Better Harness Tools, not merely storing the archive of leaked Claude Code but also make real things done. Now rewriting in Rust.

Go to file

YeonGyu-Kim 9882f07e7d ROADMAP #88 : unbounded CLAUDE.md ancestor walk = prompt injection via /tmp Dogfooded 2026-04-17 on main HEAD `82bd8bb` from /tmp/claude-md-injection/inner/work. discover_instruction_files at runtime/src/prompt.rs:203-224 walks cursor.parent() until None with no project-root bound, no HOME containment, no git boundary. Four candidate paths per ancestor (CLAUDE.md, CLAUDE.local.md, .claw/CLAUDE.md, .claw/instructions.md) are loaded and inlined verbatim into the agent's system prompt under '# Claude instructions'. Repro: /tmp/claude-md-injection/CLAUDE.md containing adversarial guidance appears under 'CLAUDE.md (scope: /private/tmp/claude-md- injection)' in claw system-prompt from any nested CWD. git init inside the worker does not terminate the walk. /tmp/CLAUDE.md alone is sufficient -- /tmp is world-writable with sticky bit on macOS/ Linux, so any local user can plant agent guidance for every other user's claw invocation under /tmp/anything. Worse than #85 (skills ancestor walk): no agent action required (injection fires on every turn before first user message), lower bar for the attacker (raw Markdown, no frontmatter), standard world-writable drop point (/tmp), no doctor signal. Same structural fix family though: prompt.rs:203, commands/src/lib.rs:2795 (skills), and commands/src/lib.rs:2724 (agents) all need the same project_root / HOME bound. Fix shape (~30-50 lines): bound ancestor walk at project root / HOME; add doctor check that surfaces loaded instruction files with paths; add settings.json opt-in toggle for monorepo ancestor inheritance with 'source: ancestor' annotation. Filed in response to Clawhip pinpoint nudge 1494691430096961767 in #clawcode-building-in-public.		2026-04-17 22:33:13 +09:00
.claude/sessions	fix: tool input {} prefix bug, tool display after accumulation, max_iterations unlimited	2026-04-01 02:24:18 +00:00
.github	Close the clawability backlog with deterministic CLI output and lane lineage	2026-04-05 18:41:02 +00:00
assets	Refresh docs to match ultraworkers/claw-code source of truth	2026-04-05 18:11:25 +00:00
docs	US-010: Add model compatibility documentation	2026-04-16 10:55:58 +00:00
rust	US-024: Add token limit metadata for kimi models	2026-04-17 04:15:38 +00:00
src	chore: additional AI slop cleanup and enforcer wiring from sessions 1/5	2026-04-03 18:35:27 +09:00
tests	Rewriting Project Claw Code - Python port with Rust on the way	2026-03-31 08:16:20 -07:00
.claude.json	feat: default OAuth config for API endpoint, merge UI polish rendering	2026-04-01 03:20:26 +00:00
.gitignore	Keep local clawhip artifacts from tripping routine repo work	2026-04-12 14:47:40 +00:00
CLAUDE.md	feat: default OAuth config for API endpoint, merge UI polish rendering	2026-04-01 03:20:26 +00:00
Containerfile	Document a repeatable container workflow for the Rust workspace	2026-04-05 18:11:25 +00:00
PARITY.md	docs(PARITY.md): comprehensive status update — all 9 lanes merged, stubs replaced	2026-04-03 19:39:28 +09:00
PHILOSOPHY.md	docs: add philosophy document for autonomous claw development	2026-04-04 16:51:51 +00:00
README.md	Make ACP/Zed status obvious before users go source-diving	2026-04-16 03:13:50 +00:00
ROADMAP.md	ROADMAP #88 : unbounded CLAUDE.md ancestor walk = prompt injection via /tmp	2026-04-17 22:33:13 +09:00
USAGE.md	Align auth docs with the removed login/logout surface	2026-04-11 17:28:47 +00:00
install.sh	feat: b6-codex-session — batch 6	2026-04-07 15:52:30 +09:00
prd.json	US-024: Add token limit metadata for kimi models	2026-04-17 04:15:38 +00:00
progress.txt	US-011: Performance optimization for API request serialization	2026-04-16 11:11:45 +00:00

README.md

Claw Code

ultraworkers/claw-code · Usage · Rust workspace · Parity · Roadmap · UltraWorkers Discord

Claw Code

Claw Code is the public Rust implementation of the claw CLI agent harness. The canonical implementation lives in rust/, and the current source of truth for this repository is ultraworkers/claw-code.

[!IMPORTANT] Start with USAGE.md for build, auth, CLI, session, and parity-harness workflows. Make claw doctor your first health check after building, use rust/README.md for crate-level details, read PARITY.md for the current Rust-port checkpoint, and see docs/container.md for the container-first workflow.

ACP / Zed status: claw-code does not ship an ACP/Zed daemon entrypoint yet. Run claw acp (or claw --acp) for the current status instead of guessing from source layout; claw acp serve is currently a discoverability alias only, and real ACP support remains tracked separately in ROADMAP.md.

Current repository shape

rust/ — canonical Rust workspace and the claw CLI binary
USAGE.md — task-oriented usage guide for the current product surface
PARITY.md — Rust-port parity status and migration notes
ROADMAP.md — active roadmap and cleanup backlog
PHILOSOPHY.md — project intent and system-design framing
src/ + tests/ — companion Python/reference workspace and audit helpers; not the primary runtime surface

Quick start

[!NOTE] [!WARNING] cargo install claw-code installs the wrong thing. The claw-code crate on crates.io is a deprecated stub that places claw-code-deprecated.exe — not claw. Running it only prints "claw-code has been renamed to agent-code". Do not use cargo install claw-code. Either build from source (this repo) or install the upstream binary:
cargo install agent-code   # upstream binary — installs 'agent.exe' (Windows) / 'agent' (Unix), NOT 'agent-code'
This repo (ultraworkers/claw-code) is build-from-source only — follow the steps below.

# 1. Clone and build
git clone https://github.com/ultraworkers/claw-code
cd claw-code/rust
cargo build --workspace

# 2. Set your API key (Anthropic API key — not a Claude subscription)
export ANTHROPIC_API_KEY="sk-ant-..."

# 3. Verify everything is wired correctly
./target/debug/claw doctor

# 4. Run a prompt
./target/debug/claw prompt "say hello"

[!NOTE] Windows (PowerShell): the binary is claw.exe, not claw. Use .\target\debug\claw.exe or run cargo run -- prompt "say hello" to skip the path lookup.

Windows setup

PowerShell is a supported Windows path. Use whichever shell works for you. The common onboarding issues on Windows are:

Install Rust first — download from https://rustup.rs/ and run the installer. Close and reopen your terminal when it finishes.
Verify Rust is on PATH:
```
cargo --version
```
If this fails, reopen your terminal or run the PATH setup from the Rust installer output, then retry.

Clone and build (works in PowerShell, Git Bash, or WSL):

git clone https://github.com/ultraworkers/claw-code
cd claw-code/rust
cargo build --workspace

Run (PowerShell — note .exe and backslash):

$env:ANTHROPIC_API_KEY = "sk-ant-..."
.\target\debug\claw.exe prompt "say hello"

Git Bash / WSL are optional alternatives, not requirements. If you prefer bash-style paths (/c/Users/you/... instead of C:\Users\you\...), Git Bash (ships with Git for Windows) works well. In Git Bash, the MINGW64 prompt is expected and normal — not a broken install.

[!NOTE] Auth: claw requires an API key (ANTHROPIC_API_KEY, OPENAI_API_KEY, etc.) — Claude subscription login is not a supported auth path.

Run the workspace test suite:

cd rust
cargo test --workspace

Documentation map

USAGE.md — quick commands, auth, sessions, config, parity harness
rust/README.md — crate map, CLI surface, features, workspace layout
PARITY.md — parity status for the Rust port
rust/MOCK_PARITY_HARNESS.md — deterministic mock-service harness details
ROADMAP.md — active roadmap and open cleanup work
PHILOSOPHY.md — why the project exists and how it is operated

Ecosystem

Claw Code is built in the open alongside the broader UltraWorkers toolchain:

Ownership / affiliation disclaimer

This repository does not claim ownership of the original Claude Code source material.
This repository is not affiliated with, endorsed by, or maintained by Anthropic.