Problem:
- `rust/README.md` on `dev/rust` only shows `ANTHROPIC_API_KEY` under
Configuration and says nothing about other providers, so users
asking "does AWS Bedrock work? other API keys?" have no answer and
assume silent support.
- `ApiError::MissingApiKey` Display message says "Anthropic API" but
gives no signal to a user who exported `OPENAI_API_KEY` (or
`AWS_ACCESS_KEY_ID`) that their key is being ignored because this
branch has no code path for that provider.
- The multi-provider routing work (providers/anthropic.rs,
providers/openai_compat.rs, prefix routing for openai/, qwen/, etc.)
landed on `main` but has not yet merged into `dev/rust`, so the
support matrix actually differs between branches. Nothing in dev
docs communicates that.
Changes:
1. `rust/README.md`: new "Providers & Auth Support Matrix" section
between Configuration and Features, split into three sub-sections:
a. Supported on `dev/rust` (this branch) — just Anthropic. Explicit
call-out that OPENAI_API_KEY / XAI_API_KEY / DASHSCOPE_API_KEY
are ignored here because the `providers/` module does not exist
on this branch.
b. Additionally supported on `main` — xAI, OpenAI, DashScope, with
a note that model-name prefix routing (`openai/`, `gpt-`,
`qwen/`, `qwen-`) wins over env-var presence.
c. Not supported anywhere in this repo (yet) — AWS Bedrock, Google
Vertex AI, Azure OpenAI, Google Gemini, each with a one-line
"why it doesn't work today" pointing at the concrete code gap
(no SigV4 signer, no Google ADC path, api-version query params,
etc.) so users don't chase phantom config knobs. Proxy-based
escape hatch documented.
2. `rust/crates/api/src/error.rs`: `MissingApiKey` Display message now
keeps the grep-stable prefix ("ANTHROPIC_AUTH_TOKEN or
ANTHROPIC_API_KEY is not set") AND tells the user exactly which
other env vars are ignored on this branch plus which providers
aren't supported on any branch yet, with a pointer at the README
matrix section. Non-breaking change — the variant is still a unit
struct, no callers need to change.
3. New regression test
`missing_api_key_display_lists_supported_and_unsupported_providers_and_points_at_readme`
in `rust/crates/api/src/error.rs` asserts the grep-stable prefix is
preserved AND that OPENAI_API_KEY, XAI_API_KEY, DASHSCOPE_API_KEY,
Bedrock, Vertex, Azure, and rust/README.md all appear in the
rendered message, so future tweaks cannot silently drop the
user-facing signal without breaking CI.
Verification:
- `cargo build --release -p api` clean
- `cargo test --release -p api` 26 unit + 6 integration = 32 passing
- New regression test passes
- `cargo fmt -p api` clean
- `cargo clippy --release -p api` clean
Note: workspace-wide `cargo test` shows 11 pre-existing
`rusty-claude-cli` failures on clean `dev/rust` HEAD caused by tests
reading `~/.claude/plugins/installed/sample-hooks-bundled/` from the
host home directory instead of an isolated test fixture. These are
environment-leak test brittleness, not caused by this PR (verified by
stashing changes and re-running — failures reproduce on unmodified
HEAD). Filing as a separate ROADMAP pinpoint.
Does not close any open issue (issues are disabled on the repo);
addresses Clawhip dogfood nudge from 2026-04-08 about users asking
"other api keys? AWS Bedrock도 되냐" without a clear matrix.
Co-authored-by: gaebal-gajae <gaebal-gajae@layofflabs.com>
The Rust CLI previously hid init behind the REPL slash-command surface and only
created a starter CLAUDE.md. This change adds a direct `init` subcommand and
moves bootstrap behavior into a shared helper so `/init` and `init` create the
same project scaffolding: `.claude/`, `.claude.json`, starter `CLAUDE.md`, and
local-only `.gitignore` entries. The generated guidance now adapts to a small,
explicit set of repository markers so new projects get language/framework-aware
starting instructions without overwriting existing files.
Constraint: Runtime config precedence already treats `.claude.json`, `.claude/settings.json`, and `.claude/settings.local.json` as separate scopes
Constraint: `.claude/sessions/` is used for local session persistence and should not be committed by default
Rejected: Keep init as REPL-only `/init` behavior | would not satisfy the requested direct init command and keeps bootstrap discoverability low
Rejected: Ignore all of `.claude/` | would hide shared project config that the runtime can intentionally load
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep direct `init` and `/init` on the same helper path and keep detection heuristics bounded to explicit repository markers
Tested: cargo fmt --all; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: interactive manual run of `rusty-claude-cli init` against a non-test repository
Add a self-update command to the Rust CLI that checks the latest GitHub release, compares versions, downloads a matching binary plus checksum manifest, verifies SHA-256, and swaps the executable only after validation succeeds. The command reports changelog text from the release body and exits safely when no published release or matching asset exists.\n\nThe workspace verification request also surfaced unrelated stale permission-mode references in runtime tests and a brittle config-count assertion in the CLI tests. Those were updated so the requested fmt/clippy/test pass can complete cleanly in this worktree.\n\nConstraint: GitHub latest release for instructkr/clawd-code currently returns 404, so the updater must degrade safely when no published release exists\nConstraint: Must not replace the current executable before checksum verification succeeds\nRejected: Shell out to an external updater | environment-dependent and does not meet the GitHub API/changelog requirement\nRejected: Add archive extraction support now | no published release assets exist yet to justify broader packaging complexity\nConfidence: medium\nScope-risk: moderate\nReversibility: clean\nDirective: Keep release asset naming and checksum manifest conventions aligned with the eventual GitHub release pipeline before expanding packaging formats\nTested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace --exclude compat-harness; cargo run -q -p rusty-claude-cli -- self-update\nNot-tested: Successful live binary replacement against a real published GitHub release asset
The Rust CLI now stores managed sessions under ~/.claude/sessions,
records additive session metadata in the canonical JSON transcript,
and exposes a /sessions listing alias alongside ID-or-path resume.
Inactive oversized sessions are compacted automatically so old
transcripts remain resumable without growing unchecked.
Constraint: Session JSON must stay backward-compatible with legacy files that lack metadata
Constraint: Managed sessions must use a single canonical JSON file per session without new dependencies
Rejected: Sidecar metadata/index files | duplicated state and diverged from the requested single-file persistence model
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep CLI policy in the CLI; only add transcript-adjacent metadata to runtime::Session unless another consumer truly needs more
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: Manual interactive REPL smoke test against the live Anthropic API
The branch already carries the new local slash commands and flag behavior,
so this follow-up captures how to use them from the Rust README. That keeps
the documented REPL and resume workflows aligned with the verified binary
surface after the implementation and green verification pass.
Constraint: Keep scope narrow and avoid touching ignored .omx planning artifacts
Constraint: Documentation must reflect the active handwritten parser in main.rs
Rejected: Re-open parser refactors in args.rs | outside the requested bounded change
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep README command examples aligned with main.rs help output when CLI flags or slash commands change
Tested: cargo run -p rusty-claude-cli -- --version; cargo run -p rusty-claude-cli -- --help; cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test
Not-tested: Interactive REPL manual slash-command session in a live API-backed conversation
The remaining slash commands already existed in the REPL path, so this change
focuses on wiring the active CLI parser and runtime to expose them safely.
`--version` now exits through a local reporting path, and `--allowedTools`
constrains both advertised and executable tools without changing the underlying
command surface.
Constraint: The active CLI parser lives in main.rs, so a full parser unification would be broader than requested
Constraint: --version must not require API credentials or construct the API client
Rejected: Migrate the binary to the clap parser in args.rs | too large for a parity patch
Rejected: Enforce allowed tools only at request construction time | execution-time mismatch risk
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep local-only flags like --version on pre-runtime codepaths and mirror tool allowlists in both definition and execution paths
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test; cargo run -q -p rusty-claude-cli -- --version; cargo run -q -p rusty-claude-cli -- --help
Not-tested: Interactive live API conversation with restricted tool allowlists
This adds an end-to-end OAuth PKCE login/logout path to the Rust CLI,
persists OAuth credentials under the Claude config home, and teaches the
API client to use persisted bearer credentials with refresh support when
env-based API credentials are absent.
Constraint: Reuse existing runtime OAuth primitives and keep browser/callback orchestration in the CLI
Constraint: Preserve auth precedence as API key, then auth-token env, then persisted OAuth credentials
Rejected: Put browser launch and token exchange entirely in runtime | caused boundary creep across shared crates
Rejected: Duplicate credential parsing in CLI and api | increased drift and refresh inconsistency
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: Keep logout non-destructive to unrelated credentials.json fields and do not silently fall back to stale expired tokens
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test
Not-tested: Manual live Anthropic OAuth browser flow against real authorize/token endpoints
Polish the integrated Rust CLI so the branch ships like a usable deliverable instead of a scaffold. This adds explicit version handling, expands the built-in help surface with environment and workflow guidance, and replaces the placeholder rust README with practical build, test, prompt, REPL, and resume instructions. It also ignores OMX and agent scratch directories so local orchestration state stays out of the shipped branch.\n\nConstraint: Must keep the existing workspace shape and avoid adding new dependencies\nConstraint: Must not commit .omx or other local orchestration artifacts\nRejected: Introduce clap-based top-level parsing for the main binary | larger refactor than needed for release-readiness\nRejected: Leave help and version behavior implicit | too rough for a clone-and-use deliverable\nConfidence: high\nScope-risk: narrow\nReversibility: clean\nDirective: Keep README examples and --help output aligned whenever CLI commands or env vars change\nTested: cargo fmt --all; cargo build --release -p rusty-claude-cli; cargo test --workspace --exclude compat-harness; cargo run -p rusty-claude-cli -- --help; cargo run -p rusty-claude-cli -- --version\nNot-tested: Live Anthropic API prompt/REPL execution without credentials in this session
