Better Harness Tools, not merely storing the archive of leaked Claude Code but also make real things done. Now rewriting in Rust.

Go to file

YeonGyu-Kim ad02761918 ROADMAP #115 : claw init hardcodes 'defaultMode: dontAsk' alias for danger-full-access; init output zero security signal; JSON wraps prose Dogfooded 2026-04-18 on main HEAD `ca09b6b` from /tmp/cdPP. Three compounding issues in one finding: 1. claw init generates .claw.json with dangerous default: $ claw init && cat .claw.json {"permissions":{"defaultMode":"dontAsk"}} $ claw status \| grep permission_mode permission_mode: danger-full-access 2. The 'dontAsk' alias obscures the actual security posture: config.rs:858 "dontAsk" \| "danger-full-access" => Ok(ResolvedPermissionMode::DangerFullAccess) User reads 'dontAsk' as 'skip confirmations I'd otherwise see' — NOT 'grant every tool unconditional access'. But the two parse identically. Alias name dilutes severity. 3. claw init --output-format json wraps prose in message field: { "kind": "init", "message": "Init\n Project /private/tmp/cdPP\n .claw/ created\n..." } Claws orchestrating setup must string-parse \n-prose to know what got created. No files_created[], no resolved_permission_mode, no security_posture. Zero mention of 'danger', 'permission', or 'access' anywhere in init output. The init report says 'Review and tailor the generated guidance' — implying there's something benign to tailor. Trace: rusty-claude-cli/src/init.rs:4-9 STARTER_CLAW_JSON constant: hardcoded {"permissions":{"defaultMode":"dontAsk"}} runtime/src/config.rs:858 alias resolution: "dontAsk" \| "danger-full-access" => DangerFullAccess rusty-claude-cli/src/init.rs:370 JSON-output also emits 'defaultMode': 'dontAsk' literal. grep 'dontAsk' rust/crates/ → 4 matches. None explain that dontAsk == danger-full-access anywhere user-facing. Fix shape (~60 lines): - STARTER_CLAW_JSON default → 'default' (explicit safe). Users wanting danger-full-access opt in. ~5 lines. - init output warns when effective mode is DangerFullAccess: 'security: danger-full-access (unconditional tool approval).' ~15 lines. - Structure the init JSON: {kind, files:[{path,action}], resolved_permission_mode, permission_mode_source, security_warnings:[]} ~30 lines. - Deprecate 'dontAsk' alias OR log warning at parse: 'alias for danger-full-access; grants unconditional tool access'. ~8 lines. - Regression tests per outcome. Builds on #87 and amplifies it: #87: absence-of-config default = danger-full-access #101: fail-OPEN on bad RUSTY_CLAUDE_PERMISSION_MODE env var #115: init actively generates the dangerous default Three sequential compounding permission-posture failures. Joins Permission-audit/tool-allow-list (#94, #97, #101, #106) as 5th member — init-time anchor of the permission problem. Joins Silent-flag/documented-but-unenforced on silent-setting axis. Cross-cluster with Reporting-surface/config-hygiene (prose-wrapped JSON) and Truth-audit (misleading 'Next step' phrasing). Natural bundle: #87 + #101 + #115 — 'permission drift at every boundary': absence default + env-var bypass + init-generated. Flagship permission-audit sweep grows 7-way: #50 + #87 + #91 + #94 + #97 + #101 + #115 Filed in response to Clawhip pinpoint nudge 1494917922076889139 in #clawcode-building-in-public.		2026-04-18 13:32:46 +09:00
.claude/sessions	fix: tool input {} prefix bug, tool display after accumulation, max_iterations unlimited	2026-04-01 02:24:18 +00:00
.github	Close the clawability backlog with deterministic CLI output and lane lineage	2026-04-05 18:41:02 +00:00
assets	Refresh docs to match ultraworkers/claw-code source of truth	2026-04-05 18:11:25 +00:00
docs	US-010: Add model compatibility documentation	2026-04-16 10:55:58 +00:00
rust	US-024: Add token limit metadata for kimi models	2026-04-17 04:15:38 +00:00
src	chore: additional AI slop cleanup and enforcer wiring from sessions 1/5	2026-04-03 18:35:27 +09:00
tests	Rewriting Project Claw Code - Python port with Rust on the way	2026-03-31 08:16:20 -07:00
.claude.json	feat: default OAuth config for API endpoint, merge UI polish rendering	2026-04-01 03:20:26 +00:00
.gitignore	Keep local clawhip artifacts from tripping routine repo work	2026-04-12 14:47:40 +00:00
CLAUDE.md	feat: default OAuth config for API endpoint, merge UI polish rendering	2026-04-01 03:20:26 +00:00
Containerfile	Document a repeatable container workflow for the Rust workspace	2026-04-05 18:11:25 +00:00
PARITY.md	docs(PARITY.md): comprehensive status update — all 9 lanes merged, stubs replaced	2026-04-03 19:39:28 +09:00
PHILOSOPHY.md	docs: add philosophy document for autonomous claw development	2026-04-04 16:51:51 +00:00
README.md	Make ACP/Zed status obvious before users go source-diving	2026-04-16 03:13:50 +00:00
ROADMAP.md	ROADMAP #115 : claw init hardcodes 'defaultMode: dontAsk' alias for danger-full-access; init output zero security signal; JSON wraps prose	2026-04-18 13:32:46 +09:00
USAGE.md	Align auth docs with the removed login/logout surface	2026-04-11 17:28:47 +00:00
install.sh	feat: b6-codex-session — batch 6	2026-04-07 15:52:30 +09:00
prd.json	US-024: Add token limit metadata for kimi models	2026-04-17 04:15:38 +00:00
progress.txt	US-011: Performance optimization for API request serialization	2026-04-16 11:11:45 +00:00

README.md

Claw Code

ultraworkers/claw-code · Usage · Rust workspace · Parity · Roadmap · UltraWorkers Discord

Claw Code

Claw Code is the public Rust implementation of the claw CLI agent harness. The canonical implementation lives in rust/, and the current source of truth for this repository is ultraworkers/claw-code.

[!IMPORTANT] Start with USAGE.md for build, auth, CLI, session, and parity-harness workflows. Make claw doctor your first health check after building, use rust/README.md for crate-level details, read PARITY.md for the current Rust-port checkpoint, and see docs/container.md for the container-first workflow.

ACP / Zed status: claw-code does not ship an ACP/Zed daemon entrypoint yet. Run claw acp (or claw --acp) for the current status instead of guessing from source layout; claw acp serve is currently a discoverability alias only, and real ACP support remains tracked separately in ROADMAP.md.

Current repository shape

rust/ — canonical Rust workspace and the claw CLI binary
USAGE.md — task-oriented usage guide for the current product surface
PARITY.md — Rust-port parity status and migration notes
ROADMAP.md — active roadmap and cleanup backlog
PHILOSOPHY.md — project intent and system-design framing
src/ + tests/ — companion Python/reference workspace and audit helpers; not the primary runtime surface

Quick start

[!NOTE] [!WARNING] cargo install claw-code installs the wrong thing. The claw-code crate on crates.io is a deprecated stub that places claw-code-deprecated.exe — not claw. Running it only prints "claw-code has been renamed to agent-code". Do not use cargo install claw-code. Either build from source (this repo) or install the upstream binary:
cargo install agent-code   # upstream binary — installs 'agent.exe' (Windows) / 'agent' (Unix), NOT 'agent-code'
This repo (ultraworkers/claw-code) is build-from-source only — follow the steps below.

# 1. Clone and build
git clone https://github.com/ultraworkers/claw-code
cd claw-code/rust
cargo build --workspace

# 2. Set your API key (Anthropic API key — not a Claude subscription)
export ANTHROPIC_API_KEY="sk-ant-..."

# 3. Verify everything is wired correctly
./target/debug/claw doctor

# 4. Run a prompt
./target/debug/claw prompt "say hello"

[!NOTE] Windows (PowerShell): the binary is claw.exe, not claw. Use .\target\debug\claw.exe or run cargo run -- prompt "say hello" to skip the path lookup.

Windows setup

PowerShell is a supported Windows path. Use whichever shell works for you. The common onboarding issues on Windows are:

Install Rust first — download from https://rustup.rs/ and run the installer. Close and reopen your terminal when it finishes.
Verify Rust is on PATH:
```
cargo --version
```
If this fails, reopen your terminal or run the PATH setup from the Rust installer output, then retry.

Clone and build (works in PowerShell, Git Bash, or WSL):

git clone https://github.com/ultraworkers/claw-code
cd claw-code/rust
cargo build --workspace

Run (PowerShell — note .exe and backslash):

$env:ANTHROPIC_API_KEY = "sk-ant-..."
.\target\debug\claw.exe prompt "say hello"

Git Bash / WSL are optional alternatives, not requirements. If you prefer bash-style paths (/c/Users/you/... instead of C:\Users\you\...), Git Bash (ships with Git for Windows) works well. In Git Bash, the MINGW64 prompt is expected and normal — not a broken install.

[!NOTE] Auth: claw requires an API key (ANTHROPIC_API_KEY, OPENAI_API_KEY, etc.) — Claude subscription login is not a supported auth path.

Run the workspace test suite:

cd rust
cargo test --workspace

Documentation map

USAGE.md — quick commands, auth, sessions, config, parity harness
rust/README.md — crate map, CLI surface, features, workspace layout
PARITY.md — parity status for the Rust port
rust/MOCK_PARITY_HARNESS.md — deterministic mock-service harness details
ROADMAP.md — active roadmap and open cleanup work
PHILOSOPHY.md — why the project exists and how it is operated

Ecosystem

Claw Code is built in the open alongside the broader UltraWorkers toolchain:

Ownership / affiliation disclaimer

This repository does not claim ownership of the original Claude Code source material.
This repository is not affiliated with, endorsed by, or maintained by Anthropic.