Finish the remaining roadmap work by making direct CLI JSON output deterministic across the non-interactive surface, restoring the degraded-startup MCP test as a real workspace test, and adding branch-lock plus commit-lineage primitives so downstream lane consumers can distinguish superseded worktree commits from canonical lineage.
Constraint: Keep the user-facing config namespace centered on .claw while preserving legacy fallback discovery for compatibility
Constraint: Verification needed to stay clean-room and reproducible from the checked-in workspace alone
Rejected: Leave the output-format contract implied by ad-hoc smoke runs only | too easy for direct CLI regressions to slip back into prose-only output
Rejected: Keep commit provenance as free-form detail text | downstream consumers need structured branch/worktree/supersession metadata
Confidence: medium
Scope-risk: moderate
Directive: Extend the JSON contract through the same direct CLI entrypoints instead of adding one-off serializers on parallel code paths
Tested: python .github/scripts/check_doc_source_of_truth.py
Tested: cd rust && cargo fmt --all --check
Tested: cd rust && cargo test --workspace
Tested: cd rust && cargo clippy -p commands -p tools -p rusty-claude-cli --all-targets --no-deps -- -D warnings
Not-tested: full cargo clippy --workspace --all-targets -- -D warnings still reports unrelated pre-existing runtime lint debt outside this change set
This adds crate-level and type-level Rustdoc to the runtime crate's core exported types so downstream crates and contributors can understand the session, prompt, permission, OAuth, usage, and tool I/O primitives without spelunking every implementation file.
Constraint: The docs pass needed to stay focused on public runtime types without changing behavior
Rejected: Add blanket docs to every public item in one sweep | larger churn than needed for a targeted docs pass
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: When exporting new runtime primitives from lib.rs, add a short Rustdoc summary in the defining module at the same time
Tested: cargo build --workspace; cargo test --workspace
Not-tested: rustdoc HTML rendering beyond doc-test coverage
Replace the oversized packet model with the requested JSON-friendly packet shape and thread it through the in-memory task registry. Add the RunTaskPacket tool so callers can launch packet-backed tasks directly while preserving existing task creation flows.
Constraint: The existing task system and tool surface had to keep TaskCreate behavior intact while adding packet-backed execution
Rejected: Add a second parallel packet registry | would duplicate task lifecycle state
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep TaskPacket aligned with the tool schema and task registry serialization when extending the packet contract
Tested: cargo build --workspace; cargo test --workspace
Not-tested: live end-to-end invocation of RunTaskPacket through an interactive CLI session
The worker boot registry now exposes the requested lifecycle states, emits structured trust and prompt-delivery events, and recovers from shell or wrong-target prompt delivery by replaying the last prompt. Supporting fixes keep MCP remote config parsing backwards-compatible and make CLI argument parsing less dependent on ambient config and cwd state so the workspace stays green under full parallel test runs.
Constraint: Worker prompts must not be dispatched before a confirmed ready_for_prompt handshake
Constraint: Prompt misdelivery recovery must stay minimal and avoid new dependencies
Rejected: Keep prompt_accepted and blocked as public lifecycle states | user requested the narrower explicit state set
Rejected: Treat url-only MCP server configs as invalid | existing CLI/runtime tests still rely on that shorthand
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Preserve prompt_in_flight semantics when extending worker boot; misdelivery detection depends on it
Tested: cargo build --workspace; cargo test --workspace
Not-tested: Live tmux worker delivery against a real external coding agent pane
Add MCP structured degraded-startup classification (P2.10):
- classify MCP failures as startup/handshake/config/partial
- expose failed_servers + recovery_recommendations in tool output
- add mcp_degraded output field with server_name, failure_mode, recoverable
Canonical lane event schema (P2.7):
- add LaneEventName variants for all lifecycle states
- wire LaneEvent::new with full 3-arg signature (event, status, emitted_at)
- emit typed events for Started, Blocked, Failed, Finished
Fix let mut executor for search test binary
Fix lane_completion unused import warnings
Note: mcp_stdio::manager_discovery_report test has pre-existing failure on clean main, unrelated to this commit.
Add terminal lane states for when a lane discovers its work is already
landed in main, superseded by another lane, or has an empty diff:
LaneEventName:
- lane.reconciled — branch already merged, no action needed
- lane.merged — work successfully merged
- lane.superseded — work replaced by another lane/commit
- lane.closed — lane manually closed
PolicyAction::Reconcile with ReconcileReason enum:
- AlreadyMerged — branch tip already in main
- Superseded — another lane landed the same work
- EmptyDiff — PR would be empty
- ManualClose — operator closed the lane
PolicyCondition::LaneReconciled — matches lanes that reached a
no-action-required terminal state.
LaneContext::reconciled() constructor for lanes that discovered
they have nothing to do.
This closes the gap where lanes like 9404-9410 could discover
'nothing to do' but had no typed terminal state to express it.
The policy engine can now auto-closeout reconciled lanes instead
of leaving them in limbo.
Addresses ROADMAP P1.3 (lane-completion emitter) groundwork.
Tests: 4 new tests covering reconcile rule firing, context defaults,
non-reconciled lanes not triggering reconcile rules, and reason
variant distinctness. Full workspace suite: 643 pass, 0 fail.
Add a foundational worker_boot control plane and tool surface for
reliable startup. The new registry tracks trust gates, ready-for-prompt
handshakes, prompt delivery attempts, and shell misdelivery recovery so
callers can coordinate worker boot above raw terminal transport.
Constraint: Current main has no tmux-backed worker control API to extend directly
Constraint: First slice must stay deterministic and fully testable in-process
Rejected: Wire the first implementation straight to tmux panes | would couple transport details to unfinished state semantics
Rejected: Ship parser helpers without control tools | would not enforce the ready-before-prompt contract end to end
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Treat WorkerObserve heuristics as a temporary transport adapter and replace them with typed runtime events before widening automation policy
Tested: cargo test -p runtime worker_boot
Tested: cargo test -p tools worker_tools
Tested: cargo check -p runtime -p tools
Not-tested: Real tmux/TTY trust prompts and live worker boot on an actual coding session
Not-tested: Full cargo clippy -p runtime -p tools --all-targets -- -D warnings (fails on pre-existing warnings outside this slice)
This resolves the stale-branch merge against origin/main, keeps the MCP runtime wiring, and preserves prompt-approved CLI tool execution after the mock parity harness additions landed upstream.
Constraint: Branch had to absorb origin/main changes through a contentful merge before more MCP work
Constraint: Prompt-approved runtime tool execution must continue working with new CLI/mock parity coverage
Rejected: Keep permission enforcer attached inside CliToolExecutor for conversation turns | caused prompt-approved bash parity flow to fail as a tool error
Rejected: Defer the merge and continue on stale history | would leave the lane red against current main
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Runtime permission policy and executor-side permission enforcement are separate layers; do not reapply executor enforcement to conversation turns without revalidating mock parity harness approval flows
Tested: cargo test -p rusty-claude-cli --test mock_parity_harness -- --nocapture; cargo test -p rusty-claude-cli -- --nocapture; cargo test --workspace -- --nocapture
Not-tested: Additional live remote/provider scenarios beyond the existing workspace suite
This wires configured MCP servers into the CLI/runtime path so discovered
MCP tools, resource wrappers, search visibility, shutdown handling, and
best-effort discovery all work together instead of living as isolated
runtime primitives.
Constraint: Keep non-MCP startup flows working without new required config
Constraint: Preserve partial availability when one configured MCP server fails discovery
Rejected: Fail runtime startup on any MCP discovery error | too brittle for mixed healthy/broken server configs
Rejected: Keep MCP support runtime-only without registry wiring | left discovery and invocation unreachable from the CLI tool lane
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Runtime MCP tools are registry-backed but executed through CliToolExecutor state; keep future tool-registry changes aligned with that split
Tested: cargo test -p runtime mcp -- --nocapture; cargo test -p tools -- --nocapture; cargo test -p rusty-claude-cli -- --nocapture; cargo test --workspace -- --nocapture
Not-tested: Live remote MCP transports (http/sse/ws/sdk) remain unsupported in the CLI execution path
Add LspRegistry in crates/runtime/src/lsp_client.rs and wire it into
run_lsp() tool handler in crates/tools/src/lib.rs.
Runtime additions:
- LspRegistry: register/get servers by language, find server by file
extension, manage diagnostics, dispatch LSP actions
- LspAction enum (Diagnostics/Hover/Definition/References/Completion/Symbols/Format)
- LspServerStatus enum (Connected/Disconnected/Starting/Error)
- Diagnostic/Location/Hover/CompletionItem/Symbol types for structured responses
- Action dispatch validates server status and path requirements
Tool wiring:
- run_lsp() maps LspInput to LspRegistry.dispatch()
- Supports dynamic server lookup by file extension (rust/ts/js/py/go/java/c/cpp/rb/lua)
- Caches diagnostics across servers
8 new tests covering registration, lookup, diagnostics, and dispatch paths.
Bridges to existing LSP process manager for actual JSON-RPC execution.
Add McpToolRegistry in crates/runtime/src/mcp_tool_bridge.rs and wire
it into all 4 MCP tool handlers in crates/tools/src/lib.rs.
Runtime additions:
- McpToolRegistry: register/get/list servers, list/read resources,
call tools, set auth status, disconnect
- McpConnectionStatus enum (Disconnected/Connecting/Connected/AuthRequired/Error)
- Connection-state validation (reject ops on disconnected servers)
- Resource URI lookup, tool name validation before dispatch
Tool wiring:
- ListMcpResources: queries registry for server resources
- ReadMcpResource: looks up specific resource by URI
- McpAuth: returns server auth/connection status
- MCP (tool proxy): validates + dispatches tool calls through registry
8 new tests covering all lifecycle paths + error cases.
Bridges to existing McpServerManager for actual JSON-RPC execution.
Add TeamRegistry and CronRegistry in crates/runtime/src/team_cron_registry.rs
and wire them into the 5 team+cron tool handlers in crates/tools/src/lib.rs.
Runtime additions:
- TeamRegistry: create/get/list/delete(soft)/remove(hard), task_ids tracking,
TeamStatus (Created/Running/Completed/Deleted)
- CronRegistry: create/get/list(enabled_only)/delete/disable/record_run,
CronEntry with run_count and last_run_at tracking
Tool wiring:
- TeamCreate: creates team in registry, assigns team_id to tasks via TaskRegistry
- TeamDelete: soft-deletes team with status transition
- CronCreate: creates cron entry with real cron_id
- CronDelete: removes entry, returns deleted schedule info
- CronList: returns full entry list with run history
8 new tests (team + cron) — all passing.
Implements the runtime backbone for TaskCreate/TaskGet/TaskList/TaskStop/
TaskUpdate/TaskOutput tool surface parity. Thread-safe (Arc<Mutex>) registry
supporting:
- Create tasks with prompt/description
- Status transitions (Created → Running → Completed/Failed/Stopped)
- Message passing (update with user messages)
- Output accumulation (append_output for subprocess capture)
- Team assignment (for TeamCreate orchestration)
- List with optional status filter
- Remove/cleanup
7 new unit tests covering all CRUD + error paths.
Next: wire registry into tool dispatch to replace current stubs.
Add a focused GitHub Actions workflow for pull requests into main plus
manual dispatch. The workflow checks workspace formatting and runs the
rusty-claude-cli crate tests so we get a real signal on the active Rust
surface without widening scope into a full matrix.
Because the workspace was not rustfmt-clean, include the formatting-only
updates needed for the new fmt gate to pass immediately.
Constraint: Keep scope to a fast, low-noise Rust PR gate
Constraint: CI should validate formatting and rusty-claude-cli without expanding to full workspace coverage
Rejected: Full workspace test or clippy matrix | too broad for the one-hour shipping window
Rejected: Add fmt CI without reformatting the workspace | the new gate would fail on arrival
Confidence: high
Scope-risk: narrow
Directive: Keep this workflow focused unless release requirements justify broader coverage
Tested: cargo fmt --all -- --check
Tested: cargo test -p rusty-claude-cli
Tested: YAML parse of .github/workflows/rust-ci.yml via python3 + PyYAML
Not-tested: End-to-end execution on GitHub-hosted runners
