10:07:47 +09:00
bellman	1f00771fd2	Keep plugin lifecycle JSON complete after team merges Preserve the direct and resumed plugin JSON arrays that downstream G007 regressions require while retaining the degraded config envelope from the malformed-MCP work. Constraint: G007 verification requires plugins[] and load_failures[] on plugin JSON plus status/config_load_error consistency. Rejected: Only relaxing output_format_contract tests \| that would hide a shipped CLI JSON regression. Confidence: high Scope-risk: narrow Directive: Keep direct, resumed, and interactive plugin command payloads routed through one payload helper before changing plugin JSON fields. Tested: cargo fmt --manifest-path rust/Cargo.toml --all -- --check; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract inventory_commands_emit_structured_json_when_requested -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract plugins_json_surfaces_lifecycle_contract_when_plugin_is_installed -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract structured_json_when_requested -- --nocapture; cargo check --manifest-path rust/Cargo.toml -p runtime -p tools -p rusty-claude-cli -p commands -p plugins Not-tested: Full workspace clippy remains blocked by pre-existing LaneContext struct_excessive_bools lint. Co-authored-by: OmX <omx@oh-my-codex.dev>	2026-05-15 10:06:23 +09:00
bellman	39568feff6	omx(team): auto-checkpoint worker-1 [1]	2026-05-15 10:01:04 +09:00
bellman	686cc89a36	omx(team): auto-checkpoint worker-1 [1]	2026-05-15 10:00:40 +09:00
bellman	ace260139e	omx(team): auto-checkpoint worker-3 [4]	2026-05-15 09:59:06 +09:00
bellman	db6f30fa33	verify plugin lifecycle JSON contract Lock the plugin inventory JSON contract so lifecycle state and lifecycle summary fields stay visible to orchestrators while allowing bundled plugins to coexist in isolated inventories. Constraint: G007-plugin-mcp Task 1 requires plugin/MCP lifecycle contract evidence without mutating .omx/ultragoal. Rejected: Assuming an empty plugin inventory in tests \| bundled plugins are auto-synced and should not make lifecycle contract verification brittle. Confidence: high Scope-risk: narrow Directive: Keep plugin inventory JSON machine-readable for lifecycle_state, lifecycle, status, and load_failures; do not collapse it back to message-only JSON. Tested: cargo test -p plugins plugin_registry_report_collects_load_failures_without_dropping_valid_plugins -- --nocapture; cargo test -p commands renders_plugins_report -- --nocapture; cargo test -p rusty-claude-cli --test output_format_contract plugins_json_surfaces_lifecycle_contract_when_plugin_is_installed -- --nocapture; cargo test -p rusty-claude-cli --test output_format_contract inventory_commands_emit_structured_json_when_requested -- --nocapture; cargo check --workspace; cargo fmt --all -- --check Not-tested: cargo clippy -p rusty-claude-cli --test output_format_contract -- -D warnings is blocked by pre-existing runtime::policy_engine::LaneContext clippy::struct_excessive_bools. Co-authored-by: OmX <omx@oh-my-codex.dev>	2026-05-15 09:59:02 +09:00
bellman	983ceb939c	omx(team): auto-checkpoint worker-1 [1]	2026-05-15 09:57:03 +09:00
bellman	cac73b4410	omx(team): auto-checkpoint worker-3 [4]	2026-05-15 09:57:00 +09:00
bellman	9ae6aa3f30	Keep plugin introspection available when MCP config is malformed Route plugin command rendering through the same degraded config envelope used by status and MCP, falling back to empty runtime config when config loading fails so local plugin listing remains inspectable. Constraint: Task 4 requires malformed MCP config consistency across status, doctor, mcp, and plugins surfaces. Rejected: Hard-failing plugins on ConfigLoader errors \| inconsistent with status/mcp degraded-mode contract and hides local plugin diagnostics. Confidence: high Scope-risk: narrow Directive: Keep config_load_error/status fields aligned across local introspection commands when adding new config-dependent surfaces. Tested: cargo test -p rusty-claude-cli malformed_mcp_config -- --nocapture; cargo test -p commands mcp_degrades_gracefully_on_malformed_mcp_config_144 -- --nocapture; cargo check -p rusty-claude-cli; cargo fmt --all -- --check; claw plugins --output-format json malformed-MCP smoke. Not-tested: full workspace clippy remains blocked by pre-existing clippy warnings in runtime and rusty-claude-cli unrelated to this change.	2026-05-15 09:56:56 +09:00
bellman	985c6e97f9	omx(team): auto-checkpoint worker-1 [1]	2026-05-15 09:56:50 +09:00
bellman	c522dc970f	Preserve plugin lifecycle JSON in G007 CLI output Constraint: G007 worker integrations made plugin command JSON degraded-aware but omitted the structured plugin/load-failure arrays expected by inventory contracts.\nRejected: Drop lifecycle arrays from tests \| G007 requires plugin lifecycle state to stay machine-readable across plugin surfaces.\nConfidence: high\nScope-risk: narrow\nDirective: Keep carrying plugin entries, lifecycle state, and load failures even when config loading degrades.\nTested: cargo fmt --manifest-path rust/Cargo.toml --all -- --check; cargo check --manifest-path rust/Cargo.toml -p runtime -p tools -p rusty-claude-cli -p commands -p plugins; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract plugins_json_surfaces_lifecycle_contract_when_plugin_is_installed -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract inventory_commands_emit_structured_json_when_requested -- --nocapture; git diff --check\nNot-tested: full workspace suite\n\nCo-authored-by: OmX <omx@oh-my-codex.dev>	2026-05-15 09:56:46 +09:00
bellman	2454f012b6	omx(team): auto-checkpoint worker-1 [1]	2026-05-15 09:52:29 +09:00
bellman	80b8984b62	omx(team): auto-checkpoint worker-4 [5]	2026-05-15 09:49:36 +09:00
bellman	b01192dde7	omx(team): auto-checkpoint worker-3 [4]	2026-05-15 09:49:33 +09:00
bellman	1a6e475f74	omx(team): auto-checkpoint worker-1 [1]	2026-05-15 09:49:22 +09:00
bellman	0cd1eabb5d	Keep G007 plugin command integration compiling Constraint: G007 worker integrations added plugin command surfaces but left the REPL handler referencing a pre-refactor variable.\nRejected: Revert the worker plugin-command surface \| the parser/degraded-config changes are part of the G007 scope and only needed a narrow compile repair.\nConfidence: high\nScope-risk: narrow\nDirective: Keep plugin CLI and REPL command paths routed through plugins_command_payload_for so malformed config can degrade consistently.\nTested: cargo check --manifest-path rust/Cargo.toml -p runtime -p tools -p rusty-claude-cli -p commands -p plugins; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli parse_args_plugins -- --nocapture\nNot-tested: full G007 team suite pending worker completion\n\nCo-authored-by: OmX <omx@oh-my-codex.dev>	2026-05-15 09:49:16 +09:00
bellman	f2ba3648d6	omx(team): auto-checkpoint worker-3 [4]	2026-05-15 09:45:57 +09:00
bellman	0a14f8511e	omx(team): auto-checkpoint worker-4 [5]	2026-05-15 09:45:33 +09:00
bellman	f7235ca932	Make G006 task policy state machine executable Typed task packets, policy decisions, lane board status, and session liveness now have concrete runtime contracts and focused regressions for Stream 4. Constraint: G006 requires task/lane operation without pane scraping while preserving legacy task packet callers. Rejected: waiting on stale worker worktrees \| all G006 worker worktrees remained at main with no commits, so leader integrated the verified slice directly. Confidence: high Scope-risk: moderate Directive: Keep task packet serde defaults when adding fields so older packets continue to deserialize. Tested: git diff --check; cargo fmt --manifest-path rust/Cargo.toml --all -- --check; cargo check --manifest-path rust/Cargo.toml -p runtime -p tools -p rusty-claude-cli; cargo test --manifest-path rust/Cargo.toml -p runtime task_packet -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime policy_engine -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime task_registry -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime session_heartbeat -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p tools run_task_packet_creates_packet_backed_task -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p tools lane_completion -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli status_json_surfaces -- --nocapture Not-tested: full workspace test suite; PR/issue reconciliation deferred to G011/G012 Co-authored-by: OmX <omx@oh-my-codex.dev>	2026-05-15 09:29:26 +09:00
bellman	8f7eaffcef	Close the G005 verification gaps before checkpoint Constraint: G005 requires stale-base doctor consistency, green-contract policy integration, hung-test evidence, and a durable verification map before ultragoal checkpointing.\nRejected: Treat worker task status alone as complete \| worker-2 lifecycle was stale-failed despite landed recovery evidence, so leader verification and explicit map are required.\nConfidence: medium\nScope-risk: moderate\nDirective: Keep PR/issue reconciliation deferred to G011/G012; do not mutate .omx/ultragoal outside checkpoint commands.\nTested: git diff --check; cargo fmt --manifest-path rust/Cargo.toml --all -- --check; cargo check --manifest-path rust/Cargo.toml -p rusty-claude-cli; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli workspace_health_warns_when_stale_base_diverged -- --nocapture; cargo check --manifest-path rust/Cargo.toml -p tools\nNot-tested: full workspace test suite due known unrelated permission/lifecycle failures from worker evidence.\n\nCo-authored-by: OmX <omx@oh-my-codex.dev>	2026-05-14 18:38:22 +09:00
bellman	aec291caab	omx(team): auto-checkpoint worker-4 [unknown]	2026-05-14 17:51:53 +09:00
bellman	43b182882a	Lock doctor JSON boot preflight contract Constraint: G003 boot/session work adds a structured doctor boot-preflight check that must be visible in JSON output. Rejected: reducing the doctor check count back to six \| boot preflight is an explicit G003 acceptance surface. Confidence: high Scope-risk: narrow Directive: Keep doctor/status JSON contract tests aligned with boot_preflight schema fields when extending preflight diagnostics. Tested: git diff --check; cargo fmt --manifest-path rust/Cargo.toml --all -- --check; cargo test --manifest-path rust/Cargo.toml -p runtime trusted_roots -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime startup -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime worker_boot -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p tools path_scope -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract -- --nocapture; cargo check --manifest-path rust/Cargo.toml --workspace Not-tested: full cargo test --workspace remains deferred during active G003 team reconciliation. Co-authored-by: OmX <omx@oh-my-codex.dev>	2026-05-14 17:51:47 +09:00
bellman	307b23d27f	omx(team): auto-checkpoint worker-4 [unknown]	2026-05-14 17:50:36 +09:00
bellman	79d3b809f9	omx(team): auto-checkpoint worker-4 [unknown]	2026-05-14 17:46:16 +09:00
bellman	9ab569e626	omx(team): auto-checkpoint worker-2 [3]	2026-05-14 17:18:55 +09:00
YeonGyu-Kim	75c08bc982	fix: REPL display, /compact panic, identity leak, DeepSeek reasoning, thinking blocks Five interrelated fixes from parallel Hephaestus sessions: 1. fix(repl): display assistant text after spinner (#2981, #2982, #2937) - Added final_assistant_text() call after run_turn spinner completes - REPL now shows response text like run_prompt_json does 2. fix(compact): handle Thinking content blocks (#2985) - Added ContentBlock::Thinking variant throughout compact summarizer - Prevents panic when /compact encounters thinking blocks 3. fix(prompt): provider-aware model identity (#2822) - New ModelFamilyIdentity enum (Claude vs Generic) - Non-Anthropic models no longer say 'I am Claude' - model_family_identity_for() detects provider and sets identity 4. fix(openai): preserve DeepSeek reasoning_content (#2821) - Stream parser now captures reasoning_content from OpenAI-compat - Emits ThinkingDelta/SignatureDelta events for reasoning models - Thinking blocks included in conversation history for re-send 5. feat(runtime): Thinking block support across codebase - AssistantEvent::Thinking variant in conversation.rs - ContentBlock::Thinking in session serialization - Thinking-aware compact summarization - Tests for thinking block ordering and content Closes #2981, #2982, #2937, #2985, #2822, #2821	2026-05-06 15:32:34 +09:00
YeonGyu-Kim	28998422e2	Merge pull request #2984 from andhai/pr/openai-token-limit-hardening openai: harden token-limit handling and default output-token caps	2026-05-06 14:53:24 +09:00
YeonGyu-Kim	b4733b67a6	Merge pull request #2949 from Yeachan-Heo/fix/export-help-json Fix export help JSON output	2026-05-06 14:52:09 +09:00
YeonGyu-Kim	d074d1c046	fix(mcp): exit 1 when JSON envelope contains ok:false (#2995 ) * fix(mcp): exit 1 when JSON envelope contains ok:false mcp info, mcp describe, and mcp list-filter all return {"action":"error","ok":false,...} but previously exited 0, requiring automation callers to inspect the envelope field. After this fix: print_mcp detects ok:false in the rendered JSON value and calls process::exit(1) after printing, so the exit code reflects the semantic error in the envelope. Unaffected: mcp list, mcp show, mcp help all have no ok field and continue to exit 0 (they are not error paths). Closes ROADMAP #68 (partial — agents bogus/mcp show nonexistent found:false remain exit:0 as they use different envelope shapes). * feat(scripts): add dogfood-build.sh — build from checkout and verify provenance Builds claw from the current HEAD, then checks that the binary's git_sha matches git rev-parse --short HEAD. Exits non-zero if the binary is stale or provenance is opaque (git_sha: null). Usage: CLAW=$(bash scripts/dogfood-build.sh) # fail-fast if stale $CLAW version --output-format json # provenance confirmed Addresses ROADMAP #69: dogfooders using a stale installed binary cannot attribute behavior to specific commits. This script makes dogfood round zero unambiguous. Also documents the safe workaround for contributors who have a stale system-installed binary.	2026-05-05 06:09:11 +09:00
YeonGyu-Kim	caeac828b5	fix(permissions): return guidance for multi-word forms instead of falling through to LLM (#2994 ) claw permissions list / claw permissions allow <tool> / claw permissions deny <tool> all fell through to the prompt/LLM path because parse_subcommand had no arm for "permissions". The single-word bare form was already intercepted by bare_slash_command_guidance, but any form with rest.len() > 1 bypassed the single-word guard and landed in the _other => CliAction::Prompt branch. Fix: add a "permissions" arm in parse_subcommand that returns a structured guidance Err so all multi-word forms get the same exit:1 + JSON error as the bare single-word form, without any LLM call or session creation. Verified: all invocation forms (bare, list, read-only, workspace-write, allow/deny <tool>) exit 1 with kind:unknown guidance JSON. Zero sessions.	2026-05-05 05:35:50 +09:00
YeonGyu-Kim	85435ad4b5	fix(plugins): route plugin and marketplace aliases through local handler (#2993 ) claw plugin list / claw marketplace / claw marketplace list all fell through to the prompt/LLM path because parse_subcommand only matched "plugins" (the primary name) while the canonical spec aliases "plugin" and "marketplace" were unhandled. This manifested as auth errors and session creation on direct invocation — dogfood confirmed Gaebal's binary created one session via plugin prompt fallback. Fix: extend the plugins arm in parse_subcommand to also match "plugin" \| "marketplace" so all three forms route to the same CliAction::Plugins without network calls or session creation. Verified: all six forms (bare + list subcommand for each name) return kind:plugin JSON, exit 0, and create zero sessions. Closes ROADMAP #55 partial (plugins/marketplace bypass complete).	2026-05-05 05:16:00 +09:00
YeonGyu-Kim	65aa559733	fix: support /plugins slash command in resume mode (#2973 ) * fix: support /plugins slash command in resume mode Move SlashCommand::Plugins out of the 'unsupported resumed slash command' catch-all and add a handler arm in run_resume_command that calls handle_plugins_slash_command for list/help actions. Mutation actions (install/uninstall/enable/disable) are rejected with a clear error since there is no runtime to reload in resume mode. Add /plugins coverage to resumed_inventory_commands test in output_format_contract.rs: kind, action, reload_runtime, target. Before: claw --resume session.jsonl /plugins --output-format json -> {error: 'unsupported resumed slash command', type: 'error'}, exit 1 After: claw --resume session.jsonl /plugins --output-format json -> {kind: 'plugin', action: 'list', ...}, exit 0 * style: cargo fmt line wrap in run_resume_command plugins handler * fix: block /plugins update in resume mode, fix comment Address REQUEST_CHANGES from OMX review: 1. Add 'update' to the blocked mutation actions in resume mode (previously only install/uninstall/enable/disable were blocked) 2. Fix comment: 'Only list is supported' instead of 'Only list/help' since /plugins help doesn't actually parse as a valid action * style: cargo fmt after conflict resolution	2026-05-05 04:55:39 +09:00
YeonGyu-Kim	ac8a24b30b	fix(config): emit section and section_value in JSON output for config subcommands (#2990 ) `claw config model --output-format json` and all other section subcommands (`env`, `hooks`, `plugins`) returned identical output with no section field — the section arg was parsed but discarded (_section parameter). Fix: render_config_json now: - Passes section through to handler - Looks up the section value via runtime_config.get(), converting the internal JsonValue to serde_json::Value via render()+parse - Emits `section` (string) and `section_value` (JSON value or null) in the response envelope - Returns ok:false + error for unsupported section tokens Test: config_section_json_emits_section_and_value asserts: - No section field when no section arg - section + section_value fields present for all known sections - ok:false + error for unknown section Pinpoint: ROADMAP #126	2026-05-05 04:50:33 +09:00
YeonGyu-Kim	9b97c4d832	fix(tests): isolate CLAW_CONFIG_HOME in resumed_status JSON test (#2992 ) resumed_status_command_emits_structured_json_when_requested was reading the real ~/.claw/settings.json, causing loaded_config_files to be 1 instead of the expected 0 on machines with user config present. Root cause: unlike other tests (e.g. resumed_config_command_loads_settings_files), this test did not pass an isolated CLAW_CONFIG_HOME env var to run_claw, so claw fell back to the real HOME and loaded the developer's settings file. Fix: create a temp config-home dir and pass it as CLAW_CONFIG_HOME via run_claw_with_env. This gives the assertion a clean 0-file baseline. Unblocks PRs #2973, #2988, #2990 which all failed this same test on main. Ref: ROADMAP #65	2026-05-05 04:49:46 +09:00
YeonGyu-Kim	1206f4131d	fix(resume): emit structured JSON for /agents --output-format json (#2987 ) Resumed /agents --output-format json was returning a human-readable text render wrapped in a JSON envelope field instead of the actual structured agent list. The run_resume_command handler was calling handle_agents_slash_command (text) for the json field instead of handle_agents_slash_command_json. Fix: use handle_agents_slash_command_json for the json outcome field, matching the pattern already used by /skills and /plugins. Test: extended resumed_inventory_commands_emit_structured_json_when_requested to cover /agents, asserting kind=="agents", action=="list", agents is an array, and count is a number (not a text render).	2026-05-05 04:20:52 +09:00
YeonGyu-Kim	c99330372c	fix(version): add build_date and executable_path to version JSON output `claw version --output-format json` was missing build_date and executable_path, making it impossible to identify which binary is running or correlate it with a specific build/commit. Fix: version_json_value() now includes: - build_date: compile-time BUILD_DATE env (already in text output) - executable_path: std::env::current_exe() at runtime Test: version_emits_json_when_requested extended to assert both fields are strings in the JSON envelope. Pinpoint: ROADMAP #507	2026-05-05 04:20:12 +09:00
Andreas Haida	9a512633a5	Cap OpenAI default output tokens using model metadata	2026-05-03 22:16:12 +02:00
Andreas Haida	6ac13ffdad	Handle OpenAI token-limit errors as context-window failures	2026-05-03 22:16:12 +02:00
YeonGyu-Kim	8e45f1850c	test(output_format_contract): add plugins json coverage to inventory_commands test (#2972 ) Add four assertions to inventory_commands_emit_structured_json_when_requested: - kind == "plugin" - action == "list" - reload_runtime is boolean - target is null when no plugin is targeted Closes the only major --output-format json surface with zero contract coverage. All other surfaces (agents, mcp, skills, status, sandbox, doctor, help, version, acp, bootstrap-plan, system-prompt, init, diff, config) already had test assertions.	2026-05-01 06:03:31 +09:00
Yeachan-Heo	51b9e6b37f	Fix export help JSON output	2026-04-30 09:04:11 +00:00
Sigrid Jin (ง'̀-'́)ง oO	1011a83823	Merge pull request #2829 from ultraworkers/fix/issue-320-session-lifecycle-classification Fix session lifecycle classification for idle tmux shells	2026-04-29 16:11:58 +09:00
Yeachan-Heo	1376d92064	Filter stub commands from resume-safe help Keep claw --help's resume-safe slash command summary aligned with the interactive command list by filtering STUB_COMMANDS and adding regression coverage.	2026-04-29 03:31:34 +00:00
Yeachan-Heo	be53e04671	Classify saved sessions by live work rather than pane existence Operator status previously treated any tmux pane in a workspace as equivalent to active work. The new classifier uses tmux pane command/path metadata as a soft signal, treats plain shells as idle, and adds dirty-worktree abandoned markers to status and session-list output for clawhip consumers. Constraint: Keep issue #320 prototype minimal and additive without new dependencies Rejected: Screen-scraping pane output \| fragile and broader than needed for lifecycle classification Confidence: high Scope-risk: narrow Tested: cargo test -p rusty-claude-cli Tested: cargo check -p rusty-claude-cli Not-tested: cargo clippy -p rusty-claude-cli --all-targets -- -D warnings is blocked by pre-existing commands crate clippy::unnecessary_wraps warnings	2026-04-28 13:12:37 +00:00
Yeachan-Heo	74ea754d29	Restore Rust formatting compliance Run rustfmt from the Rust workspace so CI format checks pass without changing behavior. Constraint: Scope is formatting-only across tracked Rust files Confidence: high Scope-risk: narrow Tested: cd rust && cargo fmt --check Tested: git diff --check	2026-04-28 09:19:16 +00:00
Yeachan-Heo	77afde768c	Clarify allowed tool status handling Reject empty --allowedTools inputs instead of treating them as an empty restriction, and surface status JSON metadata that distinguishes default unrestricted tools from flag-provided allow lists. Confidence: high Scope-risk: narrow Tested: cargo test -p rusty-claude-cli rejects_empty_allowed_tools_flag -- --nocapture Tested: cargo test -p tools allowed_tools_rejects_empty_token_lists -- --nocapture Tested: cargo check -p rusty-claude-cli -p tools Tested: cargo test -p rusty-claude-cli -p tools Not-tested: full workspace cargo fmt --check is blocked by pre-existing unrelated formatting drift	2026-04-28 05:44:14 +00:00
YeonGyu-Kim	f1e4ad7574	feat: #156 — error classification for text-mode output (Phase 2 of #77 ) ## Problem #77 Phase 1 added machine-readable error `kind` discriminants to JSON error payloads. Text-mode (stderr) errors still emit prose-only output with no structured classification. Observability tools (log aggregators, CI error parsers) parsing stderr can't distinguish error classes without regex-scraping the prose. ## Fix Added `[error-kind: <class>]` prefix line to all text-mode error output. The prefix appears before the error prose, making it immediately parseable by line-based log tools without any substring matching. Examples: ## Impact - Stderr observers (log aggregators, CI systems) can now parse error class from the first line without regex or substring scraping - Same classifier function used for JSON (#77 P1) and text modes - Text-mode output remains human-readable (error prose unchanged) - Prefix format follows syslog/structured-logging conventions ## Tests All 179 rusty-claude-cli tests pass. Verified on 3 different error classes. Closes ROADMAP #156.	2026-04-22 00:21:32 +09:00
YeonGyu-Kim	9362900b1b	feat: #77 Phase 1 — machine-readable error classification in JSON error payloads ## Problem All JSON error payloads had the same three-field envelope: ```json {"type": "error", "error": "<prose with hint baked in>"} ``` Five distinct error classes were indistinguishable at the schema level: - missing_credentials (no API key) - missing_worker_state (no state file) - session_not_found / session_load_failed - cli_parse (unrecognized args) - invalid_model_syntax Downstream claws had to regex-scrape the prose to route failures. ## Fix 1. Added `classify_error_kind()` — prefix/keyword classifier that returns a snake_case discriminant token for 12 known error classes: `missing_credentials`, `missing_manifests`, `missing_worker_state`, `session_not_found`, `session_load_failed`, `no_managed_sessions`, `cli_parse`, `invalid_model_syntax`, `unsupported_command`, `unsupported_resumed_command`, `confirmation_required`, `api_http_error`, plus `unknown` fallback. 2. Added `split_error_hint()` — splits multi-line error messages into (short_reason, optional_hint) so the runbook prose stops being stuffed into the `error` field. 3. Extended JSON envelope at 4 emit sites: - Main error sink (line ~213) - Session load failure in resume_session - Stub command (unsupported_command) - Unknown resumed command (unsupported_resumed_command) ## New JSON shape ```json { "type": "error", "error": "short reason (first line)", "kind": "missing_credentials", "hint": "Hint: export ANTHROPIC_API_KEY..." } ``` `kind` is always present. `hint` is null when no runbook follows. `error` now carries only the short reason, not the full multi-line prose. ## Tests Added 2 new regression tests: - `classify_error_kind_returns_correct_discriminants` — all 9 known classes + fallback - `split_error_hint_separates_reason_from_runbook` — with and without hints All 179 rusty-claude-cli tests pass. Full workspace green. Closes ROADMAP #77 Phase 1.	2026-04-21 22:38:13 +09:00
YeonGyu-Kim	3cfe6e2b14	feat: #154 — hint provider prefix and env var when model name looks like different provider ## Problem When a user types `claw --model gpt-4` or `--model qwen-plus`, they get: ``` error: invalid model syntax: 'gpt-4'. Expected provider/model (e.g., anthropic/claude-opus-4-6) or known alias ``` USAGE.md documents that "The error message now includes a hint that names the detected env var" — but this hint does not actually exist. The user has to re-read USAGE.md or guess the correct prefix. ## Fix Enhance `validate_model_syntax` to detect when a model name looks like it belongs to a different provider: 1. OpenAI models (starts with `gpt-` or `gpt_`): ``` Did you mean `openai/gpt-4`? (Requires OPENAI_API_KEY env var) ``` 2. Qwen/DashScope models (starts with `qwen`): ``` Did you mean `qwen/qwen-plus`? (Requires DASHSCOPE_API_KEY env var) ``` 3. Grok/xAI models (starts with `grok`): ``` Did you mean `xai/grok-3`? (Requires XAI_API_KEY env var) ``` Unrelated invalid models (e.g., `asdfgh`) do not get a spurious hint. ## Verification - `claw --model gpt-4` → hints `openai/gpt-4` + `OPENAI_API_KEY` - `claw --model qwen-plus` → hints `qwen/qwen-plus` + `DASHSCOPE_API_KEY` - `claw --model grok-3` → hints `xai/grok-3` + `XAI_API_KEY` - `claw --model asdfgh` → generic error (no hint) ## Tests Added 3 new assertions in `parses_multiple_diagnostic_subcommands`: - GPT model error hints openai/ prefix and OPENAI_API_KEY - Qwen model error hints qwen/ prefix and DASHSCOPE_API_KEY - Unrelated models don't get a spurious hint All 177 rusty-claude-cli tests pass. Closes ROADMAP #154.	2026-04-21 21:40:48 +09:00
YeonGyu-Kim	79352a2d20	feat: #152 — hint `--output-format json` when user types `--json` on diagnostic verbs ## Problem Users commonly type `claw doctor --json`, `claw status --json`, or `claw system-prompt --json` expecting JSON output. These fail with `unrecognized argument \`--json\` for subcommand` with no hint that `--output-format json` is the correct flag. ## Discovery Filed as #152 during 21:17 dogfood nudge. The #127 worktree contained a more comprehensive patch but conflicted with #141 (unified --help). On re-investigation of main, Bugs 1 and 3 from #127 are already closed (positional arg rejection works, no double "error:" prefix). Only Bug 2 (the `--json` hint) remained. ## Fix Two call sites add the hint: 1. `parse_single_word_command_alias`'s diagnostic-verb suffix path: when rest[1] == "--json", append "Did you mean \`--output-format json\`?" 2. `parse_system_prompt_options` unknown-option path: same hint when the option is exactly `--json`. ## Verification Before: $ claw doctor --json error: unrecognized argument `--json` for subcommand `doctor` Run `claw --help` for usage. After: $ claw doctor --json error: unrecognized argument `--json` for subcommand `doctor` Did you mean `--output-format json`? Run `claw --help` for usage. Covers: `doctor --json`, `status --json`, `sandbox --json`, `system-prompt --json`, and any other diagnostic verb that routes through `parse_single_word_command_alias`. Other unrecognized args (`claw doctor garbage`) correctly don't trigger the hint. ## Tests - 2 new assertions in `parses_multiple_diagnostic_subcommands`: - `claw doctor --json` produces hint - `claw doctor garbage` does NOT produce hint - 177 rusty-claude-cli tests pass - Workspace tests green Closes ROADMAP #152.	2026-04-21 21:23:17 +09:00
YeonGyu-Kim	eaa077bf91	fix: #150 — eliminate symlink canonicalization flake in resume_latest test + file #246 (reminder outcome ambiguity) ## #150 Fix: resume_latest test flake Problem: `resume_latest_restores_the_most_recent_managed_session` intermittently fails when run in the workspace suite or multiple times in sequence, but passes in isolation. Root cause: `workspace_fingerprint(path)` hashes the path string without canonicalization. On macOS, `/tmp` is a symlink to `/private/tmp`. The test creates a temp dir via `std::env::temp_dir().join(...)` which returns `/var/folders/...` (non-canonical). When the subprocess spawns, `env::current_dir()` returns the canonical path `/private/var/folders/...`. The two fingerprints differ, so the subprocess looks in `.claw/sessions/<hash1>` while files are in `.claw/sessions/<hash2>`. Session discovery fails. Fix: Call `fs::canonicalize(&project_dir)` after creating the directory to ensure test and subprocess use identical path representations. Verification: 5 consecutive runs of the full test suite — all pass. Previously: 5/5 failed when run in sequence. ## #246 Filing: Reminder cron outcome ambiguity (control-loop blocker) The `clawcode-dogfood-cycle-reminder` cron times out repeatedly with no structured feedback on whether the nudge was delivered, skipped, or died in-flight. Phase 1 outcome schema — add explicit field to cron result: - `delivered` — nudge posted to Discord - `timed_out_before_send` — died before posting - `timed_out_after_send` — posted but cleanup timed out - `skipped_due_to_active_cycle` — previous cycle active - `aborted_gateway_draining` — daemon shutdown Assigned to gaebal-gajae (cron/orchestration domain). Unblocks trustworthy dogfood cycle observability. Closes ROADMAP #150. Filed ROADMAP #246.	2026-04-21 21:01:09 +09:00
YeonGyu-Kim	f84c7c4ed5	feat: #148 + #128 closure — model provenance in claw status JSON/text ## Scope Two deltas in one commit: ### #128 closure (docs) Re-verified on main HEAD `4cb8fa0`: malformed `--model` strings already rejected at parse time (`validate_model_syntax` in parse_args). All historical repro cases now produce specific errors: claw --model '' → error: model string cannot be empty claw --model 'bad model' → error: invalid model syntax: 'bad model' contains spaces claw --model 'sonet' → error: invalid model syntax: 'sonet'. Expected provider/model or known alias claw --model '@invalid' → error: invalid model syntax: '@invalid'. Expected provider/model ... claw --model 'totally-not-real-xyz' → error: invalid model syntax: ... claw --model sonnet → ok, resolves to claude-sonnet-4-6 claw --model anthropic/claude-opus-4-6 → ok, passes through Marked #128 CLOSED in ROADMAP with repro block. Residual provenance gap split off as #148. ### #148 implementation Problem. After #128 closure, `claw status --output-format json` still surfaces only the resolved model string. No way for a claw to distinguish whether `claude-sonnet-4-6` came from `--model sonnet` (alias resolution) vs `--model claude-sonnet-4-6` (pass-through) vs `ANTHROPIC_MODEL` env vs `.claw.json` config vs compiled-in default. Debug forensics had to re-read argv instead of reading a structured field. Clawhip orchestrators sending `--model` couldn't confirm the flag was honored vs falling back to default. Fix. Added two fields to status JSON envelope: - `model_source`: "flag" \| "env" \| "config" \| "default" - `model_raw`: user's input before alias resolution (null on default) Text mode appends a `Model source` line under `Model`, showing the source and raw input (e.g. `Model source flag (raw: sonnet)`). Resolution order (mirrors resolve_repl_model but with source attribution): 1. If `--model` / `--model=` flag supplied → source: flag, raw: flag value 2. Else if ANTHROPIC_MODEL set → source: env, raw: env value 3. Else if `.claw.json` model key set → source: config, raw: config value 4. Else → source: default, raw: null ## Changes ### rust/crates/rusty-claude-cli/src/main.rs - Added `ModelSource` enum (Flag/Env/Config/Default) with `as_str()`. - Added `ModelProvenance` struct (resolved, raw, source) with three constructors: `default_fallback()`, `from_flag(raw)`, and `from_env_or_config_or_default(cli_model)`. - Added `model_flag_raw: Option<String>` field to `CliAction::Status`. - Parse loop captures raw input in `--model` and `--model=` arms. - Extended `parse_single_word_command_alias` to thread `model_flag_raw: Option<&str>` through. - Extended `print_status_snapshot` signature to accept `model_flag_raw: Option<&str>`. Resolves provenance at dispatch time (flag provenance from arg; else probe env/config/default). - Extended `status_json_value` signature with `provenance: Option<&ModelProvenance>`. On Some, adds `model_source` and `model_raw` fields; on None (legacy resume paths), omits them for backward compat. - Extended `format_status_report` signature with optional provenance. On Some, renders `Model source` line after `Model`. - Updated all existing callers (REPL /status, resume /status, tests) to pass None (legacy paths don't carry flag provenance). - Added 2 regression assertions in parse_args test covering both `--model sonnet` and `--model=...` forms. ### ROADMAP.md - Marked #128 CLOSED with re-verification block. - Filed #148 documenting the provenance gap split, fix shape, and acceptance criteria. ## Live verification $ claw --model sonnet --output-format json status \| jq '{model,model_source,model_raw}' {"model": "claude-sonnet-4-6", "model_source": "flag", "model_raw": "sonnet"} $ claw --output-format json status \| jq '{model,model_source,model_raw}' {"model": "claude-opus-4-6", "model_source": "default", "model_raw": null} $ ANTHROPIC_MODEL=haiku claw --output-format json status \| jq '{model,model_source,model_raw}' {"model": "claude-haiku-4-5-20251213", "model_source": "env", "model_raw": "haiku"} $ echo '{"model":"claude-opus-4-7"}' > .claw.json && claw --output-format json status \| jq '{model,model_source,model_raw}' {"model": "claude-opus-4-7", "model_source": "config", "model_raw": "claude-opus-4-7"} $ claw --model sonnet status Status Model claude-sonnet-4-6 Model source flag (raw: sonnet) Permission mode danger-full-access ... ## Tests - rusty-claude-cli bin: 177 tests pass (2 new assertions for #148) - Full workspace green except pre-existing resume_latest flake (unrelated) Closes ROADMAP #128, #148.	2026-04-21 20:48:46 +09:00
YeonGyu-Kim	4cb8fa059a	feat: #147 — reject empty / whitespace-only prompts at CLI fallthrough ## Problem The `"prompt"` subcommand arm enforced `if prompt.trim().is_empty()` and returned a specific error. The fallthrough `other` arm in the same match block — which routes any unrecognized first positional arg to `CliAction::Prompt` — had no such guard. Result: $ claw "" error: missing Anthropic credentials; export ANTHROPIC_AUTH_TOKEN ... $ claw " " error: missing Anthropic credentials; ... $ claw "" "" error: missing Anthropic credentials; ... $ claw --output-format json "" {"error":"missing Anthropic credentials; ...","type":"error"} An empty prompt should never reach the credentials check. Worse: with valid credentials, the literal empty string gets sent to Claude as a user prompt, either burning tokens for nothing or triggering a model- side refusal. Same prompt-misdelivery family as #145. ## Root cause In `parse_subcommand()`, the final `other =>` arm in the top-level match only guards against typos (#108 guard via `looks_like_subcommand_typo`) and then unconditionally builds `CliAction::Prompt { prompt: rest.join(" ") }`. An empty/whitespace-only join passes through. ## Changes ### rust/crates/rusty-claude-cli/src/main.rs Added the same `if joined.trim().is_empty()` guard already used in the `"prompt"` arm to the fallthrough path. Error message distinguishes it from the `prompt` subcommand path: empty prompt: provide a subcommand (run `claw --help`) or a non-empty prompt string Runs AFTER the typo guard (so `claw sttaus` still suggests `status`) and BEFORE CliAction::Prompt construction (so no network call ever happens for empty inputs). ### Regression tests Added 4 assertions in the existing parse_args test: - parse_args([""]) → Err("empty prompt: ...") - parse_args([" "]) → Err("empty prompt: ...") - parse_args(["", ""]) → Err("empty prompt: ...") - parse_args(["sttaus"]) → Err("unknown subcommand: ...") [verifies #108 typo guard still takes precedence] ### ROADMAP.md Added Pinpoint #147 documenting the gap, verification, root cause, fix shape, and acceptance. Joins the prompt-misdelivery cluster alongside #145. ## Live verification $ claw "" error: empty prompt: provide a subcommand (run `claw --help`) or a non-empty prompt string $ claw " " error: empty prompt: provide a subcommand (run `claw --help`) or a non-empty prompt string $ claw --output-format json "" {"error":"empty prompt: provide a subcommand ...","type":"error"} $ claw prompt "" # unchanged: subcommand-specific error preserved error: prompt subcommand requires a prompt string $ claw hello # unchanged: typo guard still fires error: unknown subcommand: hello. Did you mean help $ claw "real prompt here" # unchanged: real prompts still reach API error: api returned 401 Unauthorized (with dummy key, as expected) All empty/whitespace-only paths exit 1. No network call. No misleading credentials error. ## Tests - rusty-claude-cli bin: 177 tests pass (4 new assertions) - Full workspace green except pre-existing resume_latest flake (unrelated) Closes ROADMAP #147.	2026-04-21 20:35:17 +09:00
YeonGyu-Kim	f877acacbf	feat: #146 — wire `claw config` and `claw diff` as standalone subcommands ## Problem `claw config` and `claw diff` are pure-local read-only introspection commands (config merges .claw.json + .claw/settings.json from disk; diff shells out to `git diff --cached` + `git diff`). Neither needs a session context, yet both rejected direct CLI invocation: $ claw config error: `claw config` is a slash command. Use `claw --resume SESSION.jsonl /config` ... $ claw diff error: `claw diff` is a slash command. ... This forced clawing operators to spin up a full session just to inspect static disk state, and broke natural pipelines like `claw config --output-format json \| jq`. ## Root cause Sibling of #145: `SlashCommand::Config { section }` and `SlashCommand::Diff` had working renderers (`render_config_report`, `render_config_json`, `render_diff_report`, `render_diff_json_for`) exposed for resume sessions, but the top-level CLI parser in `parse_subcommand()` had no arms for them. Zero-arg `config`/`diff` hit `parse_single_word_command_alias`'s fallback to `bare_slash_command_guidance`, producing the misleading guidance. ## Changes ### rust/crates/rusty-claude-cli/src/main.rs - Added `CliAction::Config { section, output_format }` and `CliAction::Diff { output_format }` variants. - Added `"config"` / `"diff"` arms to the top-level parser in `parse_subcommand()`. `config` accepts an optional section name (env\|hooks\|model\|plugins) matching SlashCommand::Config semantics. `diff` takes no positional args. Both reject extra trailing args with a clear error. - Added `"config" \| "diff" => None` to `parse_single_word_command_alias` so bare invocations fall through to the new parser arms instead of the slash-guidance error. - Added dispatch in run() that calls existing renderers: text mode uses `render_config_report` / `render_diff_report`; JSON mode uses `render_config_json` / `render_diff_json_for` with `serde_json::to_string_pretty`. - Added 5 regression assertions in parse_args test covering: parse_args(["config"]), parse_args(["config", "env"]), parse_args(["config", "--output-format", "json"]), parse_args(["diff"]), parse_args(["diff", "--output-format", "json"]). ### ROADMAP.md Added Pinpoint #146 documenting the gap, verification, root cause, fix shape, and acceptance. Explicitly notes which other slash commands (`hooks`, `usage`, `context`, etc.) are NOT candidates because they are session-state-modifying. ## Live verification $ claw config # no config files Config Working directory /private/tmp/cd-146-verify Loaded files 0 Merged keys 0 Discovered files user missing ... project missing ... local missing ... Exit 0. $ claw config --output-format json { "cwd": "...", "files": [...], ... } $ claw diff # no git Diff Result no git repository Detail ... Exit 0. $ claw diff --output-format json # inside claw-code { "kind": "diff", "result": "changes", "staged": "", "unstaged": "diff --git ..." } Exit 0. ## Tests - rusty-claude-cli bin: 177 tests pass (5 new assertions in parse_args) - Full workspace green except pre-existing resume_latest flake (unrelated) ## Not changed `hooks`, `usage`, `context`, `tasks`, `theme`, `voice`, `rename`, `copy`, `color`, `effort`, `branch`, `rewind`, `ide`, `tag`, `output-style`, `add-dir` — all session-mutating or interactive-only; correctly remain slash-only. Closes ROADMAP #146.	2026-04-21 20:07:28 +09:00
YeonGyu-Kim	7d63699f9f	feat: #145 — wire `claw plugins` subcommand to CLI parser (prompt misdelivery fix) ## Problem `claw plugins` (and `claw plugins list`, `claw plugins --help`, `claw plugins info <name>`, etc.) fell through the top-level subcommand match and got routed into the prompt-execution path. Result: a purely local introspection command triggered an Anthropic API call and surfaced `missing Anthropic credentials` to the user. With valid credentials, it would actually send the literal string "plugins" as a user prompt to Claude, burning tokens for a local query. $ claw plugins error: missing Anthropic credentials; export ANTHROPIC_AUTH_TOKEN or ANTHROPIC_API_KEY before calling the Anthropic API $ ANTHROPIC_API_KEY=dummy claw plugins ⠋ 🦀 Thinking... ✘ ❌ Request failed error: api returned 401 Unauthorized Meanwhile siblings (`agents`, `mcp`, `skills`) all worked correctly: $ claw agents No agents found. $ claw mcp MCP Working directory ... Configured servers 0 ## Root cause `CliAction::Plugins` exists, has a working dispatcher (`LiveCli::print_plugins`), and is produced inside the REPL via `SlashCommand::Plugins`. But the top-level CLI parser in `parse_subcommand()` had arms for `agents`, `mcp`, `skills`, `status`, `doctor`, `init`, `export`, `prompt`, etc., and no arm for `plugins`. The dispatch never ran from the CLI entry point. ## Changes ### rust/crates/rusty-claude-cli/src/main.rs Added a `"plugins"` arm to the top-level match in `parse_subcommand()` that produces `CliAction::Plugins { action, target, output_format }`, following the same positional convention as `mcp` (`action` = first positional, `target` = second). Rejects >2 positional args with a clear error. Added four regression assertions in the existing `parse_args` test: - `plugins` alone → `CliAction::Plugins { action: None, target: None }` - `plugins list` → action: Some("list"), target: None - `plugins enable <name>` → action: Some("enable"), target: Some(...) - `plugins --output-format json` → action: None, output_format: Json ### ROADMAP.md Added Pinpoint #145 documenting the gap, verification, root cause, fix shape, and acceptance. ## Live verification $ claw plugins # no credentials set Plugins example-bundled v0.1.0 disabled sample-hooks v0.1.0 disabled $ claw plugins --output-format json # no credentials set { "action": "list", "kind": "plugin", "message": "Plugins\n example-bundled ...\n sample-hooks ...", "reload_runtime": false, "target": null } Exit 0 in all modes. No network call. No "missing credentials" error. ## Tests - rusty-claude-cli bin: 177 tests pass (new plugin assertions included) - Full workspace green except pre-existing resume_latest flake (unrelated) Closes ROADMAP #145.	2026-04-21 19:36:49 +09:00
YeonGyu-Kim	e2a43fcd49	feat: #143 phase 1 — claw status degrades gracefully on malformed config Previously `claw status` hard-failed on any config parse error, emitting a bare error string and exiting 1. This took down the entire health surface for a single malformed MCP entry, even though workspace, git, model, permission, and sandbox state could all be reported independently. `claw doctor` already degraded gracefully on the exact same input. This commit matches `claw status` to that contract. Changes: - Add `StatusContext::config_load_error: Option<String>` to capture parse errors without aborting. - Rewrite `status_context()` to match on `ConfigLoader::load()`: on Err, fall back to default `SandboxConfig` for sandbox resolution and record the parse error, then continue populating workspace/git/memory fields. - JSON output gains top-level `status: "ok" \| "degraded"` marker and a `config_load_error` string (null on clean runs). All other existing fields preserved for backward compat. - Text output prepends a "Config load error" block with Details + Hint when config failed to parse, then a "Status (degraded)" header on the main block. Clean runs show the usual "Status" header. - Doctor path updated to pass the config load error through StatusContext. Regression test `status_degrades_gracefully_on_malformed_mcp_config_143`: - Injects a .claw.json with one valid + one malformed mcpServers entry - Asserts status_context() returns Ok (not Err) - Asserts config_load_error names the malformed field path - Asserts workspace/sandbox fields still populated in JSON - Asserts top-level status is 'degraded' - Asserts clean config path still returns status: 'ok' Verified live on /Users/yeongyu/clawd (contains deliberately broken MCP entries): $ claw status --output-format json { "status": "degraded", "config_load_error": ".../mcpServers.missing-command: missing string field command", "model": "claude-opus-4-6", "workspace": {...}, "sandbox": {...}, ... } Phase 2 (typed error object joining #4.44 taxonomy) tracked separately. Full workspace test green except pre-existing resume_latest flake (unrelated). Closes ROADMAP #143 phase 1.	2026-04-21 18:37:42 +09:00
YeonGyu-Kim	541c5bb95d	feat: #139 actionable worker-state guidance in claw state error + help Previously `claw state` errored with "no worker state file found ... — run a worker first" but there is no `claw worker` subcommand, so claws had no discoverable path from the error to a fix. Changes: - Rewrite the missing-state error to name the two concrete commands that produce .claw/worker-state.json: * `claw` (interactive REPL, writes state on first turn) * `claw prompt <text>` (one non-interactive turn) Also tell the user what to rerun: `claw state [--output-format json]`. - Expand the State --help topic with "Produces state", "Observes state", and "Exit codes" lines so the worker-state contract is discoverable before the user hits the error. - Add regression test state_error_surfaces_actionable_worker_commands_139 asserting the error contains `claw prompt`, REPL mention, and the rerun path, plus that the help topic documents the producer contract. Verified live: $ claw state error: no worker state file found at .claw/worker-state.json Hint: worker state is written by the interactive REPL or a non-interactive prompt. Run: claw # start the REPL (writes state on first turn) Or: claw prompt <text> # run one non-interactive turn Then rerun: claw state [--output-format json] JSON mode preserves the full hint inside the error envelope so CI/claws can match on `claw prompt` without losing the canonical prefix. Full workspace test green except pre-existing resume_latest flake (unrelated). Closes ROADMAP #139.	2026-04-21 18:04:04 +09:00
YeonGyu-Kim	611eed1537	feat: #142 structured fields in claw init --output-format json Previously `claw init --output-format json` emitted a valid JSON envelope but packed the entire human-formatted output into a single `message` string. Claw scripts had to substring-match human language to tell `created` from `skipped`. Changes: - Add InitStatus::json_tag() returning machine-stable "created"\|"updated"\|"skipped" (unlike label() which includes the human " (already exists)" suffix). - Add InitReport::NEXT_STEP constant so claws can read the next-step hint without grepping the message string. - Add InitReport::artifacts_with_status() to partition artifacts by state. - Add InitReport::artifact_json_entries() for the structured artifacts[] array. - Rewrite run_init + init_json_value to emit first-class fields alongside the legacy message string (kept for text consumers): project_path, created[], updated[], skipped[], artifacts[], next_step, message. - Update the slash-command Init dispatch to use the same structured JSON. - Add regression test artifacts_with_status_partitions_fresh_and_idempotent_runs asserting both fresh + idempotent runs produce the right partitioning and that the machine-stable tag is bare 'skipped' not label()'s phrasing. Verified output: - Fresh dir: created[] has 4 entries, skipped[] empty - Idempotent call: created[] empty, skipped[] has 4 entries - project_path, next_step as first-class keys - message preserved verbatim for backward compat Full workspace test green except pre-existing resume_latest flake (unrelated). Closes ROADMAP #142.	2026-04-21 17:42:00 +09:00
YeonGyu-Kim	7763ca3260	feat: #141 unify claw <subcommand> --help contract across all 14 subcommands Previously, `claw <subcommand> --help` had 5 different behaviors: - 7 subcommands returned subcommand-specific help (correct) - init/export/state/version silently fell back to global `claw --help` - system-prompt/dump-manifests errored with `unknown <cmd> option: --help` - bootstrap-plan printed its phase list instead of help text Changes: - Extend LocalHelpTopic enum with Init, State, Export, Version, SystemPrompt, DumpManifests, BootstrapPlan variants. - Extend parse_local_help_action() to resolve those 7 subcommands to their local help topic instead of falling through to the main dispatch. - Remove init/state/export/version from the explicit wants_help=true matcher so they reach parse_local_help_action() before being routed to global help. - Add render_help_topic() entries for the 7 new topics with consistent Usage/Purpose/Output/Formats/Related structure. - Add regression test subcommand_help_flag_has_one_contract_across_all_subcommands_141 asserting every documented subcommand + both --help and -h variants resolve to a HelpTopic with non-empty text that contains a Usage line. Verification: - All 14 subcommands now return subcommand-specific help (live dogfood). - Full workspace test green except pre-existing resume_latest flake. Closes ROADMAP #141.	2026-04-21 17:36:48 +09:00
YeonGyu-Kim	27ffd75f03	fix: #140 isolate test cwd + env in punctuation_bearing_single_token test Previously this test inherited the cargo test runner's CWD, which could contain a stale .claw/settings.json with "permissionMode": "acceptEdits" written by another test. The deprecated-field resolver then silently downgraded the default permission mode to WorkspaceWrite, breaking the test's assertion. Fix: wrap the assertion in with_current_dir() + env_lock() so the test runs in an isolated temp directory with no stale config. Full workspace test now passes except for pre-existing resume_latest flake (unrelated to #140, environment-dependent, tracked separately). Closes ROADMAP #140.	2026-04-21 16:34:58 +09:00
YeonGyu-Kim	f3f6643fb9	feat: #108 add did-you-mean guard for subcommand typos (prevents silent LLM dispatch) Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-04-21 15:37:58 +09:00
YeonGyu-Kim	a8beca1463	fix: #136 support --output-format json with --compact flag Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-04-21 14:47:15 +09:00
YeonGyu-Kim	21adae9570	fix: #137 update test fixtures to use canonical 'opus' alias for main branch consistency Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-04-21 14:32:49 +09:00
YeonGyu-Kim	50e3fa3a83	docs: add --output-format to diagnostic verb help text Updated LocalHelpTopic help strings to surface --output-format support: - Status, Sandbox, Doctor, Acp all now show [--output-format <format>] - Added 'Formats: text (default), json' line to each Diagnostic verbs support JSON output but help text didn't advertise it. Post-#127 fix: help text now matches actual CLI surface. Verified: cargo build passes, claw doctor --help shows output-format. Refs: #127	2026-04-20 21:32:02 +09:00
YeonGyu-Kim	a3270db602	fix: #127 reject unrecognized suffix args for diagnostic verbs Diagnostic verbs (help, version, status, sandbox, doctor, state) now reject unrecognized suffix arguments at parse time instead of silently falling through to Prompt dispatch. Fixes: claw doctor --json (and similar) no longer accepts --json silently and attempts to send it to the LLM as a prompt. Now properly emits: 'unrecognized argument `--json` for subcommand `doctor`' Joined parser-level trust gap quintet #108 + #117 + #119 + #122 + #127. Prevents token burn on rejected arguments. Verified: cargo build --workspace passes, claw doctor --json errors cleanly. Refs: #127, ROADMAP	2026-04-20 19:23:35 +09:00
YeonGyu-Kim	2678fa0af5	fix: #124 --model validation rejects malformed syntax at parse time Adds validate_model_syntax() that rejects: - Empty strings - Strings with spaces (e.g., 'bad model') - Invalid provider/model format Accepts: - Known aliases (opus, sonnet, haiku) - Valid provider/model format (provider/model) Wired into parse_args for both --model <value> and --model=<value> forms. Errors exit with clear message before any API calls (no token burn). Verified: - 'claw --model "bad model" version' → error, exit 1 - 'claw --model "" version' → error, exit 1 - 'claw --model opus version' → works - 'claw --model anthropic/claude-opus-4-6 version' → works Refs: ROADMAP #124 (`debbcbe` cluster — parser-level trust gap family)	2026-04-20 16:32:17 +09:00
YeonGyu-Kim	b9990bb27c	fix: #122 + #125 doctor consistency and git_state clarity #122: doctor invocation now checks stale-base condition - Calls run_stale_base_preflight(None) in render_doctor_report() - Emits stale-base warnings to stderr when branch is behind main - Fixes inconsistency: doctor 'ok' vs prompt 'stale base' warning #125: git_state field reflects non-git directories - When !in_git_repo, git_state = 'not in git repo' instead of 'clean' - Fixes contradiction: in_git_repo: false but git_state: 'clean' - Applied in both doctor text output and status JSON Verified: cargo build --workspace passes. Refs: ROADMAP #122 (`dd73962`), #125 (`debbcbe`)	2026-04-20 16:13:43 +09:00
YeonGyu-Kim	f33c315c93	fix: #122 doctor invocation now checks stale-base condition Adds run_stale_base_preflight(None) call to render_doctor_report() so that claw doctor emits stale-base warnings to stderr when the current branch is behind main. Previously doctor reported 'ok' even when branch was stale, creating inconsistency with prompt path warnings. Fixes silent-state inventory gap: doctor now consistent with prompt/repl stale-base checking. No behavior change for non-stale branches. Verified: cargo build --workspace passes, no test failures. Ref: ROADMAP #122 dogfood filing @ `dd73962`	2026-04-20 15:49:56 +09:00
YeonGyu-Kim	c956f78e8a	ROADMAP #4.44.5: Ship/provenance opacity — filed from dogfood Added structured delivery-path contract to surface branch → merge → main-push provenance as first-class events. Filed from the 56-commit 2026-04-20 push that exposed the gap. Also fixes: ApiError test compilation — add suggested_action: None to 4 sites - Line ~8414: opaque_provider_wrapper_surfaces_failure_class_session_and_trace - Line ~8436: retry_exhaustion_uses_retry_failure_class_for_generic_provider_wrapper - Line ~8499: provider_context_window_errors_are_reframed_with_same_guidance - Line ~8533: retry_wrapped_context_window_errors_keep_recovery_guidance	2026-04-20 14:35:07 +09:00
Yeachan-Heo	ac45bbec15	Make ACP/Zed status obvious before users go source-diving ROADMAP #21, #22, and #23 were already closed on current main, so the next real repo-local backlog item was the ACP/Zed discoverability gap. This adds a local `claw acp` status surface plus aliases, updates help/docs, and separates the shipped discoverability fix from the still-open daemon/protocol follow-up so editor-first users get a crisp answer immediately. Constraint: No ACP/Zed daemon or protocol server exists in claw-code yet, so the new surface must be explicit status guidance rather than a fake implementation Rejected: Add a pretend `acp serve` daemon path \| would imply supported protocol behavior that does not exist Rejected: Docs-only clarification \| still leaves `claw --help` unable to answer the editor-launch question directly Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep ROADMAP discoverability fixes separate from future ACP daemon/protocol work so help text and backlog IDs stay unambiguous Tested: cargo fmt --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; cargo run -q -p rusty-claude-cli -- acp; cargo run -q -p rusty-claude-cli -- --output-format json acp; architect review APPROVED Not-tested: Real ACP/Zed daemon launch because no protocol-serving surface exists yet	2026-04-16 03:13:50 +00:00
Yeachan-Heo	42bb6cdba6	Keep local clawhip artifacts from tripping routine repo work Dogfooding kept reproducing OMX team merge conflicts on `.clawhip/state/prompt-submit.json`, so the init bootstrap now teaches repos to ignore `.clawhip/` alongside the existing local `.claw/` artifacts. This also updates the current repo ignore list so the fix helps immediately instead of only on future `claw init` runs. Constraint: Keep the fix narrow and centered on repo-local ignore hygiene Rejected: Broader team merge-hygiene changes \| unnecessary for the proven local root cause Confidence: high Scope-risk: narrow Reversibility: clean Directive: If more runtime-local artifact directories appear, extend the shared init gitignore list instead of patching repos ad hoc Tested: cargo fmt --all --check Tested: cargo clippy --workspace --all-targets -- -D warnings Tested: cargo test --workspace Tested: Architect review (APPROVE) Not-tested: Existing clones with already-tracked `.clawhip` files still need manual cleanup Related: ROADMAP #75	2026-04-12 14:47:40 +00:00
Yeachan-Heo	f91d156f85	Keep poisoned test locks from cascading across unrelated regressions The repo-local backlog was effectively exhausted, so this sweep promoted the newly observed test-lock poisoning pain point into ROADMAP #74 and fixed it in place. Test-only env/cwd lock acquisition now recovers poisoned mutexes in the remaining strict call sites, and each affected surface has a regression that proves a panic no longer permanently poisons later tests. Constraint: Keep the fix test-only and avoid widening runtime behavior changes Rejected: Refactor shared helper signatures across broader call paths \| unnecessary churn beyond the remaining strict test sites Confidence: high Scope-risk: narrow Reversibility: clean Directive: These guards only recover the mutex; tests that mutate env or cwd still must restore process-global state explicitly Tested: cargo fmt --all --check Tested: cargo clippy --workspace --all-targets -- -D warnings Tested: cargo test --workspace Tested: Architect review (APPROVE) Not-tested: Additional fault-injection around partially restored env/cwd state after panic Related: ROADMAP #74	2026-04-12 13:52:41 +00:00
Yeachan-Heo	2e34949507	Keep latest-session timestamps increasing under tight loops The next repo-local sweep target was ROADMAP #73: repeated backlog sweeps exposed that session writes could share the same wall-clock millisecond, which made semantic recency fragile and forced the resume-latest regression to sleep between saves. The fix makes session timestamps monotonic within the process and removes the timing hack from the test so latest-session selection stays stable under tight loops. Constraint: Preserve the existing session file format while changing only the timestamp source semantics Rejected: Keep the sleep-based test workaround \| hides the real ordering hazard instead of fixing timestamp generation Confidence: high Scope-risk: narrow Reversibility: clean Directive: Any future session-recency logic must keep `current_time_millis`, ordering tests, and latest-session expectations aligned Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE Not-tested: Cross-process monotonicity when multiple binaries write sessions concurrently	2026-04-12 10:51:19 +00:00
Yeachan-Heo	8f53524bd3	Make backlog-scan lanes say what they actually selected The next repo-local sweep target was ROADMAP #65: backlog-scanning lanes could stop with prose-only summaries naming roadmap items, but there was no machine-readable record of which items were chosen, which were skipped, or whether the lane intended to execute, review, or no-op. The fix teaches completed lane persistence to extract a structured selection outcome while preserving the existing quality- floor and review-verdict behavior for other lanes. Constraint: Keep selection-outcome extraction on the existing `lane.finished` metadata path instead of inventing a separate event stream Rejected: Add a dedicated selection event type first \| unnecessary for this focused closeout because `lane.finished` already persists structured data downstream can read Confidence: high Scope-risk: narrow Reversibility: clean Directive: If backlog-scan summary conventions change later, update `extract_selection_outcome`, its regression test, and the ROADMAP closeout wording together Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE after roadmap closeout update Not-tested: Downstream consumers that may still ignore `lane.finished.data.selectionOutcome`	2026-04-12 09:54:37 +00:00
Yeachan-Heo	dbc2824a3e	Keep latest session selection tied to real session recency The next repo-local sweep target was ROADMAP #72: the `latest` managed-session alias could depend on filesystem mtime before the session's own persisted recency markers, which made the selection path vulnerable to coarse or misleading file timestamps. The fix promotes `updated_at_ms` into the summary/order path, keeps CLI wrappers in sync, and locks the mtime-vs-session-recency case with regression coverage. Constraint: Preserve existing managed-session storage layout while changing only the ordering signal Rejected: Keep sorting by filesystem mtime and just sleep longer in tests \| hides the semantic ordering bug instead of fixing it Confidence: high Scope-risk: narrow Reversibility: clean Directive: Any future managed-session ordering change must keep runtime and CLI summary structs aligned on the same recency fields Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE Not-tested: Cross-filesystem behavior where persisted session JSON cannot be read and fallback ordering uses mtime only	2026-04-12 07:49:32 +00:00
Yeachan-Heo	3b806702e7	Make the CLI point users at the real install source The next repo-local backlog item was ROADMAP #70: users could mistake third-party pages or the deprecated `cargo install claw-code` path for the official install route. The CLI now surfaces the source of truth directly in `claw doctor` and `claw --help`, and the roadmap closeout records the change. Constraint: Keep the fix inside repo-local Rust CLI surfaces instead of relying on docs alone Rejected: Close #70 with README-only wording \| the bug was user-facing CLI ambiguity, so the warning needed to appear in runtime help/doctor output Confidence: high Scope-risk: narrow Reversibility: clean Directive: If install guidance changes later, update both the doctor check payload and the help-text warning together Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE Not-tested: Third-party websites outside this repo that may still present stale install instructions	2026-04-12 04:50:03 +00:00
Yeachan-Heo	4f83a81cf6	Make dump-manifests recoverable outside the inferred build tree The backlog sweep found that the user-cited #21-#23 items were already closed, and the next real pain point was `claw dump-manifests` failing without a direct way to point at the upstream manifest source. This adds an explicit `--manifests-dir` path, upgrades the failure messages to say whether the source root or required files are missing, and updates the ROADMAP closeout to reflect that #45 is now fixed. Constraint: Preserve existing dump-manifests behavior when no explicit override is supplied Rejected: Require CLAUDE_CODE_UPSTREAM for every invocation \| breaks existing build-tree workflows and is unnecessarily rigid Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep manifest-source override guidance centralized so future error-path edits do not drift Tested: cargo fmt --all; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE Not-tested: Manual invocation against every legacy env-based manifest lookup layout	2026-04-12 02:57:11 +00:00
Yeachan-Heo	264fdc214e	Retire the stale bare-skill dispatch backlog item ROADMAP #36 remained open even though current main already dispatches bare skill names in the REPL through skill resolution instead of forwarding them to the model. This change adds a direct regression test for that behavior and marks the backlog item done with fresh verification evidence. Constraint: User required fresh cargo fmt, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace before closeout Rejected: Leave #36 open because the implementation already existed \| keeps the immediate backlog inaccurate and invites duplicate work Confidence: high Scope-risk: narrow Reversibility: clean Directive: Reopen #36 only with a fresh repro showing a listed project skill still falls through to plain prompt handling on current main Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace Not-tested: No interactive manual REPL session beyond the new bare-skill unit coverage	2026-04-11 22:50:28 +00:00
Yeachan-Heo	a7b1fef176	Keep the rebased workspace green after the backlog closeout The ROADMAP #38 closeout was rebased onto a moving main branch. That pulled in new workspace files whose clippy/rustfmt fixes were required for the exact verification gate the user asked for. This follow-up records those remaining cleanups so the pushed branch matches the green tree that was actually tested. Constraint: The user-required full-workspace fmt/clippy/test sequence had to stay green after rebasing onto newer origin/main Rejected: Leave the rebase cleanup uncommitted locally \| working tree would stay dirty and the pushed branch would not match the verified code Confidence: high Scope-risk: narrow Reversibility: clean Directive: When rebasing onto a moving main, commit any gate-fixing follow-up so pushed history matches the verified tree Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace Not-tested: No additional behavior beyond the already-green verification sweep	2026-04-11 18:52:48 +00:00
YeonGyu-Kim	16b9febdae	feat: ultraclaw droid batch — ROADMAP #41 test isolation + #50 PowerShell permissions Merged late-arriving droid output from 10 parallel ultraclaw sessions. ROADMAP #41 — Test isolation for plugin regression checks: - Add test_isolation.rs module with env_lock() for test environment isolation - Redirect HOME/XDG_CONFIG_HOME/XDG_DATA_HOME to unique temp dirs per test - Prevent host ~/.claude/plugins/ from bleeding into test runs - Auto-cleanup temp directories on drop via RAII pattern - Tests: 39 plugin tests passing ROADMAP #50 — PowerShell workspace-aware permissions: - Add is_safe_powershell_command() for command-level permission analysis - Add is_path_within_workspace() for workspace boundary validation - Classify read-only vs write-requiring bash commands (60+ commands) - Dynamic permission requirements based on command type and target path - Tests: permission enforcer and workspace boundary tests passing Additional improvements: - runtime/src/permission_enforcer.rs: Dynamic permission enforcement layer - check_with_required_mode() for dynamically-determined permissions - 60+ read-only command patterns (cat, find, grep, cargo, git, jq, yq, etc.) - Workspace-path detection for safe commands - compat-harness/src/lib.rs: Compat harness updates for permission testing - rusty-claude-cli/src/main.rs: CLI integration for permission modes - plugins/src/lib.rs: Updated imports for test isolation module Total: +410 lines across 5 files Workspace tests: 448+ passed Droid source: ultraclaw-04-test-isolation, ultraclaw-08-powershell-permissions Ultraclaw total: 4 ROADMAP items committed (38, 40, 41, 50)	2026-04-12 03:06:24 +09:00
Yeachan-Heo	124e8661ed	Remove the deprecated Claude subscription login path and restore a green Rust workspace ROADMAP #37 was still open even though several earlier backlog items were already closed. This change removes the local login/logout surface, stops startup auth resolution from treating saved OAuth credentials as a supported path, and updates diagnostics/help to point users at ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN only. While proving the change with the user-requested workspace gates, clippy surfaced additional pre-existing warning failures across the Rust workspace. Those were cleaned up in-place so the required `cargo fmt`, `cargo clippy --workspace --all-targets -- -D warnings`, and `cargo test --workspace` sequence now passes end to end. Constraint: User explicitly required full-workspace fmt/clippy/test before commit/push Constraint: Existing dirty leader worktree had to be stashed before attempted OMX team worktree launch Rejected: Keep login/logout but hide them from help \| left unsupported auth flow and saved OAuth fallback intact Rejected: Stop after ROADMAP #37 targeted tests \| did not satisfy required full-workspace verification gate Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Do not reintroduce saved OAuth as a silent Anthropic startup fallback without an explicit supported auth policy Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace Not-tested: Remote push effects beyond origin/main update	2026-04-11 17:24:44 +00:00
Yeachan-Heo	61c01ff7da	Prevent cross-worktree session bleed during managed session resume/load ROADMAP #41 was still leaving a phantom-completion class open: managed sessions could be resumed from the wrong workspace, and the CLI/runtime paths were split between partially isolated storage and older helper flows. This squashes the verified team work into one deliverable that routes managed session operations through the per-worktree SessionStore, rejects workspace mismatches explicitly, extends lane-event taxonomy for workspace mismatch reporting, and updates the affected CLI regression fixtures/docs so the new contract is enforced without losing same- workspace legacy coverage. Constraint: Keep same-workspace legacy flat sessions readable while blocking cross-worktree misuse Constraint: No new dependencies; stay within the ROADMAP #41 changed-file scope Rejected: Leave team auto-checkpoint history as final branch state \| noisy/non-lore history for a single roadmap fix Confidence: high Scope-risk: moderate Reversibility: clean Directive: Preserve workspace_root validation on future resume/load helpers; do not reintroduce path-only fallback without equivalent mismatch checks Tested: cargo test -p runtime session_control -- --nocapture; cargo test -p rusty-claude-cli resume -- --nocapture; cargo test -p rusty-claude-cli --test cli_flags_and_config_defaults; cargo test -p rusty-claude-cli --test output_format_contract; cargo test -p rusty-claude-cli --test resume_slash_commands; cargo test --workspace --exclude compat-harness; cargo check --workspace --all-targets; git diff --check Not-tested: cargo clippy --workspace --all-targets -- -D warnings (pre-existing failures in unchanged rust/crates/rusty-claude-cli/build.rs) Related: ROADMAP #41	2026-04-11 16:08:28 +00:00
YeonGyu-Kim	810036bf09	test(cli): add integration test for model persistence in resumed /status New test: resumed_status_surfaces_persisted_model - Creates session with model='claude-sonnet-4-6' - Resumes with --output-format json /status - Asserts model round-trips through session metadata Resume integration tests: 11 → 12.	2026-04-10 10:31:05 +09:00
YeonGyu-Kim	0f34c66acd	feat(session): persist model in session metadata — ROADMAP #59 Add 'model: Option<String>' to Session struct. The model used is now saved in the session_meta JSONL record and surfaced in resumed /status: - JSON mode: {model: 'claude-sonnet-4-6'} instead of null - Text mode: shows actual model instead of 'restored-session' Model is set in build_runtime_with_plugin_state() before the runtime is constructed, and only when not already set (preserves model through fork/resume cycles). Backward compatible: old sessions without a model field load cleanly with model: None (shown as null in JSON, 'restored-session' in text). All workspace tests pass.	2026-04-10 10:05:42 +09:00
YeonGyu-Kim	b95d330310	fix(startup): fall back to USERPROFILE when HOME is not set (Windows) On Windows, HOME is often unset. The CLI crashed at startup with 'error: io error: HOME is not set' because three paths only checked HOME: - config_home_dir() in tools crate (config/settings loading) - credentials_home_dir() in runtime crate (OAuth credentials) - detect_broad_cwd() in CLI (CWD-is-home-dir check) - skill lookup roots in tools crate All now fall through to USERPROFILE when HOME is absent. Error message updated to suggest USERPROFILE or CLAW_CONFIG_HOME on Windows. Source: MaxDerVerpeilte in #claw-code (Windows user, 2026-04-10).	2026-04-10 08:33:35 +09:00
YeonGyu-Kim	74311cc511	test(cli): add 5 integration tests for resume JSON parity New integration tests covering recent JSON parity work: - resumed_version_command_emits_structured_json - resumed_export_command_emits_structured_json - resumed_help_command_emits_structured_json - resumed_no_command_emits_restored_json - resumed_stub_command_emits_not_implemented_json Prevents regression on ROADMAP #54 (stub command error), #55 (session list), #56 (--resume no-command JSON), #57 (session load errors). Resume integration tests: 6 → 11.	2026-04-10 08:03:17 +09:00
YeonGyu-Kim	4f670e5513	fix(cli): emit JSON for --resume with no command in --output-format json mode claw --output-format json --resume <session> (no command) was printing: 'Restored session from <path> (N messages).' to stdout as prose, regardless of output format. Now emits: {"kind":"restored","session_id":"...","path":"...","message_count":N} 159 CLI tests pass.	2026-04-10 06:31:16 +09:00
YeonGyu-Kim	8dcf10361f	fix(cli): implement /session list in resume mode — ROADMAP #21 partial /session list previously returned 'unsupported resumed slash command' in --output-format json --resume mode. It only reads the sessions directory so does not need a live runtime session. Adds a Session{action:"list"} arm in run_resume_command() before the unsupported catchall. Emits: {kind:session_list, sessions:[...ids], active:<current-session-id>} 159 CLI tests pass.	2026-04-10 06:03:29 +09:00
YeonGyu-Kim	cf129c8793	fix(cli): emit JSON error when session fails to load in --output-format json mode 'failed to restore session' errors from both the path-resolution step and the JSONL-load step now check output_format and emit: {"type":"error","error":"failed to restore session: <detail>"} instead of bare eprintln prose. Covers: session not found, corrupt JSONL, permission errors.	2026-04-10 05:01:56 +09:00
YeonGyu-Kim	c0248253ac	fix(cli): remove 'stats' from STUB_COMMANDS — it is implemented /stats was accidentally listed in STUB_COMMANDS (both in the original list and overlooked in `1e14d59`). Since SlashCommand::Stats is fully implemented with REPL and resume dispatch, it should not be intercepted as unimplemented. /tokens and /cache alias to Stats and were already working correctly. /stats now works again in all modes.	2026-04-10 04:32:05 +09:00
YeonGyu-Kim	1e14d59a71	fix(cli): stop circular 'Did you mean /X?' for spec commands with no parse arm 23 spec-registered commands had no parse arm in validate_slash_command_input, causing the circular error 'Unknown slash command: /X — Did you mean /X?' when users typed them in --resume mode. Two fixes: 1. Add the 23 confirmed parse-armless commands to STUB_COMMANDS (excluded from REPL completions and help output). 2. In resume dispatch, intercept STUB_COMMANDS before SlashCommand::parse and emit a clean '{error: "/X is not yet implemented in this build"}' instead of the confusing error from the Err parse path. Affected: /allowed-tools, /bookmarks, /workspace, /reasoning, /budget, /rate-limit, /changelog, /diagnostics, /metrics, /tool-details, /focus, /unfocus, /pin, /unpin, /language, /profile, /max-tokens, /temperature, /system-prompt, /notifications, /telemetry, /env, /project, plus ~40 additional unreachable spec names. 159 CLI tests pass.	2026-04-10 04:05:41 +09:00
YeonGyu-Kim	11e2353585	fix(cli): JSON parity for /export and /agents in resume mode /export now emits: {kind:export, file:<path>, message_count:<n>} /agents now emits: {kind:agents, text:<agents report>} Previously both returned json:None and fell through to prose output even in --output-format json --resume mode. 159 CLI tests pass.	2026-04-10 03:32:24 +09:00
YeonGyu-Kim	0845705639	fix(tests): update test assertions for null model in resume /status; drop unused import Two integration tests expected 'model':'restored-session' in the /status JSON output but `dc4fa55` changed resume mode to emit null for model. Updated both assertions to assert model is null (correct behavior). Also remove unused 'estimate_session_tokens' import in compact.rs tests (surfaced as warning in CI, kept failing CI green noise). All workspace tests pass.	2026-04-10 03:21:58 +09:00
YeonGyu-Kim	316864227c	fix(cli): JSON parity for /help and /diff in resume mode /help now emits: {kind:help, text:<full help text>} /diff now emits: - no git repo: {kind:diff, result:no_git_repo, detail:...} - clean tree: {kind:diff, result:clean, staged:'', unstaged:''} - changes: {kind:diff, result:changes, staged:..., unstaged:...} Previously both returned json:None and fell through to prose output even in --output-format json --resume mode. 159 CLI tests pass.	2026-04-10 03:02:00 +09:00
YeonGyu-Kim	c8cac7cae8	fix(cli): doctor config check hides non-existent candidate paths Before: doctor reported 'loaded 0/5' and listed 5 'Discovered file' entries for paths that don't exist on disk. This looked like 5 files failed to load, when in fact they are just standard search locations. After: only paths that actually exist on disk are shown as 'Discovered file'. 'loaded N/M' denominator is now the count of present files, not candidate paths. With no config files present: 'loaded 0/0' + 'Discovered files <none> (defaults active)'. 159 CLI tests pass.	2026-04-10 02:32:47 +09:00
YeonGyu-Kim	dc4fa55d64	fix(cli): /status JSON emits null model and correct session_id in resume mode Two bugs in --output-format json --resume /status: 1. 'model' field emitted 'restored-session' (a run-mode label) instead of the actual model or null. Fixed: status_json_value now takes Option<&str> for model; resume path passes None; live REPL path passes Some(model). 2. 'session_id' extracted parent dir name ('sessions') instead of the file stem. Session files are session-<id>.jsonl directly under .claw/sessions/, not in a subdirectory. Fixed: extract file_stem() instead of parent().file_name(). 159 CLI tests pass.	2026-04-10 02:03:14 +09:00
YeonGyu-Kim	78dca71f3f	fix(cli): JSON parity for /compact and /clear in resume mode /compact now emits: {kind:compact, skipped, removed_messages, kept_messages} /clear now emits: {kind:clear, previous_session_id, new_session_id, backup, session_file} /clear (no --confirm) now emits: {kind:error, error:..., hint:...} Previously both returned json:None and fell through to prose output even in --output-format json --resume mode. 159 CLI tests pass.	2026-04-10 01:31:21 +09:00
YeonGyu-Kim	d95149b347	fix(cli): surface resolved path in dump-manifests error — ROADMAP #45 partial Before: error: failed to extract manifests: No such file or directory (os error 2) After: error: failed to extract manifests: No such file or directory (os error 2) looked in: /Users/yeongyu/clawd/claw-code/rust The workspace_dir is computed from CARGO_MANIFEST_DIR at compile time and only resolves correctly when running from the build tree. Surfacing the resolved path lets users understand immediately why it fails outside the build context. ROADMAP #45 root cause (build-tree-only path) remains open.	2026-04-10 01:01:53 +09:00
YeonGyu-Kim	47aa1a57ca	fix(cli): surface command name in 'not yet implemented' REPL message Add SlashCommand::slash_name() to the commands crate — returns the canonical '/name' string for any variant. Used in the REPL's stub catch-all arm to surface which command was typed instead of printing the opaque 'Command registered but not yet implemented.' Before: typing /rewind → 'Command registered but not yet implemented.' After: typing /rewind → '/rewind is not yet implemented in this build.' Also update the compacts_sessions_via_slash_command test assertion to tolerate the boundary-guard fix from `6e301c8` (removed_message_count can be 1 or 2 depending on whether the boundary falls on a tool-result pair). All 159 CLI + 431 runtime + 115 api tests pass.	2026-04-10 00:39:16 +09:00
YeonGyu-Kim	6e301c8bb3	fix(runtime): prevent orphaned tool-result at compaction boundary; /cost JSON Two fixes: 1. compact.rs: When the compaction boundary falls at the start of a tool-result turn, the preceding assistant turn with ToolUse would be removed — leaving an orphaned role:tool message with no preceding assistant tool_calls. OpenAI-compat backends reject this with 400. Fix: after computing raw_keep_from, walk the boundary back until the first preserved message is not a ToolResult (or its preceding assistant has been included). Regression test added: compaction_does_not_split_tool_use_tool_result_pair. Source: gaebal-gajae multi-turn tool-call 400 repro 2026-04-09. 2. /cost resume: add JSON output: {kind:cost, input_tokens, output_tokens, cache_creation_input_tokens, cache_read_input_tokens, total_tokens} 159 CLI + 431 runtime tests pass. Fmt clean.	2026-04-10 00:13:45 +09:00
YeonGyu-Kim	7587f2c1eb	fix(cli): JSON parity for /memory and /providers in resume mode Two gaps closed: 1. /memory (resume): json field was None, emitting prose regardless of --output-format json. Now emits: {kind:memory, cwd, instruction_files:N, files:[{path,lines,preview}...]} 2. /providers (resume): had a spec entry but no parse arm, producing the circular 'Unknown slash command: /providers — Did you mean /providers'. Added 'providers' as an alias for 'doctor' in the parse match so /providers dispatches to the same structured diagnostic output. 3. /doctor (resume): also wired json_value() so --output-format json returns the structured doctor report instead of None. Continues ROADMAP #26 resumed-command JSON parity track. 159 CLI tests pass, fmt clean.	2026-04-09 23:35:25 +09:00
YeonGyu-Kim	7ec6860d9a	fix(cli): emit JSON for /config in --output-format json --resume mode /config resumed returned json:None, falling back to prose output even in --output-format json mode. Adds render_config_json() that produces: { "kind": "config", "cwd": "...", "loaded_files": N, "merged_keys": N, "files": [{"path":"...","source":"user\|project\|local","loaded":true\|false}, ...] } Wires it into the SlashCommand::Config resume arm alongside the existing prose render. Continues the resumed-command JSON parity track (ROADMAP #26). 159 CLI tests pass, fmt clean.	2026-04-09 22:03:11 +09:00
YeonGyu-Kim	0e12d15daf	fix(cli): add --allow-broad-cwd; require confirmation or flag in broad-CWD mode	2026-04-09 21:55:22 +09:00
YeonGyu-Kim	60ec2aed9b	fix(cli): wire /tokens and /cache as aliases for /stats; implement /stats Dogfood found that /tokens and /cache had spec entries (resume_supported: true) but no parse arms in the command parser, resulting in: 'Unknown slash command: /tokens — Did you mean /tokens' (the suggestion engine found the spec entry but parsing always failed) Fix three things: 1. Add 'tokens' \| 'cache' as aliases for 'stats' in the parse match so the commands actually resolve to SlashCommand::Stats 2. Implement SlashCommand::Stats in the REPL dispatch — previously fell through to 'Command registered but not yet implemented'. Now shows cumulative token usage for the session. 3. Implement SlashCommand::Stats in run_resume_command — previously returned 'unsupported resumed slash command'. Now emits: text: Cost / Input tokens / Output tokens / Cache create / Cache read json: {kind:stats, input_tokens, output_tokens, cache_*, total_tokens} 159 CLI tests pass, fmt clean.	2026-04-09 21:34:36 +09:00
YeonGyu-Kim	5f6f453b8d	fix(cli): warn when launched from home dir or filesystem root Users launching claw from their home directory (or /) have no project boundary — the agent can read/search the entire machine, often far beyond the intended scope. kapcomunica in #claw-code reported exactly this: 'it searched my entire computer.' Add warn_if_broad_cwd() called at prompt and REPL startup: - checks if CWD == $HOME or CWD has no parent (fs root) - prints a clear warning to stderr: Warning: claw is running from a very broad directory (/home/user). The agent can read and search everything under this path. Consider running from inside your project: cd /path/to/project && claw Warning fires on both claw (REPL) and claw prompt '...' paths. Does not fire from project subdirectories. Uses std::env::var_os("HOME"), no extra deps. 159 CLI tests pass, fmt clean.	2026-04-09 21:26:51 +09:00
YeonGyu-Kim	da4242198f	fix(cli): emit JSON error for unsupported resumed slash commands in JSON mode When claw --output-format json --resume <session> /commit (or /plugins, etc.) encountered an 'unsupported resumed slash command' error, it called eprintln!() and exit(2) directly, bypassing both the main() JSON error handler and the output_format check. Fix: in both the slash-command parse-error path and the run_resume_command Err path, check output_format and emit a structured JSON error: {"type":"error","error":"unsupported resumed slash command","command":"/commit"} Text mode unchanged (still exits 2 with prose to stderr). Addresses the resumed-command parity gap (gaebal-gajae ROADMAP #26 track). 159 CLI tests pass, fmt clean.	2026-04-09 21:04:50 +09:00
YeonGyu-Kim	84b77ece4d	fix(cli): pipe stdin to prompt when no args given (suppress REPL on pipe) When stdin is not a terminal (pipe or redirect) and no prompt is given on the command line, claw was starting the interactive REPL and printing the startup banner, then consuming the pipe without sending anything to the API. Fix: in parse_args, when rest.is_empty() and stdin is not a terminal, read stdin synchronously and dispatch as CliAction::Prompt instead of Repl. Empty pipe still falls through to Repl (interactive launch with no input). Before: echo 'hello' \| claw -> startup banner + REPL start After: echo 'hello' \| claw -> dispatches as one-shot prompt 159 CLI tests pass, fmt clean.	2026-04-09 20:36:14 +09:00
YeonGyu-Kim	aef85f8af5	fix(cli): /diff shows clear error when not in a git repo Previously claw --resume <session> /diff would produce: 'git diff --cached failed: error: unknown option `cached\'' when the CWD was not inside a git project, because git falls back to --no-index mode which does not support --cached. Two fixes: 1. render_diff_report_for() checks 'git rev-parse --is-inside-work-tree' before running git diff, and returns a human-readable message if not in a git repo: 'Diff\n Result no git repository\n Detail <cwd> is not inside a git project' 2. resume /diff now uses std::env::current_dir() instead of the session file's parent directory as the CWD for the diff (session parent dir is the .claw/sessions/<id>/ directory, never a git repo). 159 CLI tests pass, fmt clean.	2026-04-09 20:04:21 +09:00
YeonGyu-Kim	3ed27d5cba	fix(cli): emit JSON for /history in --output-format json --resume mode Previously claw --output-format json --resume <session> /history emitted prose text regardless of the output format flag. Now emits structured JSON: {"kind":"history","total":N,"showing":M,"entries":[{"timestamp_ms":...,"text":"..."},...]} Mirrors the parity pattern established in ROADMAP #26 for other resume commands. 159 CLI tests pass, fmt clean.	2026-04-09 19:33:50 +09:00
YeonGyu-Kim	e1ed30a038	fix(cli): surface session_id in /status JSON output When running claw --output-format json --resume <session> /status, the JSON output had 'session' (full file path) but no 'session_id' field, making it impossible for scripts to extract the loaded session ID. Now extracts the session-id directory component from the session path (e.g. .claw/sessions/<session-id>/session-xxx.jsonl → session-id) and includes it as 'session_id' in the JSON status envelope. 159 CLI tests pass, fmt clean.	2026-04-09 19:06:36 +09:00
YeonGyu-Kim	54269da157	fix(cli): claw state exits 1 when no worker state file exists Previously 'claw state' printed an error message but exited 0, making it impossible for scripts/CI to detect the absence of state without parsing prose. Now propagates Err() to main() which exits 1 and formats the error correctly for both text and --output-format json modes. Text: 'error: no worker state file found at ... — run a worker first' JSON: {"type":"error","error":"no worker state file found at ..."}	2026-04-09 18:34:41 +09:00
YeonGyu-Kim	f741a42507	test(cli): add regression coverage for reasoning-effort validation and stub-command filtering 3 new tests in mod tests: - rejects_invalid_reasoning_effort_value: confirms 'turbo' etc rejected at parse time - accepts_valid_reasoning_effort_values: confirms low/medium/high accepted and threaded - stub_commands_absent_from_repl_completions: asserts STUB_COMMANDS are not in completions 156 -> 159 CLI tests pass.	2026-04-09 18:06:32 +09:00
YeonGyu-Kim	1a8f73da01	fix(cli): emit JSON error on --output-format json — ROADMAP #42 When claw --output-format json hits an error, the error was previously printed as plain prose to stderr, making it invisible to downstream tooling that parses JSON output. Now: {"type":"error","error":"api returned 401 ..."} Detection: scan argv at process exit for --output-format json or --output-format=json. Non-JSON error path unchanged. 156 CLI tests pass.	2026-04-09 16:33:20 +09:00
YeonGyu-Kim	8d0308eecb	fix(cli): dispatch bare skill names to skill invoker in REPL — ROADMAP #36 Users were typing skill names (e.g. 'caveman', 'find-skills') directly in the REPL and getting LLM responses instead of skill invocation. Only '/skills <name>' triggered dispatch; bare names fell through to run_turn. Fix: after slash-command parse returns None (bare text), check if the first token looks like a skill name (alphanumeric/dash/underscore, no slash). If resolve_skill_invocation() confirms the skill exists, dispatch the full input as a skill prompt. Unknown words fall through unchanged. 156 CLI tests pass, fmt clean.	2026-04-09 16:01:18 +09:00
YeonGyu-Kim	4d10caebc6	fix(cli): validate --reasoning-effort accepts only low\|medium\|high Previously any string was accepted and silently forwarded to the API, which would fail at the provider with an unhelpful error. Now invalid values produce a clear error at parse time: invalid value for --reasoning-effort: 'xyz'; must be low, medium, or high 156 CLI tests pass, fmt clean.	2026-04-09 15:03:36 +09:00
YeonGyu-Kim	414526c1bd	fix(cli): exclude stub slash commands from help output — ROADMAP #39 The --help slash-command section was listing ~35 unimplemented commands alongside working ones. Combined with the completions fix (`c55c510`), the discovery surface now consistently shows only implemented commands. Changes: - commands crate: add render_slash_command_help_filtered(exclude: &[&str]) - move STUB_COMMANDS to module-level const in main.rs (reused by both completions and help rendering) - replace render_slash_command_help() with filtered variant at all help-rendering call sites 156 CLI tests pass, fmt clean.	2026-04-09 14:36:00 +09:00
YeonGyu-Kim	2a2e205414	fix(cli): intercept --help for prompt/login/logout/version subcommands before API dispatch 'claw prompt --help' was triggering an API call instead of showing help because --help was parsed as part of the prompt args. Now '--help' after known pass-through subcommands (prompt, login, logout, version, state, init, export, commit, pr, issue) sets wants_help=true and shows the top-level help page. Subcommands that consume their own args (agents, mcp, plugins, skills) and local help-topic subcommands (status, sandbox, doctor) are excluded from this interception so their existing --help handling is preserved. 156 CLI tests pass, fmt clean.	2026-04-09 14:06:26 +09:00
YeonGyu-Kim	c55c510883	fix(cli): exclude stub slash commands from REPL completions — ROADMAP #39 Commands registered in the spec list but not yet implemented in this build were appearing in REPL tab-completions, making the discovery surface over-promise what actually works. Users (mezz2301) reported 'many features are not supported' after discovering these through completions. Add STUB_COMMANDS exclusion list in slash_command_completion_candidates_with_sessions. Excluded: login logout vim upgrade stats share feedback files fast exit summary desktop brief advisor stickers insights thinkback release-notes security-review keybindings privacy-settings plan review tasks theme voice usage rename copy hooks context color effort branch rewind ide tag output-style add-dir These commands still parse and run (with the 'not yet implemented' message for users who type them directly), but they no longer surface as tab-completion candidates.	2026-04-09 13:36:12 +09:00
YeonGyu-Kim	ca8950c26b	feat(cli): wire --reasoning-effort flag end-to-end — closes ROADMAP #34 Parse --reasoning-effort <low\|medium\|high> in parse_args, thread through CliAction::Prompt and CliAction::Repl, LiveCli::set_reasoning_effort(), AnthropicRuntimeClient.reasoning_effort field, and MessageRequest.reasoning_effort. Changes: - parse_args: new --reasoning-effort / --reasoning-effort=VAL flag arms - AnthropicRuntimeClient: new reasoning_effort field + set_reasoning_effort() method - LiveCli: new set_reasoning_effort() that reaches through BuiltRuntime -> ConversationRuntime -> api_client_mut() - runtime::ConversationRuntime: new pub api_client_mut() accessor - MessageRequest construction: reasoning_effort: self.reasoning_effort.clone() - run_repl(): accepts and applies reasoning_effort parameter - parse_direct_slash_cli_action(): propagates reasoning_effort All 156 CLI tests pass, all api tests pass, cargo fmt clean.	2026-04-09 11:08:00 +09:00
YeonGyu-Kim	c1b1ce465e	feat(cli): add reasoning_effort field to CliAction::Prompt/Repl variants — ROADMAP #34 struct groundwork Adds reasoning_effort: Option<String> to CliAction::Prompt and CliAction::Repl enum variants. All constructor and pattern sites updated. All test literals updated with reasoning_effort: None. 156 cli tests pass, fmt clean. The --reasoning-effort flag parse and propagation to AnthropicRuntimeClient remains as follow-up work.	2026-04-09 10:34:28 +09:00
Jobdori	275b58546d	feat(cli): populate Git SHA, target triple, and build date at compile time via build.rs Add rust/crates/rusty-claude-cli/build.rs that: - Captures git rev-parse --short HEAD at build time → GIT_SHA env - Reads Cargo's TARGET env var → TARGET env - Derives BUILD_DATE from SOURCE_DATE_EPOCH / BUILD_DATE env or the current date via `date +%Y-%m-%d` fallback - Registers rerun-if-changed on .git/HEAD and .git/refs so the SHA stays fresh across commits Update main.rs DEFAULT_DATE to pick up BUILD_DATE from option_env!() instead of the hardcoded 2026-03-31 static string. Before: `claw --version` always showed Git SHA: unknown, Target: unknown, Build date: 2026-03-31 in local builds. After: e.g. Git SHA: `7f53d82`, Target: aarch64-apple-darwin, Build date: 2026-04-08 Generated by droid (Kimi K2.5 Turbo) via acpx (wrote build.rs), cleaned up by Jobdori (added BUILD_DATE step, updated main.rs const). Co-Authored-By: Droid <noreply@factory.ai>	2026-04-08 18:11:46 +09:00
YeonGyu-Kim	8dc65805c1	fix(cli): dispatch to correct provider backend based on model prefix — closes ROADMAP #29 The CLI entry point (build_runtime_with_plugin_state in main.rs) was hardcoded to always instantiate AnthropicRuntimeClient with an AnthropicClient, regardless of what detect_provider_kind(model) returned. This meant `--model openai/gpt-4` with OPENAI_API_KEY set and no ANTHROPIC_* vars still failed with "missing Anthropic credentials" because the CLI never dispatched to the OpenAI-compat backend that already exists in the api crate. Root cause: AnthropicRuntimeClient.client was typed as AnthropicClient (concrete) rather than ApiProviderClient (enum). The api crate already had a ProviderClient enum with Anthropic / Xai / OpenAi variants that dispatches correctly via detect_provider_kind, plus a unified MessageStream enum that wraps both anthropic::MessageStream and openai_compat::MessageStream with the same next_event() -> StreamEvent interface. The CLI just wasn't using it. Changes (1 file, +59 -7): - Import api::ProviderClient as ApiProviderClient - Change AnthropicRuntimeClient.client from AnthropicClient to ApiProviderClient - In AnthropicRuntimeClient::new(), dispatch based on detect_provider_kind(&resolved_model): * Anthropic: build AnthropicClient directly with resolve_cli_auth_source() + api::read_base_url() + PromptCache (preserves ANTHROPIC_BASE_URL override for mock test harness and the session-scoped prompt cache) * xAI / OpenAi: delegate to ApiProviderClient::from_model_with_anthropic_auth which routes to OpenAiCompatClient::from_env with the matching config (reads OPENAI_API_KEY/XAI_API_KEY/DASHSCOPE_API_KEY and their BASE_URL overrides internally) - Change push_prompt_cache_record to take &ApiProviderClient (ProviderClient::take_last_prompt_cache_record returns None for non-Anthropic variants, so the helper is a no-op on OpenAI-compat providers without extra branching) What this unlocks for users: claw --model openai/gpt-4.1-mini prompt 'hello' # OpenAI claw --model grok-3 prompt 'hello' # xAI claw --model qwen-plus prompt 'hello' # DashScope OPENAI_BASE_URL=https://openrouter.ai/api/v1 \ claw --model openai/anthropic/claude-sonnet-4 prompt 'hello' # OpenRouter All previously broken, now routed correctly by prefix. Verification: - cargo build --release -p rusty-claude-cli: clean - cargo test --release -p rusty-claude-cli: 182 tests, 0 failures (including compact_output tests that exercise the Anthropic mock) - cargo fmt --all: clean - cargo clippy --workspace: warnings-only (pre-existing) - cargo test --release --workspace: all crates green except one pre-existing race in runtime::config::tests (passes in isolation) Source: live users nicma (1491342350960562277) and Jengro (1491345009021030533) in #claw-code on 2026-04-08.	2026-04-08 17:29:55 +09:00
YeonGyu-Kim	5851f2dee8	fix(cli): 6 cascading test regressions hidden behind client_integration gate - compact flag: was parsed then discarded (`compact: _`) instead of passed to `run_turn_with_output` — hardcoded `false` meant --compact never took effect - piped stdin vs permission prompter: `read_piped_stdin()` consumed all stdin before `CliPermissionPrompter::decide()` could read interactive approval answers; now only consumes stdin as prompt context when permission mode is `DangerFullAccess` (fully unattended) - session resolver: `resolve_managed_session_path` and `list_managed_sessions` now fall back to the pre-isolation flat `.claw/sessions/` layout so legacy sessions remain accessible - help assertion: match on stable prefix after `/session delete` was added in batch 5 - prompt shorthand: fix copy-paste that changed expected prompt from "help me debug" to "$help overview" - mock parity harness: filter captured requests to `/v1/messages` path only, excluding count_tokens preflight calls added by `be561bf` All 6 failures were pre-existing but masked because `client_integration` always failed first (fixed in `8c6dfe5`). Workspace: 810+ tests passing, 0 failing.	2026-04-08 14:54:10 +09:00
YeonGyu-Kim	006f7d7ee6	fix(test): add env_lock to plugin lifecycle test — closes ROADMAP #24 build_runtime_runs_plugin_lifecycle_init_and_shutdown was the only test that set/removed ANTHROPIC_API_KEY without holding the env_lock mutex. Under parallel workspace execution, other tests racing on the same env var could wipe the key mid-construction, causing a flaky credential error. Root cause: process-wide env vars are shared mutable state. All other tests that touch ANTHROPIC_API_KEY already use env_lock(). This test was the only holdout. Fix: add let _guard = env_lock(); at the top of the test.	2026-04-08 12:46:04 +09:00
YeonGyu-Kim	c7b3296ef6	style: cargo fmt — fix CI formatting failures Pre-existing formatting issues in anthropic.rs surfaced by CI cargo fmt check. No functional changes.	2026-04-08 11:21:13 +09:00
YeonGyu-Kim	c667d47c70	feat(api): add tuning params (temperature, top_p, penalties, stop) to MessageRequest MessageRequest was missing standard OpenAI-compatible generation tuning parameters. Callers had no way to control temperature, top_p, frequency_penalty, presence_penalty, or stop sequences. Changes: - Added 5 optional fields to MessageRequest (all Option, None by default) - Wired into build_chat_completion_request: only included in payload when set - All existing construction sites updated with ..Default::default() - MessageRequest now derives Default for ergonomic partial construction Tests added: - tuning_params_included_in_payload_when_set: all 5 params flow into JSON - tuning_params_omitted_from_payload_when_none: absent params stay absent 83 api lib tests passing, 0 failing. cargo check --workspace: 0 warnings.	2026-04-08 07:07:33 +09:00
YeonGyu-Kim	314f0c99fd	feat(worker_boot): emit .claw/worker-state.json on every status transition WorkerStatus is fully tracked in worker_boot.rs but was invisible to external observers (clawhip, orchestrators) because opencode serve's HTTP server is upstream and not ours to extend. Solution: atomic file-based observability. - emit_state_file() writes .claw/worker-state.json on every push_event() call (tmp write + rename for atomicity) - Snapshot includes: worker_id, status, is_ready, trust_gate_cleared, prompt_in_flight, last_event, updated_at - Add 'claw state' CLI subcommand to read and print the file - Add regression test: emit_state_file_writes_worker_status_on_transition verifies spawning→ready_for_prompt transition is reflected on disk This closes the /state dogfood gap without requiring any upstream opencode changes. Clawhip can now distinguish a truly stalled worker (status: trust_required or running with no recent updated_at) from a quiet-but-progressing one.	2026-04-08 00:37:44 +09:00
YeonGyu-Kim	092d8b6e21	fix(tests): add missing test imports for session/prompt history features Add missing imports to test module: - PromptHistoryEntry, render_prompt_history_report, parse_history_count - parse_export_args, render_session_markdown - summarize_tool_payload_for_markdown, short_tool_id Fixes test compilation errors introduced by new session and export features from batch 5/6 work.	2026-04-07 16:20:33 +09:00
YeonGyu-Kim	e51566c745	feat: b6-bridge-directory follow-up work — batch 6	2026-04-07 16:11:50 +09:00
YeonGyu-Kim	20f3a5932a	fix(cli): wire sessions_dir() through SessionStore::from_cwd() (#41 ) The CLI was using a flat cwd/.claw/sessions/ path without workspace fingerprinting, while SessionStore::from_cwd() adds a hash subdirectory. This mismatch meant the isolation machinery existed but wasn't actually used by the main session management codepath. Now sessions_dir() delegates to SessionStore::from_cwd(), ensuring all session operations use workspace-fingerprinted directories.	2026-04-07 16:03:44 +09:00
YeonGyu-Kim	f03b8dce17	feat: bridge directory metadata + stale-base preflight check - Add CWD to SSE session events (kills Directory: unknown) - Add stale-base preflight: verify HEAD matches expected base commit - Warn on divergence before session starts	2026-04-07 15:55:38 +09:00
YeonGyu-Kim	82f2e8e92b	feat: doctor-cmd implementation	2026-04-07 15:28:43 +09:00
YeonGyu-Kim	dab16c230a	feat: b5-session-export — batch 5 wave 2	2026-04-07 15:19:45 +09:00
YeonGyu-Kim	a46711779c	feat: b5-markdown-fence — batch 5 wave 2	2026-04-07 15:19:45 +09:00
YeonGyu-Kim	4557a81d2f	feat: b5-doctor-cmd — batch 5 wave 2	2026-04-07 15:19:45 +09:00
YeonGyu-Kim	86c3667836	feat: b5-context-compress — batch 5 wave 2	2026-04-07 15:19:45 +09:00
YeonGyu-Kim	8663751650	fix: resolve merge conflicts from batch 5 cherry-picks (compact field, run_turn_with_output arity)	2026-04-07 14:53:46 +09:00
YeonGyu-Kim	90f2461f75	feat: b5-tool-timeout — batch 5 upstream parity	2026-04-07 14:51:32 +09:00
YeonGyu-Kim	0d8fd51a6c	feat: b5-stdin-pipe — batch 5 upstream parity	2026-04-07 14:51:28 +09:00
YeonGyu-Kim	9105e0c656	feat: b5-openrouter-fix — batch 5 upstream parity	2026-04-07 14:51:26 +09:00
YeonGyu-Kim	b8f76442e2	feat: b5-multi-provider — batch 5 upstream parity	2026-04-07 14:51:26 +09:00
YeonGyu-Kim	b216f9ce05	feat: b5-max-token-plugin — batch 5 upstream parity	2026-04-07 14:51:26 +09:00
YeonGyu-Kim	4be4b46bd9	feat: b5-git-aware — batch 5 upstream parity	2026-04-07 14:51:26 +09:00
YeonGyu-Kim	506ff55e53	feat: b5-doctor-cmd — batch 5 upstream parity	2026-04-07 14:51:26 +09:00
YeonGyu-Kim	65f4c3ad82	feat: b5-cost-tracker — batch 5 upstream parity	2026-04-07 14:51:25 +09:00
YeonGyu-Kim	700534de41	feat: b5-context-compress — batch 5 upstream parity	2026-04-07 14:51:25 +09:00
YeonGyu-Kim	8d866073c5	feat(cli): show active model and provider in startup banner Prints 'Connected: <model> via <provider>' before REPL prompt.	2026-04-07 14:22:26 +09:00
YeonGyu-Kim	4251c85855	fix(cli): add section headers to OMC output for agent type grouping voloshko: flat wall of text. Now groups output with section separators by agent type (Explore, Implementation, Verification).	2026-04-07 14:22:06 +09:00
YeonGyu-Kim	cd83c0ff68	fix(cli): detect OPENAI_BASE_URL during claw login and emit clear error OAuth 401 was confusing. Now detects custom base URL and suggests ANTHROPIC_API_KEY instead of OAuth login.	2026-04-07 14:22:05 +09:00
Yeachan-Heo	c1883d0f66	Clarify heuristic context window estimates	2026-04-06 09:26:08 +00:00
Yeachan-Heo	1fc5a1c457	Fix slash skill invoke normalization	2026-04-06 09:24:06 +00:00
Yeachan-Heo	ecadc5554a	fix(auth): harden OAuth fallback and collapse thinking output	2026-04-06 09:02:21 +00:00
Yeachan-Heo	8ff9c1b15a	Preserve recovery guidance for retried context-window failures The CLI already reframes direct preflight and provider oversized-request errors, but retry-wrapped provider failures still fell back to the generic retry-exhausted surface because the user-visible formatter keyed off the safe failure class. Route formatting through nested context-window detection so wrapped provider failures keep the same compact/reduce-scope guidance. Constraint: Keep the fix UX-scoped without widening broader failure classification behavior Rejected: Reorder safe_failure_class for all RetriesExhausted errors \| broader semantic change than needed for this issue Confidence: high Scope-risk: narrow Directive: Keep context-window rendering keyed to nested error inspection so provider wrappers do not lose recovery guidance Tested: cargo fmt --check; cargo test -p rusty-claude-cli context_window; cargo test -p api oversized Not-tested: Full workspace test suite	2026-04-06 09:02:21 +00:00
Yeachan-Heo	f9cb42fb44	Resolve claw-code main merge conflicts	2026-04-06 07:16:57 +00:00
Yeachan-Heo	01b263c838	Let /skills invocations reach the prompt skill path The CLI still treated every /skills payload other than list/install/help as local usage text, so skills that appeared in /skills could not actually be invoked. This restores prompt dispatch for /skills <skill> [args], keeps list/install on the local path, and shares skill resolution with the Skill tool so project-local and legacy /commands entries resolve consistently. Constraint: --resume local slash execution still only supports local commands without provider turns Rejected: Implement full resumed prompt-turn execution for /skills \| larger behavior change outside this bugfix Rejected: Keep separate skill lookups in tools and commands \| drift already caused listing/invocation mismatches Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep /skills discovery, CLI prompt dispatch, and Tool Skill resolution on the same registry semantics Tested: cargo fmt --all; cargo clippy -p commands -p tools -p rusty-claude-cli --all-targets -- -D warnings; cargo test --workspace -- --nocapture Not-tested: Live provider-backed /skills invocation against external skill packs in an interactive REPL	2026-04-06 06:43:31 +00:00
Yeachan-Heo	b930895736	Turn oversized-context failures into recovery guidance Dogfood showed oversized requests still surfacing as raw hard errors, even when claw could tell the user exactly how to recover. This keeps context-window failures classified, recognizes the same failure when it comes back from a provider response, and renders recovery steps that point operators at the existing compaction and fresh-session paths instead of a provider-style dump. Constraint: Keep the failure class explicit so automation and operators can still distinguish context-window exhaustion from generic provider failures Constraint: Reuse existing /compact and session-reset UX instead of inventing a new recovery workflow Rejected: Auto-run compaction on failure \| mutates session state on an error path the user may want to inspect first Rejected: Only prettify local preflight failures \| provider-returned context-window errors would still leak raw failure text Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep provider-side context-window detection aligned with real oversized-request messages before broadening the marker list Tested: cargo fmt --all --check Tested: cargo test -p api Tested: cargo test -p rusty-claude-cli Tested: cargo clippy -p api -p rusty-claude-cli --all-targets -- -D warnings Not-tested: cargo test --workspace	2026-04-06 06:43:31 +00:00
Yeachan-Heo	fe4da2aa65	Keep resumed JSON command surfaces machine-readable Resumed slash dispatch was still dropping back to prose for several JSON-capable local commands, which forced automation to special-case direct CLI invocations versus --resume flows. This routes resumed local-command handlers through the same structured JSON payloads used by direct status, sandbox, inventory, version, and init commands, and records the inventory parity audit result in the roadmap. Constraint: Text-mode resumed output must stay unchanged for existing shell users Rejected: Teach callers to scrape resumed text output \| brittle and defeats the JSON contract Confidence: high Scope-risk: narrow Reversibility: clean Directive: When a direct local command has a JSON renderer, keep resumed slash dispatch on the same serializer instead of adding one-off format branches Tested: cargo fmt --check; cargo test --workspace; cargo clippy --workspace --all-targets -- -D warnings Not-tested: Live provider-backed REPL resume flows outside the local test harness	2026-04-06 02:00:33 +00:00
Yeachan-Heo	53d6909b9b	Emit structured doctor JSON diagnostics	2026-04-06 01:42:59 +00:00
Yeachan-Heo	ceaf9cbc23	Preserve structured JSON parity for `claw agents` `claw agents --output-format json` was still wrapping the text report, which meant automation could not distinguish empty inventories from populated agent definitions. Add a dedicated structured handler in the commands crate, wire the CLI to it, and extend the contracts to cover both empty and populated agent listings. Constraint: Keep text-mode `claw agents` output unchanged while aligning JSON behavior with existing structured inventory handlers Rejected: Parse the text report into JSON in the CLI layer \| brittle duplication and no reusable structured handler Confidence: high Scope-risk: narrow Directive: Keep inventory subcommands on dedicated structured handlers instead of serializing human-readable reports Tested: cargo test -p commands renders_agents_reports_as_json; cargo test -p rusty-claude-cli --test output_format_contract; cargo test --workspace; cargo fmt --check; cargo clippy --workspace --all-targets -- -D warnings Not-tested: Manual invocation of `claw agents --output-format json` outside automated tests	2026-04-06 01:42:59 +00:00
Yeachan-Heo	ee92f131b0	Stabilize plugin lifecycle temp dirs across parallel tests	2026-04-06 01:18:56 +00:00
Yeachan-Heo	d94d792a48	Expose actionable ids for opaque provider failures Issue #22 was triggered by generic upstream fatal wrappers that only surfaced 'Something went wrong', which left repeated Jobdori-style failures opaque in the CLI. Capture provider request ids on error responses, classify the known generic wrapper as provider_internal, and prefix the user-visible runtime error with the failure class plus session/trace identifiers so operators can correlate the failure quickly. Constraint: Keep the fix small and user-safe without redesigning the broader runtime error taxonomy Constraint: Preserve existing non-generic error text unless the wrapper is the known opaque fatal surface Rejected: Broadly rewriting every runtime error into classified envelopes \| unnecessary scope expansion for issue #22 Confidence: high Scope-risk: narrow Reversibility: clean Directive: If more opaque wrappers appear, extend the marker list and classification helper rather than reintroducing raw wrapper text alone Tested: cargo test -p api detects_generic_fatal_wrapper_and_classifies_it_as_provider_internal -- --nocapture; cargo test -p api retries_exhausted_preserves_nested_request_id_and_failure_class -- --nocapture; cargo test -p rusty-claude-cli opaque_provider_wrapper_surfaces_failure_class_session_and_trace -- --nocapture; cargo test -p rusty-claude-cli retry_exhaustion_preserves_internal_failure_class_for_generic_provider_wrapper -- --nocapture; cargo test --workspace Not-tested: Live upstream reproduction of the Jobdori failure against a real provider session	2026-04-06 00:30:28 +00:00
Yeachan-Heo	2bab4080d6	Keep resumed /status JSON aligned with live status output The resumed slash-command path built a reduced status JSON payload by hand, so it drifted from the fresh status schema and dropped metadata like model, permission mode, workspace counters, and sandbox details. Reuse a shared status JSON builder for both code paths and tighten the resume regression tests to lock parity in place. Constraint: Resume mode does not carry an active runtime model, so restored sessions continue to report the existing restored-session sentinel value Rejected: Copy the fresh status JSON shape into the resume path again \| would recreate the same schema drift risk Confidence: high Scope-risk: narrow Directive: Keep resumed and fresh /status JSON on the same helper so future schema changes stay in parity Tested: Reproduced failure in temporary HEAD worktree with strengthened resumed_status_command_emits_structured_json_when_requested Tested: cargo test -p rusty-claude-cli resumed_status_command_emits_structured_json_when_requested --test resume_slash_commands -- --exact --nocapture Tested: cargo test -p rusty-claude-cli doctor_and_resume_status_emit_json_when_requested --test output_format_contract -- --exact --nocapture Tested: cargo test --workspace Tested: cargo fmt --check Tested: cargo clippy --workspace --all-targets -- -D warnings	2026-04-05 23:30:39 +00:00
Yeachan-Heo	19c6b29524	Close the clawability backlog with deterministic CLI output and lane lineage Finish the remaining roadmap work by making direct CLI JSON output deterministic across the non-interactive surface, restoring the degraded-startup MCP test as a real workspace test, and adding branch-lock plus commit-lineage primitives so downstream lane consumers can distinguish superseded worktree commits from canonical lineage. Constraint: Keep the user-facing config namespace centered on .claw while preserving legacy fallback discovery for compatibility Constraint: Verification needed to stay clean-room and reproducible from the checked-in workspace alone Rejected: Leave the output-format contract implied by ad-hoc smoke runs only \| too easy for direct CLI regressions to slip back into prose-only output Rejected: Keep commit provenance as free-form detail text \| downstream consumers need structured branch/worktree/supersession metadata Confidence: medium Scope-risk: moderate Directive: Extend the JSON contract through the same direct CLI entrypoints instead of adding one-off serializers on parallel code paths Tested: python .github/scripts/check_doc_source_of_truth.py Tested: cd rust && cargo fmt --all --check Tested: cd rust && cargo test --workspace Tested: cd rust && cargo clippy -p commands -p tools -p rusty-claude-cli --all-targets --no-deps -- -D warnings Not-tested: full cargo clippy --workspace --all-targets -- -D warnings still reports unrelated pre-existing runtime lint debt outside this change set	2026-04-05 18:41:02 +00:00
Yeachan-Heo	f43375f067	Complete local claw-first CLI and config surface alignment	2026-04-05 18:11:25 +00:00
Yeachan-Heo	136cedf1cc	Honor JSON output for skills and MCP inventory commands The skills and mcp inventory handlers were still emitting prose tables even when the global --output-format json flag was set. This wires structured JSON renderers into the command handlers and CLI dispatch so direct invocations and resumed slash-command execution both return machine-readable payloads while preserving existing text output in the REPL path. Constraint: Must preserve existing text output and help behavior for interactive slash commands Rejected: Parse existing prose tables into JSON at the CLI edge \| brittle and loses structured fields Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep text and JSON variants driven by the same command parsing branches so --output-format stays deterministic across entry points Tested: cargo test -p commands Tested: cargo test -p rusty-claude-cli Not-tested: Manual invocation against a live user skills registry or external MCP services	2026-04-05 18:11:25 +00:00
Yeachan-Heo	2dd05bfcef	Make .claw the only user-facing config namespace Agents, skills, and init output were still surfacing .codex/.claude paths even though the runtime already treats .claw as the canonical config home. This updates help text, reports, skill install defaults, and repo bootstrap output to present a single .claw namespace while keeping legacy discovery fallbacks in place for existing setups. Constraint: Existing .codex/.claude agent and skill directories still need to load for compatibility Rejected: Remove legacy discovery entirely \| would break existing user setups instead of just cleaning up surfaced output Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep future user-facing config, agent, and skill path copy aligned to .claw and even when legacy fallbacks remain supported internally Tested: cargo fmt --all --check; cargo test --workspace --exclude compat-harness Not-tested: cargo clippy --workspace --all-targets -- -D warnings \| fails in pre-existing unrelated runtime files (for example mcp_lifecycle_hardened.rs, mcp_tool_bridge.rs, lsp_client.rs, permission_enforcer.rs, recovery_recipes.rs, stale_branch.rs, task_registry.rs, team_cron_registry.rs, worker_boot.rs)	2026-04-05 18:11:25 +00:00
Yeachan-Heo	9b156e21cf	Route nested CLI help requests to usage instead of operand fallthrough The direct CLI wrappers for agents, skills, and mcp treated nested help flags as ordinary operands. That made commands like `claw mcp show --help` report a missing server and `claw skills install --help` fall into filesystem install logic instead of surfacing usage. This change normalizes help-path arguments before dispatch so nested help stays on the help path. The regression tests cover both handler-level behavior and end-to-end CLI output for nested help and unknown subcommands with trailing help flags. Constraint: Keep the fix scoped to direct CLI slash-command wrappers without changing unrelated parser behavior Rejected: Rework top-level argument parsing for all subcommands \| broader risk than needed for the regression Confidence: high Scope-risk: narrow Reversibility: clean Directive: If more nested subcommands are added, extend the help-path normalization table before relying on raw operand dispatch Tested: cargo build -p commands -p rusty-claude-cli Tested: cargo test -p commands -p rusty-claude-cli Not-tested: cargo clippy -p commands -p rusty-claude-cli --all-targets --no-deps -- -D warnings (pre-existing warnings in untouched files block clean run)	2026-04-05 18:11:25 +00:00
Yeachan-Heo	f0d82a7cc0	Keep doctor and local help paths shell-native Promote doctor into a real top-level CLI action, reuse the same local report for resumed and REPL doctor invocations, and intercept doctor/status/sandbox help flags before prompt-mode dispatch. The parser change also closes the help fallthrough that previously wandered into runtime startup for local-info commands. Constraint: Preserve prompt shorthand for normal multi-word text input while fixing exact local subcommand help paths Rejected: Route \7[1G[2K[m⠋ 🦀 Thinking...[0m8[1G[2K[m✘ ❌ Request failed [0m through prompt/slash guidance \| still shells out through the wrong surface and keeps health checks hidden Rejected: Reuse the status report as doctor output \| status does not explain auth/config health or expose a dedicated diagnostic summary Confidence: high Scope-risk: narrow Directive: Keep doctor local-only unless an explicit network probe is intentionally added and separately tested Tested: cargo build -p rusty-claude-cli; cargo test -p rusty-claude-cli; cargo run -p rusty-claude-cli -- doctor --help; CLAW_CONFIG_HOME=/tmp/tmp.7pm9SVzOPN ANTHROPIC_API_KEY= ANTHROPIC_AUTH_TOKEN= cargo run -p rusty-claude-cli -- doctor Not-tested: direct /doctor outside the REPL remains interactive-only	2026-04-05 18:11:25 +00:00
Yeachan-Heo	c3b0e12164	Remove unshipped rusty-claude-cli prototype modules The shipped CLI surface lives in `src/main.rs`, which only wires `init`, `input`, and `render`. The legacy `app.rs` and `args.rs` prototypes were not in the module tree and had no inbound references, so this change deletes those orphaned files instead of widening scope into a larger refactor. It also aligns the TUI enhancement plan with that reality so the document no longer describes the removed prototypes as current tracked structure. Constraint: Must preserve shipped CLI parsing and slash-command behavior Rejected: Refactor main.rs into smaller modules now \| widens scope beyond behavior-safe cleanup Rejected: Leave TUI plan wording untouched \| leaves low-risk stale documentation behind Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep this slice deletion-first; do not reintroduce alternate CLI surfaces without wiring them into main.rs and its tests Tested: cargo test -p rusty-claude-cli defaults_to_repl_when_no_args Tested: cargo test -p rusty-claude-cli parses_login_and_logout_subcommands Tested: cargo test -p rusty-claude-cli parses_direct_agents_mcp_and_skills_slash_commands Tested: cargo test -p rusty-claude-cli direct_slash_commands_surface_shared_validation_errors Tested: cargo test -p rusty-claude-cli parses_resume_flag_with_multiple_slash_commands -- --nocapture Tested: cargo test -p rusty-claude-cli resumed_binary_accepts_slash_commands_with_arguments -- --nocapture Tested: cargo check -p rusty-claude-cli Tested: git diff --check Not-tested: cargo clippy -p rusty-claude-cli --all-targets -- -D warnings (pre-existing failures in rust/crates/runtime/* and existing warnings outside this diff)	2026-04-05 17:44:34 +00:00
Yeachan-Heo	eb4d3b11ee	merge fix/p2-19-subcommand-help-fallthrough	2026-04-05 16:54:59 +00:00
Yeachan-Heo	24d8f916c8	merge fix/p0-10-json-status	2026-04-05 16:54:38 +00:00
Yeachan-Heo	30883bddbd	Keep doctor and local help paths shell-native Promote doctor into a real top-level CLI action, reuse the same local report for resumed and REPL doctor invocations, and intercept doctor/status/sandbox help flags before prompt-mode dispatch. The parser change also closes the help fallthrough that previously wandered into runtime startup for local-info commands. Constraint: Preserve prompt shorthand for normal multi-word text input while fixing exact local subcommand help paths Rejected: Route \7[1G[2K[m⠋ 🦀 Thinking...[0m8[1G[2K[m✘ ❌ Request failed [0m through prompt/slash guidance \| still shells out through the wrong surface and keeps health checks hidden Rejected: Reuse the status report as doctor output \| status does not explain auth/config health or expose a dedicated diagnostic summary Confidence: high Scope-risk: narrow Directive: Keep doctor local-only unless an explicit network probe is intentionally added and separately tested Tested: cargo build -p rusty-claude-cli; cargo test -p rusty-claude-cli; cargo run -p rusty-claude-cli -- doctor --help; CLAW_CONFIG_HOME=/tmp/tmp.7pm9SVzOPN ANTHROPIC_API_KEY= ANTHROPIC_AUTH_TOKEN= cargo run -p rusty-claude-cli -- doctor Not-tested: direct /doctor outside the REPL remains interactive-only	2026-04-05 16:44:36 +00:00
Yeachan-Heo	1a2fa1581e	Keep status JSON machine-readable for automation The global --output-format json flag already reached prompt-mode responses, but status and sandbox still bypassed that path and printed human-readable tables. This change threads the selected output format through direct command aliases and resumed slash-command execution so status queries emit valid structured JSON instead of mixed prose. It also adds end-to-end regression coverage for direct status/sandbox JSON and resumed /status JSON so shell automation can rely on stable parsing. Constraint: Global output formatting must stay compatible with existing text-mode reports Rejected: Require callers to scrape text status tables \| fragile and breaks automation Confidence: high Scope-risk: narrow Directive: New direct commands that honor --output-format should thread the format through CliAction and resumed slash execution paths Tested: cargo build -p rusty-claude-cli Tested: cargo test -p rusty-claude-cli -- --nocapture Tested: cargo test --workspace Tested: cargo run -q -p rusty-claude-cli -- --output-format json status Tested: cargo run -q -p rusty-claude-cli -- --output-format json sandbox Not-tested: cargo clippy --workspace --all-targets -- -D warnings (fails in pre-existing runtime files unrelated to this change)	2026-04-05 16:41:02 +00:00
Yeachan-Heo	1f53d961ff	Route nested CLI help requests to usage instead of operand fallthrough The direct CLI wrappers for agents, skills, and mcp treated nested help flags as ordinary operands. That made commands like `claw mcp show --help` report a missing server and `claw skills install --help` fall into filesystem install logic instead of surfacing usage. This change normalizes help-path arguments before dispatch so nested help stays on the help path. The regression tests cover both handler-level behavior and end-to-end CLI output for nested help and unknown subcommands with trailing help flags. Constraint: Keep the fix scoped to direct CLI slash-command wrappers without changing unrelated parser behavior Rejected: Rework top-level argument parsing for all subcommands \| broader risk than needed for the regression Confidence: high Scope-risk: narrow Reversibility: clean Directive: If more nested subcommands are added, extend the help-path normalization table before relying on raw operand dispatch Tested: cargo build -p commands -p rusty-claude-cli Tested: cargo test -p commands -p rusty-claude-cli Not-tested: cargo clippy -p commands -p rusty-claude-cli --all-targets --no-deps -- -D warnings (pre-existing warnings in untouched files block clean run)	2026-04-05 16:38:43 +00:00
Yeachan-Heo	784f07abfa	Harden worker boot recovery before task dispatch The worker boot registry now exposes the requested lifecycle states, emits structured trust and prompt-delivery events, and recovers from shell or wrong-target prompt delivery by replaying the last prompt. Supporting fixes keep MCP remote config parsing backwards-compatible and make CLI argument parsing less dependent on ambient config and cwd state so the workspace stays green under full parallel test runs. Constraint: Worker prompts must not be dispatched before a confirmed ready_for_prompt handshake Constraint: Prompt misdelivery recovery must stay minimal and avoid new dependencies Rejected: Keep prompt_accepted and blocked as public lifecycle states \| user requested the narrower explicit state set Rejected: Treat url-only MCP server configs as invalid \| existing CLI/runtime tests still rely on that shorthand Confidence: high Scope-risk: moderate Reversibility: clean Directive: Preserve prompt_in_flight semantics when extending worker boot; misdelivery detection depends on it Tested: cargo build --workspace; cargo test --workspace Not-tested: Live tmux worker delivery against a real external coding agent pane	2026-04-04 14:50:43 +00:00
Yeachan-Heo	8a9ea1679f	feat(mcp+lifecycle): MCP degraded-startup reporting, lane event schema, lane completion hardening Add MCP structured degraded-startup classification (P2.10): - classify MCP failures as startup/handshake/config/partial - expose failed_servers + recovery_recommendations in tool output - add mcp_degraded output field with server_name, failure_mode, recoverable Canonical lane event schema (P2.7): - add LaneEventName variants for all lifecycle states - wire LaneEvent::new with full 3-arg signature (event, status, emitted_at) - emit typed events for Started, Blocked, Failed, Finished Fix let mut executor for search test binary Fix lane_completion unused import warnings Note: mcp_stdio::manager_discovery_report test has pre-existing failure on clean main, unrelated to this commit.	2026-04-04 14:31:56 +00:00
Yeachan-Heo	ac3ad57b89	fix(ci): apply rustfmt to main	2026-04-04 02:18:52 +00:00
Jobdori	3327d0e3fe	fix(tests): isolate render_diff_report tests from real working-tree state Replace with_current_dir+render_diff_report() with direct render_diff_report_for(&root) calls in the three diff-report tests. The env_lock mutex only serializes within one test binary; cargo test --workspace runs binaries in parallel, so set_current_dir races were possible across binaries. render_diff_report_for(cwd) accepts an explicit path and requires no global state mutation, making the tests reliably green under full workspace parallelism.	2026-04-04 05:33:18 +09:00
Jobdori	5ad05c68a3	merge: ultraclaw/mcp-lifecycle-harden into main	2026-04-04 00:45:12 +09:00
Jobdori	13015f6428	feat(runtime): hardened MCP lifecycle with phase tracking and degraded-mode reporting	2026-04-04 00:42:43 +09:00
Jobdori	e1db949353	feat(runtime): typed task packet format for structured claw dispatch	2026-04-04 00:40:20 +09:00
Yeachan-Heo	bf5eb8785e	Recover the MCP lane on top of current main This resolves the stale-branch merge against origin/main, keeps the MCP runtime wiring, and preserves prompt-approved CLI tool execution after the mock parity harness additions landed upstream. Constraint: Branch had to absorb origin/main changes through a contentful merge before more MCP work Constraint: Prompt-approved runtime tool execution must continue working with new CLI/mock parity coverage Rejected: Keep permission enforcer attached inside CliToolExecutor for conversation turns \| caused prompt-approved bash parity flow to fail as a tool error Rejected: Defer the merge and continue on stale history \| would leave the lane red against current main Confidence: high Scope-risk: moderate Reversibility: clean Directive: Runtime permission policy and executor-side permission enforcement are separate layers; do not reapply executor enforcement to conversation turns without revalidating mock parity harness approval flows Tested: cargo test -p rusty-claude-cli --test mock_parity_harness -- --nocapture; cargo test -p rusty-claude-cli -- --nocapture; cargo test --workspace -- --nocapture Not-tested: Additional live remote/provider scenarios beyond the existing workspace suite	2026-04-03 14:51:18 +00:00
Yeachan-Heo	b3fe057559	Close the MCP lifecycle gap from config to runtime tool execution This wires configured MCP servers into the CLI/runtime path so discovered MCP tools, resource wrappers, search visibility, shutdown handling, and best-effort discovery all work together instead of living as isolated runtime primitives. Constraint: Keep non-MCP startup flows working without new required config Constraint: Preserve partial availability when one configured MCP server fails discovery Rejected: Fail runtime startup on any MCP discovery error \| too brittle for mixed healthy/broken server configs Rejected: Keep MCP support runtime-only without registry wiring \| left discovery and invocation unreachable from the CLI tool lane Confidence: high Scope-risk: moderate Reversibility: clean Directive: Runtime MCP tools are registry-backed but executed through CliToolExecutor state; keep future tool-registry changes aligned with that split Tested: cargo test -p runtime mcp -- --nocapture; cargo test -p tools -- --nocapture; cargo test -p rusty-claude-cli -- --nocapture; cargo test --workspace -- --nocapture Not-tested: Live remote MCP transports (http/sse/ws/sdk) remain unsupported in the CLI execution path	2026-04-03 14:31:25 +00:00
Jobdori	a2351fe867	feat(harness+usage): add auto_compact and token_cost parity scenarios Two new mock parity harness scenarios: 1. auto_compact_triggered (session-compaction category) - Mock returns 50k input tokens, validates auto_compaction key is present in JSON output - Validates format parity; trigger behavior covered by conversation::tests::auto_compacts_when_cumulative_input_threshold_is_crossed 2. token_cost_reporting (token-usage category) - Mock returns known token counts (1k input, 500 output) - Validates input/output token fields present in JSON output Additional changes: - Add estimated_cost to JSON prompt output (format_usd + pricing_for_model) - Add final_text_sse_with_usage and text_message_response_with_usage helpers to mock-anthropic-service for parameterized token counts - Add ScenarioCase.extra_env and ScenarioCase.resume_session fields - Update mock_parity_scenarios.json: 10 -> 12 scenarios - Update harness request count assertion: 19 -> 21 cargo test --workspace: 558 passed, 0 failed	2026-04-03 22:41:42 +09:00
Jobdori	6325add99e	fix(tests): add env_lock to permission-sensitive CLI arg tests Tests relying on PermissionMode::DangerFullAccess as default were flaky under --workspace runs because other tests set RUSTY_CLAUDE_PERMISSION_MODE without cleanup. Added env_lock() and explicit env var removal to 7 affected tests. Fixes: workspace-level cargo test flake (1 random test fails per run)	2026-04-03 22:07:12 +09:00
Jobdori	0490636031	feat(commands): expand slash command surface 67 → 135 specs Add 68 new slash command specs covering: - Approval flow: approve/deny - Editing: undo, retry, paste, image, screenshot - Code ops: test, lint, build, run, fix, refactor, explain, docs, perf - Git: git, stash, blame, log - LSP: symbols, references, definition, hover, diagnostics, autofix - Navigation: focus/unfocus, web, map, search, workspace - Model: max-tokens, temperature, system-prompt, tool-details - Session: history, tokens, cache, pin/unpin, bookmarks, format - Infra: cron, team, parallel, multi, macro, alias - Config: api-key, language, profile, telemetry, env, project - Other: providers, notifications, changelog, templates, benchmark, migrate, reset Update tests: flexible assertions for expanded command surface	2026-04-03 19:52:40 +09:00
Jobdori	8cc7d4c641	chore: additional AI slop cleanup and enforcer wiring from sessions 1/5 Session 1 (ses_2ad65873): with_enforcer builders + 2 regression tests Session 5 (ses_2ad67e8e): continued AI slop cleanup pass — redundant comments, unused_self suppressions, unreachable! tightening Session cleanup (ses_2ad6b26c): Python placeholder centralization Workspace tests: 363+ passed, 0 failed.	2026-04-03 18:35:27 +09:00
Jobdori	618a79a9f4	feat: ultraclaw session outputs — registry tests, MCP bridge, PARITY.md, cleanup Ultraclaw mode results from 10 parallel opencode sessions: - PARITY.md: Updated both copies with all 9 landed lanes, commit hashes, line counts, and test counts. All checklist items marked complete. - MCP bridge: McpToolRegistry.call_tool now wired to real McpServerManager via async JSON-RPC (discover_tools -> tools/call -> shutdown) - Registry tests: Added coverage for TaskRegistry, TeamRegistry, CronRegistry, PermissionEnforcer, LspRegistry (branch-focused tests) - Permissions refactor: Simplified authorize_with_context, extracted helpers, added characterization tests (185 runtime tests pass) - AI slop cleanup: Removed redundant comments, unused_self suppressions, tightened unreachable branches - CLI fixes: Minor adjustments in main.rs and hooks.rs All 363+ tests pass. Workspace compiles clean.	2026-04-03 18:23:03 +09:00
Yeachan-Heo	85c5b0e01d	Expand parity harness coverage before behavioral drift lands The landed mock Anthropic harness now covers multi-tool turns, bash flows, permission prompt approve/deny paths, and an external plugin tool path. A machine-readable scenario manifest plus a diff/checklist runner keep the new scenarios tied back to PARITY.md so future additions stay honest. Constraint: Must build on the deterministic mock service and clean-environment CLI harness Rejected: Add an MCP tool scenario now \| current MCP tool surface is still stubbed, so plugin coverage is the real executable path Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep rust/mock_parity_scenarios.json, mock_parity_harness.rs, and PARITY.md refs in lockstep Tested: cargo fmt --all Tested: cargo clippy --workspace --all-targets -- -D warnings Tested: cargo test --workspace Tested: python3 rust/scripts/run_mock_parity_diff.py Not-tested: Real MCP lifecycle handshakes; remote plugin marketplace install flows	2026-04-03 04:00:33 +00:00
Yeachan-Heo	c2f1304a01	Lock down CLI-to-mock behavioral parity for Anthropic flows This adds a deterministic mock Anthropic-compatible /v1/messages service, a clean-environment CLI harness, and repo docs so the first parity milestone can be validated without live network dependencies. Constraint: First milestone must prove Rust claw can connect from a clean environment and cover streaming, tool assembly, and permission/tool flow Constraint: No new third-party dependencies; reuse the existing Rust workspace stack Rejected: Record/replay live Anthropic traffic \| nondeterministic and unsuitable for repeatable CI coverage Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep scenario markers and expected tool payload shapes synchronized between the mock service and the harness tests Tested: cargo fmt --all Tested: cargo clippy --workspace --all-targets -- -D warnings Tested: cargo test --workspace Tested: ./scripts/run_mock_parity_harness.sh Not-tested: Live Anthropic responses beyond the five scripted harness scenarios	2026-04-03 01:15:52 +00:00
Jobdori	03bd7f0551	feat: add 40 slash commands — command surface 67/141 Port 40 missing user-facing slash commands from upstream parity audit: Session: /doctor, /login, /logout, /usage, /stats, /rename, /privacy-settings Workspace: /branch, /add-dir, /files, /hooks, /release-notes Discovery: /context, /tasks, /doctor, /ide, /desktop Analysis: /review, /security-review, /advisor, /insights Appearance: /theme, /vim, /voice, /color, /effort, /fast, /brief, /output-style, /keybindings, /stickers Communication: /copy, /share, /feedback, /summary, /tag, /thinkback, /plan, /exit, /upgrade, /rewind All commands have full SlashCommandSpec, enum variant, parse arm, and stub handler. Category system expanded with two new categories. Tests updated for new counts (67 specs, 39 resume-supported). fmt/clippy/tests all green.	2026-04-03 08:09:14 +09:00
Jobdori	06151c57f3	fix: make startup_banner test credential-free Remove the #[ignore] gate from startup_banner_mentions_workflow_completions by injecting a dummy ANTHROPIC_API_KEY. The test exercises LiveCli banner rendering, not API calls. Cleanup env var after test. Test suite now 102/102 in CLI crate (was 101 + 1 ignored).	2026-04-03 07:04:30 +09:00
Jobdori	08ed9a7980	fix: make plugin lifecycle test credential-free Inject a dummy ANTHROPIC_API_KEY for build_runtime_runs_plugin_lifecycle_init_and_shutdown so the test exercises plugin init/shutdown without requiring real credentials. The API client is constructed but never used for streaming. Clean up the env var after the test to avoid polluting parallel tests.	2026-04-03 05:53:18 +09:00
Jobdori	fbafb9cffc	fix: post-merge clippy/fmt cleanup (9407-9410 integration)	2026-04-03 05:12:51 +09:00
Jobdori	06a93a57c7	merge: clawcode-issue-9410-cli-ux-progress-status-clear into main	2026-04-03 05:08:19 +09:00
Jobdori	698ce619ca	merge: clawcode-issue-9409-config-env-project-permissions into main	2026-04-03 05:08:08 +09:00
Jobdori	bf848a43ce	merge: clawcode-issue-9407-cli-agents-mcp-config into main	2026-04-03 05:07:56 +09:00
Yeachan-Heo	8805386bea	merge: clawcode-issue-9406-commands-skill-install into main	2026-04-02 13:55:42 +00:00
Yeachan-Heo	5d8e131c14	Wire plugin hooks and lifecycle into runtime startup PARITY.md is stale relative to the current Rust plugin pipeline: plugin manifests, tool loading, and lifecycle primitives already exist, but runtime construction only consumed plugin tools. This change routes enabled plugin hooks into the runtime feature config, initializes plugin lifecycle commands when a runtime is built, and shuts plugins down when runtimes are replaced or dropped.\n\nThe test coverage exercises the new runtime plugin-state builder and verifies init/shutdown execution without relying on global cwd or config-home mutation, so the existing CLI suite stays stable under parallel execution.\n\nConstraint: Keep the change inside the current worktree and avoid touching unrelated pre-existing edits\nRejected: Add plugin hook execution inside the tools crate directly \| runtime feature merging is the existing execution boundary\nRejected: Use process-global CLAW_CONFIG_HOME/current_dir in tests \| races with the existing parallel CLI test suite\nConfidence: high\nScope-risk: moderate\nReversibility: clean\nDirective: Preserve plugin runtime shutdown when rebuilding LiveCli runtimes or temporary turn runtimes\nTested: cargo test -p rusty-claude-cli build_runtime_\nTested: cargo test -p rusty-claude-cli\nNot-tested: End-to-end live REPL session with a real plugin outside the test harness	2026-04-02 10:04:54 +00:00
Yeachan-Heo	9c67607670	Expose configured MCP servers from the CLI PARITY.md called out missing MCP management in the Rust CLI, so this adds a focused read-only /mcp path instead of expanding the broader config surface first. The new command works in the REPL, with --resume, and as a direct 7[1G[2K[m⠋ 🦀 Thinking...[0m8[1G[2K[m✘ ❌ Request failed [0m entrypoint. It lists merged MCP server definitions, supports detailed inspection for one server, and adds targeted tests for parsing, help text, completion hints, and config-backed rendering. Constraint: Keep the enhancement inside the existing Rust slash-command architecture Rejected: Extend /config with a raw mcp dump only \| less discoverable than a dedicated MCP workflow Confidence: high Scope-risk: narrow Directive: Keep /mcp read-only unless MCP lifecycle commands gain shared runtime orchestration Tested: cargo test -p commands parses_supported_slash_commands Tested: cargo test -p commands rejects_invalid_mcp_arguments Tested: cargo test -p commands renders_help_from_shared_specs Tested: cargo test -p commands renders_per_command_help_detail_for_mcp Tested: cargo test -p commands ignores_unknown_or_runtime_bound_slash_commands Tested: cargo test -p commands mcp_usage_supports_help_and_unexpected_args Tested: cargo test -p commands renders_mcp_reports_from_loaded_config Tested: cargo test -p rusty-claude-cli parses_login_and_logout_subcommands Tested: cargo test -p rusty-claude-cli parses_direct_agents_mcp_and_skills_slash_commands Tested: cargo test -p rusty-claude-cli repl_help_includes_shared_commands_and_exit Tested: cargo test -p rusty-claude-cli completion_candidates_include_workflow_shortcuts_and_dynamic_sessions Tested: cargo test -p rusty-claude-cli resume_supported_command_list_matches_expected_surface Tested: cargo test -p rusty-claude-cli init_help_mentions_direct_subcommand Tested: cargo run -p rusty-claude-cli -- mcp help Not-tested: Live MCP server connectivity against a real remote or stdio backend	2026-04-02 10:04:40 +00:00

... 2 3 4 5 6 ...

552 Commits