eeymoo/claw-code
1
0
Fork 0
mirror of https://github.com/instructkr/claw-code.git synced 2026-04-27 04:15:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: eeymoo:feat/batch3-all
Branches Tags
eeymoo:main eeymoo:feat/jobdori-168c-emission-routing eeymoo:claw-code-issue-188k-brand-redesign eeymoo:feat/jobdori-122b-doctor-broad-cwd eeymoo:feat/jobdori-122-doctor-stale-base eeymoo:feat/jobdori-152-bootstrap-plan-suffix-guard eeymoo:feat/jobdori-152-init-suffix-guard eeymoo:feat/jobdori-130e-surface-help eeymoo:feat/jobdori-130e-dispatch-help eeymoo:feat/jobdori-130d-config-help eeymoo:feat/jobdori-130c-diff-help eeymoo:feat/jobdori-130b-filesystem-context eeymoo:feat/jobdori-251-session-dispatch eeymoo:feat/jobdori-249-resumed-slash-kind eeymoo:feat/jobdori-248-unknown-verb-option-classify eeymoo:feat/jobdori-247-classify-prompt-errors eeymoo:feat/134-135-session-identity eeymoo:feat/jobdori-130-export-error-envelope eeymoo:fix/linux-hooks-broken-pipe eeymoo:dev/rust eeymoo:feat/provider-routing-parity eeymoo:feat/batch3-all eeymoo:fix/ui-parity eeymoo:fix/plugin-loading-parity eeymoo:fix/skill-invoke eeymoo:release/0.1.0 eeymoo:feat/release-0.1.0-readme eeymoo:feat/uiux-redesign eeymoo:feat/ui-hardening eeymoo:integration/dori-cleanroom eeymoo:rcc/plugins eeymoo:rcc/cache-tracking eeymoo:rcc/telemetry eeymoo:rcc/jsonl-session eeymoo:rcc/grok eeymoo:rcc/hook-pipeline eeymoo:rcc/api eeymoo:rcc/parity-fix eeymoo:rcc/subagent eeymoo:rcc/ant-tools eeymoo:rcc/hooks eeymoo:rcc/ui-polish eeymoo:rcc/cli eeymoo:rcc/render eeymoo:rcc/sandbox eeymoo:rcc/git eeymoo:rcc/thinking eeymoo:rcc/runtime eeymoo:rcc/update eeymoo:rcc/doctor eeymoo:rcc/tools eeymoo:rcc/image eeymoo:rcc/memory eeymoo:rcc/cost
...
compare: eeymoo:feat/134-135-session-identity
Branches Tags
eeymoo:feat/jobdori-168c-emission-routing eeymoo:claw-code-issue-188k-brand-redesign eeymoo:feat/jobdori-122b-doctor-broad-cwd eeymoo:feat/jobdori-122-doctor-stale-base eeymoo:feat/jobdori-152-bootstrap-plan-suffix-guard eeymoo:feat/jobdori-152-init-suffix-guard eeymoo:feat/jobdori-130e-surface-help eeymoo:feat/jobdori-130e-dispatch-help eeymoo:feat/jobdori-130d-config-help eeymoo:feat/jobdori-130c-diff-help eeymoo:feat/jobdori-130b-filesystem-context eeymoo:feat/jobdori-251-session-dispatch eeymoo:feat/jobdori-249-resumed-slash-kind eeymoo:feat/jobdori-248-unknown-verb-option-classify eeymoo:feat/jobdori-247-classify-prompt-errors eeymoo:main eeymoo:feat/134-135-session-identity eeymoo:feat/jobdori-130-export-error-envelope eeymoo:fix/linux-hooks-broken-pipe eeymoo:dev/rust eeymoo:feat/provider-routing-parity eeymoo:feat/batch3-all eeymoo:fix/ui-parity eeymoo:fix/plugin-loading-parity eeymoo:fix/skill-invoke eeymoo:release/0.1.0 eeymoo:feat/release-0.1.0-readme eeymoo:feat/uiux-redesign eeymoo:feat/ui-hardening eeymoo:integration/dori-cleanroom eeymoo:rcc/plugins eeymoo:rcc/cache-tracking eeymoo:rcc/telemetry eeymoo:rcc/jsonl-session eeymoo:rcc/grok eeymoo:rcc/hook-pipeline eeymoo:rcc/api eeymoo:rcc/parity-fix eeymoo:rcc/subagent eeymoo:rcc/ant-tools eeymoo:rcc/hooks eeymoo:rcc/ui-polish eeymoo:rcc/cli eeymoo:rcc/render eeymoo:rcc/sandbox eeymoo:rcc/git eeymoo:rcc/thinking eeymoo:rcc/runtime eeymoo:rcc/update eeymoo:rcc/doctor eeymoo:rcc/tools eeymoo:rcc/image eeymoo:rcc/memory eeymoo:rcc/cost

293 Commits
feat/batch ... feat/134-1

Author SHA1 Message Date
YeonGyu-Kim
7235260c61 fix: preserve session path in /status text output when resuming (regression from #135) 2026-04-21 14:05:22 +09:00
YeonGyu-Kim
230d97a8fa fix: #137 update test fixtures to use canonical 'opus' alias after #124 validation tightening 2026-04-21 13:36:09 +09:00
YeonGyu-Kim
2b7095e4ae feat: surface active session status and session id 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-04-21 12:55:06 +09:00
YeonGyu-Kim
f55612ea47 feat: emit boot-scoped session id in lane events 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-04-21 12:51:13 +09:00
YeonGyu-Kim
8b52e77f23 ROADMAP #135: claw status --json missing active_session bool and session.id cross-reference — status query side of #134 round-trip; joins session identity completeness §4.7 and status surface completeness cluster #80/#83/#114/#122; natural bundle #134+#135 closes session-identity round-trip 2026-04-21 06:55:09 +09:00
YeonGyu-Kim
2c42f8bcc8 docs: remove duplicate ROADMAP #134 entry 2026-04-21 04:50:43 +09:00
YeonGyu-Kim
f266505546 ROADMAP #134: no run/correlation ID at session boundary — session.id missing from startup event and status JSON; observer must infer session identity from timing 2026-04-21 01:55:42 +09:00
YeonGyu-Kim
50e3fa3a83 docs: add --output-format to diagnostic verb help text 
Updated LocalHelpTopic help strings to surface --output-format support:
- Status, Sandbox, Doctor, Acp all now show [--output-format <format>]
- Added 'Formats: text (default), json' line to each

Diagnostic verbs support JSON output but help text didn't advertise it.
Post-#127 fix: help text now matches actual CLI surface.

Verified: cargo build passes, claw doctor --help shows output-format.

Refs: #127
 2026-04-20 21:32:02 +09:00
YeonGyu-Kim
a51b2105ed docs: add JSON output example for diagnostic verbs post-#127 
USAGE.md now documents:
-  for machine-readable diagnostics
- Note about parse-time rejection of invalid suffix args (post-#127 fix)

Verifies that diagnostic verbs support JSON output for scripting,
and documents the behavior change from #127 (invalid args rejected
at parse time instead of falling through to prompt dispatch).

Refs: #127
 2026-04-20 21:01:10 +09:00
YeonGyu-Kim
a3270db602 fix: #127 reject unrecognized suffix args for diagnostic verbs 
Diagnostic verbs (help, version, status, sandbox, doctor, state) now
reject unrecognized suffix arguments at parse time instead of silently
falling through to Prompt dispatch.

Fixes: claw doctor --json (and similar) no longer accepts --json silently
and attempts to send it to the LLM as a prompt. Now properly emits:
'unrecognized argument `--json` for subcommand `doctor`'

Joined parser-level trust gap quintet #108 + #117 + #119 + #122 + #127.
Prevents token burn on rejected arguments.

Verified: cargo build --workspace passes, claw doctor --json errors cleanly.

Refs: #127, ROADMAP
 2026-04-20 19:23:35 +09:00
YeonGyu-Kim
12f1f9a74e feat: wire ship.prepared provenance emission at bash execution boundary 
Adds ship provenance detection and emission in execute_bash_async():
- Detects git push to main/master commands
- Captures current branch, HEAD commit, git user as actor
- Emits ship.prepared event with ShipProvenance payload
- Logs to stderr as interim routing (event stream integration pending)

This is the first wired provenance event — schema (§4.44.5) now has
runtime emission at actual git operation boundary.

Verified: cargo build --workspace passes.
Next: wire ship.commits_selected, ship.merged, ship.pushed_main events.

Refs: §4.44.5.1, ROADMAP #4.44.5
 2026-04-20 17:03:28 +09:00
YeonGyu-Kim
2678fa0af5 fix: #124 --model validation rejects malformed syntax at parse time 
Adds validate_model_syntax() that rejects:
- Empty strings
- Strings with spaces (e.g., 'bad model')
- Invalid provider/model format

Accepts:
- Known aliases (opus, sonnet, haiku)
- Valid provider/model format (provider/model)

Wired into parse_args for both --model <value> and --model=<value> forms.
Errors exit with clear message before any API calls (no token burn).

Verified:
- 'claw --model "bad model" version' → error, exit 1
- 'claw --model "" version' → error, exit 1
- 'claw --model opus version' → works
- 'claw --model anthropic/claude-opus-4-6 version' → works

Refs: ROADMAP #124 (debbcbe cluster — parser-level trust gap family)
 2026-04-20 16:32:17 +09:00
YeonGyu-Kim
b9990bb27c fix: #122 + #125 doctor consistency and git_state clarity 
#122: doctor invocation now checks stale-base condition
- Calls run_stale_base_preflight(None) in render_doctor_report()
- Emits stale-base warnings to stderr when branch is behind main
- Fixes inconsistency: doctor 'ok' vs prompt 'stale base' warning

#125: git_state field reflects non-git directories
- When !in_git_repo, git_state = 'not in git repo' instead of 'clean'
- Fixes contradiction: in_git_repo: false but git_state: 'clean'
- Applied in both doctor text output and status JSON

Verified: cargo build --workspace passes.

Refs: ROADMAP #122 (dd73962), #125 (debbcbe)
 2026-04-20 16:13:43 +09:00
YeonGyu-Kim
f33c315c93 fix: #122 doctor invocation now checks stale-base condition 
Adds run_stale_base_preflight(None) call to render_doctor_report() so that
claw doctor emits stale-base warnings to stderr when the current branch is
behind main. Previously doctor reported 'ok' even when branch was stale,
creating inconsistency with prompt path warnings.

Fixes silent-state inventory gap: doctor now consistent with prompt/repl
stale-base checking. No behavior change for non-stale branches.

Verified: cargo build --workspace passes, no test failures.

Ref: ROADMAP #122 dogfood filing @ dd73962
 2026-04-20 15:49:56 +09:00
YeonGyu-Kim
5c579e4a09 §4.44.5.1: file ship event wiring pinpoint (schema landed, wiring missing) 
Dogfood cycle 2026-04-20 identified that §4.44.5 ship/provenance event schema
is implemented (ShipProvenance struct, ship.* constructors, tests pass) but
actual git push/merge/commit-range operations do not yet emit these events.

Events remain dead code—constructors exist but are never called during real
workflows. This pinpoint tracks the missing wiring: locating actual git
operation call sites in main.rs/tools/lib.rs/worker_boot.rs and intercepting
to emit ship.prepared/commits_selected/merged/pushed_main with real metadata
(source_branch, commit_range, merge_method, actor, pr_number).

Acceptance: at least one real git push emits all 4 events with actual payload
values, claw state JSON surfaces ship provenance.

Ref: dogfood gaebal-gajae @ 1495672954573291571 (15:30 KST)
 2026-04-20 15:30:34 +09:00
YeonGyu-Kim
8a8ca8a355 ROADMAP #4.44.5: Ship/provenance events — implement §4.44.5 
Adds structured ship provenance surface to eliminate delivery-path opacity:

New lane events:
- ship.prepared — intent to ship established
- ship.commits_selected — commit range locked
- ship.merged — merge completed with provenance
- ship.pushed_main — delivery to main confirmed

ShipProvenance struct carries:
- source_branch, base_commit
- commit_count, commit_range
- merge_method (direct_push/fast_forward/merge_commit/squash_merge/rebase_merge)
- actor, pr_number

Constructor methods added to LaneEvent for all four ship events.

Tests:
- Wire value serialization for ship events
- Round-trip deserialization
- Canonical event name coverage

Runtime: 465 tests pass
ROADMAP updated with IMPLEMENTED status

This closes the gap where 56 commits pushed to main had no structured
provenance trail — now emits first-class events for clawhip consumption.
 2026-04-20 15:06:50 +09:00
YeonGyu-Kim
b0b579ebe9 ROADMAP #133: Blocked-state subphase contract — implement §6.5 
Adds BlockedSubphase enum with 7 variants for structured blocked-state reporting:
- blocked.trust_prompt — trust gate blockers
- blocked.prompt_delivery — prompt misdelivery
- blocked.plugin_init — plugin startup failures
- blocked.mcp_handshake — MCP connection issues
- blocked.branch_freshness — stale branch blockers
- blocked.test_hang — test timeout/hang
- blocked.report_pending — report generation stuck

LaneEventBlocker now carries optional subphase field that gets serialized
into LaneEvent data. Enables clawhip to route recovery without pane scraping.

Updates:
- lane_events.rs: BlockedSubphase enum, LaneEventBlocker.subphase field
- lane_events.rs: blocked()/failed() constructors with subphase serialization
- lib.rs: Export BlockedSubphase
- tools/src/lib.rs: classify_lane_blocker() with subphase: None
- Test imports and fixtures updated

Backward-compatible: subphase is Option<>, existing events continue to work.
 2026-04-20 15:04:08 +09:00
YeonGyu-Kim
c956f78e8a ROADMAP #4.44.5: Ship/provenance opacity — filed from dogfood 
Added structured delivery-path contract to surface branch → merge → main-push
provenance as first-class events. Filed from the 56-commit 2026-04-20 push
that exposed the gap.

Also fixes: ApiError test compilation — add suggested_action: None to 4 sites

- Line ~8414: opaque_provider_wrapper_surfaces_failure_class_session_and_trace
- Line ~8436: retry_exhaustion_uses_retry_failure_class_for_generic_provider_wrapper
- Line ~8499: provider_context_window_errors_are_reframed_with_same_guidance
- Line ~8533: retry_wrapped_context_window_errors_keep_recovery_guidance
 2026-04-20 14:35:07 +09:00
YeonGyu-Kim
dd73962d0b ROADMAP #122: doctor invocation does not check stale-base condition — run_stale_base_preflight() only invoked in Prompt + REPL paths, missing in doctor action handler; inconsistency: doctor says 'ok' but prompt warns 'stale base'; joins boot preflight / doctor contract family (#80-#83/#114) and silent-state inventory (#102/#127/#129/#245) 2026-04-20 13:11:12 +09:00
YeonGyu-Kim
027efb2f9f ROADMAP §4.44: Typed-error envelope contract (Silent-state inventory roll-up) — locks in structured error.kind/operation/target/errno/hint/retryable contract that closes the family of pinpoints currently scattered across #102 + #121 + #127 + #129 + #130 + #245; backward-compat additive; regression locked via golden-fixture; gates 'Run claw --help for usage' trailer on error.kind == usage; drafted jointly with gaebal-gajae during 2026-04-20 dogfood cycle 2026-04-20 13:03:50 +09:00
YeonGyu-Kim
866f030713 ROADMAP #130: claw export --output filesystem errors surface raw OS errno strings with zero context — 5 distinct failure modes all produce different errno strings but the same zero-context shape; no path echoed, no operation named, no io::ErrorKind classification, no actionable hint; JSON envelope flattens to {error, type} losing all structure; Run claw --help for usage trailer misleads on non-usage errors; joins JSON-envelope asymmetry family #90/#91/#92/#110/#115/#116 and truth-audit #80-#127/#129 2026-04-20 12:52:22 +09:00
YeonGyu-Kim
d2a83415dc ROADMAP #129: MCP server startup blocks credential validation in Prompt path — cred check ordered AFTER MCP child handshake await; misbehaved/slow MCP wedges every claw <prompt> invocation indefinitely; npx restart loop wastes resources; runtime-side companion to #102's config-time MCP gap; PARITY.md Lane 7 acceptance gap 2026-04-20 12:43:11 +09:00
YeonGyu-Kim
8122029eba ROADMAP #128: claw --model <malformed> (spaces, empty string, invalid syntax) silently accepted at parse time, falls through to cred-error misdirection; joins parser-level trust gap family #108/#117/#119/#122/#127; joins token-burn family #99/#127 2026-04-20 12:32:56 +09:00
YeonGyu-Kim
d284ef774e ROADMAP #127: claw <subcommand> --json silently falls through to LLM Prompt dispatch — diagnostic verbs (doctor, status, sandbox, skills, version, help) reject --json with cred-error misdirection; valid verb + unrecognized suffix arg = Prompt fall-through; 18th silent-flag, 5th parser-level trust gap, joins #108 + #117 + #119 + #122 2026-04-20 12:05:05 +09:00
YeonGyu-Kim
7370546c1c ROADMAP #126: /config [env|hooks|model|plugins] ignores section argument — all 4 subcommands return bit-identical file-list envelope; 4-way dispatch collapse 
Dogfooded 2026-04-18 on main HEAD b56841c from /tmp/cdFF2.

/config model, /config hooks, /config plugins, /config env all
return: {kind:'config', cwd, files:[...], loaded_files,
merged_keys} — BIT-IDENTICAL.

diff /config model vs /config hooks → empty.
Section argument parsed at slash-command level but not branched
on in the handler.

Help: '/config [env|hooks|model|plugins] Inspect Claude config
files or merged sections [resume]'
→ 'merged sections' never shown. Same file-list for all.

Third dispatch-collapse finding:
  #111: /providers → Doctor (2-way, wildly wrong)
  #118: /stats + /tokens + /cache → Stats (3-way, distinct)
  #126: /config env + hooks + model + plugins → file-list (4-way)

Fix shape (~60 lines):
- Section-specific handlers:
    /config model → resolved model, source, aliases
    /config hooks → pre_tool_use, post_tool_use arrays
    /config plugins → enabled_plugins list
    /config env → current file-list (already correct)
- Bare /config → current file-list envelope
- Regression per section

Joins Silent-flag/documented-but-unenforced.
Joins Truth-audit — help promises section inspection.
Joins Dispatch-collapse family: #111 + #118 + #126.

Natural bundle: #111 + #118 + #126 — dispatch-collapse trio.
Complete parser-dispatch-collapse audit across slash commands.

Filed in response to Clawhip pinpoint nudge 1495023618529300580
in #clawcode-building-in-public.
 2026-04-18 20:32:52 +09:00
YeonGyu-Kim
b56841c5f4 ROADMAP #125: git_state 'clean' emitted for non-git directories; GitWorkspaceSummary default all-zeros → is_clean() → 'clean' even when in_git_repo: false; contradictory doctor fields 
Dogfooded 2026-04-18 on main HEAD debbcbe from /tmp/cdBB2.

Non-git directory:
  $ mkdir /tmp/cdBB2 && cd /tmp/cdBB2   # NO git init
  $ claw --output-format json status | jq .workspace.git_state
  'clean'      # should be null — not in a git repo

  $ claw --output-format json doctor | jq '.checks[]
    | select(.name=="workspace") | {in_git_repo, git_state}'
  {"in_git_repo": false, "git_state": "clean"}
  # CONTRADICTORY: not in git BUT git is 'clean'

Trace:
  main.rs:2550-2554 parse_git_workspace_summary:
    let Some(status) = status else {
        return summary;   // all-zero default when no git
    };
  All-zero GitWorkspaceSummary → is_clean() (changed_files==0)
    → true → headline() = 'clean'

  main.rs:4950 status JSON: git_summary.headline() for git_state
  main.rs:1856 doctor workspace: same headline() for git_state

Fix shape (~25 lines):
- Return Option<GitWorkspaceSummary> when status is None
- headline() returns Option<String>: None when no git
- Status JSON: git_state: null when not in git
- Doctor: omit git_state when in_git_repo: false, or set null
- Optional: claw init skip .gitignore in non-git dirs
- Regression: non-git → null, git clean → 'clean',
  detached HEAD → 'clean' + 'detached HEAD'

Joins Truth-audit — 'clean' is a lie for non-git dirs.
Adjacent to #89 (claw blind to mid-rebase) — same field,
  different missing state.
Joins #100 (status/doctor JSON gaps) — another field whose
  value doesn't reflect reality.

Natural bundle: #89 + #100 + #125 — git-state-completeness
  triple: rebase/merge invisible (#89) + stale-base unplumbed
  (#100) + non-git 'clean' lie (#125). Complete git_state
  field failure coverage.

Filed in response to Clawhip pinpoint nudge 1495016073085583442
in #clawcode-building-in-public.
 2026-04-18 20:03:32 +09:00
YeonGyu-Kim
debbcbe7fb ROADMAP #124: --model accepts any string with zero validation; typos silently pass through; empty string accepted; status JSON has no model provenance 
Dogfooded 2026-04-18 on main HEAD bb76ec9 from /tmp/cdAA2.

--model flag has zero validation:
  claw --model sonet status → model:'sonet' (typo passthrough)
  claw --model '' status → model:'' (empty accepted)
  claw --model garbage status → model:'garbage' (any string)

Valid aliases do resolve:
  sonnet → claude-sonnet-4-6
  opus → claude-opus-4-6
  Config aliases also resolve via resolve_model_alias_with_config

But unresolved strings pass through silently. Typo 'sonet'
becomes literal model ID sent to API → fails late with
'model not found' after full context assembly.

Compare:
  --reasoning-effort: validates low|medium|high. Has guard.
  --permission-mode: validates against known set. Has guard.
  --model: no guard. Any string.
  --base-commit: no guard (#122). Same pattern.

status JSON:
  {model: 'sonet'} — shows resolved name only.
  No model_source (flag/config/default).
  No model_raw (pre-resolution input).
  No model_valid (known to any provider).
  Claw can't distinguish typo from exact model from alias.

Trace:
  main.rs:470-480 --model parsing:
    model = value.clone(); index += 2;
    No validation. Raw string stored.

  main.rs:1032-1046 resolve_model_alias_with_config:
    resolves known aliases. Unknown strings pass through.

  main.rs:~4951 status JSON builder:
    reports resolved model. No source/raw/valid fields.

Fix shape (~65 lines):
- Reject empty string at parse time
- Warn on unresolved aliases with fuzzy-match suggestion
- Add model_source, model_raw to status JSON
- Add model-validity check to doctor
- Regression per failure mode

Joins #105 (4-surface model disagreement) — model pair:
  #105 status ignores config model, doctor mislabels
  #124 --model flag unvalidated, no provenance in JSON

Joins #122 (--base-commit zero validation) — unvalidated-flag
pair: same parser pattern, no guards.

Joins Silent-flag/documented-but-unenforced as 17th.
Joins Truth-audit — status model field has no provenance.
Joins Parallel-entry-point asymmetry as 10th.

Filed in response to Clawhip pinpoint nudge 1495000973914144819
in #clawcode-building-in-public.
 2026-04-18 19:03:02 +09:00
YeonGyu-Kim
bb76ec9730 ROADMAP #123: --allowedTools tool-name normalization asymmetric; snake_case canonicals accept variants, PascalCase canonicals reject snake_case; whitespace+comma split undocumented; allowed_tools not surfaced in JSON 
Dogfooded 2026-04-18 on main HEAD 2bf2a11 from /tmp/cdZZ.

Asymmetric normalization:
  normalize_tool_name(value) = trim + lowercase + replace -→_

  Canonical 'read_file' (snake_case):
    accepts: read_file, READ_FILE, Read-File, read-file,
             Read (alias), read (alias)
    rejects: ReadFile, readfile, READFILE
    → Because normalize('ReadFile')='readfile', and name_map
      has key 'read_file' not 'readfile'.

  Canonical 'WebFetch' (PascalCase):
    accepts: WebFetch, webfetch, WEBFETCH
    rejects: web_fetch, web-fetch, Web-Fetch
    → Because normalize('WebFetch')='webfetch' (no underscore).
      User input 'web_fetch' normalizes to 'web_fetch' (keeps
      underscore). Keys don't match.

The normalize function ADDS underscores (hyphen→underscore) but
DOESN'T REMOVE them. So PascalCase canonicals have underscore-
free normalized keys; user input with explicit underscores keeps
them, creating key mismatch.

Result: 'bash,Bash,BASH,Read,read_file,Read-File,WebFetch' all
accepted, but 'web_fetch,web-fetch' rejected.

Additional silent-flag issues:
- Splits on commas OR whitespace (undocumented — help says
  TOOL[,TOOL...])
- 'bash,Bash,BASH' silently accepts all 3 case variants, no
  dedup warning
- Allowed tools NOT in status/doctor JSON — claw passing
  --allowedTools has no way to verify what runtime accepted

Trace:
  tools/src/lib.rs:192-244 normalize_allowed_tools:
    canonical_names from mvp_tool_specs + plugin_tools + runtime
    name_map: (normalize_tool_name(canonical), canonical)
    for token in value.split(|c| c==',' || c.is_whitespace()):
      lookup normalize_tool_name(token) in name_map

  tools/src/lib.rs:370-372 normalize_tool_name:
    fn normalize_tool_name(value: &str) -> String {
        value.trim().replace('-', '_').to_ascii_lowercase()
    }
    Replaces - with _. Lowercases. Does NOT remove _.

  Asymmetry source: normalize('WebFetch')='webfetch',
  normalize('web_fetch')='web_fetch'. Different keys.

  --allowedTools NOT plumbed into Status JSON output
  (no 'allowed_tools' field).

Fix shape (~50 lines):
- Symmetric normalization: strip underscores from both canonical
  and input, OR don't normalize hyphens in input either.
  Pick one convention.
- claw tools list / --allowedTools help subcommand that prints
  canonical names + accepted variants.
- Surface allowed_tools in status/doctor JSON when flag set.
- Document comma+whitespace split semantics in --help.
- Warn on duplicate tokens (bash,Bash,BASH = 3 tokens, 1 unique).
- Regression per normalization pair + status surface + duplicate.

Joins Silent-flag/documented-but-unenforced (#96-#101, #104,
#108, #111, #115, #116, #117, #118, #119, #121, #122) as 16th.

Joins Permission-audit/tool-allow-list (#94, #97, #101, #106,
#115, #120) as 7th.

Joins Truth-audit — status/doctor JSON hides what allowed-tools
set actually is.

Joins Parallel-entry-point asymmetry (#91, #101, #104, #105,
#108, #114, #117, #122) as 9th — --allowedTools vs
.claw.json permissions.allow likely disagree on normalization.

Natural bundles:
  #97 + #123 — --allowedTools trust-gap pair:
    empty silently blocks (#97) +
    asymmetric normalization + invisible runtime state (#123)

  Permission-audit 7-way (grown):
    #94 + #97 + #101 + #106 + #115 + #120 + #123

  Flagship permission-audit sweep 8-way (grown):
    #50 + #87 + #91 + #94 + #97 + #101 + #115 + #123

Filed in response to Clawhip pinpoint nudge 1494993419536306176
in #clawcode-building-in-public.
 2026-04-18 18:38:24 +09:00
YeonGyu-Kim
2bf2a11943 ROADMAP #122: --base-commit greedy-consumes next arg with zero validation; subcommand/flag swallow; stale-base signal missing from status/doctor JSON surfaces 
Dogfooded 2026-04-18 on main HEAD d1608ae from /tmp/cdYY.

Three related findings:

1. --base-commit has zero validation:
   $ claw --base-commit doctor
   warning: worktree HEAD (...) does not match expected
     base commit (doctor). Session may run against a stale
     codebase.
   error: missing Anthropic credentials; ...
   # 'doctor' used as base-commit value literally.
   # Subcommand absorbed. Prompt fallthrough. Billable.

2. Greedy swallow of next flag:
   $ claw --base-commit --model sonnet status
   warning: ...does not match expected base commit (--model)
   # '--model' taken as value. status never dispatched.

3. Garbage values silently accepted:
   $ claw --base-commit garbage status
   Status ...
   # No validation. No warning (status path doesn't run check).

4. Stale-base signal missing from JSON surfaces:
   $ claw --output-format json --base-commit $BASE status
   {"kind":"status", ...}
   # no stale_base, no base_commit, no base_commit_mismatch.

   Stale-base check runs ONLY on Prompt path, as stderr prose.

Trace:
  main.rs:487-494 --base-commit parsing:
    'base-commit' => {
        let value = args.get(index + 1).ok_or_else(...)?;
        base_commit = Some(value.clone());
        index += 2;
    }
    No format check. No reject-on-flag-prefix. No reject-on-
    known-subcommand.

  Compare main.rs:498-510 --reasoning-effort:
    validates 'low' | 'medium' | 'high'. Has guard.

  stale_base.rs check_base_commit runs on Prompt/turn path
  only. No Status/Doctor handler includes base_commit field.

  grep 'stale_base|base_commit_matches|base_commit:'
    rust/crates/rusty-claude-cli/src/main.rs | grep status|doctor
  → zero matches.

Fix shape (~40 lines):
- Reject values starting with '-' (flag-like)
- Reject known-subcommand names as values
- Optionally run 'git cat-file -e {value}' to verify real commit
- Plumb base_commit + base_commit_matches + stale_base_warning
  into Status and Doctor JSON surfaces
- Emit warning as structured JSON event too (not just stderr)
- Regression per failure mode

Joins Silent-flag/documented-but-unenforced (#96-#101, #104,
#108, #111, #115, #116, #117, #118, #119, #121) as 15th.

Joins Parser-level trust gaps: #108 + #117 + #119 + #122 —
billable-token silent-burn via parser too-eager consumption.

Joins Parallel-entry-point asymmetry (#91, #101, #104, #105,
#108, #114, #117) as 8th — stale-base implemented for Prompt
but absent from Status/Doctor.

Joins Truth-audit — 'expected base commit (doctor)' lies by
including user's mistake as truth.

Cross-cluster with Unplumbed-subsystem (#78, #96, #100, #102,
#103, #107, #109, #111, #113, #121) — stale-base signal in
runtime but not JSON.

Natural bundles:
  Parser-level trust gap quintet (grown):
    #108 + #117 + #119 + #122 — billable-token silent-burn
    via parser too-eager consumption.

  #100 + #122 — stale-base diagnostic-integrity pair:
    #100 stale-base subsystem unplumbed (general)
    #122 --base-commit accepts anything, greedy, Status/Doctor
      JSON unplumbed (specific)

Filed in response to Clawhip pinpoint nudge 1494978319920136232
in #clawcode-building-in-public.
 2026-04-18 18:03:35 +09:00
YeonGyu-Kim
d1608aede4 ROADMAP #121: hooks schema incompatible with Claude Code; error message misleading; doctor JSON emits 2 objects on failure breaking single-doc parsing; doctor has duplicate message+report fields 
Dogfooded 2026-04-18 on main HEAD b81e642 from /tmp/cdWW.

Four related findings in one:

1. hooks schema incompatible with Claude Code (primary):
   claw-code: {'hooks':{'PreToolUse':['cmd1','cmd2']}}
   Claude Code: {'hooks':{'PreToolUse':[
     {'matcher':'Bash','hooks':[{'type':'command','command':'...'}]}
   ]}}

   Flat string array vs matcher-keyed object array. Incompatible.
   User copying .claude.json hooks to .claw.json hits parse-fail.

2. Error message misleading:
   'field hooks.PreToolUse must be an array of strings, got an array'
   Both input and expected are arrays. Correct diagnosis:
   'got an array of objects where array of strings expected'

3. Missing Claude Code hook event types:
   claw-code supports: PreToolUse, PostToolUse, PostToolUseFailure
   Claude Code supports: above + UserPromptSubmit, Notification,
   Stop, SubagentStop, PreCompact, SessionStart
   5+ event types missing.
   matcher regex not supported.
   type: 'command' vs type: 'http' extensibility not supported.

4. doctor NDJSON output on failures:
   With failures present, --output-format json emits TWO
   concatenated JSON objects on stdout:
     Object 1: {kind:'doctor', has_failures:true, ...}
     Object 2: {type:'error', error:'doctor found failing checks'}

   python json.load() fails: 'Extra data: line 133 column 1'
   Flag name 'json' violated — NDJSON is not JSON.

5. doctor message + report byte-duplicated:
   .message and .report top-level fields have identical prose
   content. Parser ambiguity + byte waste.

Trace:
  config.rs:750-771 parse_optional_hooks_config_object:
    optional_string_array(hooks, 'PreToolUse', context)
    Expects ['cmd1', 'cmd2']. Claude Code gives
    [{matcher,hooks:[{type,command}]}]. Schema-incompatible.

  config.rs:775-779 validate_optional_hooks_config:
    calls same parser. Error bubbles up.
    Message comes from optional_string_array path —
    technically correct but misleading.

Fix shape (~200 lines + migration docs):
- Dual-schema hooks parser: accept native + Claude Code forms
- Add missing event types to RuntimeHookConfig
- Implement matcher regex
- Fix error message to distinguish array-element types
- Fix doctor: single JSON object regardless of failure state
- De-duplicate message + report (keep report, drop message)
- Regression per schema form + event type + matcher

Joins Claude Code migration parity (#103, #109, #116, #117,
#119, #120) as 7th — most severe parity break since hooks is
load-bearing automation infrastructure.

Joins Truth-audit on misleading error message.

Joins Silent-flag on --output-format json emitting NDJSON.

Cross-cluster with Unplumbed-subsystem (#78, #96, #100, #102,
#103, #107, #109, #111, #113) — hooks subsystem exists but
schema incompatible with reference implementation.

Natural bundles:
  Claude Code migration parity septet (grown flagship):
    #103 + #109 + #116 + #117 + #119 + #120 + #121
    Complete coverage of every migration failure mode.

  #107 + #121 — hooks-subsystem pair:
    #107 hooks invisible to JSON diagnostics
    #121 hooks schema incompatible with migration source

Filed in response to Clawhip pinpoint nudge 1494963222157983774
in #clawcode-building-in-public.
 2026-04-18 17:03:14 +09:00
YeonGyu-Kim
b81e6422b4 ROADMAP #120: .claw.json custom JSON5-partial parser accepts trailing commas but silently drops comments/unquoted/BOM; combined with alias table 'default'→ReadOnly + no-config→DangerFullAccess creates security-critical user-intent inversion 
Dogfooded 2026-04-18 on main HEAD 7859222 from /tmp/cdVV.

Extends #86 (silent-drop general case) with two new angles:

1. JSON5-partial acceptance matrix:
   ACCEPTED (loaded correctly):
     - trailing comma (one)
   SILENTLY DROPPED (loaded_config_files=0, zero stderr, exit 0):
     - line comments (//)
     - block comments (/* */)
     - unquoted keys
     - UTF-8 BOM
     - single quotes
     - hex numbers
     - leading commas
     - multiple trailing commas

   8 cases tested, 1 accepted, 7 silently dropped.
   The 1 accepted gives false signal of JSON5 tolerance.

2. Alias table creates user-intent inversion:
   config.rs:856-858:
     'default' | 'plan' | 'read-only' => ReadOnly
     'acceptEdits' | 'auto' | 'workspace-write' => WorkspaceWrite
     'dontAsk' | 'danger-full-access' => DangerFullAccess

   CRITICAL: 'default' in the config file = ReadOnly
             no config at all = DangerFullAccess (per #87)
   These are OPPOSITE modes.

   Security-inversion chain:
     user writes: {'// comment', 'defaultMode': 'default'}
     user intent: read-only
     parser: rejects comment
     read_optional_json_object: silently returns Ok(None)
     config loader: no config present
     permission_mode: falls back to no-config default
                      = DangerFullAccess
     ACTUAL RESULT: opposite of intent. ZERO warning.

Trace:
  config.rs:674-692 read_optional_json_object:
    is_legacy_config = (file_name == '.claw.json')
    match JsonValue::parse(&contents) {
        Ok(parsed) => parsed,
        Err(_error) if is_legacy_config => return Ok(None),
        Err(error) => return Err(ConfigError::Parse(...)),
    }
    is_legacy silent-drop. (#86 covers general case)

  json.rs JsonValue::parse — custom parser:
    accepts trailing comma
    rejects everything else JSON5-ish

Fix shape (~80 lines, overlaps with #86):
- Pick policy: strict JSON or explicit JSON5. Enforce consistently.
- Apply #86 fix here: replace silent-drop with warn-and-continue,
  structured warning in stderr + JSON surface.
- Rename 'default' alias OR map to 'ask' (matches English meaning).
- Structure status output: add config_parse_errors:[] field so
  claws detect silent drops via JSON without stderr-parsing.
- Regression matrix per JSON5 feature + security-invariant test.

Joins Permission-audit/tool-allow-list (#94, #97, #101, #106,
#115) as 6th — this is the CONFIG-PARSE anchor of the permission-
posture problem. Complete matrix:
  #87 absence → DangerFullAccess
  #101 env-var fail-OPEN → DangerFullAccess
  #115 init-generated dangerous default → DangerFullAccess
  #120 config parse-drops → DangerFullAccess

Joins Truth-audit on loaded_config_files=0 + permission_mode=
danger-full-access inconsistency without config_parse_errors[].

Joins Reporting-surface/config-hygiene (#90, #91, #92, #110,
#115, #116) on silent-drop-no-stderr-exit-0 axis.

Joins Claude Code migration parity (#103, #109, #116, #117,
#119) as 6th — claw-code is strict-where-Claude-was-lax (#116)
AND lax-where-Claude-was-strict (#120). Maximum migration confusion.

Natural bundles:
  #86 + #120 — config-parse reliability pair:
    silent-drop general case (#86) +
    JSON5-partial-acceptance + alias-inversion (#120)

  Permission-drift-at-every-boundary 4-way:
    #87 + #101 + #115 + #120 — absence + env-var + init +
    config-drop. Complete coverage of every path to DangerFullAccess.

  Security-critical permission drift audit mega-bundle:
    #86 + #87 + #101 + #115 + #116 + #120 — five-way sweep of
    every path to wrong permissions.

Filed in response to Clawhip pinpoint nudge 1494955670791913508
in #clawcode-building-in-public.
 2026-04-18 16:34:19 +09:00
YeonGyu-Kim
78592221ec ROADMAP #119: claw <slash-only verb> + any arg silently falls through to Prompt; bare_slash_command_guidance gated by rest.len() != 1; 9 known verbs affected 
Dogfooded 2026-04-18 on main HEAD 3848ea6 from /tmp/cdUU.

The 'this is a slash command' helpful-error only fires when
invoked EXACTLY bare. Adding ANY argument silently falls through
to Prompt dispatch and burns billable tokens.

$ claw --output-format json hooks
{"error":"`claw hooks` is a slash command. Use `claw
--resume SESSION.jsonl /hooks`..."}
# clean error

$ claw --output-format json hooks --help
{"error":"missing Anthropic credentials; ..."}
# Prompt fallthrough. The CLI tried to send 'hooks --help'
# to the LLM as a user prompt.

9 known slash-only verbs affected:
  hooks, plan, theme, tasks, subagent, agent, providers,
  tokens, cache

All exhibit identical pattern:
  bare verb → clean error
  verb + any arg (--help, list, on, off, --json, etc) →
    Prompt fallthrough, billable LLM call

User pattern: 'claw status --help' prints usage. So users
naturally try 'claw hooks --help' expecting same. Gets
charged for prompt 'hooks --help' to LLM instead.

Trace:
  main.rs:745-763 entry point:
    if rest.len() != 1 { return None; }   <-- THE BUG
    match rest[0].as_str() {
        'help' => ...,
        'version' => ...,
        other => bare_slash_command_guidance(other).map(Err),
    }

  main.rs:765-793 bare_slash_command_guidance:
    looks up command in slash_command_specs()
    returns helpful error string
    WORKS CORRECTLY — just never called when args present

Claude Code convention: 'claude hooks --help' prints usage,
'claude hooks list' lists hooks. claw-code silently charges.

Compare sibling bugs:
  #108 typo'd verb + args → Prompt (typo path)
  #117 -p 'text' --arg → Prompt with swallowed flags (greedy -p)
  #119 known slash-verb + any arg → Prompt (too-narrow guidance)

All three are silent-billable-token-burn. Same underlying cause:
too-narrow parser detection + greedy Prompt dispatch.

Fix shape (~35 lines):
- Remove rest.len() != 1 gate. Widen to:
    if rest.is_empty() { return None; }
    let first = rest[0].as_str();
    if rest.len() == 1 {
        // existing bare-verb handling
    }
    if let Some(guidance) = bare_slash_command_guidance(first) {
        return Some(Err(format!(
            '{} The extra argument `{}` was not recognized.',
            guidance, rest[1..].join(' ')
        )));
    }
    None
- Subcommand --help support: catch --help for all recognized
  slash verbs, print SlashCommandSpec.description
- Regression tests: 'claw <verb> --help' prints help,
  'claw <verb> any arg' prints guidance, no Prompt fallthrough

Joins Silent-flag/documented-but-unenforced (#96-#101, #104,
#108, #111, #115, #116, #117, #118) as 14th.

Joins Claude Code migration parity (#103, #109, #116, #117)
as 5th — muscle memory from claude <verb> --help burns tokens.

Joins Truth-audit — 'missing credentials' is a lie; real cause
is CLI invocation was interpreted as chat prompt.

Cross-cluster with Parallel-entry-point asymmetry — slash-verb
with args is another entry point differing from bare form.

Natural bundles:
  #108 + #117 + #119 — billable-token silent-burn triangle:
    typo fallthrough (#108) +
    flag swallow (#117) +
    known-slash-verb fallthrough (#119)
  #108 + #111 + #118 + #119 — parser-level trust gap quartet:
    typo fallthrough + 2-way collapse + 3-way collapse +
    known-verb fallthrough

Filed in response to Clawhip pinpoint nudge 1494948121099243550
in #clawcode-building-in-public.
 2026-04-18 16:03:37 +09:00
YeonGyu-Kim
3848ea64e3 ROADMAP #118: /stats, /tokens, /cache all collapse to SlashCommand::Stats; 3-way dispatch collapse with 3 distinct help descriptions 
Dogfooded 2026-04-18 on main HEAD b9331ae from /tmp/cdTT.

Three slash commands collapse to one handler:

$ claw --help | grep -E '^\s*/(stats|tokens|cache)\s'
  /stats   Show workspace and session statistics [resume]
  /tokens  Show token count for the current conversation [resume]
  /cache   Show prompt cache statistics [resume]

Three distinct promises. One implementation:

$ claw --resume s --output-format json /stats
{"kind":"stats","input_tokens":0,"output_tokens":0,
 "cache_creation_input_tokens":0,"cache_read_input_tokens":0,
 "total_tokens":0}

$ claw --resume s --output-format json /tokens
{"kind":"stats", ...identical...}

$ claw --resume s --output-format json /cache
{"kind":"stats", ...identical...}

diff /stats /tokens → empty
diff /stats /cache → empty
kind field is always 'stats', never 'tokens' or 'cache'.

Trace:
  commands/src/lib.rs:1405-1408:
    'stats' | 'tokens' | 'cache' => {
        validate_no_args(command, &args)?;
        SlashCommand::Stats
    }

  commands/src/lib.rs:317 SlashCommandSpec name='stats' registered
  commands/src/lib.rs:702 SlashCommandSpec name='tokens' registered
  SlashCommandSpec name='cache' also registered
  Each has distinct summary/description in help.

  No SlashCommand::Tokens or SlashCommand::Cache variant exists.

  main.rs:2872-2879 SlashCommand::Stats handler hard-codes
    'kind': 'stats' regardless of which alias invoked.

More severe than #111:
  #111: /providers → Doctor (2-way collapse, wildly wrong category)
  #118: /stats + /tokens + /cache → Stats (3-way collapse with
    THREE distinct advertised purposes)

The collapse hides information that IS available. /stats output
has cache_creation_input_tokens + cache_read_input_tokens as
top-level fields, so cache data is PRESENT. But /cache should
probably return {kind:'cache', cache_hits, cache_misses,
hit_rate}, a cache-specific schema. Similarly /tokens should
return {kind:'tokens', conversation_total, turns,
average_per_turn}. Implementation returns the union for all.

Fix shape (~90 lines):
- Add SlashCommand::Tokens and SlashCommand::Cache variants
- Parser arms:
    'tokens' => SlashCommand::Tokens
    'cache' => SlashCommand::Cache
    'stats' => SlashCommand::Stats
- Handlers with distinct output schemas:
    /tokens: {kind:'tokens', conversation_total, input_tokens,
             output_tokens, turns, average_per_turn}
    /cache: {kind:'cache', cache_creation_input_tokens,
            cache_read_input_tokens, cache_hits, cache_misses,
            hit_rate_pct}
    /stats: {kind:'stats', subsystem:'all', ...}
- Regression per alias: kind matches, schema matches purpose
- Sweep parser for other collapse arms
- If aliasing intentional, annotate --help with (alias for X)

Joins Silent-flag/documented-but-unenforced (#96-#101, #104,
#108, #111, #115, #116, #117) as 13th — more severe than #111.

Joins Truth-audit on help-vs-implementation mismatch axis.

Cross-cluster with Parallel-entry-point asymmetry on multiple-
surfaces-identical-implementation axis.

Natural bundles:
  #111 + #118 — dispatch-collapse pair:
    /providers → Doctor (2-way, wildly wrong)
    /stats+/tokens+/cache → Stats (3-way, distinct purposes)
    Complete parser-dispatch audit shape.
  #108 + #111 + #118 — parser-level trust gaps:
    typo fallthrough (#108) +
    2-way collapse (#111) +
    3-way collapse (#118)

Filed in response to Clawhip pinpoint nudge 1494940571385593958
in #clawcode-building-in-public.
 2026-04-18 15:32:30 +09:00
YeonGyu-Kim
b9331ae61b ROADMAP #117: -p flag is super-greedy, swallows all subsequent args into prompt; --help/--version/--model after -p silently consumed; flag-like prompts bypass emptiness check 
Dogfooded 2026-04-18 on main HEAD f2d6538 from /tmp/cdSS.

-p (Claude Code compat shortcut) at main.rs:524-538:
  "-p" => {
      let prompt = args[index + 1..].join(" ");
      if prompt.trim().is_empty() {
          return Err(...);
      }
      return Ok(CliAction::Prompt {...});
  }

args[index+1..].join(" ") = ABSORBS EVERY subsequent arg.
return Ok(...) = short-circuits parser, discards wants_help etc.

Failure modes:

1. Silent flag swallow:
   claw -p "test" --model sonnet --output-format json
   → prompt = "test --model sonnet --output-format json"
   → model: default (not sonnet), format: text (not json)
   → LLM receives literal string '--model sonnet' as user input
   → billable tokens burned on corrupted prompt

2. --help/--version defeated:
   claw -p "test" --help         → sends 'test --help' to LLM
   claw -p "test" --version      → sends 'test --version' to LLM
   claw --help -p "test"         → wants_help=true set, then discarded
     by -p's early return. Help never prints.

3. Emptiness check too weak:
   claw -p --model sonnet
   → prompt = "--model sonnet" (non-empty)
   → passes is_empty() check
   → sends '--model sonnet' to LLM as the user prompt
   → no error raised

4. Flag-order invisible:
   claw --model sonnet -p "test"   → WORKS (model parsed first)
   claw -p "test" --model sonnet   → BROKEN (--model swallowed)
   Same flags, different order, different behavior.
   --help has zero warning about flag-order semantics.

Compare Claude Code:
  claude -p "prompt" --model sonnet → works (model takes effect)
  claw -p "prompt" --model sonnet   → silently broken

Fix shape (~40 lines):
- "-p" takes exactly args[index+1] as prompt, continues parsing:
    let prompt = args.get(index+1).cloned().unwrap_or_default();
    if prompt.trim().is_empty() || prompt.starts_with('-') {
        return Err("-p requires a prompt string");
    }
    pending_prompt = Some(prompt);
    index += 2;
- Reject prompts that start with '-' unless preceded by '--':
    'claw -p -- --literal-prompt' = literal '--literal-prompt'
- Consult wants_help before returning from -p branch.
- Regression tests:
    -p "prompt" --model sonnet → model takes effect
    -p "prompt" --help → help prints
    -p --foo → error
    --help -p "test" → help prints
    -p -- --literal → literal prompt sent

Joins Silent-flag/documented-but-unenforced (#96-#101, #104,
#108, #111, #115, #116) as 12th — -p is undocumented in --help
yet actively broken.

Joins Parallel-entry-point asymmetry (#91, #101, #104, #105,
#108, #114) as 7th — three entry points (prompt TEXT, bare
positional, -p TEXT) with subtly different arg-parsing.

Joins Claude Code migration parity (#103, #109, #116) as 4th —
users typing 'claude -p "..." --model ...' muscle memory get
silent prompt corruption.

Joins Truth-audit — parser lies about what it parsed.

Natural bundles:
  #108 + #117 — billable-token silent-burn pair:
    typo fallthrough burns tokens (#108) +
    flag-swallow burns tokens (#117)
  #105 + #108 + #117 — model-resolution triangle:
    status ignores .claw.json model (#105) +
    typo statuss burns tokens (#108) +
    -p --model sonnet silently ignored (#117)

Filed in response to Clawhip pinpoint nudge 1494933025857736836
in #clawcode-building-in-public.
 2026-04-18 15:01:47 +09:00
YeonGyu-Kim
f2d653896d ROADMAP #116: unknown keys in .claw.json hard-fail startup with exit 1; Claude Code migration parity broken (apiKeyHelper rejected); forward-compat impossible; only first error surfaces 
Dogfooded 2026-04-18 on main HEAD ad02761 from /tmp/cdRR.

Three related gaps in one finding:

1. Unknown keys are strict ERRORS, not warnings:
   {"permissions":{"defaultMode":"default"},"futureField":"x"}
   $ claw --output-format json status
     # stdout: empty
     # stderr: {"type":"error","error":"unknown key futureField"}
     # exit: 1

2. Claude Code migration parity broken:
   $ cp .claude.json .claw.json
   # .claude.json has apiKeyHelper (real Claude Code field)
   $ claw --output-format json status
     # stderr: unknown key apiKeyHelper → exit 1
   No 'this is a Claude Code field we don't support, ignored' message.

3. Only errors[0] is reported — iterative discovery required:
   3 unknown fields → 3 edit-run-fix cycles to fix them all.

Error-routing split with --output-format json:
  success → stdout
  errors → stderr (structured JSON)
  Empty stdout on config errors. A claw piping stdout silently
  gets nothing. Must capture both streams.

No escape hatch. No --ignore-unknown-config, no --strict flag,
no strictValidation config option.

Trace:
  config.rs:282-291 ConfigLoader gate:
    let validation = validate_config_file(...);
    if !validation.is_ok() {
        let first_error = &validation.errors[0];
        return Err(ConfigError::Parse(first_error.to_string()));
    }
    all_warnings.extend(validation.warnings);

  config_validate.rs:19-47 DiagnosticKind::UnknownKey:
    level: DiagnosticLevel::Error (not Warning)

  config_validate.rs schema allow-list is hard-coded. No
  forward-compat extension (no x-* reserved namespace, no
  additionalProperties: true, no opt-in lax mode).

  grep 'apiKeyHelper' rust/crates/runtime/ → 0 matches.
  Claude-Code-native fields not tolerated as no-ops.

  grep 'ignore.*unknown|--no-validate|strict.*validation'
    rust/crates/ → 0 matches. No escape hatch.

Fix shape (~100 lines):
- Downgrade UnknownKey Error → Warning default. ~5 lines.
- Add strict mode flag: .claw.json strictValidation: true OR
  --strict-config CLI flag. Default off. ~15 lines.
- Collect all diagnostics, don't halt on first. ~20 lines.
- TOLERATED_CLAUDE_CODE_FIELDS allow-list: apiKeyHelper, env
  etc. emit migration-hint warning 'not yet supported; ignored'
  instead of hard-fail. ~30 lines.
- Emit structured error envelope on stdout too, not just stderr.
  --output-format json stdout includes config_diagnostics[]. ~15.
- Wire suggestion: Option<String> for UnknownKey via fuzzy
  match ('permisions' → 'permissions'). ~15 lines.
- Regression tests per outcome.

Joins Claude Code migration parity (#103, #109) as 3rd member —
most severe migration break. #103 silently drops .md files,
#109 stderr-prose warnings, #116 outright hard-fails.

Joins Reporting-surface/config-hygiene (#90, #91, #92, #110,
#115) on error-routing-vs-stdout axis.

Joins Silent-flag/documented-but-unenforced (#96-#101, #104,
#108, #111, #115) — only first error reported, rest silent.

Cross-cluster with Truth-audit — validation.is_ok() hides all
but first structured problem.

Natural bundles:
  #103 + #109 + #116 — Claude Code migration parity triangle:
    loss of compat (.md dropped) +
    loss of structure (stderr prose warnings) +
    loss of forward-compat (unknowns hard-fail)
  #109 + #116 — config validation reporting surface:
    only first warning surfaces structurally (#109)
    only first error surfaces structurally AND halts (#116)

Filed in response to Clawhip pinpoint nudge 1494925472239321160
in #clawcode-building-in-public.
 2026-04-18 14:03:20 +09:00
YeonGyu-Kim
ad02761918 ROADMAP #115: claw init hardcodes 'defaultMode: dontAsk' alias for danger-full-access; init output zero security signal; JSON wraps prose 
Dogfooded 2026-04-18 on main HEAD ca09b6b from /tmp/cdPP.

Three compounding issues in one finding:

1. claw init generates .claw.json with dangerous default:
   $ claw init && cat .claw.json
   {"permissions":{"defaultMode":"dontAsk"}}

   $ claw status | grep permission_mode
   permission_mode: danger-full-access

2. The 'dontAsk' alias obscures the actual security posture:
   config.rs:858 "dontAsk" | "danger-full-access" =>
     Ok(ResolvedPermissionMode::DangerFullAccess)

   User reads 'dontAsk' as 'skip confirmations I'd otherwise see'
   — NOT 'grant every tool unconditional access'. But the two
   parse identically. Alias name dilutes severity.

3. claw init --output-format json wraps prose in message field:
   {
     "kind": "init",
     "message": "Init\n  Project  /private/tmp/cdPP\n
        .claw/  created\n..."
   }
   Claws orchestrating setup must string-parse \n-prose to
   know what got created. No files_created[], no
   resolved_permission_mode, no security_posture.

Zero mention of 'danger', 'permission', or 'access' anywhere
in init output. The init report says 'Review and tailor the
generated guidance' — implying there's something benign to tailor.

Trace:
  rusty-claude-cli/src/init.rs:4-9 STARTER_CLAW_JSON constant:
    hardcoded {"permissions":{"defaultMode":"dontAsk"}}
  runtime/src/config.rs:858 alias resolution:
    "dontAsk" | "danger-full-access" => DangerFullAccess
  rusty-claude-cli/src/init.rs:370 JSON-output also emits
    'defaultMode': 'dontAsk' literal.
  grep 'dontAsk' rust/crates/ → 4 matches. None explain that
    dontAsk == danger-full-access anywhere user-facing.

Fix shape (~60 lines):
- STARTER_CLAW_JSON default → 'default' (explicit safe). Users
  wanting danger-full-access opt in. ~5 lines.
- init output warns when effective mode is DangerFullAccess:
  'security: danger-full-access (unconditional tool approval).'
  ~15 lines.
- Structure the init JSON:
  {kind, files:[{path,action}], resolved_permission_mode,
   permission_mode_source, security_warnings:[]}
  ~30 lines.
- Deprecate 'dontAsk' alias OR log warning at parse: 'alias for
  danger-full-access; grants unconditional tool access'. ~8 lines.
- Regression tests per outcome.

Builds on #87 and amplifies it:
  #87: absence-of-config default = danger-full-access
  #101: fail-OPEN on bad RUSTY_CLAUDE_PERMISSION_MODE env var
  #115: init actively generates the dangerous default

Three sequential compounding permission-posture failures.

Joins Permission-audit/tool-allow-list (#94, #97, #101, #106)
as 5th member — init-time anchor of the permission problem.
Joins Silent-flag/documented-but-unenforced on silent-setting
axis. Cross-cluster with Reporting-surface/config-hygiene
(prose-wrapped JSON) and Truth-audit (misleading 'Next step'
phrasing).

Natural bundle: #87 + #101 + #115 — 'permission drift at every
boundary': absence default + env-var bypass + init-generated.

Flagship permission-audit sweep grows 7-way:
  #50 + #87 + #91 + #94 + #97 + #101 + #115

Filed in response to Clawhip pinpoint nudge 1494917922076889139
in #clawcode-building-in-public.
 2026-04-18 13:32:46 +09:00
YeonGyu-Kim
ca09b6b374 ROADMAP #114: /session list and --resume disagree after /clear; reported session_id unresumable; .bak files invisible; 0-byte files fabricate phantoms 
Dogfooded 2026-04-18 on main HEAD 43eac4d from /tmp/cdNN and /tmp/cdOO.

Three related findings on session reference resolution asymmetry:

1. /clear divergence (primary):
   - /clear --confirm rewrites session_id inside the file header
     but reuses the old filename.
   - /session list reads meta header, reports new id.
   - --resume looks up by filename stem, not meta header.
   - Net: /session list reports ids that --resume can't resolve.

   Concrete:
     claw --resume ses /clear --confirm
       → new_session_id: session-1776481564268-1
       → file still named ses.jsonl, meta session_id now the new id
     claw --resume ses /session list
       → active: session-1776481564268-1
     claw --resume session-1776481564268-1
       → ERROR session not found

2. .bak files filtered out of /session list silently:
   ls .claw/sessions/<bucket>/
     ses.jsonl    ses.jsonl.before-clear-<ts>.bak
   /session list → only ses.jsonl visible, .bak zero discoverability
   is_managed_session_file only matches .jsonl and .json.

3. 0-byte session files fabricate phantom sessions:
   touch .claw/sessions/<bucket>/emptyses.jsonl
   claw --resume emptyses /session list
     → active: session-<ms>-0
     → sessions: [session-<ms>-1]
     Two different fabricated ids, neither persisted to disk.
     --resume either fabricated id → 'session not found'.

Trace:
  session_control.rs:86-116 resolve_reference:
    handle.id = session_id_from_path(&path)     (filename stem)
                .unwrap_or_else(|| ref.to_string())
    Meta header NEVER consulted for ref → id mapping.

  session_control.rs:118-137 resolve_managed_path:
    for ext in [jsonl, json]:
      path = sessions_root / '{ref}.{ext}'
      if path.exists(): return
    Lookup key is filename. Zero fallback to meta scan.

  session_control.rs:228-285 collect_sessions_from_dir:
    on load success: summary.id = session.session_id    (meta)
    on load failure: summary.id = path.file_stem()      (filename)
    /session list thus reports meta ids for good files.

  /clear handler rewrites session_id in-place, writes to same
  session_path. File keeps old name, gets new id inside.

  is_managed_session_file filters .jsonl/.json only. .bak invisible.

Fix shape (~90 lines):
- /clear preserves filename's identity (Option A: keep session_id,
  wipe content). /session fork handles new-id semantics (#113).
- resolve_reference falls back to meta-header scan when filename
  lookup fails. Covers legacy divergent files.
- /session list surfaces backups via --include-backups flag OR
  separate backups: [] array with structured metadata.
- 0-byte session files produce SessionError::EmptySessionFile
  instead of silent fabrication. Structured error, not phantom.
- regression tests per failure mode.

Joins Session-handling: #93 + #112 + #113 + #114 — reference
resolution + concurrent-modification + programmatic management +
reference/enumeration asymmetry. Complete session-handling cluster.

Joins Truth-audit — /session list output factually wrong about
what is resumable.

Cross-cluster with Parallel-entry-point asymmetry (#91, #101,
#104, #105, #108) — entry points reading same underlying data
produce mutually inconsistent identifiers.

Natural bundle: #93 + #112 + #113 + #114 (session-handling
quartet — complete coverage).

Alternative bundle: #104 + #114 — /clear filename semantics +
/export filename semantics both hide identity in filename.

Filed in response to Clawhip pinpoint nudge 1494895272936079493
in #clawcode-building-in-public.
 2026-04-18 12:09:31 +09:00
YeonGyu-Kim
43eac4d94b ROADMAP #113: /session switch/fork/delete unsupported from --resume; no claw session CLI subcommand; REPL-only programmatic gap 
Dogfooded 2026-04-18 on main HEAD 8b25daf from /tmp/cdJJ.

Test matrix:
  /session list              → works (structured JSON)
  /session switch s          → 'unsupported resumed slash command'
  /session fork foo          → 'unsupported resumed slash command'
  /session delete s          → 'unsupported resumed slash command'
  /session delete s --force  → 'unsupported resumed slash command'

  claw session delete s      → Prompt fallthrough (#108), 'missing
                               credentials' from LLM error path

Help documents ALL session verbs as one unified capability:
  /session [list|switch <session-id>|fork [branch-name]|delete
           <session-id> [--force]]
  Summary: 'List, switch, fork, or delete managed local sessions'

Implementation:
  main.rs:10618 parser builds SlashCommand::Session{action, target}
    for every subverb. All parse successfully.
  main.rs:2908-2925 dedicated /session list handler. Only one.
  main.rs:2936-2940+ catch-all:
    SlashCommand::Session {..} | SlashCommand::Plugins {..} | ...
    => Err(format_unsupported_resumed_slash_command(...))
  main.rs:3963 SlashCommand::Session IS handled in LiveCli REPL
    path — switch/fork/delete implemented for interactive mode.
  runtime/session_control.rs:131+ SessionStore::resolve_reference,
    delete_managed_session, fork_managed_session all exist.
  grep 'claw session\b' main.rs → zero matches. No CLI subcommand.

Gap: backing code exists, parser understands verbs, REPL handler
wired — ONLY the --resume dispatch path lacks switch/fork/delete
plumbing, and there's no claw session CLI subcommand as
programmatic alternative.

A claw orchestrating session lifecycle at scale has three options:
  a) start interactive REPL (impossible without TTY)
  b) manual .claw/sessions/ rm/cp (bypasses bookkeeping, breaks
     with #112's proposed locking)
  c) stick to /session list + /clear, accept missing verbs

Fix shape (~130 lines):
- /session switch <id> in run_resume_command (~25 lines)
- /session fork [branch] in run_resume_command (~30 lines)
- /session delete <id> [--force] in run_resume_command (~30),
  --force required without TTY
- claw session <verb> CLI subcommand (~40)
- --help: annotate which session verbs are resume-safe vs REPL-only
- regression tests per verb x (CLI / slash-via-resume)

Joins Unplumbed-subsystem (#78, #96, #100, #102, #103, #107, #109,
#111) as 9th declared-but-not-delivered surface. Joins Session-
handling (#93, #112) as 3rd member. Cross-cluster with Silent-
flag on help-vs-impl mismatch.

Natural bundles:
  #93 + #112 + #113 — session-handling triangle (semantic /
    concurrency / management API)
  #78 + #111 + #113 — declared-but-not-delivered triangle with
    three flavors:
      #78 fails-noisy (CLI variant → Prompt fallthrough)
      #111 fails-quiet (slash → wrong handler)
      #113 no-handler-at-all (slash → unsupported-resumed)

Filed in response to Clawhip pinpoint nudge 1494887723818029156
in #clawcode-building-in-public.
 2026-04-18 11:33:10 +09:00
YeonGyu-Kim
8b25daf915 ROADMAP #112: concurrent /compact and /clear race with raw 'No such file or directory (os error 2)' on session file 
Dogfooded 2026-04-18 on main HEAD a049bd2 from /tmp/cdII.

5 concurrent /compact on same session → 4 succeed, 1 races with
raw ENOENT. Same pattern with concurrent /clear --confirm.

Trace:
  session.rs:204-212 save_to_path:
    rotate_session_file_if_needed(path)?
    write_atomic(path, &snapshot)?
    cleanup_rotated_logs(path)?
  Three steps. No lock around sequence.

  session.rs:1085-1094 rotate_session_file_if_needed:
    metadata(path) → rename(path, rot_path)
  Classic TOCTOU. Race window between check and rename.

  session.rs:1063-1071 write_atomic:
    writes .tmp-{ts}-{counter}, renames to path
  Atomic per rename, not per multi-step sequence.

  cleanup_rotated_logs deletes .rot-{ts} files older than 3 most
  recent. Can race against another process reading that rot file.

  No flock, no advisory lock file, no fcntl.
  grep 'flock|FileLock|advisory' session.rs → zero matches.

  SessionError::Io Display forwards os::Error Display:
    'No such file or directory (os error 2)'
  No domain translation to 'session file vanished during save'
  or 'concurrent modification detected, retry safe'.

Fix shape (~90 lines + test):
- advisory lock: .claw/sessions/<bucket>/<session>.jsonl.lock
  exclusive flock for duration of save_to_path (fs2 crate)
- domain error variants:
    SessionError::ConcurrentModification {path, operation}
    SessionError::SessionFileVanished {path}
- error-to-JSON mapping:
    {error_kind: 'concurrent_modification', retry_safe: true}
- retry-policy hints on idempotent ops (/compact, /clear)
- regression test: spawn 10 concurrent /compact, assert all
  success OR structured ConcurrentModification (no raw os_error)

Affected operations:
- /compact (session save_to_path after compaction)
- /clear --confirm (save_to_path after new session)
- /export (may hit rotation boundary)
- Turn-persist (append_persisted_message can race rotation)

Not inherently a bug if sessions are single-writer, but
workspace-bucket scoping at session_control.rs:31-32 assumes
one claw per workspace. Parallel ulw lanes, CI matrix runners,
orchestration loops all violate that assumption.

Joins truth-audit (error lies by omission about what happened).
New micro-cluster 'session handling' with #93. Adjacent to
#104 on session-file-handling axis.

Natural bundle: #93 + #112 (session semantic correctness +
concurrency error clarity).

Filed in response to Clawhip pinpoint nudge 1494880177099116586
in #clawcode-building-in-public.
 2026-04-18 11:03:12 +09:00
YeonGyu-Kim
a049bd29b1 ROADMAP #111: /providers documented as 'List available model providers' but dispatches to Doctor 
Dogfooded 2026-04-18 on main HEAD b2366d1 from /tmp/cdHH.

Specification mismatch at the command-dispatch layer:
  commands/src/lib.rs:716-720  SlashCommandSpec registry:
    name: 'providers', summary: 'List available model providers'
  commands/src/lib.rs:1386     parser:
    'doctor' | 'providers' => SlashCommand::Doctor

So /providers dispatches to SlashCommand::Doctor. A claw calling
/providers expecting {kind: 'providers', providers: [...]} gets
{kind: 'doctor', checks: [auth, config, install_source, workspace,
sandbox, system]} instead. Same top-level kind field name,
completely different payload.

Help text lies twice:
  --help slash listing: '/providers   List available model providers'
  --help Resume-safe summary: includes /providers

Unlike STUB_COMMANDS (#96) which fail noisily, /providers fails
QUIETLY — returns wrong subsystem output.

Runtime has provider data:
  ProviderKind::{Anthropic, Xai, OpenAi, ...} at main.rs:1143-1147
  resolve_repl_model with provider-prefix routing
  pricing_for_model with per-provider costs
  provider_fallbacks config field
Scaffolding is present; /providers just doesn't use it.

By contrast /tokens → Stats and /cache → Stats are semantically
reasonable (Stats has the requested data). /providers → Doctor
is genuinely bizarre.

Fix shape:
  A. Implement: SlashCommand::Providers variant + render helper
     using ProviderKind + provider_fallbacks + env-var check (~60)
  B. Remove: delete 'providers' from registry + parser (~3 lines)
     then /providers becomes 'unknown, did you mean /doctor?'
  Either way: fix --help to match.

Parallel to #78 (claw plugins CLI variant never constructed,
falls through to prompt). Both are 'declared in spec, not
implemented as declared.' #78 fails noisy, #111 fails quiet.

Joins silent-flag cluster (#96-#101, #104, #108) — 8th
doc-vs-impl mismatch. Joins unplumbed-subsystem (#78, #96,
#100, #102, #103, #107, #109) as 8th declared-but-not-
delivered surface. Joins truth-audit.

Natural bundles:
  #78 + #96 + #111 — declared-but-not-as-declared triangle
  #96 + #108 + #111 — full --help/dispatch hygiene quartet
    (help-filter-leaks + subcommand typo fallthrough + slash
    mis-dispatch)

Filed in response to Clawhip pinpoint nudge 1494872623782301817
in #clawcode-building-in-public.
 2026-04-18 10:34:25 +09:00
YeonGyu-Kim
b2366d113a ROADMAP #110: ConfigLoader only checks cwd paths; .claw.json at project_root invisible from subdirectories 
Dogfooded 2026-04-18 on main HEAD 16244ce from /tmp/cdGG/nested/deep/dir.

ConfigLoader::discover at config.rs:242-270 hardcodes every
project/local path as self.cwd.join(...):
  - self.cwd.join('.claw.json')
  - self.cwd.join('.claw').join('settings.json')
  - self.cwd.join('.claw').join('settings.local.json')

No ancestor walk. No consultation of project_root.

Concrete:
  cd /tmp/cdGG && git init && echo '{permissions:{defaultMode:read-only}}' > .claw.json
  cd /tmp/cdGG/nested/deep/dir
  claw status → permission_mode: 'danger-full-access' (fallback)
  claw doctor → 'Config files loaded 0/0, defaults are active'
  But project_root: /tmp/cdGG is correctly detected via git walk.
  Same config file, same repo, invisible from subdirectory.

Meanwhile CLAUDE.md discovery walks ancestors unbounded (per #85
over-discovery). Same subsystem category, opposite policy, no doc.

Security-adjacent per #87: permission-mode fallback is
danger-full-access. cd'ing to a subdirectory silently upgrades
from read-only (configured) → danger-full-access (fallback) —
workspace-location-dependent permission drift.

Fix shape (~90 lines):
- add project_root_for(&cwd) helper (reuse git-root walker from
  render_doctor_report)
- config search: user → project_root/.claw.json →
  project_root/.claw/settings.json → cwd/.claw.json (overlay) →
  cwd/.claw/settings.* (overlays)
- optionally walk intermediate ancestors
- surface 'where did my config come from' in doctor (pairs with
  #106 + #109 provenance)
- warn when cwd has no config but project_root does
- documentation parity with CLAUDE.md
- regression tests per cwd depth + overlay precedence

Joins truth-audit (doctor says 'ok, defaults active' when config
exists). Joins discovery-overreach as opposite-direction sibling:
  #85: skills ancestor walk UNBOUNDED (over-discovery)
  #88: CLAUDE.md ancestor walk enables injection
  #110: config NO ancestor walk (under-discovery)

Natural bundle: #85 + #110 (ancestor policy unification), or
#85 + #88 + #110 (full three-way ancestor-walk audit).

Filed in response to Clawhip pinpoint nudge 1494865079567519834
in #clawcode-building-in-public.
 2026-04-18 10:05:31 +09:00
YeonGyu-Kim
16244cec34 ROADMAP #109: config validation warnings stderr-only; structured ConfigDiagnostic flattened to prose, JSON-invisible 
Dogfooded 2026-04-18 on main HEAD 21b2773 from /tmp/cdDD.

Validator produces structured diagnostics but loader discards
them after stderr eprintln:

  config_validate.rs:19-66 ConfigDiagnostic {path, field, line,
    kind: UnknownKey|WrongType|Deprecated}
  config_validate.rs:313-322 DEPRECATED_FIELDS: permissionMode,
    enabledPlugins
  config_validate.rs:451 emits DiagnosticKind::Deprecated
  config.rs:285-300 ConfigLoader::load:
    if !validation.is_ok() {
        return Err(validation.errors[0].to_string())  // ERRORS propagate
    }
    all_warnings.extend(validation.warnings);
    for warning in &all_warnings {
        eprintln!('warning: {warning}');             // WARNINGS stderr only
    }

RuntimeConfig has no warnings field. No accessor. No route from
validator structured data to doctor/status JSON envelope.

Concrete:
  .claw.json with enabledPlugins:{foo:true}
    → config check: {status: 'ok', summary: 'runtime config
      loaded successfully'}
    → stderr: 'warning: field enabledPlugins is deprecated'
    → claw with 2>/dev/null loses the warning entirely

Errors DO propagate correctly:
  .claw.json with 'permisions' (typo)
    → config check: {status: 'fail', summary: 'unknown key
      permisions... Did you mean permissions?'}

Warning→stderr, Error→JSON asymmetry: a claw reading JSON can
see errors structurally but can't see warnings at all. Silent
migration drift: legacy claude-code 'permissionMode' key still
works, warning lost, operator never sees 'use permissions.
defaultMode' guidance unless they notice stderr.

Fix shape (~85 lines, all additive):
- add warnings: Vec<ConfigDiagnostic> field to RuntimeConfig
- populate from all_warnings, keep eprintln for human ops
- add ConfigDiagnostic::to_json_value emitting
  {path, field, line, kind, message, replacement?}
- check_config_health: status='warn' + warnings[] JSON when
  non-empty
- surface in status JSON (config_warnings[] or top-level
  warnings[])
- surface in /config slash-command output
- regression tests per deprecated field + aggregation + no-warn

Joins truth-audit (#80-#87, #89, #100, #102, #103, #105, #107)
— doctor says 'ok' while validator flagged deprecations. Joins
unplumbed-subsystem (#78, #96, #100, #102, #103, #107) — 7th
surface. Joins Claude Code migration parity (#103) —
permissionMode legacy path is stderr-only.

Natural bundles:
  #100 + #102 + #103 + #107 + #109 — 5-way doctor-surface
    coverage plus structured warnings (doctor stops lying PR)
  #107 + #109 — stderr-only-prose-warning sweep (hook events +
    config warnings = same plumbing pattern)

Filed in response to Clawhip pinpoint nudge 1494857528335532174
in #clawcode-building-in-public.
 2026-04-18 09:34:05 +09:00
YeonGyu-Kim
21b2773233 ROADMAP #108: subcommand typos silently fall through to LLM prompt dispatch, burning billed tokens 
Dogfooded 2026-04-18 on main HEAD 91c79ba from /tmp/cdCC.

Unrecognized first-positional tokens fall through the
_other => Ok(CliAction::Prompt { ... }) arm at main.rs:707.
Per --help this is 'Shorthand non-interactive prompt mode' —
documented behavior — but it eats known-subcommand typos too:

  claw doctorr    → Prompt("doctorr") → LLM API call
  claw skilsl     → Prompt("skilsl") → LLM API call
  claw statuss    → Prompt("statuss") → LLM API call
  claw deply      → Prompt("deply") → LLM API call

With credentials set, each burns real tokens. Without creds,
returns 'missing Anthropic credentials' — indistinguishable
from a legitimate prompt failure. No 'did you mean' suggestion.

Infrastructure exists:
  slash command typos:
    claw --resume s /skilsl
    → 'Unknown slash command: /skilsl. Did you mean /skill, /skills'
  flag typos:
    claw --fake-flag
    → structured error 'unknown option: --fake-flag'
  subcommand typos:
    → silently become LLM prompts

The did-you-mean helper exists for slash commands. Flag
validation exists. Only subcommand dispatch has the silent-
fallthrough.

Fix shape (~60 lines):
- suggest_similar_subcommand(token) using levenshtein ≤ 2
  against the ~16-item known-subcommand list
- gate the Prompt fallthrough on a shape heuristic:
  single-token + near-match → return structured error with
  did-you-mean. Otherwise fall through unchanged.
- preserve shorthand-prompt mode for multi-word inputs,
  quoted inputs, and non-near-match tokens
- regression tests per typo shape + legit prompt + quoted
  workaround

Cross-claw orchestration hazard: claws constructing subcommand
names from config or other claws' output have a latent 'typo →
live LLM call' vector. Over CI matrix with 1% typo rate, that's
billed-token waste + structural signal loss (error handler
can't distinguish typo from legit prompt failure).

Joins silent-flag cluster (#96-#101, #104) on subcommand axis —
6th instance of 'malformed input silently produces unintended
behavior.' Joins parallel-entry-point asymmetry (#91, #101,
#104, #105) — slash vs subcommand disagree on typo handling.

Natural bundles: #96 + #98 + #108 (--help/dispatch surface
hygiene triangle), #91 + #101 + #104 + #105 + #108 (parallel-
entry-point 5-way).

Filed in response to Clawhip pinpoint nudge 1494849975530815590
in #clawcode-building-in-public.
 2026-04-18 09:05:32 +09:00
YeonGyu-Kim
91c79baf20 ROADMAP #107: hooks subsystem fully invisible to JSON diagnostic surfaces; doctor no hook check, /hooks is stub, progress events stderr-only 
Dogfooded 2026-04-18 on main HEAD a436f9e from /tmp/cdBB.

Complete hook invisibility across JSON diagnostic surfaces:

1. doctor: no check_hooks_health function exists. check_config_health
   emits 'Config files loaded N/M, MCP servers N, Discovered file X'
   — NO hook count, no hook event breakdown, no hook health.
   .claw.json with 3 hooks (including /does/not/exist and
   curl-pipe-sh remote-exec payload) → doctor: ok, has_failures: false.

2. /hooks list: in STUB_COMMANDS (main.rs:7272) → returns 'not yet
   implemented in this build'. Parallel /mcp list / /agents list /
   /skills list work fine. /hooks has no sibling.

3. /config hooks: reports loaded_files and merged_keys but NOT
   hook bodies, NOT hook source files, NOT per-event breakdown.

4. Hook progress events route to eprintln! as prose:
   CliHookProgressReporter (main.rs:6660-6695) emits
   '[hook PreToolUse] tool_name: command' to stderr unconditionally.
   NEVER into --output-format json. A claw piping stderr to
   /dev/null (common in pipelines) loses all hook visibility.

5. parse_optional_hooks_config_object (config.rs:766) accepts any
   non-empty string. No fs::metadata() check, no which() check,
   no shell-syntax sanity check.

6. shell_command (hooks.rs:739-754) runs 'sh -lc <command>' with
   full shell expansion — env vars, globs, pipes, , remote
   curl pipes.

Compounds with #106: downstream .claw/settings.local.json can
silently replace the entire upstream hook array via the
deep_merge_objects replace-semantic. A team-level audit hook in
~/.claw/settings.json is erasable and replaceable by an
attacker-controlled hook with zero visibility anywhere
machine-readable.

Fix shape (~220 lines, all additive):
- check_hooks_health doctor check (like #102's check_mcp_health)
- status JSON exposes {pre_tool_use, post_tool_use,
  post_tool_use_failure} with source-file provenance
- implement /hooks list (remove from STUB_COMMANDS)
- route HookProgressEvent into JSON turn-summary as hook_events[]
- validate hook commands at config-load, classify execution_kind
- regression tests

Joins truth-audit (#80-#87, #89, #100, #102, #103, #105) — doctor
lies when hooks are broken or hostile. Joins unplumbed-subsystem
(#78, #96, #100, #102, #103) — HookProgressEvent exists,
JSON-invisible. Joins subsystem-doctor-coverage (#100, #102, #103)
as fourth opaque subsystem. Cross-cluster with permission-audit
(#94, #97, #101, #106) because hooks ARE a permission mechanism.

Natural bundle: #102 + #103 + #107 (subsystem-doctor-coverage
3-way becomes 4-way). Plus #106 + #107 (policy-erasure + policy-
visibility = complete hook-security story).

Filed in response to Clawhip pinpoint nudge 1494834879127486544
in #clawcode-building-in-public.
 2026-04-18 08:05:20 +09:00
YeonGyu-Kim
a436f9e2d6 ROADMAP #106: config merge deep_merge_objects REPLACES arrays; permission deny rules can be silently erased by downstream config layer 
Dogfooded 2026-04-18 on main HEAD 71e7729 from /tmp/cdAA.

deep_merge_objects at config.rs:1216-1230 recurses into nested
objects but REPLACES arrays. So:
  ~/.claw/settings.json: {"permissions":{"deny":["Bash(rm *)"]}}
  .claw.json:             {"permissions":{"deny":["Bash(sudo *)"]}}
  Merged:                 {"permissions":{"deny":["Bash(sudo *)"]}}

User's Bash(rm *) deny rule SILENTLY LOST. No warning. doctor: ok.

Worst case:
  ~/.claw/settings.json:       {deny: [...strict list...]}
  .claw/settings.local.json:   {deny: []}
  Merged:                       {deny: []}
Every deny rule from every upstream layer silently removed by a
workspace-local file. Any team/org security policy distributed
via user-home config is trivially erasable.

Arrays affected:
  permissions.allow/deny/ask
  hooks.PreToolUse/PostToolUse/PostToolUseFailure
  plugins.externalDirectories

MCP servers are merged BY-KEY (merge_mcp_servers at :709) so
distinct server names across layers coexist. Author chose
merge-by-key for MCP but not for policy arrays. Design is
internally inconsistent.

extend_unique + push_unique helpers EXIST at :1232-1244 that do
union-merge with dedup. They are not called on the config-merge
axis for any policy array.

Fix shape (~100 lines):
- union-merge permissions.allow/deny/ask via extend_unique
- union-merge hooks.* arrays
- union-merge plugins.externalDirectories
- explicit replace-semantic opt-in via 'deny!' sentinel or
  'permissions.replace: [...]' form (opt-in, not default)
- doctor surfaces policy provenance per rule (also helps #94)
- emit warning when replace-sentinel is used
- regression tests for union + explicit replace + multi-layer

Joins permission-audit sweep as 4-way composition-axis finding
(#94, #97, #101, #106). Joins truth-audit (doctor says 'ok'
while silently deleted every deny rule).

Natural bundle: #94 + #106 (rule validation + rule composition).
Plus #91 + #94 + #97 + #101 + #106 as 5-way policy-surface-audit.

Filed in response to Clawhip pinpoint nudge 1494827325085454407
in #clawcode-building-in-public.
 2026-04-18 07:33:47 +09:00
YeonGyu-Kim
71e77290b9 ROADMAP #105: claw status ignores .claw.json model, doctor mislabels alias as Resolved, 4 surfaces disagree 
Dogfooded 2026-04-18 on main HEAD 6580903 from /tmp/cdZ.

.claw.json with {"model":"haiku"} produces:
  claw status → model: 'claude-opus-4-6' (DEFAULT_MODEL, config ignored)
  claw doctor → 'Resolved model    haiku' (raw alias, label lies)
  turn dispatch → claude-haiku-4-5-20251213 (actually-resolved canonical)
  ANTHROPIC_MODEL=sonnet → status still says claude-opus-4-6

FOUR separate understandings of 'active model':
  1. config file (alias as written)
  2. doctor (alias mislabeled as 'Resolved')
  3. status (hardcoded DEFAULT_MODEL ignoring config entirely)
  4. turn dispatch (canonical, alias-resolved, what turns actually use)

Trace:
  main.rs:59  DEFAULT_MODEL const = claude-opus-4-6
  main.rs:400 parse_args starts model = DEFAULT_MODEL
  main.rs:753 Status dispatch: model.to_string() — never calls
      resolve_repl_model, never reads config or env
  main.rs:1125 resolve_repl_model: source of truth for actual
      model, consults ANTHROPIC_MODEL env + config + alias table.
      Called from Prompt and Repl dispatch. NOT from Status.
  main.rs:1701 check_config_health: 'Resolved model {model}'
      where model is raw configured string, not resolved.
      Label says Resolved, value is pre-resolution alias.

Orchestration hazard: a claw picks tool strategy based on
status.model assuming it reflects what turns will use. Status
lies: always reports DEFAULT_MODEL unless --model flag was
passed. Config and env var completely ignored by status.

Fix shape (~30 lines):
- call resolve_repl_model from print_status_snapshot
- add effective_model field to status JSON (or rename/enrich)
- fix doctor 'Resolved model' label (either rename to 'Configured'
  or actually alias-resolve before emitting)
- honor ANTHROPIC_MODEL env in status
- regression tests per model source with cross-surface equality

Joins truth-audit (#80-#84, #86, #87, #89, #100, #102, #103).
Joins two-paths-diverge (#91, #101, #104) — now 4-way with #105.
Joins doctor-surface-coverage triangle (#100 + #102 + #105).

Filed in response to Clawhip pinpoint nudge 1494819785676947543
in #clawcode-building-in-public.
 2026-04-18 07:08:25 +09:00
YeonGyu-Kim
6580903d20 ROADMAP #104: /export and claw export are two paths with incompatible filename semantics; slash silently .txt-rewrites 
Dogfooded 2026-04-18 on main HEAD 7447232 from /tmp/cdY.

Two-path-diverge problem:

A. /export slash command (resolve_export_path at main.rs:5990-6010):
   - If extension != 'txt', silently appends '.txt'
   - /export foo.md → writes foo.md.txt
   - /export report.json → writes report.json.txt
   - cwd.join(relative_path_with_dotdot) resolves outside cwd
   - No path-traversal rejection

B. claw export CLI (run_export at main.rs:6021-6055):
   - fs::write(path, &markdown) directly, no suffix munging
   - /tmp/cli-export.md → writes /tmp/cli-export.md
   - Also no path-traversal check, absolute paths write wherever

Same logical action, incompatible output contracts. A claw that
switches between /export and claw export sees different output
filenames for the same input.

Compounded:
- Content is Markdown (render_session_markdown emits '# Conversation
  Export', '## 1. User', fenced code blocks) but slash path forces
  .txt extension → content/extension mismatch. File-routing
  pipelines (archival by extension, syntax highlight, preview)
  misclassify.
- --help says just '/export [file]'. No mention of .txt forcing,
  no mention of path-resolution semantics.
- Claw pipelines that glob *.md won't find /export outputs.

Trace:
  main.rs:5990 resolve_export_path: extension check + conditional
    .txt append
  main.rs:6021 run_export: fs::write direct, no path munging
  main.rs:5975 default_export_filename: hardcodes .txt fallback
  Content renderer is Markdown (render_session_markdown:6075)

Fix shape (~70 lines):
- unify both paths via shared export_session_to_path helper
- respect caller's extension (pick renderer by extension or
  accept that content is Markdown and name accordingly)
- path-traversal policy decision: restrict to project root or
  allow-with-warning
- --help: document suffix preservation + path semantics
- regression tests for extension preservation + dotdot rejection

Joins silent-flag cluster (#96-#101) on silent-rewrite axis.
New two-paths-diverge sub-cluster: #91 (permission-mode parser
disagree) + #101 (CLI vs env asymmetry) + #104 (slash vs CLI
export asymmetry) — three instances of parallel entry points
doing subtly different things.

Natural bundles: #91 + #101 + #104 (two-paths-diverge trio),
#96 + #98 + #99 + #101 + #104 (silent-rewrite-or-noop quintet).

Filed in response to Clawhip pinpoint nudge 1494812230372294849
in #clawcode-building-in-public.
 2026-04-18 06:34:38 +09:00
YeonGyu-Kim
7447232688 ROADMAP #103: claw agents silently drops every non-.toml file; claude-code convention .md files ignored, no content validation 
Dogfooded 2026-04-18 on main HEAD 6a16f08 from /tmp/cdX.

Two-part gap on agent subsystem:

1. File-format gate silently discards .md (YAML frontmatter):
   commands/src/lib.rs:3180-3220 load_agents_from_roots filters
   extension() != 'toml' and silently continues. No log, no warn.
   .claw/agents/foo.md → agents list count: 0, doctor: ok.
   Same file renamed to .toml → discovered instantly.

2. No content validation inside accepted .toml:
   model='nonexistent/model-that-does-not-exist' → accepted.
   tools=['DoesNotExist', 'AlsoFake'] → accepted.
   reasoning_effort string → unvalidated.
   No check against model registry, tool registry, or
   reasoning-effort enum — all machinery exists elsewhere
   (#97 validates tools for --allowedTools flag).

Compounded:
- agents help JSON lists sources but NOT accepted file formats.
  Operators have zero documentation-surface way to diagnose
  'why does my .md file not work?'
- Doctor check set has no agents check. 3 files present with
  1 silently skipped → summary: 'ok'.
- Skills use .md (SKILL.md). MCP uses .json (.claw.json).
  Agents uses .toml. Three subsystems, three formats, no
  cross-subsystem consistency or documentation.
- Claude Code convention is .md with YAML frontmatter.
  Migrating operators copy that and silently fail.

Fix shape (~100 lines):
- accept .md with YAML frontmatter via existing
  parse_skill_frontmatter helper
- validate model/tools/reasoning_effort against existing
  registries; emit status: 'invalid' + validation_errors
  instead of silently accepting
- agents list summary.skipped: [{path, reason}]
- add agents doctor check (total/active/skipped/invalid)
- agents help: accepted_formats list

Joins truth-audit (#80-#84, #86, #87, #89, #100, #102) on
silent-ok-while-ignoring axis. Joins silent-flag (#96-#101) at
subsystem scale. Joins unplumbed-subsystem (#78, #96, #100,
#102) as 5th unreachable surface: load_agents_from_roots
present, parse_skill_frontmatter present, validation helpers
present, agents path calls none of them.

Also opens new 'Claude Code migration parity' cross-cluster:
claw-code silently breaks the expected convention migration
path for a first-class subsystem.

Natural bundles: #102 + #103 (subsystem-doctor-coverage),
#78 + #96 + #100 + #102 + #103 (unplumbed-surface quintet).

Filed in response to Clawhip pinpoint nudge 1494804679962661187
in #clawcode-building-in-public.
 2026-04-18 06:03:22 +09:00
YeonGyu-Kim
6a16f0824d ROADMAP #102: mcp list/show/doctor surface MCP config-time only; no preflight, no liveness, not even command-exists check 
Dogfooded 2026-04-18 on main HEAD eabd257 from /tmp/cdW2.

A .claw.json pointing at command='/does/not/exist' as an MCP server
cheerfully reports:
  mcp show unreachable → found: true
  mcp list → configured_servers: 1, status field absent
  doctor → config: ok, MCP servers: 1, has_failures: false

The broken server is invisible until agent tries to call a tool
from it mid-turn — burning tokens on failed tool call and forcing
retry loop.

Trace:
  main.rs:1701-1780 check_config_health counts via
    runtime_config.mcp().servers().len()
    No which(). No TcpStream::connect(). No filesystem touch.
  render_doctor_report has 6 checks (auth/config/install_source/
    workspace/sandbox/system). No check_mcp_health exists.
  commands/src/lib.rs mcp list/show emit config-side repr only.
    No status field, no reachable field, no startup_state.
  runtime/mcp_stdio.rs HAS startup machinery with error types,
    but only invoked at turn-execution time — too late for
    preflight.

Roadmap prescribes this exact surface:
  - Phase 1 §3.5 Boot preflight / doctor contract explicitly lists
    'MCP config presence and server reachability expectations'
  - Phase 2 §4 canonical lane event schema includes lane.ready
  - Phase 4.4.4 event provenance / environment labeling
  - Product Principle #5 'Partial success is first-class' —
    'MCP startup can succeed for some servers and fail for
    others, with structured degraded-mode reporting'

All four unimplementable without preflight + per-server status.

Fix shape (~110 lines):
- check_mcp_health: which(command) for stdio, 1s TcpStream
  connect for http/sse. Aggregate ok/warn/fail with per-server
  detail lines.
- mcp list/show: add status field
  (configured/resolved/command_not_found/connect_refused/
  startup_failed). --probe flag for deeper handshake.
- doctor top-level: degraded_mode: bool, startup_summary.
- Wire preflight into prompt/repl bootstrap; emit one-time
  mcp_preflight event.

Joins unplumbed-subsystem cross-cluster (#78, #100, #102) —
subsystem exists, diagnostic surface JSON-invisible. Joins
truth-audit (#80-#84, #86, #87, #89, #100) — doctor: ok lies
when MCP broken.

Natural bundle: #78 + #96 + #100 + #102 unplumbed-surface
quartet. Also #100 + #102 as pure doctor-surface-coverage 2-way.

Filed in response to Clawhip pinpoint nudge 1494797126041862285
in #clawcode-building-in-public.
 2026-04-18 05:34:30 +09:00
YeonGyu-Kim
eabd257968 ROADMAP #101: RUSTY_CLAUDE_PERMISSION_MODE env var silently fails OPEN to danger-full-access on any invalid value 
Dogfooded 2026-04-18 on main HEAD d63d58f from /tmp/cdV.

Qualitatively worse than #96-#100 silent-flag class because this
is fail-OPEN, not fail-inert: operator intent 'restrict this lane'
silently becomes 'full access.'

Tested matrix:
  VALID → correct mode:
    read-only            → read-only
    workspace-write      → workspace-write
    danger-full-access   → danger-full-access
    ' read-only '        → read-only (trim works)

  INVALID → silent danger-full-access:
    ''                   → danger-full-access
    'readonly'           → danger-full-access (typo: missing hyphen)
    'read_only'          → danger-full-access (typo: underscore)
    'READ-ONLY'          → danger-full-access (case)
    'ReadOnly'           → danger-full-access (case)
    'dontAsk'            → danger-full-access (config alias not recognized by env parser, but ultimate default happens to be dfa)
    'garbage'            → danger-full-access (pure garbage)
    'readonly\n'         → danger-full-access

CLI asymmetry: --permission-mode readonly → loud structured error.
Same misspelling, same input, opposite outcomes via env vs CLI.

Trace:
  main.rs:1099-1107 default_permission_mode:
    env::var(...).ok().and_then(normalize_permission_mode)
    .or_else(config...).unwrap_or(DangerFullAccess)
  → .and_then drops error context on invalid;
    .unwrap_or fail-OPEN to most permissive mode

  main.rs:5455-5462 normalize_permission_mode accepts 3 canonical;
  runtime/config.rs:855-863 parse_permission_mode_label accepts 7
  including config aliases (default/plan/acceptEdits/auto/dontAsk).
  Two parsers, disagree on accepted set, no shared source of truth.

Plus: env var RUSTY_CLAUDE_PERMISSION_MODE is UNDOCUMENTED.
grep of README/docs/help returns zero hits.

Fix shape (~60 lines total):
- rewrite default_permission_mode to surface invalid values via Result
- share ONE parser across CLI/config/env (extract from config.rs:855)
- decide broad (7 aliases) vs narrow (3 canonical) accepted set
- document the env var in --help Environment section
- add doctor check surfacing permission_mode.source attribution
- optional: rename to CLAW_PERMISSION_MODE with deprecation alias

Joins permission-audit sweep (#50/#87/#91/#94/#97/#101) on the env
axis. Completes the three-way input-surface audit: CLI + config +
env. Cross-cluster with silent-flag #96-#100 (worse variant: fail-OPEN)
and truth-audit (#80-#87, #89, #100) (operator can't verify source).

Natural 6-way bundle: #50 + #87 + #91 + #94 + #97 + #101 closes the
entire permission-input attack surface in one pass.

Filed in response to Clawhip pinpoint nudge 1494789577687437373
in #clawcode-building-in-public.
 2026-04-18 05:04:28 +09:00
YeonGyu-Kim
d63d58f3d0 ROADMAP #100: claw status/doctor JSON expose no commit identity; stale-base subsystem unplumbed 
Dogfooded 2026-04-18 on main HEAD 63a0d30 from /tmp/cdU + /tmp/cdO*.

Three-fold gap:
1. status/doctor JSON workspace object has 13 fields; none of them
   contain: head_sha, head_short_sha, expected_base, base_source,
   stale_base_state, upstream, ahead, behind, merge_base, is_detached,
   is_bare, is_worktree. A claw cannot answer 'is this lane at the
   expected base?' from the JSON surface alone.

2. --base-commit flag is silently accepted by status/doctor/sandbox/
   init/export/mcp/skills/agents and silently dropped on dispatch.
   Same silent-no-op class as #98. A claw running
   'claw --base-commit $expected status' gets zero effect — flag
   parses into a local, discharged at dispatch.

3. runtime::stale_base subsystem is FULLY implemented with 30+ tests
   (BaseCommitState, BaseCommitSource, resolve_expected_base,
   read_claw_base_file, check_base_commit, format_stale_base_warning).
   run_stale_base_preflight at main.rs:3058 calls it from Prompt/Repl
   only, writes output to stderr as human prose. .claw-base file is
   honored internally but invisible to status/doctor JSON. Complete
   implementation, wrong dispatch points.

Plus: detached HEAD reported as magic string 'git_branch: "detached HEAD"'
without accompanying SHA. Bare repo/worktree/submodule indistinguishable
from regular repo in JSON. parse_git_status_branch has latent dot-split
truncation bug on branch names like 'feat.ui' with upstream.

Hits roadmap Product Principle #4 (Branch freshness before blame) and
Phase 2 §4.2 (branch.stale_against_main event) directly — both
unimplementable without commit identity in the JSON surface.

Fix shape (~80 lines plumbing):
- add head_sha/head_short_sha/is_detached/head_ref/is_bare/is_worktree
- add base_commit: {source, expected, state}
- add upstream: {ref, ahead, behind, merge_base}
- wire --base-commit into CliAction::Status + CliAction::Doctor
- add stale_base doctor check
- fix parse_git_status_branch dot-split at :2541

Cross-cluster: truth-audit/diagnostic-integrity (#80-#87, #89) +
silent-flag (#96-#99) + unplumbed-subsystem (#78). Natural bundles:
#89+#100 (git-state completeness) and #78+#96+#100 (unplumbed surface).

Milestone: ROADMAP #100.

Filed in response to Clawhip pinpoint nudge 1494782026660712672
in #clawcode-building-in-public.
 2026-04-18 04:36:47 +09:00
YeonGyu-Kim
63a0d30f57 ROADMAP #99: claw system-prompt --cwd/--date unvalidated, prompt-injection via newline 
Dogfooded 2026-04-18 on main HEAD 0e263be from /tmp/cdN.

parse_system_prompt_args at main.rs:1162-1190 does:
  cwd = PathBuf::from(value);
  date.clone_from(value);

Zero validation. Both values flow through to
SystemPromptBuilder::render_env_context (prompt.rs:175-186) and
render_project_context (prompt.rs:289-293) where they are formatted
into the system prompt output verbatim via format!().

Two injection points per value:
  - # Environment context
    - 'Working directory: {cwd}'
    - 'Date: {date}'
  - # Project context
    - 'Working directory: {cwd}'
    - 'Today's date is {date}.'

Demonstrated attacks:
  --date 'not-a-date'     → accepted
  --date '9999-99-99'     → accepted
  --date '1900-01-01'     → accepted
  --date "2025-01-01'; DROP TABLE users;--" → accepted verbatim
  --date $'2025-01-01\nMALICIOUS: ignore all previous rules'
    → newline breaks out of bullet into standalone system-prompt
      instruction line that the LLM will read as separate guidance

  --cwd '/does/not/exist'  → silently accepted, rendered verbatim
  --cwd ''                 → empty 'Working directory: ' line
  --cwd $'/tmp\nMALICIOUS: pwn' → newline injection same pattern

--help documents format as '[--cwd PATH] [--date YYYY-MM-DD]'.
Parser enforces neither. Same class as #96 / #98 — documented
constraint, unenforced at parse boundary.

Severity note: most severe of the #96/#97/#98/#99 silent-flag
class because the failure mode is prompt injection, not a silent
feature no-op. A claw or CI pipeline piping tainted
$REPO_PATH / $USER_INPUT into claw system-prompt is a
vector for LLM manipulation.

Fix shape:
  1. parse --date as chrono::NaiveDate::parse_from_str(value, '%Y-%m-%d')
  2. validate --cwd via std::fs::canonicalize(value)
  3. defense-in-depth: debug_assert no-newlines at render boundary
  4. regression tests for each rejected case

Cross-cluster: sibling of #83 (system-prompt date = build date)
and #84 (dump-manifests bakes abs path) — all three are about
the system-prompt / manifest surface trusting compile-time or
operator-supplied values that should be validated.

Filed in response to Clawhip pinpoint nudge 1494774477009981502
in #clawcode-building-in-public.
 2026-04-18 04:03:29 +09:00
YeonGyu-Kim
0e263bee42 ROADMAP #98: --compact silently ignored in 9 dispatch paths + stdin-piped Prompt hardcodes compact=false 
Dogfooded 2026-04-18 on main HEAD 7a172a2 from /tmp/cdM.

--help at main.rs:8251 documents --compact as 'text mode only;
useful for piping.' The implementation knows the constraint but
never enforces it at the parse boundary — the flag is silently
dropped in every non-{Prompt+Text} dispatch path:

1. --output-format json prompt: run_turn_with_output (:3807-3817)
   has no CliOutputFormat::Json if compact arm; JSON branch
   ignores compact entirely
2. status/sandbox/doctor/init/export/mcp/skills/agents: those
   CliAction variants have no compact field at all; parse_args
   parses --compact into a local bool and then discharges it
   with nowhere to go on dispatch
3. claw --compact with piped stdin: the stdin fallthrough at
   main.rs:614 hardcodes compact: false regardless of the
   user-supplied --compact — actively overriding operator intent

No error, no warning, no diagnostic. A claw using
claw --compact --output-format json '...' to pipe-friendly output
gets full verbose JSON silently.

Fix shape:
- reject --compact + --output-format json at parse time (~5 lines)
- reject --compact on non-Prompt subcommands with a named error
  (~15 lines)
- honor --compact in stdin-piped Prompt fallthrough: change
  compact: false to compact at :614 (1 line)
- optionally add CliOutputFormat::Json if compact arm if
  compact-JSON is desirable

Joins silent-flag no-op class with #96 (Resume-safe leak) and
#97 (silent-empty allow-set). Natural bundle #96+#97+#98 covers
the --help/flag-validation hygiene triangle.

Filed in response to Clawhip pinpoint nudge 1494766926826700921
in #clawcode-building-in-public.
 2026-04-18 03:32:57 +09:00
YeonGyu-Kim
7a172a2534 ROADMAP #97: --allowedTools empty-string silently blocks all tools, no observable signal 
Dogfooded 2026-04-18 on main HEAD 3ab920a from /tmp/cdL.

Silent vs loud asymmetry for equivalent mis-input at the
tool-allow-list knob:
- `--allowedTools "nonsense"` → loud structured error naming
  every valid tool (works as intended)
- `--allowedTools ""` (shell-expansion failure, $TOOLS expanded
  empty) → silent Ok(Some(BTreeSet::new())) → all tools blocked
- `--allowedTools ",,"` → same silent empty set
- `.claw.json` with `allowedTools` → fails config load with
  'unknown key allowedTools' — config-file surface locked out,
  CLI flag is the only knob, and the CLI flag has the footgun

Trace: tools/src/lib.rs:192-248 normalize_allowed_tools. Input
values=[""] is NOT empty (len=1) so the early None guard at
main.rs:1048 skips. Inner split/filter on empty-only tokens
produces zero elements; the error-producing branch never runs.
Returns Ok(Some(empty)), which downstream filter treats as
'allow zero tools' instead of 'allow all tools.'

No observable recovery: status JSON exposes kind/model/
permission_mode/sandbox/usage/workspace but no allowed_tools
field. doctor check set has no tool_restrictions category. A
lane that silently restricted itself to zero tools gets no
signal until an actual tool call fails at runtime.

Fix shape: reject empty-token input at parse time with a clear
error. Add explicit --allowedTools none opt-in if zero-tool
lanes are desirable. Surface active allow-set in status JSON
and as a doctor check. Consider supporting allowedTools in
.claw.json or improving its rejection message.

Joins permission-audit sweep (#50/#87/#91/#94) on the
tool-allow-list axis. Sibling of #86 on the truth-audit side:
both are 'misconfigured claws have no observable signal.'

Filed in response to Clawhip pinpoint nudge 1494759381068419115
in #clawcode-building-in-public.
 2026-04-18 03:04:08 +09:00
YeonGyu-Kim
3ab920ac30 ROADMAP #96: claw --help Resume-safe summary leaks 62 STUB_COMMANDS entries 
Dogfooded 2026-04-18 on main HEAD 8db8e49 from /tmp/cdK. Partial
regression of ROADMAP #39 / #54 at the help-output layer.

'claw --help' emits two separate slash-command enumerations:
(1) Interactive slash commands block -- correctly filtered via
    render_slash_command_help_filtered(STUB_COMMANDS) at main.rs:8268
(2) Resume-safe commands one-liner -- UNFILTERED, emits every entry
    from resume_supported_slash_commands() at main.rs:8270-8278

Programmatic cross-check: intersect the Resume-safe listing with
STUB_COMMANDS (60+ entries at main.rs:7240-7320) returns 62
overlaps: budget, rate-limit, metrics, diagnostics, workspace,
reasoning, changelog, bookmarks, allowed-tools, tool-details,
language, max-tokens, temperature, system-prompt, output-style,
privacy-settings, keybindings, thinkback, insights, stickers,
advisor, brief, summary, vim, and more. All advertised as
resume-safe; all produce 'Did you mean /X' stub-guard errors when
actually invoked in resume mode.

Fix shape: one-line filter at main.rs:8270 adding
.filter(|spec| !STUB_COMMANDS.contains(&spec.name)) or extract
shared helper resume_supported_slash_commands_filtered. Add
regression test parallel to stub_commands_absent_from_repl_
completions that parses the Resume-safe line and asserts no entry
matches STUB_COMMANDS.

Filed in response to Clawhip pinpoint nudge 1494751832399024178 in
#clawcode-building-in-public.
 2026-04-18 02:35:06 +09:00
YeonGyu-Kim
8db8e4902b ROADMAP #95: skills install is user-scope only, no uninstall, leaks across workspaces 
Dogfooded 2026-04-18 on main HEAD b7539e6 from /tmp/cdJ. Three
stacked gaps on the skill-install surface:

(1) User-scope only install. default_skill_install_root at
    commands/src/lib.rs returns CLAW_CONFIG_HOME/skills ->
    CODEX_HOME/skills -> HOME/.claw/skills -- all user-level. No
    project-scope code path. Installing from workspace A writes to
    ~/.claw/skills/X and makes X active:true in every other
    workspace with source.id=user_claw.

(2) No uninstall. claw --help enumerates /skills
    [list|install|help|<skill>] -- no uninstall. 'claw skills
    uninstall X' falls through to prompt-dispatch. REPL /skill is
    identical. Removing a bad skill requires manual rm -rf on the
    installed path parsed out of install receipt output.

(3) No scope signal. Install receipt shows 'Registry
    /Users/yeongyu/.claw/skills' but the operator is never asked
    project vs user, and JSON receipt does not distinguish install
    scope.

Doubly compounds with #85 (skill discovery ancestor walk): an
attacker who can write under an ancestor OR can trick the operator
into one bad 'skills install' lands a skill in the user-level
registry that's active in every future claw invocation.

Runs contrary to the project/user/local three-tier scope settings
already use (User / Project / Local via ConfigSource). Skills
collapse all three onto User at install time.

Fix shape (~60 lines): --scope user|project|local flag on skills
install (no default in --output-format json mode, prompt
interactively); claw skills uninstall + /skills uninstall
slash-command; installed_path per skill record in --output-format
json skills output.

Filed in response to Clawhip pinpoint nudge 1494744278423961742 in
#clawcode-building-in-public.
 2026-04-18 02:03:10 +09:00
YeonGyu-Kim
b7539e679e ROADMAP #94: permission rules accept typos, case-sensitive match disagrees with ecosystem convention, invisible in all diagnostic surfaces 
Dogfooded 2026-04-18 on main HEAD 7f76e6b from /tmp/cdI. Three
stacked failures on the permission-rule surface:

(1) Typo tolerance. parse_optional_permission_rules at
    runtime/src/config.rs:780-798 is just optional_string_array with
    no per-entry validation. Typo rules like 'Reed', 'Bsh(echo:*)',
    'WebFech' load silently; doctor reports config: ok.

(2) Case-sensitive match against lowercase runtime names.
    PermissionRule::matches does self.tool_name != tool_name strict
    compare. Runtime registers tools lowercase (bash).
    Claude Code convention / MCP docs use capitalized (Bash). So
    'deny: ["Bash(rm:*)"]' never fires because tool_name='bash' !=
    rule.tool_name='Bash'. Cross-harness config portability fails
    open, not closed.

(3) Loaded rules invisible. status JSON has no permission_rules
    field. doctor has no rules check. A clawhip preflight asking
    'does this lane actually deny Bash(rm:*)?' has no
    machine-readable answer; has to re-parse .claw.json and
    re-implement parse semantics.

Contrast: --allowedTools CLI flag HAS tool-name validation with a
50+ tool registry. The same registry is not consulted when parsing
permissions.allow/deny/ask. Asymmetric validation, same shape as
#91 (config accepts more permission-mode labels than CLI).

Fix shape (~30-45 lines): validate rule tool names against the
same registry --allowedTools uses; case-fold tool_name compare in
PermissionRule::matches; expose loaded rules in status/doctor JSON
with unknown_tool flag.

Filed in response to Clawhip pinpoint nudge 1494736729582862446 in
#clawcode-building-in-public.
 2026-04-18 01:34:15 +09:00
YeonGyu-Kim
7f76e6bbd6 ROADMAP #93: --resume reference heuristic forks silently; no workspace scoping 
Dogfooded 2026-04-18 on main HEAD bab66bb from /tmp/cdH.
SessionStore::resolve_reference at runtime/src/session_control.rs:
86-116 branches on a textual heuristic -- looks_like_path =
direct.extension().is_some() || direct.components().count() > 1.
Same-looking reference triggers two different code paths:

Repros:
- 'claw --resume session-123' -> managed store lookup (no extension,
  no slash) -> 'session not found: session-123'
- 'claw --resume session-123.jsonl' -> workspace-relative file path
  (extension triggers path branch) -> opens /cwd/session-123.jsonl,
  succeeds if present
- 'claw --resume /etc/passwd' -> absolute path opened verbatim,
  fails only because JSONL parse errors ('invalid JSONL record at
  line 1: unexpected character: #')
- 'claw --resume /etc/hosts' -> same; file is read, structural
  details (first char, line number) leak in error
- symlink inside .claw/sessions/<fp>/passwd-symlink.jsonl pointing
  at /etc/passwd -> claw --resume passwd-symlink follows it

Clawability impact: operators copying session ids from /session
list naturally try adding .jsonl and silently hit the wrong branch.
Orchestrators round-tripping session ids through --resume cannot
do any path normalization without flipping lookup modes. No
workspace scoping, so any readable file on disk is a valid target.
Symlinks inside managed path escape the workspace silently.

Fix shape (~15 lines minimum): canonicalize the resolved candidate
and assert prefix match with workspace_root before opening; return
OutsideWorkspace typed error otherwise. Optional cleanup: split
--resume <id> and --resume-file <path> into explicit shapes.

Filed in response to Clawhip pinpoint nudge 1494729188895359097 in
#clawcode-building-in-public.
 2026-04-18 01:04:37 +09:00
YeonGyu-Kim
bab66bb226 ROADMAP #92: MCP config does not expand ${VAR} or ~/ — standard configs fail silently 
Dogfooded 2026-04-18 on main HEAD d0de86e from /tmp/cdE. MCP
command, args, url, headers, headersHelper config fields are
loaded and passed to execve/URL-parse verbatim. No ${VAR}
interpolation, no ~/ home expansion, no preflight check, no doctor
warning.

Repros:
- {'command':'~/bin/my-server','args':['~/config/file.json']} ->
  execve('~/bin/my-server', ['~/config/file.json']) -> ENOENT at
  MCP connect time.
- {'command':'${HOME}/bin/my-server','args':['--tenant=${TENANT_ID}']}
  -> literal ${HOME}/bin/my-server handed to execve; literal
  ${TENANT_ID} passed to the server as tenant argument.
- {'headers':{'Authorization':'Bearer ${API_TOKEN}'}} -> literal
  string 'Bearer ${API_TOKEN}' sent as HTTP header.

Trace: parse_mcp_server_config in runtime/src/config.rs stores
strings raw; McpStdioProcess::spawn at mcp_stdio.rs:1150-1170 is
Command::new(&transport.command).args(&transport.args).spawn().
grep interpolate/expand_env/substitute/${ across runtime/src/
returns empty outside format-string literals.

Clawability impact: every public MCP server README uses ${VAR}/~/
in examples; copy-pasted configs load with doctor:ok and fail
opaquely at spawn with generic ENOENT that has lost the context
about why. Operators forced to hardcode secrets in .claw.json
(triggering #90) or wrap commands in shell scripts -- both worse
security postures than the ecosystem norm. Cross-harness round-trip
from Claude Code /.mcp.json breaks when interpolation is present.

Fix shape (~50 lines): config-load-time interpolation of ${VAR}
and leading ~/ in command/args/url/headers/headers_helper; missing-
variable warnings captured into ConfigLoader all_warnings; optional
{'config':{'expand_env':false}} toggle; mcp_config_interpolation
doctor check that flags literal ${ / ~/ remaining after substitution.

Filed in response to Clawhip pinpoint nudge 1494721628917989417 in
#clawcode-building-in-public.
 2026-04-18 00:35:44 +09:00
YeonGyu-Kim
d0de86e8bc ROADMAP #91: permission-mode parsers disagree; dontAsk silently means danger-full-access 
Dogfooded 2026-04-18 on main HEAD 478ba55 from /tmp/cdC. Two
permission-mode parsers disagree on valid labels:
- Config parse_permission_mode_label (runtime/src/config.rs:851-862)
  accepts 8 labels and collapses 5 aliases onto 3 canonical modes.
- CLI normalize_permission_mode (rusty-claude-cli/src/main.rs:5455-
  5461) accepts only the 3 canonical labels.

Same binary, same intent, opposite verdicts:
  .claw.json {"defaultMode":"plan"} -> silent ReadOnly + doctor ok
  --permission-mode plan -> rejected with 'unsupported permission mode'

Semantic collapses of note:
- 'default' -> ReadOnly (name says nothing about what default means)
- 'plan' -> ReadOnly (upstream plan-mode semantics don't exist in
  claw; ExitPlanMode tool exists but has no matching PermissionMode
  variant)
- 'acceptEdits'/'auto' -> WorkspaceWrite (ambiguous names)
- 'dontAsk' -> DangerFullAccess (FOOTGUN: sounds like 'quiet mode',
  actually the most permissive; community copy-paste bypasses every
  danger-keyword audit)

Status JSON exposes canonicalized permission_mode only; original
label lost. Claw reading status cannot distinguish 'plan' from
explicit 'read-only', or 'dontAsk' from explicit 'danger-full-access'.

Fix shape (~20-30 lines): align the two parsers to accept/reject
identical labels; add permission_mode_raw to status JSON (paired
with permission_mode_source from #87); either remove the 'dontAsk'
alias or trigger a doctor warn when raw='dontAsk'; optionally
introduce a real PermissionMode::Plan runtime variant.

Filed in response to Clawhip pinpoint nudge 1494714078965403848 in
#clawcode-building-in-public.
 2026-04-18 00:05:13 +09:00
YeonGyu-Kim
478ba55063 ROADMAP #90: claw mcp surface redacts env but dumps args/url/headersHelper 
Dogfooded 2026-04-17 on main HEAD 64b29f1 from /tmp/cdB. The MCP
details surface correctly redacts env -> env_keys and headers ->
header_keys (deliberate precedent for 'show config without secrets'),
but dumps args, url, and headersHelper verbatim even though all
three standardly carry inline credentials.

Repros:
(1) args leak: {'args':['--api-key','sk-secret-ABC123','--token=...',
    '--url=https://user:password@host/db']} appears unredacted in
    both details.args and the summary string.
(2) URL leak: 'url':'https://user:SECRET@api.example.com/mcp' and
    matching summary.
(3) headersHelper leak: helper command path + its secret-bearing
    argv emitted whole.

Trace: mcp_server_details_json at commands/src/lib.rs:3972-3999 is
the single redaction point. env/headers get key-only projection;
args/url/headers_helper carve-out with no explaining comment. Text
surface at :3873-3920 mirrors the same leak.

Clawability shape: mcp list --output-format json is exactly the
surface orchestrators scrape for preflight and that logs / Discord
announcements / claw export / CI artifacts will carry. Asymmetric
redaction sends the wrong signal -- consumers assume secret-aware,
the leak is unexpected and easy to miss. Standard MCP wiring
patterns (--api-key, postgres://user:pass@, token helper scripts)
all hit the leak.

Fix shape (~40-60 lines): redact args with secret heuristic
(--api-key, --token, --password, high-entropy tails, user:pass@);
redact URL basic-auth + query-string secrets; split headersHelper
argv and apply args heuristic; add optional --show-sensitive
opt-in; add mcp_secret_posture doctor check. No MCP runtime
behavior changes -- only reporting surface.

Filed in response to Clawhip pinpoint nudge 1494706529918517390 in
#clawcode-building-in-public.
 2026-04-17 23:32:40 +09:00
YeonGyu-Kim
64b29f16d5 ROADMAP #89: claw blind to mid-rebase/merge/cherry-pick git states 
Dogfooded 2026-04-17 on main HEAD 9882f07. A rebase halted on
conflict leaves .git/rebase-merge/ on disk + HEAD detached on the
rebase intermediate commit. 'claw --output-format json status'
reports git_state='dirty ... 1 conflicted', git_branch='detached
HEAD', no rebase flag. 'claw --output-format json doctor' reports
workspace: {status:ok, summary:'project root detected on branch
detached HEAD'}.

Trace: parse_git_workspace_summary at rusty-claude-cli/src/main.rs:
2550-2587 scans git status --short output only; no .git/rebase-
merge, .git/rebase-apply, .git/MERGE_HEAD, .git/CHERRY_PICK_HEAD,
.git/BISECT_LOG check anywhere in rust/crates/. check_workspace_
health emits Ok so long as a project root was detected.

Clawability impact: preflight blindness (doctor ok on paused lane),
stale-branch detection breaks (freshness vs base is meaningless
when HEAD is a rebase intermediate), no recovery surface (no
abort/resume hints), same 'surface lies about runtime truth' family
as #80-#87.

Fix shape (~20 lines): detect marker files, expose typed
workspace.git_operation field (kind/paused/abort_hint/resume_hint),
flip workspace doctor verdict to warn when git_operation != null.

Filed in response to Clawhip pinpoint nudge 1494698980091756678 in
#clawcode-building-in-public.
 2026-04-17 23:03:53 +09:00
YeonGyu-Kim
9882f07e7d ROADMAP #88: unbounded CLAUDE.md ancestor walk = prompt injection via /tmp 
Dogfooded 2026-04-17 on main HEAD 82bd8bb from
/tmp/claude-md-injection/inner/work. discover_instruction_files at
runtime/src/prompt.rs:203-224 walks cursor.parent() until None with
no project-root bound, no HOME containment, no git boundary. Four
candidate paths per ancestor (CLAUDE.md, CLAUDE.local.md,
.claw/CLAUDE.md, .claw/instructions.md) are loaded and inlined
verbatim into the agent's system prompt under '# Claude instructions'.

Repro: /tmp/claude-md-injection/CLAUDE.md containing adversarial
guidance appears under 'CLAUDE.md (scope: /private/tmp/claude-md-
injection)' in claw system-prompt from any nested CWD. git init
inside the worker does not terminate the walk. /tmp/CLAUDE.md alone
is sufficient -- /tmp is world-writable with sticky bit on macOS/
Linux, so any local user can plant agent guidance for every other
user's claw invocation under /tmp/anything.

Worse than #85 (skills ancestor walk): no agent action required
(injection fires on every turn before first user message), lower
bar for the attacker (raw Markdown, no frontmatter), standard
world-writable drop point (/tmp), no doctor signal. Same structural
fix family though: prompt.rs:203, commands/src/lib.rs:2795
(skills), and commands/src/lib.rs:2724 (agents) all need the same
project_root / HOME bound.

Fix shape (~30-50 lines): bound ancestor walk at project root /
HOME; add doctor check that surfaces loaded instruction files with
paths; add settings.json opt-in toggle for monorepo ancestor
inheritance with 'source: ancestor' annotation.

Filed in response to Clawhip pinpoint nudge 1494691430096961767 in
#clawcode-building-in-public.
 2026-04-17 22:33:13 +09:00
YeonGyu-Kim
82bd8bbf77 ROADMAP #87: fresh-workspace permission default is danger-full-access, doctor silent 
Dogfooded 2026-04-17 on main HEAD d6003be against /tmp/cd8. Fresh
workspace, no config, no env, no CLI flag: claw status reports
'Permission mode  danger-full-access'. 'claw doctor' has no
permission-mode check at all -- zero lines mention it.

Trace: rusty-claude-cli/src/main.rs:1099-1107 default_permission_mode
falls back to PermissionMode::DangerFullAccess when env/config miss.
runtime/src/permissions.rs:7-15 PermissionMode ordinal puts
DangerFullAccess above WorkspaceWrite/ReadOnly, so current_mode >=
required_mode gate at :260-264 auto-approves every tool spec requiring
DangerFullAccess or below -- including bash and PowerShell.
check_sandbox_health exists at :1895-1910 but no parallel
check_permission_health. Status JSON exposes permission_mode but no
permission_mode_source field -- fallback indistinguishable from
deliberate choice.

Interacts badly with #86: corrupt .claw.json silently drops the
user's 'plan' choice AND escalates to danger-full-access fallback,
and doctor reports Config: ok across both failures.

Fix shape (~30-40 lines): add permission doctor check (warn when
effective=DangerFullAccess via fallback); add permission_mode_source
to status JSON; optionally flip fallback to WorkspaceWrite/Prompt
for non-interactive invocations.

Filed in response to Clawhip pinpoint nudge 1494683886658257071 in
#clawcode-building-in-public.
 2026-04-17 22:06:49 +09:00
YeonGyu-Kim
d6003be373 ROADMAP #86: corrupt .claw.json silently dropped, doctor says config ok 
Dogfooded 2026-04-17 on main HEAD 586a92b against /tmp/cd7. A valid
.claw.json with permissions.defaultMode=plan applies correctly
(claw status shows Permission mode read-only). Corrupt the same
file to junk text and: (1) claw status reverts to
danger-full-access, (2) claw doctor still reports
Config: status=ok, summary='runtime config loaded successfully',
with loaded_config_files=0 and discovered_files_count=1 side by
side in the same check.

Trace: read_optional_json_object at runtime/src/config.rs:674-692
sets is_legacy_config = (file_name == '.claw.json') and on parse
failure returns Ok(None) instead of Err(ConfigError::Parse). No
warning, no eprintln. ConfigLoader::load() continues past the None,
reports overall success. Doctor check at
rusty-claude-cli/src/main.rs:1725-1754 emits DiagnosticLevel::Ok
whenever load() returned Ok, even with loaded 0/1.

Compare a non-legacy settings path at .claw/settings.json with
identical corruption: doctor correctly fails loudly. Same file
contents, different filename -> opposite diagnostic verdict.

Intent was presumably legacy compat with stale historical .claw.json.
Implementation now masks live user-written typos. A clawhip preflight
that gates on 'status != ok' never sees this. Same surface-lies-
about-runtime-truth shape as #80-#84, at the config layer.

Fix shape (~20-30 lines): replace silent skip with warn-and-skip
carrying the parse error; flip doctor verdict when
loaded_count < present_count; expose skipped_files in JSON surface.

Filed in response to Clawhip pinpoint nudge 1494676332507041872 in
#clawcode-building-in-public.
 2026-04-17 21:33:44 +09:00
YeonGyu-Kim
586a92ba79 ROADMAP #85: unbounded ancestor walk enumerates attacker-placed skills 
Dogfooded 2026-04-17 on main HEAD 2eb6e0c. discover_skill_roots at
commands/src/lib.rs:2795 iterates cwd.ancestors() unbounded -- no
project-root check, no HOME containment, no git boundary. Any
.claw/skills, .omc/skills, .agents/skills, .codex/skills,
.claude/skills directory on any ancestor path up to / is enumerated
and marked active: true in 'claw --output-format json skills'.

Repro 1 (cross-tenant skill injection): write
/tmp/trap/.agents/skills/rogue/SKILL.md; cd /tmp/trap/inner/work
and 'claw skills' shows rogue as active, sourced as Project roots.
git init inside the inner CWD does NOT stop the walk.

Repro 2 (CWD-dependent skill set): CWD under $HOME yields
~/.agents/skills contents; CWD outside $HOME hides them. Same user,
same binary, 26-skill delta driven by CWD alone.

Security shape: any attacker-writable ancestor becomes a skill
injection primitive. Skill descriptions are free-form Markdown fed
into the agent context -- crafted descriptions become prompt
injection. tools/src/lib.rs:3295 independently walks ancestors for
dispatch, so the injected skill is also executable via slash
command, not just listed.

Fix shape (~30-50 lines): bound ancestor walk at project root
(ConfigLoader::project_root), optionally also at $HOME; require
explicit settings.json toggle for monorepo ancestor inheritance;
mirror fix in tools/src/lib.rs::push_project_skill_lookup_roots so
listed and dispatchable skill surfaces match.

Filed in response to Clawhip pinpoint nudge 1494668784382771280 in
#clawcode-building-in-public.
 2026-04-17 21:07:10 +09:00
YeonGyu-Kim
2eb6e0c1ee ROADMAP #84: dump-manifests bakes build machine's absolute path into binary 
Dogfooded 2026-04-17 on main HEAD 70a0f0c from /tmp/cd4.
'claw dump-manifests' with no arguments emits:
  error: Manifest source files are missing.
    repo root: /Users/yeongyu/clawd/claw-code
    missing: src/commands.ts, src/tools.ts, src/entrypoints/cli.tsx

That path is the *build machine*'s absolute filesystem layout, baked
in via env!('CARGO_MANIFEST_DIR') at rusty-claude-cli/src/main.rs:2016.
strings on the binary reveals the raw path verbatim. JSON surface
(--output-format json) leaks the same path identically.

Three problems: (1) broken default for any user running a distributed
binary because the path won't exist on their machine; (2) privacy
leak -- build user's $HOME segment embedded in the binary and
surfaced to every recipient; (3) reproducibility violation -- two
binaries built from the same commit on different machines produce
different runtime behavior. Same compile-time-vs-runtime family as
ROADMAP #83 (build date injected as 'today').

Fix shape (<=20 lines): drop env!('CARGO_MANIFEST_DIR') from the
runtime default, require CLAUDE_CODE_UPSTREAM / --manifests-dir /
settings entry, reword error to name the required config instead of
leaking a path the user never asked for. Optional polish: add a
settings.json [upstream] entry.

Acceptance: strings <binary> | grep '^/Users/' returns empty for the
shipped binary. Default error surface contains zero absolute paths
from the build machine.

Filed in response to Clawhip pinpoint nudge 1494661235336282248 in
#clawcode-building-in-public.
 2026-04-17 20:36:51 +09:00
YeonGyu-Kim
70a0f0cf44 ROADMAP #83: DEFAULT_DATE injects build date as 'today' in live system prompt 
Dogfooded 2026-04-17 on main HEAD e58c194 against /tmp/cd3. Binary
built 2026-04-10; today is 2026-04-17. 'claw system-prompt' emits
'Today's date is 2026-04-10.' The same DEFAULT_DATE constant
(rusty-claude-cli/src/main.rs:69-72) is threaded into
build_system_prompt() at :6173-6180 and every ClaudeCliSession /
StreamingCliSession / non-interactive runner (lines 3649, 3746,
4165, 4211, ...), so the stale date lives in the LIVE agent prompt,
not just the system-prompt subcommand.

Agents reason from 'today = compile day,' which silently breaks any
task that depends on real time (freshness, deadlines, staleness,
expiry). Violates ROADMAP principle #4 (branch freshness before
blame) and mixes compile-time context into runtime behavior,
producing different prompts for two agents on the same main HEAD
built a week apart.

Fix shape (~30 lines): compute current_date at runtime via
chrono::Utc::now().date_naive(), sweep DEFAULT_DATE call sites in
main.rs, keep --date override and --version's build-date meaning,
add CLAWD_OVERRIDE_DATE env escape for reproducible tests.

Filed in response to Clawhip pinpoint nudge 1494653681222811751 in
#clawcode-building-in-public.
 2026-04-17 20:02:37 +09:00
YeonGyu-Kim
e58c1947c1 ROADMAP #82: macOS sandbox filesystem_active=true is a lie 
Dogfooded 2026-04-17 on main HEAD 1743e60 against /tmp/claw-dogfood-2.
claw --output-format json sandbox on macOS reports filesystem_active=
true, filesystem_mode=workspace-only but the actual enforcement is
only HOME/TMPDIR env-var rebasing at bash.rs:205-209 / :228-232.
build_linux_sandbox_command is cfg(target_os=linux)-gated and returns
None on macOS, so the fallback path is sh -lc <command> with env
tweaks and nothing else. Direct escape proof: a child with
HOME=/ws/.sandbox-home TMPDIR=/ws/.sandbox-tmp writes
/tmp/claw-escape-proof.txt and mkdir /tmp/claw-probe-target without
error.

Clawability problem: claws/orchestrators read SandboxStatus JSON and
branch on filesystem_active && filesystem_mode=='workspace-only' to
decide whether a worker can safely touch /tmp or $HOME. Today that
branch lies on macOS.

Fix shape option A (low-risk, ~15 lines): compute filesystem_active
only where an enforcement path exists, so macOS reports false by
default and fallback_reason surfaces the real story. Option B:
wire a Seatbelt (sandbox-exec) profile for actual macOS enforcement.

Filed in response to Clawhip pinpoint nudge 1494646135317598239 in
#clawcode-building-in-public.
 2026-04-17 19:33:06 +09:00
YeonGyu-Kim
1743e600e1 ROADMAP #81: claw status Project root lies about session scope 
Dogfooded 2026-04-17 on main HEAD a48575f inside claw-code itself
and reproduced on /tmp/claw-split-17. SessionStore::from_cwd at
session_control.rs:32-40 uses the raw CWD as input to
workspace_fingerprint() (line 295-303), not the project root
surfaced in claw status. Result: two CWDs in the same git repo
(e.g. ~/clawd/claw-code vs ~/clawd/claw-code/rust) report the same
Project root in status but land in two disjoint .claw/sessions/
<fp>/ partitions. claw --resume latest from one CWD returns
'no managed sessions found' even though the adjacent CWD has a
live session visible via /session list.

Status-layer truth (Project root) and session-layer truth
(fingerprint-of-CWD) disagree and neither surface exposes the
disagreement -- classic split-truth per ROADMAP pain point #2.

Fix shape (<=40 lines): (a) fingerprint the project root instead
of raw CWD, or (b) surface partition key explicitly in status.

Filed in response to Clawhip pinpoint nudge 1494638583481372833
in #clawcode-building-in-public.
 2026-04-17 19:05:12 +09:00
Jobdori
a48575fd83 ROADMAP #80: session-lookup error copy lies about on-disk layout 
Dogfooded 2026-04-17 on main HEAD 688295e against /tmp/claw-d4.
SessionStore::from_cwd at session_control.rs:32-40 places sessions
under .claw/sessions/<workspace_fingerprint>/ (16-char FNV-1a hex
at line 295-303), but format_no_managed_sessions and
format_missing_session_reference at line 516-526 advertise plain
.claw/sessions/ with no fingerprint context.

Concrete repro: fresh workspace, no sessions yet, .claw/sessions/
contains foo/ (hash dir, empty) + ffffffffffffffff/foreign.jsonl
(foreign workspace session). 'claw --resume latest' still says
'no managed sessions found in .claw/sessions/' even though that
directory is not empty -- the sessions just belong to other
workspace partitions.

Fix shape is ~30 lines: plumb the resolved sessions_root/workspace
into the two format helpers, optionally enumerate sibling partitions
so error copy tells the operator where sessions from other workspaces
are and why they're invisible.

Filed in response to Clawhip pinpoint nudge 1494615932222439456 in
#clawcode-building-in-public.
 2026-04-17 17:33:05 +09:00
Jobdori
688295ea6c ROADMAP #79: claw --output-format json init discards structured InitReport 
Dogfooded 2026-04-17 on main HEAD 9deaa29. init.rs:38-113 already
builds a fully-typed InitReport { project_root, artifacts: Vec<
InitArtifact { name, status: InitStatus }> } but main.rs:5436-5454
calls .render() on it and throws the structure away, emitting only
{kind, message: '<prose>'} via init_json_value(). Downstream claws
have to regex 'created|updated|skipped' out of the message string
to know per-artifact state.

version/system-prompt/acp/bootstrap-plan all emit structured payloads
on the same binary -- init is the sole odd-one-out. Fix shape is ~20
lines: add InitReport::to_json_value + InitStatus::as_str, switch
run_init to hold the report instead of .render()-ing it eagerly,
preserve message for backward compat, add output_format_contract
regression.

Filed in response to Clawhip pinpoint nudge 1494608389068558386 in
#clawcode-building-in-public.
 2026-04-17 17:02:58 +09:00
Jobdori
9deaa29710 ROADMAP #78: claw plugins CLI route is a dead constructor 
Dogfooded 2026-04-17 on main HEAD d05c868. CliAction::Plugins variant
is declared at main.rs:303-307 and wired to LiveCli::print_plugins at
main.rs:202-206, but parse_args has no "plugins" arm, so
claw plugins / claw plugins list / claw --output-format json plugins
all fall through to the LLM-prompt catch-all and emit a missing
Anthropic credentials error. This is the sole documented-shaped
subcommand that does NOT resolve to a local CLI route:
agents, mcp, skills, acp, init, dump-manifests, bootstrap-plan,
system-prompt, export all work. grep confirms CliAction::Plugins has
exactly one hit in crates/ (the handler), not a constructor anywhere.

Filed with a ~15 line parser fix shape plus help/test wiring, matching
the pattern already used by agents/mcp/skills.

Filed in response to Clawhip pinpoint nudge 1494600832652546151 in
#clawcode-building-in-public.
 2026-04-17 16:33:09 +09:00
Jobdori
d05c8686b8 ROADMAP #77: typed error-kind contract for --output-format json errors 
Dogfooded 2026-04-17 against main HEAD 00d0eb6. Five distinct failure
classes (missing credentials, missing manifests, missing worker state,
session not found, CLI parse) all emit the same {type,error} envelope
with no machine-readable kind/code, so downstream claws have to regex
the prose to route failures. Success payloads already carry a stable
'kind' discriminator; error payloads do not. Fix shape proposes an
ErrorKind discriminant plus hint/context fields to match the success
side contract.

Filed in response to Clawhip pinpoint nudge 1494593284180414484 in
#clawcode-building-in-public.
 2026-04-17 16:08:41 +09:00
Yeachan-Heo
00d0eb61d4 US-024: Add token limit metadata for kimi models 
Add ModelTokenLimit entries for kimi-k2.5 and kimi-k1.5 to enable
preflight context window validation. Per Moonshot AI documentation:
- Context window: 256,000 tokens
- Max output: 16,384 tokens

Includes 3 unit tests:
- returns_context_window_metadata_for_kimi_models
- kimi_alias_resolves_to_kimi_k25_token_limits
- preflight_blocks_oversized_requests_for_kimi_models

All tests pass, clippy clean.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-17 04:15:38 +00:00
Yeachan-Heo
8d8e2c3afd Mark prd.json status as completed 
All 23 stories (US-001 through US-023) are now complete.
Updated status from "in_progress" to "completed".

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 20:05:13 +00:00
Yeachan-Heo
d037f9faa8 Fix strip_routing_prefix to handle kimi provider prefix (US-023) 
Add "kimi" to the strip_routing_prefix matches so that models like
"kimi/kimi-k2.5" have their prefix stripped before sending to the
DashScope API (consistent with qwen/openai/xai/grok handling).

Also add unit test strip_routing_prefix_strips_kimi_provider_prefix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 19:50:15 +00:00
Yeachan-Heo
330dc28fc2 Mark US-023 as complete in prd.json 
- Move US-023 from inProgressStories to completedStories
- All acceptance criteria met and verified

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 19:45:56 +00:00
Yeachan-Heo
cec8d17ca8 Implement US-023: Add automatic routing for kimi models to DashScope 
Changes in rust/crates/api/src/providers/mod.rs:
- Add 'kimi' alias to MODEL_REGISTRY resolving to 'kimi-k2.5' with DashScope config
- Add kimi/kimi- prefix routing to DashScope endpoint in metadata_for_model()
- Add resolve_model_alias() handling for kimi -> kimi-k2.5
- Add unit tests: kimi_prefix_routes_to_dashscope, kimi_alias_resolves_to_kimi_k2_5

Users can now use:
- --model kimi (resolves to kimi-k2.5)
- --model kimi-k2.5 (auto-routes to DashScope)
- --model kimi/kimi-k2.5 (explicit provider prefix)

All 127 tests pass, clippy clean.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 19:44:21 +00:00
Yeachan-Heo
4cb1db9faa Implement US-022: Enhanced error context for API failures 
Add structured error context to API failures:
- Request ID tracking across retries with full context in error messages
- Provider-specific error code mapping with actionable suggestions
- Suggested user actions for common error types (401, 403, 413, 429, 500, 502-504)
- Added suggested_action field to ApiError::Api variant
- Updated enrich_bearer_auth_error to preserve suggested_action

Files changed:
- rust/crates/api/src/error.rs: Add suggested_action field, update Display
- rust/crates/api/src/providers/openai_compat.rs: Add suggested_action_for_status()
- rust/crates/api/src/providers/anthropic.rs: Update error handling

All tests pass, clippy clean.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 19:15:00 +00:00
Yeachan-Heo
5e65b33042 US-021: Add request body size pre-flight check for OpenAI-compatible provider 2026-04-16 17:41:57 +00:00
Yeachan-Heo
87b982ece5 US-011: Performance optimization for API request serialization 
Added criterion benchmarks and optimized flatten_tool_result_content:
- Added criterion dev-dependency and request_building benchmark suite
- Optimized flatten_tool_result_content to pre-allocate capacity and avoid
  intermediate Vec construction (was collecting to Vec then joining)
- Made key functions public for benchmarking: translate_message,
  build_chat_completion_request, flatten_tool_result_content,
  is_reasoning_model, model_rejects_is_error_field

Benchmark results:
- flatten_tool_result_content/single_text: ~17ns
- translate_message/text_only: ~200ns
- build_chat_completion_request/10 messages: ~16.4µs
- is_reasoning_model detection: ~26-42ns

All 119 unit tests and 29 integration tests pass.
cargo clippy passes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 11:11:45 +00:00
Yeachan-Heo
f65d15fb2f US-010: Add model compatibility documentation 
Created comprehensive MODEL_COMPATIBILITY.md documenting:
- Kimi models is_error exclusion (prevents 400 Bad Request)
- Reasoning models tuning parameter stripping (o1, o3, o4, grok-3-mini, qwen-qwq)
- GPT-5 max_completion_tokens requirement
- Qwen model routing through DashScope

Includes implementation details, key functions table, guide for adding new
models, and testing commands. Cross-referenced with existing code comments.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 10:55:58 +00:00
Yeachan-Heo
3e4e1585b5 US-009: Add comprehensive unit tests for kimi model compatibility fix 
Added 4 unit tests to verify is_error field handling for kimi models:
- model_rejects_is_error_field_detects_kimi_models: Detects kimi-k2.5, kimi-k1.5, dashscope/kimi-k2.5 (case insensitive)
- translate_message_includes_is_error_for_non_kimi_models: Verifies gpt-4o, grok-3, claude include is_error
- translate_message_excludes_is_error_for_kimi_models: Verifies kimi models exclude is_error (prevents 400 Bad Request)
- build_chat_completion_request_kimi_vs_non_kimi_tool_results: Full integration test for request building

All 119 unit tests and 29 integration tests pass.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 10:54:48 +00:00
Yeachan-Heo
110d568bcf Mark US-008 complete: kimi-k2.5 API compatibility fix 
- translate_message now conditionally includes is_error field
- kimi models (kimi-k2.5, kimi-k1.5, etc.) exclude is_error
- Other models (openai, grok, xai) keep is_error support
 2026-04-16 10:12:36 +00:00
Yeachan-Heo
866ae7562c Fix formatting in task_packet.rs for CI 2026-04-16 09:35:18 +00:00
Yeachan-Heo
6376694669 Mark all 7 roadmap stories complete with PRD and progress record 
- Update prd.json: mark US-001 through US-007 as passes: true
- Add progress.txt: detailed implementation summary for all stories

All acceptance criteria verified:
- US-001: Startup failure evidence bundle + classifier
- US-002: Lane event schema with provenance and deduplication
- US-003: Stale branch detection with policy integration
- US-004: Recovery recipes with ledger
- US-005: Typed task packet format with TaskScope
- US-006: Policy engine for autonomous coding
- US-007: Plugin/MCP lifecycle maturity
 2026-04-16 09:31:47 +00:00
Yeachan-Heo
1d5748f71f US-005: Typed task packet format with TaskScope enum 
- Add TaskScope enum with Workspace, Module, SingleFile, Custom variants
- Update TaskPacket struct with scope_path and worktree fields
- Add validation for scope-specific requirements
- Fix tests in task_packet.rs, task_registry.rs, and tools/src/lib.rs
- Export TaskScope from runtime crate

Closes US-005 (Phase 4)
 2026-04-16 09:28:42 +00:00
Yeachan-Heo
77fb62a9f1 Implement LaneEvent schema extensions for event ordering, provenance, and dedupe (US-002) 
Adds comprehensive metadata support to LaneEvent for the canonical lane event schema:

- EventProvenance enum: live_lane, test, healthcheck, replay, transport
- SessionIdentity: title, workspace, purpose, with placeholder support
- LaneOwnership: owner, workflow_scope, watcher_action (Act/Observe/Ignore)
- LaneEventMetadata: seq, provenance, session_identity, ownership, nudge_id,
  event_fingerprint, timestamp_ms
- LaneEventBuilder: fluent API for constructing events with full metadata
- is_terminal_event(): detects Finished, Failed, Superseded, Closed, Merged
- compute_event_fingerprint(): deterministic fingerprint for terminal events
- dedupe_terminal_events(): suppresses duplicate terminal events by fingerprint

Provides machine-readable event provenance, session identity at creation,
monotonic sequence ordering, nudge deduplication, and terminal event suppression.

Adds 10 regression tests covering:
- Monotonic sequence ordering
- Provenance serialization round-trip
- Session identity completeness
- Ownership and workflow scope binding
- Watcher action variants
- Terminal event detection
- Fingerprint determinism and uniqueness
- Terminal event deduplication
- Builder construction with metadata
- Metadata serialization round-trip

Closes Phase 2 (partial) from ROADMAP.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 09:12:31 +00:00
Yeachan-Heo
21909da0b5 Implement startup-no-evidence evidence bundle + classifier (US-001) 
Adds typed worker.startup_no_evidence event with evidence bundle when worker
startup times out. The classifier attempts to down-rank the vague bucket into
specific failure classifications:
- trust_required
- prompt_misdelivery
- prompt_acceptance_timeout
- transport_dead
- worker_crashed
- unknown

Evidence bundle includes:
- Last known worker lifecycle state
- Pane/command being executed
- Prompt-send timestamp
- Prompt-acceptance state
- Trust-prompt detection result
- Transport health summary
- MCP health summary
- Elapsed seconds since worker creation

Includes 6 regression tests covering:
- Evidence bundle serialization
- Transport dead classification
- Trust required classification
- Prompt acceptance timeout
- Worker crashed detection
- Unknown fallback

Closes Phase 1.6 from ROADMAP.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 09:05:33 +00:00
Yeachan-Heo
ac45bbec15 Make ACP/Zed status obvious before users go source-diving 
ROADMAP #21, #22, and #23 were already closed on current main, so the next real repo-local backlog item was the ACP/Zed discoverability gap. This adds a local `claw acp` status surface plus aliases, updates help/docs, and separates the shipped discoverability fix from the still-open daemon/protocol follow-up so editor-first users get a crisp answer immediately.

Constraint: No ACP/Zed daemon or protocol server exists in claw-code yet, so the new surface must be explicit status guidance rather than a fake implementation
Rejected: Add a pretend `acp serve` daemon path | would imply supported protocol behavior that does not exist
Rejected: Docs-only clarification | still leaves `claw --help` unable to answer the editor-launch question directly
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep ROADMAP discoverability fixes separate from future ACP daemon/protocol work so help text and backlog IDs stay unambiguous
Tested: cargo fmt --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; cargo run -q -p rusty-claude-cli -- acp; cargo run -q -p rusty-claude-cli -- --output-format json acp; architect review APPROVED
Not-tested: Real ACP/Zed daemon launch because no protocol-serving surface exists yet
 2026-04-16 03:13:50 +00:00
Yeachan-Heo
64e058f720 refresh 2026-04-16 02:50:54 +00:00
Yeachan-Heo
e874bc6a44 Improve malformed hook failures so operators can diagnose broken JSON 
Malformed hook stdout that looks like JSON was collapsing into low-signal failure text during hook execution. This change preserves plain-text hook feedback for normal text hooks, but upgrades malformed JSON-like output into an explicit hook_invalid_json diagnostic that includes phase, tool, command, and bounded stdout/stderr previews. It also adds a regression test for malformed-but-nonempty output.

Constraint: User scoped the implementation to rust/crates/runtime/src/hooks.rs and tests only
Constraint: Existing plain-text hook feedback must remain intact for non-JSON hook output
Rejected: Treat every non-JSON stdout payload as invalid JSON | would break legitimate plain-text hook feedback
Confidence: high
Scope-risk: narrow
Directive: Keep malformed-hook diagnostics bounded and preserve the plain-text fallback for hooks that intentionally emit text
Tested: cargo test --manifest-path rust/Cargo.toml -p runtime hooks::tests:: -- --nocapture
Tested: cargo test --manifest-path rust/Cargo.toml -p runtime -- --nocapture
Tested: cargo clippy --manifest-path rust/Cargo.toml -p runtime --all-targets -- -D warnings
Not-tested: Full workspace clippy/test sweep outside runtime crate
 2026-04-13 12:44:52 +00:00
Yeachan-Heo
6a957560bd Make recovery handoffs explain why a lane resumed instead of leaking control prose 
Recent OMX dogfooding kept surfacing raw `[OMX_TMUX_INJECT]`
messages as lane results, which told operators that tmux reinjection
happened but not why or what lane/state it applied to. The lane-finished
persistence path now recognizes that control prose, stores structured
recovery metadata, and emits a human-meaningful fallback summary instead
of preserving the raw marker as the primary result.

Constraint: Keep the fix in the existing lane-finished metadata surface rather than inventing a new runtime channel
Rejected: Treat all reinjection prose as ordinary quality-floor mush | loses the recovery cause and target lane operators actually need
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Recovery classification is heuristic; extend the parser only when new operator phrasing shows up in real dogfood evidence
Tested: cargo fmt --all --check
Tested: cargo clippy --workspace --all-targets -- -D warnings
Tested: cargo test --workspace
Tested: LSP diagnostics on rust/crates/tools/src/lib.rs (0 errors)
Tested: Architect review (APPROVE)
Not-tested: Additional reinjection phrasings beyond the currently observed `[OMX_TMUX_INJECT]` / current-mode-state variants
Related: ROADMAP #68
 2026-04-12 15:50:39 +00:00
Yeachan-Heo
42bb6cdba6 Keep local clawhip artifacts from tripping routine repo work 
Dogfooding kept reproducing OMX team merge conflicts on
`.clawhip/state/prompt-submit.json`, so the init bootstrap now
teaches repos to ignore `.clawhip/` alongside the existing local
`.claw/` artifacts. This also updates the current repo ignore list
so the fix helps immediately instead of only on future `claw init`
runs.

Constraint: Keep the fix narrow and centered on repo-local ignore hygiene
Rejected: Broader team merge-hygiene changes | unnecessary for the proven local root cause
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If more runtime-local artifact directories appear, extend the shared init gitignore list instead of patching repos ad hoc
Tested: cargo fmt --all --check
Tested: cargo clippy --workspace --all-targets -- -D warnings
Tested: cargo test --workspace
Tested: Architect review (APPROVE)
Not-tested: Existing clones with already-tracked `.clawhip` files still need manual cleanup
Related: ROADMAP #75
 2026-04-12 14:47:40 +00:00
Yeachan-Heo
f91d156f85 Keep poisoned test locks from cascading across unrelated regressions 
The repo-local backlog was effectively exhausted, so this sweep promoted the
newly observed test-lock poisoning pain point into ROADMAP #74 and fixed it in
place. Test-only env/cwd lock acquisition now recovers poisoned mutexes in the
remaining strict call sites, and each affected surface has a regression that
proves a panic no longer permanently poisons later tests.

Constraint: Keep the fix test-only and avoid widening runtime behavior changes
Rejected: Refactor shared helper signatures across broader call paths | unnecessary churn beyond the remaining strict test sites
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: These guards only recover the mutex; tests that mutate env or cwd still must restore process-global state explicitly
Tested: cargo fmt --all --check
Tested: cargo clippy --workspace --all-targets -- -D warnings
Tested: cargo test --workspace
Tested: Architect review (APPROVE)
Not-tested: Additional fault-injection around partially restored env/cwd state after panic
Related: ROADMAP #74
 2026-04-12 13:52:41 +00:00
Yeachan-Heo
6b4bb4ac26 Keep finished lanes from leaving stale reminders armed 
The next repo-local sweep target was ROADMAP #66: reminder/cron
state could stay enabled after the associated lane had already
finished, which left stale nudges firing into completed work. The
fix teaches successful lane persistence to disable matching enabled
cron entries and record which reminder ids were shut down on the
finished event.

Constraint: Preserve existing cron/task registries and add the shutdown behavior only on the successful lane-finished path
Rejected: Add a separate reminder-cleanup command that operators must remember to run | leaves the completion leak unfixed at the source
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If cron-matching heuristics change later, update `disable_matching_crons`, its regression, and the ROADMAP closeout together
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE
Not-tested: Cross-process cron/reminder persistence beyond the in-memory registry used in this repo
 2026-04-12 12:52:27 +00:00
Yeachan-Heo
e75d67dfd3 Make successful lanes explain what artifacts they actually produced 
The next repo-local sweep target was ROADMAP #64: downstream consumers
still had to infer artifact provenance from prose even though the repo
already emitted structured lane events. The fix extends `lane.finished`
metadata with structured artifact provenance so successful completions
can report roadmap ids, files, diff stat, verification state, and commit
sha without relying on narration alone.

Constraint: Preserve the existing commit-created event and lane-finished metadata paths while adding structured provenance to successful completions
Rejected: Introduce a separate artifact event type first | unnecessary for this focused closeout because `lane.finished` already carries structured data and existing consumers can read it there
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If artifact provenance extraction rules change later, update `extract_artifact_provenance`, its regression payload, and the ROADMAP closeout together
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE
Not-tested: Downstream consumers that ignore `lane.finished.data.artifactProvenance` and still parse only prose output
 2026-04-12 11:56:00 +00:00
Yeachan-Heo
2e34949507 Keep latest-session timestamps increasing under tight loops 
The next repo-local sweep target was ROADMAP #73: repeated backlog
sweeps exposed that session writes could share the same wall-clock
millisecond, which made semantic recency fragile and forced the
resume-latest regression to sleep between saves. The fix makes session
timestamps monotonic within the process and removes the timing hack
from the test so latest-session selection stays stable under tight
loops.

Constraint: Preserve the existing session file format while changing only the timestamp source semantics
Rejected: Keep the sleep-based test workaround | hides the real ordering hazard instead of fixing timestamp generation
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Any future session-recency logic must keep `current_time_millis`, ordering tests, and latest-session expectations aligned
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE
Not-tested: Cross-process monotonicity when multiple binaries write sessions concurrently
 2026-04-12 10:51:19 +00:00
Yeachan-Heo
8f53524bd3 Make backlog-scan lanes say what they actually selected 
The next repo-local sweep target was ROADMAP #65: backlog-scanning
lanes could stop with prose-only summaries naming roadmap items, but
there was no machine-readable record of which items were chosen,
which were skipped, or whether the lane intended to execute, review,
or no-op. The fix teaches completed lane persistence to extract a
structured selection outcome while preserving the existing quality-
floor and review-verdict behavior for other lanes.

Constraint: Keep selection-outcome extraction on the existing `lane.finished` metadata path instead of inventing a separate event stream
Rejected: Add a dedicated selection event type first | unnecessary for this focused closeout because `lane.finished` already persists structured data downstream can read
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If backlog-scan summary conventions change later, update `extract_selection_outcome`, its regression test, and the ROADMAP closeout wording together
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE after roadmap closeout update
Not-tested: Downstream consumers that may still ignore `lane.finished.data.selectionOutcome`
 2026-04-12 09:54:37 +00:00
Yeachan-Heo
b5e30e2975 Make completed review lanes emit machine-readable verdicts 
The next repo-local sweep target was ROADMAP #67: scoped review lanes
could stop with prose-only output, leaving downstream consumers to infer
approval or rejection from later chatter. The fix teaches completed lane
persistence to recognize review-style `APPROVE`/`REJECT`/`BLOCKED`
results, attach structured verdict metadata to `lane.finished`, and keep
ordinary non-review lanes on the existing quality-floor path.

Constraint: Preserve the existing non-review lane summary path while enriching only review-style completions
Rejected: Add a brand-new lane event type just for review results | unnecessary when `lane.finished` already carries structured metadata and downstream consumers can read it there
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If review verdict parsing changes later, update `extract_review_outcome`, the finished-event payload fields, and the review-lane regression together
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE
Not-tested: External consumers that may still ignore `lane.finished.data.reviewVerdict`
 2026-04-12 08:49:40 +00:00
Yeachan-Heo
dbc2824a3e Keep latest session selection tied to real session recency 
The next repo-local sweep target was ROADMAP #72: the `latest`
managed-session alias could depend on filesystem mtime before the
session's own persisted recency markers, which made the selection
path vulnerable to coarse or misleading file timestamps. The fix
promotes `updated_at_ms` into the summary/order path, keeps CLI
wrappers in sync, and locks the mtime-vs-session-recency case with
regression coverage.

Constraint: Preserve existing managed-session storage layout while changing only the ordering signal
Rejected: Keep sorting by filesystem mtime and just sleep longer in tests | hides the semantic ordering bug instead of fixing it
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Any future managed-session ordering change must keep runtime and CLI summary structs aligned on the same recency fields
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE
Not-tested: Cross-filesystem behavior where persisted session JSON cannot be read and fallback ordering uses mtime only
 2026-04-12 07:49:32 +00:00
Yeachan-Heo
f309ff8642 Stop repo lanes from executing the wrong task payload 
The next repo-local sweep target was ROADMAP #71: a claw-code lane
accepted an unrelated KakaoTalk/image-analysis prompt even though the
lane itself was supposed to be repo-scoped work. This extends the
existing prompt-misdelivery guardrail with an optional structured task
receipt so worker boot can reject visible wrong-task context before the
lane continues executing.

Constraint: Keep the fix inside the existing worker_boot / WorkerSendPrompt control surface instead of inventing a new external OMX-only protocol
Rejected: Treat wrong-task receipts as generic shell misdelivery | loses the expected-vs-observed task context needed to debug contaminated lanes
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If task-receipt fields change later, update the WorkerSendPrompt schema, worker payload serialization, and wrong-task regression together
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE
Not-tested: External orchestrators that have not yet started populating the optional task_receipt field
 2026-04-12 07:00:07 +00:00
Yeachan-Heo
3b806702e7 Make the CLI point users at the real install source 
The next repo-local backlog item was ROADMAP #70: users could
mistake third-party pages or the deprecated `cargo install
claw-code` path for the official install route. The CLI now
surfaces the source of truth directly in `claw doctor` and
`claw --help`, and the roadmap closeout records the change.

Constraint: Keep the fix inside repo-local Rust CLI surfaces instead of relying on docs alone
Rejected: Close #70 with README-only wording | the bug was user-facing CLI ambiguity, so the warning needed to appear in runtime help/doctor output
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If install guidance changes later, update both the doctor check payload and the help-text warning together
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE
Not-tested: Third-party websites outside this repo that may still present stale install instructions
 2026-04-12 04:50:03 +00:00
Yeachan-Heo
26b89e583f Keep completed lanes from ending on mushy stop summaries 
The next repo-local sweep target was ROADMAP #69: completed lane
runs could persist vague control text like “commit push everyting,
keep sweeping $ralph”, which made downstream stop summaries
operationally useless. The fix adds a lane-finished quality floor
that preserves strong summaries, rewrites empty/control-only/too-
short-without-context summaries into a contextual fallback, and
records structured metadata explaining when the fallback fired.

Constraint: Keep legitimate concise lane summaries intact while improving only low-signal completions
Rejected: Blanket-rewrite every completed summary into a templated sentence | would erase useful model-authored detail from good lane outputs
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If lane-finished summary heuristics change later, update the structured `qualityFloorApplied/rawSummary/reasons/wordCount` contract and its regression tests together
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE
Not-tested: External OMX consumers that may still ignore the new lane.finished data payload
 2026-04-12 03:23:39 +00:00
YeonGyu-Kim
17e21bc4ad docs(roadmap): add #70 — install-source ambiguity misleads users 
User treated claw-code.io as official, hit clawcode vs deprecated
claw-code naming collision. Adding requirement for canonical
docs to explicitly state official source and warn against
deprecated crate.

Source: gaebal-gajae community watch 2026-04-12
 2026-04-12 12:08:52 +09:00
Yeachan-Heo
4f83a81cf6 Make dump-manifests recoverable outside the inferred build tree 
The backlog sweep found that the user-cited #21-#23 items were already
closed, and the next real pain point was `claw dump-manifests` failing
without a direct way to point at the upstream manifest source. This adds
an explicit `--manifests-dir` path, upgrades the failure messages to say
whether the source root or required files are missing, and updates the
ROADMAP closeout to reflect that #45 is now fixed.

Constraint: Preserve existing dump-manifests behavior when no explicit override is supplied
Rejected: Require CLAUDE_CODE_UPSTREAM for every invocation | breaks existing build-tree workflows and is unnecessarily rigid
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep manifest-source override guidance centralized so future error-path edits do not drift
Tested: cargo fmt --all; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE
Not-tested: Manual invocation against every legacy env-based manifest lookup layout
 2026-04-12 02:57:11 +00:00
Yeachan-Heo
1d83e67802 Keep the backlog sweep from chasing external executor notes 
ROADMAP #31 described acpx/droid executor quirks, but a fresh repo-local
search showed no implementation surface outside ROADMAP.md. This rewrites
the local unpushed team checkpoint commits into one docs-only closeout so the
branch reflects the real claw-code backlog instead of runtime-generated state.

Constraint: Current evidence is limited to repo-local search plus existing prior closeouts
Rejected: Leave team auto-checkpoint commits intact | they pollute the branch with runtime state and obscure the actual closeout
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep generated .clawhip prompt-submit artifacts out of backlog closeout commits
Tested: Repo-local grep evidence for #31/#63-#68 terms; ROADMAP.md line review; architect approval x2
Not-tested: Fresh remote/backlog audit beyond the current repo-local evidence set
 2026-04-12 02:57:11 +00:00
YeonGyu-Kim
763437a0b3 docs(roadmap): add #69 — lane stop summary quality floor 
clawcode-human session stopped with sloppy summary
('commit push everyting, keep sweeping '). Adding
requirement for minimum stop/result summary standards.

Source: gaebal-gajae dogfood analysis 2026-04-12
 2026-04-12 11:18:18 +09:00
Yeachan-Heo
491386f0a5 Keep external orchestration gaps out of the claw-code sweep path 
ROADMAP #63-#68 describe OMX/Ultraclaw orchestration behavior, but a repo-local
search shows those implementation markers do not exist in claw-code source.
Marking that scope boundary directly in the roadmap keeps future backlog sweeps
from repeatedly targeting the wrong repository.

Constraint: Stay within claw-code repo scope while continuing the user-requested backlog sweep
Rejected: Attempt repo-local fixes for #63-#68 | implementation surface is absent from this repository
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Treat #63-#68 as external tracking notes unless claw-code later grows the corresponding orchestration/runtime surface
Tested: Repo-local search for acpx/ultraclaw/roadmap-nudge-10min/OMX_TMUX_INJECT outside ROADMAP.md
Not-tested: No code/test/static-analysis rerun because the change is docs-only
 2026-04-12 02:14:43 +00:00
Yeachan-Heo
5c85e5ad12 Keep the worker-state backlog honest with current main behavior 
ROADMAP #62 was stale. Current main already emits `.claw/worker-state.json`
on worker status transitions and exposes the documented `claw state`
reader surface, so leaving the item open would keep sending future
backlog passes after already-landed work.

Fresh verification on the exact branch confirmed the implementation and
left the workspace green, so this commit closes the item with current
proof instead of duplicating the feature.

Constraint: User required fresh cargo fmt, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace before push
Constraint: OMX team runtime was explicitly requested, but the verification lane stalled before producing any diff
Rejected: Re-implement the worker-state feature from scratch | current main already contains the runtime hook, CLI surface, and regression coverage
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Reopen #62 only with a fresh repro showing missing `.claw/worker-state.json` writes or a broken `claw state` surface on current main
Tested: cargo test -p runtime emit_state_file_writes_worker_status_on_transition -- --nocapture; cargo test -p tools recovery_loop_state_file_reflects_transitions -- --nocapture; cargo test -p rusty-claude-cli removed_login_and_logout_subcommands_error_helpfully -- --nocapture; cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; architect review APPROVE
Not-tested: No dedicated automated end-to-end CLI regression for reading `.claw/worker-state.json` beyond parser coverage and focused smoke validation
 2026-04-12 01:51:15 +00:00
Yeachan-Heo
b825713db3 Retire the stale slash-command backlog item without breaking verification 
ROADMAP #39 was stale: current main already hides the unimplemented slash
commands from the help/completion surfaces that triggered the original report,
so the backlog entry should be marked done with current evidence instead of
staying open forever.

While rerunning the user's required Rust verification gates on the exact commit
we planned to push, clippy exposed duplicate and unused imports in the plugin
state-isolation files. Folding those cleanup fixes into the same closeout keeps
the proof honest and restores a green workspace before the backlog retirement
lands.

Constraint: User required fresh cargo fmt, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace before push
Rejected: Push the roadmap-only closeout without fixing the workspace | would violate the required verification gate and leave main red
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Re-run the full Rust workspace gates on the exact commit you intend to push when retiring stale roadmap items
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: No manual interactive REPL completion/help smoke test beyond the existing automated coverage
 2026-04-12 00:59:29 +00:00
YeonGyu-Kim
06d1b8ac87 docs(roadmap): add #68 — internal reinjection/resume path opacity 
OMX lanes leaking internal control prose like [OMX_TMUX_INJECT]
instead of operator-meaningful state. Adding requirement for
structured recovery/reinject events with clear cause, preserved
state, and target lane info.

Also fixes merge conflict in test_isolation.rs.

Source: gaebal-gajae dogfood analysis 2026-04-12
 2026-04-12 08:53:10 +09:00
Yeachan-Heo
4f84607ad6 Align the plugin-state isolation roadmap note with current green verification 
The roadmap still implied that the ambient-plugin-state isolation work sat
outside a green full-workspace verification story. Current main already has
both the test-isolation helpers and the host-plugin-leakage regression, and
the required workspace fmt/clippy/test sequence is green. This updates the
remaining stale roadmap wording to match reality.

Constraint: User required fresh cargo fmt, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace before closeout
Rejected: Leave the stale note in place | contradicts the current verified workspace state
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: When backlog items are retired as stale, update any nearby stale verification caveats in the same pass
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: No additional runtime behavior beyond already-covered regression paths
 2026-04-11 23:51:00 +00:00
Yeachan-Heo
8eb93e906c Retire the stale bare-word skill discovery backlog item 
ROADMAP #36 remained open even though current main already resolves bare
project skill names in the REPL through `resolve_skill_invocation()` instead
of forwarding them to the model. This change adds direct regression coverage
for the known-skill dispatch path and the unknown-skill/non-skill bypass, then
marks the roadmap item done with fresh proof.

Constraint: User required fresh cargo fmt, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace before closeout
Rejected: Leave #36 open because the implementation already existed | keeps the immediate backlog inaccurate and invites duplicate work
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Reopen #36 only with a fresh repro showing a listed project skill still falls through to plain prompt handling on current main
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: No interactive manual REPL session beyond the new bare-skill unit coverage
 2026-04-11 23:45:46 +00:00
Yeachan-Heo
264fdc214e Retire the stale bare-skill dispatch backlog item 
ROADMAP #36 remained open even though current main already dispatches bare
skill names in the REPL through skill resolution instead of forwarding them
to the model. This change adds a direct regression test for that behavior
and marks the backlog item done with fresh verification evidence.

Constraint: User required fresh cargo fmt, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace before closeout
Rejected: Leave #36 open because the implementation already existed | keeps the immediate backlog inaccurate and invites duplicate work
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Reopen #36 only with a fresh repro showing a listed project skill still falls through to plain prompt handling on current main
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: No interactive manual REPL session beyond the new bare-skill unit coverage
 2026-04-11 22:50:28 +00:00
Yeachan-Heo
a4921cb262 Retire the stale gpt-5 max-completion-tokens backlog item 
ROADMAP #35 remained open even though current main already switches
OpenAI-compatible gpt-5 requests from `max_tokens` to
`max_completion_tokens` and has regression coverage for that behavior.
This change marks the backlog item done with fresh proof from the current
workspace.

Constraint: User required fresh cargo fmt, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace before closeout
Rejected: Leave #35 open because the implementation already existed | keeps the immediate backlog inaccurate and invites duplicate work
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Reopen #35 only with a fresh repro showing gpt-5 requests emit max_tokens instead of max_completion_tokens on current main
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; cargo test -p api gpt5_uses_max_completion_tokens_not_max_tokens -- --nocapture
Not-tested: No live external OpenAI-compatible backend run beyond the existing automated coverage
 2026-04-11 21:45:49 +00:00
Yeachan-Heo
d40929cada Retire the stale OpenAI reasoning-effort backlog item 
ROADMAP #34 was still open even though current main already carries the
reasoning-effort parity fix for the OpenAI-compatible path. This change marks
it done with fresh proof from current tests and documents the historical
commits that landed the implementation.

Constraint: User required fresh cargo fmt, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace before closeout
Rejected: Leave #34 open because implementation already existed | keeps the immediate backlog inaccurate and invites duplicate work
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Reopen #34 only with a fresh repro that OpenAI-compatible reasoning-effort is absent on current main
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; cargo test -p api reasoning_effort -- --nocapture; cargo test -p rusty-claude-cli reasoning_effort -- --nocapture
Not-tested: No live external OpenAI-compatible backend run beyond the existing automated coverage
 2026-04-11 20:47:08 +00:00
Yeachan-Heo
2d5f836988 Retire the stale broken-plugin warning backlog item 
ROADMAP #40 was still listed as open even though current main already keeps
valid plugins visible while surfacing broken-plugin load failures. This change
adds a direct command-surface regression test for the warning block and marks
#40 done with fresh verification evidence.

Constraint: User required fresh cargo fmt/clippy/test evidence before closing any backlog item
Rejected: Leave #40 open because the implementation already existed | keeps the immediate backlog inaccurate and invites duplicate work
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Reopen #40 only with a fresh repro showing broken installed plugins are hidden or warning-free on current main
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; cargo test -p plugins plugin_registry_report_collects_load_failures_without_dropping_valid_plugins -- --nocapture; cargo test -p plugins installed_plugin_registry_report_collects_load_failures_from_install_root -- --nocapture
Not-tested: No interactive manual /plugins list run beyond automated command-layer rendering coverage
 2026-04-11 19:47:21 +00:00
YeonGyu-Kim
4e199ec52a docs(roadmap): add #67 — structured review verdict events 
Scoped review lanes now have clear scope but still emit only
the review request in stop events, not the actual verdict.
Adding requirement for structured approve/reject/blocked events.

Source: gaebal-gajae dogfood analysis 2026-04-12
 2026-04-12 04:00:41 +09:00
Yeachan-Heo
a7b1fef176 Keep the rebased workspace green after the backlog closeout 
The ROADMAP #38 closeout was rebased onto a moving main branch. That pulled in
new workspace files whose clippy/rustfmt fixes were required for the exact
verification gate the user asked for. This follow-up records those remaining
cleanups so the pushed branch matches the green tree that was actually tested.

Constraint: The user-required full-workspace fmt/clippy/test sequence had to stay green after rebasing onto newer origin/main
Rejected: Leave the rebase cleanup uncommitted locally | working tree would stay dirty and the pushed branch would not match the verified code
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: When rebasing onto a moving main, commit any gate-fixing follow-up so pushed history matches the verified tree
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: No additional behavior beyond the already-green verification sweep
 2026-04-11 18:52:48 +00:00
Yeachan-Heo
12d955ac26 Close the stale dead-session opacity backlog item with verified probe coverage 
ROADMAP #38 stayed open even though the runtime already had a post-compaction
session-health probe. This change adds direct regression tests for that health
probe behavior and marks the roadmap item done. While re-running the required
workspace verification after a remote rebase, a small set of upstream clippy /
compile issues in plugins and test-isolation code also had to be repaired so the
user-requested full fmt/clippy/test sequence could pass on the rebased main.

Constraint: User required cargo fmt, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace before commit/push
Constraint: Remote main advanced during execution, so the change had to be rebased and re-verified before push
Rejected: Leave #38 open because the implementation pre-existed | keeps the immediate backlog inaccurate and invites duplicate work
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Reopen #38 only with a fresh compaction-vs-broken-surface repro on current main
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: No live long-running dogfood session replay beyond the new runtime regression tests
 2026-04-11 18:52:02 +00:00
Yeachan-Heo
257aeb82dd Retire the stale dead-session opacity backlog item with regression proof 
ROADMAP #38 no longer reflects current main. The runtime already runs a
post-compaction session-health probe, but the backlog lacked explicit
regression proof. This change adds focused tests for the two important
behaviors: a broken tool surface aborts a compacted session with a targeted
error, while a freshly compacted empty session does not false-positive as
dead. With that proof in place, the roadmap item can be marked done.

Constraint: User required fresh cargo fmt/clippy/test evidence before closing any backlog item
Rejected: Leave #38 open because the implementation already existed | backlog stays stale and invites duplicate work
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Reopen #38 only with a fresh same-turn repro that bypasses the current health-probe gate
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: No live long-running dogfood session replay beyond existing automated coverage
 2026-04-11 18:47:37 +00:00
YeonGyu-Kim
7ea4535cce docs(roadmap): add #65 backlog selection outcomes, #66 completion-aware reminders 
ROADMAP #65: Team lanes need structured selection events (chosenItems,
skippedItems, rationale) instead of opaque prose summaries.

ROADMAP #66: Reminder/cron should auto-expire when terminal task
completes — currently keeps firing after work is done.

Source: gaebal-gajae dogfood analysis 2026-04-12
 2026-04-12 03:43:58 +09:00
YeonGyu-Kim
2329ddbe3d docs(roadmap): add #64 — structured artifact events 
Artifact provenance currently requires post-hoc narration to
reconstruct what landed. Adding requirement for first-class
events with sourceLanes, roadmapIds, diffStat, verification state.

Source: gaebal-gajae dogfood analysis 2026-04-12
 2026-04-12 03:31:36 +09:00
YeonGyu-Kim
56b4acefd4 docs(roadmap): add #63 — droid session completion semantics broken 
Documents the late-arriving droid output issue discovered during
ultraclaw batch processing. Sessions report completion before
file writes are fully flushed to working tree.

Source: ultraclaw dogfood 2026-04-12
 2026-04-12 03:30:50 +09:00
YeonGyu-Kim
16b9febdae feat: ultraclaw droid batch — ROADMAP #41 test isolation + #50 PowerShell permissions 
Merged late-arriving droid output from 10 parallel ultraclaw sessions.

ROADMAP #41 — Test isolation for plugin regression checks:
- Add test_isolation.rs module with env_lock() for test environment isolation
- Redirect HOME/XDG_CONFIG_HOME/XDG_DATA_HOME to unique temp dirs per test
- Prevent host ~/.claude/plugins/ from bleeding into test runs
- Auto-cleanup temp directories on drop via RAII pattern
- Tests: 39 plugin tests passing

ROADMAP #50 — PowerShell workspace-aware permissions:
- Add is_safe_powershell_command() for command-level permission analysis
- Add is_path_within_workspace() for workspace boundary validation
- Classify read-only vs write-requiring bash commands (60+ commands)
- Dynamic permission requirements based on command type and target path
- Tests: permission enforcer and workspace boundary tests passing

Additional improvements:
- runtime/src/permission_enforcer.rs: Dynamic permission enforcement layer
  - check_with_required_mode() for dynamically-determined permissions
  - 60+ read-only command patterns (cat, find, grep, cargo, git, jq, yq, etc.)
  - Workspace-path detection for safe commands
- compat-harness/src/lib.rs: Compat harness updates for permission testing
- rusty-claude-cli/src/main.rs: CLI integration for permission modes
- plugins/src/lib.rs: Updated imports for test isolation module

Total: +410 lines across 5 files
Workspace tests: 448+ passed
Droid source: ultraclaw-04-test-isolation, ultraclaw-08-powershell-permissions

Ultraclaw total: 4 ROADMAP items committed (38, 40, 41, 50)
 2026-04-12 03:06:24 +09:00
Yeachan-Heo
723e2117af Retire the stale plugin lifecycle flake backlog item 
ROADMAP #24 no longer reproduces on current main. Both focused plugin
lifecycle tests pass in isolation and the current full workspace test run
includes them as green, so the backlog entry was stale rather than still
actionable.

Constraint: User explicitly required re-verifying with cargo fmt, cargo clippy --workspace --all-targets -- -D warnings, and cargo test --workspace before closeout
Rejected: Leave #24 open without a fresh repro | keeps the immediate backlog inaccurate and invites duplicate work
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Reopen #24 only with a fresh parallel-execution repro on current main
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace; cargo test -p rusty-claude-cli build_runtime_runs_plugin_lifecycle_init_and_shutdown -- --nocapture; cargo test -p plugins plugin_registry_runs_initialize_and_shutdown_for_enabled_plugins -- --nocapture
Not-tested: No synthetic stress harness beyond the existing workspace-parallel run
 2026-04-11 17:49:10 +00:00
Yeachan-Heo
0082bf1640 Align auth docs with the removed login/logout surface 
The ROADMAP #37 code path was correct, but the Rust and usage guides still
advertised `claw login` / `claw logout` and OAuth-login wording after the
command surface had been removed. This follow-up updates both docs to point
users at `ANTHROPIC_API_KEY` or `ANTHROPIC_AUTH_TOKEN` only and removes the
stale command examples.

Constraint: Prior follow-up review rejected the closeout until user-facing auth docs matched the landed behavior
Rejected: Leave docs stale because runtime behavior was already correct | contradicts shipped CLI and re-opens support confusion
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: When auth policy changes, update both rust/README.md and USAGE.md in the same change as the code surface
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: External rendered-doc consumers beyond repository markdown
 2026-04-11 17:28:47 +00:00
Yeachan-Heo
124e8661ed Remove the deprecated Claude subscription login path and restore a green Rust workspace 
ROADMAP #37 was still open even though several earlier backlog items were
already closed. This change removes the local login/logout surface, stops
startup auth resolution from treating saved OAuth credentials as a supported
path, and updates diagnostics/help to point users at ANTHROPIC_API_KEY or
ANTHROPIC_AUTH_TOKEN only.

While proving the change with the user-requested workspace gates, clippy
surfaced additional pre-existing warning failures across the Rust workspace.
Those were cleaned up in-place so the required `cargo fmt`, `cargo clippy
--workspace --all-targets -- -D warnings`, and `cargo test --workspace`
sequence now passes end to end.

Constraint: User explicitly required full-workspace fmt/clippy/test before commit/push
Constraint: Existing dirty leader worktree had to be stashed before attempted OMX team worktree launch
Rejected: Keep login/logout but hide them from help | left unsupported auth flow and saved OAuth fallback intact
Rejected: Stop after ROADMAP #37 targeted tests | did not satisfy required full-workspace verification gate
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: Do not reintroduce saved OAuth as a silent Anthropic startup fallback without an explicit supported auth policy
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: Remote push effects beyond origin/main update
 2026-04-11 17:24:44 +00:00
Yeachan-Heo
61c01ff7da Prevent cross-worktree session bleed during managed session resume/load 
ROADMAP #41 was still leaving a phantom-completion class open: managed
sessions could be resumed from the wrong workspace, and the CLI/runtime
paths were split between partially isolated storage and older helper
flows. This squashes the verified team work into one deliverable that
routes managed session operations through the per-worktree SessionStore,
rejects workspace mismatches explicitly, extends lane-event taxonomy for
workspace mismatch reporting, and updates the affected CLI regression
fixtures/docs so the new contract is enforced without losing same-
workspace legacy coverage.

Constraint: Keep same-workspace legacy flat sessions readable while blocking cross-worktree misuse
Constraint: No new dependencies; stay within the ROADMAP #41 changed-file scope
Rejected: Leave team auto-checkpoint history as final branch state | noisy/non-lore history for a single roadmap fix
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Preserve workspace_root validation on future resume/load helpers; do not reintroduce path-only fallback without equivalent mismatch checks
Tested: cargo test -p runtime session_control -- --nocapture; cargo test -p rusty-claude-cli resume -- --nocapture; cargo test -p rusty-claude-cli --test cli_flags_and_config_defaults; cargo test -p rusty-claude-cli --test output_format_contract; cargo test -p rusty-claude-cli --test resume_slash_commands; cargo test --workspace --exclude compat-harness; cargo check --workspace --all-targets; git diff --check
Not-tested: cargo clippy --workspace --all-targets -- -D warnings (pre-existing failures in unchanged rust/crates/rusty-claude-cli/build.rs)
Related: ROADMAP #41
 2026-04-11 16:08:28 +00:00
YeonGyu-Kim
56218d7d8a feat(runtime): add session health probe for dead-session detection (ROADMAP #38) 
Implements ROADMAP #38: Dead-session opacity detection via health canary.

- Add run_session_health_probe() to ConversationRuntime
- Probe runs after compaction to verify tool executor responsiveness
- Add last_health_check_ms field to Session for tracking
- Returns structured error if session appears broken after compaction

Ultraclaw droid session: ultraclaw-02-session-health

Tests: runtime crate 436 passed, integration 12 passed
 2026-04-12 00:33:26 +09:00
YeonGyu-Kim
2ef447bd07 feat(commands): surface broken plugin warnings in /plugins list 
Implements ROADMAP #40: Show warnings for broken/missing plugin manifests
instead of silently failing.

- Add PluginLoadFailure import
- New render_plugins_report_with_failures() function
- Shows ⚠️ warnings for failed plugin loads with error details
- Updates ROADMAP.md to mark #40 in progress

Ultraclaw droid session: ultraclaw-03-broken-plugins
 2026-04-11 22:44:29 +09:00
YeonGyu-Kim
8aa1fa2cc9 docs(roadmap): file ROADMAP #61 — OPENAI_BASE_URL routing fix (done) 
Local provider routing: OPENAI_BASE_URL now wins over Anthropic fallback
for unrecognized model names. Done at 1ecdb10.
 2026-04-10 13:00:46 +09:00
YeonGyu-Kim
1ecdb1076c fix(api): OPENAI_BASE_URL wins over Anthropic fallback for unknown models 
When OPENAI_BASE_URL is set, the user explicitly configured an
OpenAI-compatible endpoint (Ollama, LM Studio, vLLM, etc.). Model names
like 'qwen2.5-coder:7b' or 'llama3:latest' don't match any recognized
prefix, so detect_provider_kind() fell through to Anthropic — asking for
Anthropic credentials even though the user clearly intended a local
provider.

Now: OPENAI_BASE_URL + OPENAI_API_KEY beats Anthropic env-check in the
cascade. OPENAI_BASE_URL alone (no API key — common for Ollama) is a
last-resort fallback before the Anthropic default.

Source: MaxDerVerpeilte in #claw-code (Ollama + qwen2.5-coder:7b);
traced by gaebal-gajae.
 2026-04-10 12:37:39 +09:00
YeonGyu-Kim
6c07cd682d docs(roadmap): mark #59 done, file #60 glob brace expansion (done) 
#59 session model persistence — done at 0f34c66
#60 glob_search brace expansion — done at 3a6c9a5
 2026-04-10 11:30:42 +09:00
YeonGyu-Kim
3a6c9a55c1 fix(tools): support brace expansion in glob_search patterns 
The glob crate (v0.3) does not support shell-style brace groups like
{cs,uxml,uss}. Patterns such as 'Assets/**/*.{cs,uxml,uss}' silently
returned 0 results.

Added expand_braces() to pre-expand brace groups before passing patterns
to glob::glob(). Handles nested braces (e.g. src/{a,b}.{rs,toml}).
Results are deduplicated via HashSet.

5 new tests:
- expand_braces_no_braces
- expand_braces_single_group
- expand_braces_nested
- expand_braces_unmatched
- glob_search_with_braces_finds_files

Source: user 'zero' in #claw-code (Windows, Unity project with
Assets/**/*.{cs,uxml,uss} glob). Traced by gaebal-gajae.
 2026-04-10 11:22:38 +09:00
YeonGyu-Kim
810036bf09 test(cli): add integration test for model persistence in resumed /status 
New test: resumed_status_surfaces_persisted_model
- Creates session with model='claude-sonnet-4-6'
- Resumes with --output-format json /status
- Asserts model round-trips through session metadata

Resume integration tests: 11 → 12.
 2026-04-10 10:31:05 +09:00
YeonGyu-Kim
0f34c66acd feat(session): persist model in session metadata — ROADMAP #59 
Add 'model: Option<String>' to Session struct. The model used is now
saved in the session_meta JSONL record and surfaced in resumed /status:
- JSON mode: {model: 'claude-sonnet-4-6'} instead of null
- Text mode: shows actual model instead of 'restored-session'

Model is set in build_runtime_with_plugin_state() before the runtime
is constructed, and only when not already set (preserves model through
fork/resume cycles).

Backward compatible: old sessions without a model field load cleanly
with model: None (shown as null in JSON, 'restored-session' in text).

All workspace tests pass.
 2026-04-10 10:05:42 +09:00
YeonGyu-Kim
6af0189906 docs(roadmap): file ROADMAP #58 (Windows HOME crash) and #59 (session model persistence) 
#58 Windows startup crash from missing HOME env var — done at b95d330.
#59 Session metadata does not persist the model used — open.
 2026-04-10 09:00:41 +09:00
YeonGyu-Kim
b95d330310 fix(startup): fall back to USERPROFILE when HOME is not set (Windows) 
On Windows, HOME is often unset. The CLI crashed at startup with
'error: io error: HOME is not set' because three paths only checked
HOME:
- config_home_dir() in tools crate (config/settings loading)
- credentials_home_dir() in runtime crate (OAuth credentials)
- detect_broad_cwd() in CLI (CWD-is-home-dir check)
- skill lookup roots in tools crate

All now fall through to USERPROFILE when HOME is absent. Error message
updated to suggest USERPROFILE or CLAW_CONFIG_HOME on Windows.

Source: MaxDerVerpeilte in #claw-code (Windows user, 2026-04-10).
 2026-04-10 08:33:35 +09:00
YeonGyu-Kim
74311cc511 test(cli): add 5 integration tests for resume JSON parity 
New integration tests covering recent JSON parity work:
- resumed_version_command_emits_structured_json
- resumed_export_command_emits_structured_json
- resumed_help_command_emits_structured_json
- resumed_no_command_emits_restored_json
- resumed_stub_command_emits_not_implemented_json

Prevents regression on ROADMAP #54 (stub command error), #55 (session
list), #56 (--resume no-command JSON), #57 (session load errors).

Resume integration tests: 6 → 11.
 2026-04-10 08:03:17 +09:00
YeonGyu-Kim
6ae8850d45 fix(api): silence dead_code warning and remove duplicated #[test] attr 
- Add #[allow(dead_code)] on test-only Delta struct (content field
  used for deserialization but not read in assertion)
- Remove duplicated #[test] attribute on
  assistant_message_without_tool_calls_omits_tool_calls_field

Zero warnings in cargo test --workspace.
 2026-04-10 07:33:22 +09:00
YeonGyu-Kim
ef9439d772 docs(roadmap): file ROADMAP #54-#57 from 2026-04-10 dogfood cycle 
#54 circular 'Did you mean /X?' for spec commands with no parse arm (done)
#55 /session list unsupported in resume mode (done)
#56 --resume no-command ignores --output-format json (done)
#57 session load errors bypass --output-format json (done)
 2026-04-10 07:04:21 +09:00
YeonGyu-Kim
4f670e5513 fix(cli): emit JSON for --resume with no command in --output-format json mode 
claw --output-format json --resume <session> (no command) was printing:
  'Restored session from <path> (N messages).'
to stdout as prose, regardless of output format.

Now emits:
  {"kind":"restored","session_id":"...","path":"...","message_count":N}

159 CLI tests pass.
 2026-04-10 06:31:16 +09:00
YeonGyu-Kim
8dcf10361f fix(cli): implement /session list in resume mode — ROADMAP #21 partial 
/session list previously returned 'unsupported resumed slash command' in
--output-format json --resume mode. It only reads the sessions directory
so does not need a live runtime session.

Adds a Session{action:"list"} arm in run_resume_command() before the
unsupported catchall. Emits:
  {kind:session_list, sessions:[...ids], active:<current-session-id>}

159 CLI tests pass.
 2026-04-10 06:03:29 +09:00
YeonGyu-Kim
cf129c8793 fix(cli): emit JSON error when session fails to load in --output-format json mode 
'failed to restore session' errors from both the path-resolution step
and the JSONL-load step now check output_format and emit:
  {"type":"error","error":"failed to restore session: <detail>"}
instead of bare eprintln prose.

Covers: session not found, corrupt JSONL, permission errors.
 2026-04-10 05:01:56 +09:00
YeonGyu-Kim
c0248253ac fix(cli): remove 'stats' from STUB_COMMANDS — it is implemented 
/stats was accidentally listed in STUB_COMMANDS (both in the original list
and overlooked in 1e14d59). Since SlashCommand::Stats is fully implemented
with REPL and resume dispatch, it should not be intercepted as unimplemented.

/tokens and /cache alias to Stats and were already working correctly.
/stats now works again in all modes.
 2026-04-10 04:32:05 +09:00
YeonGyu-Kim
1e14d59a71 fix(cli): stop circular 'Did you mean /X?' for spec commands with no parse arm 
23 spec-registered commands had no parse arm in validate_slash_command_input,
causing the circular error 'Unknown slash command: /X — Did you mean /X?'
when users typed them in --resume mode.

Two fixes:
1. Add the 23 confirmed parse-armless commands to STUB_COMMANDS (excluded
   from REPL completions and help output).
2. In resume dispatch, intercept STUB_COMMANDS before SlashCommand::parse
   and emit a clean '{error: "/X is not yet implemented in this build"}'
   instead of the confusing error from the Err parse path.

Affected: /allowed-tools, /bookmarks, /workspace, /reasoning, /budget,
/rate-limit, /changelog, /diagnostics, /metrics, /tool-details, /focus,
/unfocus, /pin, /unpin, /language, /profile, /max-tokens, /temperature,
/system-prompt, /notifications, /telemetry, /env, /project, plus ~40
additional unreachable spec names.

159 CLI tests pass.
 2026-04-10 04:05:41 +09:00
YeonGyu-Kim
11e2353585 fix(cli): JSON parity for /export and /agents in resume mode 
/export now emits: {kind:export, file:<path>, message_count:<n>}
/agents now emits: {kind:agents, text:<agents report>}

Previously both returned json:None and fell through to prose output even
in --output-format json --resume mode. 159 CLI tests pass.
 2026-04-10 03:32:24 +09:00
YeonGyu-Kim
0845705639 fix(tests): update test assertions for null model in resume /status; drop unused import 
Two integration tests expected 'model':'restored-session' in the /status
JSON output but dc4fa55 changed resume mode to emit null for model.
Updated both assertions to assert model is null (correct behavior).

Also remove unused 'estimate_session_tokens' import in compact.rs tests
(surfaced as warning in CI, kept failing CI green noise).

All workspace tests pass.
 2026-04-10 03:21:58 +09:00
YeonGyu-Kim
316864227c fix(cli): JSON parity for /help and /diff in resume mode 
/help now emits: {kind:help, text:<full help text>}
/diff now emits:
  - no git repo: {kind:diff, result:no_git_repo, detail:...}
  - clean tree:  {kind:diff, result:clean, staged:'', unstaged:''}
  - changes:     {kind:diff, result:changes, staged:..., unstaged:...}

Previously both returned json:None and fell through to prose output even
in --output-format json --resume mode. 159 CLI tests pass.
 2026-04-10 03:02:00 +09:00
YeonGyu-Kim
ece48c7174 docs: correct agent-code binary name in warning — ROADMAP #53 
'cargo install agent-code' installs 'agent.exe' (Windows) / 'agent'
(Unix), NOT 'agent-code'. Previous note said "binary name is 'agent-code'"
which sent users to the wrong command.

Updated the install warning to show the actual binary name.
ROADMAP #53 filed: package vs binary name mismatch in the install path.
 2026-04-10 02:36:43 +09:00
YeonGyu-Kim
c8cac7cae8 fix(cli): doctor config check hides non-existent candidate paths 
Before: doctor reported 'loaded 0/5' and listed 5 'Discovered file'
entries for paths that don't exist on disk. This looked like 5 files
failed to load, when in fact they are just standard search locations.

After: only paths that actually exist on disk are shown as 'Discovered
file'. 'loaded N/M' denominator is now the count of present files, not
candidate paths. With no config files present: 'loaded 0/0' +
'Discovered files  <none> (defaults active)'.

159 CLI tests pass.
 2026-04-10 02:32:47 +09:00
YeonGyu-Kim
57943b17f3 docs: reframe Windows setup — PowerShell is supported, Git Bash/WSL optional 
Previous wording said 'recommended shell is Git Bash or WSL (not PowerShell,
not cmd)' which was incorrect — claw builds and runs fine in PowerShell.

New framing:
- PowerShell: supported primary Windows path with PowerShell-style commands
- Git Bash / WSL: optional alternatives, not requirements
- MINGW64 note moved to Git Bash callout (no longer implies it is required)

Source: gaebal-gajae correction 2026-04-10.
 2026-04-10 02:25:47 +09:00
YeonGyu-Kim
4730b667c4 docs: warn against 'cargo install claw-code' false-positive — ROADMAP #52 
The claw-code crate on crates.io is a deprecated stub. cargo install
claw-code succeeds but places claw-code-deprecated.exe, not claw.
Running it only prints 'claw-code has been renamed to agent-code'.

Previous note only warned about 'clawcode' (no hyphen) — the actual trap
is the hyphenated name.

Updated the warning block with explicit caution: do not use
'cargo install claw-code', install agent-code or build from source.
ROADMAP #52 filed.
 2026-04-10 02:16:58 +09:00
YeonGyu-Kim
dc4fa55d64 fix(cli): /status JSON emits null model and correct session_id in resume mode 
Two bugs in --output-format json --resume /status:

1. 'model' field emitted 'restored-session' (a run-mode label) instead of
   the actual model or null. Fixed: status_json_value now takes Option<&str>
   for model; resume path passes None; live REPL path passes Some(model).

2. 'session_id' extracted parent dir name ('sessions') instead of the file
   stem. Session files are session-<id>.jsonl directly under .claw/sessions/,
   not in a subdirectory. Fixed: extract file_stem() instead of
   parent().file_name().

159 CLI tests pass.
 2026-04-10 02:03:14 +09:00
YeonGyu-Kim
9cf4033fdf docs: add Windows setup section (Git Bash/WSL prereqs) — ROADMAP #51 
Users were hitting:
- bash: cargo: command not found (Rust not installed or not on PATH)
- C:\... vs /c/... path confusion in Git Bash
- MINGW64 prompt misread as broken install

New '### Windows setup' section in README covers:
1. Install Rust via rustup.rs
2. Open Git Bash (MINGW64 is normal)
3. Verify cargo --version / run . ~/.cargo/env if missing
4. Use /c/Users/... paths
5. Clone + build + run steps

WSL2 tip added for lower-friction alternative.

ROADMAP #51 filed.
 2026-04-10 01:42:43 +09:00
YeonGyu-Kim
a3d0c9e5e7 fix(api): sanitize orphaned tool messages at request-building layer 
Adds sanitize_tool_message_pairing() called from build_chat_completion_request()
after translate_message() runs. Drops any role:"tool" message whose
immediately-preceding non-tool message is role:"assistant" but has no
tool_calls entry matching the tool_call_id.

This is the second layer of the tool-pairing invariant defense:
- 6e301c8: compaction boundary fix (producer layer)
- this commit: request-builder sanitizer (sender layer)

Together these close the 400-error loop for resumed/compacted multi-turn
tool sessions on OpenAI-compatible backends.

Sanitization only fires when preceding message is role:assistant (not
user/system) to avoid dropping valid translation artifacts from mixed
user-message content blocks.

Regression tests: sanitize_drops_orphaned_tool_messages covers valid pair,
orphaned tool (no tool_calls in preceding assistant), mismatched id, and
two tool results both referencing the same assistant turn.

116 api + 159 CLI + 431 runtime tests pass. Fmt clean.
 2026-04-10 01:35:00 +09:00
YeonGyu-Kim
78dca71f3f fix(cli): JSON parity for /compact and /clear in resume mode 
/compact now emits: {kind:compact, skipped, removed_messages, kept_messages}
/clear now emits:  {kind:clear, previous_session_id, new_session_id, backup, session_file}
/clear (no --confirm) now emits: {kind:error, error:..., hint:...}

Previously both returned json:None and fell through to prose output even
in --output-format json --resume mode. 159 CLI tests pass.
 2026-04-10 01:31:21 +09:00
YeonGyu-Kim
39a7dd08bb docs(roadmap): file PowerShell permission over-escalation as ROADMAP #50 
PowerShell tool is registered as danger-full-access regardless of command
semantics. Workspace-write sessions still require escalation for read-only
in-workspace commands (Get-Content, Get-ChildItem, etc.).

Root cause: mvp_tool_specs registers PowerShell and bash both with
PermissionMode::DangerFullAccess unconditionally. Fix needs command-level
heuristic analysis to classify read-only in-workspace commands at
WorkspaceWrite rather than DangerFullAccess.

Source: tanishq_devil in #claw-code 2026-04-10; traced by gaebal-gajae.
 2026-04-10 01:12:39 +09:00
YeonGyu-Kim
d95149b347 fix(cli): surface resolved path in dump-manifests error — ROADMAP #45 partial 
Before:
  error: failed to extract manifests: No such file or directory (os error 2)

After:
  error: failed to extract manifests: No such file or directory (os error 2)
    looked in: /Users/yeongyu/clawd/claw-code/rust

The workspace_dir is computed from CARGO_MANIFEST_DIR at compile time and
only resolves correctly when running from the build tree. Surfacing the
resolved path lets users understand immediately why it fails outside the
build context.

ROADMAP #45 root cause (build-tree-only path) remains open.
 2026-04-10 01:01:53 +09:00
YeonGyu-Kim
47aa1a57ca fix(cli): surface command name in 'not yet implemented' REPL message 
Add SlashCommand::slash_name() to the commands crate — returns the
canonical '/name' string for any variant. Used in the REPL's stub
catch-all arm to surface which command was typed instead of printing
the opaque 'Command registered but not yet implemented.'

Before: typing /rewind → 'Command registered but not yet implemented.'
After:  typing /rewind → '/rewind is not yet implemented in this build.'

Also update the compacts_sessions_via_slash_command test assertion to
tolerate the boundary-guard fix from 6e301c8 (removed_message_count
can be 1 or 2 depending on whether the boundary falls on a tool-result
pair). All 159 CLI + 431 runtime + 115 api tests pass.
 2026-04-10 00:39:16 +09:00
YeonGyu-Kim
6e301c8bb3 fix(runtime): prevent orphaned tool-result at compaction boundary; /cost JSON 
Two fixes:

1. compact.rs: When the compaction boundary falls at the start of a
   tool-result turn, the preceding assistant turn with ToolUse would be
   removed — leaving an orphaned role:tool message with no preceding
   assistant tool_calls. OpenAI-compat backends reject this with 400.

   Fix: after computing raw_keep_from, walk the boundary back until the
   first preserved message is not a ToolResult (or its preceding assistant
   has been included). Regression test added:
   compaction_does_not_split_tool_use_tool_result_pair.

   Source: gaebal-gajae multi-turn tool-call 400 repro 2026-04-09.

2. /cost resume: add JSON output:
   {kind:cost, input_tokens, output_tokens, cache_creation_input_tokens,
    cache_read_input_tokens, total_tokens}

159 CLI + 431 runtime tests pass. Fmt clean.
 2026-04-10 00:13:45 +09:00
YeonGyu-Kim
7587f2c1eb fix(cli): JSON parity for /memory and /providers in resume mode 
Two gaps closed:

1. /memory (resume): json field was None, emitting prose regardless of
   --output-format json. Now emits:
     {kind:memory, cwd, instruction_files:N, files:[{path,lines,preview}...]}

2. /providers (resume): had a spec entry but no parse arm, producing the
   circular 'Unknown slash command: /providers — Did you mean /providers'.
   Added 'providers' as an alias for 'doctor' in the parse match so
   /providers dispatches to the same structured diagnostic output.

3. /doctor (resume): also wired json_value() so --output-format json
   returns the structured doctor report instead of None.

Continues ROADMAP #26 resumed-command JSON parity track.
159 CLI tests pass, fmt clean.
 2026-04-09 23:35:25 +09:00
YeonGyu-Kim
ed42f8f298 fix(api): surface provider error in SSE stream frames (companion to ff416ff) 
Same fix as ff416ff but for the streaming path. Some backends embed an
error JSON object in an SSE data: frame:

  data: {"error":{"message":"context too long","code":400}}

parse_sse_frame() was attempting to deserialize this as ChatCompletionChunk
and failing with 'missing field' / 'invalid type', hiding the actual
backend error message.

Fix: check for an 'error' key before full chunk deserialization, same as
the non-streaming path in ff416ff. Symmetric pair:
- ff416ff: non-streaming path (response body)
- this:    streaming path (SSE data: frame)

115 api + 159 CLI tests pass. Fmt clean.
 2026-04-09 23:03:33 +09:00
YeonGyu-Kim
ff416ff3e7 fix(api): surface provider error body before attempting completion parse 
When a local/proxy OpenAI-compatible backend returns an error object:
  {"error":{"message":"...","type":"...","code":...}}

claw was trying to deserialize it as a ChatCompletionResponse and
failing with the cryptic 'failed to parse OpenAI response: missing
field id', completely hiding the actual backend error message.

Fix: before full deserialization, check if the parsed JSON has an
'error' key and promote it directly to ApiError::Api so the user
sees the real error (e.g. 'The number of tokens to keep from the
initial prompt is greater than the context length').

Source: devilayu in #claw-code 2026-04-09 — local LM Studio context
limit error was invisible; user saw 'missing field id' instead.
159 CLI + 115 api tests pass. Fmt clean.
 2026-04-09 22:33:07 +09:00
YeonGyu-Kim
6ac7d8cd46 fix(api): omit tool_calls field from assistant messages when empty 
When serializing a multi-turn conversation for the OpenAI-compatible path,
assistant messages with no tool calls were always emitting 'tool_calls: []'.
Some providers reject requests where a prior assistant turn carries an
explicit empty tool_calls array (400 on subsequent turns after a plain
text assistant response).

Fix: only include 'tool_calls' in the serialized assistant message when
the vec is non-empty. Empty case omits the field entirely.

This is a companion fix to fd7aade (null tool_calls in stream delta).
The two bugs are symmetric: fd7aade handled inbound null -> empty vec;
this handles outbound empty vec -> field omitted.

Two regression tests added:
- assistant_message_without_tool_calls_omits_tool_calls_field
- assistant_message_with_tool_calls_includes_tool_calls_field

115 api tests pass. Fmt clean.

Source: gaebal-gajae repro 2026-04-09 (400 on multi-turn, companion to
null tool_calls stream-delta fix).
 2026-04-09 22:06:25 +09:00
YeonGyu-Kim
7ec6860d9a fix(cli): emit JSON for /config in --output-format json --resume mode 
/config resumed returned json:None, falling back to prose output even in
--output-format json mode. Adds render_config_json() that produces:

  {
    "kind": "config",
    "cwd": "...",
    "loaded_files": N,
    "merged_keys": N,
    "files": [{"path":"...","source":"user|project|local","loaded":true|false}, ...]
  }

Wires it into the SlashCommand::Config resume arm alongside the existing
prose render. Continues the resumed-command JSON parity track (ROADMAP #26).
159 CLI tests pass, fmt clean.
 2026-04-09 22:03:11 +09:00
YeonGyu-Kim
0e12d15daf fix(cli): add --allow-broad-cwd; require confirmation or flag in broad-CWD mode 2026-04-09 21:55:22 +09:00
YeonGyu-Kim
fd7aade5b5 fix(api): tolerate null tool_calls in OpenAI-compat stream delta chunks 
Some OpenAI-compatible providers emit 'tool_calls: null' in streaming
delta chunks instead of omitting the field or using an empty array:

  "delta": {"content":"","function_call":null,"tool_calls":null}

serde's #[serde(default)] only handles absent keys — an explicit null
value still fails deserialization with:
  'invalid type: null, expected a sequence'

Fix: replace #[serde(default)] with a custom deserializer helper
deserialize_null_as_empty_vec() that maps null -> Vec::default(),
keeping the existing absent-key default behaviour.

Regression test added: delta_with_null_tool_calls_deserializes_as_empty_vec
uses the exact provider response shape from gaebal-gajae's repro (2026-04-09).

112 api lib tests pass. Fmt clean.

Companion to gaebal-gajae's local 448cf2c — independently reproduced
and landed on main.
 2026-04-09 21:39:52 +09:00
YeonGyu-Kim
de916152cb docs(roadmap): file #44-#49 from 2026-04-09 dogfood cycle 
#44 — broad-CWD warning-only; policy-level enforcement needed
#45 — claw dump-manifests opaque error (no path context)
#46 — /tokens /cache /stats dead spec (done at 60ec2ae)
#47 — /diff cryptic error outside git repo (done at aef85f8)
#48 — piped stdin triggers REPL instead of prompt (done at 84b77ec)
#49 — resumed slash errors emitted as prose in json mode (done at da42421)
 2026-04-09 21:36:09 +09:00
YeonGyu-Kim
60ec2aed9b fix(cli): wire /tokens and /cache as aliases for /stats; implement /stats 
Dogfood found that /tokens and /cache had spec entries (resume_supported:
true) but no parse arms in the command parser, resulting in:
  'Unknown slash command: /tokens — Did you mean /tokens'
(the suggestion engine found the spec entry but parsing always failed)

Fix three things:
1. Add 'tokens' | 'cache' as aliases for 'stats' in the parse match so
   the commands actually resolve to SlashCommand::Stats
2. Implement SlashCommand::Stats in the REPL dispatch — previously fell
   through to 'Command registered but not yet implemented'. Now shows
   cumulative token usage for the session.
3. Implement SlashCommand::Stats in run_resume_command — previously
   returned 'unsupported resumed slash command'. Now emits:
   text:  Cost / Input tokens / Output tokens / Cache create / Cache read
   json:  {kind:stats, input_tokens, output_tokens, cache_*, total_tokens}

159 CLI tests pass, fmt clean.
 2026-04-09 21:34:36 +09:00
YeonGyu-Kim
5f6f453b8d fix(cli): warn when launched from home dir or filesystem root 
Users launching claw from their home directory (or /) have no project
boundary — the agent can read/search the entire machine, often far beyond
the intended scope. kapcomunica in #claw-code reported exactly this:
'it searched my entire computer.'

Add warn_if_broad_cwd() called at prompt and REPL startup:
- checks if CWD == $HOME or CWD has no parent (fs root)
- prints a clear warning to stderr:
    Warning: claw is running from a very broad directory (/home/user).
    The agent can read and search everything under this path.
    Consider running from inside your project: cd /path/to/project && claw

Warning fires on both claw (REPL) and claw prompt '...' paths.
Does not fire from project subdirectories. Uses std::env::var_os("HOME"),
no extra deps.

159 CLI tests pass, fmt clean.
 2026-04-09 21:26:51 +09:00
YeonGyu-Kim
da4242198f fix(cli): emit JSON error for unsupported resumed slash commands in JSON mode 
When claw --output-format json --resume <session> /commit (or /plugins, etc.)
encountered an 'unsupported resumed slash command' error, it called
eprintln!() and exit(2) directly, bypassing both the main() JSON error
handler and the output_format check.

Fix: in both the slash-command parse-error path and the run_resume_command
Err path, check output_format and emit a structured JSON error:

  {"type":"error","error":"unsupported resumed slash command","command":"/commit"}

Text mode unchanged (still exits 2 with prose to stderr).
Addresses the resumed-command parity gap (gaebal-gajae ROADMAP #26 track).
159 CLI tests pass, fmt clean.
 2026-04-09 21:04:50 +09:00
YeonGyu-Kim
84b77ece4d fix(cli): pipe stdin to prompt when no args given (suppress REPL on pipe) 
When stdin is not a terminal (pipe or redirect) and no prompt is given on
the command line, claw was starting the interactive REPL and printing the
startup banner, then consuming the pipe without sending anything to the API.

Fix: in parse_args, when rest.is_empty() and stdin is not a terminal, read
stdin synchronously and dispatch as CliAction::Prompt instead of Repl.
Empty pipe still falls through to Repl (interactive launch with no input).

Before: echo 'hello' | claw  -> startup banner + REPL start
After:  echo 'hello' | claw  -> dispatches as one-shot prompt

159 CLI tests pass, fmt clean.
 2026-04-09 20:36:14 +09:00
YeonGyu-Kim
aef85f8af5 fix(cli): /diff shows clear error when not in a git repo 
Previously claw --resume <session> /diff would produce:
  'git diff --cached failed: error: unknown option `cached\''
when the CWD was not inside a git project, because git falls back to
--no-index mode which does not support --cached.

Two fixes:
1. render_diff_report_for() checks 'git rev-parse --is-inside-work-tree'
   before running git diff, and returns a human-readable message if not
   in a git repo:
     'Diff\n  Result  no git repository\n  Detail  <cwd> is not inside a git project'
2. resume /diff now uses std::env::current_dir() instead of the session
   file's parent directory as the CWD for the diff (session parent dir
   is the .claw/sessions/<id>/ directory, never a git repo).

159 CLI tests pass, fmt clean.
 2026-04-09 20:04:21 +09:00
YeonGyu-Kim
3ed27d5cba fix(cli): emit JSON for /history in --output-format json --resume mode 
Previously claw --output-format json --resume <session> /history emitted
prose text regardless of the output format flag. Now emits structured JSON:

  {"kind":"history","total":N,"showing":M,"entries":[{"timestamp_ms":...,"text":"..."},...]}

Mirrors the parity pattern established in ROADMAP #26 for other resume commands.
159 CLI tests pass, fmt clean.
 2026-04-09 19:33:50 +09:00
YeonGyu-Kim
e1ed30a038 fix(cli): surface session_id in /status JSON output 
When running claw --output-format json --resume <session> /status, the
JSON output had 'session' (full file path) but no 'session_id' field,
making it impossible for scripts to extract the loaded session ID.

Now extracts the session-id directory component from the session path
(e.g. .claw/sessions/<session-id>/session-xxx.jsonl → session-id)
and includes it as 'session_id' in the JSON status envelope.

159 CLI tests pass, fmt clean.
 2026-04-09 19:06:36 +09:00
YeonGyu-Kim
54269da157 fix(cli): claw state exits 1 when no worker state file exists 
Previously 'claw state' printed an error message but exited 0, making it
impossible for scripts/CI to detect the absence of state without parsing
prose. Now propagates Err() to main() which exits 1 and formats the error
correctly for both text and --output-format json modes.

Text: 'error: no worker state file found at ... — run a worker first'
JSON: {"type":"error","error":"no worker state file found at ..."}
 2026-04-09 18:34:41 +09:00
YeonGyu-Kim
f741a42507 test(cli): add regression coverage for reasoning-effort validation and stub-command filtering 
3 new tests in mod tests:
- rejects_invalid_reasoning_effort_value: confirms 'turbo' etc rejected at parse time
- accepts_valid_reasoning_effort_values: confirms low/medium/high accepted and threaded
- stub_commands_absent_from_repl_completions: asserts STUB_COMMANDS are not in completions

156 -> 159 CLI tests pass.
 2026-04-09 18:06:32 +09:00
YeonGyu-Kim
6b3e2d8854 docs(roadmap): file hook ingress opacity as ROADMAP #43 2026-04-09 17:34:15 +09:00
YeonGyu-Kim
1a8f73da01 fix(cli): emit JSON error on --output-format json — ROADMAP #42 
When claw --output-format json hits an error, the error was previously
printed as plain prose to stderr, making it invisible to downstream tooling
that parses JSON output. Now:

  {"type":"error","error":"api returned 401 ..."}

Detection: scan argv at process exit for --output-format json or
--output-format=json. Non-JSON error path unchanged. 156 CLI tests pass.
 2026-04-09 16:33:20 +09:00
YeonGyu-Kim
7d9f11b91f docs(roadmap): track community-support plugin-test-sealing as #41 2026-04-09 16:18:48 +09:00
YeonGyu-Kim
8e1bca6b99 docs(roadmap): track community-support plugin-list-load-failures as #40 2026-04-09 16:17:28 +09:00
YeonGyu-Kim
8d0308eecb fix(cli): dispatch bare skill names to skill invoker in REPL — ROADMAP #36 
Users were typing skill names (e.g. 'caveman', 'find-skills') directly in
the REPL and getting LLM responses instead of skill invocation. Only
'/skills <name>' triggered dispatch; bare names fell through to run_turn.

Fix: after slash-command parse returns None (bare text), check if the first
token looks like a skill name (alphanumeric/dash/underscore, no slash).
If resolve_skill_invocation() confirms the skill exists, dispatch the full
input as a skill prompt. Unknown words fall through unchanged.

156 CLI tests pass, fmt clean.
 2026-04-09 16:01:18 +09:00
YeonGyu-Kim
4d10caebc6 fix(cli): validate --reasoning-effort accepts only low|medium|high 
Previously any string was accepted and silently forwarded to the API,
which would fail at the provider with an unhelpful error. Now invalid
values produce a clear error at parse time:

  invalid value for --reasoning-effort: 'xyz'; must be low, medium, or high

156 CLI tests pass, fmt clean.
 2026-04-09 15:03:36 +09:00
YeonGyu-Kim
414526c1bd fix(cli): exclude stub slash commands from help output — ROADMAP #39 
The --help slash-command section was listing ~35 unimplemented commands
alongside working ones. Combined with the completions fix (c55c510), the
discovery surface now consistently shows only implemented commands.

Changes:
- commands crate: add render_slash_command_help_filtered(exclude: &[&str])
- move STUB_COMMANDS to module-level const in main.rs (reused by both
  completions and help rendering)
- replace render_slash_command_help() with filtered variant at all
  help-rendering call sites

156 CLI tests pass, fmt clean.
 2026-04-09 14:36:00 +09:00
YeonGyu-Kim
2a2e205414 fix(cli): intercept --help for prompt/login/logout/version subcommands before API dispatch 
'claw prompt --help' was triggering an API call instead of showing help
because --help was parsed as part of the prompt args. Now '--help' after
known pass-through subcommands (prompt, login, logout, version, state,
init, export, commit, pr, issue) sets wants_help=true and shows the
top-level help page.

Subcommands that consume their own args (agents, mcp, plugins, skills)
and local help-topic subcommands (status, sandbox, doctor) are excluded
from this interception so their existing --help handling is preserved.

156 CLI tests pass, fmt clean.
 2026-04-09 14:06:26 +09:00
YeonGyu-Kim
c55c510883 fix(cli): exclude stub slash commands from REPL completions — ROADMAP #39 
Commands registered in the spec list but not yet implemented in this build
were appearing in REPL tab-completions, making the discovery surface
over-promise what actually works. Users (mezz2301) reported 'many features
are not supported' after discovering these through completions.

Add STUB_COMMANDS exclusion list in slash_command_completion_candidates_with_sessions.
Excluded: login logout vim upgrade stats share feedback files fast exit
summary desktop brief advisor stickers insights thinkback release-notes
security-review keybindings privacy-settings plan review tasks theme
voice usage rename copy hooks context color effort branch rewind ide
tag output-style add-dir

These commands still parse and run (with the 'not yet implemented' message
for users who type them directly), but they no longer surface as
tab-completion candidates.
 2026-04-09 13:36:12 +09:00
YeonGyu-Kim
3fe0caf348 docs(roadmap): file stub slash commands as ROADMAP #39 (/branch /rewind /ide /tag /output-style /add-dir) 2026-04-09 12:31:17 +09:00
YeonGyu-Kim
47086c1c14 docs(readme): fix cold-start quick-start sequence — set API key before prompt, add claw doctor step 
The previous quick start jumped from 'cargo build' to 'claw prompt' without
showing the required auth step or the health-check command. A user following
it linearly would fail because the prompt needs an API key.

Changes:
- Numbered steps: build -> set ANTHROPIC_API_KEY -> claw doctor -> prompt
- Windows note updated to show cargo run form as alternative
- Added explicit NOTE that Claude subscription login is not supported (pre-empts #claw-code FAQ)

Source: cold-start friction observed from mezz/mukduk and kapcomunica in #claw-code 2026-04-09.
 2026-04-09 12:00:59 +09:00
YeonGyu-Kim
e579902782 docs(readme): add Windows PowerShell note — binary is claw.exe not claw 
User repro: mezz on Windows PowerShell tried './target/debug/claw'
which fails because the binary is 'claw.exe' on Windows.
Add a NOTE callout after the quick-start block directing Windows users
to use .\target\debug\claw.exe or cargo run -- --help.
 2026-04-09 11:30:53 +09:00
YeonGyu-Kim
ca8950c26b feat(cli): wire --reasoning-effort flag end-to-end — closes ROADMAP #34 
Parse --reasoning-effort <low|medium|high> in parse_args, thread through
CliAction::Prompt and CliAction::Repl, LiveCli::set_reasoning_effort(),
AnthropicRuntimeClient.reasoning_effort field, and MessageRequest.reasoning_effort.

Changes:
- parse_args: new --reasoning-effort / --reasoning-effort=VAL flag arms
- AnthropicRuntimeClient: new reasoning_effort field + set_reasoning_effort() method
- LiveCli: new set_reasoning_effort() that reaches through BuiltRuntime -> ConversationRuntime -> api_client_mut()
- runtime::ConversationRuntime: new pub api_client_mut() accessor
- MessageRequest construction: reasoning_effort: self.reasoning_effort.clone()
- run_repl(): accepts and applies reasoning_effort parameter
- parse_direct_slash_cli_action(): propagates reasoning_effort

All 156 CLI tests pass, all api tests pass, cargo fmt clean.
 2026-04-09 11:08:00 +09:00
YeonGyu-Kim
b1d76983d2 docs(readme): warn that cargo install clawcode is not supported; show build-from-source path 
Repeated onboarding friction in #claw-code: users try 'cargo install clawcode'
which fails because the package is not published on crates.io. Add a prominent
NOTE callout before the quick-start block directing users to build from source.

Source: gaebal-gajae pinpoint 2026-04-09 from #claw-code.
 2026-04-09 10:35:50 +09:00
YeonGyu-Kim
c1b1ce465e feat(cli): add reasoning_effort field to CliAction::Prompt/Repl variants — ROADMAP #34 struct groundwork 
Adds reasoning_effort: Option<String> to CliAction::Prompt and
CliAction::Repl enum variants. All constructor and pattern sites updated.
All test literals updated with reasoning_effort: None.

156 cli tests pass, fmt clean. The --reasoning-effort flag parse and
propagation to AnthropicRuntimeClient remains as follow-up work.
 2026-04-09 10:34:28 +09:00
YeonGyu-Kim
8e25611064 docs(roadmap): file dead-session opacity as ROADMAP #38 2026-04-09 10:00:50 +09:00
YeonGyu-Kim
eb044f0a02 fix(api): emit max_completion_tokens for gpt-5* on OpenAI-compat path — closes ROADMAP #35 
gpt-5.x models reject requests with max_tokens and require max_completion_tokens.
Detect wire model starting with 'gpt-5' and switch the JSON key accordingly.
Older models (gpt-4o etc.) continue to receive max_tokens unchanged.

Two regression tests added:
- gpt5_uses_max_completion_tokens_not_max_tokens
- non_gpt5_uses_max_tokens

140 api tests pass, cargo fmt clean.
 2026-04-09 09:33:45 +09:00
YeonGyu-Kim
75476c9005 docs(roadmap): file #35 max_completion_tokens, #36 skill dispatch gap, #37 auth policy cleanup 2026-04-09 09:32:16 +09:00
Jobdori
e4c3871882 feat(api): add reasoning_effort field to MessageRequest and OpenAI-compat path 
Users of OpenAI-compatible reasoning models (o4-mini, o3, deepseek-r1,
etc.) had no way to control reasoning effort — the field was missing from
MessageRequest and never emitted in the request body.

Changes:
- Add `reasoning_effort: Option<String>` to `MessageRequest` in types.rs
  - Annotated with skip_serializing_if = "Option::is_none" for clean JSON
  - Accepted values: "low", "medium", "high" (passed through verbatim)
- In `build_chat_completion_request`, emit `"reasoning_effort"` when set
- Two unit tests:
  - `reasoning_effort_is_included_when_set`: o4-mini + "high" → field present
  - `reasoning_effort_omitted_when_not_set`: gpt-4o, no field → absent

Existing callers use `..Default::default()` and are unaffected.
One struct-literal test that listed all fields explicitly updated with
`reasoning_effort: None`.

The CLI flag to expose this to users is a follow-up (ROADMAP #34 partial).
This commit lands the foundational API-layer plumbing needed for that.

Partial ROADMAP #34.
 2026-04-09 04:02:59 +09:00
Jobdori
beb09df4b8 style(api): cargo fmt fix on normalize_object_schema test assertions 2026-04-09 03:43:59 +09:00
Jobdori
811b7b4c24 docs(roadmap): mark #32 verified no-bug; file reasoning_effort gap as #34 2026-04-09 03:32:22 +09:00
Jobdori
8a9300ea96 docs(roadmap): mark #33 done, dedup #32 and #33 entries 2026-04-09 03:04:36 +09:00
Jobdori
e7e0fd2dbf fix(api): strict object schema for OpenAI /responses endpoint 
OpenAI /responses validates tool function schemas strictly:
- object types must have "properties" (at minimum {})
- "additionalProperties": false is required

/chat/completions is lenient and accepts schemas without these fields,
but /responses rejects them with "object schema missing properties" /
"invalid_function_parameters".

Add normalize_object_schema() which recursively walks the JSON Schema
tree and fills in missing "properties"/{} and "additionalProperties":false
on every object-type node. Existing values are not overwritten.

Call it in openai_tool_definition() before building the request payload
so both /chat/completions and /responses receive strict-validator-safe
schemas.

Add unit tests covering:
- bare object schema gets both fields injected
- nested object schemas are normalised recursively
- existing additionalProperties is not overwritten

Fixes the live repro where gpt-5.4 via OpenAI compat accepted connection
and routing but rejected every tool call with schema validation errors.

Closes ROADMAP #33.
 2026-04-09 03:03:43 +09:00
Jobdori
da451c66db docs(roadmap): file /responses tool-schema compatibility bug as #33 2026-04-08 21:23:45 +09:00
Jobdori
ad38032ab8 docs(roadmap): file /responses tool-schema compatibility bug as #33 2026-04-08 21:23:37 +09:00
Jobdori
7173f2d6c6 docs(roadmap): file /responses tool-schema compatibility bug as #33 2026-04-08 21:23:28 +09:00
Jobdori
a0b4156174 docs(roadmap): file /responses tool-schema compatibility bug as #33 2026-04-08 21:23:20 +09:00
Jobdori
3bf45fc44a docs(roadmap): file /responses tool-schema compatibility bug as #33 2026-04-08 21:23:12 +09:00
Jobdori
af58b6a7c7 docs(roadmap): file /responses tool-schema compatibility bug as #33 2026-04-08 21:23:04 +09:00
Jobdori
514c3da7ad docs(roadmap): file /responses tool-schema compatibility bug as #33 2026-04-08 21:22:56 +09:00
Jobdori
5c69713158 docs(roadmap): file OpenAI-compat model-id passthrough gap as #32 2026-04-08 19:48:34 +09:00
Jobdori
939d0dbaa3 docs(roadmap): file OpenAI-compat model-id passthrough gap as #32 2026-04-08 19:48:28 +09:00
Jobdori
bfd5772716 docs(roadmap): file OpenAI-compat model-id passthrough gap as #32 2026-04-08 19:48:21 +09:00
Jobdori
e0c3ff1673 docs(roadmap): file executor-contract leaks as ROADMAP #31 2026-04-08 18:34:58 +09:00
Jobdori
252536be74 fix(tools): serialize web_search env-var tests with env_lock to prevent race 
web_search_extracts_and_filters_results set CLAWD_WEB_SEARCH_BASE_URL
without holding env_lock(), while the sibling test
web_search_handles_generic_links_and_invalid_base_url always held it.
Under parallel test execution the two tests interleave set_var/remove_var
calls, pointing the search client at the wrong mock server port and
causing assertion failures.

Fix: add env_lock() guard at the top of web_search_extracts_and_filters_results,
matching the serialization pattern already used by every other env-mutating
test in this module.

Root cause of CI flake on run 24127551802.
Identified and fixed during dogfood session.
 2026-04-08 18:34:06 +09:00
Jobdori
275b58546d feat(cli): populate Git SHA, target triple, and build date at compile time via build.rs 
Add rust/crates/rusty-claude-cli/build.rs that:
- Captures git rev-parse --short HEAD at build time → GIT_SHA env
- Reads Cargo's TARGET env var → TARGET env
- Derives BUILD_DATE from SOURCE_DATE_EPOCH / BUILD_DATE env or
  the current date via `date +%Y-%m-%d` fallback
- Registers rerun-if-changed on .git/HEAD and .git/refs so the SHA
  stays fresh across commits

Update main.rs DEFAULT_DATE to pick up BUILD_DATE from option_env!()
instead of the hardcoded 2026-03-31 static string.

Before: `claw --version` always showed Git SHA: unknown, Target: unknown,
Build date: 2026-03-31 in local builds.
After:  e.g. Git SHA: 7f53d82, Target: aarch64-apple-darwin, Build date: 2026-04-08

Generated by droid (Kimi K2.5 Turbo) via acpx (wrote build.rs),
cleaned up by Jobdori (added BUILD_DATE step, updated main.rs const).

Co-Authored-By: Droid <noreply@factory.ai>
 2026-04-08 18:11:46 +09:00
Jobdori
7f53d82b17 docs(roadmap): file DashScope routing fix as #30 (done at adcea6b) 2026-04-08 18:05:17 +09:00
Jobdori
adcea6bceb fix(api): route DashScope models to dashscope config, not openai 
ProviderClient::from_model_with_anthropic_auth was dispatching every
ProviderKind::OpenAi match to OpenAiCompatConfig::openai(), which reads
OPENAI_API_KEY and points at api.openai.com. But DashScope models
(qwen-plus, qwen/qwen3-coder, etc.) also return ProviderKind::OpenAi
from detect_provider_kind because DashScope speaks the OpenAI wire
format. The metadata layer correctly identifies them as needing
DASHSCOPE_API_KEY and the DashScope compatible-mode endpoint, but that
metadata was being ignored at dispatch time.

Result: users running `claw --model qwen-plus` with DASHSCOPE_API_KEY
set would get a "missing OPENAI_API_KEY" error instead of being routed
to DashScope.

Fix: consult providers::metadata_for_model in the OpenAi dispatch arm
and pick dashscope() vs openai() based on metadata.auth_env.

Adds a regression test asserting ProviderClient::from_model("qwen-plus")
builds with the DashScope base URL. Exposes a pub base_url() accessor
on OpenAiCompatClient so the test can verify the routing.

Authored by droid (Kimi K2.5 Turbo) via acpx, cleaned up by Jobdori
(removed unsafe blocks unnecessary under edition 2021, imported
ProviderClient from super, adopted EnvVarGuard pattern from
providers/mod.rs tests).

Co-Authored-By: Droid <noreply@factory.ai>
 2026-04-08 18:04:37 +09:00
YeonGyu-Kim
b1491791df docs(roadmap): mark #21 and #29 as done 
#21 (Resumed /status JSON parity gap): resolved by the broader
Resumed local-command JSON parity gap work tracked as #26. Re-verified
on main HEAD 8dc6580 — the regression test passes.

#29 (CLI provider dispatch hardcoded to Anthropic): landed at 8dc6580.
ApiProviderClient dispatch now routes correctly based on
detect_provider_kind. Original filing preserved as trace record.
 2026-04-08 17:43:47 +09:00
YeonGyu-Kim
8dc65805c1 fix(cli): dispatch to correct provider backend based on model prefix — closes ROADMAP #29 
The CLI entry point (build_runtime_with_plugin_state in main.rs)
was hardcoded to always instantiate AnthropicRuntimeClient with an
AnthropicClient, regardless of what detect_provider_kind(model)
returned. This meant `--model openai/gpt-4` with OPENAI_API_KEY
set and no ANTHROPIC_* vars still failed with "missing Anthropic
credentials" because the CLI never dispatched to the OpenAI-compat
backend that already exists in the api crate.

Root cause: AnthropicRuntimeClient.client was typed as
AnthropicClient (concrete) rather than ApiProviderClient (enum).
The api crate already had a ProviderClient enum with Anthropic /
Xai / OpenAi variants that dispatches correctly via
detect_provider_kind, plus a unified MessageStream enum that wraps
both anthropic::MessageStream and openai_compat::MessageStream
with the same next_event() -> StreamEvent interface. The CLI just
wasn't using it.

Changes (1 file, +59 -7):
- Import api::ProviderClient as ApiProviderClient
- Change AnthropicRuntimeClient.client from AnthropicClient to
  ApiProviderClient
- In AnthropicRuntimeClient::new(), dispatch based on
  detect_provider_kind(&resolved_model):
  * Anthropic: build AnthropicClient directly with
    resolve_cli_auth_source() + api::read_base_url() +
    PromptCache (preserves ANTHROPIC_BASE_URL override for mock
    test harness and the session-scoped prompt cache)
  * xAI / OpenAi: delegate to
    ApiProviderClient::from_model_with_anthropic_auth which routes
    to OpenAiCompatClient::from_env with the matching config
    (reads OPENAI_API_KEY/XAI_API_KEY/DASHSCOPE_API_KEY and their
    BASE_URL overrides internally)
- Change push_prompt_cache_record to take &ApiProviderClient
  (ProviderClient::take_last_prompt_cache_record returns None for
  non-Anthropic variants, so the helper is a no-op on
  OpenAI-compat providers without extra branching)

What this unlocks for users:
  claw --model openai/gpt-4.1-mini prompt 'hello'  # OpenAI
  claw --model grok-3 prompt 'hello'                # xAI
  claw --model qwen-plus prompt 'hello'             # DashScope
  OPENAI_BASE_URL=https://openrouter.ai/api/v1 \
    claw --model openai/anthropic/claude-sonnet-4 prompt 'hello'  # OpenRouter

All previously broken, now routed correctly by prefix.

Verification:
- cargo build --release -p rusty-claude-cli: clean
- cargo test --release -p rusty-claude-cli: 182 tests, 0 failures
  (including compact_output tests that exercise the Anthropic mock)
- cargo fmt --all: clean
- cargo clippy --workspace: warnings-only (pre-existing)
- cargo test --release --workspace: all crates green except one
  pre-existing race in runtime::config::tests (passes in isolation)

Source: live users nicma (1491342350960562277) and Jengro
(1491345009021030533) in #claw-code on 2026-04-08.
 2026-04-08 17:29:55 +09:00
YeonGyu-Kim
a9904fe693 docs(roadmap): file CLI provider dispatch bug as #29, mark #28 as partial 
#28 error-copy improvements landed on ff1df4c but real users (nicma,
Jengro) hit `error: missing Anthropic credentials` within hours when
using `--model openai/gpt-4` with OPENAI_API_KEY set and all
ANTHROPIC_* env vars unset on main.

Traced root cause in build_runtime_with_plugin_state at line ~6244:
AnthropicRuntimeClient::new() is hardcoded. BuiltRuntime is
statically typed as ConversationRuntime<AnthropicRuntimeClient, ...>.
providers::detect_provider_kind() computes the right routing at the
metadata layer but the runtime client is never dispatched.

Files #29 with the detailed trace + a focused action plan:
DynamicApiClient enum wrapping Anthropic + OpenAiCompat variants,
retype BuiltRuntime, dispatch in build_runtime based on
detect_provider_kind, integration test with mock OpenAI-compat
server.

#28 is marked partial — the error-copy improvements are real and
stayed in, but the routing gap they were meant to cover is the
actual bug and needs #29 to land.
 2026-04-08 17:01:14 +09:00
YeonGyu-Kim
ff1df4c7ac fix(api): auth-provider error copy — prefix-routing hints + sk-ant-* bearer detection — closes ROADMAP #28 
Two live users in #claw-code on 2026-04-08 hit adjacent auth confusion:
varleg set OPENAI_API_KEY for OpenRouter but prefix routing didn't
activate without openai/ model prefix, and stanley078852 put sk-ant-*
in ANTHROPIC_AUTH_TOKEN (Bearer path) instead of ANTHROPIC_API_KEY
(x-api-key path) and got 401 Invalid bearer token.

Changes:
1. ApiError::MissingCredentials gained optional hint field (error.rs)
2. anthropic_missing_credentials_hint() sniffs OPENAI/XAI/DASHSCOPE
   env vars and suggests prefix routing when present (providers/mod.rs)
3. All 4 Anthropic auth paths wire the hint helper (anthropic.rs)
4. 401 + sk-ant-* in bearer token detected and hint appended
5. 'Which env var goes where' section added to USAGE.md

Tests: unit tests for all three improvements (no HTTP calls needed).
Workspace: all tests green, fmt clean, clippy warnings-only.

Source: live users varleg + stanley078852 in #claw-code 2026-04-08.

Co-authored-by: gaebal-gajae <gaebal-gajae@layofflabs.com>
 2026-04-08 16:29:03 +09:00
YeonGyu-Kim
efa24edf21 docs(roadmap): file auth-provider truth pinpoint as backlog #28 
Filed from live #claw-code dogfood on 2026-04-08 where two real users
hit adjacent auth confusion within minutes:

- varleg set OPENAI_API_KEY for OpenRouter but prefix routing didn't
  win because the model name wasn't prefixed with openai/; unsetting
  ANTHROPIC_API_KEY then hit MissingApiKey with no hint that the
  OpenAI path was already configured
- stanley078852 put an sk-ant-* key in ANTHROPIC_AUTH_TOKEN instead
  of ANTHROPIC_API_KEY, causing claw to send it as
  Authorization: Bearer sk-ant-..., which Anthropic rejects at the
  edge with 401 Invalid bearer token

Both fixes delivered live in #claw-code as direct replies, but the
pattern is structural: the error surface doesn't bridge HTTP-layer
symptoms back to env-var choice.

Action block spells out a single main-side PR with three
improvements: (a) MissingCredentials hint when an adjacent
provider's env var is already set, (b) 401-on-Anthropic hint when
bearer token starts with sk-ant-, (c) 'which env var goes where'
paragraph in both README matrices mapping sk-ant-* -> x-api-key and
OAuth access token -> Authorization: Bearer.

All three improvements are unit-testable against ApiError::fmt
output with no HTTP calls required.
 2026-04-08 15:58:46 +09:00
YeonGyu-Kim
8339391611 docs(roadmap): correct #25 root cause — BrokenPipe tolerance, not chmod 
The original ROADMAP #25 entry claimed the root cause was missing
exec bits on generated hook scripts. That was wrong — a chmod-only
fix (4f7b674) still failed CI. The actual bug was output_with_stdin
unconditionally propagating BrokenPipe from write_all when the child
exits before the parent finishes writing stdin.

Updated per gaebal-gajae's direction: actual fix, hygiene hardening,
and regression guard are now clearly separated. Added a meta-lesson
about Broken pipe ambiguity in fork/exec paths so future investigators
don't cargo-cult the same wrong first theory.
 2026-04-08 15:53:26 +09:00
YeonGyu-Kim
172a2ad50a fix(plugins): chmod +x generated hook scripts + tolerate BrokenPipe in stdin write — closes ROADMAP #25 hotfix lane 
Two bugs found in the plugin hook test harness that together caused
Linux CI to fail on 'hooks::tests::collects_and_runs_hooks_from_enabled_plugins'
with 'Broken pipe (os error 32)'. Three reproductions plus one rerun
failure on main today: 24120271422, 24120538408, 24121392171.

Root cause 1 (chmod, defense-in-depth): write_hook_plugin writes
pre.sh/post.sh/failure.sh via fs::write without setting the execute
bit. While the runtime hook runner invokes hooks via 'sh <path>' (so
the script file does not strictly need +x), missing exec perms can
cause subtle fork/exec races on Linux in edge cases.

Root cause 2 (the actual CI failure): output_with_stdin unconditionally
propagated write_all errors on the child's stdin pipe, including
BrokenPipe. A hook script that runs to completion in microseconds
(e.g. a one-line printf) can exit and close its stdin before the parent
finishes writing the JSON payload. Linux pipes surface this as EPIPE
immediately; macOS pipes happen to buffer the small payload, so the
race only shows on ubuntu CI runners. The parent's write_all raised
BrokenPipe, which output_with_stdin returned as Err, which run_command
classified as 'failed to start', making the test assertion fail.

Fix: (a) make_executable helper sets mode 0o755 via PermissionsExt on
each generated hook script, with a #[cfg(unix)] gate and a no-op
#[cfg(not(unix))] branch. (b) output_with_stdin now matches the
write_all result and swallows BrokenPipe specifically (the child still
ran; wait_with_output still captures stdout/stderr/exit code), while
propagating all other write errors. (c) New regression guard
generated_hook_scripts_are_executable under #[cfg(unix)] asserts each
generated .sh file has at least one execute bit set.

Surgical scope per gaebal-gajae's direction: chmod + pipe tolerance +
regression guard only. The deeper plugin-test sealing pass for ROADMAP
#25 + #27 stays in gaebal-gajae's OMX lane.

Verification:
- cargo test --release -p plugins → 35 passing, 0 failing
- cargo fmt -p plugins → clean
- cargo clippy -p plugins -- -D warnings → clean

Co-authored-by: gaebal-gajae <gaebal-gajae@layofflabs.com>
 2026-04-08 15:48:20 +09:00
YeonGyu-Kim
647ff379a4 docs(roadmap): file dev/rust plugin-validation host-home leak as backlog #27 
Filing per gaebal-gajae's status summary at message 1491322807026454579
in #clawcode-building-in-public, with corrected scope after re-running
`cargo test -p rusty-claude-cli` against main HEAD (79da4b8): the 11
deterministic failures only reproduce on dev/rust, not main, so this is
a dev/rust catchup item rather than a main regression.

Two-layered root cause documented:
1. dev/rust `parse_args` eagerly validates user plugin hook scripts
   exist on disk before returning a CliAction
2. dev/rust test harness does not redirect $HOME/XDG_CONFIG_HOME to a
   fixture (no `env_lock` equivalent — main has 30+ env_lock hits, dev
   has zero)

Together they make dev/rust `cargo test -p rusty-claude-cli` fail on
any clean clone whose owner has a half-installed user plugin in
~/.claude/plugins/installed/. main has both the env_lock test isolation
AND the parse_args/hook-validation decoupling already; dev/rust is just
behind on the merge train.

Action block in #27 spells out backporting env_lock + the parse_args
decoupling so the next dev/rust release picks this up.
 2026-04-08 15:30:04 +09:00
YeonGyu-Kim
79da4b8a63 docs(roadmap): record hooks test flake as P2 backlog item #25 
Linux CI keeps tripping over
`plugins::hooks::tests::collects_and_runs_hooks_from_enabled_plugins`
with `Broken pipe (os error 32)` when the hook runner tries to spawn a
child shell script that was written by `write_hook_plugin` without the
execute bit set. Fails on first attempt, passes on rerun (observed in CI
runs 24120271422 and 24120538408). Passes consistently on macOS.

Since issues are disabled on the repo, recording as ROADMAP backlog
item #25 in the Immediate Backlog P2 cluster next to the related plugin
lifecycle flake at #24. Action block spells out the chmod +755 fix in
`write_hook_plugin` plus the regression guard.
 2026-04-08 15:10:13 +09:00
YeonGyu-Kim
7d90283cf9 docs(roadmap): record cascade-masking pinpoint under green-ness contract (#9) 
Concrete follow-up captured from today's dogfood session:

A single hung test (oversized-request preflight, 6 minutes per attempt
after `be561bf` silently swallowed count_tokens errors) crashed the
`cargo test --workspace` job before downstream crates could run, hiding
6 separate pre-existing CLI regressions until `8c6dfe5` + `5851f2d`
restored the fast-fail path.

Two new acceptance criteria for #9:
- per-test timeouts in CI so one hang cannot mask other failures
- distinguish `test.hung` from generic test failures in worker reports
 2026-04-08 15:03:30 +09:00
YeonGyu-Kim
5851f2dee8 fix(cli): 6 cascading test regressions hidden behind client_integration gate 
- compact flag: was parsed then discarded (`compact: _`) instead of
  passed to `run_turn_with_output` — hardcoded `false` meant --compact
  never took effect
- piped stdin vs permission prompter: `read_piped_stdin()` consumed all
  stdin before `CliPermissionPrompter::decide()` could read interactive
  approval answers; now only consumes stdin as prompt context when
  permission mode is `DangerFullAccess` (fully unattended)
- session resolver: `resolve_managed_session_path` and
  `list_managed_sessions` now fall back to the pre-isolation flat
  `.claw/sessions/` layout so legacy sessions remain accessible
- help assertion: match on stable prefix after `/session delete` was
  added in batch 5
- prompt shorthand: fix copy-paste that changed expected prompt from
  "help me debug" to "$help overview"
- mock parity harness: filter captured requests to `/v1/messages` path
  only, excluding count_tokens preflight calls added by `be561bf`

All 6 failures were pre-existing but masked because `client_integration`
always failed first (fixed in 8c6dfe5).

Workspace: 810+ tests passing, 0 failing.
 2026-04-08 14:54:10 +09:00
YeonGyu-Kim
8c6dfe57e6 fix(api): restore local preflight guard ahead of count_tokens round-trip 
CI has been red since be561bf ('Use Anthropic count tokens for preflight')
because that commit replaced the free-function preflight_message_request
(byte-estimate guard) with an instance method that silently returns Ok on
any count_tokens failure:

    let counted_input_tokens = match self.count_tokens(request).await {
        Ok(count) => count,
        Err(_) => return Ok(()),  // <-- silent bypass
    };

Two consequences:

1. client_integration::send_message_blocks_oversized_requests_before_the_http_call
   has been FAILING on every CI run since be561bf. The mock server in that
   test only has one HTTP response queued (a bare '{}' to satisfy the main
   request), so the count_tokens POST parses into an empty body that fails
   to deserialize into CountTokensResponse -> Err -> silent bypass -> the
   oversized 600k-char request proceeds to the mock instead of being
   rejected with ContextWindowExceeded as the test expects.

2. In production, any third-party Anthropic-compatible gateway that doesn't
   implement /v1/messages/count_tokens (OpenRouter, Cloudflare AI Gateway,
   etc.) would silently disable the preflight guard entirely, letting
   oversized requests hit the upstream only to fail there with a provider-
   side context-window error. This is exactly the 'opaque failure surface'
   ROADMAP #22 asked us to avoid.

Fix: call the free-function super::preflight_message_request(request)? as
the first step in the instance method, before any network round-trip. This
guarantees the byte-estimate guard always fires, whether or not the remote
count_tokens endpoint is reachable. The count_tokens refinement still runs
afterward when available for more precise token counting, but it is now
strictly additive — it can only catch more cases, never silently skip the
guard.

Test results:
- cargo test -p api --lib: 89 passed, 0 failed
- cargo test --release -p api (all test binaries): 118 passed, 0 failed
- cargo test --release -p api --test client_integration \
    send_message_blocks_oversized_requests_before_the_http_call: passes
- cargo fmt --check: clean

This unblocks the Rust CI workflow which has been red on every push since
be561bf landed.
 2026-04-08 14:34:38 +09:00
YeonGyu-Kim
eed57212bb docs(usage): add DashScope/Qwen section and prefix routing note 
Document the qwen/ and qwen- prefix routing added in 3ac97e6. Users
in Discord #clawcode-get-help (web3g, Renan Klehm, matthewblott) kept
hitting ambient-credential misrouting because the docs only showed
the OPENAI_BASE_URL pattern without explaining that model-name prefix
wins over env-var presence.

Added:
- DashScope usage section with qwen/qwen-max and bare qwen-plus examples
- DashScope row in provider matrix table
- Reasoning model sanitization note (qwen-qwq, qwq-*, *-thinking)
- Explicit statement that model-name prefix wins over ambient creds
 2026-04-08 14:11:12 +09:00
YeonGyu-Kim
3ac97e635e feat(api): add qwen/ prefix routing for Alibaba DashScope provider 
Users in Discord #clawcode-get-help (web3g) asked for Qwen 3.6 Plus via
native Alibaba DashScope API instead of OpenRouter, which has stricter
rate limits. This commit adds first-class routing for qwen/ and bare
qwen- prefixed model names.

Changes:
- DEFAULT_DASHSCOPE_BASE_URL constant: /compatible-mode/v1 endpoint
- OpenAiCompatConfig::dashscope() factory mirroring openai()/xai()
- DASHSCOPE_ENV_VARS + credential_env_vars() wiring
- metadata_for_model: qwen/ and qwen- prefix routes to DashScope with
  auth_env=DASHSCOPE_API_KEY, reuses ProviderKind::OpenAi because
  DashScope speaks the OpenAI REST shape
- is_reasoning_model: detect qwen-qwq, qwq-*, and *-thinking variants
  so tuning params (temperature, top_p, etc.) get stripped before
  payload assembly (same pattern as o1/o3/grok-3-mini)

Tests added:
- providers::tests::qwen_prefix_routes_to_dashscope_not_anthropic
- openai_compat::tests::qwen_reasoning_variants_are_detected

89 api lib tests passing, 0 failing. cargo fmt --check: clean.

Closes the user-reported gap: 'use Qwen 3.6 Plus via Alibaba API
directly, not OpenRouter' without needing OPENAI_BASE_URL override
or unsetting ANTHROPIC_API_KEY.
 2026-04-08 14:06:26 +09:00
YeonGyu-Kim
006f7d7ee6 fix(test): add env_lock to plugin lifecycle test — closes ROADMAP #24 
build_runtime_runs_plugin_lifecycle_init_and_shutdown was the only test
that set/removed ANTHROPIC_API_KEY without holding the env_lock mutex.
Under parallel workspace execution, other tests racing on the same env
var could wipe the key mid-construction, causing a flaky credential error.

Root cause: process-wide env vars are shared mutable state. All other
tests that touch ANTHROPIC_API_KEY already use env_lock(). This test
was the only holdout.

Fix: add let _guard = env_lock(); at the top of the test.
 2026-04-08 12:46:04 +09:00
YeonGyu-Kim
82baaf3f22 fix(ci): update integration test MessageRequest initializers for new tuning fields 
openai_compat_integration.rs and client_integration.rs had MessageRequest
constructions without the new tuning param fields (temperature, top_p,
frequency_penalty, presence_penalty, stop) added in c667d47.

Added ..Default::default() to all 4 sites. cargo fmt applied.

This was the root cause of CI red on main (E0063 compile error in
integration tests, not caught by --lib tests).
 2026-04-08 11:43:51 +09:00
YeonGyu-Kim
c7b3296ef6 style: cargo fmt — fix CI formatting failures 
Pre-existing formatting issues in anthropic.rs surfaced by CI cargo fmt check.
No functional changes.
 2026-04-08 11:21:13 +09:00
YeonGyu-Kim
000aed4188 fix(commands): fix brittle /session help assertion after delete subcommand addition 
renders_help_from_shared_specs hardcoded the exact /session usage string,
which broke when /session delete was added in batch 5. Relaxed to check
for /session presence instead of exact subcommand list.

Pre-existing test brittleness (not caused by recent commits).

687 workspace lib tests passing, 0 failing.
 2026-04-08 09:33:51 +09:00
YeonGyu-Kim
523ce7474a fix(api): sanitize Anthropic body — strip frequency/presence_penalty, convert stop→stop_sequences 
MessageRequest now carries OpenAI-compatible tuning params (c667d47), but
the Anthropic API does not support frequency_penalty or presence_penalty,
and uses 'stop_sequences' instead of 'stop'. Without this fix, setting
these params with a Claude model would produce 400 errors.

Changes to strip_unsupported_beta_body_fields:
- Remove frequency_penalty and presence_penalty from Anthropic request body
- Convert stop → stop_sequences (only when non-empty)
- temperature and top_p are preserved (Anthropic supports both)

Tests added:
- strip_removes_openai_only_fields_and_converts_stop
- strip_does_not_add_empty_stop_sequences

87 api lib tests passing, 0 failing.
cargo check --workspace: clean.
 2026-04-08 09:05:10 +09:00
YeonGyu-Kim
b513d6e462 fix(api): sanitize tuning params for reasoning models (o1/o3/grok-3-mini) 
Reasoning models reject temperature, top_p, frequency_penalty, and
presence_penalty with 400 errors. Instead of letting these flow through
and returning cryptic provider errors, strip them silently at the
request-builder boundary.

is_reasoning_model() classifies: o1*, o3*, o4*, grok-3-mini.
stop sequences are preserved (safe for all providers).

Tests added:
- reasoning_model_strips_tuning_params: o1-mini strips all 4 params, keeps stop
- grok_3_mini_is_reasoning_model: classification coverage for grok-3-mini, o1,
  o3-mini, and negative cases (gpt-4o, grok-3, claude)

85 api lib tests passing, 0 failing.
 2026-04-08 07:32:47 +09:00
YeonGyu-Kim
c667d47c70 feat(api): add tuning params (temperature, top_p, penalties, stop) to MessageRequest 
MessageRequest was missing standard OpenAI-compatible generation tuning
parameters. Callers had no way to control temperature, top_p,
frequency_penalty, presence_penalty, or stop sequences.

Changes:
- Added 5 optional fields to MessageRequest (all Option, None by default)
- Wired into build_chat_completion_request: only included in payload when set
- All existing construction sites updated with ..Default::default()
- MessageRequest now derives Default for ergonomic partial construction

Tests added:
- tuning_params_included_in_payload_when_set: all 5 params flow into JSON
- tuning_params_omitted_from_payload_when_none: absent params stay absent

83 api lib tests passing, 0 failing.
cargo check --workspace: 0 warnings.
 2026-04-08 07:07:33 +09:00
YeonGyu-Kim
7546c1903d docs(roadmap): document provider routing fix and auth-sniffer fragility lesson 
Filed: openai/ prefix model misrouting (fixed in 0530c50).
Documents root cause, fix, and the architectural lesson:
  - metadata_for_model is the canonical extension point for new providers
  - auth-sniffer fallback order must never override explicit model-name prefix
  - regression test locked in to guard this invariant
 2026-04-08 05:35:12 +09:00
YeonGyu-Kim
0530c509a3 fix(api): route openai/ and gpt- model prefixes to OpenAi provider 
metadata_for_model returned None for unknown models like openai/gpt-4.1-mini,
causing detect_provider_kind to fall through to auth-sniffer order. If
ANTHROPIC_API_KEY was set, the model was silently misrouted to Anthropic
and the user got a confusing 'missing Anthropic credentials' error.

Fix: add explicit prefix checks for 'openai/' and 'gpt-' in
metadata_for_model so the model name wins over env-var presence.

Regression test added: openai_namespaced_model_routes_to_openai_not_anthropic
- 'openai/gpt-4.1-mini' routes to OpenAi
- 'gpt-4o' routes to OpenAi

Reported and reproduced by gaebal-gajae against current main.
81 api lib tests passing, 0 failing.
 2026-04-08 05:33:47 +09:00
YeonGyu-Kim
eff0765167 test(tools): fill WorkerGet and error-path coverage gaps 
WorkerGet had zero test coverage. WorkerAwaitReady and WorkerSendPrompt
had only one happy-path test each with no error paths.

Added 4 tests:
- worker_get_returns_worker_state: WorkerGet fetches correct worker_id/status/cwd
- worker_get_on_unknown_id_returns_error: unknown id -> 'worker not found'
- worker_await_ready_on_spawning_worker_returns_not_ready: ready=false on spawning worker
- worker_send_prompt_on_non_ready_worker_returns_error: sending prompt before ready fails

94 tool tests passing, 0 failing.
 2026-04-08 05:03:34 +09:00
YeonGyu-Kim
aee5263aef test(tools): prove recovery loop against .claw/worker-state.json directly 
recovery_loop_state_file_reflects_transitions reads the actual state
file after each transition to verify the canonical observability surface
reflects the full stall->resolve->ready progression:

  spawning (state file exists, seconds_since_update present)
  -> trust_required (is_ready=false, trust_gate_cleared=false in file)
  -> spawning (trust_gate_cleared=true after WorkerResolveTrust)
  -> ready_for_prompt (is_ready=true after ready screen observe)

This is the end-to-end proof gaebal-gajae called for: clawhip polling
.claw/worker-state.json will see truthful state at every step of the
recovery loop, including the seconds_since_update staleness signal.

90 tool tests passing, 0 failing.
 2026-04-08 04:38:38 +09:00
YeonGyu-Kim
9461522af5 feat(tools): expose WorkerObserveCompletion tool; add provider-degraded classification tests 
observe_completion() on WorkerRegistry classifies finish_reason into
Finished vs Failed (finish='unknown' + 0 tokens = provider degraded).
This logic existed in the runtime but had no tool wrapper — clawhip
could not call it. Added WorkerObserveCompletion as a first-class tool.

Tool schema:
  { worker_id, finish_reason: string, tokens_output: integer }

Handler: run_worker_observe_completion -> global_worker_registry().observe_completion()

Tests added:
- worker_observe_completion_success_finish_sets_finished_status
  finish=end_turn + tokens=512 -> status=finished
- worker_observe_completion_degraded_provider_sets_failed_status
  finish=unknown + tokens=0 -> status=failed, last_error populated

89 tool tests passing, 0 failing.
 2026-04-08 04:35:05 +09:00
YeonGyu-Kim
c08f060ca1 test(tools): end-to-end stall-detect and recovery loop coverage 
Proves the clawhip restart/recover flow that gaebal-gajae flagged:

1. stall_detect_and_resolve_trust_end_to_end
   - Worker created without trusted_roots -> trust_auto_resolve=false
   - WorkerObserve with trust-prompt text -> status=trust_required, gate cleared=false
   - WorkerResolveTrust -> status=spawning, trust_gate_cleared=true
   - WorkerObserve with ready text -> status=ready_for_prompt
   Full resolve path verified end-to-end.

2. stall_detect_and_restart_recovery_end_to_end
   - Worker stalls at trust_required
   - WorkerRestart resets to spawning, trust_gate_cleared=false
   Documents the restart-then-re-acquire-trust flow.

Note: seconds_since_update is in .claw/worker-state.json (state file),
not in the Worker tool output struct. Staleness detection via state file
is covered by emit_state_file_writes_worker_status_on_transition in
worker_boot.rs tests.

87 tool tests passing, 0 failing.
 2026-04-08 04:09:55 +09:00
YeonGyu-Kim
cae11413dd fix(dead-code): remove stale constants + dead function; add workspace_sessions_dir tests 
Three dead-code warnings eliminated from cargo check:

1. KNOWN_TOP_LEVEL_KEYS / DEPRECATED_TOP_LEVEL_KEYS in config.rs
   - Superseded by config_validate::TOP_LEVEL_FIELDS and DEPRECATED_FIELDS
   - Were out of date (missing aliases, providerFallbacks, trustedRoots)
   - Removed

2. read_git_recent_commits in prompt.rs
   - Private function, never called anywhere in the codebase
   - Removed

3. workspace_sessions_dir in session.rs
   - Public API scaffolded for session isolation (#41)
   - Genuinely useful for external consumers (clawhip enumerating sessions)
   - Added 2 tests: deterministic path for same CWD, different path for different CWDs
   - Annotated with #[allow(dead_code)] since it is external-facing API

cargo check --workspace: 0 warnings remaining
430 runtime tests passing, 0 failing
 2026-04-08 04:04:54 +09:00
YeonGyu-Kim
60410b6c92 docs(roadmap): settle observability transport — CLI/file is canonical, HTTP deferred 
Closes the ambiguity gaebal-gajae flagged: downstream tooling was left
guessing which integration surface to build against.

Decision: claw state + .claw/worker-state.json is the blessed contract.
HTTP endpoint not scheduled. Rationale documented:
- plugin scope constraint (can't add routes to opencode serve)
- file polling has lower latency and fewer failure modes than HTTP
- HTTP would require upstreaming to sst/opencode or a fragile sidecar

Clawhip integration contract documented:
- poll .claw/worker-state.json after WorkerCreate
- seconds_since_update > 60 in trust_required = stall signal
- WorkerResolveTrust to unblock, WorkerRestart to reset
 2026-04-08 03:34:31 +09:00
YeonGyu-Kim
aa37dc6936 test(tools): add coverage for WorkerRestart and WorkerTerminate tools 
WorkerRestart and WorkerTerminate had zero test coverage despite being
public tools in the tool spec. Also confirms one design decision worth
noting: restart resets trust_gate_cleared=false, so an allowlisted
worker that gets restarted must re-acquire trust via the normal observe
flow (by design — trust is per-session, not per-CWD).

Tests added:
- worker_terminate_sets_finished_status
- worker_restart_resets_to_spawning (verifies status=spawning,
  prompt_in_flight=false, trust_gate_cleared=false)
- worker_terminate_on_unknown_id_returns_error
- worker_restart_on_unknown_id_returns_error

85 tool tests passing, 0 failing.
 2026-04-08 03:33:05 +09:00
YeonGyu-Kim
6ddfa78b7c feat(tools): wire config.trusted_roots into WorkerCreate tool 
Previously WorkerCreate passed trusted_roots directly to spawn_worker
with no config-level default. Any batch script omitting the field
stalled all workers at TrustRequired with no recovery path.

Now run_worker_create loads RuntimeConfig from the worker CWD before
spawning and merges config.trusted_roots() with per-call overrides.
Per-call overrides still take effect; config provides the default.

Add test: worker_create_merges_config_trusted_roots_without_per_call_override
- writes .claw/settings.json with trustedRoots=[<os-temp-dir>] in a temp worktree
- calls WorkerCreate with no trusted_roots field
- asserts trust_auto_resolve=true (config roots matched the CWD)

81 tool tests passing, 0 failing.
 2026-04-08 03:08:13 +09:00
YeonGyu-Kim
bcdc52d72c feat(config): add trustedRoots to RuntimeConfig 
Closes the startup-friction gap filed in ROADMAP (dd97c49).

WorkerCreate required trusted_roots on every call with no config-level
default. Any batch script that omitted the field stalled all workers at
TrustRequired with no auto-recovery path.

Changes:
- RuntimeFeatureConfig: add trusted_roots: Vec<String> field
- ConfigLoader: wire parse_optional_trusted_roots() for 'trustedRoots' key
- RuntimeConfig / RuntimeFeatureConfig: expose trusted_roots() accessor
- config_validate: add trustedRoots to TOP_LEVEL_FIELDS schema (StringArray)
- Tests: parses_trusted_roots_from_settings + trusted_roots_default_is_empty_when_unset

Callers can now set trusted_roots in .claw/settings.json:
  { "trustedRoots": ["/tmp/worktrees"] }

WorkerRegistry::spawn_worker() callers should merge config.trusted_roots()
with any per-call overrides (wiring left for follow-up).
 2026-04-08 02:35:19 +09:00
YeonGyu-Kim
dd97c49e6b docs(roadmap): file startup-friction gap — no default trusted_roots in settings 
WorkerCreate requires trusted_roots per-call; no config-level default.
Any batch that forgets the field stalls all workers at trust_required.
Root cause of several 'batch lanes not advancing' incidents.

Recommended fix: wire RuntimeConfig::trusted_roots() as default into
WorkerRegistry::spawn_worker(), with per-call overrides. Update
config_validate schema to include the new field.
 2026-04-08 02:02:48 +09:00
YeonGyu-Kim
5dfb1d7c2b fix(config_validate): add missing aliases/providerFallbacks to schema; fix deprecated-key bypass 
Two real schema gaps found via dogfood (cargo test -p runtime):

1. aliases and providerFallbacks not in TOP_LEVEL_FIELDS
   - Both are valid config keys parsed by config.rs
   - Validator was rejecting them as unknown keys
   - 2 tests failing: parses_user_defined_model_aliases,
     parses_provider_fallbacks_chain

2. Deprecated keys were being flagged as unknown before the deprecated
   check ran (unknown-key check runs first in validate_object_keys)
   - Added early-exit for deprecated keys in unknown-key loop
   - Keeps deprecated→warning behavior for permissionMode/enabledPlugins
     which still appear in valid legacy configs

3. Config integration tests had assertions on format strings that never
   matched the actual validator output (path:3: vs path: ... (line N))
   - Updated assertions to check for path + line + field name as
     independent substrings instead of a format that was never produced

426 tests passing, 0 failing.
 2026-04-08 01:45:08 +09:00
YeonGyu-Kim
fcb5d0c16a fix(worker_boot): add seconds_since_update to state snapshot 
Clawhip needs to distinguish a stalled trust_required worker from one
that just transitioned. Without a pre-computed staleness field it has
to compute epoch delta itself from updated_at.

seconds_since_update = now - updated_at at snapshot write time.
Clawhip threshold: > 60s in trust_required = stalled; act.
 2026-04-08 01:03:00 +09:00
YeonGyu-Kim
314f0c99fd feat(worker_boot): emit .claw/worker-state.json on every status transition 
WorkerStatus is fully tracked in worker_boot.rs but was invisible to
external observers (clawhip, orchestrators) because opencode serve's
HTTP server is upstream and not ours to extend.

Solution: atomic file-based observability.

- emit_state_file() writes .claw/worker-state.json on every push_event()
  call (tmp write + rename for atomicity)
- Snapshot includes: worker_id, status, is_ready, trust_gate_cleared,
  prompt_in_flight, last_event, updated_at
- Add 'claw state' CLI subcommand to read and print the file
- Add regression test: emit_state_file_writes_worker_status_on_transition
  verifies spawning→ready_for_prompt transition is reflected on disk

This closes the /state dogfood gap without requiring any upstream
opencode changes. Clawhip can now distinguish a truly stalled worker
(status: trust_required or running with no recent updated_at) from a
quiet-but-progressing one.
 2026-04-08 00:37:44 +09:00
YeonGyu-Kim
469ae0179e docs(roadmap): document WorkerState deployment architecture gap 
WorkerStatus state machine exists in worker_boot.rs and is exported
from runtime/src/lib.rs. But claw-code is a plugin — it cannot add
HTTP routes to opencode serve (upstream binary, not ours).

/state HTTP endpoint via axum was never implemented. Prior session
summary claiming commit 0984cca was incorrect.

Recommended path: write WorkerStatus transitions to
.claw/worker-state.json on each transition (file-based observability,
no upstream changes required). Wire WorkerRegistry::transition() to
atomic file writes + add  CLI subcommand.
 2026-04-08 00:07:06 +09:00
YeonGyu-Kim
092d8b6e21 fix(tests): add missing test imports for session/prompt history features 
Add missing imports to test module:
- PromptHistoryEntry, render_prompt_history_report, parse_history_count
- parse_export_args, render_session_markdown
- summarize_tool_payload_for_markdown, short_tool_id

Fixes test compilation errors introduced by new session and export
features from batch 5/6 work.
 2026-04-07 16:20:33 +09:00
YeonGyu-Kim
b3ccd92d24 feat: b6-pdf-extract-v2 follow-up work — batch 6 2026-04-07 16:11:51 +09:00
YeonGyu-Kim
d71d109522 feat: b6-openai-models follow-up work — batch 6 2026-04-07 16:11:51 +09:00
YeonGyu-Kim
0f2f02af2d feat: b6-http-proxy-v2 follow-up work — batch 6 2026-04-07 16:11:51 +09:00
YeonGyu-Kim
e51566c745 feat: b6-bridge-directory follow-up work — batch 6 2026-04-07 16:11:50 +09:00
YeonGyu-Kim
20f3a5932a fix(cli): wire sessions_dir() through SessionStore::from_cwd() (#41) 
The CLI was using a flat cwd/.claw/sessions/ path without workspace
fingerprinting, while SessionStore::from_cwd() adds a hash subdirectory.
This mismatch meant the isolation machinery existed but wasn't actually
used by the main session management codepath.

Now sessions_dir() delegates to SessionStore::from_cwd(), ensuring all
session operations use workspace-fingerprinted directories.
 2026-04-07 16:03:44 +09:00
YeonGyu-Kim
28e6cc0965 feat(runtime): activate per-worktree session isolation (#41) 
Remove #[cfg(test)] gate from session_control module — SessionStore
is now available at runtime, not just in tests. Export SessionStore and
add workspace_sessions_dir() helper that creates fingerprinted session
directories per workspace root.

This is the #41 kill shot: parallel opencode serve instances will use
separate session namespaces based on workspace fingerprint instead of
sharing a global ~/.local/share/opencode/ store.

The CLI already uses cwd/.claw/sessions/ (sessions_dir()), and now
SessionStore::from_cwd() adds workspace hash isolation on top.
 2026-04-07 16:00:57 +09:00
YeonGyu-Kim
f03b8dce17 feat: bridge directory metadata + stale-base preflight check 
- Add CWD to SSE session events (kills Directory: unknown)
- Add stale-base preflight: verify HEAD matches expected base commit
- Warn on divergence before session starts
 2026-04-07 15:55:38 +09:00
YeonGyu-Kim
ecdca49552 feat: plugin-level max_output_tokens override via session_control 2026-04-07 15:55:38 +09:00
YeonGyu-Kim
8cddbc6615 feat: b6-sterling-deep — batch 6 2026-04-07 15:52:31 +09:00
YeonGyu-Kim
5c276c8e14 feat: b6-pdf-extract-v2 — batch 6 2026-04-07 15:52:30 +09:00
YeonGyu-Kim
1f968b359f feat: b6-openai-models — batch 6 2026-04-07 15:52:30 +09:00
YeonGyu-Kim
18d3c1918b feat: b6-http-proxy-v2 — batch 6 2026-04-07 15:52:30 +09:00
YeonGyu-Kim
8a4b613c39 feat: b6-codex-session — batch 6 2026-04-07 15:52:30 +09:00
YeonGyu-Kim
82f2e8e92b feat: doctor-cmd implementation 2026-04-07 15:28:43 +09:00
YeonGyu-Kim
8f4651a096 fix: resolve git_context field references after cherry-pick merge 2026-04-07 15:20:20 +09:00
YeonGyu-Kim
dab16c230a feat: b5-session-export — batch 5 wave 2 2026-04-07 15:19:45 +09:00
YeonGyu-Kim
a46711779c feat: b5-markdown-fence — batch 5 wave 2 2026-04-07 15:19:45 +09:00
YeonGyu-Kim
ef0b870890 feat: b5-git-aware — batch 5 wave 2 2026-04-07 15:19:45 +09:00
YeonGyu-Kim
4557a81d2f feat: b5-doctor-cmd — batch 5 wave 2 2026-04-07 15:19:45 +09:00
YeonGyu-Kim
86c3667836 feat: b5-context-compress — batch 5 wave 2 2026-04-07 15:19:45 +09:00
YeonGyu-Kim
260bac321f feat: b5-config-validate — batch 5 wave 2 2026-04-07 15:19:44 +09:00
YeonGyu-Kim
133ed4581e feat(config): add config file validation with clear error messages 
Parse TOML/JSON config on startup, emit errors for unknown keys, wrong
types, deprecated fields with exact line and field name.
 2026-04-07 15:10:08 +09:00
YeonGyu-Kim
8663751650 fix: resolve merge conflicts from batch 5 cherry-picks (compact field, run_turn_with_output arity) 2026-04-07 14:53:46 +09:00
YeonGyu-Kim
90f2461f75 feat: b5-tool-timeout — batch 5 upstream parity 2026-04-07 14:51:32 +09:00
YeonGyu-Kim
0d8fd51a6c feat: b5-stdin-pipe — batch 5 upstream parity 2026-04-07 14:51:28 +09:00
YeonGyu-Kim
5bcbc86a2b feat: b5-slash-help — batch 5 upstream parity 2026-04-07 14:51:27 +09:00
YeonGyu-Kim
d509f16b5a feat: b5-skip-perms-flag — batch 5 upstream parity 2026-04-07 14:51:27 +09:00
YeonGyu-Kim
d089d1a9cc feat: b5-retry-backoff — batch 5 upstream parity 2026-04-07 14:51:27 +09:00
YeonGyu-Kim
6a6c5acb02 feat: b5-reasoning-guard — batch 5 upstream parity 2026-04-07 14:51:27 +09:00
YeonGyu-Kim
9105e0c656 feat: b5-openrouter-fix — batch 5 upstream parity 2026-04-07 14:51:26 +09:00
YeonGyu-Kim
b8f76442e2 feat: b5-multi-provider — batch 5 upstream parity 2026-04-07 14:51:26 +09:00
YeonGyu-Kim
b216f9ce05 feat: b5-max-token-plugin — batch 5 upstream parity 2026-04-07 14:51:26 +09:00
YeonGyu-Kim
4be4b46bd9 feat: b5-git-aware — batch 5 upstream parity 2026-04-07 14:51:26 +09:00
YeonGyu-Kim
506ff55e53 feat: b5-doctor-cmd — batch 5 upstream parity 2026-04-07 14:51:26 +09:00
YeonGyu-Kim
65f4c3ad82 feat: b5-cost-tracker — batch 5 upstream parity 2026-04-07 14:51:25 +09:00
YeonGyu-Kim
700534de41 feat: b5-context-compress — batch 5 upstream parity 2026-04-07 14:51:25 +09:00
71 changed files with 22801 additions and 1553 deletions
Expand all files Collapse all files

5
.claw.json Normal file
View File

@@ -0,0 +1,5 @@
{
"aliases": {
"quick": "haiku"
}
}

5
.gitignore vendored
View File

@@ -5,3 +5,8 @@ archive/
# Claude Code local artifacts
.claude/settings.local.json
.claude/sessions/
# Claw Code local artifacts
.claw/settings.local.json
.claw/sessions/
.clawhip/
status-help.txt

60
README.md
View File

@@ -33,6 +33,8 @@ The canonical implementation lives in [`rust/`](./rust), and the current source
> [!IMPORTANT]
> Start with [`USAGE.md`](./USAGE.md) for build, auth, CLI, session, and parity-harness workflows. Make `claw doctor` your first health check after building, use [`rust/README.md`](./rust/README.md) for crate-level details, read [`PARITY.md`](./PARITY.md) for the current Rust-port checkpoint, and see [`docs/container.md`](./docs/container.md) for the container-first workflow.
>
> **ACP / Zed status:** `claw-code` does not ship an ACP/Zed daemon entrypoint yet. Run `claw acp` (or `claw --acp`) for the current status instead of guessing from source layout; `claw acp serve` is currently a discoverability alias only, and real ACP support remains tracked separately in `ROADMAP.md`.
## Current repository shape
@@ -45,22 +47,60 @@ The canonical implementation lives in [`rust/`](./rust), and the current source
## Quick start
> [!NOTE]
> [!WARNING]
> **`cargo install claw-code` installs the wrong thing.** The `claw-code` crate on crates.io is a deprecated stub that places `claw-code-deprecated.exe` — not `claw`. Running it only prints `"claw-code has been renamed to agent-code"`. **Do not use `cargo install claw-code`.** Either build from source (this repo) or install the upstream binary:
> ```bash
> cargo install agent-code # upstream binary — installs 'agent.exe' (Windows) / 'agent' (Unix), NOT 'agent-code'
> ```
> This repo (`ultraworkers/claw-code`) is **build-from-source only** — follow the steps below.
```bash
cd rust
# 1. Clone and build
git clone https://github.com/ultraworkers/claw-code
cd claw-code/rust
cargo build --workspace
./target/debug/claw --help
./target/debug/claw prompt "summarize this repository"
```
Authenticate with either an API key or the built-in OAuth flow:
```bash
# 2. Set your API key (Anthropic API key — not a Claude subscription)
export ANTHROPIC_API_KEY="sk-ant-..."
# or
cd rust
./target/debug/claw login
# 3. Verify everything is wired correctly
./target/debug/claw doctor
# 4. Run a prompt
./target/debug/claw prompt "say hello"
```
> [!NOTE]
> **Windows (PowerShell):** the binary is `claw.exe`, not `claw`. Use `.\target\debug\claw.exe` or run `cargo run -- prompt "say hello"` to skip the path lookup.
### Windows setup
**PowerShell is a supported Windows path.** Use whichever shell works for you. The common onboarding issues on Windows are:
1. **Install Rust first** — download from <https://rustup.rs/> and run the installer. Close and reopen your terminal when it finishes.
2. **Verify Rust is on PATH:**
```powershell
cargo --version
```
If this fails, reopen your terminal or run the PATH setup from the Rust installer output, then retry.
3. **Clone and build** (works in PowerShell, Git Bash, or WSL):
```powershell
git clone https://github.com/ultraworkers/claw-code
cd claw-code/rust
cargo build --workspace
```
4. **Run** (PowerShell — note `.exe` and backslash):
```powershell
$env:ANTHROPIC_API_KEY = "sk-ant-..."
.\target\debug\claw.exe prompt "say hello"
```
**Git Bash / WSL** are optional alternatives, not requirements. If you prefer bash-style paths (`/c/Users/you/...` instead of `C:\Users\you\...`), Git Bash (ships with Git for Windows) works well. In Git Bash, the `MINGW64` prompt is expected and normal — not a broken install.
> [!NOTE]
> **Auth:** claw requires an **API key** (`ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, etc.) — Claude subscription login is not a supported auth path.
Run the workspace test suite:
```bash

4768
ROADMAP.md
View File

File diff suppressed because one or more lines are too long

157
USAGE.md
View File

@@ -21,7 +21,7 @@ cargo build --workspace
- Rust toolchain with `cargo`
- One of:
- `ANTHROPIC_API_KEY` for direct API access
- `claw login` for OAuth-based auth
- `ANTHROPIC_AUTH_TOKEN` for bearer-token auth
- Optional: `ANTHROPIC_BASE_URL` when targeting a proxy or local service
## Install / build the workspace
@@ -43,6 +43,15 @@ cd rust
/doctor
```
Or run doctor directly with JSON output for scripting:
```bash
cd rust
./target/debug/claw doctor --output-format json
```
**Note:** Diagnostic verbs (`doctor`, `status`, `sandbox`, `version`) support `--output-format json` for machine-readable output. Invalid suffix arguments (e.g., `--json`) are now rejected at parse time rather than falling through to prompt dispatch.
### Interactive REPL
```bash
@@ -105,13 +114,26 @@ export ANTHROPIC_API_KEY="sk-ant-..."
```bash
cd rust
./target/debug/claw login
./target/debug/claw logout
export ANTHROPIC_AUTH_TOKEN="anthropic-oauth-or-proxy-bearer-token"
```
### Which env var goes where
`claw` accepts two Anthropic credential env vars and they are **not interchangeable** — the HTTP header Anthropic expects differs per credential shape. Putting the wrong value in the wrong slot is the most common 401 we see.
| Credential shape | Env var | HTTP header | Typical source |
|---|---|---|---|
| `sk-ant-*` API key | `ANTHROPIC_API_KEY` | `x-api-key: sk-ant-...` | [console.anthropic.com](https://console.anthropic.com) |
| OAuth access token (opaque) | `ANTHROPIC_AUTH_TOKEN` | `Authorization: Bearer ...` | an Anthropic-compatible proxy or OAuth flow that mints bearer tokens |
| OpenRouter key (`sk-or-v1-*`) | `OPENAI_API_KEY` + `OPENAI_BASE_URL=https://openrouter.ai/api/v1` | `Authorization: Bearer ...` | [openrouter.ai/keys](https://openrouter.ai/keys) |
**Why this matters:** if you paste an `sk-ant-*` key into `ANTHROPIC_AUTH_TOKEN`, Anthropic's API will return `401 Invalid bearer token` because `sk-ant-*` keys are rejected over the Bearer header. The fix is a one-line env var swap — move the key to `ANTHROPIC_API_KEY`. Recent `claw` builds detect this exact shape (401 + `sk-ant-*` in the Bearer slot) and append a hint to the error message pointing at the fix.
**If you meant a different provider:** if `claw` reports missing Anthropic credentials but you already have `OPENAI_API_KEY`, `XAI_API_KEY`, or `DASHSCOPE_API_KEY` exported, you most likely forgot to prefix the model name with the provider's routing prefix. Use `--model openai/gpt-4.1-mini` (OpenAI-compat / OpenRouter / Ollama), `--model grok` (xAI), or `--model qwen-plus` (DashScope) and the prefix router will select the right backend regardless of the ambient credentials. The error message now includes a hint that names the detected env var.
## Local Models
`claw` can talk to local servers and provider gateways through either Anthropic-compatible or OpenAI-compatible endpoints. Use `ANTHROPIC_BASE_URL` with `ANTHROPIC_AUTH_TOKEN` for Anthropic-compatible services, or `OPENAI_BASE_URL` with `OPENAI_API_KEY` for OpenAI-compatible services. OAuth is Anthropic-only, so when `OPENAI_BASE_URL` is set you should use API-key style auth instead of `claw login`.
`claw` can talk to local servers and provider gateways through either Anthropic-compatible or OpenAI-compatible endpoints. Use `ANTHROPIC_BASE_URL` with `ANTHROPIC_AUTH_TOKEN` for Anthropic-compatible services, or `OPENAI_BASE_URL` with `OPENAI_API_KEY` for OpenAI-compatible services.
### Anthropic-compatible endpoint
@@ -153,6 +175,133 @@ cd rust
./target/debug/claw --model "openai/gpt-4.1-mini" prompt "summarize this repository in one sentence"
```
### Alibaba DashScope (Qwen)
For Qwen models via Alibaba's native DashScope API (higher rate limits than OpenRouter):
```bash
export DASHSCOPE_API_KEY="sk-..."
cd rust
./target/debug/claw --model "qwen/qwen-max" prompt "hello"
# or bare:
./target/debug/claw --model "qwen-plus" prompt "hello"
```
Model names starting with `qwen/` or `qwen-` are automatically routed to the DashScope compatible-mode endpoint (`https://dashscope.aliyuncs.com/compatible-mode/v1`). You do **not** need to set `OPENAI_BASE_URL` or unset `ANTHROPIC_API_KEY` — the model prefix wins over the ambient credential sniffer.
Reasoning variants (`qwen-qwq-*`, `qwq-*`, `*-thinking`) automatically strip `temperature`/`top_p`/`frequency_penalty`/`presence_penalty` before the request hits the wire (these params are rejected by reasoning models).
## Supported Providers & Models
`claw` has three built-in provider backends. The provider is selected automatically based on the model name, falling back to whichever credential is present in the environment.
### Provider matrix
| Provider | Protocol | Auth env var(s) | Base URL env var | Default base URL |
|---|---|---|---|---|
| **Anthropic** (direct) | Anthropic Messages API | `ANTHROPIC_API_KEY` or `ANTHROPIC_AUTH_TOKEN` | `ANTHROPIC_BASE_URL` | `https://api.anthropic.com` |
| **xAI** | OpenAI-compatible | `XAI_API_KEY` | `XAI_BASE_URL` | `https://api.x.ai/v1` |
| **OpenAI-compatible** | OpenAI Chat Completions | `OPENAI_API_KEY` | `OPENAI_BASE_URL` | `https://api.openai.com/v1` |
| **DashScope** (Alibaba) | OpenAI-compatible | `DASHSCOPE_API_KEY` | `DASHSCOPE_BASE_URL` | `https://dashscope.aliyuncs.com/compatible-mode/v1` |
The OpenAI-compatible backend also serves as the gateway for **OpenRouter**, **Ollama**, and any other service that speaks the OpenAI `/v1/chat/completions` wire format — just point `OPENAI_BASE_URL` at the service.
**Model-name prefix routing:** If a model name starts with `openai/`, `gpt-`, `qwen/`, or `qwen-`, the provider is selected by the prefix regardless of which env vars are set. This prevents accidental misrouting to Anthropic when multiple credentials exist in the environment.
### Tested models and aliases
These are the models registered in the built-in alias table with known token limits:
| Alias | Resolved model name | Provider | Max output tokens | Context window |
|---|---|---|---|---|
| `opus` | `claude-opus-4-6` | Anthropic | 32 000 | 200 000 |
| `sonnet` | `claude-sonnet-4-6` | Anthropic | 64 000 | 200 000 |
| `haiku` | `claude-haiku-4-5-20251213` | Anthropic | 64 000 | 200 000 |
| `grok` / `grok-3` | `grok-3` | xAI | 64 000 | 131 072 |
| `grok-mini` / `grok-3-mini` | `grok-3-mini` | xAI | 64 000 | 131 072 |
| `grok-2` | `grok-2` | xAI | — | — |
Any model name that does not match an alias is passed through verbatim. This is how you use OpenRouter model slugs (`openai/gpt-4.1-mini`), Ollama tags (`llama3.2`), or full Anthropic model IDs (`claude-sonnet-4-20250514`).
### User-defined aliases
You can add custom aliases in any settings file (`~/.claw/settings.json`, `.claw/settings.json`, or `.claw/settings.local.json`):
```json
{
"aliases": {
"fast": "claude-haiku-4-5-20251213",
"smart": "claude-opus-4-6",
"cheap": "grok-3-mini"
}
}
```
Local project settings override user-level settings. Aliases resolve through the built-in table, so `"fast": "haiku"` also works.
### How provider detection works
1. If the resolved model name starts with `claude` → Anthropic.
2. If it starts with `grok` → xAI.
3. Otherwise, `claw` checks which credential is set: `ANTHROPIC_API_KEY`/`ANTHROPIC_AUTH_TOKEN` first, then `OPENAI_API_KEY`, then `XAI_API_KEY`.
4. If nothing matches, it defaults to Anthropic.
## FAQ
### What about Codex?
The name "codex" appears in the Claw Code ecosystem but it does **not** refer to OpenAI Codex (the code-generation model). Here is what it means in this project:
- **`oh-my-codex` (OmX)** is the workflow and plugin layer that sits on top of `claw`. It provides planning modes, parallel multi-agent execution, notification routing, and other automation features. See [PHILOSOPHY.md](./PHILOSOPHY.md) and the [oh-my-codex repo](https://github.com/Yeachan-Heo/oh-my-codex).
- **`.codex/` directories** (e.g. `.codex/skills`, `.codex/agents`, `.codex/commands`) are legacy lookup paths that `claw` still scans alongside the primary `.claw/` directories.
- **`CODEX_HOME`** is an optional environment variable that points to a custom root for user-level skill and command lookups.
`claw` does **not** support OpenAI Codex sessions, the Codex CLI, or Codex session import/export. If you need to use OpenAI models (like GPT-4.1), configure the OpenAI-compatible provider as shown above in the [OpenAI-compatible endpoint](#openai-compatible-endpoint) and [OpenRouter](#openrouter) sections.
## HTTP proxy support
`claw` honours the standard `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables (both upper- and lower-case spellings are accepted) when issuing outbound requests to Anthropic, OpenAI-, and xAI-compatible endpoints. Set them before launching the CLI and the underlying `reqwest` client will be configured automatically.
### Environment variables
```bash
export HTTPS_PROXY="http://proxy.corp.example:3128"
export HTTP_PROXY="http://proxy.corp.example:3128"
export NO_PROXY="localhost,127.0.0.1,.corp.example"
cd rust
./target/debug/claw prompt "hello via the corporate proxy"
```
### Programmatic `proxy_url` config option
As an alternative to per-scheme environment variables, the `ProxyConfig` type exposes a `proxy_url` field that acts as a single catch-all proxy for both HTTP and HTTPS traffic. When `proxy_url` is set it takes precedence over the separate `http_proxy` and `https_proxy` fields.
```rust
use api::{build_http_client_with, ProxyConfig};
// From a single unified URL (config file, CLI flag, etc.)
let config = ProxyConfig::from_proxy_url("http://proxy.corp.example:3128");
let client = build_http_client_with(&config).expect("proxy client");
// Or set the field directly alongside NO_PROXY
let config = ProxyConfig {
proxy_url: Some("http://proxy.corp.example:3128".to_string()),
no_proxy: Some("localhost,127.0.0.1".to_string()),
..ProxyConfig::default()
};
let client = build_http_client_with(&config).expect("proxy client");
```
### Notes
- When both `HTTPS_PROXY` and `HTTP_PROXY` are set, the secure proxy applies to `https://` URLs and the plain proxy applies to `http://` URLs.
- `proxy_url` is a unified alternative: when set, it applies to both `http://` and `https://` destinations, overriding the per-scheme fields.
- `NO_PROXY` accepts a comma-separated list of host suffixes (for example `.corp.example`) and IP literals.
- Empty values are treated as unset, so leaving `HTTPS_PROXY=""` in your shell will not enable a proxy.
- If a proxy URL cannot be parsed, `claw` falls back to a direct (no-proxy) client so existing workflows keep working; double-check the URL if you expected the request to be tunnelled.
## Common operational commands
```bash

236
docs/MODEL_COMPATIBILITY.md Normal file
View File

@@ -0,0 +1,236 @@
# Model Compatibility Guide
This document describes model-specific handling in the OpenAI-compatible provider. When adding new models or providers, review this guide to ensure proper compatibility.
## Table of Contents
- [Overview](#overview)
- [Model-Specific Handling](#model-specific-handling)
- [Kimi Models (is_error Exclusion)](#kimi-models-is_error-exclusion)
- [Reasoning Models (Tuning Parameter Stripping)](#reasoning-models-tuning-parameter-stripping)
- [GPT-5 (max_completion_tokens)](#gpt-5-max_completion_tokens)
- [Qwen Models (DashScope Routing)](#qwen-models-dashscope-routing)
- [Implementation Details](#implementation-details)
- [Adding New Models](#adding-new-models)
- [Testing](#testing)
## Overview
The `openai_compat.rs` provider translates Claude Code's internal message format to OpenAI-compatible chat completion requests. Different models have varying requirements for:
- Tool result message fields (`is_error`)
- Sampling parameters (temperature, top_p, etc.)
- Token limit fields (`max_tokens` vs `max_completion_tokens`)
- Base URL routing
## Model-Specific Handling
### Kimi Models (is_error Exclusion)
**Affected models:** `kimi-k2.5`, `kimi-k1.5`, `kimi-moonshot`, and any model with `kimi` in the name (case-insensitive)
**Behavior:** The `is_error` field is **excluded** from tool result messages.
**Rationale:** Kimi models (via Moonshot AI and DashScope) reject the `is_error` field with a 400 Bad Request error:
```json
{
"error": {
"type": "invalid_request_error",
"message": "Unknown field: is_error"
}
}
```
**Detection:**
```rust
fn model_rejects_is_error_field(model: &str) -> bool {
let lowered = model.to_ascii_lowercase();
let canonical = lowered.rsplit('/').next().unwrap_or(lowered.as_str());
canonical.starts_with("kimi-")
}
```
**Testing:** See `model_rejects_is_error_field_detects_kimi_models` and related tests in `openai_compat.rs`.
---
### Reasoning Models (Tuning Parameter Stripping)
**Affected models:**
- OpenAI: `o1`, `o1-*`, `o3`, `o3-*`, `o4`, `o4-*`
- xAI: `grok-3-mini`
- Alibaba DashScope: `qwen-qwq-*`, `qwq-*`, `qwen3-*-thinking`
**Behavior:** The following tuning parameters are **stripped** from requests:
- `temperature`
- `top_p`
- `frequency_penalty`
- `presence_penalty`
**Rationale:** Reasoning/chain-of-thought models use fixed sampling strategies and reject these parameters with 400 errors.
**Exception:** `reasoning_effort` is included for compatible models when explicitly set.
**Detection:**
```rust
fn is_reasoning_model(model: &str) -> bool {
let canonical = model.to_ascii_lowercase()
.rsplit('/')
.next()
.unwrap_or(model);
canonical.starts_with("o1")
|| canonical.starts_with("o3")
|| canonical.starts_with("o4")
|| canonical == "grok-3-mini"
|| canonical.starts_with("qwen-qwq")
|| canonical.starts_with("qwq")
|| (canonical.starts_with("qwen3") && canonical.contains("-thinking"))
}
```
**Testing:** See `reasoning_model_strips_tuning_params`, `grok_3_mini_is_reasoning_model`, and `qwen_reasoning_variants_are_detected` tests.
---
### GPT-5 (max_completion_tokens)
**Affected models:** All models starting with `gpt-5`
**Behavior:** Uses `max_completion_tokens` instead of `max_tokens` in the request payload.
**Rationale:** GPT-5 models require the `max_completion_tokens` field. Legacy `max_tokens` causes request validation failures:
```json
{
"error": {
"message": "Unknown field: max_tokens"
}
}
```
**Implementation:**
```rust
let max_tokens_key = if wire_model.starts_with("gpt-5") {
"max_completion_tokens"
} else {
"max_tokens"
};
```
**Testing:** See `gpt5_uses_max_completion_tokens_not_max_tokens` and `non_gpt5_uses_max_tokens` tests.
---
### Qwen Models (DashScope Routing)
**Affected models:** All models with `qwen` prefix
**Behavior:** Routed to DashScope (`https://dashscope.aliyuncs.com/compatible-mode/v1`) rather than default providers.
**Rationale:** Qwen models are hosted by Alibaba Cloud's DashScope service, not OpenAI or Anthropic.
**Configuration:**
```rust
pub const DEFAULT_DASHSCOPE_BASE_URL: &str = "https://dashscope.aliyuncs.com/compatible-mode/v1";
```
**Authentication:** Uses `DASHSCOPE_API_KEY` environment variable.
**Note:** Some Qwen models are also reasoning models (see [Reasoning Models](#reasoning-models-tuning-parameter-stripping) above) and receive both treatments.
## Implementation Details
### File Location
All model-specific logic is in:
```
rust/crates/api/src/providers/openai_compat.rs
```
### Key Functions
| Function | Purpose |
|----------|---------|
| `model_rejects_is_error_field()` | Detects models that don't support `is_error` in tool results |
| `is_reasoning_model()` | Detects reasoning models that need tuning param stripping |
| `translate_message()` | Converts internal messages to OpenAI format (applies `is_error` logic) |
| `build_chat_completion_request()` | Constructs full request payload (applies all model-specific logic) |
### Provider Prefix Handling
All model detection functions strip provider prefixes (e.g., `dashscope/kimi-k2.5``kimi-k2.5`) before matching:
```rust
let canonical = model.to_ascii_lowercase()
.rsplit('/')
.next()
.unwrap_or(model);
```
This ensures consistent detection regardless of whether models are referenced with or without provider prefixes.
## Adding New Models
When adding support for new models:
1. **Check if the model is a reasoning model**
- Does it reject temperature/top_p parameters?
- Add to `is_reasoning_model()` detection
2. **Check tool result compatibility**
- Does it reject the `is_error` field?
- Add to `model_rejects_is_error_field()` detection
3. **Check token limit field**
- Does it require `max_completion_tokens` instead of `max_tokens`?
- Update the `max_tokens_key` logic
4. **Add tests**
- Unit test for detection function
- Integration test in `build_chat_completion_request`
5. **Update this documentation**
- Add the model to the affected lists
- Document any special behavior
## Testing
### Running Model-Specific Tests
```bash
# All OpenAI compatibility tests
cargo test --package api providers::openai_compat
# Specific test categories
cargo test --package api model_rejects_is_error_field
cargo test --package api reasoning_model
cargo test --package api gpt5
cargo test --package api qwen
```
### Test Files
- Unit tests: `rust/crates/api/src/providers/openai_compat.rs` (in `mod tests`)
- Integration tests: `rust/crates/api/tests/openai_compat_integration.rs`
### Verifying Model Detection
To verify a model is detected correctly without making API calls:
```rust
#[test]
fn my_new_model_is_detected() {
// is_error handling
assert!(model_rejects_is_error_field("my-model"));
// Reasoning model detection
assert!(is_reasoning_model("my-model"));
// Provider prefix handling
assert!(model_rejects_is_error_field("provider/my-model"));
}
```
---
*Last updated: 2026-04-16*
For questions or updates, see the implementation in `rust/crates/api/src/providers/openai_compat.rs`.

394
install.sh Executable file
View File

@@ -0,0 +1,394 @@
#!/usr/bin/env bash
# Claw Code installer
#
# Detects the host OS, verifies the Rust toolchain (rustc + cargo),
# builds the `claw` binary from the `rust/` workspace, and runs a
# post-install verification step. Supports Linux, macOS, and WSL.
#
# Usage:
# ./install.sh # debug build (fast, default)
# ./install.sh --release # optimized release build
# ./install.sh --no-verify # skip post-install verification
# ./install.sh --help # print usage
#
# Environment overrides:
# CLAW_BUILD_PROFILE=debug|release same as --release toggle
# CLAW_SKIP_VERIFY=1 same as --no-verify
set -euo pipefail
# ---------------------------------------------------------------------------
# Pretty printing
# ---------------------------------------------------------------------------
if [ -t 1 ] && command -v tput >/dev/null 2>&1 && [ "$(tput colors 2>/dev/null || echo 0)" -ge 8 ]; then
COLOR_RESET="$(tput sgr0)"
COLOR_BOLD="$(tput bold)"
COLOR_DIM="$(tput dim)"
COLOR_RED="$(tput setaf 1)"
COLOR_GREEN="$(tput setaf 2)"
COLOR_YELLOW="$(tput setaf 3)"
COLOR_BLUE="$(tput setaf 4)"
COLOR_CYAN="$(tput setaf 6)"
else
COLOR_RESET=""
COLOR_BOLD=""
COLOR_DIM=""
COLOR_RED=""
COLOR_GREEN=""
COLOR_YELLOW=""
COLOR_BLUE=""
COLOR_CYAN=""
fi
CURRENT_STEP=0
TOTAL_STEPS=6
step() {
CURRENT_STEP=$((CURRENT_STEP + 1))
printf '\n%s[%d/%d]%s %s%s%s\n' \
"${COLOR_BLUE}" "${CURRENT_STEP}" "${TOTAL_STEPS}" "${COLOR_RESET}" \
"${COLOR_BOLD}" "$1" "${COLOR_RESET}"
}
info() { printf '%s ->%s %s\n' "${COLOR_CYAN}" "${COLOR_RESET}" "$1"; }
ok() { printf '%s ok%s %s\n' "${COLOR_GREEN}" "${COLOR_RESET}" "$1"; }
warn() { printf '%s warn%s %s\n' "${COLOR_YELLOW}" "${COLOR_RESET}" "$1"; }
error() { printf '%s error%s %s\n' "${COLOR_RED}" "${COLOR_RESET}" "$1" 1>&2; }
print_banner() {
printf '%s' "${COLOR_BOLD}"
cat <<'EOF'
____ _ ____ _
/ ___|| | __ _ __ __ / ___|___ __| | ___
| | | | / _` |\ \ /\ / /| | / _ \ / _` |/ _ \
| |___ | || (_| | \ V V / | |__| (_) | (_| | __/
\____||_| \__,_| \_/\_/ \____\___/ \__,_|\___|
EOF
printf '%s\n' "${COLOR_RESET}"
printf '%sClaw Code installer%s\n' "${COLOR_DIM}" "${COLOR_RESET}"
}
print_usage() {
cat <<'EOF'
Usage: ./install.sh [options]
Options:
--release Build the optimized release profile (slower, smaller binary).
--debug Build the debug profile (default, faster compile).
--no-verify Skip the post-install verification step.
-h, --help Show this help text and exit.
Environment overrides:
CLAW_BUILD_PROFILE debug | release
CLAW_SKIP_VERIFY set to 1 to skip verification
EOF
}
# ---------------------------------------------------------------------------
# Argument parsing
# ---------------------------------------------------------------------------
BUILD_PROFILE="${CLAW_BUILD_PROFILE:-debug}"
SKIP_VERIFY="${CLAW_SKIP_VERIFY:-0}"
while [ "$#" -gt 0 ]; do
case "$1" in
--release)
BUILD_PROFILE="release"
;;
--debug)
BUILD_PROFILE="debug"
;;
--no-verify)
SKIP_VERIFY="1"
;;
-h|--help)
print_usage
exit 0
;;
*)
error "unknown argument: $1"
print_usage
exit 2
;;
esac
shift
done
case "${BUILD_PROFILE}" in
debug|release) ;;
*)
error "invalid build profile: ${BUILD_PROFILE} (expected debug or release)"
exit 2
;;
esac
# ---------------------------------------------------------------------------
# Troubleshooting hints
# ---------------------------------------------------------------------------
print_troubleshooting() {
cat <<EOF
${COLOR_BOLD}Troubleshooting${COLOR_RESET}
${COLOR_DIM}---------------${COLOR_RESET}
${COLOR_BOLD}1. Rust toolchain missing${COLOR_RESET}
Install Rust via rustup:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Then reload your shell or run:
source "\$HOME/.cargo/env"
${COLOR_BOLD}2. Linux: missing system packages${COLOR_RESET}
The build needs git, pkg-config, and OpenSSL headers.
Debian/Ubuntu:
sudo apt-get update && sudo apt-get install -y \\
git pkg-config libssl-dev ca-certificates build-essential
Fedora/RHEL:
sudo dnf install -y git pkgconf-pkg-config openssl-devel gcc
Arch:
sudo pacman -S --needed git pkgconf openssl base-devel
${COLOR_BOLD}3. macOS: missing Xcode CLT${COLOR_RESET}
Install the command line tools:
xcode-select --install
${COLOR_BOLD}4. Windows users${COLOR_RESET}
Run this script from inside a WSL distro (Ubuntu/Debian recommended).
Native Windows builds are not supported by this installer.
${COLOR_BOLD}5. Build fails partway through${COLOR_RESET}
Try a clean build:
cd rust && cargo clean && cargo build --workspace
If the failure mentions ring/openssl, double check step 2.
${COLOR_BOLD}6. 'claw' not found after install${COLOR_RESET}
The binary lives at:
rust/target/${BUILD_PROFILE}/claw
Add it to your PATH or invoke it with the full path.
EOF
}
trap 'rc=$?; if [ "$rc" -ne 0 ]; then error "installation failed (exit ${rc})"; print_troubleshooting; fi' EXIT
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
require_cmd() {
command -v "$1" >/dev/null 2>&1
}
# ---------------------------------------------------------------------------
# Step 1: detect OS / arch / WSL
# ---------------------------------------------------------------------------
print_banner
step "Detecting host environment"
UNAME_S="$(uname -s 2>/dev/null || echo unknown)"
UNAME_M="$(uname -m 2>/dev/null || echo unknown)"
OS_FAMILY="unknown"
IS_WSL="0"
case "${UNAME_S}" in
Linux*)
OS_FAMILY="linux"
if grep -qiE 'microsoft|wsl' /proc/version 2>/dev/null; then
IS_WSL="1"
fi
;;
Darwin*)
OS_FAMILY="macos"
;;
MINGW*|MSYS*|CYGWIN*)
OS_FAMILY="windows-shell"
;;
esac
info "uname: ${UNAME_S} ${UNAME_M}"
info "os family: ${OS_FAMILY}"
if [ "${IS_WSL}" = "1" ]; then
info "wsl: yes"
fi
case "${OS_FAMILY}" in
linux|macos)
ok "supported platform detected"
;;
windows-shell)
error "Detected a native Windows shell (MSYS/Cygwin/MinGW)."
error "Please re-run this script from inside a WSL distribution."
exit 1
;;
*)
error "Unsupported or unknown OS: ${UNAME_S}"
error "Supported: Linux, macOS, and Windows via WSL."
exit 1
;;
esac
# ---------------------------------------------------------------------------
# Step 2: locate the Rust workspace
# ---------------------------------------------------------------------------
step "Locating the Rust workspace"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
RUST_DIR="${SCRIPT_DIR}/rust"
if [ ! -d "${RUST_DIR}" ]; then
error "Could not find rust/ workspace next to install.sh"
error "Expected: ${RUST_DIR}"
exit 1
fi
if [ ! -f "${RUST_DIR}/Cargo.toml" ]; then
error "Missing ${RUST_DIR}/Cargo.toml — repository layout looks unexpected."
exit 1
fi
ok "workspace at ${RUST_DIR}"
# ---------------------------------------------------------------------------
# Step 3: prerequisite checks
# ---------------------------------------------------------------------------
step "Checking prerequisites"
MISSING_PREREQS=0
if require_cmd rustc; then
RUSTC_VERSION="$(rustc --version 2>/dev/null || echo 'unknown')"
ok "rustc found: ${RUSTC_VERSION}"
else
error "rustc not found in PATH"
MISSING_PREREQS=1
fi
if require_cmd cargo; then
CARGO_VERSION="$(cargo --version 2>/dev/null || echo 'unknown')"
ok "cargo found: ${CARGO_VERSION}"
else
error "cargo not found in PATH"
MISSING_PREREQS=1
fi
if require_cmd git; then
ok "git found: $(git --version 2>/dev/null || echo 'unknown')"
else
warn "git not found — some workflows (login, session export) may degrade"
fi
if [ "${OS_FAMILY}" = "linux" ]; then
if require_cmd pkg-config; then
ok "pkg-config found"
else
warn "pkg-config not found — may be required for OpenSSL-linked crates"
fi
fi
if [ "${OS_FAMILY}" = "macos" ]; then
if ! require_cmd cc && ! xcode-select -p >/dev/null 2>&1; then
warn "Xcode command line tools not detected — run: xcode-select --install"
fi
fi
if [ "${MISSING_PREREQS}" -ne 0 ]; then
error "Missing required tools. See troubleshooting below."
exit 1
fi
# ---------------------------------------------------------------------------
# Step 4: build the workspace
# ---------------------------------------------------------------------------
step "Building the claw workspace (${BUILD_PROFILE})"
CARGO_FLAGS=("build" "--workspace")
if [ "${BUILD_PROFILE}" = "release" ]; then
CARGO_FLAGS+=("--release")
fi
info "running: cargo ${CARGO_FLAGS[*]}"
info "this may take a few minutes on the first build"
(
cd "${RUST_DIR}"
CARGO_TERM_COLOR="${CARGO_TERM_COLOR:-always}" cargo "${CARGO_FLAGS[@]}"
)
CLAW_BIN="${RUST_DIR}/target/${BUILD_PROFILE}/claw"
if [ ! -x "${CLAW_BIN}" ]; then
error "Expected binary not found at ${CLAW_BIN}"
error "The build reported success but the binary is missing — check cargo output above."
exit 1
fi
ok "built ${CLAW_BIN}"
# ---------------------------------------------------------------------------
# Step 5: post-install verification
# ---------------------------------------------------------------------------
step "Verifying the installed binary"
if [ "${SKIP_VERIFY}" = "1" ]; then
warn "verification skipped (--no-verify or CLAW_SKIP_VERIFY=1)"
else
info "running: claw --version"
if VERSION_OUT="$("${CLAW_BIN}" --version 2>&1)"; then
ok "claw --version -> ${VERSION_OUT}"
else
error "claw --version failed:"
printf '%s\n' "${VERSION_OUT}" 1>&2
exit 1
fi
info "running: claw --help (smoke test)"
if "${CLAW_BIN}" --help >/dev/null 2>&1; then
ok "claw --help responded"
else
error "claw --help failed"
exit 1
fi
fi
# ---------------------------------------------------------------------------
# Step 6: next steps
# ---------------------------------------------------------------------------
step "Next steps"
cat <<EOF
${COLOR_GREEN}Claw Code is built and ready.${COLOR_RESET}
Binary: ${COLOR_BOLD}${CLAW_BIN}${COLOR_RESET}
Profile: ${BUILD_PROFILE}
Try it out:
${COLOR_DIM}# interactive REPL${COLOR_RESET}
${CLAW_BIN}
${COLOR_DIM}# one-shot prompt${COLOR_RESET}
${CLAW_BIN} prompt "summarize this repository"
${COLOR_DIM}# health check (run /doctor inside the REPL)${COLOR_RESET}
${CLAW_BIN}
/doctor
Authentication:
export ANTHROPIC_API_KEY="sk-ant-..."
${COLOR_DIM}# or use OAuth:${COLOR_RESET}
${CLAW_BIN} login
For deeper docs, see USAGE.md and rust/README.md.
EOF
# clear the failure trap on clean exit
trap - EXIT

356
prd.json Normal file
View File

@@ -0,0 +1,356 @@
{
"version": "1.0",
"description": "Clawable Coding Harness - Clear roadmap stories and commit each",
"stories": [
{
"id": "US-001",
"title": "Phase 1.6 - startup-no-evidence evidence bundle + classifier",
"description": "When startup times out, emit typed worker.startup_no_evidence event with evidence bundle including last known worker lifecycle state, pane command, prompt-send timestamp, prompt-acceptance state, trust-prompt detection result, and transport/MCP health summary. Classifier should down-rank into specific failure classes.",
"acceptanceCriteria": [
"worker.startup_no_evidence event emitted on startup timeout with evidence bundle",
"Evidence bundle includes: last lifecycle state, pane command, prompt-send timestamp, prompt-acceptance state, trust-prompt detection, transport/MCP health",
"Classifier attempts to categorize into: trust_required, prompt_misdelivery, prompt_acceptance_timeout, transport_dead, worker_crashed, or unknown",
"Tests verify evidence bundle structure and classifier behavior"
],
"passes": true,
"priority": "P0"
},
{
"id": "US-002",
"title": "Phase 2 - Canonical lane event schema (4.x series)",
"description": "Define typed events for lane lifecycle: lane.started, lane.ready, lane.prompt_misdelivery, lane.blocked, lane.red, lane.green, lane.commit.created, lane.pr.opened, lane.merge.ready, lane.finished, lane.failed, branch.stale_against_main. Also implement event ordering, reconciliation, provenance, deduplication, and projection contracts.",
"acceptanceCriteria": [
"LaneEvent enum with all required variants defined",
"Event ordering with monotonic sequence metadata attached",
"Event provenance labels (live_lane, test, healthcheck, replay, transport)",
"Session identity completeness at creation (title, workspace, purpose)",
"Duplicate terminal-event suppression with fingerprinting",
"Lane ownership/scope binding in events",
"Nudge acknowledgment with dedupe contract",
"clawhip consumes typed lane events instead of pane scraping"
],
"passes": true,
"priority": "P0"
},
{
"id": "US-003",
"title": "Phase 3 - Stale-branch detection before broad verification",
"description": "Before broad test runs, compare current branch to main and detect if known fixes are missing. Emit branch.stale_against_main event and suggest/auto-run rebase/merge-forward.",
"acceptanceCriteria": [
"Branch freshness comparison against main implemented",
"branch.stale_against_main event emitted when behind",
"Auto-rebase/merge-forward policy integration",
"Avoid misclassifying stale-branch failures as new regressions"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-004",
"title": "Phase 3 - Recovery recipes with ledger",
"description": "Encode automatic recoveries for common failures (trust prompt, prompt misdelivery, stale branch, compile red, MCP startup). Expose recovery attempt ledger with recipe id, attempt count, state, timestamps, failure summary.",
"acceptanceCriteria": [
"Recovery recipes defined for: trust_prompt_unresolved, prompt_delivered_to_shell, stale_branch, compile_red_after_refactor, MCP_handshake_failure, partial_plugin_startup",
"Recovery attempt ledger with: recipe id, attempt count, state, timestamps, failure summary, escalation reason",
"One automatic recovery attempt before escalation",
"Ledger emitted as structured event data"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-005",
"title": "Phase 4 - Typed task packet format",
"description": "Define structured task packet with fields: objective, scope, repo/worktree, branch policy, acceptance tests, commit policy, reporting contract, escalation policy.",
"acceptanceCriteria": [
"TaskPacket struct with all required fields",
"TaskScope resolution (workspace/module/single-file/custom)",
"Validation and serialization support",
"Integration into tools/src/lib.rs"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-006",
"title": "Phase 4 - Policy engine for autonomous coding",
"description": "Encode automation rules: if green + scoped diff + review passed -> merge to dev; if stale branch -> merge-forward before broad tests; if startup blocked -> recover once, then escalate; if lane completed -> emit closeout and cleanup session.",
"acceptanceCriteria": [
"Policy rules engine implemented",
"Rules: green + scoped diff + review -> merge",
"Rules: stale branch -> merge-forward before tests",
"Rules: startup blocked -> recover once, then escalate",
"Rules: lane completed -> closeout and cleanup"
],
"passes": true,
"priority": "P2"
},
{
"id": "US-007",
"title": "Phase 5 - Plugin/MCP lifecycle maturity",
"description": "First-class plugin/MCP lifecycle contract: config validation, startup healthcheck, discovery result, degraded-mode behavior, shutdown/cleanup. Close gaps in end-to-end lifecycle.",
"acceptanceCriteria": [
"Plugin/MCP config validation contract",
"Startup healthcheck with structured results",
"Discovery result reporting",
"Degraded-mode behavior documented and implemented",
"Shutdown/cleanup contract",
"Partial startup and per-server failures reported structurally"
],
"passes": true,
"priority": "P2"
},
{
"id": "US-008",
"title": "Fix kimi-k2.5 model API compatibility",
"description": "The kimi-k2.5 model (and other kimi models) reject API requests containing the is_error field in tool result messages. The OpenAI-compatible provider currently always includes is_error for all models. Need to make this field conditional based on model support.",
"acceptanceCriteria": [
"translate_message function accepts model parameter",
"is_error field excluded for kimi models (kimi-k2.5, kimi-k1.5, etc.)",
"is_error field included for models that support it (openai, grok, xai, etc.)",
"build_chat_completion_request passes model to translate_message",
"Tests verify is_error presence/absence based on model",
"cargo test passes",
"cargo clippy passes",
"cargo fmt passes"
],
"passes": true,
"priority": "P0"
},
{
"id": "US-009",
"title": "Add unit tests for kimi model compatibility fix",
"description": "During dogfooding we discovered the existing test coverage for model-specific is_error handling is insufficient. Need to add dedicated tests for model_rejects_is_error_field function and translate_message behavior with different models.",
"acceptanceCriteria": [
"Test model_rejects_is_error_field identifies kimi-k2.5, kimi-k1.5, dashscope/kimi-k2.5",
"Test translate_message includes is_error for gpt-4, grok-3, claude models",
"Test translate_message excludes is_error for kimi models",
"Test build_chat_completion_request produces correct payload for kimi vs non-kimi",
"All new tests pass",
"cargo test --package api passes"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-010",
"title": "Add model compatibility documentation",
"description": "Document which models require special handling (is_error exclusion, reasoning model tuning param stripping, etc.) in a MODEL_COMPATIBILITY.md file for operators and contributors.",
"acceptanceCriteria": [
"MODEL_COMPATIBILITY.md created in docs/ or repo root",
"Document kimi models is_error exclusion",
"Document reasoning models (o1, o3, grok-3-mini) tuning param stripping",
"Document gpt-5 max_completion_tokens requirement",
"Document qwen model routing through dashscope",
"Cross-reference with existing code comments"
],
"passes": true,
"priority": "P2"
},
{
"id": "US-011",
"title": "Performance optimization: reduce API request serialization overhead",
"description": "The translate_message function creates intermediate JSON Value objects that could be optimized. Profile and optimize the hot path for API request building, especially for conversations with many tool results.",
"acceptanceCriteria": [
"Profile current request building with criterion or similar",
"Identify bottlenecks in translate_message and build_chat_completion_request",
"Implement optimizations (Vec pre-allocation, reduced cloning, etc.)",
"Benchmark before/after showing improvement",
"No functional changes or API breakage"
],
"passes": true,
"priority": "P2"
},
{
"id": "US-012",
"title": "Trust prompt resolver with allowlist auto-trust",
"description": "Add allowlisted auto-trust behavior for known repos/worktrees. Trust prompts currently block TUI startup and require manual intervention. Implement automatic trust resolution for pre-approved repositories.",
"acceptanceCriteria": [
"TrustAllowlist config structure with repo patterns",
"Auto-trust behavior for allowlisted repos/worktrees",
"trust_required event emitted when trust prompt detected",
"trust_resolved event emitted when trust is granted",
"Non-allowlisted repos remain gated (manual trust required)",
"Integration with worker boot lifecycle",
"Tests for allowlist matching and event emission"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-013",
"title": "Phase 2 - Session event ordering + terminal-state reconciliation",
"description": "When the same session emits contradictory lifecycle events (idle, error, completed, transport/server-down) in close succession, expose deterministic final truth. Attach monotonic sequence/causal ordering metadata, classify terminal vs advisory events, reconcile duplicate/out-of-order terminal events into one canonical lane outcome.",
"acceptanceCriteria": [
"Monotonic sequence / causal ordering metadata attached to session lifecycle events",
"Terminal vs advisory event classification implemented",
"Reconcile duplicate or out-of-order terminal events into one canonical outcome",
"Distinguish 'session terminal state unknown because transport died' from real 'completed'",
"Tests verify reconciliation behavior with out-of-order event bursts"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-014",
"title": "Phase 2 - Event provenance / environment labeling",
"description": "Every emitted event should declare its source (live_lane, test, healthcheck, replay, transport) so claws do not mistake test noise for production truth. Include environment/channel label, emitter identity, and confidence/trust level.",
"acceptanceCriteria": [
"EventProvenance enum with live_lane, test, healthcheck, replay, transport variants",
"Environment/channel label attached to all events",
"Emitter identity field on events",
"Confidence/trust level field for downstream automation",
"Tests verify provenance labeling and filtering"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-015",
"title": "Phase 2 - Session identity completeness at creation time",
"description": "A newly created session should emit stable title, workspace/worktree path, and lane/session purpose at creation time. If any field is not yet known, emit explicit typed placeholder reason rather than bare unknown string.",
"acceptanceCriteria": [
"Session creation emits stable title, workspace/worktree path, purpose immediately",
"Explicit typed placeholder when fields unknown (not bare 'unknown' strings)",
"Later-enriched metadata reconciles onto same session identity without ambiguity",
"Tests verify session identity completeness and placeholder handling"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-016",
"title": "Phase 2 - Duplicate terminal-event suppression",
"description": "When the same session emits repeated completed/failed/terminal notifications, collapse duplicates before they trigger repeated downstream reactions. Attach canonical terminal-event fingerprint per lane/session outcome.",
"acceptanceCriteria": [
"Canonical terminal-event fingerprint attached per lane/session outcome",
"Suppress/coalesce repeated terminal notifications within reconciliation window",
"Preserve raw event history for audit while exposing one actionable outcome downstream",
"Surface when later duplicate materially differs from original terminal payload",
"Tests verify deduplication and material difference detection"
],
"passes": true,
"priority": "P2"
},
{
"id": "US-017",
"title": "Phase 2 - Lane ownership / scope binding",
"description": "Each session and lane event should declare who owns it and what workflow scope it belongs to. Attach owner/assignee identity, workflow scope (claw-code-dogfood, external-git-maintenance, infra-health, manual-operator), and mark whether watcher is expected to act, observe only, or ignore.",
"acceptanceCriteria": [
"Owner/assignee identity attached to sessions and lane events",
"Workflow scope field (claw-code-dogfood, external-git-maintenance, etc.)",
"Watcher action expectation field (act, observe-only, ignore)",
"Preserve scope through session restarts, resumes, and late terminal events",
"Tests verify ownership and scope binding"
],
"passes": true,
"priority": "P2"
},
{
"id": "US-018",
"title": "Phase 2 - Nudge acknowledgment / dedupe contract",
"description": "Periodic clawhip nudges should carry nudge id/cycle id and delivery timestamp. Expose whether claw has already acknowledged or responded for that cycle. Distinguish new nudge, retry nudge, and stale duplicate.",
"acceptanceCriteria": [
"Nudge id / cycle id and delivery timestamp attached",
"Acknowledgment state exposed (already acknowledged or not)",
"Distinguish new nudge vs retry nudge vs stale duplicate",
"Allow downstream summaries to bind reported pinpoint back to triggering nudge id",
"Tests verify nudge deduplication and acknowledgment tracking"
],
"passes": true,
"priority": "P2"
},
{
"id": "US-019",
"title": "Phase 2 - Stable roadmap-id assignment for newly filed pinpoints",
"description": "When a claw records a new pinpoint/follow-up, assign or expose a stable tracking id immediately. Expose that id in structured event/report payload and preserve across edits, reorderings, and summary compression.",
"acceptanceCriteria": [
"Canonical roadmap id assigned at filing time",
"Roadmap id exposed in structured event/report payload",
"Same id preserved across edits, reorderings, summary compression",
"Distinguish 'new roadmap filing' from 'update to existing roadmap item'",
"Tests verify stable id assignment and update detection"
],
"passes": true,
"priority": "P2"
},
{
"id": "US-020",
"title": "Phase 2 - Roadmap item lifecycle state contract",
"description": "Each roadmap pinpoint should carry machine-readable lifecycle state (filed, acknowledged, in_progress, blocked, done, superseded). Attach last state-change timestamp and preserve lineage when one pinpoint supersedes or merges into another.",
"acceptanceCriteria": [
"Lifecycle state enum with filed, acknowledged, in_progress, blocked, done, superseded",
"Last state-change timestamp attached",
"New report can declare first filing, status update, or closure",
"Preserve lineage when one pinpoint supersedes or merges into another",
"Tests verify lifecycle state transitions"
],
"passes": true,
"priority": "P2"
},
{
"id": "US-021",
"title": "Request body size pre-flight check for OpenAI-compatible provider",
"description": "Implement pre-flight request body size estimation to prevent 400 Bad Request errors from API gateways with size limits. Based on dogfood findings with kimi-k2.5 testing, DashScope API has a 6MB request body limit that was exceeded by large system prompts.",
"acceptanceCriteria": [
"Pre-flight size estimation before sending requests to OpenAI-compatible providers",
"Clear error message when request exceeds provider-specific size limit",
"Configuration for different provider limits (6MB DashScope, 100MB OpenAI, etc.)",
"Unit tests for size estimation and limit checking",
"Integration with existing error handling for actionable user messages"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-022",
"title": "Enhanced error context for API failures",
"description": "Add structured error context to API failures including request ID tracking across retries, provider-specific error code mapping, and suggested user actions based on error type (e.g., 'Reduce prompt size' for 413, 'Check API key' for 401).",
"acceptanceCriteria": [
"Request ID tracking across retries with full context in error messages",
"Provider-specific error code mapping with actionable suggestions",
"Suggested user actions for common error types (401, 403, 413, 429, 500, 502-504)",
"Unit tests for error context extraction",
"All existing tests pass and clippy is clean"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-023",
"title": "Add automatic routing for kimi models to DashScope",
"description": "Based on dogfood findings with kimi-k2.5 testing, users must manually prefix with dashscope/kimi-k2.5 instead of just using kimi-k2.5. Add automatic routing for kimi/ and kimi- prefixed models to DashScope (similar to qwen models), and add a 'kimi' alias to the model registry.",
"acceptanceCriteria": [
"kimi/ and kimi- prefix routing to DashScope in metadata_for_model()",
"'kimi' alias in MODEL_REGISTRY that resolves to 'kimi-k2.5'",
"resolve_model_alias() handles the kimi alias correctly",
"Unit tests for kimi routing (similar to qwen routing tests)",
"All tests pass and clippy is clean"
],
"passes": true,
"priority": "P1"
},
{
"id": "US-024",
"title": "Add token limit metadata for kimi models",
"description": "The model_token_limit() function has no entries for kimi-k2.5 or kimi-k1.5, causing preflight context window validation to skip these models. Add token limit metadata to enable preflight checks and accurate max token defaults. Per Moonshot AI documentation, kimi-k2.5 supports 256K context window and 16K max output tokens.",
"acceptanceCriteria": [
"model_token_limit('kimi-k2.5') returns Some(ModelTokenLimit { max_output_tokens: 16384, context_window_tokens: 256000 })",
"model_token_limit('kimi-k1.5') returns appropriate limits",
"model_token_limit('kimi') follows alias chain (kimi → kimi-k2.5) and returns k2.5 limits",
"preflight_message_request() validates context window for kimi models (via generic preflight, no provider-specific code needed)",
"Unit tests verify limits and preflight behavior for kimi models",
"All tests pass and clippy is clean"
],
"passes": true,
"priority": "P1"
}
],
"metadata": {
"lastUpdated": "2026-04-17",
"completedStories": ["US-001", "US-002", "US-003", "US-004", "US-005", "US-006", "US-007", "US-008", "US-009", "US-010", "US-011", "US-012", "US-013", "US-014", "US-015", "US-016", "US-017", "US-018", "US-019", "US-020", "US-021", "US-022", "US-023", "US-024"],
"inProgressStories": [],
"totalStories": 24,
"status": "completed"
}
}

133
progress.txt Normal file
View File

@@ -0,0 +1,133 @@
Ralph Iteration Summary - claw-code Roadmap Implementation
===========================================================
Iteration 1: 2026-04-16
------------------------
US-001 COMPLETED (Phase 1.6 - startup-no-evidence evidence bundle + classifier)
- Files: rust/crates/runtime/src/worker_boot.rs
- Added StartupFailureClassification enum with 6 variants
- Added StartupEvidenceBundle with 8 fields
- Implemented classify_startup_failure() logic
- Added observe_startup_timeout() method to Worker
- Tests: 6 new tests verifying classification logic
US-002 COMPLETED (Phase 2 - Canonical lane event schema)
- Files: rust/crates/runtime/src/lane_events.rs
- Added EventProvenance enum with 5 labels
- Added SessionIdentity, LaneOwnership structs
- Added LaneEventMetadata with sequence/ordering
- Added LaneEventBuilder for construction
- Implemented is_terminal_event(), dedupe_terminal_events()
- Tests: 10 new tests for events and deduplication
US-005 COMPLETED (Phase 4 - Typed task packet format)
- Files:
- rust/crates/runtime/src/task_packet.rs
- rust/crates/runtime/src/task_registry.rs
- rust/crates/tools/src/lib.rs
- Added TaskScope enum (Workspace, Module, SingleFile, Custom)
- Updated TaskPacket with scope_path and worktree fields
- Added validate_scope_requirements() validation logic
- Fixed all test compilation errors in dependent modules
- Tests: Updated existing tests to use new types
PRE-EXISTING IMPLEMENTATIONS (verified working):
------------------------------------------------
US-003 COMPLETE (Phase 3 - Stale-branch detection)
- Files: rust/crates/runtime/src/stale_branch.rs
- BranchFreshness enum (Fresh, Stale, Diverged)
- StaleBranchPolicy (AutoRebase, AutoMergeForward, WarnOnly, Block)
- StaleBranchEvent with structured events
- check_freshness() with git integration
- apply_policy() with policy resolution
- Tests: 12 unit tests + 5 integration tests passing
US-004 COMPLETE (Phase 3 - Recovery recipes with ledger)
- Files: rust/crates/runtime/src/recovery_recipes.rs
- FailureScenario enum with 7 scenarios
- RecoveryStep enum with actionable steps
- RecoveryRecipe with step sequences
- RecoveryLedger for attempt tracking
- RecoveryEvent for structured emission
- attempt_recovery() with escalation logic
- Tests: 15 unit tests + 1 integration test passing
US-006 COMPLETE (Phase 4 - Policy engine for autonomous coding)
- Files: rust/crates/runtime/src/policy_engine.rs
- PolicyRule with condition/action/priority
- PolicyCondition (And, Or, GreenAt, StaleBranch, etc.)
- PolicyAction (MergeToDev, RecoverOnce, Escalate, etc.)
- LaneContext for evaluation context
- evaluate() for rule matching
- Tests: 18 unit tests + 6 integration tests passing
US-007 COMPLETE (Phase 5 - Plugin/MCP lifecycle maturity)
- Files: rust/crates/runtime/src/plugin_lifecycle.rs
- ServerStatus enum (Healthy, Degraded, Failed)
- ServerHealth with capabilities tracking
- PluginState with full lifecycle states
- PluginLifecycle event tracking
- PluginHealthcheck structured results
- DiscoveryResult for capability discovery
- DegradedMode behavior
- Tests: 11 unit tests passing
VERIFICATION STATUS:
------------------
- cargo build --workspace: PASSED
- cargo test --workspace: PASSED (476+ unit tests, 12 integration tests)
- cargo clippy --workspace: PASSED
All 7 stories from prd.json now have passes: true
Iteration 2: 2026-04-16
------------------------
US-009 COMPLETED (Add unit tests for kimi model compatibility fix)
- Files: rust/crates/api/src/providers/openai_compat.rs
- Added 4 comprehensive unit tests:
1. model_rejects_is_error_field_detects_kimi_models - verifies detection of kimi-k2.5, kimi-k1.5, dashscope/kimi-k2.5, case insensitivity
2. translate_message_includes_is_error_for_non_kimi_models - verifies gpt-4o, grok-3, claude include is_error
3. translate_message_excludes_is_error_for_kimi_models - verifies kimi models exclude is_error (prevents 400 Bad Request)
4. build_chat_completion_request_kimi_vs_non_kimi_tool_results - full integration test for request building
- Tests: 4 new tests, 119 unit tests total in api crate (+4), all passing
- Integration tests: 29 passing (no regressions)
US-010 COMPLETED (Add model compatibility documentation)
- Files: docs/MODEL_COMPATIBILITY.md
- Created comprehensive documentation covering:
1. Kimi Models (is_error Exclusion) - documents the 400 Bad Request issue and solution
2. Reasoning Models (Tuning Parameter Stripping) - covers o1, o3, o4, grok-3-mini, qwen-qwq, qwen3-thinking
3. GPT-5 (max_completion_tokens) - documents max_tokens vs max_completion_tokens requirement
4. Qwen Models (DashScope Routing) - explains routing and authentication
- Added implementation details section with key functions
- Added "Adding New Models" guide for future contributors
- Added testing section with example commands
- Cross-referenced with existing code comments in openai_compat.rs
- cargo clippy passes
US-011 COMPLETED (Performance optimization: reduce API request serialization overhead)
- Files:
- rust/crates/api/Cargo.toml (added criterion dev-dependency and bench config)
- rust/crates/api/benches/request_building.rs (new benchmark suite)
- rust/crates/api/src/providers/openai_compat.rs (optimizations)
- rust/crates/api/src/lib.rs (public exports for benchmarks)
- Optimizations implemented:
1. flatten_tool_result_content: Pre-allocate String capacity and avoid intermediate Vec
- Before: collected to Vec<String> then joined
- After: single String with pre-calculated capacity, push directly
2. Made key functions public for benchmarking: translate_message, build_chat_completion_request,
flatten_tool_result_content, is_reasoning_model, model_rejects_is_error_field
- Benchmark results:
- flatten_tool_result_content/single_text: ~17ns
- flatten_tool_result_content/multi_text (10 blocks): ~46ns
- flatten_tool_result_content/large_content (50 blocks): ~11.7µs
- translate_message/text_only: ~200ns
- translate_message/tool_result: ~348ns
- build_chat_completion_request/10 messages: ~16.4µs
- build_chat_completion_request/100 messages: ~209µs
- is_reasoning_model detection: ~26-42ns depending on model
- All tests pass (119 unit tests + 29 integration tests)
- cargo clippy passes

5
rust/.claw.json Normal file
View File

@@ -0,0 +1,5 @@
{
"permissions": {
"defaultMode": "dontAsk"
}
}

3
rust/.claw/sessions/session-1775386832313-0.jsonl
View File

@@ -1,2 +1 @@
{"created_at_ms":1775386832313,"session_id":"session-1775386832313-0","type":"session_meta","updated_at_ms":1775386832313,"version":1}
{"message":{"blocks":[{"text":"status --help","type":"text"}],"role":"user"},"type":"message"}
{"created_at_ms":1775777421902,"session_id":"session-1775777421902-1","type":"session_meta","updated_at_ms":1775777421902,"version":1}

4
rust/.gitignore vendored
View File

@@ -1,3 +1,7 @@
target/
.omx/
.clawd-agents/
# Claw Code local artifacts
.claw/settings.local.json
.claw/sessions/
.clawhip/

15
rust/CLAUDE.md Normal file
View File

@@ -0,0 +1,15 @@
# CLAUDE.md
This file provides guidance to Claw Code (clawcode.dev) when working with code in this repository.
## Detected stack
- Languages: Rust.
- Frameworks: none detected from the supported starter markers.
## Verification
- Run Rust verification from the repo root: `cargo fmt`, `cargo clippy --workspace --all-targets -- -D warnings`, `cargo test --workspace`
## Working agreement
- Prefer small, reviewable changes and keep generated bootstrap files aligned with actual repo workflows.
- Keep shared defaults in `.claw.json`; reserve `.claw/settings.local.json` for machine-local overrides.
- Do not overwrite existing `CLAUDE.md` content automatically; update it intentionally when repo workflows change.

265
rust/Cargo.lock generated
View File

@@ -17,10 +17,23 @@ dependencies = [
"memchr",
]
[[package]]
name = "anes"
version = "0.1.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
[[package]]
name = "anstyle"
version = "1.0.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000"
[[package]]
name = "api"
version = "0.1.0"
dependencies = [
"criterion",
"reqwest",
"runtime",
"serde",
@@ -35,6 +48,12 @@ version = "1.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
[[package]]
name = "autocfg"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
[[package]]
name = "base64"
version = "0.22.1"
@@ -77,6 +96,12 @@ version = "1.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
[[package]]
name = "cast"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
[[package]]
name = "cc"
version = "1.2.58"
@@ -99,6 +124,58 @@ version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724"
[[package]]
name = "ciborium"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e"
dependencies = [
"ciborium-io",
"ciborium-ll",
"serde",
]
[[package]]
name = "ciborium-io"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757"
[[package]]
name = "ciborium-ll"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9"
dependencies = [
"ciborium-io",
"half",
]
[[package]]
name = "clap"
version = "4.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1ddb117e43bbf7dacf0a4190fef4d345b9bad68dfc649cb349e7d17d28428e51"
dependencies = [
"clap_builder",
]
[[package]]
name = "clap_builder"
version = "4.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f"
dependencies = [
"anstyle",
"clap_lex",
]
[[package]]
name = "clap_lex"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9"
[[package]]
name = "clipboard-win"
version = "5.4.1"
@@ -144,6 +221,67 @@ dependencies = [
"cfg-if",
]
[[package]]
name = "criterion"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f2b12d017a929603d80db1831cd3a24082f8137ce19c69e6447f54f5fc8d692f"
dependencies = [
"anes",
"cast",
"ciborium",
"clap",
"criterion-plot",
"is-terminal",
"itertools",
"num-traits",
"once_cell",
"oorandom",
"plotters",
"rayon",
"regex",
"serde",
"serde_derive",
"serde_json",
"tinytemplate",
"walkdir",
]
[[package]]
name = "criterion-plot"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1"
dependencies = [
"cast",
"itertools",
]
[[package]]
name = "crossbeam-deque"
version = "0.8.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51"
dependencies = [
"crossbeam-epoch",
"crossbeam-utils",
]
[[package]]
name = "crossbeam-epoch"
version = "0.9.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e"
dependencies = [
"crossbeam-utils",
]
[[package]]
name = "crossbeam-utils"
version = "0.8.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
[[package]]
name = "crossterm"
version = "0.28.1"
@@ -169,6 +307,12 @@ dependencies = [
"winapi",
]
[[package]]
name = "crunchy"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5"
[[package]]
name = "crypto-common"
version = "0.1.7"
@@ -209,6 +353,12 @@ dependencies = [
"syn",
]
[[package]]
name = "either"
version = "1.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
[[package]]
name = "endian-type"
version = "0.1.2"
@@ -245,7 +395,7 @@ checksum = "0ce92ff622d6dadf7349484f42c93271a0d49b7cc4d466a936405bacbe10aa78"
dependencies = [
"cfg-if",
"rustix 1.1.4",
"windows-sys 0.52.0",
"windows-sys 0.59.0",
]
[[package]]
@@ -380,12 +530,29 @@ version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
[[package]]
name = "half"
version = "2.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6ea2d84b969582b4b1864a92dc5d27cd2b77b622a8d79306834f1be5ba20d84b"
dependencies = [
"cfg-if",
"crunchy",
"zerocopy",
]
[[package]]
name = "hashbrown"
version = "0.16.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
[[package]]
name = "hermit-abi"
version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc0fef456e4baa96da950455cd02c081ca953b141298e41db3fc7e36b1da849c"
[[package]]
name = "home"
version = "0.5.12"
@@ -622,6 +789,26 @@ dependencies = [
"serde",
]
[[package]]
name = "is-terminal"
version = "0.4.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3640c1c38b8e4e43584d8df18be5fc6b0aa314ce6ebf51b53313d4306cca8e46"
dependencies = [
"hermit-abi",
"libc",
"windows-sys 0.61.2",
]
[[package]]
name = "itertools"
version = "0.10.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473"
dependencies = [
"either",
]
[[package]]
name = "itoa"
version = "1.0.18"
@@ -755,6 +942,15 @@ version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c6673768db2d862beb9b39a78fdcb1a69439615d5794a1be50caa9bc92c81967"
[[package]]
name = "num-traits"
version = "0.2.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
dependencies = [
"autocfg",
]
[[package]]
name = "once_cell"
version = "1.21.4"
@@ -783,6 +979,12 @@ dependencies = [
"pkg-config",
]
[[package]]
name = "oorandom"
version = "11.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d6790f58c7ff633d8771f42965289203411a5e5c68388703c06e14f24770b41e"
[[package]]
name = "parking_lot"
version = "0.12.5"
@@ -837,6 +1039,34 @@ dependencies = [
"time",
]
[[package]]
name = "plotters"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747"
dependencies = [
"num-traits",
"plotters-backend",
"plotters-svg",
"wasm-bindgen",
"web-sys",
]
[[package]]
name = "plotters-backend"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a"
[[package]]
name = "plotters-svg"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670"
dependencies = [
"plotters-backend",
]
[[package]]
name = "plugins"
version = "0.1.0"
@@ -1015,6 +1245,26 @@ dependencies = [
"getrandom 0.3.4",
]
[[package]]
name = "rayon"
version = "1.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fb39b166781f92d482534ef4b4b1b2568f42613b53e5b6c160e24cfbfa30926d"
dependencies = [
"either",
"rayon-core",
]
[[package]]
name = "rayon-core"
version = "1.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "22e18b0f0062d30d4230b2e85ff77fdfe4326feb054b9783a3460d8435c8ab91"
dependencies = [
"crossbeam-deque",
"crossbeam-utils",
]
[[package]]
name = "redox_syscall"
version = "0.5.18"
@@ -1138,7 +1388,7 @@ dependencies = [
"errno",
"libc",
"linux-raw-sys 0.4.15",
"windows-sys 0.52.0",
"windows-sys 0.59.0",
]
[[package]]
@@ -1522,6 +1772,16 @@ dependencies = [
"zerovec",
]
[[package]]
name = "tinytemplate"
version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc"
dependencies = [
"serde",
"serde_json",
]
[[package]]
name = "tinyvec"
version = "1.11.0"
@@ -1580,6 +1840,7 @@ version = "0.1.0"
dependencies = [
"api",
"commands",
"flate2",
"plugins",
"reqwest",
"runtime",

17
rust/README.md
View File

@@ -34,10 +34,10 @@ export ANTHROPIC_API_KEY="sk-ant-..."
export ANTHROPIC_BASE_URL="https://your-proxy.com"
```
Or authenticate via OAuth and let the CLI persist credentials locally:
Or provide an OAuth bearer token directly:
```bash
cargo run -p rusty-claude-cli -- login
export ANTHROPIC_AUTH_TOKEN="anthropic-oauth-or-proxy-bearer-token"
```
## Mock parity harness
@@ -80,7 +80,7 @@ Primary artifacts:
| Feature | Status |
|---------|--------|
| Anthropic / OpenAI-compatible provider flows + streaming | ✅ |
| OAuth login/logout | ✅ |
| Direct bearer-token auth via `ANTHROPIC_AUTH_TOKEN` | ✅ |
| Interactive REPL (rustyline) | ✅ |
| Tool system (bash, read, write, edit, grep, glob) | ✅ |
| Web tools (search, fetch) | ✅ |
@@ -135,17 +135,18 @@ Top-level commands:
version
status
sandbox
acp [serve]
dump-manifests
bootstrap-plan
agents
mcp
skills
system-prompt
login
logout
init
```
`claw acp` is a local discoverability surface for editor-first users: it reports the current ACP/Zed status without starting the runtime. As of April 16, 2026, claw-code does **not** ship an ACP/Zed daemon entrypoint yet, and `claw acp serve` is only a status alias until the real protocol surface lands.
The command surface is moving quickly. For the canonical live help text, run:
```bash
@@ -159,8 +160,8 @@ Tab completion expands slash commands, model aliases, permission modes, and rece
The REPL now exposes a much broader surface than the original minimal shell:
- session / visibility: `/help`, `/status`, `/sandbox`, `/cost`, `/resume`, `/session`, `/version`, `/usage`, `/stats`
- workspace / git: `/compact`, `/clear`, `/config`, `/memory`, `/init`, `/diff`, `/commit`, `/pr`, `/issue`, `/export`, `/hooks`, `/files`, `/branch`, `/release-notes`, `/add-dir`
- discovery / debugging: `/mcp`, `/agents`, `/skills`, `/doctor`, `/tasks`, `/context`, `/desktop`, `/ide`
- workspace / git: `/compact`, `/clear`, `/config`, `/memory`, `/init`, `/diff`, `/commit`, `/pr`, `/issue`, `/export`, `/hooks`, `/files`, `/release-notes`
- discovery / debugging: `/mcp`, `/agents`, `/skills`, `/doctor`, `/tasks`, `/context`, `/desktop`
- automation / analysis: `/review`, `/advisor`, `/insights`, `/security-review`, `/subagent`, `/team`, `/telemetry`, `/providers`, `/cron`, and more
- plugin management: `/plugin` (with aliases `/plugins`, `/marketplace`)
@@ -194,7 +195,7 @@ rust/
### Crate Responsibilities
- **api** — provider clients, SSE streaming, request/response types, auth (API key + OAuth bearer), request-size/context-window preflight
- **api** — provider clients, SSE streaming, request/response types, auth (`ANTHROPIC_API_KEY` + bearer-token support), request-size/context-window preflight
- **commands** — slash command definitions, parsing, help text generation, JSON/text command rendering
- **compat-harness** — extracts tool/prompt manifests from upstream TS source
- **mock-anthropic-service** — deterministic `/v1/messages` mock for CLI parity tests and local harness runs

7
rust/crates/api/Cargo.toml
View File

@@ -13,5 +13,12 @@ serde_json.workspace = true
telemetry = { path = "../telemetry" }
tokio = { version = "1", features = ["io-util", "macros", "net", "rt-multi-thread", "time"] }
[dev-dependencies]
criterion = { version = "0.5", features = ["html_reports"] }
[lints]
workspace = true
[[bench]]
name = "request_building"
harness = false

329
rust/crates/api/benches/request_building.rs Normal file
View File

@@ -0,0 +1,329 @@
// Benchmarks for API request building performance
// Benchmarks are exempt from strict linting as they are test/performance code
#![allow(
clippy::cognitive_complexity,
clippy::doc_markdown,
clippy::explicit_iter_loop,
clippy::format_in_format_args,
clippy::missing_docs_in_private_items,
clippy::must_use_candidate,
clippy::needless_pass_by_value,
clippy::clone_on_copy,
clippy::too_many_lines,
clippy::uninlined_format_args
)]
use api::{
build_chat_completion_request, flatten_tool_result_content, is_reasoning_model,
translate_message, InputContentBlock, InputMessage, MessageRequest, OpenAiCompatConfig,
ToolResultContentBlock,
};
use criterion::{black_box, criterion_group, criterion_main, BenchmarkId, Criterion};
use serde_json::json;
/// Create a sample message request with various content types
fn create_sample_request(message_count: usize) -> MessageRequest {
let mut messages = Vec::with_capacity(message_count);
for i in 0..message_count {
match i % 4 {
0 => messages.push(InputMessage::user_text(format!("Message {}", i))),
1 => messages.push(InputMessage {
role: "assistant".to_string(),
content: vec![
InputContentBlock::Text {
text: format!("Assistant response {}", i),
},
InputContentBlock::ToolUse {
id: format!("call_{}", i),
name: "read_file".to_string(),
input: json!({"path": format!("/tmp/file{}", i)}),
},
],
}),
2 => messages.push(InputMessage {
role: "user".to_string(),
content: vec![InputContentBlock::ToolResult {
tool_use_id: format!("call_{}", i - 1),
content: vec![ToolResultContentBlock::Text {
text: format!("Tool result content {}", i),
}],
is_error: false,
}],
}),
_ => messages.push(InputMessage {
role: "assistant".to_string(),
content: vec![InputContentBlock::ToolUse {
id: format!("call_{}", i),
name: "write_file".to_string(),
input: json!({"path": format!("/tmp/out{}", i), "content": "data"}),
}],
}),
}
}
MessageRequest {
model: "gpt-4o".to_string(),
max_tokens: 1024,
messages,
stream: false,
system: Some("You are a helpful assistant.".to_string()),
temperature: Some(0.7),
top_p: None,
tools: None,
tool_choice: None,
frequency_penalty: None,
presence_penalty: None,
stop: None,
reasoning_effort: None,
}
}
/// Benchmark translate_message with various message types
fn bench_translate_message(c: &mut Criterion) {
let mut group = c.benchmark_group("translate_message");
// Text-only message
let text_message = InputMessage::user_text("Simple text message".to_string());
group.bench_with_input(
BenchmarkId::new("text_only", "single"),
&text_message,
|b, msg| {
b.iter(|| translate_message(black_box(msg), black_box("gpt-4o")));
},
);
// Assistant message with tool calls
let assistant_message = InputMessage {
role: "assistant".to_string(),
content: vec![
InputContentBlock::Text {
text: "I'll help you with that.".to_string(),
},
InputContentBlock::ToolUse {
id: "call_1".to_string(),
name: "read_file".to_string(),
input: json!({"path": "/tmp/test"}),
},
InputContentBlock::ToolUse {
id: "call_2".to_string(),
name: "write_file".to_string(),
input: json!({"path": "/tmp/out", "content": "data"}),
},
],
};
group.bench_with_input(
BenchmarkId::new("assistant_with_tools", "2_tools"),
&assistant_message,
|b, msg| {
b.iter(|| translate_message(black_box(msg), black_box("gpt-4o")));
},
);
// Tool result message
let tool_result_message = InputMessage {
role: "user".to_string(),
content: vec![InputContentBlock::ToolResult {
tool_use_id: "call_1".to_string(),
content: vec![ToolResultContentBlock::Text {
text: "File contents here".to_string(),
}],
is_error: false,
}],
};
group.bench_with_input(
BenchmarkId::new("tool_result", "single"),
&tool_result_message,
|b, msg| {
b.iter(|| translate_message(black_box(msg), black_box("gpt-4o")));
},
);
// Tool result for kimi model (is_error excluded)
group.bench_with_input(
BenchmarkId::new("tool_result_kimi", "kimi-k2.5"),
&tool_result_message,
|b, msg| {
b.iter(|| translate_message(black_box(msg), black_box("kimi-k2.5")));
},
);
// Large content message
let large_content = "x".repeat(10000);
let large_message = InputMessage::user_text(large_content);
group.bench_with_input(
BenchmarkId::new("large_text", "10kb"),
&large_message,
|b, msg| {
b.iter(|| translate_message(black_box(msg), black_box("gpt-4o")));
},
);
group.finish();
}
/// Benchmark build_chat_completion_request with various message counts
fn bench_build_request(c: &mut Criterion) {
let mut group = c.benchmark_group("build_chat_completion_request");
let config = OpenAiCompatConfig::openai();
for message_count in [10, 50, 100].iter() {
let request = create_sample_request(*message_count);
group.bench_with_input(
BenchmarkId::new("message_count", message_count),
&request,
|b, req| {
b.iter(|| build_chat_completion_request(black_box(req), config.clone()));
},
);
}
// Benchmark with reasoning model (tuning params stripped)
let mut reasoning_request = create_sample_request(50);
reasoning_request.model = "o1-mini".to_string();
group.bench_with_input(
BenchmarkId::new("reasoning_model", "o1-mini"),
&reasoning_request,
|b, req| {
b.iter(|| build_chat_completion_request(black_box(req), config.clone()));
},
);
// Benchmark with gpt-5 (max_completion_tokens)
let mut gpt5_request = create_sample_request(50);
gpt5_request.model = "gpt-5".to_string();
group.bench_with_input(
BenchmarkId::new("gpt5", "gpt-5"),
&gpt5_request,
|b, req| {
b.iter(|| build_chat_completion_request(black_box(req), config.clone()));
},
);
group.finish();
}
/// Benchmark flatten_tool_result_content
fn bench_flatten_tool_result(c: &mut Criterion) {
let mut group = c.benchmark_group("flatten_tool_result_content");
// Single text block
let single_text = vec![ToolResultContentBlock::Text {
text: "Simple result".to_string(),
}];
group.bench_with_input(
BenchmarkId::new("single_text", "1_block"),
&single_text,
|b, content| {
b.iter(|| flatten_tool_result_content(black_box(content)));
},
);
// Multiple text blocks
let multi_text: Vec<ToolResultContentBlock> = (0..10)
.map(|i| ToolResultContentBlock::Text {
text: format!("Line {}: some content here\n", i),
})
.collect();
group.bench_with_input(
BenchmarkId::new("multi_text", "10_blocks"),
&multi_text,
|b, content| {
b.iter(|| flatten_tool_result_content(black_box(content)));
},
);
// JSON content blocks
let json_content: Vec<ToolResultContentBlock> = (0..5)
.map(|i| ToolResultContentBlock::Json {
value: json!({"index": i, "data": "test content", "nested": {"key": "value"}}),
})
.collect();
group.bench_with_input(
BenchmarkId::new("json_content", "5_blocks"),
&json_content,
|b, content| {
b.iter(|| flatten_tool_result_content(black_box(content)));
},
);
// Mixed content
let mixed_content = vec![
ToolResultContentBlock::Text {
text: "Here's the result:".to_string(),
},
ToolResultContentBlock::Json {
value: json!({"status": "success", "count": 42}),
},
ToolResultContentBlock::Text {
text: "Processing complete.".to_string(),
},
];
group.bench_with_input(
BenchmarkId::new("mixed_content", "text+json"),
&mixed_content,
|b, content| {
b.iter(|| flatten_tool_result_content(black_box(content)));
},
);
// Large content - simulating typical tool output
let large_content: Vec<ToolResultContentBlock> = (0..50)
.map(|i| {
if i % 3 == 0 {
ToolResultContentBlock::Json {
value: json!({"line": i, "content": "x".repeat(100)}),
}
} else {
ToolResultContentBlock::Text {
text: format!("Line {}: {}", i, "some output content here"),
}
}
})
.collect();
group.bench_with_input(
BenchmarkId::new("large_content", "50_blocks"),
&large_content,
|b, content| {
b.iter(|| flatten_tool_result_content(black_box(content)));
},
);
group.finish();
}
/// Benchmark is_reasoning_model detection
fn bench_is_reasoning_model(c: &mut Criterion) {
let mut group = c.benchmark_group("is_reasoning_model");
let models = vec![
("gpt-4o", false),
("o1-mini", true),
("o3", true),
("grok-3", false),
("grok-3-mini", true),
("qwen/qwen-qwq-32b", true),
("qwen/qwen-plus", false),
];
for (model, expected) in models {
group.bench_with_input(
BenchmarkId::new(model, if expected { "reasoning" } else { "normal" }),
model,
|b, m| {
b.iter(|| is_reasoning_model(black_box(m)));
},
);
}
group.finish();
}
criterion_group!(
benches,
bench_translate_message,
bench_build_request,
bench_flatten_tool_result,
bench_is_reasoning_model
);
criterion_main!(benches);

89
rust/crates/api/src/client.rs
View File

@@ -31,9 +31,18 @@ impl ProviderClient {
ProviderKind::Xai => Ok(Self::Xai(OpenAiCompatClient::from_env(
OpenAiCompatConfig::xai(),
)?)),
ProviderKind::OpenAi => Ok(Self::OpenAi(OpenAiCompatClient::from_env(
OpenAiCompatConfig::openai(),
)?)),
ProviderKind::OpenAi => {
// DashScope models (qwen-*) also return ProviderKind::OpenAi because they
// speak the OpenAI wire format, but they need the DashScope config which
// reads DASHSCOPE_API_KEY and points at dashscope.aliyuncs.com.
let config = match providers::metadata_for_model(&resolved_model) {
Some(meta) if meta.auth_env == "DASHSCOPE_API_KEY" => {
OpenAiCompatConfig::dashscope()
}
_ => OpenAiCompatConfig::openai(),
};
Ok(Self::OpenAi(OpenAiCompatClient::from_env(config)?))
}
}
}
@@ -135,8 +144,21 @@ pub fn read_xai_base_url() -> String {
#[cfg(test)]
mod tests {
use std::sync::{Mutex, OnceLock};
use super::ProviderClient;
use crate::providers::{detect_provider_kind, resolve_model_alias, ProviderKind};
/// Serializes every test in this module that mutates process-wide
/// environment variables so concurrent test threads cannot observe
/// each other's partially-applied state.
fn env_lock() -> std::sync::MutexGuard<'static, ()> {
static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
LOCK.get_or_init(|| Mutex::new(()))
.lock()
.unwrap_or_else(std::sync::PoisonError::into_inner)
}
#[test]
fn resolves_existing_and_grok_aliases() {
assert_eq!(resolve_model_alias("opus"), "claude-opus-4-6");
@@ -152,4 +174,65 @@ mod tests {
ProviderKind::Anthropic
);
}
/// Snapshot-restore guard for a single environment variable. Mirrors
/// the pattern used in `providers/mod.rs` tests: captures the original
/// value on construction, applies the override, and restores on drop so
/// tests leave the process env untouched even when they panic.
struct EnvVarGuard {
key: &'static str,
original: Option<std::ffi::OsString>,
}
impl EnvVarGuard {
fn set(key: &'static str, value: Option<&str>) -> Self {
let original = std::env::var_os(key);
match value {
Some(value) => std::env::set_var(key, value),
None => std::env::remove_var(key),
}
Self { key, original }
}
}
impl Drop for EnvVarGuard {
fn drop(&mut self) {
match self.original.take() {
Some(value) => std::env::set_var(self.key, value),
None => std::env::remove_var(self.key),
}
}
}
#[test]
fn dashscope_model_uses_dashscope_config_not_openai() {
// Regression: qwen-plus was being routed to OpenAiCompatConfig::openai()
// which reads OPENAI_API_KEY and points at api.openai.com, when it should
// use OpenAiCompatConfig::dashscope() which reads DASHSCOPE_API_KEY and
// points at dashscope.aliyuncs.com.
let _lock = env_lock();
let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", Some("test-dashscope-key"));
let _openai = EnvVarGuard::set("OPENAI_API_KEY", None);
let client = ProviderClient::from_model("qwen-plus");
// Must succeed (not fail with "missing OPENAI_API_KEY")
assert!(
client.is_ok(),
"qwen-plus with DASHSCOPE_API_KEY set should build successfully, got: {:?}",
client.err()
);
// Verify it's the OpenAi variant pointed at the DashScope base URL.
match client.unwrap() {
ProviderClient::OpenAi(openai_client) => {
assert!(
openai_client.base_url().contains("dashscope.aliyuncs.com"),
"qwen-plus should route to DashScope base URL (contains 'dashscope.aliyuncs.com'), got: {}",
openai_client.base_url()
);
}
other => panic!("Expected ProviderClient::OpenAi for qwen-plus, got: {other:?}"),
}
}
}

122
rust/crates/api/src/error.rs
View File

@@ -22,6 +22,11 @@ pub enum ApiError {
MissingCredentials {
provider: &'static str,
env_vars: &'static [&'static str],
/// Optional, runtime-computed hint appended to the error Display
/// output. Populated when the provider resolver can infer what the
/// user probably intended (e.g. an `OpenAI` key is set but Anthropic
/// was selected because no Anthropic credentials exist).
hint: Option<String>,
},
ContextWindowExceeded {
model: String,
@@ -48,6 +53,8 @@ pub enum ApiError {
request_id: Option<String>,
body: String,
retryable: bool,
/// Suggested user action based on error type (e.g., "Reduce prompt size" for 413)
suggested_action: Option<String>,
},
RetriesExhausted {
attempts: u32,
@@ -58,6 +65,11 @@ pub enum ApiError {
attempt: u32,
base_delay: Duration,
},
RequestBodySizeExceeded {
estimated_bytes: usize,
max_bytes: usize,
provider: &'static str,
},
}
impl ApiError {
@@ -66,7 +78,29 @@ impl ApiError {
provider: &'static str,
env_vars: &'static [&'static str],
) -> Self {
Self::MissingCredentials { provider, env_vars }
Self::MissingCredentials {
provider,
env_vars,
hint: None,
}
}
/// Build a `MissingCredentials` error carrying an extra, runtime-computed
/// hint string that the Display impl appends after the canonical "missing
/// <provider> credentials" message. Used by the provider resolver to
/// suggest the likely fix when the user has credentials for a different
/// provider already in the environment.
#[must_use]
pub fn missing_credentials_with_hint(
provider: &'static str,
env_vars: &'static [&'static str],
hint: impl Into<String>,
) -> Self {
Self::MissingCredentials {
provider,
env_vars,
hint: Some(hint.into()),
}
}
/// Build a `Self::Json` enriched with the provider name, the model that
@@ -102,7 +136,8 @@ impl ApiError {
| Self::Io(_)
| Self::Json { .. }
| Self::InvalidSseFrame(_)
| Self::BackoffOverflow { .. } => false,
| Self::BackoffOverflow { .. }
| Self::RequestBodySizeExceeded { .. } => false,
}
}
@@ -120,7 +155,8 @@ impl ApiError {
| Self::Io(_)
| Self::Json { .. }
| Self::InvalidSseFrame(_)
| Self::BackoffOverflow { .. } => None,
| Self::BackoffOverflow { .. }
| Self::RequestBodySizeExceeded { .. } => None,
}
}
@@ -145,6 +181,7 @@ impl ApiError {
"provider_transport"
}
Self::InvalidApiKeyEnv(_) | Self::Io(_) | Self::Json { .. } => "runtime_io",
Self::RequestBodySizeExceeded { .. } => "request_size",
}
}
@@ -167,7 +204,8 @@ impl ApiError {
| Self::Io(_)
| Self::Json { .. }
| Self::InvalidSseFrame(_)
| Self::BackoffOverflow { .. } => false,
| Self::BackoffOverflow { .. }
| Self::RequestBodySizeExceeded { .. } => false,
}
}
@@ -196,15 +234,21 @@ impl ApiError {
| Self::Io(_)
| Self::Json { .. }
| Self::InvalidSseFrame(_)
| Self::BackoffOverflow { .. } => false,
| Self::BackoffOverflow { .. }
| Self::RequestBodySizeExceeded { .. } => false,
}
}
}
impl Display for ApiError {
#[allow(clippy::too_many_lines)]
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
match self {
Self::MissingCredentials { provider, env_vars } => {
Self::MissingCredentials {
provider,
env_vars,
hint,
} => {
write!(
f,
"missing {provider} credentials; export {} before calling the {provider} API",
@@ -223,6 +267,9 @@ impl Display for ApiError {
)?;
}
}
if let Some(hint) = hint {
write!(f, " — hint: {hint}")?;
}
Ok(())
}
Self::ContextWindowExceeded {
@@ -290,6 +337,14 @@ impl Display for ApiError {
f,
"retry backoff overflowed on attempt {attempt} with base delay {base_delay:?}"
),
Self::RequestBodySizeExceeded {
estimated_bytes,
max_bytes,
provider,
} => write!(
f,
"request body size ({estimated_bytes} bytes) exceeds {provider} limit ({max_bytes} bytes); reduce prompt length or context before retrying"
),
}
}
}
@@ -435,6 +490,7 @@ mod tests {
request_id: Some("req_jobdori_123".to_string()),
body: String::new(),
retryable: true,
suggested_action: None,
};
assert!(error.is_generic_fatal_wrapper());
@@ -457,6 +513,7 @@ mod tests {
request_id: Some("req_nested_456".to_string()),
body: String::new(),
retryable: true,
suggested_action: None,
}),
};
@@ -477,10 +534,63 @@ mod tests {
request_id: Some("req_ctx_123".to_string()),
body: String::new(),
retryable: false,
suggested_action: None,
};
assert!(error.is_context_window_failure());
assert_eq!(error.safe_failure_class(), "context_window");
assert_eq!(error.request_id(), Some("req_ctx_123"));
}
#[test]
fn missing_credentials_without_hint_renders_the_canonical_message() {
// given
let error = ApiError::missing_credentials(
"Anthropic",
&["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
);
// when
let rendered = error.to_string();
// then
assert!(
rendered.starts_with(
"missing Anthropic credentials; export ANTHROPIC_AUTH_TOKEN or ANTHROPIC_API_KEY before calling the Anthropic API"
),
"rendered error should lead with the canonical missing-credential message: {rendered}"
);
assert!(
!rendered.contains(" — hint: "),
"no hint should be appended when none is supplied: {rendered}"
);
}
#[test]
fn missing_credentials_with_hint_appends_the_hint_after_base_message() {
// given
let error = ApiError::missing_credentials_with_hint(
"Anthropic",
&["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
"I see OPENAI_API_KEY is set — if you meant to use the OpenAI-compat provider, prefix your model name with `openai/` so prefix routing selects it.",
);
// when
let rendered = error.to_string();
// then
assert!(
rendered.starts_with("missing Anthropic credentials;"),
"hint should be appended, not replace the base message: {rendered}"
);
let hint_marker = " — hint: I see OPENAI_API_KEY is set — if you meant to use the OpenAI-compat provider, prefix your model name with `openai/` so prefix routing selects it.";
assert!(
rendered.ends_with(hint_marker),
"rendered error should end with the hint: {rendered}"
);
// Classification semantics are unaffected by the presence of a hint.
assert_eq!(error.safe_failure_class(), "provider_auth");
assert!(!error.is_retryable());
assert_eq!(error.request_id(), None);
}
}

344
rust/crates/api/src/http_client.rs Normal file
View File

@@ -0,0 +1,344 @@
use crate::error::ApiError;
const HTTP_PROXY_KEYS: [&str; 2] = ["HTTP_PROXY", "http_proxy"];
const HTTPS_PROXY_KEYS: [&str; 2] = ["HTTPS_PROXY", "https_proxy"];
const NO_PROXY_KEYS: [&str; 2] = ["NO_PROXY", "no_proxy"];
/// Snapshot of the proxy-related environment variables that influence the
/// outbound HTTP client. Captured up front so callers can inspect, log, and
/// test the resolved configuration without re-reading the process environment.
///
/// When `proxy_url` is set it acts as a single catch-all proxy for both
/// HTTP and HTTPS traffic, taking precedence over the per-scheme fields.
#[derive(Debug, Clone, Default, PartialEq, Eq)]
pub struct ProxyConfig {
pub http_proxy: Option<String>,
pub https_proxy: Option<String>,
pub no_proxy: Option<String>,
/// Optional unified proxy URL that applies to both HTTP and HTTPS.
/// When set, this takes precedence over `http_proxy` and `https_proxy`.
pub proxy_url: Option<String>,
}
impl ProxyConfig {
/// Read proxy settings from the live process environment, honouring both
/// the upper- and lower-case spellings used by curl, git, and friends.
#[must_use]
pub fn from_env() -> Self {
Self::from_lookup(|key| std::env::var(key).ok())
}
/// Create a proxy configuration from a single URL that applies to both
/// HTTP and HTTPS traffic. This is the config-file alternative to setting
/// `HTTP_PROXY` and `HTTPS_PROXY` environment variables separately.
#[must_use]
pub fn from_proxy_url(url: impl Into<String>) -> Self {
Self {
proxy_url: Some(url.into()),
..Self::default()
}
}
fn from_lookup<F>(mut lookup: F) -> Self
where
F: FnMut(&str) -> Option<String>,
{
Self {
http_proxy: first_non_empty(&HTTP_PROXY_KEYS, &mut lookup),
https_proxy: first_non_empty(&HTTPS_PROXY_KEYS, &mut lookup),
no_proxy: first_non_empty(&NO_PROXY_KEYS, &mut lookup),
proxy_url: None,
}
}
#[must_use]
pub fn is_empty(&self) -> bool {
self.proxy_url.is_none() && self.http_proxy.is_none() && self.https_proxy.is_none()
}
}
/// Build a `reqwest::Client` that honours the standard `HTTP_PROXY`,
/// `HTTPS_PROXY`, and `NO_PROXY` environment variables. When no proxy is
/// configured the client behaves identically to `reqwest::Client::new()`.
pub fn build_http_client() -> Result<reqwest::Client, ApiError> {
build_http_client_with(&ProxyConfig::from_env())
}
/// Infallible counterpart to [`build_http_client`] for constructors that
/// historically returned `Self` rather than `Result<Self, _>`. When the proxy
/// configuration is malformed we fall back to a default client so that
/// callers retain the previous behaviour and the failure surfaces on the
/// first outbound request instead of at construction time.
#[must_use]
pub fn build_http_client_or_default() -> reqwest::Client {
build_http_client().unwrap_or_else(|_| reqwest::Client::new())
}
/// Build a `reqwest::Client` from an explicit [`ProxyConfig`]. Used by tests
/// and by callers that want to override process-level environment lookups.
///
/// When `config.proxy_url` is set it overrides the per-scheme `http_proxy`
/// and `https_proxy` fields and is registered as both an HTTP and HTTPS
/// proxy so a single value can route every outbound request.
pub fn build_http_client_with(config: &ProxyConfig) -> Result<reqwest::Client, ApiError> {
let mut builder = reqwest::Client::builder().no_proxy();
let no_proxy = config
.no_proxy
.as_deref()
.and_then(reqwest::NoProxy::from_string);
let (http_proxy_url, https_url) = match config.proxy_url.as_deref() {
Some(unified) => (Some(unified), Some(unified)),
None => (config.http_proxy.as_deref(), config.https_proxy.as_deref()),
};
if let Some(url) = https_url {
let mut proxy = reqwest::Proxy::https(url)?;
if let Some(filter) = no_proxy.clone() {
proxy = proxy.no_proxy(Some(filter));
}
builder = builder.proxy(proxy);
}
if let Some(url) = http_proxy_url {
let mut proxy = reqwest::Proxy::http(url)?;
if let Some(filter) = no_proxy.clone() {
proxy = proxy.no_proxy(Some(filter));
}
builder = builder.proxy(proxy);
}
Ok(builder.build()?)
}
fn first_non_empty<F>(keys: &[&str], lookup: &mut F) -> Option<String>
where
F: FnMut(&str) -> Option<String>,
{
keys.iter()
.find_map(|key| lookup(key).filter(|value| !value.is_empty()))
}
#[cfg(test)]
mod tests {
use std::collections::HashMap;
use super::{build_http_client_with, ProxyConfig};
fn config_from_map(pairs: &[(&str, &str)]) -> ProxyConfig {
let map: HashMap<String, String> = pairs
.iter()
.map(|(key, value)| ((*key).to_string(), (*value).to_string()))
.collect();
ProxyConfig::from_lookup(|key| map.get(key).cloned())
}
#[test]
fn proxy_config_is_empty_when_no_env_vars_are_set() {
// given
let config = config_from_map(&[]);
// when
let empty = config.is_empty();
// then
assert!(empty);
assert_eq!(config, ProxyConfig::default());
}
#[test]
fn proxy_config_reads_uppercase_http_https_and_no_proxy() {
// given
let pairs = [
("HTTP_PROXY", "http://proxy.internal:3128"),
("HTTPS_PROXY", "http://secure.internal:3129"),
("NO_PROXY", "localhost,127.0.0.1,.corp"),
];
// when
let config = config_from_map(&pairs);
// then
assert_eq!(
config.http_proxy.as_deref(),
Some("http://proxy.internal:3128")
);
assert_eq!(
config.https_proxy.as_deref(),
Some("http://secure.internal:3129")
);
assert_eq!(
config.no_proxy.as_deref(),
Some("localhost,127.0.0.1,.corp")
);
assert!(!config.is_empty());
}
#[test]
fn proxy_config_falls_back_to_lowercase_keys() {
// given
let pairs = [
("http_proxy", "http://lower.internal:3128"),
("https_proxy", "http://lower-secure.internal:3129"),
("no_proxy", ".lower"),
];
// when
let config = config_from_map(&pairs);
// then
assert_eq!(
config.http_proxy.as_deref(),
Some("http://lower.internal:3128")
);
assert_eq!(
config.https_proxy.as_deref(),
Some("http://lower-secure.internal:3129")
);
assert_eq!(config.no_proxy.as_deref(), Some(".lower"));
}
#[test]
fn proxy_config_prefers_uppercase_over_lowercase_when_both_set() {
// given
let pairs = [
("HTTP_PROXY", "http://upper.internal:3128"),
("http_proxy", "http://lower.internal:3128"),
];
// when
let config = config_from_map(&pairs);
// then
assert_eq!(
config.http_proxy.as_deref(),
Some("http://upper.internal:3128")
);
}
#[test]
fn proxy_config_treats_empty_strings_as_unset() {
// given
let pairs = [("HTTP_PROXY", ""), ("http_proxy", "")];
// when
let config = config_from_map(&pairs);
// then
assert!(config.http_proxy.is_none());
}
#[test]
fn build_http_client_succeeds_when_no_proxy_is_configured() {
// given
let config = ProxyConfig::default();
// when
let result = build_http_client_with(&config);
// then
assert!(result.is_ok());
}
#[test]
fn build_http_client_succeeds_with_valid_http_and_https_proxies() {
// given
let config = ProxyConfig {
http_proxy: Some("http://proxy.internal:3128".to_string()),
https_proxy: Some("http://secure.internal:3129".to_string()),
no_proxy: Some("localhost,127.0.0.1".to_string()),
proxy_url: None,
};
// when
let result = build_http_client_with(&config);
// then
assert!(result.is_ok());
}
#[test]
fn build_http_client_returns_http_error_for_invalid_proxy_url() {
// given
let config = ProxyConfig {
http_proxy: None,
https_proxy: Some("not a url".to_string()),
no_proxy: None,
proxy_url: None,
};
// when
let result = build_http_client_with(&config);
// then
let error = result.expect_err("invalid proxy URL must be reported as a build failure");
assert!(
matches!(error, crate::error::ApiError::Http(_)),
"expected ApiError::Http for invalid proxy URL, got: {error:?}"
);
}
#[test]
fn from_proxy_url_sets_unified_field_and_leaves_per_scheme_empty() {
// given / when
let config = ProxyConfig::from_proxy_url("http://unified.internal:3128");
// then
assert_eq!(
config.proxy_url.as_deref(),
Some("http://unified.internal:3128")
);
assert!(config.http_proxy.is_none());
assert!(config.https_proxy.is_none());
assert!(!config.is_empty());
}
#[test]
fn build_http_client_succeeds_with_unified_proxy_url() {
// given
let config = ProxyConfig {
proxy_url: Some("http://unified.internal:3128".to_string()),
no_proxy: Some("localhost".to_string()),
..ProxyConfig::default()
};
// when
let result = build_http_client_with(&config);
// then
assert!(result.is_ok());
}
#[test]
fn proxy_url_takes_precedence_over_per_scheme_fields() {
// given both per-scheme and unified are set
let config = ProxyConfig {
http_proxy: Some("http://per-scheme.internal:1111".to_string()),
https_proxy: Some("http://per-scheme.internal:2222".to_string()),
no_proxy: None,
proxy_url: Some("http://unified.internal:3128".to_string()),
};
// when building succeeds (the unified URL is valid)
let result = build_http_client_with(&config);
// then
assert!(result.is_ok());
}
#[test]
fn build_http_client_returns_error_for_invalid_unified_proxy_url() {
// given
let config = ProxyConfig::from_proxy_url("not a url");
// when
let result = build_http_client_with(&config);
// then
assert!(
matches!(result, Err(crate::error::ApiError::Http(_))),
"invalid unified proxy URL should fail: {result:?}"
);
}
}

12
rust/crates/api/src/lib.rs
View File

@@ -1,5 +1,6 @@
mod client;
mod error;
mod http_client;
mod prompt_cache;
mod providers;
mod sse;
@@ -10,14 +11,21 @@ pub use client::{
resolve_startup_auth_source, MessageStream, OAuthTokenSet, ProviderClient,
};
pub use error::ApiError;
pub use http_client::{
build_http_client, build_http_client_or_default, build_http_client_with, ProxyConfig,
};
pub use prompt_cache::{
CacheBreakEvent, PromptCache, PromptCacheConfig, PromptCachePaths, PromptCacheRecord,
PromptCacheStats,
};
pub use providers::anthropic::{AnthropicClient, AnthropicClient as ApiClient, AuthSource};
pub use providers::openai_compat::{OpenAiCompatClient, OpenAiCompatConfig};
pub use providers::openai_compat::{
build_chat_completion_request, flatten_tool_result_content, is_reasoning_model,
model_rejects_is_error_field, translate_message, OpenAiCompatClient, OpenAiCompatConfig,
};
pub use providers::{
detect_provider_kind, max_tokens_for_model, resolve_model_alias, ProviderKind,
detect_provider_kind, max_tokens_for_model, max_tokens_for_model_with_override,
resolve_model_alias, ProviderKind,
};
pub use sse::{parse_frame, SseParser};
pub use types::{

1
rust/crates/api/src/prompt_cache.rs
View File

@@ -704,6 +704,7 @@ mod tests {
tools: None,
tool_choice: None,
stream: false,
..Default::default()
}
}

544
rust/crates/api/src/providers/anthropic.rs
View File

@@ -1,4 +1,5 @@
use std::collections::VecDeque;
use std::sync::atomic::{AtomicU64, Ordering};
use std::sync::{Arc, Mutex};
use std::time::{Duration, SystemTime, UNIX_EPOCH};
@@ -12,18 +13,21 @@ use serde_json::{Map, Value};
use telemetry::{AnalyticsEvent, AnthropicRequestProfile, ClientIdentity, SessionTracer};
use crate::error::ApiError;
use crate::http_client::build_http_client_or_default;
use crate::prompt_cache::{PromptCache, PromptCacheRecord, PromptCacheStats};
use super::{model_token_limit, resolve_model_alias, Provider, ProviderFuture};
use super::{
anthropic_missing_credentials, model_token_limit, resolve_model_alias, Provider, ProviderFuture,
};
use crate::sse::SseParser;
use crate::types::{MessageDeltaEvent, MessageRequest, MessageResponse, StreamEvent, Usage};
pub const DEFAULT_BASE_URL: &str = "https://api.anthropic.com";
const REQUEST_ID_HEADER: &str = "request-id";
const ALT_REQUEST_ID_HEADER: &str = "x-request-id";
const DEFAULT_INITIAL_BACKOFF: Duration = Duration::from_millis(200);
const DEFAULT_MAX_BACKOFF: Duration = Duration::from_secs(2);
const DEFAULT_MAX_RETRIES: u32 = 2;
const DEFAULT_INITIAL_BACKOFF: Duration = Duration::from_secs(1);
const DEFAULT_MAX_BACKOFF: Duration = Duration::from_secs(128);
const DEFAULT_MAX_RETRIES: u32 = 8;
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum AuthSource {
@@ -47,10 +51,7 @@ impl AuthSource {
}),
(Some(api_key), None) => Ok(Self::ApiKey(api_key)),
(None, Some(bearer_token)) => Ok(Self::BearerToken(bearer_token)),
(None, None) => Err(ApiError::missing_credentials(
"Anthropic",
&["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
)),
(None, None) => Err(anthropic_missing_credentials()),
}
}
@@ -127,7 +128,7 @@ impl AnthropicClient {
#[must_use]
pub fn new(api_key: impl Into<String>) -> Self {
Self {
http: reqwest::Client::new(),
http: build_http_client_or_default(),
auth: AuthSource::ApiKey(api_key.into()),
base_url: DEFAULT_BASE_URL.to_string(),
max_retries: DEFAULT_MAX_RETRIES,
@@ -143,7 +144,7 @@ impl AnthropicClient {
#[must_use]
pub fn from_auth(auth: AuthSource) -> Self {
Self {
http: reqwest::Client::new(),
http: build_http_client_or_default(),
auth,
base_url: DEFAULT_BASE_URL.to_string(),
max_retries: DEFAULT_MAX_RETRIES,
@@ -434,6 +435,7 @@ impl AnthropicClient {
last_error = Some(error);
}
Err(error) => {
let error = enrich_bearer_auth_error(error, &self.auth);
self.record_request_failure(attempts, &error);
return Err(error);
}
@@ -452,7 +454,7 @@ impl AnthropicClient {
break;
}
tokio::time::sleep(self.backoff_for_attempt(attempts)?).await;
tokio::time::sleep(self.jittered_backoff_for_attempt(attempts)?).await;
}
Err(ApiError::RetriesExhausted {
@@ -485,13 +487,23 @@ impl AnthropicClient {
}
async fn preflight_message_request(&self, request: &MessageRequest) -> Result<(), ApiError> {
// Always run the local byte-estimate guard first. This catches
// oversized requests even if the remote count_tokens endpoint is
// unreachable, misconfigured, or unimplemented (e.g., third-party
// Anthropic-compatible gateways). If byte estimation already flags
// the request as oversized, reject immediately without a network
// round trip.
super::preflight_message_request(request)?;
let Some(limit) = model_token_limit(&request.model) else {
return Ok(());
};
let counted_input_tokens = match self.count_tokens(request).await {
Ok(count) => count,
Err(_) => return Ok(()),
// Best-effort refinement using the Anthropic count_tokens endpoint.
// On any failure (network, parse, auth), fall back to the local
// byte-estimate result which already passed above.
let Ok(counted_input_tokens) = self.count_tokens(request).await else {
return Ok(());
};
let estimated_total_tokens = counted_input_tokens.saturating_add(request.max_tokens);
if estimated_total_tokens > limit.context_window_tokens {
@@ -513,7 +525,10 @@ impl AnthropicClient {
input_tokens: u32,
}
let request_url = format!("{}/v1/messages/count_tokens", self.base_url.trim_end_matches('/'));
let request_url = format!(
"{}/v1/messages/count_tokens",
self.base_url.trim_end_matches('/')
);
let mut request_body = self.request_profile.render_json_body(request)?;
strip_unsupported_beta_body_fields(&mut request_body);
let response = self
@@ -526,12 +541,7 @@ impl AnthropicClient {
let response = expect_success(response).await?;
let body = response.text().await.map_err(ApiError::from)?;
let parsed = serde_json::from_str::<CountTokensResponse>(&body).map_err(|error| {
ApiError::json_deserialize(
"Anthropic count_tokens",
&request.model,
&body,
error,
)
ApiError::json_deserialize("Anthropic count_tokens", &request.model, &body, error)
})?;
Ok(parsed.input_tokens)
}
@@ -568,6 +578,42 @@ impl AnthropicClient {
.checked_mul(multiplier)
.map_or(self.max_backoff, |delay| delay.min(self.max_backoff)))
}
fn jittered_backoff_for_attempt(&self, attempt: u32) -> Result<Duration, ApiError> {
let base = self.backoff_for_attempt(attempt)?;
Ok(base + jitter_for_base(base))
}
}
/// Process-wide counter that guarantees distinct jitter samples even when
/// the system clock resolution is coarser than consecutive retry sleeps.
static JITTER_COUNTER: AtomicU64 = AtomicU64::new(0);
/// Returns a random additive jitter in `[0, base]` to decorrelate retries
/// from multiple concurrent clients. Entropy is drawn from the nanosecond
/// wall clock mixed with a monotonic counter and run through a splitmix64
/// finalizer; adequate for retry jitter (no cryptographic requirement).
fn jitter_for_base(base: Duration) -> Duration {
let base_nanos = u64::try_from(base.as_nanos()).unwrap_or(u64::MAX);
if base_nanos == 0 {
return Duration::ZERO;
}
let raw_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.map(|elapsed| u64::try_from(elapsed.as_nanos()).unwrap_or(u64::MAX))
.unwrap_or(0);
let tick = JITTER_COUNTER.fetch_add(1, Ordering::Relaxed);
// splitmix64 finalizer — mixes the low bits so large bases still see
// jitter across their full range instead of being clamped to subsec nanos.
let mut mixed = raw_nanos
.wrapping_add(tick)
.wrapping_add(0x9E37_79B9_7F4A_7C15);
mixed = (mixed ^ (mixed >> 30)).wrapping_mul(0xBF58_476D_1CE4_E5B9);
mixed = (mixed ^ (mixed >> 27)).wrapping_mul(0x94D0_49BB_1331_11EB);
mixed ^= mixed >> 31;
// Inclusive upper bound: jitter may equal `base`, matching "up to base".
let jitter_nanos = mixed % base_nanos.saturating_add(1);
Duration::from_nanos(jitter_nanos)
}
impl AuthSource {
@@ -584,24 +630,7 @@ impl AuthSource {
if let Some(bearer_token) = read_env_non_empty("ANTHROPIC_AUTH_TOKEN")? {
return Ok(Self::BearerToken(bearer_token));
}
match load_saved_oauth_token() {
Ok(Some(token_set)) if oauth_token_is_expired(&token_set) => {
if token_set.refresh_token.is_some() {
Err(ApiError::Auth(
"saved OAuth token is expired; load runtime OAuth config to refresh it"
.to_string(),
))
} else {
Err(ApiError::ExpiredOAuthToken)
}
}
Ok(Some(token_set)) => Ok(Self::BearerToken(token_set.access_token)),
Ok(None) => Err(ApiError::missing_credentials(
"Anthropic",
&["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
)),
Err(error) => Err(error),
}
Err(anthropic_missing_credentials())
}
}
@@ -621,14 +650,14 @@ pub fn resolve_saved_oauth_token(config: &OAuthConfig) -> Result<Option<OAuthTok
pub fn has_auth_from_env_or_saved() -> Result<bool, ApiError> {
Ok(read_env_non_empty("ANTHROPIC_API_KEY")?.is_some()
|| read_env_non_empty("ANTHROPIC_AUTH_TOKEN")?.is_some()
|| load_saved_oauth_token()?.is_some())
|| read_env_non_empty("ANTHROPIC_AUTH_TOKEN")?.is_some())
}
pub fn resolve_startup_auth_source<F>(load_oauth_config: F) -> Result<AuthSource, ApiError>
where
F: FnOnce() -> Result<Option<OAuthConfig>, ApiError>,
{
let _ = load_oauth_config;
if let Some(api_key) = read_env_non_empty("ANTHROPIC_API_KEY")? {
return match read_env_non_empty("ANTHROPIC_AUTH_TOKEN")? {
Some(bearer_token) => Ok(AuthSource::ApiKeyAndBearer {
@@ -641,28 +670,7 @@ where
if let Some(bearer_token) = read_env_non_empty("ANTHROPIC_AUTH_TOKEN")? {
return Ok(AuthSource::BearerToken(bearer_token));
}
let Some(token_set) = load_saved_oauth_token()? else {
return Err(ApiError::missing_credentials(
"Anthropic",
&["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
));
};
if !oauth_token_is_expired(&token_set) {
return Ok(AuthSource::BearerToken(token_set.access_token));
}
if token_set.refresh_token.is_none() {
return Err(ApiError::ExpiredOAuthToken);
}
let Some(config) = load_oauth_config()? else {
return Err(ApiError::Auth(
"saved OAuth token is expired; runtime OAuth config is missing".to_string(),
));
};
Ok(AuthSource::from(resolve_saved_oauth_token_set(
&config, token_set,
)?))
Err(anthropic_missing_credentials())
}
fn resolve_saved_oauth_token_set(
@@ -743,10 +751,7 @@ fn read_api_key() -> Result<String, ApiError> {
auth.api_key()
.or_else(|| auth.bearer_token())
.map(ToOwned::to_owned)
.ok_or(ApiError::missing_credentials(
"Anthropic",
&["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"],
))
.ok_or_else(anthropic_missing_credentials)
}
#[cfg(test)]
@@ -880,6 +885,7 @@ async fn expect_success(response: reqwest::Response) -> Result<reqwest::Response
request_id,
body,
retryable,
suggested_action: None,
})
}
@@ -887,6 +893,91 @@ const fn is_retryable_status(status: reqwest::StatusCode) -> bool {
matches!(status.as_u16(), 408 | 409 | 429 | 500 | 502 | 503 | 504)
}
/// Anthropic API keys (`sk-ant-*`) are accepted over the `x-api-key` header
/// and rejected with HTTP 401 "Invalid bearer token" when sent as a Bearer
/// token via `ANTHROPIC_AUTH_TOKEN`. This happens often enough in the wild
/// (users copy-paste an `sk-ant-...` key into `ANTHROPIC_AUTH_TOKEN` because
/// the env var name sounds auth-related) that a bare 401 error is useless.
/// When we detect this exact shape, append a hint to the error message that
/// points the user at the one-line fix.
const SK_ANT_BEARER_HINT: &str = "sk-ant-* keys go in ANTHROPIC_API_KEY (x-api-key header), not ANTHROPIC_AUTH_TOKEN (Bearer header). Move your key to ANTHROPIC_API_KEY.";
fn enrich_bearer_auth_error(error: ApiError, auth: &AuthSource) -> ApiError {
let ApiError::Api {
status,
error_type,
message,
request_id,
body,
retryable,
suggested_action,
} = error
else {
return error;
};
if status.as_u16() != 401 {
return ApiError::Api {
status,
error_type,
message,
request_id,
body,
retryable,
suggested_action,
};
}
let Some(bearer_token) = auth.bearer_token() else {
return ApiError::Api {
status,
error_type,
message,
request_id,
body,
retryable,
suggested_action,
};
};
if !bearer_token.starts_with("sk-ant-") {
return ApiError::Api {
status,
error_type,
message,
request_id,
body,
retryable,
suggested_action,
};
}
// Only append the hint when the AuthSource is pure BearerToken. If both
// api_key and bearer_token are present (`ApiKeyAndBearer`), the x-api-key
// header is already being sent alongside the Bearer header and the 401
// is coming from a different cause — adding the hint would be misleading.
if auth.api_key().is_some() {
return ApiError::Api {
status,
error_type,
message,
request_id,
body,
retryable,
suggested_action,
};
}
let enriched_message = match message {
Some(existing) => Some(format!("{existing} — hint: {SK_ANT_BEARER_HINT}")),
None => Some(format!("hint: {SK_ANT_BEARER_HINT}")),
};
ApiError::Api {
status,
error_type,
message: enriched_message,
request_id,
body,
retryable,
suggested_action,
}
}
/// Remove beta-only body fields that the standard `/v1/messages` and
/// `/v1/messages/count_tokens` endpoints reject as `Extra inputs are not
/// permitted`. The `betas` opt-in is communicated via the `anthropic-beta`
@@ -894,6 +985,15 @@ const fn is_retryable_status(status: reqwest::StatusCode) -> bool {
fn strip_unsupported_beta_body_fields(body: &mut Value) {
if let Some(object) = body.as_object_mut() {
object.remove("betas");
// These fields are OpenAI-compatible only; Anthropic rejects them.
object.remove("frequency_penalty");
object.remove("presence_penalty");
// Anthropic uses "stop_sequences" not "stop". Convert if present.
if let Some(stop_val) = object.remove("stop") {
if stop_val.as_array().is_some_and(|a| !a.is_empty()) {
object.insert("stop_sequences".to_string(), stop_val);
}
}
}
}
@@ -1054,7 +1154,7 @@ mod tests {
}
#[test]
fn auth_source_from_saved_oauth_when_env_absent() {
fn auth_source_from_env_or_saved_ignores_saved_oauth_when_env_absent() {
let _guard = env_lock();
let config_home = temp_config_home();
std::env::set_var("CLAW_CONFIG_HOME", &config_home);
@@ -1068,8 +1168,8 @@ mod tests {
})
.expect("save oauth credentials");
let auth = AuthSource::from_env_or_saved().expect("saved auth");
assert_eq!(auth.bearer_token(), Some("saved-access-token"));
let error = AuthSource::from_env_or_saved().expect_err("saved oauth should be ignored");
assert!(error.to_string().contains("ANTHROPIC_API_KEY"));
clear_oauth_credentials().expect("clear credentials");
std::env::remove_var("CLAW_CONFIG_HOME");
@@ -1125,7 +1225,7 @@ mod tests {
}
#[test]
fn resolve_startup_auth_source_uses_saved_oauth_without_loading_config() {
fn resolve_startup_auth_source_ignores_saved_oauth_without_loading_config() {
let _guard = env_lock();
let config_home = temp_config_home();
std::env::set_var("CLAW_CONFIG_HOME", &config_home);
@@ -1139,41 +1239,9 @@ mod tests {
})
.expect("save oauth credentials");
let auth = resolve_startup_auth_source(|| panic!("config should not be loaded"))
.expect("startup auth");
assert_eq!(auth.bearer_token(), Some("saved-access-token"));
clear_oauth_credentials().expect("clear credentials");
std::env::remove_var("CLAW_CONFIG_HOME");
cleanup_temp_config_home(&config_home);
}
#[test]
fn resolve_startup_auth_source_errors_when_refreshable_token_lacks_config() {
let _guard = env_lock();
let config_home = temp_config_home();
std::env::set_var("CLAW_CONFIG_HOME", &config_home);
std::env::remove_var("ANTHROPIC_AUTH_TOKEN");
std::env::remove_var("ANTHROPIC_API_KEY");
save_oauth_credentials(&runtime::OAuthTokenSet {
access_token: "expired-access-token".to_string(),
refresh_token: Some("refresh-token".to_string()),
expires_at: Some(1),
scopes: vec!["scope:a".to_string()],
})
.expect("save expired oauth credentials");
let error =
resolve_startup_auth_source(|| Ok(None)).expect_err("missing config should error");
assert!(
matches!(error, crate::error::ApiError::Auth(message) if message.contains("runtime OAuth config is missing"))
);
let stored = runtime::load_oauth_credentials()
.expect("load stored credentials")
.expect("stored token set");
assert_eq!(stored.access_token, "expired-access-token");
assert_eq!(stored.refresh_token.as_deref(), Some("refresh-token"));
let error = resolve_startup_auth_source(|| panic!("config should not be loaded"))
.expect_err("saved oauth should be ignored");
assert!(error.to_string().contains("ANTHROPIC_API_KEY"));
clear_oauth_credentials().expect("clear credentials");
std::env::remove_var("CLAW_CONFIG_HOME");
@@ -1223,6 +1291,7 @@ mod tests {
tools: None,
tool_choice: None,
stream: false,
..Default::default()
};
assert!(request.with_streaming().stream);
@@ -1249,6 +1318,58 @@ mod tests {
);
}
#[test]
fn jittered_backoff_stays_within_additive_bounds_and_varies() {
let client = AnthropicClient::new("test-key").with_retry_policy(
8,
Duration::from_secs(1),
Duration::from_secs(128),
);
let mut samples = Vec::with_capacity(64);
for _ in 0..64 {
let base = client.backoff_for_attempt(3).expect("base attempt 3");
let jittered = client
.jittered_backoff_for_attempt(3)
.expect("jittered attempt 3");
assert!(
jittered >= base,
"jittered delay {jittered:?} must be at least the base {base:?}"
);
assert!(
jittered <= base * 2,
"jittered delay {jittered:?} must not exceed base*2 {:?}",
base * 2
);
samples.push(jittered);
}
let distinct: std::collections::HashSet<_> = samples.iter().collect();
assert!(
distinct.len() > 1,
"jitter should produce varied delays across samples, got {samples:?}"
);
}
#[test]
fn default_retry_policy_matches_exponential_schedule() {
let client = AnthropicClient::new("test-key");
assert_eq!(
client.backoff_for_attempt(1).expect("attempt 1"),
Duration::from_secs(1)
);
assert_eq!(
client.backoff_for_attempt(2).expect("attempt 2"),
Duration::from_secs(2)
);
assert_eq!(
client.backoff_for_attempt(3).expect("attempt 3"),
Duration::from_secs(4)
);
assert_eq!(
client.backoff_for_attempt(8).expect("attempt 8"),
Duration::from_secs(128)
);
}
#[test]
fn retryable_statuses_are_detected() {
assert!(super::is_retryable_status(
@@ -1350,6 +1471,52 @@ mod tests {
assert_eq!(body, original);
}
#[test]
fn strip_removes_openai_only_fields_and_converts_stop() {
let mut body = serde_json::json!({
"model": "claude-sonnet-4-6",
"max_tokens": 1024,
"temperature": 0.7,
"frequency_penalty": 0.5,
"presence_penalty": 0.3,
"stop": ["\n"],
});
super::strip_unsupported_beta_body_fields(&mut body);
// temperature is kept (Anthropic supports it)
assert_eq!(body["temperature"], serde_json::json!(0.7));
// frequency_penalty and presence_penalty are removed
assert!(
body.get("frequency_penalty").is_none(),
"frequency_penalty must be stripped for Anthropic"
);
assert!(
body.get("presence_penalty").is_none(),
"presence_penalty must be stripped for Anthropic"
);
// stop is renamed to stop_sequences
assert!(body.get("stop").is_none(), "stop must be renamed");
assert_eq!(body["stop_sequences"], serde_json::json!(["\n"]));
}
#[test]
fn strip_does_not_add_empty_stop_sequences() {
let mut body = serde_json::json!({
"model": "claude-sonnet-4-6",
"max_tokens": 1024,
"stop": [],
});
super::strip_unsupported_beta_body_fields(&mut body);
assert!(body.get("stop").is_none());
assert!(
body.get("stop_sequences").is_none(),
"empty stop should not produce stop_sequences"
);
}
#[test]
fn rendered_request_body_strips_betas_for_standard_messages_endpoint() {
let client = AnthropicClient::new("test-key").with_beta("tools-2026-04-01");
@@ -1361,6 +1528,7 @@ mod tests {
tools: None,
tool_choice: None,
stream: false,
..Default::default()
};
let mut rendered = client
@@ -1382,4 +1550,168 @@ mod tests {
Some("claude-sonnet-4-6")
);
}
#[test]
fn enrich_bearer_auth_error_appends_sk_ant_hint_on_401_with_pure_bearer_token() {
// given
let auth = AuthSource::BearerToken("sk-ant-api03-deadbeef".to_string());
let error = crate::error::ApiError::Api {
status: reqwest::StatusCode::UNAUTHORIZED,
error_type: Some("authentication_error".to_string()),
message: Some("Invalid bearer token".to_string()),
request_id: Some("req_varleg_001".to_string()),
body: String::new(),
retryable: false,
suggested_action: None,
};
// when
let enriched = super::enrich_bearer_auth_error(error, &auth);
// then
let rendered = enriched.to_string();
assert!(
rendered.contains("Invalid bearer token"),
"existing provider message should be preserved: {rendered}"
);
assert!(
rendered.contains(
"sk-ant-* keys go in ANTHROPIC_API_KEY (x-api-key header), not ANTHROPIC_AUTH_TOKEN (Bearer header). Move your key to ANTHROPIC_API_KEY."
),
"rendered error should include the sk-ant-* hint: {rendered}"
);
assert!(
rendered.contains("[trace req_varleg_001]"),
"request id should still flow through the enriched error: {rendered}"
);
match enriched {
crate::error::ApiError::Api { status, .. } => {
assert_eq!(status, reqwest::StatusCode::UNAUTHORIZED);
}
other => panic!("expected Api variant, got {other:?}"),
}
}
#[test]
fn enrich_bearer_auth_error_leaves_non_401_errors_unchanged() {
// given
let auth = AuthSource::BearerToken("sk-ant-api03-deadbeef".to_string());
let error = crate::error::ApiError::Api {
status: reqwest::StatusCode::INTERNAL_SERVER_ERROR,
error_type: Some("api_error".to_string()),
message: Some("internal server error".to_string()),
request_id: None,
body: String::new(),
retryable: true,
suggested_action: None,
};
// when
let enriched = super::enrich_bearer_auth_error(error, &auth);
// then
let rendered = enriched.to_string();
assert!(
!rendered.contains("sk-ant-*"),
"non-401 errors must not be annotated with the bearer hint: {rendered}"
);
assert!(
rendered.contains("internal server error"),
"original message must be preserved verbatim: {rendered}"
);
}
#[test]
fn enrich_bearer_auth_error_ignores_401_when_bearer_token_is_not_sk_ant() {
// given
let auth = AuthSource::BearerToken("oauth-access-token-opaque".to_string());
let error = crate::error::ApiError::Api {
status: reqwest::StatusCode::UNAUTHORIZED,
error_type: Some("authentication_error".to_string()),
message: Some("Invalid bearer token".to_string()),
request_id: None,
body: String::new(),
retryable: false,
suggested_action: None,
};
// when
let enriched = super::enrich_bearer_auth_error(error, &auth);
// then
let rendered = enriched.to_string();
assert!(
!rendered.contains("sk-ant-*"),
"oauth-style bearer tokens must not trigger the sk-ant-* hint: {rendered}"
);
}
#[test]
fn enrich_bearer_auth_error_skips_hint_when_api_key_header_is_also_present() {
// given
let auth = AuthSource::ApiKeyAndBearer {
api_key: "sk-ant-api03-legitimate".to_string(),
bearer_token: "sk-ant-api03-deadbeef".to_string(),
};
let error = crate::error::ApiError::Api {
status: reqwest::StatusCode::UNAUTHORIZED,
error_type: Some("authentication_error".to_string()),
message: Some("Invalid bearer token".to_string()),
request_id: None,
body: String::new(),
retryable: false,
suggested_action: None,
};
// when
let enriched = super::enrich_bearer_auth_error(error, &auth);
// then
let rendered = enriched.to_string();
assert!(
!rendered.contains("sk-ant-*"),
"hint should be suppressed when x-api-key header is already being sent: {rendered}"
);
}
#[test]
fn enrich_bearer_auth_error_ignores_401_when_auth_source_has_no_bearer() {
// given
let auth = AuthSource::ApiKey("sk-ant-api03-legitimate".to_string());
let error = crate::error::ApiError::Api {
status: reqwest::StatusCode::UNAUTHORIZED,
error_type: Some("authentication_error".to_string()),
message: Some("Invalid x-api-key".to_string()),
request_id: None,
body: String::new(),
retryable: false,
suggested_action: None,
};
// when
let enriched = super::enrich_bearer_auth_error(error, &auth);
// then
let rendered = enriched.to_string();
assert!(
!rendered.contains("sk-ant-*"),
"bearer hint must not apply when AuthSource is ApiKey-only: {rendered}"
);
}
#[test]
fn enrich_bearer_auth_error_passes_non_api_errors_through_unchanged() {
// given
let auth = AuthSource::BearerToken("sk-ant-api03-deadbeef".to_string());
let error = crate::error::ApiError::InvalidSseFrame("unterminated event");
// when
let enriched = super::enrich_bearer_auth_error(error, &auth);
// then
assert!(matches!(
enriched,
crate::error::ApiError::InvalidSseFrame(_)
));
}
}

636
rust/crates/api/src/providers/mod.rs
View File

@@ -122,6 +122,15 @@ const MODEL_REGISTRY: &[(&str, ProviderMetadata)] = &[
default_base_url: openai_compat::DEFAULT_XAI_BASE_URL,
},
),
(
"kimi",
ProviderMetadata {
provider: ProviderKind::OpenAi,
auth_env: "DASHSCOPE_API_KEY",
base_url_env: "DASHSCOPE_BASE_URL",
default_base_url: openai_compat::DEFAULT_DASHSCOPE_BASE_URL,
},
),
];
#[must_use]
@@ -144,7 +153,10 @@ pub fn resolve_model_alias(model: &str) -> String {
"grok-2" => "grok-2",
_ => trimmed,
},
ProviderKind::OpenAi => trimmed,
ProviderKind::OpenAi => match *alias {
"kimi" => "kimi-k2.5",
_ => trimmed,
},
})
})
.map_or_else(|| trimmed.to_string(), ToOwned::to_owned)
@@ -169,6 +181,41 @@ pub fn metadata_for_model(model: &str) -> Option<ProviderMetadata> {
default_base_url: openai_compat::DEFAULT_XAI_BASE_URL,
});
}
// Explicit provider-namespaced models (e.g. "openai/gpt-4.1-mini") must
// route to the correct provider regardless of which auth env vars are set.
// Without this, detect_provider_kind falls through to the auth-sniffer
// order and misroutes to Anthropic if ANTHROPIC_API_KEY is present.
if canonical.starts_with("openai/") || canonical.starts_with("gpt-") {
return Some(ProviderMetadata {
provider: ProviderKind::OpenAi,
auth_env: "OPENAI_API_KEY",
base_url_env: "OPENAI_BASE_URL",
default_base_url: openai_compat::DEFAULT_OPENAI_BASE_URL,
});
}
// Alibaba DashScope compatible-mode endpoint. Routes qwen/* and bare
// qwen-* model names (qwen-max, qwen-plus, qwen-turbo, qwen-qwq, etc.)
// to the OpenAI-compat client pointed at DashScope's /compatible-mode/v1.
// Uses the OpenAi provider kind because DashScope speaks the OpenAI REST
// shape — only the base URL and auth env var differ.
if canonical.starts_with("qwen/") || canonical.starts_with("qwen-") {
return Some(ProviderMetadata {
provider: ProviderKind::OpenAi,
auth_env: "DASHSCOPE_API_KEY",
base_url_env: "DASHSCOPE_BASE_URL",
default_base_url: openai_compat::DEFAULT_DASHSCOPE_BASE_URL,
});
}
// Kimi models (kimi-k2.5, kimi-k1.5, etc.) via DashScope compatible-mode.
// Routes kimi/* and kimi-* model names to DashScope endpoint.
if canonical.starts_with("kimi/") || canonical.starts_with("kimi-") {
return Some(ProviderMetadata {
provider: ProviderKind::OpenAi,
auth_env: "DASHSCOPE_API_KEY",
base_url_env: "DASHSCOPE_BASE_URL",
default_base_url: openai_compat::DEFAULT_DASHSCOPE_BASE_URL,
});
}
None
}
@@ -177,6 +224,15 @@ pub fn detect_provider_kind(model: &str) -> ProviderKind {
if let Some(metadata) = metadata_for_model(model) {
return metadata.provider;
}
// When OPENAI_BASE_URL is set, the user explicitly configured an
// OpenAI-compatible endpoint. Prefer it over the Anthropic fallback
// even when the model name has no recognized prefix — this is the
// common case for local providers (Ollama, LM Studio, vLLM, etc.)
// where model names like "qwen2.5-coder:7b" don't match any prefix.
if std::env::var_os("OPENAI_BASE_URL").is_some() && openai_compat::has_api_key("OPENAI_API_KEY")
{
return ProviderKind::OpenAi;
}
if anthropic::has_auth_from_env_or_saved().unwrap_or(false) {
return ProviderKind::Anthropic;
}
@@ -186,6 +242,11 @@ pub fn detect_provider_kind(model: &str) -> ProviderKind {
if openai_compat::has_api_key("XAI_API_KEY") {
return ProviderKind::Xai;
}
// Last resort: if OPENAI_BASE_URL is set without OPENAI_API_KEY (some
// local providers like Ollama don't require auth), still route there.
if std::env::var_os("OPENAI_BASE_URL").is_some() {
return ProviderKind::OpenAi;
}
ProviderKind::Anthropic
}
@@ -204,6 +265,14 @@ pub fn max_tokens_for_model(model: &str) -> u32 {
)
}
/// Returns the effective max output tokens for a model, preferring a plugin
/// override when present. Falls back to [`max_tokens_for_model`] when the
/// override is `None`.
#[must_use]
pub fn max_tokens_for_model_with_override(model: &str, plugin_override: Option<u32>) -> u32 {
plugin_override.unwrap_or_else(|| max_tokens_for_model(model))
}
#[must_use]
pub fn model_token_limit(model: &str) -> Option<ModelTokenLimit> {
let canonical = resolve_model_alias(model);
@@ -220,6 +289,12 @@ pub fn model_token_limit(model: &str) -> Option<ModelTokenLimit> {
max_output_tokens: 64_000,
context_window_tokens: 131_072,
}),
// Kimi models via DashScope (Moonshot AI)
// Source: https://platform.moonshot.cn/docs/intro
"kimi-k2.5" | "kimi-k1.5" => Some(ModelTokenLimit {
max_output_tokens: 16_384,
context_window_tokens: 256_000,
}),
_ => None,
}
}
@@ -258,6 +333,73 @@ fn estimate_serialized_tokens<T: Serialize>(value: &T) -> u32 {
.map_or(0, |bytes| (bytes.len() / 4 + 1) as u32)
}
/// Env var names used by other provider backends. When Anthropic auth
/// resolution fails we sniff these so we can hint the user that their
/// credentials probably belong to a different provider and suggest the
/// model-prefix routing fix that would select it.
const FOREIGN_PROVIDER_ENV_VARS: &[(&str, &str, &str)] = &[
(
"OPENAI_API_KEY",
"OpenAI-compat",
"prefix your model name with `openai/` (e.g. `--model openai/gpt-4.1-mini`) so prefix routing selects the OpenAI-compatible provider, and set `OPENAI_BASE_URL` if you are pointing at OpenRouter/Ollama/a local server",
),
(
"XAI_API_KEY",
"xAI",
"use an xAI model alias (e.g. `--model grok` or `--model grok-mini`) so the prefix router selects the xAI backend",
),
(
"DASHSCOPE_API_KEY",
"Alibaba DashScope",
"prefix your model name with `qwen/` or `qwen-` (e.g. `--model qwen-plus`) so prefix routing selects the DashScope backend",
),
];
/// Check whether an env var is set to a non-empty value either in the real
/// process environment or in the working-directory `.env` file. Mirrors the
/// credential discovery path used by `read_env_non_empty` so the hint text
/// stays truthful when users rely on `.env` instead of a real export.
fn env_or_dotenv_present(key: &str) -> bool {
match std::env::var(key) {
Ok(value) if !value.is_empty() => true,
Ok(_) | Err(std::env::VarError::NotPresent) => {
dotenv_value(key).is_some_and(|value| !value.is_empty())
}
Err(_) => false,
}
}
/// Produce a hint string describing the first foreign provider credential
/// that is present in the environment when Anthropic auth resolution has
/// just failed. Returns `None` when no foreign credential is set, in which
/// case the caller should fall back to the plain `missing_credentials`
/// error without a hint.
pub(crate) fn anthropic_missing_credentials_hint() -> Option<String> {
for (env_var, provider_label, fix_hint) in FOREIGN_PROVIDER_ENV_VARS {
if env_or_dotenv_present(env_var) {
return Some(format!(
"I see {env_var} is set — if you meant to use the {provider_label} provider, {fix_hint}."
));
}
}
None
}
/// Build an Anthropic-specific `MissingCredentials` error, attaching a
/// hint suggesting the probable fix whenever a different provider's
/// credentials are already present in the environment. Anthropic call
/// sites should prefer this helper over `ApiError::missing_credentials`
/// so users who mistyped a model name or forgot the prefix get a useful
/// signal instead of a generic "missing Anthropic credentials" wall.
pub(crate) fn anthropic_missing_credentials() -> ApiError {
const PROVIDER: &str = "Anthropic";
const ENV_VARS: &[&str] = &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"];
match anthropic_missing_credentials_hint() {
Some(hint) => ApiError::missing_credentials_with_hint(PROVIDER, ENV_VARS, hint),
None => ApiError::missing_credentials(PROVIDER, ENV_VARS),
}
}
/// Parse a `.env` file body into key/value pairs using a minimal `KEY=VALUE`
/// grammar. Lines that are blank, start with `#`, or do not contain `=` are
/// ignored. Surrounding double or single quotes are stripped from the value.
@@ -315,6 +457,9 @@ pub(crate) fn dotenv_value(key: &str) -> Option<String> {
#[cfg(test)]
mod tests {
use std::ffi::OsString;
use std::sync::{Mutex, OnceLock};
use serde_json::json;
use crate::error::ApiError;
@@ -323,10 +468,52 @@ mod tests {
};
use super::{
detect_provider_kind, load_dotenv_file, max_tokens_for_model, model_token_limit,
parse_dotenv, preflight_message_request, resolve_model_alias, ProviderKind,
anthropic_missing_credentials, anthropic_missing_credentials_hint, detect_provider_kind,
load_dotenv_file, max_tokens_for_model, max_tokens_for_model_with_override,
model_token_limit, parse_dotenv, preflight_message_request, resolve_model_alias,
ProviderKind,
};
/// Serializes every test in this module that mutates process-wide
/// environment variables so concurrent test threads cannot observe
/// each other's partially-applied state while probing the foreign
/// provider credential sniffer.
fn env_lock() -> std::sync::MutexGuard<'static, ()> {
static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
LOCK.get_or_init(|| Mutex::new(()))
.lock()
.unwrap_or_else(std::sync::PoisonError::into_inner)
}
/// Snapshot-restore guard for a single environment variable. Captures
/// the original value on construction, applies the requested override
/// (set or remove), and restores the original on drop so tests leave
/// the process env untouched even when they panic mid-assertion.
struct EnvVarGuard {
key: &'static str,
original: Option<OsString>,
}
impl EnvVarGuard {
fn set(key: &'static str, value: Option<&str>) -> Self {
let original = std::env::var_os(key);
match value {
Some(value) => std::env::set_var(key, value),
None => std::env::remove_var(key),
}
Self { key, original }
}
}
impl Drop for EnvVarGuard {
fn drop(&mut self) {
match self.original.take() {
Some(value) => std::env::set_var(self.key, value),
None => std::env::remove_var(self.key),
}
}
}
#[test]
fn resolves_grok_aliases() {
assert_eq!(resolve_model_alias("grok"), "grok-3");
@@ -343,12 +530,142 @@ mod tests {
);
}
#[test]
fn openai_namespaced_model_routes_to_openai_not_anthropic() {
// Regression: "openai/gpt-4.1-mini" was misrouted to Anthropic when
// ANTHROPIC_API_KEY was set because metadata_for_model returned None
// and detect_provider_kind fell through to auth-sniffer order.
// The model prefix must win over env-var presence.
let kind = super::metadata_for_model("openai/gpt-4.1-mini").map_or_else(
|| detect_provider_kind("openai/gpt-4.1-mini"),
|m| m.provider,
);
assert_eq!(
kind,
ProviderKind::OpenAi,
"openai/ prefix must route to OpenAi regardless of ANTHROPIC_API_KEY"
);
// Also cover bare gpt- prefix
let kind2 = super::metadata_for_model("gpt-4o")
.map_or_else(|| detect_provider_kind("gpt-4o"), |m| m.provider);
assert_eq!(kind2, ProviderKind::OpenAi);
}
#[test]
fn qwen_prefix_routes_to_dashscope_not_anthropic() {
// User request from Discord #clawcode-get-help: web3g wants to use
// Qwen 3.6 Plus via native Alibaba DashScope API (not OpenRouter,
// which has lower rate limits). metadata_for_model must route
// qwen/* and bare qwen-* to the OpenAi provider kind pointed at
// the DashScope compatible-mode endpoint, regardless of whether
// ANTHROPIC_API_KEY is present in the environment.
let meta = super::metadata_for_model("qwen/qwen-max")
.expect("qwen/ prefix must resolve to DashScope metadata");
assert_eq!(meta.provider, ProviderKind::OpenAi);
assert_eq!(meta.auth_env, "DASHSCOPE_API_KEY");
assert_eq!(meta.base_url_env, "DASHSCOPE_BASE_URL");
assert!(meta.default_base_url.contains("dashscope.aliyuncs.com"));
// Bare qwen- prefix also routes
let meta2 = super::metadata_for_model("qwen-plus")
.expect("qwen- prefix must resolve to DashScope metadata");
assert_eq!(meta2.provider, ProviderKind::OpenAi);
assert_eq!(meta2.auth_env, "DASHSCOPE_API_KEY");
// detect_provider_kind must agree even if ANTHROPIC_API_KEY is set
let kind = detect_provider_kind("qwen/qwen3-coder");
assert_eq!(
kind,
ProviderKind::OpenAi,
"qwen/ prefix must win over auth-sniffer order"
);
}
#[test]
fn kimi_prefix_routes_to_dashscope() {
// Kimi models via DashScope (kimi-k2.5, kimi-k1.5, etc.)
let meta = super::metadata_for_model("kimi-k2.5")
.expect("kimi-k2.5 must resolve to DashScope metadata");
assert_eq!(meta.auth_env, "DASHSCOPE_API_KEY");
assert_eq!(meta.base_url_env, "DASHSCOPE_BASE_URL");
assert!(meta.default_base_url.contains("dashscope.aliyuncs.com"));
assert_eq!(meta.provider, ProviderKind::OpenAi);
// With provider prefix
let meta2 = super::metadata_for_model("kimi/kimi-k2.5")
.expect("kimi/kimi-k2.5 must resolve to DashScope metadata");
assert_eq!(meta2.auth_env, "DASHSCOPE_API_KEY");
assert_eq!(meta2.provider, ProviderKind::OpenAi);
// Different kimi variants
let meta3 = super::metadata_for_model("kimi-k1.5")
.expect("kimi-k1.5 must resolve to DashScope metadata");
assert_eq!(meta3.auth_env, "DASHSCOPE_API_KEY");
}
#[test]
fn kimi_alias_resolves_to_kimi_k2_5() {
assert_eq!(super::resolve_model_alias("kimi"), "kimi-k2.5");
assert_eq!(super::resolve_model_alias("KIMI"), "kimi-k2.5"); // case insensitive
}
#[test]
fn keeps_existing_max_token_heuristic() {
assert_eq!(max_tokens_for_model("opus"), 32_000);
assert_eq!(max_tokens_for_model("grok-3"), 64_000);
}
#[test]
fn plugin_config_max_output_tokens_overrides_model_default() {
// given
let nanos = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.expect("time should be after epoch")
.as_nanos();
let root = std::env::temp_dir().join(format!("api-plugin-max-tokens-{nanos}"));
let cwd = root.join("project");
let home = root.join("home").join(".claw");
std::fs::create_dir_all(cwd.join(".claw")).expect("project config dir");
std::fs::create_dir_all(&home).expect("home config dir");
std::fs::write(
home.join("settings.json"),
r#"{
"plugins": {
"maxOutputTokens": 12345
}
}"#,
)
.expect("write plugin settings");
// when
let loaded = runtime::ConfigLoader::new(&cwd, &home)
.load()
.expect("config should load");
let plugin_override = loaded.plugins().max_output_tokens();
let effective = max_tokens_for_model_with_override("claude-opus-4-6", plugin_override);
// then
assert_eq!(plugin_override, Some(12345));
assert_eq!(effective, 12345);
assert_ne!(effective, max_tokens_for_model("claude-opus-4-6"));
std::fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn max_tokens_for_model_with_override_falls_back_when_plugin_unset() {
// given
let plugin_override: Option<u32> = None;
// when
let effective = max_tokens_for_model_with_override("claude-opus-4-6", plugin_override);
// then
assert_eq!(effective, max_tokens_for_model("claude-opus-4-6"));
assert_eq!(effective, 32_000);
}
#[test]
fn returns_context_window_metadata_for_supported_models() {
assert_eq!(
@@ -387,6 +704,7 @@ mod tests {
}]),
tool_choice: Some(ToolChoice::Auto),
stream: true,
..Default::default()
};
let error = preflight_message_request(&request)
@@ -425,12 +743,76 @@ mod tests {
tools: None,
tool_choice: None,
stream: false,
..Default::default()
};
preflight_message_request(&request)
.expect("models without context metadata should skip the guarded preflight");
}
#[test]
fn returns_context_window_metadata_for_kimi_models() {
// kimi-k2.5
let k25_limit = model_token_limit("kimi-k2.5")
.expect("kimi-k2.5 should have token limit metadata");
assert_eq!(k25_limit.max_output_tokens, 16_384);
assert_eq!(k25_limit.context_window_tokens, 256_000);
// kimi-k1.5
let k15_limit = model_token_limit("kimi-k1.5")
.expect("kimi-k1.5 should have token limit metadata");
assert_eq!(k15_limit.max_output_tokens, 16_384);
assert_eq!(k15_limit.context_window_tokens, 256_000);
}
#[test]
fn kimi_alias_resolves_to_kimi_k25_token_limits() {
// The "kimi" alias resolves to "kimi-k2.5" via resolve_model_alias()
let alias_limit = model_token_limit("kimi")
.expect("kimi alias should resolve to kimi-k2.5 limits");
let direct_limit = model_token_limit("kimi-k2.5")
.expect("kimi-k2.5 should have limits");
assert_eq!(alias_limit.max_output_tokens, direct_limit.max_output_tokens);
assert_eq!(
alias_limit.context_window_tokens,
direct_limit.context_window_tokens
);
}
#[test]
fn preflight_blocks_oversized_requests_for_kimi_models() {
let request = MessageRequest {
model: "kimi-k2.5".to_string(),
max_tokens: 16_384,
messages: vec![InputMessage {
role: "user".to_string(),
content: vec![InputContentBlock::Text {
text: "x".repeat(1_000_000), // Large input to exceed context window
}],
}],
system: Some("Keep the answer short.".to_string()),
tools: None,
tool_choice: None,
stream: true,
..Default::default()
};
let error = preflight_message_request(&request)
.expect_err("oversized request should be rejected for kimi models");
match error {
ApiError::ContextWindowExceeded {
model,
context_window_tokens,
..
} => {
assert_eq!(model, "kimi-k2.5");
assert_eq!(context_window_tokens, 256_000);
}
other => panic!("expected context-window preflight failure, got {other:?}"),
}
}
#[test]
fn parse_dotenv_extracts_keys_handles_comments_quotes_and_export_prefix() {
// given
@@ -511,4 +893,252 @@ NO_EQUALS_LINE
let _ = std::fs::remove_dir_all(&temp_root);
}
#[test]
fn anthropic_missing_credentials_hint_is_none_when_no_foreign_creds_present() {
// given
let _lock = env_lock();
let _openai = EnvVarGuard::set("OPENAI_API_KEY", None);
let _xai = EnvVarGuard::set("XAI_API_KEY", None);
let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
// when
let hint = anthropic_missing_credentials_hint();
// then
assert!(
hint.is_none(),
"no hint should be produced when every foreign provider env var is absent, got {hint:?}"
);
}
#[test]
fn anthropic_missing_credentials_hint_detects_openai_api_key_and_recommends_openai_prefix() {
// given
let _lock = env_lock();
let _openai = EnvVarGuard::set("OPENAI_API_KEY", Some("sk-openrouter-varleg"));
let _xai = EnvVarGuard::set("XAI_API_KEY", None);
let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
// when
let hint = anthropic_missing_credentials_hint()
.expect("OPENAI_API_KEY presence should produce a hint");
// then
assert!(
hint.contains("OPENAI_API_KEY is set"),
"hint should name the detected env var so users recognize it: {hint}"
);
assert!(
hint.contains("OpenAI-compat"),
"hint should identify the target provider: {hint}"
);
assert!(
hint.contains("openai/"),
"hint should mention the `openai/` prefix routing fix: {hint}"
);
assert!(
hint.contains("OPENAI_BASE_URL"),
"hint should mention OPENAI_BASE_URL so OpenRouter users see the full picture: {hint}"
);
}
#[test]
fn anthropic_missing_credentials_hint_detects_xai_api_key() {
// given
let _lock = env_lock();
let _openai = EnvVarGuard::set("OPENAI_API_KEY", None);
let _xai = EnvVarGuard::set("XAI_API_KEY", Some("xai-test-key"));
let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
// when
let hint = anthropic_missing_credentials_hint()
.expect("XAI_API_KEY presence should produce a hint");
// then
assert!(
hint.contains("XAI_API_KEY is set"),
"hint should name XAI_API_KEY: {hint}"
);
assert!(
hint.contains("xAI"),
"hint should identify the xAI provider: {hint}"
);
assert!(
hint.contains("grok"),
"hint should suggest a grok-prefixed model alias: {hint}"
);
}
#[test]
fn anthropic_missing_credentials_hint_detects_dashscope_api_key() {
// given
let _lock = env_lock();
let _openai = EnvVarGuard::set("OPENAI_API_KEY", None);
let _xai = EnvVarGuard::set("XAI_API_KEY", None);
let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", Some("sk-dashscope-test"));
// when
let hint = anthropic_missing_credentials_hint()
.expect("DASHSCOPE_API_KEY presence should produce a hint");
// then
assert!(
hint.contains("DASHSCOPE_API_KEY is set"),
"hint should name DASHSCOPE_API_KEY: {hint}"
);
assert!(
hint.contains("DashScope"),
"hint should identify the DashScope provider: {hint}"
);
assert!(
hint.contains("qwen"),
"hint should suggest a qwen-prefixed model alias: {hint}"
);
}
#[test]
fn anthropic_missing_credentials_hint_prefers_openai_when_multiple_foreign_creds_set() {
// given
let _lock = env_lock();
let _openai = EnvVarGuard::set("OPENAI_API_KEY", Some("sk-openrouter-varleg"));
let _xai = EnvVarGuard::set("XAI_API_KEY", Some("xai-test-key"));
let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", Some("sk-dashscope-test"));
// when
let hint = anthropic_missing_credentials_hint()
.expect("multiple foreign creds should still produce a hint");
// then
assert!(
hint.contains("OPENAI_API_KEY"),
"OpenAI should be prioritized because it is the most common misrouting pattern (OpenRouter users), got: {hint}"
);
assert!(
!hint.contains("XAI_API_KEY"),
"only the first detected provider should be named to keep the hint focused, got: {hint}"
);
}
#[test]
fn anthropic_missing_credentials_builds_error_with_canonical_env_vars_and_no_hint_when_clean() {
// given
let _lock = env_lock();
let _openai = EnvVarGuard::set("OPENAI_API_KEY", None);
let _xai = EnvVarGuard::set("XAI_API_KEY", None);
let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
// when
let error = anthropic_missing_credentials();
// then
match &error {
ApiError::MissingCredentials {
provider,
env_vars,
hint,
} => {
assert_eq!(*provider, "Anthropic");
assert_eq!(*env_vars, &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"]);
assert!(
hint.is_none(),
"clean environment should not generate a hint, got {hint:?}"
);
}
other => panic!("expected MissingCredentials variant, got {other:?}"),
}
let rendered = error.to_string();
assert!(
!rendered.contains(" — hint: "),
"rendered error should be a plain missing-creds message: {rendered}"
);
}
#[test]
fn anthropic_missing_credentials_builds_error_with_hint_when_openai_key_is_set() {
// given
let _lock = env_lock();
let _openai = EnvVarGuard::set("OPENAI_API_KEY", Some("sk-openrouter-varleg"));
let _xai = EnvVarGuard::set("XAI_API_KEY", None);
let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
// when
let error = anthropic_missing_credentials();
// then
match &error {
ApiError::MissingCredentials {
provider,
env_vars,
hint,
} => {
assert_eq!(*provider, "Anthropic");
assert_eq!(*env_vars, &["ANTHROPIC_AUTH_TOKEN", "ANTHROPIC_API_KEY"]);
let hint_value = hint.as_deref().expect("hint should be populated");
assert!(
hint_value.contains("OPENAI_API_KEY is set"),
"hint should name the detected env var: {hint_value}"
);
}
other => panic!("expected MissingCredentials variant, got {other:?}"),
}
let rendered = error.to_string();
assert!(
rendered.starts_with("missing Anthropic credentials;"),
"canonical base message should still lead the rendered error: {rendered}"
);
assert!(
rendered.contains(" — hint: I see OPENAI_API_KEY is set"),
"rendered error should carry the env-driven hint: {rendered}"
);
}
#[test]
fn anthropic_missing_credentials_hint_ignores_empty_string_values() {
// given
let _lock = env_lock();
// An empty value is semantically equivalent to "not set" for the
// credential discovery path, so the sniffer must treat it that way
// to avoid false-positive hints for users who intentionally cleared
// a stale export with `OPENAI_API_KEY=`.
let _openai = EnvVarGuard::set("OPENAI_API_KEY", Some(""));
let _xai = EnvVarGuard::set("XAI_API_KEY", None);
let _dashscope = EnvVarGuard::set("DASHSCOPE_API_KEY", None);
// when
let hint = anthropic_missing_credentials_hint();
// then
assert!(
hint.is_none(),
"empty env var should not trigger the hint sniffer, got {hint:?}"
);
}
#[test]
fn openai_base_url_overrides_anthropic_fallback_for_unknown_model() {
// given — user has OPENAI_BASE_URL + OPENAI_API_KEY but no Anthropic
// creds, and a model name with no recognized prefix.
let _lock = env_lock();
let _base_url = EnvVarGuard::set("OPENAI_BASE_URL", Some("http://127.0.0.1:11434/v1"));
let _api_key = EnvVarGuard::set("OPENAI_API_KEY", Some("dummy"));
let _anthropic_key = EnvVarGuard::set("ANTHROPIC_API_KEY", None);
let _anthropic_token = EnvVarGuard::set("ANTHROPIC_AUTH_TOKEN", None);
// when
let provider = detect_provider_kind("qwen2.5-coder:7b");
// then — should route to OpenAI, not Anthropic
assert_eq!(
provider,
ProviderKind::OpenAi,
"OPENAI_BASE_URL should win over Anthropic fallback for unknown models"
);
}
// NOTE: a "OPENAI_BASE_URL without OPENAI_API_KEY" test is omitted
// because workspace-parallel test binaries can race on process env
// (env_lock only protects within a single binary). The detection logic
// is covered: OPENAI_BASE_URL alone routes to OpenAi as a last-resort
// fallback in detect_provider_kind().
}

1161
rust/crates/api/src/providers/openai_compat.rs
View File

File diff suppressed because it is too large Load Diff

18
rust/crates/api/src/types.rs
View File

@@ -2,7 +2,7 @@ use runtime::{pricing_for_model, TokenUsage, UsageCostEstimate};
use serde::{Deserialize, Serialize};
use serde_json::Value;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default)]
pub struct MessageRequest {
pub model: String,
pub max_tokens: u32,
@@ -15,6 +15,22 @@ pub struct MessageRequest {
pub tool_choice: Option<ToolChoice>,
#[serde(default, skip_serializing_if = "std::ops::Not::not")]
pub stream: bool,
/// OpenAI-compatible tuning parameters. Optional — omitted from payload when None.
#[serde(skip_serializing_if = "Option::is_none")]
pub temperature: Option<f64>,
#[serde(skip_serializing_if = "Option::is_none")]
pub top_p: Option<f64>,
#[serde(skip_serializing_if = "Option::is_none")]
pub frequency_penalty: Option<f64>,
#[serde(skip_serializing_if = "Option::is_none")]
pub presence_penalty: Option<f64>,
#[serde(skip_serializing_if = "Option::is_none")]
pub stop: Option<Vec<String>>,
/// Reasoning effort level for OpenAI-compatible reasoning models (e.g. `o4-mini`).
/// Accepted values: `"low"`, `"medium"`, `"high"`. Omitted when `None`.
/// Silently ignored by backends that do not support it.
#[serde(skip_serializing_if = "Option::is_none")]
pub reasoning_effort: Option<String>,
}
impl MessageRequest {

68
rust/crates/api/tests/client_integration.rs
View File

@@ -127,6 +127,7 @@ async fn send_message_blocks_oversized_requests_before_the_http_call() {
tools: None,
tool_choice: None,
stream: false,
..Default::default()
})
.await
.expect_err("oversized request should fail local context-window preflight");
@@ -545,6 +546,71 @@ async fn surfaces_retry_exhaustion_for_persistent_retryable_errors() {
}
}
#[tokio::test]
async fn retries_multiple_retryable_failures_with_exponential_backoff_and_jitter() {
let state = Arc::new(Mutex::new(Vec::<CapturedRequest>::new()));
let server = spawn_server(
state.clone(),
vec![
http_response(
"429 Too Many Requests",
"application/json",
"{\"type\":\"error\",\"error\":{\"type\":\"rate_limit_error\",\"message\":\"slow down\"}}",
),
http_response(
"500 Internal Server Error",
"application/json",
"{\"type\":\"error\",\"error\":{\"type\":\"api_error\",\"message\":\"boom\"}}",
),
http_response(
"503 Service Unavailable",
"application/json",
"{\"type\":\"error\",\"error\":{\"type\":\"overloaded_error\",\"message\":\"busy\"}}",
),
http_response(
"429 Too Many Requests",
"application/json",
"{\"type\":\"error\",\"error\":{\"type\":\"rate_limit_error\",\"message\":\"slow down again\"}}",
),
http_response(
"503 Service Unavailable",
"application/json",
"{\"type\":\"error\",\"error\":{\"type\":\"overloaded_error\",\"message\":\"still busy\"}}",
),
http_response(
"200 OK",
"application/json",
"{\"id\":\"msg_exp_retry\",\"type\":\"message\",\"role\":\"assistant\",\"content\":[{\"type\":\"text\",\"text\":\"Recovered after 5\"}],\"model\":\"claude-3-7-sonnet-latest\",\"stop_reason\":\"end_turn\",\"stop_sequence\":null,\"usage\":{\"input_tokens\":3,\"output_tokens\":2}}",
),
],
)
.await;
let client = ApiClient::new("test-key")
.with_base_url(server.base_url())
.with_retry_policy(8, Duration::from_millis(1), Duration::from_millis(4));
let started_at = std::time::Instant::now();
let response = client
.send_message(&sample_request(false))
.await
.expect("8-retry policy should absorb 5 retryable failures");
let elapsed = started_at.elapsed();
assert_eq!(response.total_tokens(), 5);
assert_eq!(
state.lock().await.len(),
6,
"client should issue 1 original + 5 retry requests before the 200"
);
// Jittered sleeps are bounded by 2 * max_backoff per retry (base + jitter),
// so 5 sleeps fit comfortably below this upper bound with generous slack.
assert!(
elapsed < Duration::from_secs(5),
"retries should complete promptly, took {elapsed:?}"
);
}
#[tokio::test]
#[allow(clippy::await_holding_lock)]
async fn send_message_reuses_recent_completion_cache_entries() {
@@ -676,6 +742,7 @@ async fn live_stream_smoke_test() {
tools: None,
tool_choice: None,
stream: false,
..Default::default()
})
.await
.expect("live stream should start");
@@ -856,5 +923,6 @@ fn sample_request(stream: bool) -> MessageRequest {
}]),
tool_choice: Some(ToolChoice::Auto),
stream,
..Default::default()
}
}

2
rust/crates/api/tests/openai_compat_integration.rs
View File

@@ -88,6 +88,7 @@ async fn send_message_blocks_oversized_xai_requests_before_the_http_call() {
tools: None,
tool_choice: None,
stream: false,
..Default::default()
})
.await
.expect_err("oversized request should fail local context-window preflight");
@@ -496,6 +497,7 @@ fn sample_request(stream: bool) -> MessageRequest {
}]),
tool_choice: Some(ToolChoice::Auto),
stream,
..Default::default()
}
}

4
rust/crates/api/tests/provider_client_integration.rs
View File

@@ -22,7 +22,9 @@ fn provider_client_reports_missing_xai_credentials_for_grok_models() {
.expect_err("grok requests without XAI_API_KEY should fail fast");
match error {
ApiError::MissingCredentials { provider, env_vars } => {
ApiError::MissingCredentials {
provider, env_vars, ..
} => {
assert_eq!(provider, "xAI");
assert_eq!(env_vars, &["XAI_API_KEY"]);
}

173
rust/crates/api/tests/proxy_integration.rs Normal file
View File

@@ -0,0 +1,173 @@
use std::ffi::OsString;
use std::sync::{Mutex, OnceLock};
use api::{build_http_client_with, ProxyConfig};
fn env_lock() -> std::sync::MutexGuard<'static, ()> {
static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
LOCK.get_or_init(|| Mutex::new(()))
.lock()
.unwrap_or_else(std::sync::PoisonError::into_inner)
}
struct EnvVarGuard {
key: &'static str,
original: Option<OsString>,
}
impl EnvVarGuard {
fn set(key: &'static str, value: Option<&str>) -> Self {
let original = std::env::var_os(key);
match value {
Some(value) => std::env::set_var(key, value),
None => std::env::remove_var(key),
}
Self { key, original }
}
}
impl Drop for EnvVarGuard {
fn drop(&mut self) {
match &self.original {
Some(value) => std::env::set_var(self.key, value),
None => std::env::remove_var(self.key),
}
}
}
#[test]
fn proxy_config_from_env_reads_uppercase_proxy_vars() {
// given
let _lock = env_lock();
let _http = EnvVarGuard::set("HTTP_PROXY", Some("http://proxy.corp:3128"));
let _https = EnvVarGuard::set("HTTPS_PROXY", Some("http://secure.corp:3129"));
let _no = EnvVarGuard::set("NO_PROXY", Some("localhost,127.0.0.1"));
let _http_lower = EnvVarGuard::set("http_proxy", None);
let _https_lower = EnvVarGuard::set("https_proxy", None);
let _no_lower = EnvVarGuard::set("no_proxy", None);
// when
let config = ProxyConfig::from_env();
// then
assert_eq!(config.http_proxy.as_deref(), Some("http://proxy.corp:3128"));
assert_eq!(
config.https_proxy.as_deref(),
Some("http://secure.corp:3129")
);
assert_eq!(config.no_proxy.as_deref(), Some("localhost,127.0.0.1"));
assert!(config.proxy_url.is_none());
assert!(!config.is_empty());
}
#[test]
fn proxy_config_from_env_reads_lowercase_proxy_vars() {
// given
let _lock = env_lock();
let _http = EnvVarGuard::set("HTTP_PROXY", None);
let _https = EnvVarGuard::set("HTTPS_PROXY", None);
let _no = EnvVarGuard::set("NO_PROXY", None);
let _http_lower = EnvVarGuard::set("http_proxy", Some("http://lower.corp:3128"));
let _https_lower = EnvVarGuard::set("https_proxy", Some("http://lower-secure.corp:3129"));
let _no_lower = EnvVarGuard::set("no_proxy", Some(".internal"));
// when
let config = ProxyConfig::from_env();
// then
assert_eq!(config.http_proxy.as_deref(), Some("http://lower.corp:3128"));
assert_eq!(
config.https_proxy.as_deref(),
Some("http://lower-secure.corp:3129")
);
assert_eq!(config.no_proxy.as_deref(), Some(".internal"));
assert!(!config.is_empty());
}
#[test]
fn proxy_config_from_env_is_empty_when_no_vars_set() {
// given
let _lock = env_lock();
let _http = EnvVarGuard::set("HTTP_PROXY", None);
let _https = EnvVarGuard::set("HTTPS_PROXY", None);
let _no = EnvVarGuard::set("NO_PROXY", None);
let _http_lower = EnvVarGuard::set("http_proxy", None);
let _https_lower = EnvVarGuard::set("https_proxy", None);
let _no_lower = EnvVarGuard::set("no_proxy", None);
// when
let config = ProxyConfig::from_env();
// then
assert!(config.is_empty());
assert!(config.http_proxy.is_none());
assert!(config.https_proxy.is_none());
assert!(config.no_proxy.is_none());
}
#[test]
fn proxy_config_from_env_treats_empty_values_as_unset() {
// given
let _lock = env_lock();
let _http = EnvVarGuard::set("HTTP_PROXY", Some(""));
let _https = EnvVarGuard::set("HTTPS_PROXY", Some(""));
let _http_lower = EnvVarGuard::set("http_proxy", Some(""));
let _https_lower = EnvVarGuard::set("https_proxy", Some(""));
let _no = EnvVarGuard::set("NO_PROXY", Some(""));
let _no_lower = EnvVarGuard::set("no_proxy", Some(""));
// when
let config = ProxyConfig::from_env();
// then
assert!(config.is_empty());
}
#[test]
fn build_client_with_env_proxy_config_succeeds() {
// given
let _lock = env_lock();
let _http = EnvVarGuard::set("HTTP_PROXY", Some("http://proxy.corp:3128"));
let _https = EnvVarGuard::set("HTTPS_PROXY", Some("http://secure.corp:3129"));
let _no = EnvVarGuard::set("NO_PROXY", Some("localhost"));
let _http_lower = EnvVarGuard::set("http_proxy", None);
let _https_lower = EnvVarGuard::set("https_proxy", None);
let _no_lower = EnvVarGuard::set("no_proxy", None);
let config = ProxyConfig::from_env();
// when
let result = build_http_client_with(&config);
// then
assert!(result.is_ok());
}
#[test]
fn build_client_with_proxy_url_config_succeeds() {
// given
let config = ProxyConfig::from_proxy_url("http://unified.corp:3128");
// when
let result = build_http_client_with(&config);
// then
assert!(result.is_ok());
}
#[test]
fn proxy_config_from_env_prefers_uppercase_over_lowercase() {
// given
let _lock = env_lock();
let _http_upper = EnvVarGuard::set("HTTP_PROXY", Some("http://upper.corp:3128"));
let _http_lower = EnvVarGuard::set("http_proxy", Some("http://lower.corp:3128"));
let _https = EnvVarGuard::set("HTTPS_PROXY", None);
let _https_lower = EnvVarGuard::set("https_proxy", None);
let _no = EnvVarGuard::set("NO_PROXY", None);
let _no_lower = EnvVarGuard::set("no_proxy", None);
// when
let config = ProxyConfig::from_env();
// then
assert_eq!(config.http_proxy.as_deref(), Some("http://upper.corp:3128"));
}

488
rust/crates/commands/src/lib.rs
View File

@@ -4,7 +4,7 @@ use std::fmt;
use std::fs;
use std::path::{Path, PathBuf};
use plugins::{PluginError, PluginManager, PluginSummary};
use plugins::{PluginError, PluginLoadFailure, PluginManager, PluginSummary};
use runtime::{
compact_session, CompactionConfig, ConfigLoader, ConfigSource, McpOAuthConfig, McpServerConfig,
ScopedMcpServerConfig, Session,
@@ -221,8 +221,10 @@ const SLASH_COMMAND_SPECS: &[SlashCommandSpec] = &[
SlashCommandSpec {
name: "session",
aliases: &[],
summary: "List, switch, or fork managed local sessions",
argument_hint: Some("[list|switch <session-id>|fork [branch-name]]"),
summary: "List, switch, fork, or delete managed local sessions",
argument_hint: Some(
"[list|switch <session-id>|fork [branch-name]|delete <session-id> [--force]]",
),
resume_supported: false,
},
SlashCommandSpec {
@@ -255,20 +257,6 @@ const SLASH_COMMAND_SPECS: &[SlashCommandSpec] = &[
argument_hint: None,
resume_supported: true,
},
SlashCommandSpec {
name: "login",
aliases: &[],
summary: "Log in to the service",
argument_hint: None,
resume_supported: false,
},
SlashCommandSpec {
name: "logout",
aliases: &[],
summary: "Log out of the current session",
argument_hint: None,
resume_supported: false,
},
SlashCommandSpec {
name: "plan",
aliases: &[],
@@ -1188,6 +1176,9 @@ pub enum SlashCommand {
AddDir {
path: Option<String>,
},
History {
count: Option<String>,
},
Unknown(String),
}
@@ -1216,6 +1207,83 @@ impl SlashCommand {
pub fn parse(input: &str) -> Result<Option<Self>, SlashCommandParseError> {
validate_slash_command_input(input)
}
/// Returns the canonical slash-command name (e.g. `"/branch"`) for use in
/// error messages and logging. Derived from the spec table so it always
/// matches what the user would have typed.
#[must_use]
pub fn slash_name(&self) -> &'static str {
match self {
Self::Help => "/help",
Self::Clear { .. } => "/clear",
Self::Compact { .. } => "/compact",
Self::Cost => "/cost",
Self::Doctor => "/doctor",
Self::Config { .. } => "/config",
Self::Memory { .. } => "/memory",
Self::History { .. } => "/history",
Self::Diff => "/diff",
Self::Status => "/status",
Self::Stats => "/stats",
Self::Version => "/version",
Self::Commit { .. } => "/commit",
Self::Pr { .. } => "/pr",
Self::Issue { .. } => "/issue",
Self::Init => "/init",
Self::Bughunter { .. } => "/bughunter",
Self::Ultraplan { .. } => "/ultraplan",
Self::Teleport { .. } => "/teleport",
Self::DebugToolCall { .. } => "/debug-tool-call",
Self::Resume { .. } => "/resume",
Self::Model { .. } => "/model",
Self::Permissions { .. } => "/permissions",
Self::Session { .. } => "/session",
Self::Plugins { .. } => "/plugins",
Self::Login => "/login",
Self::Logout => "/logout",
Self::Vim => "/vim",
Self::Upgrade => "/upgrade",
Self::Share => "/share",
Self::Feedback => "/feedback",
Self::Files => "/files",
Self::Fast => "/fast",
Self::Exit => "/exit",
Self::Summary => "/summary",
Self::Desktop => "/desktop",
Self::Brief => "/brief",
Self::Advisor => "/advisor",
Self::Stickers => "/stickers",
Self::Insights => "/insights",
Self::Thinkback => "/thinkback",
Self::ReleaseNotes => "/release-notes",
Self::SecurityReview => "/security-review",
Self::Keybindings => "/keybindings",
Self::PrivacySettings => "/privacy-settings",
Self::Plan { .. } => "/plan",
Self::Review { .. } => "/review",
Self::Tasks { .. } => "/tasks",
Self::Theme { .. } => "/theme",
Self::Voice { .. } => "/voice",
Self::Usage { .. } => "/usage",
Self::Rename { .. } => "/rename",
Self::Copy { .. } => "/copy",
Self::Hooks { .. } => "/hooks",
Self::Context { .. } => "/context",
Self::Color { .. } => "/color",
Self::Effort { .. } => "/effort",
Self::Branch { .. } => "/branch",
Self::Rewind { .. } => "/rewind",
Self::Ide { .. } => "/ide",
Self::Tag { .. } => "/tag",
Self::OutputStyle { .. } => "/output-style",
Self::AddDir { .. } => "/add-dir",
Self::Sandbox => "/sandbox",
Self::Mcp { .. } => "/mcp",
Self::Export { .. } => "/export",
#[allow(unreachable_patterns)]
_ => "/unknown",
}
}
}
#[allow(clippy::too_many_lines)]
@@ -1315,17 +1383,16 @@ pub fn validate_slash_command_input(
"skills" | "skill" => SlashCommand::Skills {
args: parse_skills_args(remainder.as_deref())?,
},
"doctor" => {
"doctor" | "providers" => {
validate_no_args(command, &args)?;
SlashCommand::Doctor
}
"login" => {
validate_no_args(command, &args)?;
SlashCommand::Login
}
"logout" => {
validate_no_args(command, &args)?;
SlashCommand::Logout
"login" | "logout" => {
return Err(command_error(
"This auth flow was removed. Set ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN instead.",
command,
"",
));
}
"vim" => {
validate_no_args(command, &args)?;
@@ -1335,7 +1402,7 @@ pub fn validate_slash_command_input(
validate_no_args(command, &args)?;
SlashCommand::Upgrade
}
"stats" => {
"stats" | "tokens" | "cache" => {
validate_no_args(command, &args)?;
SlashCommand::Stats
}
@@ -1421,6 +1488,9 @@ pub fn validate_slash_command_input(
"tag" => SlashCommand::Tag { label: remainder },
"output-style" => SlashCommand::OutputStyle { style: remainder },
"add-dir" => SlashCommand::AddDir { path: remainder },
"history" => SlashCommand::History {
count: optional_single_arg(command, &args, "[count]")?,
},
other => SlashCommand::Unknown(other.to_string()),
}))
}
@@ -1520,7 +1590,7 @@ fn parse_session_command(args: &[&str]) -> Result<SlashCommand, SlashCommandPars
action: Some("list".to_string()),
target: None,
}),
["list", ..] => Err(usage_error("session", "[list|switch <session-id>|fork [branch-name]]")),
["list", ..] => Err(usage_error("session", "[list|switch <session-id>|fork [branch-name]|delete <session-id> [--force]]")),
["switch"] => Err(usage_error("session switch", "<session-id>")),
["switch", target] => Ok(SlashCommand::Session {
action: Some("switch".to_string()),
@@ -1544,12 +1614,33 @@ fn parse_session_command(args: &[&str]) -> Result<SlashCommand, SlashCommandPars
"session",
"/session fork [branch-name]",
)),
[action, ..] => Err(command_error(
["delete"] => Err(usage_error("session delete", "<session-id> [--force]")),
["delete", target] => Ok(SlashCommand::Session {
action: Some("delete".to_string()),
target: Some((*target).to_string()),
}),
["delete", target, "--force"] => Ok(SlashCommand::Session {
action: Some("delete-force".to_string()),
target: Some((*target).to_string()),
}),
["delete", _target, unexpected] => Err(command_error(
&format!(
"Unknown /session action '{action}'. Use list, switch <session-id>, or fork [branch-name]."
"Unsupported /session delete flag '{unexpected}'. Use --force to skip confirmation."
),
"session",
"/session [list|switch <session-id>|fork [branch-name]]",
"/session delete <session-id> [--force]",
)),
["delete", ..] => Err(command_error(
"Unexpected arguments for /session delete.",
"session",
"/session delete <session-id> [--force]",
)),
[action, ..] => Err(command_error(
&format!(
"Unknown /session action '{action}'. Use list, switch <session-id>, fork [branch-name], or delete <session-id> [--force]."
),
"session",
"/session [list|switch <session-id>|fork [branch-name]|delete <session-id> [--force]]",
)),
}
}
@@ -1786,24 +1877,21 @@ pub fn resume_supported_slash_commands() -> Vec<&'static SlashCommandSpec> {
fn slash_command_category(name: &str) -> &'static str {
match name {
"help" | "status" | "sandbox" | "model" | "permissions" | "cost" | "resume" | "session"
| "version" | "login" | "logout" | "usage" | "stats" | "rename" | "privacy-settings" => {
"Session & visibility"
"help" | "status" | "cost" | "resume" | "session" | "version" | "usage" | "stats"
| "rename" | "clear" | "compact" | "history" | "tokens" | "cache" | "exit" | "summary"
| "tag" | "thinkback" | "copy" | "share" | "feedback" | "rewind" | "pin" | "unpin"
| "bookmarks" | "context" | "files" | "focus" | "unfocus" | "retry" | "stop" | "undo" => {
"Session"
}
"compact" | "clear" | "config" | "memory" | "init" | "diff" | "commit" | "pr" | "issue"
| "export" | "plugin" | "branch" | "add-dir" | "files" | "hooks" | "release-notes" => {
"Workspace & git"
}
"agents" | "skills" | "teleport" | "debug-tool-call" | "mcp" | "context" | "tasks"
| "doctor" | "ide" | "desktop" => "Discovery & debugging",
"bughunter" | "ultraplan" | "review" | "security-review" | "advisor" | "insights" => {
"Analysis & automation"
}
"theme" | "vim" | "voice" | "color" | "effort" | "fast" | "brief" | "output-style"
| "keybindings" | "stickers" => "Appearance & input",
"copy" | "share" | "feedback" | "summary" | "tag" | "thinkback" | "plan" | "exit"
| "upgrade" | "rewind" => "Communication & control",
_ => "Other",
"model" | "permissions" | "config" | "memory" | "theme" | "vim" | "voice" | "color"
| "effort" | "fast" | "brief" | "output-style" | "keybindings" | "privacy-settings"
| "stickers" | "language" | "profile" | "max-tokens" | "temperature" | "system-prompt"
| "api-key" | "terminal-setup" | "notifications" | "telemetry" | "providers" | "env"
| "project" | "reasoning" | "budget" | "rate-limit" | "workspace" | "reset" | "ide"
| "desktop" | "upgrade" => "Config",
"debug-tool-call" | "doctor" | "sandbox" | "diagnostics" | "tool-details" | "changelog"
| "metrics" => "Debug",
_ => "Tools",
}
}
@@ -1904,6 +1992,42 @@ pub fn suggest_slash_commands(input: &str, limit: usize) -> Vec<String> {
}
#[must_use]
/// Render the slash-command help section, optionally excluding stub commands
/// (commands that are registered in the spec list but not yet implemented).
/// Pass an empty slice to include all commands.
pub fn render_slash_command_help_filtered(exclude: &[&str]) -> String {
let mut lines = vec![
"Slash commands".to_string(),
" Start here /status, /diff, /agents, /skills, /commit".to_string(),
" [resume] also works with --resume SESSION.jsonl".to_string(),
String::new(),
];
let categories = ["Session", "Tools", "Config", "Debug"];
for category in categories {
lines.push(category.to_string());
for spec in slash_command_specs()
.iter()
.filter(|spec| slash_command_category(spec.name) == category)
.filter(|spec| !exclude.contains(&spec.name))
{
lines.push(format_slash_command_help_line(spec));
}
lines.push(String::new());
}
lines
.into_iter()
.rev()
.skip_while(String::is_empty)
.collect::<Vec<_>>()
.into_iter()
.rev()
.collect::<Vec<_>>()
.join("\n")
}
pub fn render_slash_command_help() -> String {
let mut lines = vec![
"Slash commands".to_string(),
@@ -1912,12 +2036,7 @@ pub fn render_slash_command_help() -> String {
String::new(),
];
let categories = [
"Session & visibility",
"Workspace & git",
"Discovery & debugging",
"Analysis & automation",
];
let categories = ["Session", "Tools", "Config", "Debug"];
for category in categories {
lines.push(category.to_string());
@@ -1930,6 +2049,12 @@ pub fn render_slash_command_help() -> String {
lines.push(String::new());
}
lines.push("Keyboard shortcuts".to_string());
lines.push(" Up/Down Navigate prompt history".to_string());
lines.push(" Tab Complete commands, modes, and recent sessions".to_string());
lines.push(" Ctrl-C Clear input (or exit on empty prompt)".to_string());
lines.push(" Shift+Enter/Ctrl+J Insert a newline".to_string());
lines
.into_iter()
.rev()
@@ -2061,10 +2186,15 @@ pub fn handle_plugins_slash_command(
manager: &mut PluginManager,
) -> Result<PluginsCommandResult, PluginError> {
match action {
None | Some("list") => Ok(PluginsCommandResult {
message: render_plugins_report(&manager.list_installed_plugins()?),
reload_runtime: false,
}),
None | Some("list") => {
let report = manager.installed_plugin_registry_report()?;
let plugins = report.summaries();
let failures = report.failures();
Ok(PluginsCommandResult {
message: render_plugins_report_with_failures(&plugins, failures),
reload_runtime: false,
})
}
Some("install") => {
let Some(target) = target else {
return Ok(PluginsCommandResult {
@@ -2314,8 +2444,7 @@ pub fn resolve_skill_invocation(
.unwrap_or_default();
if !skill_token.is_empty() {
if let Err(error) = resolve_skill_path(cwd, skill_token) {
let mut message =
format!("Unknown skill: {skill_token} ({error})");
let mut message = format!("Unknown skill: {skill_token} ({error})");
let roots = discover_skill_roots(cwd);
if let Ok(available) = load_skills_from_roots(&roots) {
let names: Vec<String> = available
@@ -2324,15 +2453,11 @@ pub fn resolve_skill_invocation(
.map(|s| s.name.clone())
.collect();
if !names.is_empty() {
message.push_str(&format!(
"\n Available skills: {}",
names.join(", ")
));
message.push_str("\n Available skills: ");
message.push_str(&names.join(", "));
}
}
message.push_str(
"\n Usage: /skills [list|install <path>|help|<skill> [args]]",
);
message.push_str("\n Usage: /skills [list|install <path>|help|<skill> [args]]");
return Err(message);
}
}
@@ -2524,6 +2649,48 @@ pub fn render_plugins_report(plugins: &[PluginSummary]) -> String {
lines.join("\n")
}
#[must_use]
pub fn render_plugins_report_with_failures(
plugins: &[PluginSummary],
failures: &[PluginLoadFailure],
) -> String {
let mut lines = vec!["Plugins".to_string()];
// Show successfully loaded plugins
if plugins.is_empty() {
lines.push(" No plugins installed.".to_string());
} else {
for plugin in plugins {
let enabled = if plugin.enabled {
"enabled"
} else {
"disabled"
};
lines.push(format!(
" {name:<20} v{version:<10} {enabled}",
name = plugin.metadata.name,
version = plugin.metadata.version,
));
}
}
// Show warnings for broken plugins
if !failures.is_empty() {
lines.push(String::new());
lines.push("Warnings:".to_string());
for failure in failures {
lines.push(format!(
" ⚠️ Failed to load {} plugin from `{}`",
failure.kind,
failure.plugin_root.display()
));
lines.push(format!(" Error: {}", failure.error()));
}
}
lines.join("\n")
}
fn render_plugin_install_report(plugin_id: &str, plugin: Option<&PluginSummary>) -> String {
let name = plugin.map_or(plugin_id, |plugin| plugin.metadata.name.as_str());
let version = plugin.map_or("unknown", |plugin| plugin.metadata.version.as_str());
@@ -3942,6 +4109,7 @@ pub fn handle_slash_command(
| SlashCommand::Tag { .. }
| SlashCommand::OutputStyle { .. }
| SlashCommand::AddDir { .. }
| SlashCommand::History { .. }
| SlashCommand::Unknown(_) => None,
}
}
@@ -3953,12 +4121,15 @@ mod tests {
handle_plugins_slash_command, handle_skills_slash_command_json, handle_slash_command,
load_agents_from_roots, load_skills_from_roots, render_agents_report,
render_agents_report_json, render_mcp_report_json_for, render_plugins_report,
render_skills_report, render_slash_command_help, render_slash_command_help_detail,
resolve_skill_path, resume_supported_slash_commands, slash_command_specs,
suggest_slash_commands, validate_slash_command_input, DefinitionSource, SkillOrigin,
SkillRoot, SkillSlashDispatch, SlashCommand,
render_plugins_report_with_failures, render_skills_report, render_slash_command_help,
render_slash_command_help_detail, resolve_skill_path, resume_supported_slash_commands,
slash_command_specs, suggest_slash_commands, validate_slash_command_input,
DefinitionSource, SkillOrigin, SkillRoot, SkillSlashDispatch, SlashCommand,
};
use plugins::{
PluginError, PluginKind, PluginLoadFailure, PluginManager, PluginManagerConfig,
PluginMetadata, PluginSummary,
};
use plugins::{PluginKind, PluginManager, PluginManagerConfig, PluginMetadata, PluginSummary};
use runtime::{
CompactionConfig, ConfigLoader, ContentBlock, ConversationMessage, MessageRole, Session,
};
@@ -3981,6 +4152,24 @@ mod tests {
LOCK.get_or_init(|| Mutex::new(()))
}
fn env_guard() -> std::sync::MutexGuard<'static, ()> {
env_lock()
.lock()
.unwrap_or_else(std::sync::PoisonError::into_inner)
}
#[test]
fn env_guard_recovers_after_poisoning() {
let poisoned = std::thread::spawn(|| {
let _guard = env_guard();
panic!("poison env lock");
})
.join();
assert!(poisoned.is_err(), "poisoning thread should panic");
let _guard = env_guard();
}
fn restore_env_var(key: &str, original: Option<OsString>) {
match original {
Some(value) => std::env::set_var(key, value),
@@ -4256,6 +4445,47 @@ mod tests {
);
}
#[test]
fn parses_history_command_without_count() {
// given
let input = "/history";
// when
let parsed = SlashCommand::parse(input);
// then
assert_eq!(parsed, Ok(Some(SlashCommand::History { count: None })));
}
#[test]
fn parses_history_command_with_numeric_count() {
// given
let input = "/history 25";
// when
let parsed = SlashCommand::parse(input);
// then
assert_eq!(
parsed,
Ok(Some(SlashCommand::History {
count: Some("25".to_string())
}))
);
}
#[test]
fn rejects_history_with_extra_arguments() {
// given
let input = "/history 25 extra";
// when
let error = parse_error_message(input);
// then
assert!(error.contains("Usage: /history [count]"));
}
#[test]
fn rejects_unexpected_arguments_for_no_arg_commands() {
// given
@@ -4297,7 +4527,7 @@ mod tests {
// then
assert!(error.contains("Usage: /teleport <symbol-or-path>"));
assert!(error.contains(" Category Discovery & debugging"));
assert!(error.contains(" Category Tools"));
}
#[test]
@@ -4366,15 +4596,23 @@ mod tests {
assert!(action_error.contains(" Usage /mcp [list|show <server>|help]"));
}
#[test]
fn removed_login_and_logout_commands_report_env_auth_guidance() {
let login_error = parse_error_message("/login");
assert!(login_error.contains("ANTHROPIC_API_KEY"));
let logout_error = parse_error_message("/logout");
assert!(logout_error.contains("ANTHROPIC_AUTH_TOKEN"));
}
#[test]
fn renders_help_from_shared_specs() {
let help = render_slash_command_help();
assert!(help.contains("Start here /status, /diff, /agents, /skills, /commit"));
assert!(help.contains("[resume] also works with --resume SESSION.jsonl"));
assert!(help.contains("Session & visibility"));
assert!(help.contains("Workspace & git"));
assert!(help.contains("Discovery & debugging"));
assert!(help.contains("Analysis & automation"));
assert!(help.contains("Session"));
assert!(help.contains("Tools"));
assert!(help.contains("Config"));
assert!(help.contains("Debug"));
assert!(help.contains("/help"));
assert!(help.contains("/status"));
assert!(help.contains("/sandbox"));
@@ -4398,7 +4636,7 @@ mod tests {
assert!(help.contains("/diff"));
assert!(help.contains("/version"));
assert!(help.contains("/export [file]"));
assert!(help.contains("/session [list|switch <session-id>|fork [branch-name]]"));
assert!(help.contains("/session"), "help must mention /session");
assert!(help.contains("/sandbox"));
assert!(help.contains(
"/plugin [list|install <path>|enable <name>|disable <name>|uninstall <id>|update <id>]"
@@ -4407,10 +4645,59 @@ mod tests {
assert!(help.contains("/agents [list|help]"));
assert!(help.contains("/skills [list|install <path>|help|<skill> [args]]"));
assert!(help.contains("aliases: /skill"));
assert_eq!(slash_command_specs().len(), 141);
assert!(!help.contains("/login"));
assert!(!help.contains("/logout"));
assert_eq!(slash_command_specs().len(), 139);
assert!(resume_supported_slash_commands().len() >= 39);
}
#[test]
fn renders_help_with_grouped_categories_and_keyboard_shortcuts() {
// given
let categories = ["Session", "Tools", "Config", "Debug"];
// when
let help = render_slash_command_help();
// then
for category in categories {
assert!(
help.contains(category),
"expected help to contain category {category}"
);
}
let session_index = help.find("Session").expect("Session header should exist");
let tools_index = help.find("Tools").expect("Tools header should exist");
let config_index = help.find("Config").expect("Config header should exist");
let debug_index = help.find("Debug").expect("Debug header should exist");
assert!(session_index < tools_index);
assert!(tools_index < config_index);
assert!(config_index < debug_index);
assert!(help.contains("Keyboard shortcuts"));
assert!(help.contains("Up/Down Navigate prompt history"));
assert!(help.contains("Tab Complete commands, modes, and recent sessions"));
assert!(help.contains("Ctrl-C Clear input (or exit on empty prompt)"));
assert!(help.contains("Shift+Enter/Ctrl+J Insert a newline"));
// every command should still render with a summary line
for spec in slash_command_specs() {
let usage = match spec.argument_hint {
Some(hint) => format!("/{} {hint}", spec.name),
None => format!("/{}", spec.name),
};
assert!(
help.contains(&usage),
"expected help to contain command {usage}"
);
assert!(
help.contains(spec.summary),
"expected help to contain summary for /{}",
spec.name
);
}
}
#[test]
fn renders_per_command_help_detail() {
// given
@@ -4423,7 +4710,7 @@ mod tests {
assert!(help.contains("/plugin"));
assert!(help.contains("Summary Manage Claw Code plugins"));
assert!(help.contains("Aliases /plugins, /marketplace"));
assert!(help.contains("Category Workspace & git"));
assert!(help.contains("Category Tools"));
}
#[test]
@@ -4431,7 +4718,7 @@ mod tests {
let help = render_slash_command_help_detail("mcp").expect("detail help should exist");
assert!(help.contains("/mcp"));
assert!(help.contains("Summary Inspect configured MCP servers"));
assert!(help.contains("Category Discovery & debugging"));
assert!(help.contains("Category Tools"));
assert!(help.contains("Resume Supported with --resume SESSION.jsonl"));
}
@@ -4491,7 +4778,14 @@ mod tests {
)
.expect("slash command should be handled");
assert!(result.message.contains("Compacted 2 messages"));
// With the tool-use/tool-result boundary guard the compaction may
// preserve one extra message, so 1 or 2 messages may be removed.
assert!(
result.message.contains("Compacted 1 messages")
|| result.message.contains("Compacted 2 messages"),
"unexpected compaction message: {}",
result.message
);
assert_eq!(result.session.messages[0].role, MessageRole::System);
}
@@ -4611,6 +4905,36 @@ mod tests {
assert!(rendered.contains("disabled"));
}
#[test]
fn renders_plugins_report_with_broken_plugin_warnings() {
let rendered = render_plugins_report_with_failures(
&[PluginSummary {
metadata: PluginMetadata {
id: "demo@external".to_string(),
name: "demo".to_string(),
version: "1.2.3".to_string(),
description: "demo plugin".to_string(),
kind: PluginKind::External,
source: "demo".to_string(),
default_enabled: false,
root: None,
},
enabled: true,
}],
&[PluginLoadFailure::new(
PathBuf::from("/tmp/broken-plugin"),
PluginKind::External,
"broken".to_string(),
PluginError::InvalidManifest("hook path `hooks/pre.sh` does not exist".to_string()),
)],
);
assert!(rendered.contains("Warnings:"));
assert!(rendered.contains("Failed to load external plugin"));
assert!(rendered.contains("/tmp/broken-plugin"));
assert!(rendered.contains("does not exist"));
}
#[test]
fn lists_agents_from_project_and_user_roots() {
let workspace = temp_dir("agents-workspace");
@@ -4908,7 +5232,7 @@ mod tests {
#[test]
fn discovers_omc_skills_from_project_and_user_compatibility_roots() {
let _guard = env_lock().lock().expect("env lock");
let _guard = env_guard();
let workspace = temp_dir("skills-omc-workspace");
let user_home = temp_dir("skills-omc-home");
let claude_config_dir = temp_dir("skills-omc-claude-config");

6
rust/crates/compat-harness/src/lib.rs
View File

@@ -18,6 +18,12 @@ impl UpstreamPaths {
}
}
/// Returns the repository root path.
#[must_use]
pub fn repo_root(&self) -> &Path {
&self.repo_root
}
#[must_use]
pub fn from_workspace_dir(workspace_dir: impl AsRef<Path>) -> Self {
let workspace_dir = workspace_dir

73
rust/crates/plugins/src/hooks.rs
View File

@@ -337,7 +337,28 @@ impl CommandWithStdin {
let mut child = self.command.spawn()?;
if let Some(mut child_stdin) = child.stdin.take() {
use std::io::Write as _;
child_stdin.write_all(stdin)?;
// Tolerate BrokenPipe: a hook script that runs to completion
// (or exits early without reading stdin) closes its stdin
// before the parent finishes writing the JSON payload, and
// the kernel raises EPIPE on the parent's write_all. That is
// not a hook failure — the child still exited cleanly and we
// still need to wait_with_output() to capture stdout/stderr
// and the real exit code. Other write errors (e.g. EIO,
// permission, OOM) still propagate.
//
// This was the root cause of the Linux CI flake on
// hooks::tests::collects_and_runs_hooks_from_enabled_plugins
// (ROADMAP #25, runs 24120271422 / 24120538408 / 24121392171
// / 24121776826): the test hook scripts run in microseconds
// and the parent's stdin write races against child exit.
// macOS pipes happen to buffer the small payload before the
// child exits; Linux pipes do not, so the race shows up
// deterministically on ubuntu runners.
match child_stdin.write_all(stdin) {
Ok(()) => {}
Err(error) if error.kind() == std::io::ErrorKind::BrokenPipe => {}
Err(error) => return Err(error),
}
}
child.wait_with_output()
}
@@ -359,6 +380,18 @@ mod tests {
std::env::temp_dir().join(format!("plugins-hook-runner-{label}-{nanos}"))
}
fn make_executable(path: &Path) {
#[cfg(unix)]
{
use std::os::unix::fs::PermissionsExt;
let perms = fs::Permissions::from_mode(0o755);
fs::set_permissions(path, perms)
.unwrap_or_else(|e| panic!("chmod +x {}: {e}", path.display()));
}
#[cfg(not(unix))]
let _ = path;
}
fn write_hook_plugin(
root: &Path,
name: &str,
@@ -368,21 +401,30 @@ mod tests {
) {
fs::create_dir_all(root.join(".claude-plugin")).expect("manifest dir");
fs::create_dir_all(root.join("hooks")).expect("hooks dir");
let pre_path = root.join("hooks").join("pre.sh");
fs::write(
root.join("hooks").join("pre.sh"),
&pre_path,
format!("#!/bin/sh\nprintf '%s\\n' '{pre_message}'\n"),
)
.expect("write pre hook");
make_executable(&pre_path);
let post_path = root.join("hooks").join("post.sh");
fs::write(
root.join("hooks").join("post.sh"),
&post_path,
format!("#!/bin/sh\nprintf '%s\\n' '{post_message}'\n"),
)
.expect("write post hook");
make_executable(&post_path);
let failure_path = root.join("hooks").join("failure.sh");
fs::write(
root.join("hooks").join("failure.sh"),
&failure_path,
format!("#!/bin/sh\nprintf '%s\\n' '{failure_message}'\n"),
)
.expect("write failure hook");
make_executable(&failure_path);
fs::write(
root.join(".claude-plugin").join("plugin.json"),
format!(
@@ -496,4 +538,27 @@ mod tests {
.iter()
.any(|message| message == "later plugin hook"));
}
#[test]
#[cfg(unix)]
fn generated_hook_scripts_are_executable() {
use std::os::unix::fs::PermissionsExt;
// given
let root = temp_dir("exec-guard");
write_hook_plugin(&root, "exec-check", "pre", "post", "fail");
// then
for script in ["pre.sh", "post.sh", "failure.sh"] {
let path = root.join("hooks").join(script);
let mode = fs::metadata(&path)
.unwrap_or_else(|e| panic!("{script} metadata: {e}"))
.permissions()
.mode();
assert!(
mode & 0o111 != 0,
"{script} must have at least one execute bit set, got mode {mode:#o}"
);
}
}
}

200
rust/crates/plugins/src/lib.rs
View File

@@ -1,10 +1,13 @@
mod hooks;
#[cfg(test)]
pub mod test_isolation;
use std::collections::{BTreeMap, BTreeSet};
use std::fmt::{Display, Formatter};
use std::fs;
use std::path::{Path, PathBuf};
use std::process::{Command, Stdio};
use std::sync::atomic::{AtomicU64, Ordering};
use std::time::{SystemTime, UNIX_EPOCH};
use serde::{Deserialize, Serialize};
@@ -2160,7 +2163,13 @@ fn materialize_source(
match source {
PluginInstallSource::LocalPath { path } => Ok(path.clone()),
PluginInstallSource::GitUrl { url } => {
let destination = temp_root.join(format!("plugin-{}", unix_time_ms()));
static MATERIALIZE_COUNTER: AtomicU64 = AtomicU64::new(0);
let unique = MATERIALIZE_COUNTER.fetch_add(1, Ordering::Relaxed);
let nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos();
let destination = temp_root.join(format!("plugin-{nanos}-{unique}"));
let output = Command::new("git")
.arg("clone")
.arg("--depth")
@@ -2273,10 +2282,24 @@ fn ensure_object<'a>(root: &'a mut Map<String, Value>, key: &str) -> &'a mut Map
.expect("object should exist")
}
/// Environment variable lock for test isolation.
/// Guards against concurrent modification of `CLAW_CONFIG_HOME`.
#[cfg(test)]
fn env_lock() -> &'static std::sync::Mutex<()> {
static ENV_LOCK: std::sync::Mutex<()> = std::sync::Mutex::new(());
&ENV_LOCK
}
#[cfg(test)]
mod tests {
use super::*;
fn env_guard() -> std::sync::MutexGuard<'static, ()> {
env_lock()
.lock()
.unwrap_or_else(std::sync::PoisonError::into_inner)
}
fn temp_dir(label: &str) -> PathBuf {
let nanos = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
@@ -2285,6 +2308,18 @@ mod tests {
std::env::temp_dir().join(format!("plugins-{label}-{nanos}"))
}
#[test]
fn env_guard_recovers_after_poisoning() {
let poisoned = std::thread::spawn(|| {
let _guard = env_guard();
panic!("poison env lock");
})
.join();
assert!(poisoned.is_err(), "poisoning thread should panic");
let _guard = env_guard();
}
fn write_file(path: &Path, contents: &str) {
if let Some(parent) = path.parent() {
fs::create_dir_all(parent).expect("parent dir");
@@ -2468,6 +2503,7 @@ mod tests {
#[test]
fn load_plugin_from_directory_validates_required_fields() {
let _guard = env_guard();
let root = temp_dir("manifest-required");
write_file(
root.join(MANIFEST_FILE_NAME).as_path(),
@@ -2482,6 +2518,7 @@ mod tests {
#[test]
fn load_plugin_from_directory_reads_root_manifest_and_validates_entries() {
let _guard = env_guard();
let root = temp_dir("manifest-root");
write_loader_plugin(&root);
@@ -2511,6 +2548,7 @@ mod tests {
#[test]
fn load_plugin_from_directory_supports_packaged_manifest_path() {
let _guard = env_guard();
let root = temp_dir("manifest-packaged");
write_external_plugin(&root, "packaged-demo", "1.0.0");
@@ -2524,6 +2562,7 @@ mod tests {
#[test]
fn load_plugin_from_directory_defaults_optional_fields() {
let _guard = env_guard();
let root = temp_dir("manifest-defaults");
write_file(
root.join(MANIFEST_FILE_NAME).as_path(),
@@ -2545,6 +2584,7 @@ mod tests {
#[test]
fn load_plugin_from_directory_rejects_duplicate_permissions_and_commands() {
let _guard = env_guard();
let root = temp_dir("manifest-duplicates");
write_file(
root.join("commands").join("sync.sh").as_path(),
@@ -2840,6 +2880,7 @@ mod tests {
#[test]
fn discovers_builtin_and_bundled_plugins() {
let _guard = env_guard();
let manager = PluginManager::new(PluginManagerConfig::new(temp_dir("discover")));
let plugins = manager.list_plugins().expect("plugins should list");
assert!(plugins
@@ -2852,6 +2893,7 @@ mod tests {
#[test]
fn installs_enables_updates_and_uninstalls_external_plugins() {
let _guard = env_guard();
let config_home = temp_dir("home");
let source_root = temp_dir("source");
write_external_plugin(&source_root, "demo", "1.0.0");
@@ -2900,6 +2942,7 @@ mod tests {
#[test]
fn auto_installs_bundled_plugins_into_the_registry() {
let _guard = env_guard();
let config_home = temp_dir("bundled-home");
let bundled_root = temp_dir("bundled-root");
write_bundled_plugin(&bundled_root.join("starter"), "starter", "0.1.0", false);
@@ -2931,6 +2974,7 @@ mod tests {
#[test]
fn default_bundled_root_loads_repo_bundles_as_installed_plugins() {
let _guard = env_guard();
let config_home = temp_dir("default-bundled-home");
let manager = PluginManager::new(PluginManagerConfig::new(&config_home));
@@ -2949,6 +2993,7 @@ mod tests {
#[test]
fn bundled_sync_prunes_removed_bundled_registry_entries() {
let _guard = env_guard();
let config_home = temp_dir("bundled-prune-home");
let bundled_root = temp_dir("bundled-prune-root");
let stale_install_path = config_home
@@ -3012,6 +3057,7 @@ mod tests {
#[test]
fn installed_plugin_discovery_keeps_registry_entries_outside_install_root() {
let _guard = env_guard();
let config_home = temp_dir("registry-fallback-home");
let bundled_root = temp_dir("registry-fallback-bundled");
let install_root = config_home.join("plugins").join("installed");
@@ -3066,6 +3112,7 @@ mod tests {
#[test]
fn installed_plugin_discovery_prunes_stale_registry_entries() {
let _guard = env_guard();
let config_home = temp_dir("registry-prune-home");
let bundled_root = temp_dir("registry-prune-bundled");
let install_root = config_home.join("plugins").join("installed");
@@ -3111,6 +3158,7 @@ mod tests {
#[test]
fn persists_bundled_plugin_enable_state_across_reloads() {
let _guard = env_guard();
let config_home = temp_dir("bundled-state-home");
let bundled_root = temp_dir("bundled-state-root");
write_bundled_plugin(&bundled_root.join("starter"), "starter", "0.1.0", false);
@@ -3144,6 +3192,7 @@ mod tests {
#[test]
fn persists_bundled_plugin_disable_state_across_reloads() {
let _guard = env_guard();
let config_home = temp_dir("bundled-disabled-home");
let bundled_root = temp_dir("bundled-disabled-root");
write_bundled_plugin(&bundled_root.join("starter"), "starter", "0.1.0", true);
@@ -3177,6 +3226,7 @@ mod tests {
#[test]
fn validates_plugin_source_before_install() {
let _guard = env_guard();
let config_home = temp_dir("validate-home");
let source_root = temp_dir("validate-source");
write_external_plugin(&source_root, "validator", "1.0.0");
@@ -3191,6 +3241,7 @@ mod tests {
#[test]
fn plugin_registry_tracks_enabled_state_and_lookup() {
let _guard = env_guard();
let config_home = temp_dir("registry-home");
let source_root = temp_dir("registry-source");
write_external_plugin(&source_root, "registry-demo", "1.0.0");
@@ -3218,6 +3269,7 @@ mod tests {
#[test]
fn plugin_registry_report_collects_load_failures_without_dropping_valid_plugins() {
let _guard = env_guard();
// given
let config_home = temp_dir("report-home");
let external_root = temp_dir("report-external");
@@ -3262,6 +3314,7 @@ mod tests {
#[test]
fn installed_plugin_registry_report_collects_load_failures_from_install_root() {
let _guard = env_guard();
// given
let config_home = temp_dir("installed-report-home");
let bundled_root = temp_dir("installed-report-bundled");
@@ -3292,6 +3345,7 @@ mod tests {
#[test]
fn rejects_plugin_sources_with_missing_hook_paths() {
let _guard = env_guard();
// given
let config_home = temp_dir("broken-home");
let source_root = temp_dir("broken-source");
@@ -3319,6 +3373,7 @@ mod tests {
#[test]
fn rejects_plugin_sources_with_missing_failure_hook_paths() {
let _guard = env_guard();
// given
let config_home = temp_dir("broken-failure-home");
let source_root = temp_dir("broken-failure-source");
@@ -3346,6 +3401,7 @@ mod tests {
#[test]
fn plugin_registry_runs_initialize_and_shutdown_for_enabled_plugins() {
let _guard = env_guard();
let config_home = temp_dir("lifecycle-home");
let source_root = temp_dir("lifecycle-source");
let _ = write_lifecycle_plugin(&source_root, "lifecycle-demo", "1.0.0");
@@ -3369,6 +3425,7 @@ mod tests {
#[test]
fn aggregates_and_executes_plugin_tools() {
let _guard = env_guard();
let config_home = temp_dir("tool-home");
let source_root = temp_dir("tool-source");
write_tool_plugin(&source_root, "tool-demo", "1.0.0");
@@ -3397,6 +3454,7 @@ mod tests {
#[test]
fn list_installed_plugins_scans_install_root_without_registry_entries() {
let _guard = env_guard();
let config_home = temp_dir("installed-scan-home");
let bundled_root = temp_dir("installed-scan-bundled");
let install_root = config_home.join("plugins").join("installed");
@@ -3428,6 +3486,7 @@ mod tests {
#[test]
fn list_installed_plugins_scans_packaged_manifests_in_install_root() {
let _guard = env_guard();
let config_home = temp_dir("installed-packaged-scan-home");
let bundled_root = temp_dir("installed-packaged-scan-bundled");
let install_root = config_home.join("plugins").join("installed");
@@ -3456,4 +3515,143 @@ mod tests {
let _ = fs::remove_dir_all(config_home);
let _ = fs::remove_dir_all(bundled_root);
}
/// Regression test for ROADMAP #41: verify that `CLAW_CONFIG_HOME` isolation prevents
/// host `~/.claw/plugins/` from bleeding into test runs.
#[test]
fn claw_config_home_isolation_prevents_host_plugin_leakage() {
let _guard = env_guard();
// Create a temp directory to act as our isolated CLAW_CONFIG_HOME
let config_home = temp_dir("isolated-home");
let bundled_root = temp_dir("isolated-bundled");
// Set CLAW_CONFIG_HOME to our temp directory
std::env::set_var("CLAW_CONFIG_HOME", &config_home);
// Create a test fixture plugin in the isolated config home
let install_root = config_home.join("plugins").join("installed");
let fixture_plugin_root = install_root.join("isolated-test-plugin");
write_file(
fixture_plugin_root.join(MANIFEST_RELATIVE_PATH).as_path(),
r#"{
"name": "isolated-test-plugin",
"version": "1.0.0",
"description": "Test fixture plugin in isolated config home"
}"#,
);
// Create PluginManager with isolated bundled_root - it should use the temp config_home, not host ~/.claw/
let mut config = PluginManagerConfig::new(&config_home);
config.bundled_root = Some(bundled_root.clone());
let manager = PluginManager::new(config);
// List installed plugins - should only see the test fixture, not host plugins
let installed = manager
.list_installed_plugins()
.expect("installed plugins should list");
// Verify we only see the test fixture plugin
assert_eq!(
installed.len(),
1,
"should only see the test fixture plugin, not host ~/.claw/plugins/"
);
assert_eq!(
installed[0].metadata.id, "isolated-test-plugin@external",
"should see the test fixture plugin"
);
// Cleanup
std::env::remove_var("CLAW_CONFIG_HOME");
let _ = fs::remove_dir_all(config_home);
let _ = fs::remove_dir_all(bundled_root);
}
#[test]
fn plugin_lifecycle_handles_parallel_execution() {
use std::sync::atomic::{AtomicUsize, Ordering as AtomicOrdering};
use std::sync::Arc;
use std::thread;
let _guard = env_guard();
// Shared base directory for all threads
let base_dir = temp_dir("parallel-base");
// Track successful installations and any errors
let success_count = Arc::new(AtomicUsize::new(0));
let error_count = Arc::new(AtomicUsize::new(0));
// Spawn multiple threads to install plugins simultaneously
let mut handles = Vec::new();
for thread_id in 0..5 {
let base_dir = base_dir.clone();
let success_count = Arc::clone(&success_count);
let error_count = Arc::clone(&error_count);
let handle = thread::spawn(move || {
// Create unique directories for this thread
let config_home = base_dir.join(format!("config-{thread_id}"));
let source_root = base_dir.join(format!("source-{thread_id}"));
// Write lifecycle plugin for this thread
let _log_path =
write_lifecycle_plugin(&source_root, &format!("parallel-{thread_id}"), "1.0.0");
// Create PluginManager and install
let mut manager = PluginManager::new(PluginManagerConfig::new(&config_home));
let install_result = manager.install(source_root.to_str().expect("utf8 path"));
match install_result {
Ok(install) => {
let log_path = install.install_path.join("lifecycle.log");
// Initialize and shutdown the registry to trigger lifecycle hooks
let registry = manager.plugin_registry();
match registry {
Ok(registry) => {
if registry.initialize().is_ok() && registry.shutdown().is_ok() {
// Verify lifecycle.log exists and has expected content
if let Ok(log) = fs::read_to_string(&log_path) {
if log == "init\nshutdown\n" {
success_count.fetch_add(1, AtomicOrdering::Relaxed);
}
}
}
}
Err(_) => {
error_count.fetch_add(1, AtomicOrdering::Relaxed);
}
}
}
Err(_) => {
error_count.fetch_add(1, AtomicOrdering::Relaxed);
}
}
});
handles.push(handle);
}
// Wait for all threads to complete
for handle in handles {
handle.join().expect("thread should complete");
}
// Verify all threads succeeded without collisions
let successes = success_count.load(AtomicOrdering::Relaxed);
let errors = error_count.load(AtomicOrdering::Relaxed);
assert_eq!(
successes, 5,
"all 5 parallel plugin installations should succeed"
);
assert_eq!(
errors, 0,
"no errors should occur during parallel execution"
);
// Cleanup
let _ = fs::remove_dir_all(base_dir);
}
}

73
rust/crates/plugins/src/test_isolation.rs Normal file
View File

@@ -0,0 +1,73 @@
// Test isolation utilities for plugin tests
// ROADMAP #41: Stop ambient plugin state from skewing CLI regression checks
use std::env;
use std::path::PathBuf;
use std::sync::atomic::{AtomicU64, Ordering};
use std::sync::Mutex;
static TEST_COUNTER: AtomicU64 = AtomicU64::new(0);
static ENV_LOCK: Mutex<()> = Mutex::new(());
/// Lock for test environment isolation
pub struct EnvLock {
_guard: std::sync::MutexGuard<'static, ()>,
temp_home: PathBuf,
}
impl EnvLock {
/// Acquire environment lock for test isolation
pub fn lock() -> Self {
let guard = ENV_LOCK.lock().unwrap();
let count = TEST_COUNTER.fetch_add(1, Ordering::SeqCst);
let temp_home = std::env::temp_dir().join(format!("plugin-test-{count}"));
// Set up isolated environment
std::fs::create_dir_all(&temp_home).ok();
std::fs::create_dir_all(temp_home.join(".claude/plugins/installed")).ok();
std::fs::create_dir_all(temp_home.join(".config")).ok();
// Redirect HOME and XDG_CONFIG_HOME to temp directory
env::set_var("HOME", &temp_home);
env::set_var("XDG_CONFIG_HOME", temp_home.join(".config"));
env::set_var("XDG_DATA_HOME", temp_home.join(".local/share"));
EnvLock {
_guard: guard,
temp_home,
}
}
/// Get the temporary home directory for this test
#[must_use]
pub fn temp_home(&self) -> &PathBuf {
&self.temp_home
}
}
impl Drop for EnvLock {
fn drop(&mut self) {
// Cleanup temp directory
std::fs::remove_dir_all(&self.temp_home).ok();
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_env_lock_creates_isolated_home() {
let lock = EnvLock::lock();
let home = env::var("HOME").unwrap();
assert!(home.contains("plugin-test-"));
assert_eq!(home, lock.temp_home().to_str().unwrap());
}
#[test]
fn test_env_lock_creates_plugin_directories() {
let lock = EnvLock::lock();
let plugins_dir = lock.temp_home().join(".claude/plugins/installed");
assert!(plugins_dir.exists());
}
}

2
rust/crates/runtime/Cargo.toml
View File

@@ -13,7 +13,7 @@ regex = "1"
serde = { version = "1", features = ["derive"] }
serde_json.workspace = true
telemetry = { path = "../telemetry" }
tokio = { version = "1", features = ["io-util", "macros", "process", "rt", "rt-multi-thread", "time"] }
tokio = { version = "1", features = ["io-std", "io-util", "macros", "process", "rt", "rt-multi-thread", "time"] }
walkdir = "2"
[lints]

66
rust/crates/runtime/src/bash.rs
View File

@@ -8,6 +8,7 @@ use tokio::process::Command as TokioCommand;
use tokio::runtime::Builder;
use tokio::time::timeout;
use crate::lane_events::{LaneEvent, ShipMergeMethod, ShipProvenance};
use crate::sandbox::{
build_linux_sandbox_command, resolve_sandbox_status_for_request, FilesystemIsolationMode,
SandboxConfig, SandboxStatus,
@@ -102,11 +103,76 @@ pub fn execute_bash(input: BashCommandInput) -> io::Result<BashCommandOutput> {
runtime.block_on(execute_bash_async(input, sandbox_status, cwd))
}
/// Detect git push to main and emit ship provenance event
fn detect_and_emit_ship_prepared(command: &str) {
let trimmed = command.trim();
// Simple detection: git push with main/master
if trimmed.contains("git push") && (trimmed.contains("main") || trimmed.contains("master")) {
// Emit ship.prepared event
let now = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap_or_default()
.as_millis();
let provenance = ShipProvenance {
source_branch: get_current_branch().unwrap_or_else(|| "unknown".to_string()),
base_commit: get_head_commit().unwrap_or_default(),
commit_count: 0, // Would need to calculate from range
commit_range: "unknown..HEAD".to_string(),
merge_method: ShipMergeMethod::DirectPush,
actor: get_git_actor().unwrap_or_else(|| "unknown".to_string()),
pr_number: None,
};
let _event = LaneEvent::ship_prepared(format!("{}", now), &provenance);
// Log to stderr as interim routing before event stream integration
eprintln!(
"[ship.prepared] branch={} -> main, commits={}, actor={}",
provenance.source_branch, provenance.commit_count, provenance.actor
);
}
}
fn get_current_branch() -> Option<String> {
let output = Command::new("git")
.args(["branch", "--show-current"])
.output()
.ok()?;
if output.status.success() {
Some(String::from_utf8_lossy(&output.stdout).trim().to_string())
} else {
None
}
}
fn get_head_commit() -> Option<String> {
let output = Command::new("git")
.args(["rev-parse", "--short", "HEAD"])
.output()
.ok()?;
if output.status.success() {
Some(String::from_utf8_lossy(&output.stdout).trim().to_string())
} else {
None
}
}
fn get_git_actor() -> Option<String> {
let name = Command::new("git")
.args(["config", "user.name"])
.output()
.ok()
.filter(|o| o.status.success())
.map(|o| String::from_utf8_lossy(&o.stdout).trim().to_string())?;
Some(name)
}
async fn execute_bash_async(
input: BashCommandInput,
sandbox_status: SandboxStatus,
cwd: std::path::PathBuf,
) -> io::Result<BashCommandOutput> {
// Detect and emit ship provenance for git push operations
detect_and_emit_ship_prepared(&input.command);
let mut command = prepare_tokio_command(&input.command, &cwd, &sandbox_status, true);
let output_result = if let Some(timeout_ms) = input.timeout {

137
rust/crates/runtime/src/compact.rs
View File

@@ -108,10 +108,54 @@ pub fn compact_session(session: &Session, config: CompactionConfig) -> Compactio
.first()
.and_then(extract_existing_compacted_summary);
let compacted_prefix_len = usize::from(existing_summary.is_some());
let keep_from = session
let raw_keep_from = session
.messages
.len()
.saturating_sub(config.preserve_recent_messages);
// Ensure we do not split a tool-use / tool-result pair at the compaction
// boundary. If the first preserved message is a user message whose first
// block is a ToolResult, the assistant message with the matching ToolUse
// was slated for removal — that produces an orphaned tool role message on
// the OpenAI-compat path (400: tool message must follow assistant with
// tool_calls). Walk the boundary back until we start at a safe point.
let keep_from = {
let mut k = raw_keep_from;
// If the first preserved message is a tool-result turn, ensure its
// paired assistant tool-use turn is preserved too. Without this fix,
// the OpenAI-compat adapter sends an orphaned 'tool' role message
// with no preceding assistant 'tool_calls', which providers reject
// with a 400. We walk back only if the immediately preceding message
// is NOT an assistant message that contains a ToolUse block (i.e. the
// pair is actually broken at the boundary).
loop {
if k == 0 || k <= compacted_prefix_len {
break;
}
let first_preserved = &session.messages[k];
let starts_with_tool_result = first_preserved
.blocks
.first()
.is_some_and(|b| matches!(b, ContentBlock::ToolResult { .. }));
if !starts_with_tool_result {
break;
}
// Check the message just before the current boundary.
let preceding = &session.messages[k - 1];
let preceding_has_tool_use = preceding
.blocks
.iter()
.any(|b| matches!(b, ContentBlock::ToolUse { .. }));
if preceding_has_tool_use {
// Pair is intact — walk back one more to include the assistant turn.
k = k.saturating_sub(1);
break;
}
// Preceding message has no ToolUse but we have a ToolResult —
// this is already an orphaned pair; walk back to try to fix it.
k = k.saturating_sub(1);
}
k
};
let removed = &session.messages[compacted_prefix_len..keep_from];
let preserved = session.messages[keep_from..].to_vec();
let summary =
@@ -510,7 +554,7 @@ fn extract_summary_timeline(summary: &str) -> Vec<String> {
#[cfg(test)]
mod tests {
use super::{
collect_key_files, compact_session, estimate_session_tokens, format_compact_summary,
collect_key_files, compact_session, format_compact_summary,
get_compact_continuation_message, infer_pending_work, should_compact, CompactionConfig,
};
use crate::session::{ContentBlock, ConversationMessage, MessageRole, Session};
@@ -559,7 +603,14 @@ mod tests {
},
);
assert_eq!(result.removed_message_count, 2);
// With the tool-use/tool-result boundary fix, the compaction preserves
// one extra message to avoid an orphaned tool result at the boundary.
// messages[1] (assistant) must be kept along with messages[2] (tool result).
assert!(
result.removed_message_count <= 2,
"expected at most 2 removed, got {}",
result.removed_message_count
);
assert_eq!(
result.compacted_session.messages[0].role,
MessageRole::System
@@ -577,8 +628,13 @@ mod tests {
max_estimated_tokens: 1,
}
));
// Note: with the tool-use/tool-result boundary guard the compacted session
// may preserve one extra message at the boundary, so token reduction is
// not guaranteed for small sessions. The invariant that matters is that
// the removed_message_count is non-zero (something was compacted).
assert!(
estimate_session_tokens(&result.compacted_session) < estimate_session_tokens(&session)
result.removed_message_count > 0,
"compaction must remove at least one message"
);
}
@@ -682,6 +738,79 @@ mod tests {
assert!(files.contains(&"rust/crates/rusty-claude-cli/src/main.rs".to_string()));
}
/// Regression: compaction must not split an assistant(ToolUse) /
/// user(ToolResult) pair at the boundary. An orphaned tool-result message
/// without the preceding assistant `tool_calls` causes a 400 on the
/// OpenAI-compat path (gaebal-gajae repro 2026-04-09).
#[test]
fn compaction_does_not_split_tool_use_tool_result_pair() {
use crate::session::{ContentBlock, Session};
let tool_id = "call_abc";
let mut session = Session::default();
// Turn 1: user prompt
session
.push_message(ConversationMessage::user_text("Search for files"))
.unwrap();
// Turn 2: assistant calls a tool
session
.push_message(ConversationMessage::assistant(vec![
ContentBlock::ToolUse {
id: tool_id.to_string(),
name: "search".to_string(),
input: "{\"q\":\"*.rs\"}".to_string(),
},
]))
.unwrap();
// Turn 3: tool result
session
.push_message(ConversationMessage::tool_result(
tool_id,
"search",
"found 5 files",
false,
))
.unwrap();
// Turn 4: assistant final response
session
.push_message(ConversationMessage::assistant(vec![ContentBlock::Text {
text: "Done.".to_string(),
}]))
.unwrap();
// Compact preserving only 1 recent message — without the fix this
// would cut the boundary so that the tool result (turn 3) is first,
// without its preceding assistant tool_calls (turn 2).
let config = CompactionConfig {
preserve_recent_messages: 1,
..CompactionConfig::default()
};
let result = compact_session(&session, config);
// After compaction, no two consecutive messages should have the pattern
// tool_result immediately following a non-assistant message (i.e. an
// orphaned tool result without a preceding assistant ToolUse).
let messages = &result.compacted_session.messages;
for i in 1..messages.len() {
let curr_is_tool_result = messages[i]
.blocks
.first()
.is_some_and(|b| matches!(b, ContentBlock::ToolResult { .. }));
if curr_is_tool_result {
let prev_has_tool_use = messages[i - 1]
.blocks
.iter()
.any(|b| matches!(b, ContentBlock::ToolUse { .. }));
assert!(
prev_has_tool_use,
"message[{}] is a ToolResult but message[{}] has no ToolUse: {:?}",
i,
i - 1,
&messages[i - 1].blocks
);
}
}
}
#[test]
fn infers_pending_work_from_recent_messages() {
let pending = infer_pending_work(&[

491
rust/crates/runtime/src/config.rs
View File

@@ -48,6 +48,7 @@ pub struct RuntimePluginConfig {
install_root: Option<String>,
registry_path: Option<String>,
bundled_root: Option<String>,
max_output_tokens: Option<u32>,
}
/// Structured feature configuration consumed by runtime subsystems.
@@ -58,9 +59,21 @@ pub struct RuntimeFeatureConfig {
mcp: McpConfigCollection,
oauth: Option<OAuthConfig>,
model: Option<String>,
aliases: BTreeMap<String, String>,
permission_mode: Option<ResolvedPermissionMode>,
permission_rules: RuntimePermissionRuleConfig,
sandbox: SandboxConfig,
provider_fallbacks: ProviderFallbackConfig,
trusted_roots: Vec<String>,
}
/// Ordered chain of fallback model identifiers used when the primary
/// provider returns a retryable failure (429/500/503/etc.). The chain is
/// strict: each entry is tried in order until one succeeds.
#[derive(Debug, Clone, PartialEq, Eq, Default)]
pub struct ProviderFallbackConfig {
primary: Option<String>,
fallbacks: Vec<String>,
}
/// Hook command lists grouped by lifecycle stage.
@@ -259,17 +272,33 @@ impl ConfigLoader {
let mut merged = BTreeMap::new();
let mut loaded_entries = Vec::new();
let mut mcp_servers = BTreeMap::new();
let mut all_warnings = Vec::new();
for entry in self.discover() {
let Some(value) = read_optional_json_object(&entry.path)? else {
crate::config_validate::check_unsupported_format(&entry.path)?;
let Some(parsed) = read_optional_json_object(&entry.path)? else {
continue;
};
validate_optional_hooks_config(&value, &entry.path)?;
merge_mcp_servers(&mut mcp_servers, entry.source, &value, &entry.path)?;
deep_merge_objects(&mut merged, &value);
let validation = crate::config_validate::validate_config_file(
&parsed.object,
&parsed.source,
&entry.path,
);
if !validation.is_ok() {
let first_error = &validation.errors[0];
return Err(ConfigError::Parse(first_error.to_string()));
}
all_warnings.extend(validation.warnings);
validate_optional_hooks_config(&parsed.object, &entry.path)?;
merge_mcp_servers(&mut mcp_servers, entry.source, &parsed.object, &entry.path)?;
deep_merge_objects(&mut merged, &parsed.object);
loaded_entries.push(entry);
}
for warning in &all_warnings {
eprintln!("warning: {warning}");
}
let merged_value = JsonValue::Object(merged.clone());
let feature_config = RuntimeFeatureConfig {
@@ -280,9 +309,12 @@ impl ConfigLoader {
},
oauth: parse_optional_oauth_config(&merged_value, "merged settings.oauth")?,
model: parse_optional_model(&merged_value),
aliases: parse_optional_aliases(&merged_value)?,
permission_mode: parse_optional_permission_mode(&merged_value)?,
permission_rules: parse_optional_permission_rules(&merged_value)?,
sandbox: parse_optional_sandbox_config(&merged_value)?,
provider_fallbacks: parse_optional_provider_fallbacks(&merged_value)?,
trusted_roots: parse_optional_trusted_roots(&merged_value)?,
};
Ok(RuntimeConfig {
@@ -353,6 +385,11 @@ impl RuntimeConfig {
self.feature_config.model.as_deref()
}
#[must_use]
pub fn aliases(&self) -> &BTreeMap<String, String> {
&self.feature_config.aliases
}
#[must_use]
pub fn permission_mode(&self) -> Option<ResolvedPermissionMode> {
self.feature_config.permission_mode
@@ -367,6 +404,16 @@ impl RuntimeConfig {
pub fn sandbox(&self) -> &SandboxConfig {
&self.feature_config.sandbox
}
#[must_use]
pub fn provider_fallbacks(&self) -> &ProviderFallbackConfig {
&self.feature_config.provider_fallbacks
}
#[must_use]
pub fn trusted_roots(&self) -> &[String] {
&self.feature_config.trusted_roots
}
}
impl RuntimeFeatureConfig {
@@ -407,6 +454,11 @@ impl RuntimeFeatureConfig {
self.model.as_deref()
}
#[must_use]
pub fn aliases(&self) -> &BTreeMap<String, String> {
&self.aliases
}
#[must_use]
pub fn permission_mode(&self) -> Option<ResolvedPermissionMode> {
self.permission_mode
@@ -421,6 +473,38 @@ impl RuntimeFeatureConfig {
pub fn sandbox(&self) -> &SandboxConfig {
&self.sandbox
}
#[must_use]
pub fn provider_fallbacks(&self) -> &ProviderFallbackConfig {
&self.provider_fallbacks
}
#[must_use]
pub fn trusted_roots(&self) -> &[String] {
&self.trusted_roots
}
}
impl ProviderFallbackConfig {
#[must_use]
pub fn new(primary: Option<String>, fallbacks: Vec<String>) -> Self {
Self { primary, fallbacks }
}
#[must_use]
pub fn primary(&self) -> Option<&str> {
self.primary.as_deref()
}
#[must_use]
pub fn fallbacks(&self) -> &[String] {
&self.fallbacks
}
#[must_use]
pub fn is_empty(&self) -> bool {
self.fallbacks.is_empty()
}
}
impl RuntimePluginConfig {
@@ -449,6 +533,15 @@ impl RuntimePluginConfig {
self.bundled_root.as_deref()
}
#[must_use]
pub fn max_output_tokens(&self) -> Option<u32> {
self.max_output_tokens
}
pub fn set_max_output_tokens(&mut self, max_output_tokens: Option<u32>) {
self.max_output_tokens = max_output_tokens;
}
pub fn set_plugin_state(&mut self, plugin_id: String, enabled: bool) {
self.enabled_plugins.insert(plugin_id, enabled);
}
@@ -572,9 +665,13 @@ impl McpServerConfig {
}
}
fn read_optional_json_object(
path: &Path,
) -> Result<Option<BTreeMap<String, JsonValue>>, ConfigError> {
/// Parsed JSON object paired with its raw source text for validation.
struct ParsedConfigFile {
object: BTreeMap<String, JsonValue>,
source: String,
}
fn read_optional_json_object(path: &Path) -> Result<Option<ParsedConfigFile>, ConfigError> {
let is_legacy_config = path.file_name().and_then(|name| name.to_str()) == Some(".claw.json");
let contents = match fs::read_to_string(path) {
Ok(contents) => contents,
@@ -583,7 +680,10 @@ fn read_optional_json_object(
};
if contents.trim().is_empty() {
return Ok(Some(BTreeMap::new()));
return Ok(Some(ParsedConfigFile {
object: BTreeMap::new(),
source: contents,
}));
}
let parsed = match JsonValue::parse(&contents) {
@@ -600,7 +700,10 @@ fn read_optional_json_object(
path.display()
)));
};
Ok(Some(object.clone()))
Ok(Some(ParsedConfigFile {
object: object.clone(),
source: contents,
}))
}
fn merge_mcp_servers(
@@ -637,6 +740,13 @@ fn parse_optional_model(root: &JsonValue) -> Option<String> {
.map(ToOwned::to_owned)
}
fn parse_optional_aliases(root: &JsonValue) -> Result<BTreeMap<String, String>, ConfigError> {
let Some(object) = root.as_object() else {
return Ok(BTreeMap::new());
};
Ok(optional_string_map(object, "aliases", "merged settings")?.unwrap_or_default())
}
fn parse_optional_hooks_config(root: &JsonValue) -> Result<RuntimeHookConfig, ConfigError> {
let Some(object) = root.as_object() else {
return Ok(RuntimeHookConfig::default());
@@ -714,6 +824,7 @@ fn parse_optional_plugin_config(root: &JsonValue) -> Result<RuntimePluginConfig,
optional_string(plugins, "registryPath", "merged settings.plugins")?.map(str::to_string);
config.bundled_root =
optional_string(plugins, "bundledRoot", "merged settings.plugins")?.map(str::to_string);
config.max_output_tokens = optional_u32(plugins, "maxOutputTokens", "merged settings.plugins")?;
Ok(config)
}
@@ -776,6 +887,33 @@ fn parse_optional_sandbox_config(root: &JsonValue) -> Result<SandboxConfig, Conf
})
}
fn parse_optional_provider_fallbacks(
root: &JsonValue,
) -> Result<ProviderFallbackConfig, ConfigError> {
let Some(object) = root.as_object() else {
return Ok(ProviderFallbackConfig::default());
};
let Some(value) = object.get("providerFallbacks") else {
return Ok(ProviderFallbackConfig::default());
};
let entry = expect_object(value, "merged settings.providerFallbacks")?;
let primary =
optional_string(entry, "primary", "merged settings.providerFallbacks")?.map(str::to_string);
let fallbacks = optional_string_array(entry, "fallbacks", "merged settings.providerFallbacks")?
.unwrap_or_default();
Ok(ProviderFallbackConfig { primary, fallbacks })
}
fn parse_optional_trusted_roots(root: &JsonValue) -> Result<Vec<String>, ConfigError> {
let Some(object) = root.as_object() else {
return Ok(Vec::new());
};
Ok(
optional_string_array(object, "trustedRoots", "merged settings.trustedRoots")?
.unwrap_or_default(),
)
}
fn parse_filesystem_mode_label(value: &str) -> Result<FilesystemIsolationMode, ConfigError> {
match value {
"off" => Ok(FilesystemIsolationMode::Off),
@@ -957,6 +1095,27 @@ fn optional_u16(
}
}
fn optional_u32(
object: &BTreeMap<String, JsonValue>,
key: &str,
context: &str,
) -> Result<Option<u32>, ConfigError> {
match object.get(key) {
Some(value) => {
let Some(number) = value.as_i64() else {
return Err(ConfigError::Parse(format!(
"{context}: field {key} must be a non-negative integer"
)));
};
let number = u32::try_from(number).map_err(|_| {
ConfigError::Parse(format!("{context}: field {key} is out of range"))
})?;
Ok(Some(number))
}
None => Ok(None),
}
}
fn optional_u64(
object: &BTreeMap<String, JsonValue>,
key: &str,
@@ -1247,6 +1406,113 @@ mod tests {
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn parses_provider_fallbacks_chain_with_primary_and_ordered_fallbacks() {
// given
let root = temp_dir();
let cwd = root.join("project");
let home = root.join("home").join(".claw");
fs::create_dir_all(cwd.join(".claw")).expect("project config dir");
fs::create_dir_all(&home).expect("home config dir");
fs::write(
home.join("settings.json"),
r#"{
"providerFallbacks": {
"primary": "claude-opus-4-6",
"fallbacks": ["grok-3", "grok-3-mini"]
}
}"#,
)
.expect("write provider fallback settings");
// when
let loaded = ConfigLoader::new(&cwd, &home)
.load()
.expect("config should load");
// then
let chain = loaded.provider_fallbacks();
assert_eq!(chain.primary(), Some("claude-opus-4-6"));
assert_eq!(
chain.fallbacks(),
&["grok-3".to_string(), "grok-3-mini".to_string()]
);
assert!(!chain.is_empty());
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn provider_fallbacks_default_is_empty_when_unset() {
// given
let root = temp_dir();
let cwd = root.join("project");
let home = root.join("home").join(".claw");
fs::create_dir_all(&home).expect("home config dir");
fs::create_dir_all(&cwd).expect("project dir");
fs::write(home.join("settings.json"), "{}").expect("write empty settings");
// when
let loaded = ConfigLoader::new(&cwd, &home)
.load()
.expect("config should load");
// then
let chain = loaded.provider_fallbacks();
assert_eq!(chain.primary(), None);
assert!(chain.fallbacks().is_empty());
assert!(chain.is_empty());
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn parses_trusted_roots_from_settings() {
// given
let root = temp_dir();
let cwd = root.join("project");
let home = root.join("home").join(".claw");
fs::create_dir_all(&home).expect("home config dir");
fs::create_dir_all(&cwd).expect("project dir");
fs::write(
home.join("settings.json"),
r#"{"trustedRoots": ["/tmp/worktrees", "/home/user/projects"]}"#,
)
.expect("write settings");
// when
let loaded = ConfigLoader::new(&cwd, &home)
.load()
.expect("config should load");
// then
let roots = loaded.trusted_roots();
assert_eq!(roots, ["/tmp/worktrees", "/home/user/projects"]);
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn trusted_roots_default_is_empty_when_unset() {
// given
let root = temp_dir();
let cwd = root.join("project");
let home = root.join("home").join(".claw");
fs::create_dir_all(&home).expect("home config dir");
fs::create_dir_all(&cwd).expect("project dir");
fs::write(home.join("settings.json"), "{}").expect("write empty settings");
// when
let loaded = ConfigLoader::new(&cwd, &home)
.load()
.expect("config should load");
// then
assert!(loaded.trusted_roots().is_empty());
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn parses_typed_mcp_and_oauth_config() {
let root = temp_dir();
@@ -1493,6 +1759,49 @@ mod tests {
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn parses_user_defined_model_aliases_from_settings() {
// given
let root = temp_dir();
let cwd = root.join("project");
let home = root.join("home").join(".claw");
fs::create_dir_all(cwd.join(".claw")).expect("project config dir");
fs::create_dir_all(&home).expect("home config dir");
fs::write(
home.join("settings.json"),
r#"{"aliases":{"fast":"claude-haiku-4-5-20251213","smart":"claude-opus-4-6"}}"#,
)
.expect("write user settings");
fs::write(
cwd.join(".claw").join("settings.local.json"),
r#"{"aliases":{"smart":"claude-sonnet-4-6","cheap":"grok-3-mini"}}"#,
)
.expect("write local settings");
// when
let loaded = ConfigLoader::new(&cwd, &home)
.load()
.expect("config should load");
// then
let aliases = loaded.aliases();
assert_eq!(
aliases.get("fast").map(String::as_str),
Some("claude-haiku-4-5-20251213")
);
assert_eq!(
aliases.get("smart").map(String::as_str),
Some("claude-sonnet-4-6")
);
assert_eq!(
aliases.get("cheap").map(String::as_str),
Some("grok-3-mini")
);
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn empty_settings_file_loads_defaults() {
// given
@@ -1574,12 +1883,13 @@ mod tests {
.load()
.expect_err("config should fail");
// then
// then — config validation now catches the mixed array before the hooks parser
let rendered = error.to_string();
assert!(rendered.contains(&format!(
"{}: hooks: field PreToolUse must contain only strings",
project_settings.display()
)));
assert!(
rendered.contains("hooks.PreToolUse")
&& rendered.contains("must be an array of strings"),
"expected validation error for hooks.PreToolUse, got: {rendered}"
);
assert!(!rendered.contains("merged settings.hooks"));
fs::remove_dir_all(root).expect("cleanup temp dir");
@@ -1645,4 +1955,157 @@ mod tests {
assert!(config.state_for("missing", true));
assert!(!config.state_for("missing", false));
}
#[test]
fn validates_unknown_top_level_keys_with_line_and_field_name() {
// given
let root = temp_dir();
let cwd = root.join("project");
let home = root.join("home").join(".claw");
let user_settings = home.join("settings.json");
fs::create_dir_all(&home).expect("home config dir");
fs::create_dir_all(&cwd).expect("project dir");
fs::write(
&user_settings,
"{\n \"model\": \"opus\",\n \"telemetry\": true\n}\n",
)
.expect("write user settings");
// when
let error = ConfigLoader::new(&cwd, &home)
.load()
.expect_err("config should fail");
// then
let rendered = error.to_string();
assert!(
rendered.contains(&user_settings.display().to_string()),
"error should include file path, got: {rendered}"
);
assert!(
rendered.contains("line 3"),
"error should include line number, got: {rendered}"
);
assert!(
rendered.contains("telemetry"),
"error should name the offending field, got: {rendered}"
);
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn validates_deprecated_top_level_keys_with_replacement_guidance() {
// given
let root = temp_dir();
let cwd = root.join("project");
let home = root.join("home").join(".claw");
let user_settings = home.join("settings.json");
fs::create_dir_all(&home).expect("home config dir");
fs::create_dir_all(&cwd).expect("project dir");
fs::write(
&user_settings,
"{\n \"model\": \"opus\",\n \"allowedTools\": [\"Read\"]\n}\n",
)
.expect("write user settings");
// when
let error = ConfigLoader::new(&cwd, &home)
.load()
.expect_err("config should fail");
// then
let rendered = error.to_string();
assert!(
rendered.contains(&user_settings.display().to_string()),
"error should include file path, got: {rendered}"
);
assert!(
rendered.contains("line 3"),
"error should include line number, got: {rendered}"
);
assert!(
rendered.contains("allowedTools"),
"error should call out the unknown field, got: {rendered}"
);
// allowedTools is an unknown key; validator should name it in the error
assert!(
rendered.contains("allowedTools"),
"error should name the offending field, got: {rendered}"
);
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn validates_wrong_type_for_known_field_with_field_path() {
// given
let root = temp_dir();
let cwd = root.join("project");
let home = root.join("home").join(".claw");
let user_settings = home.join("settings.json");
fs::create_dir_all(&home).expect("home config dir");
fs::create_dir_all(&cwd).expect("project dir");
fs::write(
&user_settings,
"{\n \"hooks\": {\n \"PreToolUse\": \"not-an-array\"\n }\n}\n",
)
.expect("write user settings");
// when
let error = ConfigLoader::new(&cwd, &home)
.load()
.expect_err("config should fail");
// then
let rendered = error.to_string();
assert!(
rendered.contains(&user_settings.display().to_string()),
"error should include file path, got: {rendered}"
);
assert!(
rendered.contains("hooks"),
"error should include field path component 'hooks', got: {rendered}"
);
assert!(
rendered.contains("PreToolUse"),
"error should describe the type mismatch, got: {rendered}"
);
assert!(
rendered.contains("array"),
"error should describe the expected type, got: {rendered}"
);
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn unknown_top_level_key_suggests_closest_match() {
// given
let root = temp_dir();
let cwd = root.join("project");
let home = root.join("home").join(".claw");
let user_settings = home.join("settings.json");
fs::create_dir_all(&home).expect("home config dir");
fs::create_dir_all(&cwd).expect("project dir");
fs::write(&user_settings, "{\n \"modle\": \"opus\"\n}\n").expect("write user settings");
// when
let error = ConfigLoader::new(&cwd, &home)
.load()
.expect_err("config should fail");
// then
let rendered = error.to_string();
assert!(
rendered.contains("modle"),
"error should name the offending field, got: {rendered}"
);
assert!(
rendered.contains("model"),
"error should suggest the closest known key, got: {rendered}"
);
fs::remove_dir_all(root).expect("cleanup temp dir");
}
}

901
rust/crates/runtime/src/config_validate.rs Normal file
View File

@@ -0,0 +1,901 @@
use std::collections::BTreeMap;
use std::path::Path;
use crate::config::ConfigError;
use crate::json::JsonValue;
/// Diagnostic emitted when a config file contains a suspect field.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct ConfigDiagnostic {
pub path: String,
pub field: String,
pub line: Option<usize>,
pub kind: DiagnosticKind,
}
/// Classification of the diagnostic.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum DiagnosticKind {
UnknownKey {
suggestion: Option<String>,
},
WrongType {
expected: &'static str,
got: &'static str,
},
Deprecated {
replacement: &'static str,
},
}
impl std::fmt::Display for ConfigDiagnostic {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
let location = self
.line
.map_or_else(String::new, |line| format!(" (line {line})"));
match &self.kind {
DiagnosticKind::UnknownKey { suggestion: None } => {
write!(f, "{}: unknown key \"{}\"{location}", self.path, self.field)
}
DiagnosticKind::UnknownKey {
suggestion: Some(hint),
} => {
write!(
f,
"{}: unknown key \"{}\"{location}. Did you mean \"{}\"?",
self.path, self.field, hint
)
}
DiagnosticKind::WrongType { expected, got } => {
write!(
f,
"{}: field \"{}\" must be {expected}, got {got}{location}",
self.path, self.field
)
}
DiagnosticKind::Deprecated { replacement } => {
write!(
f,
"{}: field \"{}\" is deprecated{location}. Use \"{replacement}\" instead",
self.path, self.field
)
}
}
}
}
/// Result of validating a single config file.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct ValidationResult {
pub errors: Vec<ConfigDiagnostic>,
pub warnings: Vec<ConfigDiagnostic>,
}
impl ValidationResult {
#[must_use]
pub fn is_ok(&self) -> bool {
self.errors.is_empty()
}
fn merge(&mut self, other: Self) {
self.errors.extend(other.errors);
self.warnings.extend(other.warnings);
}
}
// ---- known-key schema ----
/// Expected type for a config field.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
enum FieldType {
String,
Bool,
Object,
StringArray,
Number,
}
impl FieldType {
fn label(self) -> &'static str {
match self {
Self::String => "a string",
Self::Bool => "a boolean",
Self::Object => "an object",
Self::StringArray => "an array of strings",
Self::Number => "a number",
}
}
fn matches(self, value: &JsonValue) -> bool {
match self {
Self::String => value.as_str().is_some(),
Self::Bool => value.as_bool().is_some(),
Self::Object => value.as_object().is_some(),
Self::StringArray => value
.as_array()
.is_some_and(|arr| arr.iter().all(|v| v.as_str().is_some())),
Self::Number => value.as_i64().is_some(),
}
}
}
fn json_type_label(value: &JsonValue) -> &'static str {
match value {
JsonValue::Null => "null",
JsonValue::Bool(_) => "a boolean",
JsonValue::Number(_) => "a number",
JsonValue::String(_) => "a string",
JsonValue::Array(_) => "an array",
JsonValue::Object(_) => "an object",
}
}
struct FieldSpec {
name: &'static str,
expected: FieldType,
}
struct DeprecatedField {
name: &'static str,
replacement: &'static str,
}
const TOP_LEVEL_FIELDS: &[FieldSpec] = &[
FieldSpec {
name: "$schema",
expected: FieldType::String,
},
FieldSpec {
name: "model",
expected: FieldType::String,
},
FieldSpec {
name: "hooks",
expected: FieldType::Object,
},
FieldSpec {
name: "permissions",
expected: FieldType::Object,
},
FieldSpec {
name: "permissionMode",
expected: FieldType::String,
},
FieldSpec {
name: "mcpServers",
expected: FieldType::Object,
},
FieldSpec {
name: "oauth",
expected: FieldType::Object,
},
FieldSpec {
name: "enabledPlugins",
expected: FieldType::Object,
},
FieldSpec {
name: "plugins",
expected: FieldType::Object,
},
FieldSpec {
name: "sandbox",
expected: FieldType::Object,
},
FieldSpec {
name: "env",
expected: FieldType::Object,
},
FieldSpec {
name: "aliases",
expected: FieldType::Object,
},
FieldSpec {
name: "providerFallbacks",
expected: FieldType::Object,
},
FieldSpec {
name: "trustedRoots",
expected: FieldType::StringArray,
},
];
const HOOKS_FIELDS: &[FieldSpec] = &[
FieldSpec {
name: "PreToolUse",
expected: FieldType::StringArray,
},
FieldSpec {
name: "PostToolUse",
expected: FieldType::StringArray,
},
FieldSpec {
name: "PostToolUseFailure",
expected: FieldType::StringArray,
},
];
const PERMISSIONS_FIELDS: &[FieldSpec] = &[
FieldSpec {
name: "defaultMode",
expected: FieldType::String,
},
FieldSpec {
name: "allow",
expected: FieldType::StringArray,
},
FieldSpec {
name: "deny",
expected: FieldType::StringArray,
},
FieldSpec {
name: "ask",
expected: FieldType::StringArray,
},
];
const PLUGINS_FIELDS: &[FieldSpec] = &[
FieldSpec {
name: "enabled",
expected: FieldType::Object,
},
FieldSpec {
name: "externalDirectories",
expected: FieldType::StringArray,
},
FieldSpec {
name: "installRoot",
expected: FieldType::String,
},
FieldSpec {
name: "registryPath",
expected: FieldType::String,
},
FieldSpec {
name: "bundledRoot",
expected: FieldType::String,
},
FieldSpec {
name: "maxOutputTokens",
expected: FieldType::Number,
},
];
const SANDBOX_FIELDS: &[FieldSpec] = &[
FieldSpec {
name: "enabled",
expected: FieldType::Bool,
},
FieldSpec {
name: "namespaceRestrictions",
expected: FieldType::Bool,
},
FieldSpec {
name: "networkIsolation",
expected: FieldType::Bool,
},
FieldSpec {
name: "filesystemMode",
expected: FieldType::String,
},
FieldSpec {
name: "allowedMounts",
expected: FieldType::StringArray,
},
];
const OAUTH_FIELDS: &[FieldSpec] = &[
FieldSpec {
name: "clientId",
expected: FieldType::String,
},
FieldSpec {
name: "authorizeUrl",
expected: FieldType::String,
},
FieldSpec {
name: "tokenUrl",
expected: FieldType::String,
},
FieldSpec {
name: "callbackPort",
expected: FieldType::Number,
},
FieldSpec {
name: "manualRedirectUrl",
expected: FieldType::String,
},
FieldSpec {
name: "scopes",
expected: FieldType::StringArray,
},
];
const DEPRECATED_FIELDS: &[DeprecatedField] = &[
DeprecatedField {
name: "permissionMode",
replacement: "permissions.defaultMode",
},
DeprecatedField {
name: "enabledPlugins",
replacement: "plugins.enabled",
},
];
// ---- line-number resolution ----
/// Find the 1-based line number where a JSON key first appears in the raw source.
fn find_key_line(source: &str, key: &str) -> Option<usize> {
// Search for `"key"` followed by optional whitespace and a colon.
let needle = format!("\"{key}\"");
let mut search_start = 0;
while let Some(offset) = source[search_start..].find(&needle) {
let absolute = search_start + offset;
let after = absolute + needle.len();
// Verify the next non-whitespace char is `:` to confirm this is a key, not a value.
if source[after..].chars().find(|ch| !ch.is_ascii_whitespace()) == Some(':') {
return Some(source[..absolute].chars().filter(|&ch| ch == '\n').count() + 1);
}
search_start = after;
}
None
}
// ---- core validation ----
fn validate_object_keys(
object: &BTreeMap<String, JsonValue>,
known_fields: &[FieldSpec],
prefix: &str,
source: &str,
path_display: &str,
) -> ValidationResult {
let mut result = ValidationResult {
errors: Vec::new(),
warnings: Vec::new(),
};
let known_names: Vec<&str> = known_fields.iter().map(|f| f.name).collect();
for (key, value) in object {
let field_path = if prefix.is_empty() {
key.clone()
} else {
format!("{prefix}.{key}")
};
if let Some(spec) = known_fields.iter().find(|f| f.name == key) {
// Type check.
if !spec.expected.matches(value) {
result.errors.push(ConfigDiagnostic {
path: path_display.to_string(),
field: field_path,
line: find_key_line(source, key),
kind: DiagnosticKind::WrongType {
expected: spec.expected.label(),
got: json_type_label(value),
},
});
}
} else if DEPRECATED_FIELDS.iter().any(|d| d.name == key) {
// Deprecated key — handled separately, not an unknown-key error.
} else {
// Unknown key.
let suggestion = suggest_field(key, &known_names);
result.errors.push(ConfigDiagnostic {
path: path_display.to_string(),
field: field_path,
line: find_key_line(source, key),
kind: DiagnosticKind::UnknownKey { suggestion },
});
}
}
result
}
fn suggest_field(input: &str, candidates: &[&str]) -> Option<String> {
let input_lower = input.to_ascii_lowercase();
candidates
.iter()
.filter_map(|candidate| {
let distance = simple_edit_distance(&input_lower, &candidate.to_ascii_lowercase());
(distance <= 3).then_some((distance, *candidate))
})
.min_by_key(|(distance, _)| *distance)
.map(|(_, name)| name.to_string())
}
fn simple_edit_distance(left: &str, right: &str) -> usize {
if left.is_empty() {
return right.len();
}
if right.is_empty() {
return left.len();
}
let right_chars: Vec<char> = right.chars().collect();
let mut previous: Vec<usize> = (0..=right_chars.len()).collect();
let mut current = vec![0; right_chars.len() + 1];
for (left_index, left_char) in left.chars().enumerate() {
current[0] = left_index + 1;
for (right_index, right_char) in right_chars.iter().enumerate() {
let cost = usize::from(left_char != *right_char);
current[right_index + 1] = (previous[right_index + 1] + 1)
.min(current[right_index] + 1)
.min(previous[right_index] + cost);
}
previous.clone_from(&current);
}
previous[right_chars.len()]
}
/// Validate a parsed config file's keys and types against the known schema.
///
/// Returns diagnostics (errors and deprecation warnings) without blocking the load.
pub fn validate_config_file(
object: &BTreeMap<String, JsonValue>,
source: &str,
file_path: &Path,
) -> ValidationResult {
let path_display = file_path.display().to_string();
let mut result = validate_object_keys(object, TOP_LEVEL_FIELDS, "", source, &path_display);
// Check deprecated fields.
for deprecated in DEPRECATED_FIELDS {
if object.contains_key(deprecated.name) {
result.warnings.push(ConfigDiagnostic {
path: path_display.clone(),
field: deprecated.name.to_string(),
line: find_key_line(source, deprecated.name),
kind: DiagnosticKind::Deprecated {
replacement: deprecated.replacement,
},
});
}
}
// Validate known nested objects.
if let Some(hooks) = object.get("hooks").and_then(JsonValue::as_object) {
result.merge(validate_object_keys(
hooks,
HOOKS_FIELDS,
"hooks",
source,
&path_display,
));
}
if let Some(permissions) = object.get("permissions").and_then(JsonValue::as_object) {
result.merge(validate_object_keys(
permissions,
PERMISSIONS_FIELDS,
"permissions",
source,
&path_display,
));
}
if let Some(plugins) = object.get("plugins").and_then(JsonValue::as_object) {
result.merge(validate_object_keys(
plugins,
PLUGINS_FIELDS,
"plugins",
source,
&path_display,
));
}
if let Some(sandbox) = object.get("sandbox").and_then(JsonValue::as_object) {
result.merge(validate_object_keys(
sandbox,
SANDBOX_FIELDS,
"sandbox",
source,
&path_display,
));
}
if let Some(oauth) = object.get("oauth").and_then(JsonValue::as_object) {
result.merge(validate_object_keys(
oauth,
OAUTH_FIELDS,
"oauth",
source,
&path_display,
));
}
result
}
/// Check whether a file path uses an unsupported config format (e.g. TOML).
pub fn check_unsupported_format(file_path: &Path) -> Result<(), ConfigError> {
if let Some(ext) = file_path.extension().and_then(|e| e.to_str()) {
if ext.eq_ignore_ascii_case("toml") {
return Err(ConfigError::Parse(format!(
"{}: TOML config files are not supported. Use JSON (settings.json) instead",
file_path.display()
)));
}
}
Ok(())
}
/// Format all diagnostics into a human-readable report.
#[must_use]
pub fn format_diagnostics(result: &ValidationResult) -> String {
let mut lines = Vec::new();
for warning in &result.warnings {
lines.push(format!("warning: {warning}"));
}
for error in &result.errors {
lines.push(format!("error: {error}"));
}
lines.join("\n")
}
#[cfg(test)]
mod tests {
use super::*;
use std::path::PathBuf;
fn test_path() -> PathBuf {
PathBuf::from("/test/settings.json")
}
#[test]
fn detects_unknown_top_level_key() {
// given
let source = r#"{"model": "opus", "unknownField": true}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
assert_eq!(result.errors[0].field, "unknownField");
assert!(matches!(
result.errors[0].kind,
DiagnosticKind::UnknownKey { .. }
));
}
#[test]
fn detects_wrong_type_for_model() {
// given
let source = r#"{"model": 123}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
assert_eq!(result.errors[0].field, "model");
assert!(matches!(
result.errors[0].kind,
DiagnosticKind::WrongType {
expected: "a string",
got: "a number"
}
));
}
#[test]
fn detects_deprecated_permission_mode() {
// given
let source = r#"{"permissionMode": "plan"}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.warnings.len(), 1);
assert_eq!(result.warnings[0].field, "permissionMode");
assert!(matches!(
result.warnings[0].kind,
DiagnosticKind::Deprecated {
replacement: "permissions.defaultMode"
}
));
}
#[test]
fn detects_deprecated_enabled_plugins() {
// given
let source = r#"{"enabledPlugins": {"tool-guard@builtin": true}}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.warnings.len(), 1);
assert_eq!(result.warnings[0].field, "enabledPlugins");
assert!(matches!(
result.warnings[0].kind,
DiagnosticKind::Deprecated {
replacement: "plugins.enabled"
}
));
}
#[test]
fn reports_line_number_for_unknown_key() {
// given
let source = "{\n \"model\": \"opus\",\n \"badKey\": true\n}";
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
assert_eq!(result.errors[0].line, Some(3));
assert_eq!(result.errors[0].field, "badKey");
}
#[test]
fn reports_line_number_for_wrong_type() {
// given
let source = "{\n \"model\": 42\n}";
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
assert_eq!(result.errors[0].line, Some(2));
}
#[test]
fn validates_nested_hooks_keys() {
// given
let source = r#"{"hooks": {"PreToolUse": ["cmd"], "BadHook": ["x"]}}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
assert_eq!(result.errors[0].field, "hooks.BadHook");
}
#[test]
fn validates_nested_permissions_keys() {
// given
let source = r#"{"permissions": {"allow": ["Read"], "denyAll": true}}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
assert_eq!(result.errors[0].field, "permissions.denyAll");
}
#[test]
fn validates_nested_sandbox_keys() {
// given
let source = r#"{"sandbox": {"enabled": true, "containerMode": "strict"}}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
assert_eq!(result.errors[0].field, "sandbox.containerMode");
}
#[test]
fn validates_nested_plugins_keys() {
// given
let source = r#"{"plugins": {"installRoot": "/tmp", "autoUpdate": true}}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
assert_eq!(result.errors[0].field, "plugins.autoUpdate");
}
#[test]
fn validates_nested_oauth_keys() {
// given
let source = r#"{"oauth": {"clientId": "abc", "secret": "hidden"}}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
assert_eq!(result.errors[0].field, "oauth.secret");
}
#[test]
fn valid_config_produces_no_diagnostics() {
// given
let source = r#"{
"model": "opus",
"hooks": {"PreToolUse": ["guard"]},
"permissions": {"defaultMode": "plan", "allow": ["Read"]},
"mcpServers": {},
"sandbox": {"enabled": false}
}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert!(result.is_ok());
assert!(result.warnings.is_empty());
}
#[test]
fn suggests_close_field_name() {
// given
let source = r#"{"modle": "opus"}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
match &result.errors[0].kind {
DiagnosticKind::UnknownKey {
suggestion: Some(s),
} => assert_eq!(s, "model"),
other => panic!("expected suggestion, got {other:?}"),
}
}
#[test]
fn format_diagnostics_includes_all_entries() {
// given
let source = r#"{"permissionMode": "plan", "badKey": 1}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
let result = validate_config_file(object, source, &test_path());
// when
let output = format_diagnostics(&result);
// then
assert!(output.contains("warning:"));
assert!(output.contains("error:"));
assert!(output.contains("badKey"));
assert!(output.contains("permissionMode"));
}
#[test]
fn check_unsupported_format_rejects_toml() {
// given
let path = PathBuf::from("/home/.claw/settings.toml");
// when
let result = check_unsupported_format(&path);
// then
assert!(result.is_err());
let message = result.unwrap_err().to_string();
assert!(message.contains("TOML"));
assert!(message.contains("settings.toml"));
}
#[test]
fn check_unsupported_format_allows_json() {
// given
let path = PathBuf::from("/home/.claw/settings.json");
// when / then
assert!(check_unsupported_format(&path).is_ok());
}
#[test]
fn wrong_type_in_nested_sandbox_field() {
// given
let source = r#"{"sandbox": {"enabled": "yes"}}"#;
let parsed = JsonValue::parse(source).expect("valid json");
let object = parsed.as_object().expect("object");
// when
let result = validate_config_file(object, source, &test_path());
// then
assert_eq!(result.errors.len(), 1);
assert_eq!(result.errors[0].field, "sandbox.enabled");
assert!(matches!(
result.errors[0].kind,
DiagnosticKind::WrongType {
expected: "a boolean",
got: "a string"
}
));
}
#[test]
fn display_format_unknown_key_with_line() {
// given
let diag = ConfigDiagnostic {
path: "/test/settings.json".to_string(),
field: "badKey".to_string(),
line: Some(5),
kind: DiagnosticKind::UnknownKey { suggestion: None },
};
// when
let output = diag.to_string();
// then
assert_eq!(
output,
r#"/test/settings.json: unknown key "badKey" (line 5)"#
);
}
#[test]
fn display_format_wrong_type_with_line() {
// given
let diag = ConfigDiagnostic {
path: "/test/settings.json".to_string(),
field: "model".to_string(),
line: Some(2),
kind: DiagnosticKind::WrongType {
expected: "a string",
got: "a number",
},
};
// when
let output = diag.to_string();
// then
assert_eq!(
output,
r#"/test/settings.json: field "model" must be a string, got a number (line 2)"#
);
}
#[test]
fn display_format_deprecated_with_line() {
// given
let diag = ConfigDiagnostic {
path: "/test/settings.json".to_string(),
field: "permissionMode".to_string(),
line: Some(3),
kind: DiagnosticKind::Deprecated {
replacement: "permissions.defaultMode",
},
};
// when
let output = diag.to_string();
// then
assert_eq!(
output,
r#"/test/settings.json: field "permissionMode" is deprecated (line 3). Use "permissions.defaultMode" instead"#
);
}
}

121
rust/crates/runtime/src/conversation.rs
View File

@@ -292,6 +292,24 @@ where
}
}
/// Run a session health probe to verify the runtime is functional after compaction.
/// Returns Ok(()) if healthy, Err if the session appears broken.
fn run_session_health_probe(&mut self) -> Result<(), String> {
// Check if we have basic session integrity
if self.session.messages.is_empty() && self.session.compaction.is_some() {
// Freshly compacted with no messages - this is normal
return Ok(());
}
// Verify tool executor is responsive with a non-destructive probe
// Using glob_search with a pattern that won't match anything
let probe_input = r#"{"pattern": "*.health-check-probe-"}"#;
match self.tool_executor.execute("glob_search", probe_input) {
Ok(_) => Ok(()),
Err(e) => Err(format!("Tool executor probe failed: {e}")),
}
}
#[allow(clippy::too_many_lines)]
pub fn run_turn(
&mut self,
@@ -299,6 +317,18 @@ where
mut prompter: Option<&mut dyn PermissionPrompter>,
) -> Result<TurnSummary, RuntimeError> {
let user_input = user_input.into();
// ROADMAP #38: Session-health canary - probe if context was compacted
if self.session.compaction.is_some() {
if let Err(error) = self.run_session_health_probe() {
return Err(RuntimeError::new(format!(
"Session health probe failed after compaction: {error}. \
The session may be in an inconsistent state. \
Consider starting a fresh session with /session new."
)));
}
}
self.record_turn_started(&user_input);
self.session
.push_user_text(user_input)
@@ -504,6 +534,14 @@ where
&self.session
}
pub fn api_client_mut(&mut self) -> &mut C {
&mut self.api_client
}
pub fn session_mut(&mut self) -> &mut Session {
&mut self.session
}
#[must_use]
pub fn fork_session(&self, branch_name: Option<String>) -> Session {
self.session.fork(branch_name)
@@ -890,6 +928,7 @@ mod tests {
current_date: "2026-03-31".to_string(),
git_status: None,
git_diff: None,
git_context: None,
instruction_files: Vec::new(),
})
.with_os("linux", "6.8")
@@ -1572,6 +1611,88 @@ mod tests {
);
}
#[test]
fn compaction_health_probe_blocks_turn_when_tool_executor_is_broken() {
struct SimpleApi;
impl ApiClient for SimpleApi {
fn stream(
&mut self,
_request: ApiRequest,
) -> Result<Vec<AssistantEvent>, RuntimeError> {
panic!("API should not run when health probe fails");
}
}
let mut session = Session::new();
session.record_compaction("summarized earlier work", 4);
session
.push_user_text("previous message")
.expect("message should append");
let tool_executor = StaticToolExecutor::new().register("glob_search", |_input| {
Err(ToolError::new("transport unavailable"))
});
let mut runtime = ConversationRuntime::new(
session,
SimpleApi,
tool_executor,
PermissionPolicy::new(PermissionMode::DangerFullAccess),
vec!["system".to_string()],
);
let error = runtime
.run_turn("trigger", None)
.expect_err("health probe failure should abort the turn");
assert!(
error
.to_string()
.contains("Session health probe failed after compaction"),
"unexpected error: {error}"
);
assert!(
error.to_string().contains("transport unavailable"),
"expected underlying probe error: {error}"
);
}
#[test]
fn compaction_health_probe_skips_empty_compacted_session() {
struct SimpleApi;
impl ApiClient for SimpleApi {
fn stream(
&mut self,
_request: ApiRequest,
) -> Result<Vec<AssistantEvent>, RuntimeError> {
Ok(vec![
AssistantEvent::TextDelta("done".to_string()),
AssistantEvent::MessageStop,
])
}
}
let mut session = Session::new();
session.record_compaction("fresh summary", 2);
let tool_executor = StaticToolExecutor::new().register("glob_search", |_input| {
Err(ToolError::new(
"glob_search should not run for an empty compacted session",
))
});
let mut runtime = ConversationRuntime::new(
session,
SimpleApi,
tool_executor,
PermissionPolicy::new(PermissionMode::DangerFullAccess),
vec!["system".to_string()],
);
let summary = runtime
.run_turn("trigger", None)
.expect("empty compacted session should not fail health probe");
assert_eq!(summary.auto_compaction, None);
assert_eq!(runtime.session().messages.len(), 2);
}
#[test]
fn build_assistant_message_requires_message_stop_event() {
// given

91
rust/crates/runtime/src/file_ops.rs
View File

@@ -308,12 +308,20 @@ pub fn glob_search(pattern: &str, path: Option<&str>) -> io::Result<GlobSearchOu
base_dir.join(pattern).to_string_lossy().into_owned()
};
// The `glob` crate does not support brace expansion ({a,b,c}).
// Expand braces into multiple patterns so patterns like
// `Assets/**/*.{cs,uxml,uss}` work correctly.
let expanded = expand_braces(&search_pattern);
let mut seen = std::collections::HashSet::new();
let mut matches = Vec::new();
let entries = glob::glob(&search_pattern)
.map_err(|error| io::Error::new(io::ErrorKind::InvalidInput, error.to_string()))?;
for entry in entries.flatten() {
if entry.is_file() {
matches.push(entry);
for pat in &expanded {
let entries = glob::glob(pat)
.map_err(|error| io::Error::new(io::ErrorKind::InvalidInput, error.to_string()))?;
for entry in entries.flatten() {
if entry.is_file() && seen.insert(entry.clone()) {
matches.push(entry);
}
}
}
@@ -619,13 +627,35 @@ pub fn is_symlink_escape(path: &Path, workspace_root: &Path) -> io::Result<bool>
Ok(!resolved.starts_with(&canonical_root))
}
/// Expand shell-style brace groups in a glob pattern.
///
/// Handles one level of braces: `foo.{a,b,c}` → `["foo.a", "foo.b", "foo.c"]`.
/// Nested braces are not expanded (uncommon in practice).
/// Patterns without braces pass through unchanged.
fn expand_braces(pattern: &str) -> Vec<String> {
let Some(open) = pattern.find('{') else {
return vec![pattern.to_owned()];
};
let Some(close) = pattern[open..].find('}').map(|i| open + i) else {
// Unmatched brace — treat as literal.
return vec![pattern.to_owned()];
};
let prefix = &pattern[..open];
let suffix = &pattern[close + 1..];
let alternatives = &pattern[open + 1..close];
alternatives
.split(',')
.flat_map(|alt| expand_braces(&format!("{prefix}{alt}{suffix}")))
.collect()
}
#[cfg(test)]
mod tests {
use std::time::{SystemTime, UNIX_EPOCH};
use super::{
edit_file, glob_search, grep_search, is_symlink_escape, read_file, read_file_in_workspace,
write_file, GrepSearchInput, MAX_WRITE_SIZE,
edit_file, expand_braces, glob_search, grep_search, is_symlink_escape, read_file,
read_file_in_workspace, write_file, GrepSearchInput, MAX_WRITE_SIZE,
};
fn temp_path(name: &str) -> std::path::PathBuf {
@@ -759,4 +789,51 @@ mod tests {
.expect("grep should succeed");
assert!(grep_output.content.unwrap_or_default().contains("hello"));
}
#[test]
fn expand_braces_no_braces() {
assert_eq!(expand_braces("*.rs"), vec!["*.rs"]);
}
#[test]
fn expand_braces_single_group() {
let mut result = expand_braces("Assets/**/*.{cs,uxml,uss}");
result.sort();
assert_eq!(
result,
vec!["Assets/**/*.cs", "Assets/**/*.uss", "Assets/**/*.uxml",]
);
}
#[test]
fn expand_braces_nested() {
let mut result = expand_braces("src/{a,b}.{rs,toml}");
result.sort();
assert_eq!(
result,
vec!["src/a.rs", "src/a.toml", "src/b.rs", "src/b.toml"]
);
}
#[test]
fn expand_braces_unmatched() {
assert_eq!(expand_braces("foo.{bar"), vec!["foo.{bar"]);
}
#[test]
fn glob_search_with_braces_finds_files() {
let dir = temp_path("glob-braces");
std::fs::create_dir_all(&dir).unwrap();
std::fs::write(dir.join("a.rs"), "fn main() {}").unwrap();
std::fs::write(dir.join("b.toml"), "[package]").unwrap();
std::fs::write(dir.join("c.txt"), "hello").unwrap();
let result =
glob_search("*.{rs,toml}", Some(dir.to_str().unwrap())).expect("glob should succeed");
assert_eq!(
result.num_files, 2,
"should match .rs and .toml but not .txt"
);
let _ = std::fs::remove_dir_all(&dir);
}
}

324
rust/crates/runtime/src/git_context.rs Normal file
View File

@@ -0,0 +1,324 @@
use std::path::Path;
use std::process::Command;
/// A single git commit entry from the log.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct GitCommitEntry {
pub hash: String,
pub subject: String,
}
/// Git-aware context gathered at startup for injection into the system prompt.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct GitContext {
pub branch: Option<String>,
pub recent_commits: Vec<GitCommitEntry>,
pub staged_files: Vec<String>,
}
const MAX_RECENT_COMMITS: usize = 5;
impl GitContext {
/// Detect the git context from the given working directory.
///
/// Returns `None` when the directory is not inside a git repository.
#[must_use]
pub fn detect(cwd: &Path) -> Option<Self> {
// Quick gate: is this a git repo at all?
let rev_parse = Command::new("git")
.args(["rev-parse", "--is-inside-work-tree"])
.current_dir(cwd)
.output()
.ok()?;
if !rev_parse.status.success() {
return None;
}
Some(Self {
branch: read_branch(cwd),
recent_commits: read_recent_commits(cwd),
staged_files: read_staged_files(cwd),
})
}
/// Render a human-readable summary suitable for system-prompt injection.
#[must_use]
pub fn render(&self) -> String {
let mut lines = Vec::new();
if let Some(branch) = &self.branch {
lines.push(format!("Git branch: {branch}"));
}
if !self.recent_commits.is_empty() {
lines.push(String::new());
lines.push("Recent commits:".to_string());
for entry in &self.recent_commits {
lines.push(format!(" {} {}", entry.hash, entry.subject));
}
}
if !self.staged_files.is_empty() {
lines.push(String::new());
lines.push("Staged files:".to_string());
for file in &self.staged_files {
lines.push(format!(" {file}"));
}
}
lines.join("\n")
}
}
fn read_branch(cwd: &Path) -> Option<String> {
let output = Command::new("git")
.args(["rev-parse", "--abbrev-ref", "HEAD"])
.current_dir(cwd)
.output()
.ok()?;
if !output.status.success() {
return None;
}
let branch = String::from_utf8(output.stdout).ok()?;
let trimmed = branch.trim();
if trimmed.is_empty() || trimmed == "HEAD" {
None
} else {
Some(trimmed.to_string())
}
}
fn read_recent_commits(cwd: &Path) -> Vec<GitCommitEntry> {
let output = Command::new("git")
.args([
"--no-optional-locks",
"log",
"--oneline",
"-n",
&MAX_RECENT_COMMITS.to_string(),
"--no-decorate",
])
.current_dir(cwd)
.output()
.ok();
let Some(output) = output else {
return Vec::new();
};
if !output.status.success() {
return Vec::new();
}
let stdout = String::from_utf8(output.stdout).unwrap_or_default();
stdout
.lines()
.filter_map(|line| {
let line = line.trim();
if line.is_empty() {
return None;
}
let (hash, subject) = line.split_once(' ')?;
Some(GitCommitEntry {
hash: hash.to_string(),
subject: subject.to_string(),
})
})
.collect()
}
fn read_staged_files(cwd: &Path) -> Vec<String> {
let output = Command::new("git")
.args(["--no-optional-locks", "diff", "--cached", "--name-only"])
.current_dir(cwd)
.output()
.ok();
let Some(output) = output else {
return Vec::new();
};
if !output.status.success() {
return Vec::new();
}
let stdout = String::from_utf8(output.stdout).unwrap_or_default();
stdout
.lines()
.filter(|line| !line.trim().is_empty())
.map(|line| line.trim().to_string())
.collect()
}
#[cfg(test)]
mod tests {
use super::{GitCommitEntry, GitContext};
use std::fs;
use std::process::Command;
use std::time::{SystemTime, UNIX_EPOCH};
fn temp_dir(label: &str) -> std::path::PathBuf {
let nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.expect("time should be after epoch")
.as_nanos();
std::env::temp_dir().join(format!("runtime-git-context-{label}-{nanos}"))
}
fn env_lock() -> std::sync::MutexGuard<'static, ()> {
crate::test_env_lock()
}
fn ensure_valid_cwd() {
if std::env::current_dir().is_err() {
std::env::set_current_dir(env!("CARGO_MANIFEST_DIR"))
.expect("test cwd should be recoverable");
}
}
#[test]
fn returns_none_for_non_git_directory() {
// given
let _guard = env_lock();
ensure_valid_cwd();
let root = temp_dir("non-git");
fs::create_dir_all(&root).expect("create dir");
// when
let context = GitContext::detect(&root);
// then
assert!(context.is_none());
fs::remove_dir_all(root).expect("cleanup");
}
#[test]
fn detects_branch_name_and_commits() {
// given
let _guard = env_lock();
ensure_valid_cwd();
let root = temp_dir("branch-commits");
fs::create_dir_all(&root).expect("create dir");
git(&root, &["init", "--quiet", "--initial-branch=main"]);
git(&root, &["config", "user.email", "tests@example.com"]);
git(&root, &["config", "user.name", "Git Context Tests"]);
fs::write(root.join("a.txt"), "a\n").expect("write a");
git(&root, &["add", "a.txt"]);
git(&root, &["commit", "-m", "first commit", "--quiet"]);
fs::write(root.join("b.txt"), "b\n").expect("write b");
git(&root, &["add", "b.txt"]);
git(&root, &["commit", "-m", "second commit", "--quiet"]);
// when
let context = GitContext::detect(&root).expect("should detect git repo");
// then
assert_eq!(context.branch.as_deref(), Some("main"));
assert_eq!(context.recent_commits.len(), 2);
assert_eq!(context.recent_commits[0].subject, "second commit");
assert_eq!(context.recent_commits[1].subject, "first commit");
assert!(context.staged_files.is_empty());
fs::remove_dir_all(root).expect("cleanup");
}
#[test]
fn detects_staged_files() {
// given
let _guard = env_lock();
ensure_valid_cwd();
let root = temp_dir("staged");
fs::create_dir_all(&root).expect("create dir");
git(&root, &["init", "--quiet", "--initial-branch=main"]);
git(&root, &["config", "user.email", "tests@example.com"]);
git(&root, &["config", "user.name", "Git Context Tests"]);
fs::write(root.join("init.txt"), "init\n").expect("write init");
git(&root, &["add", "init.txt"]);
git(&root, &["commit", "-m", "initial", "--quiet"]);
fs::write(root.join("staged.txt"), "staged\n").expect("write staged");
git(&root, &["add", "staged.txt"]);
// when
let context = GitContext::detect(&root).expect("should detect git repo");
// then
assert_eq!(context.staged_files, vec!["staged.txt"]);
fs::remove_dir_all(root).expect("cleanup");
}
#[test]
fn render_formats_all_sections() {
// given
let context = GitContext {
branch: Some("feat/test".to_string()),
recent_commits: vec![
GitCommitEntry {
hash: "abc1234".to_string(),
subject: "add feature".to_string(),
},
GitCommitEntry {
hash: "def5678".to_string(),
subject: "fix bug".to_string(),
},
],
staged_files: vec!["src/main.rs".to_string()],
};
// when
let rendered = context.render();
// then
assert!(rendered.contains("Git branch: feat/test"));
assert!(rendered.contains("abc1234 add feature"));
assert!(rendered.contains("def5678 fix bug"));
assert!(rendered.contains("src/main.rs"));
}
#[test]
fn render_omits_empty_sections() {
// given
let context = GitContext {
branch: Some("main".to_string()),
recent_commits: Vec::new(),
staged_files: Vec::new(),
};
// when
let rendered = context.render();
// then
assert!(rendered.contains("Git branch: main"));
assert!(!rendered.contains("Recent commits:"));
assert!(!rendered.contains("Staged files:"));
}
#[test]
fn limits_to_five_recent_commits() {
// given
let _guard = env_lock();
ensure_valid_cwd();
let root = temp_dir("five-commits");
fs::create_dir_all(&root).expect("create dir");
git(&root, &["init", "--quiet", "--initial-branch=main"]);
git(&root, &["config", "user.email", "tests@example.com"]);
git(&root, &["config", "user.name", "Git Context Tests"]);
for i in 1..=8 {
let name = format!("file{i}.txt");
fs::write(root.join(&name), format!("{i}\n")).expect("write file");
git(&root, &["add", &name]);
git(&root, &["commit", "-m", &format!("commit {i}"), "--quiet"]);
}
// when
let context = GitContext::detect(&root).expect("should detect git repo");
// then
assert_eq!(context.recent_commits.len(), 5);
assert_eq!(context.recent_commits[0].subject, "commit 8");
assert_eq!(context.recent_commits[4].subject, "commit 4");
fs::remove_dir_all(root).expect("cleanup");
}
fn git(cwd: &std::path::Path, args: &[&str]) {
let status = Command::new("git")
.args(args)
.current_dir(cwd)
.output()
.unwrap_or_else(|_| panic!("git {args:?} should run"))
.status;
assert!(status.success(), "git {args:?} failed");
}
}

143
rust/crates/runtime/src/hooks.rs
View File

@@ -1,4 +1,5 @@
use std::ffi::OsStr;
use std::fmt::Write as FmtWrite;
use std::io::Write;
use std::process::{Command, Stdio};
use std::sync::{
@@ -13,6 +14,8 @@ use serde_json::{json, Value};
use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig};
use crate::permissions::PermissionOverride;
const HOOK_PREVIEW_CHAR_LIMIT: usize = 160;
pub type HookPermissionDecision = PermissionOverride;
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -437,7 +440,7 @@ impl HookRunner {
Ok(CommandExecution::Finished(output)) => {
let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
let parsed = parse_hook_output(&stdout);
let parsed = parse_hook_output(event, tool_name, command, &stdout, &stderr);
let primary_message = parsed.primary_message().map(ToOwned::to_owned);
match output.status.code() {
Some(0) => {
@@ -532,16 +535,54 @@ fn merge_parsed_hook_output(target: &mut HookRunResult, parsed: ParsedHookOutput
}
}
fn parse_hook_output(stdout: &str) -> ParsedHookOutput {
fn parse_hook_output(
event: HookEvent,
tool_name: &str,
command: &str,
stdout: &str,
stderr: &str,
) -> ParsedHookOutput {
if stdout.is_empty() {
return ParsedHookOutput::default();
}
let Ok(Value::Object(root)) = serde_json::from_str::<Value>(stdout) else {
return ParsedHookOutput {
messages: vec![stdout.to_string()],
..ParsedHookOutput::default()
};
let root = match serde_json::from_str::<Value>(stdout) {
Ok(Value::Object(root)) => root,
Ok(value) => {
return ParsedHookOutput {
messages: vec![format_invalid_hook_output(
event,
tool_name,
command,
&format!(
"expected top-level JSON object, got {}",
json_type_name(&value)
),
stdout,
stderr,
)],
..ParsedHookOutput::default()
};
}
Err(error) if looks_like_json_attempt(stdout) => {
return ParsedHookOutput {
messages: vec![format_invalid_hook_output(
event,
tool_name,
command,
&error.to_string(),
stdout,
stderr,
)],
..ParsedHookOutput::default()
};
}
Err(_) => {
return ParsedHookOutput {
messages: vec![stdout.to_string()],
..ParsedHookOutput::default()
};
}
};
let mut parsed = ParsedHookOutput::default();
@@ -619,6 +660,69 @@ fn parse_tool_input(tool_input: &str) -> Value {
serde_json::from_str(tool_input).unwrap_or_else(|_| json!({ "raw": tool_input }))
}
fn format_invalid_hook_output(
event: HookEvent,
tool_name: &str,
command: &str,
detail: &str,
stdout: &str,
stderr: &str,
) -> String {
let stdout_preview = bounded_hook_preview(stdout).unwrap_or_else(|| "<empty>".to_string());
let stderr_preview = bounded_hook_preview(stderr).unwrap_or_else(|| "<empty>".to_string());
let command_preview = bounded_hook_preview(command).unwrap_or_else(|| "<empty>".to_string());
format!(
"hook_invalid_json: phase={} tool={} command={} detail={} stdout_preview={} stderr_preview={}",
event.as_str(),
tool_name,
command_preview,
detail,
stdout_preview,
stderr_preview
)
}
fn bounded_hook_preview(value: &str) -> Option<String> {
let trimmed = value.trim();
if trimmed.is_empty() {
return None;
}
let mut preview = String::new();
for (count, ch) in trimmed.chars().enumerate() {
if count == HOOK_PREVIEW_CHAR_LIMIT {
preview.push('…');
break;
}
match ch {
'\n' => preview.push_str("\\n"),
'\r' => preview.push_str("\\r"),
'\t' => preview.push_str("\\t"),
control if control.is_control() => {
let _ = write!(&mut preview, "\\u{{{:x}}}", control as u32);
}
_ => preview.push(ch),
}
}
Some(preview)
}
fn json_type_name(value: &Value) -> &'static str {
match value {
Value::Null => "null",
Value::Bool(_) => "boolean",
Value::Number(_) => "number",
Value::String(_) => "string",
Value::Array(_) => "array",
Value::Object(_) => "object",
}
}
fn looks_like_json_attempt(value: &str) -> bool {
matches!(value.trim_start().chars().next(), Some('{' | '['))
}
fn format_hook_failure(command: &str, code: i32, stdout: Option<&str>, stderr: &str) -> String {
let mut message = format!("Hook `{command}` exited with status {code}");
if let Some(stdout) = stdout.filter(|stdout| !stdout.is_empty()) {
@@ -935,6 +1039,31 @@ mod tests {
assert!(!result.messages().iter().any(|message| message == "later"));
}
#[test]
fn malformed_nonempty_hook_output_reports_explicit_diagnostic_with_previews() {
let runner = HookRunner::new(RuntimeHookConfig::new(
vec![shell_snippet(
"printf '{not-json\nsecond line'; printf 'stderr warning' >&2; exit 1",
)],
Vec::new(),
Vec::new(),
));
let result = runner.run_pre_tool_use("Edit", r#"{"file":"src/lib.rs"}"#);
assert!(result.is_failed());
let rendered = result.messages().join("\n");
assert!(rendered.contains("hook_invalid_json:"));
assert!(rendered.contains("phase=PreToolUse"));
assert!(rendered.contains("tool=Edit"));
assert!(rendered.contains("command=printf '{not-json"));
assert!(rendered.contains("printf 'stderr warning' >&2; exit 1"));
assert!(rendered.contains("detail=key must be a string"));
assert!(rendered.contains("stdout_preview={not-json"));
assert!(rendered.contains("second line stderr_preview=stderr warning"));
assert!(rendered.contains("stderr_preview=stderr warning"));
}
#[test]
fn abort_signal_cancels_long_running_hook_and_reports_progress() {
let runner = HookRunner::new(RuntimeHookConfig::new(

790
rust/crates/runtime/src/lane_events.rs
View File

@@ -1,4 +1,4 @@
#![allow(clippy::similar_names)]
#![allow(clippy::similar_names, clippy::cast_possible_truncation)]
use serde::{Deserialize, Serialize};
use serde_json::Value;
@@ -36,6 +36,17 @@ pub enum LaneEventName {
Closed,
#[serde(rename = "branch.stale_against_main")]
BranchStaleAgainstMain,
#[serde(rename = "branch.workspace_mismatch")]
BranchWorkspaceMismatch,
/// Ship/provenance events — §4.44.5
#[serde(rename = "ship.prepared")]
ShipPrepared,
#[serde(rename = "ship.commits_selected")]
ShipCommitsSelected,
#[serde(rename = "ship.merged")]
ShipMerged,
#[serde(rename = "ship.pushed_main")]
ShipPushedMain,
}
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
@@ -67,14 +78,358 @@ pub enum LaneFailureClass {
McpHandshake,
GatewayRouting,
ToolRuntime,
WorkspaceMismatch,
Infra,
}
/// Provenance labels for event source classification.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum EventProvenance {
/// Event from a live, active lane
LiveLane,
/// Event from a synthetic test
Test,
/// Event from a healthcheck probe
Healthcheck,
/// Event from a replay/log replay
Replay,
/// Event from the transport layer itself
Transport,
}
/// Session identity metadata captured at creation time.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct SessionIdentity {
/// Stable title for the session
pub title: String,
/// Workspace/worktree path
pub workspace: String,
/// Lane/session purpose
pub purpose: String,
/// Placeholder reason if any field is unknown
#[serde(skip_serializing_if = "Option::is_none")]
pub placeholder_reason: Option<String>,
}
impl SessionIdentity {
/// Create complete session identity
#[must_use]
pub fn new(
title: impl Into<String>,
workspace: impl Into<String>,
purpose: impl Into<String>,
) -> Self {
Self {
title: title.into(),
workspace: workspace.into(),
purpose: purpose.into(),
placeholder_reason: None,
}
}
/// Create session identity with placeholder for missing fields
#[must_use]
pub fn with_placeholder(
title: impl Into<String>,
workspace: impl Into<String>,
purpose: impl Into<String>,
reason: impl Into<String>,
) -> Self {
Self {
title: title.into(),
workspace: workspace.into(),
purpose: purpose.into(),
placeholder_reason: Some(reason.into()),
}
}
}
/// Lane ownership and workflow scope binding.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct LaneOwnership {
/// Owner/assignee identity
pub owner: String,
/// Workflow scope (e.g., claw-code-dogfood, external-git-maintenance)
pub workflow_scope: String,
/// Whether the watcher is expected to act, observe, or ignore
pub watcher_action: WatcherAction,
}
/// Watcher action expectation for a lane event.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum WatcherAction {
/// Watcher should take action on this event
Act,
/// Watcher should only observe
Observe,
/// Watcher should ignore this event
Ignore,
}
/// Event metadata for ordering, provenance, deduplication, and ownership.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct LaneEventMetadata {
/// Monotonic sequence number for event ordering
pub seq: u64,
/// Event provenance source
pub provenance: EventProvenance,
/// Session identity at creation
#[serde(skip_serializing_if = "Option::is_none")]
pub session_identity: Option<SessionIdentity>,
/// Lane ownership and scope
#[serde(skip_serializing_if = "Option::is_none")]
pub ownership: Option<LaneOwnership>,
/// Nudge ID for deduplication cycles
#[serde(skip_serializing_if = "Option::is_none")]
pub nudge_id: Option<String>,
/// Event fingerprint for terminal event deduplication
#[serde(skip_serializing_if = "Option::is_none")]
pub event_fingerprint: Option<String>,
/// Timestamp when event was observed/created
pub timestamp_ms: u64,
}
impl LaneEventMetadata {
/// Create new event metadata
#[must_use]
pub fn new(seq: u64, provenance: EventProvenance) -> Self {
Self {
seq,
provenance,
session_identity: None,
ownership: None,
nudge_id: None,
event_fingerprint: None,
timestamp_ms: std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap_or_default()
.as_millis() as u64,
}
}
/// Add session identity
#[must_use]
pub fn with_session_identity(mut self, identity: SessionIdentity) -> Self {
self.session_identity = Some(identity);
self
}
/// Add ownership info
#[must_use]
pub fn with_ownership(mut self, ownership: LaneOwnership) -> Self {
self.ownership = Some(ownership);
self
}
/// Add nudge ID for dedupe
#[must_use]
pub fn with_nudge_id(mut self, nudge_id: impl Into<String>) -> Self {
self.nudge_id = Some(nudge_id.into());
self
}
/// Compute and add event fingerprint for terminal events
#[must_use]
pub fn with_fingerprint(mut self, fingerprint: impl Into<String>) -> Self {
self.event_fingerprint = Some(fingerprint.into());
self
}
}
/// Builder for constructing [`LaneEvent`]s with proper metadata.
#[derive(Debug, Clone)]
pub struct LaneEventBuilder {
event: LaneEventName,
status: LaneEventStatus,
emitted_at: String,
session_id: Option<String>,
metadata: LaneEventMetadata,
detail: Option<String>,
failure_class: Option<LaneFailureClass>,
data: Option<serde_json::Value>,
}
impl LaneEventBuilder {
/// Start building a new lane event
#[must_use]
pub fn new(
event: LaneEventName,
status: LaneEventStatus,
emitted_at: impl Into<String>,
seq: u64,
provenance: EventProvenance,
) -> Self {
Self {
event,
status,
emitted_at: emitted_at.into(),
session_id: None,
metadata: LaneEventMetadata::new(seq, provenance),
detail: None,
failure_class: None,
data: None,
}
}
/// Add session identity
#[must_use]
pub fn with_session_identity(mut self, identity: SessionIdentity) -> Self {
self.metadata = self.metadata.with_session_identity(identity);
self
}
/// Add boot-scoped session correlation id
#[must_use]
pub fn with_session_id(mut self, session_id: impl Into<String>) -> Self {
self.session_id = Some(session_id.into());
self
}
/// Add ownership info
#[must_use]
pub fn with_ownership(mut self, ownership: LaneOwnership) -> Self {
self.metadata = self.metadata.with_ownership(ownership);
self
}
/// Add nudge ID
#[must_use]
pub fn with_nudge_id(mut self, nudge_id: impl Into<String>) -> Self {
self.metadata = self.metadata.with_nudge_id(nudge_id);
self
}
/// Add detail
#[must_use]
pub fn with_detail(mut self, detail: impl Into<String>) -> Self {
self.detail = Some(detail.into());
self
}
/// Add failure class
#[must_use]
pub fn with_failure_class(mut self, failure_class: LaneFailureClass) -> Self {
self.failure_class = Some(failure_class);
self
}
/// Add data payload
#[must_use]
pub fn with_data(mut self, data: serde_json::Value) -> Self {
self.data = Some(data);
self
}
/// Compute fingerprint and build terminal event
#[must_use]
pub fn build_terminal(mut self) -> LaneEvent {
let fingerprint = compute_event_fingerprint(&self.event, &self.status, self.data.as_ref());
self.metadata = self.metadata.with_fingerprint(fingerprint);
self.build()
}
/// Build the event
#[must_use]
pub fn build(self) -> LaneEvent {
LaneEvent {
event: self.event,
status: self.status,
emitted_at: self.emitted_at,
session_id: self.session_id,
failure_class: self.failure_class,
detail: self.detail,
data: self.data,
metadata: self.metadata,
}
}
}
/// Check if an event kind is terminal (completed, failed, superseded, closed).
#[must_use]
pub fn is_terminal_event(event: LaneEventName) -> bool {
matches!(
event,
LaneEventName::Finished
| LaneEventName::Failed
| LaneEventName::Superseded
| LaneEventName::Closed
| LaneEventName::Merged
)
}
/// Compute a fingerprint for terminal event deduplication.
#[must_use]
pub fn compute_event_fingerprint(
event: &LaneEventName,
status: &LaneEventStatus,
data: Option<&serde_json::Value>,
) -> String {
use std::collections::hash_map::DefaultHasher;
use std::hash::{Hash, Hasher};
let mut hasher = DefaultHasher::new();
format!("{event:?}").hash(&mut hasher);
format!("{status:?}").hash(&mut hasher);
if let Some(d) = data {
serde_json::to_string(d)
.unwrap_or_default()
.hash(&mut hasher);
}
format!("{:016x}", hasher.finish())
}
/// Deduplicate terminal events within a reconciliation window.
/// Returns only the first occurrence of each terminal fingerprint.
#[must_use]
pub fn dedupe_terminal_events(events: &[LaneEvent]) -> Vec<LaneEvent> {
let mut seen_fingerprints = std::collections::HashSet::new();
let mut result = Vec::new();
for event in events {
if is_terminal_event(event.event) {
if let Some(fp) = &event.metadata.event_fingerprint {
if seen_fingerprints.contains(fp) {
continue; // Skip duplicate terminal event
}
seen_fingerprints.insert(fp.clone());
}
}
result.push(event.clone());
}
result
}
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub enum BlockedSubphase {
#[serde(rename = "blocked.trust_prompt")]
TrustPrompt { gate_repo: String },
#[serde(rename = "blocked.prompt_delivery")]
PromptDelivery { attempt: u32 },
#[serde(rename = "blocked.plugin_init")]
PluginInit { plugin_name: String },
#[serde(rename = "blocked.mcp_handshake")]
McpHandshake { server_name: String, attempt: u32 },
#[serde(rename = "blocked.branch_freshness")]
BranchFreshness { behind_main: u32 },
#[serde(rename = "blocked.test_hang")]
TestHang {
elapsed_secs: u32,
test_name: Option<String>,
},
#[serde(rename = "blocked.report_pending")]
ReportPending { since_secs: u32 },
}
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct LaneEventBlocker {
#[serde(rename = "failureClass")]
pub failure_class: LaneFailureClass,
pub detail: String,
#[serde(skip_serializing_if = "Option::is_none")]
pub subphase: Option<BlockedSubphase>,
}
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
@@ -91,21 +446,50 @@ pub struct LaneCommitProvenance {
pub lineage: Vec<String>,
}
/// Ship/provenance metadata — §4.44.5
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct ShipProvenance {
pub source_branch: String,
pub base_commit: String,
pub commit_count: u32,
pub commit_range: String,
pub merge_method: ShipMergeMethod,
pub actor: String,
#[serde(skip_serializing_if = "Option::is_none")]
pub pr_number: Option<u32>,
}
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum ShipMergeMethod {
DirectPush,
FastForward,
MergeCommit,
SquashMerge,
RebaseMerge,
}
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct LaneEvent {
pub event: LaneEventName,
pub status: LaneEventStatus,
#[serde(rename = "emittedAt")]
pub emitted_at: String,
#[serde(skip_serializing_if = "Option::is_none")]
pub session_id: Option<String>,
#[serde(rename = "failureClass", skip_serializing_if = "Option::is_none")]
pub failure_class: Option<LaneFailureClass>,
#[serde(skip_serializing_if = "Option::is_none")]
pub detail: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
pub data: Option<Value>,
/// Event metadata for ordering, provenance, dedupe, and ownership
pub metadata: LaneEventMetadata,
}
impl LaneEvent {
/// Create a new lane event with minimal metadata (seq=0, provenance=LiveLane)
/// Use `LaneEventBuilder` for events requiring full metadata.
#[must_use]
pub fn new(
event: LaneEventName,
@@ -116,9 +500,11 @@ impl LaneEvent {
event,
status,
emitted_at: emitted_at.into(),
session_id: None,
failure_class: None,
detail: None,
data: None,
metadata: LaneEventMetadata::new(0, EventProvenance::LiveLane),
}
}
@@ -169,16 +555,74 @@ impl LaneEvent {
#[must_use]
pub fn blocked(emitted_at: impl Into<String>, blocker: &LaneEventBlocker) -> Self {
Self::new(LaneEventName::Blocked, LaneEventStatus::Blocked, emitted_at)
let mut event = Self::new(LaneEventName::Blocked, LaneEventStatus::Blocked, emitted_at)
.with_failure_class(blocker.failure_class)
.with_detail(blocker.detail.clone())
.with_detail(blocker.detail.clone());
if let Some(ref subphase) = blocker.subphase {
event =
event.with_data(serde_json::to_value(subphase).expect("subphase should serialize"));
}
event
}
#[must_use]
pub fn failed(emitted_at: impl Into<String>, blocker: &LaneEventBlocker) -> Self {
Self::new(LaneEventName::Failed, LaneEventStatus::Failed, emitted_at)
let mut event = Self::new(LaneEventName::Failed, LaneEventStatus::Failed, emitted_at)
.with_failure_class(blocker.failure_class)
.with_detail(blocker.detail.clone())
.with_detail(blocker.detail.clone());
if let Some(ref subphase) = blocker.subphase {
event =
event.with_data(serde_json::to_value(subphase).expect("subphase should serialize"));
}
event
}
/// Ship prepared — §4.44.5
#[must_use]
pub fn ship_prepared(emitted_at: impl Into<String>, provenance: &ShipProvenance) -> Self {
Self::new(
LaneEventName::ShipPrepared,
LaneEventStatus::Ready,
emitted_at,
)
.with_data(serde_json::to_value(provenance).expect("ship provenance should serialize"))
}
/// Ship commits selected — §4.44.5
#[must_use]
pub fn ship_commits_selected(
emitted_at: impl Into<String>,
commit_count: u32,
commit_range: impl Into<String>,
) -> Self {
Self::new(
LaneEventName::ShipCommitsSelected,
LaneEventStatus::Ready,
emitted_at,
)
.with_detail(format!("{} commits: {}", commit_count, commit_range.into()))
}
/// Ship merged — §4.44.5
#[must_use]
pub fn ship_merged(emitted_at: impl Into<String>, provenance: &ShipProvenance) -> Self {
Self::new(
LaneEventName::ShipMerged,
LaneEventStatus::Completed,
emitted_at,
)
.with_data(serde_json::to_value(provenance).expect("ship provenance should serialize"))
}
/// Ship pushed to main — §4.44.5
#[must_use]
pub fn ship_pushed_main(emitted_at: impl Into<String>, provenance: &ShipProvenance) -> Self {
Self::new(
LaneEventName::ShipPushedMain,
LaneEventStatus::Completed,
emitted_at,
)
.with_data(serde_json::to_value(provenance).expect("ship provenance should serialize"))
}
#[must_use]
@@ -204,6 +648,12 @@ impl LaneEvent {
self.data = Some(data);
self
}
#[must_use]
pub fn with_session_id(mut self, session_id: impl Into<String>) -> Self {
self.session_id = Some(session_id.into());
self
}
}
#[must_use]
@@ -251,8 +701,11 @@ mod tests {
use serde_json::json;
use super::{
dedupe_superseded_commit_events, LaneCommitProvenance, LaneEvent, LaneEventBlocker,
LaneEventName, LaneEventStatus, LaneFailureClass,
compute_event_fingerprint, dedupe_superseded_commit_events, dedupe_terminal_events,
is_terminal_event, BlockedSubphase, EventProvenance, LaneCommitProvenance, LaneEvent,
LaneEventBlocker, LaneEventBuilder, LaneEventMetadata, LaneEventName, LaneEventStatus,
LaneFailureClass, LaneOwnership, SessionIdentity, ShipMergeMethod, ShipProvenance,
WatcherAction,
};
#[test]
@@ -277,6 +730,14 @@ mod tests {
LaneEventName::BranchStaleAgainstMain,
"branch.stale_against_main",
),
(
LaneEventName::BranchWorkspaceMismatch,
"branch.workspace_mismatch",
),
(LaneEventName::ShipPrepared, "ship.prepared"),
(LaneEventName::ShipCommitsSelected, "ship.commits_selected"),
(LaneEventName::ShipMerged, "ship.merged"),
(LaneEventName::ShipPushedMain, "ship.pushed_main"),
];
for (event, expected) in cases {
@@ -300,6 +761,7 @@ mod tests {
(LaneFailureClass::McpHandshake, "mcp_handshake"),
(LaneFailureClass::GatewayRouting, "gateway_routing"),
(LaneFailureClass::ToolRuntime, "tool_runtime"),
(LaneFailureClass::WorkspaceMismatch, "workspace_mismatch"),
(LaneFailureClass::Infra, "infra"),
];
@@ -316,6 +778,10 @@ mod tests {
let blocker = LaneEventBlocker {
failure_class: LaneFailureClass::McpStartup,
detail: "broken server".to_string(),
subphase: Some(BlockedSubphase::McpHandshake {
server_name: "test-server".to_string(),
attempt: 1,
}),
};
let blocked = LaneEvent::blocked("2026-04-04T00:00:00Z", &blocker);
@@ -329,6 +795,66 @@ mod tests {
assert_eq!(failed.detail.as_deref(), Some("broken server"));
}
#[test]
fn workspace_mismatch_failure_class_round_trips_in_branch_event_payloads() {
let mismatch = LaneEvent::new(
LaneEventName::BranchWorkspaceMismatch,
LaneEventStatus::Blocked,
"2026-04-04T00:00:02Z",
)
.with_failure_class(LaneFailureClass::WorkspaceMismatch)
.with_detail("session belongs to /tmp/repo-a but current workspace is /tmp/repo-b")
.with_data(json!({
"expectedWorkspaceRoot": "/tmp/repo-a",
"actualWorkspaceRoot": "/tmp/repo-b",
"sessionId": "sess-123",
}));
let mismatch_json = serde_json::to_value(&mismatch).expect("lane event should serialize");
assert_eq!(mismatch_json["event"], "branch.workspace_mismatch");
assert_eq!(mismatch_json["failureClass"], "workspace_mismatch");
assert_eq!(
mismatch_json["data"]["expectedWorkspaceRoot"],
"/tmp/repo-a"
);
let round_trip: LaneEvent =
serde_json::from_value(mismatch_json).expect("lane event should deserialize");
assert_eq!(round_trip.event, LaneEventName::BranchWorkspaceMismatch);
assert_eq!(
round_trip.failure_class,
Some(LaneFailureClass::WorkspaceMismatch)
);
}
#[test]
fn ship_provenance_events_serialize_to_expected_wire_values() {
let provenance = ShipProvenance {
source_branch: "feature/provenance".to_string(),
base_commit: "dd73962".to_string(),
commit_count: 6,
commit_range: "dd73962..c956f78".to_string(),
merge_method: ShipMergeMethod::DirectPush,
actor: "Jobdori".to_string(),
pr_number: None,
};
let prepared = LaneEvent::ship_prepared("2026-04-20T14:30:00Z", &provenance);
let prepared_json = serde_json::to_value(&prepared).expect("ship event should serialize");
assert_eq!(prepared_json["event"], "ship.prepared");
assert_eq!(prepared_json["data"]["commit_count"], 6);
assert_eq!(prepared_json["data"]["source_branch"], "feature/provenance");
let pushed = LaneEvent::ship_pushed_main("2026-04-20T14:35:00Z", &provenance);
let pushed_json = serde_json::to_value(&pushed).expect("ship event should serialize");
assert_eq!(pushed_json["event"], "ship.pushed_main");
assert_eq!(pushed_json["data"]["merge_method"], "direct_push");
let round_trip: LaneEvent =
serde_json::from_value(pushed_json).expect("ship event should deserialize");
assert_eq!(round_trip.event, LaneEventName::ShipPushedMain);
}
#[test]
fn commit_events_can_carry_worktree_and_supersession_metadata() {
let event = LaneEvent::commit_created(
@@ -380,4 +906,254 @@ mod tests {
assert_eq!(retained.len(), 1);
assert_eq!(retained[0].detail.as_deref(), Some("new"));
}
#[test]
fn lane_event_metadata_includes_monotonic_sequence() {
let meta1 = LaneEventMetadata::new(0, EventProvenance::LiveLane);
let meta2 = LaneEventMetadata::new(1, EventProvenance::LiveLane);
let meta3 = LaneEventMetadata::new(2, EventProvenance::Test);
assert_eq!(meta1.seq, 0);
assert_eq!(meta2.seq, 1);
assert_eq!(meta3.seq, 2);
assert!(meta1.timestamp_ms <= meta2.timestamp_ms);
}
#[test]
fn event_provenance_round_trips_through_serialization() {
let cases = [
(EventProvenance::LiveLane, "live_lane"),
(EventProvenance::Test, "test"),
(EventProvenance::Healthcheck, "healthcheck"),
(EventProvenance::Replay, "replay"),
(EventProvenance::Transport, "transport"),
];
for (provenance, expected) in cases {
let json = serde_json::to_value(provenance).expect("should serialize");
assert_eq!(json, serde_json::json!(expected));
let round_trip: EventProvenance =
serde_json::from_value(json).expect("should deserialize");
assert_eq!(round_trip, provenance);
}
}
#[test]
fn session_identity_is_complete_at_creation() {
let identity = SessionIdentity::new("my-lane", "/tmp/repo", "implement feature X");
assert_eq!(identity.title, "my-lane");
assert_eq!(identity.workspace, "/tmp/repo");
assert_eq!(identity.purpose, "implement feature X");
assert!(identity.placeholder_reason.is_none());
// Test with placeholder
let with_placeholder = SessionIdentity::with_placeholder(
"untitled",
"/tmp/unknown",
"unknown",
"session created before title was known",
);
assert_eq!(
with_placeholder.placeholder_reason,
Some("session created before title was known".to_string())
);
}
#[test]
fn lane_ownership_binding_includes_workflow_scope() {
let ownership = LaneOwnership {
owner: "claw-1".to_string(),
workflow_scope: "claw-code-dogfood".to_string(),
watcher_action: WatcherAction::Act,
};
assert_eq!(ownership.owner, "claw-1");
assert_eq!(ownership.workflow_scope, "claw-code-dogfood");
assert_eq!(ownership.watcher_action, WatcherAction::Act);
}
#[test]
fn watcher_action_round_trips_through_serialization() {
let cases = [
(WatcherAction::Act, "act"),
(WatcherAction::Observe, "observe"),
(WatcherAction::Ignore, "ignore"),
];
for (action, expected) in cases {
let json = serde_json::to_value(action).expect("should serialize");
assert_eq!(json, serde_json::json!(expected));
let round_trip: WatcherAction =
serde_json::from_value(json).expect("should deserialize");
assert_eq!(round_trip, action);
}
}
#[test]
fn is_terminal_event_detects_terminal_states() {
assert!(is_terminal_event(LaneEventName::Finished));
assert!(is_terminal_event(LaneEventName::Failed));
assert!(is_terminal_event(LaneEventName::Superseded));
assert!(is_terminal_event(LaneEventName::Closed));
assert!(is_terminal_event(LaneEventName::Merged));
assert!(!is_terminal_event(LaneEventName::Started));
assert!(!is_terminal_event(LaneEventName::Ready));
assert!(!is_terminal_event(LaneEventName::Blocked));
}
#[test]
fn compute_event_fingerprint_is_deterministic() {
let fp1 = compute_event_fingerprint(
&LaneEventName::Finished,
&LaneEventStatus::Completed,
Some(&json!({"commit": "abc123"})),
);
let fp2 = compute_event_fingerprint(
&LaneEventName::Finished,
&LaneEventStatus::Completed,
Some(&json!({"commit": "abc123"})),
);
assert_eq!(fp1, fp2, "same inputs should produce same fingerprint");
assert!(!fp1.is_empty());
assert_eq!(fp1.len(), 16, "fingerprint should be 16 hex chars");
}
#[test]
fn compute_event_fingerprint_differs_for_different_inputs() {
let fp1 =
compute_event_fingerprint(&LaneEventName::Finished, &LaneEventStatus::Completed, None);
let fp2 = compute_event_fingerprint(&LaneEventName::Failed, &LaneEventStatus::Failed, None);
let fp3 = compute_event_fingerprint(
&LaneEventName::Finished,
&LaneEventStatus::Completed,
Some(&json!({"commit": "abc123"})),
);
assert_ne!(fp1, fp2, "different event/status should differ");
assert_ne!(fp1, fp3, "different data should differ");
}
#[test]
fn dedupe_terminal_events_suppresses_duplicates() {
let event1 = LaneEventBuilder::new(
LaneEventName::Finished,
LaneEventStatus::Completed,
"2026-04-04T00:00:00Z",
0,
EventProvenance::LiveLane,
)
.build_terminal();
let event2 = LaneEventBuilder::new(
LaneEventName::Started,
LaneEventStatus::Running,
"2026-04-04T00:00:01Z",
1,
EventProvenance::LiveLane,
)
.build();
let event3 = LaneEventBuilder::new(
LaneEventName::Finished,
LaneEventStatus::Completed,
"2026-04-04T00:00:02Z",
2,
EventProvenance::LiveLane,
)
.build_terminal(); // Same fingerprint as event1
let deduped = dedupe_terminal_events(&[event1.clone(), event2.clone(), event3.clone()]);
assert_eq!(deduped.len(), 2, "should have 2 events after dedupe");
assert_eq!(deduped[0].event, LaneEventName::Finished);
assert_eq!(deduped[1].event, LaneEventName::Started);
// event3 should be suppressed as duplicate of event1
}
#[test]
fn lane_event_builder_constructs_event_with_metadata() {
let event = LaneEventBuilder::new(
LaneEventName::Started,
LaneEventStatus::Running,
"2026-04-04T00:00:00Z",
42,
EventProvenance::Test,
)
.with_session_id("boot-abc123def4567890")
.with_session_identity(SessionIdentity::new("test-lane", "/tmp", "test"))
.with_ownership(LaneOwnership {
owner: "bot-1".to_string(),
workflow_scope: "test-suite".to_string(),
watcher_action: WatcherAction::Observe,
})
.with_nudge_id("nudge-123")
.with_detail("starting test run")
.build();
assert_eq!(event.event, LaneEventName::Started);
assert_eq!(event.session_id.as_deref(), Some("boot-abc123def4567890"));
assert_eq!(event.metadata.seq, 42);
assert_eq!(event.metadata.provenance, EventProvenance::Test);
assert_eq!(
event.metadata.session_identity.as_ref().unwrap().title,
"test-lane"
);
assert_eq!(event.metadata.ownership.as_ref().unwrap().owner, "bot-1");
assert_eq!(event.metadata.nudge_id, Some("nudge-123".to_string()));
assert_eq!(event.detail, Some("starting test run".to_string()));
}
#[test]
fn lane_event_metadata_round_trips_through_serialization() {
let meta = LaneEventMetadata::new(5, EventProvenance::Healthcheck)
.with_session_identity(SessionIdentity::new("lane-1", "/tmp", "purpose"))
.with_nudge_id("nudge-abc");
let json = serde_json::to_value(&meta).expect("should serialize");
assert_eq!(json["seq"], 5);
assert_eq!(json["provenance"], "healthcheck");
assert_eq!(json["nudge_id"], "nudge-abc");
assert!(json["timestamp_ms"].as_u64().is_some());
let round_trip: LaneEventMetadata =
serde_json::from_value(json).expect("should deserialize");
assert_eq!(round_trip.seq, 5);
assert_eq!(round_trip.provenance, EventProvenance::Healthcheck);
assert_eq!(round_trip.nudge_id, Some("nudge-abc".to_string()));
}
#[test]
fn lane_event_session_id_round_trips_through_serialization() {
let event = LaneEventBuilder::new(
LaneEventName::Started,
LaneEventStatus::Running,
"2026-04-04T00:00:00Z",
1,
EventProvenance::LiveLane,
)
.with_session_id("boot-0123456789abcdef")
.build();
let json = serde_json::to_value(&event).expect("should serialize");
assert_eq!(json["session_id"], "boot-0123456789abcdef");
let round_trip: LaneEvent = serde_json::from_value(json).expect("should deserialize");
assert_eq!(
round_trip.session_id.as_deref(),
Some("boot-0123456789abcdef")
);
}
#[test]
fn lane_event_session_id_omits_field_when_absent() {
let event = LaneEvent::started("2026-04-04T00:00:00Z");
let json = serde_json::to_value(&event).expect("should serialize");
assert!(json.get("session_id").is_none());
}
}

35
rust/crates/runtime/src/lib.rs
View File

@@ -10,8 +10,10 @@ mod bootstrap;
pub mod branch_lock;
mod compact;
mod config;
pub mod config_validate;
mod conversation;
mod file_ops;
mod git_context;
pub mod green_contract;
mod hooks;
mod json;
@@ -20,6 +22,7 @@ pub mod lsp_client;
mod mcp;
mod mcp_client;
pub mod mcp_lifecycle_hardened;
pub mod mcp_server;
mod mcp_stdio;
pub mod mcp_tool_bridge;
mod oauth;
@@ -32,9 +35,11 @@ pub mod recovery_recipes;
mod remote;
pub mod sandbox;
mod session;
#[cfg(test)]
mod session_control;
pub mod session_control;
mod session_identity;
pub use session_control::SessionStore;
mod sse;
pub mod stale_base;
pub mod stale_branch;
pub mod summary_compression;
pub mod task_packet;
@@ -56,10 +61,14 @@ pub use config::{
ConfigEntry, ConfigError, ConfigLoader, ConfigSource, McpConfigCollection,
McpManagedProxyServerConfig, McpOAuthConfig, McpRemoteServerConfig, McpSdkServerConfig,
McpServerConfig, McpStdioServerConfig, McpTransport, McpWebSocketServerConfig, OAuthConfig,
ResolvedPermissionMode, RuntimeConfig, RuntimeFeatureConfig, RuntimeHookConfig,
RuntimePermissionRuleConfig, RuntimePluginConfig, ScopedMcpServerConfig,
ProviderFallbackConfig, ResolvedPermissionMode, RuntimeConfig, RuntimeFeatureConfig,
RuntimeHookConfig, RuntimePermissionRuleConfig, RuntimePluginConfig, ScopedMcpServerConfig,
CLAW_SETTINGS_SCHEMA_NAME,
};
pub use config_validate::{
check_unsupported_format, format_diagnostics, validate_config_file, ConfigDiagnostic,
DiagnosticKind, ValidationResult,
};
pub use conversation::{
auto_compaction_threshold_from_env, ApiClient, ApiRequest, AssistantEvent, AutoCompactionEvent,
ConversationRuntime, PromptCacheEvent, RuntimeError, StaticToolExecutor, ToolError,
@@ -70,12 +79,16 @@ pub use file_ops::{
GrepSearchInput, GrepSearchOutput, ReadFileOutput, StructuredPatchHunk, TextFilePayload,
WriteFileOutput,
};
pub use git_context::{GitCommitEntry, GitContext};
pub use hooks::{
HookAbortSignal, HookEvent, HookProgressEvent, HookProgressReporter, HookRunResult, HookRunner,
};
pub use lane_events::{
dedupe_superseded_commit_events, LaneCommitProvenance, LaneEvent, LaneEventBlocker,
LaneEventName, LaneEventStatus, LaneFailureClass,
compute_event_fingerprint, dedupe_superseded_commit_events, dedupe_terminal_events,
is_terminal_event, BlockedSubphase, EventProvenance, LaneCommitProvenance, LaneEvent,
LaneEventBlocker, LaneEventBuilder, LaneEventMetadata, LaneEventName, LaneEventStatus,
LaneFailureClass, LaneOwnership, SessionIdentity, ShipMergeMethod, ShipProvenance,
WatcherAction,
};
pub use mcp::{
mcp_server_signature, mcp_tool_name, mcp_tool_prefix, normalize_name_for_mcp,
@@ -89,6 +102,7 @@ pub use mcp_lifecycle_hardened::{
McpDegradedReport, McpErrorSurface, McpFailedServer, McpLifecyclePhase, McpLifecycleState,
McpLifecycleValidator, McpPhaseResult,
};
pub use mcp_server::{McpServer, McpServerSpec, ToolCallHandler, MCP_SERVER_PROTOCOL_VERSION};
pub use mcp_stdio::{
spawn_mcp_stdio_process, JsonRpcError, JsonRpcId, JsonRpcRequest, JsonRpcResponse,
ManagedMcpTool, McpDiscoveryFailure, McpInitializeClientInfo, McpInitializeParams,
@@ -138,9 +152,16 @@ pub use sandbox::{
};
pub use session::{
ContentBlock, ConversationMessage, MessageRole, Session, SessionCompaction, SessionError,
SessionFork,
SessionFork, SessionPromptEntry,
};
pub use session_identity::{
begin_session, current_boot_session_id, end_session, is_active_session,
};
pub use sse::{IncrementalSseParser, SseEvent};
pub use stale_base::{
check_base_commit, format_stale_base_warning, read_claw_base_file, resolve_expected_base,
BaseCommitSource, BaseCommitState,
};
pub use stale_branch::{
apply_policy, check_freshness, BranchFreshness, StaleBranchAction, StaleBranchEvent,
StaleBranchPolicy,

440
rust/crates/runtime/src/mcp_server.rs Normal file
View File

@@ -0,0 +1,440 @@
//! Minimal Model Context Protocol (MCP) server.
//!
//! Implements a newline-safe, LSP-framed JSON-RPC server over stdio that
//! answers `initialize`, `tools/list`, and `tools/call` requests. The framing
//! matches the client transport implemented in [`crate::mcp_stdio`] so this
//! server can be driven by either an external MCP client (e.g. Claude
//! Desktop) or `claw`'s own [`McpServerManager`](crate::McpServerManager).
//!
//! The server is intentionally small: it exposes a list of pre-built
//! [`McpTool`] descriptors and delegates `tools/call` to a caller-supplied
//! handler. Tool execution itself lives in the `tools` crate; this module is
//! purely the transport + dispatch loop.
//!
//! [`McpTool`]: crate::mcp_stdio::McpTool
use std::io;
use serde_json::{json, Value as JsonValue};
use tokio::io::{
stdin, stdout, AsyncBufReadExt, AsyncReadExt, AsyncWriteExt, BufReader, Stdin, Stdout,
};
use crate::mcp_stdio::{
JsonRpcError, JsonRpcId, JsonRpcRequest, JsonRpcResponse, McpInitializeResult,
McpInitializeServerInfo, McpListToolsResult, McpTool, McpToolCallContent, McpToolCallParams,
McpToolCallResult,
};
/// Protocol version the server advertises during `initialize`.
///
/// Matches the version used by the built-in client in
/// [`crate::mcp_stdio`], so the two stay in lockstep.
pub const MCP_SERVER_PROTOCOL_VERSION: &str = "2025-03-26";
/// Synchronous handler invoked for every `tools/call` request.
///
/// Returning `Ok(text)` yields a single `text` content block and
/// `isError: false`. Returning `Err(message)` yields a `text` block with the
/// error and `isError: true`, mirroring the error-surfacing convention used
/// elsewhere in claw.
pub type ToolCallHandler =
Box<dyn Fn(&str, &JsonValue) -> Result<String, String> + Send + Sync + 'static>;
/// Configuration for an [`McpServer`] instance.
///
/// Named `McpServerSpec` rather than `McpServerConfig` to avoid colliding
/// with the existing client-side [`crate::config::McpServerConfig`] that
/// describes *remote* MCP servers the runtime connects to.
pub struct McpServerSpec {
/// Name advertised in the `serverInfo` field of the `initialize` response.
pub server_name: String,
/// Version advertised in the `serverInfo` field of the `initialize`
/// response.
pub server_version: String,
/// Tool descriptors returned for `tools/list`.
pub tools: Vec<McpTool>,
/// Handler invoked for `tools/call`.
pub tool_handler: ToolCallHandler,
}
/// Minimal MCP stdio server.
///
/// The server runs a blocking read/dispatch/write loop over the current
/// process's stdin/stdout, terminating cleanly when the peer closes the
/// stream.
pub struct McpServer {
spec: McpServerSpec,
stdin: BufReader<Stdin>,
stdout: Stdout,
}
impl McpServer {
#[must_use]
pub fn new(spec: McpServerSpec) -> Self {
Self {
spec,
stdin: BufReader::new(stdin()),
stdout: stdout(),
}
}
/// Runs the server until the client closes stdin.
///
/// Returns `Ok(())` on clean EOF; any other I/O error is propagated so
/// callers can log and exit non-zero.
pub async fn run(&mut self) -> io::Result<()> {
loop {
let Some(payload) = read_frame(&mut self.stdin).await? else {
return Ok(());
};
// Requests and notifications share a wire format; the absence of
// `id` distinguishes notifications, which must never receive a
// response.
let message: JsonValue = match serde_json::from_slice(&payload) {
Ok(value) => value,
Err(error) => {
// Parse error with null id per JSON-RPC 2.0 §4.2.
let response = JsonRpcResponse::<JsonValue> {
jsonrpc: "2.0".to_string(),
id: JsonRpcId::Null,
result: None,
error: Some(JsonRpcError {
code: -32700,
message: format!("parse error: {error}"),
data: None,
}),
};
write_response(&mut self.stdout, &response).await?;
continue;
}
};
if message.get("id").is_none() {
// Notification: dispatch for side effects only (e.g. log),
// but send no reply.
continue;
}
let request: JsonRpcRequest<JsonValue> = match serde_json::from_value(message) {
Ok(request) => request,
Err(error) => {
let response = JsonRpcResponse::<JsonValue> {
jsonrpc: "2.0".to_string(),
id: JsonRpcId::Null,
result: None,
error: Some(JsonRpcError {
code: -32600,
message: format!("invalid request: {error}"),
data: None,
}),
};
write_response(&mut self.stdout, &response).await?;
continue;
}
};
let response = self.dispatch(request);
write_response(&mut self.stdout, &response).await?;
}
}
fn dispatch(&self, request: JsonRpcRequest<JsonValue>) -> JsonRpcResponse<JsonValue> {
let id = request.id.clone();
match request.method.as_str() {
"initialize" => self.handle_initialize(id),
"tools/list" => self.handle_tools_list(id),
"tools/call" => self.handle_tools_call(id, request.params),
other => JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: None,
error: Some(JsonRpcError {
code: -32601,
message: format!("method not found: {other}"),
data: None,
}),
},
}
}
fn handle_initialize(&self, id: JsonRpcId) -> JsonRpcResponse<JsonValue> {
let result = McpInitializeResult {
protocol_version: MCP_SERVER_PROTOCOL_VERSION.to_string(),
capabilities: json!({ "tools": {} }),
server_info: McpInitializeServerInfo {
name: self.spec.server_name.clone(),
version: self.spec.server_version.clone(),
},
};
JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: serde_json::to_value(result).ok(),
error: None,
}
}
fn handle_tools_list(&self, id: JsonRpcId) -> JsonRpcResponse<JsonValue> {
let result = McpListToolsResult {
tools: self.spec.tools.clone(),
next_cursor: None,
};
JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: serde_json::to_value(result).ok(),
error: None,
}
}
fn handle_tools_call(
&self,
id: JsonRpcId,
params: Option<JsonValue>,
) -> JsonRpcResponse<JsonValue> {
let Some(params) = params else {
return invalid_params_response(id, "missing params for tools/call");
};
let call: McpToolCallParams = match serde_json::from_value(params) {
Ok(value) => value,
Err(error) => {
return invalid_params_response(id, &format!("invalid tools/call params: {error}"));
}
};
let arguments = call.arguments.unwrap_or_else(|| json!({}));
let tool_result = (self.spec.tool_handler)(&call.name, &arguments);
let (text, is_error) = match tool_result {
Ok(text) => (text, false),
Err(message) => (message, true),
};
let mut data = std::collections::BTreeMap::new();
data.insert("text".to_string(), JsonValue::String(text));
let call_result = McpToolCallResult {
content: vec![McpToolCallContent {
kind: "text".to_string(),
data,
}],
structured_content: None,
is_error: Some(is_error),
meta: None,
};
JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: serde_json::to_value(call_result).ok(),
error: None,
}
}
}
fn invalid_params_response(id: JsonRpcId, message: &str) -> JsonRpcResponse<JsonValue> {
JsonRpcResponse {
jsonrpc: "2.0".to_string(),
id,
result: None,
error: Some(JsonRpcError {
code: -32602,
message: message.to_string(),
data: None,
}),
}
}
/// Reads a single LSP-framed JSON-RPC payload from `reader`.
///
/// Returns `Ok(None)` on clean EOF before any header bytes have been read,
/// matching how [`crate::mcp_stdio::McpStdioProcess`] treats stream closure.
async fn read_frame(reader: &mut BufReader<Stdin>) -> io::Result<Option<Vec<u8>>> {
let mut content_length: Option<usize> = None;
let mut first_header = true;
loop {
let mut line = String::new();
let bytes_read = reader.read_line(&mut line).await?;
if bytes_read == 0 {
if first_header {
return Ok(None);
}
return Err(io::Error::new(
io::ErrorKind::UnexpectedEof,
"MCP stdio stream closed while reading headers",
));
}
first_header = false;
if line == "\r\n" || line == "\n" {
break;
}
let header = line.trim_end_matches(['\r', '\n']);
if let Some((name, value)) = header.split_once(':') {
if name.trim().eq_ignore_ascii_case("Content-Length") {
let parsed = value
.trim()
.parse::<usize>()
.map_err(|error| io::Error::new(io::ErrorKind::InvalidData, error))?;
content_length = Some(parsed);
}
}
}
let content_length = content_length.ok_or_else(|| {
io::Error::new(io::ErrorKind::InvalidData, "missing Content-Length header")
})?;
let mut payload = vec![0_u8; content_length];
reader.read_exact(&mut payload).await?;
Ok(Some(payload))
}
async fn write_response(
stdout: &mut Stdout,
response: &JsonRpcResponse<JsonValue>,
) -> io::Result<()> {
let body = serde_json::to_vec(response)
.map_err(|error| io::Error::new(io::ErrorKind::InvalidData, error))?;
let header = format!("Content-Length: {}\r\n\r\n", body.len());
stdout.write_all(header.as_bytes()).await?;
stdout.write_all(&body).await?;
stdout.flush().await
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn dispatch_initialize_returns_server_info() {
let server = McpServer {
spec: McpServerSpec {
server_name: "test".to_string(),
server_version: "9.9.9".to_string(),
tools: Vec::new(),
tool_handler: Box::new(|_, _| Ok(String::new())),
},
stdin: BufReader::new(stdin()),
stdout: stdout(),
};
let request = JsonRpcRequest::<JsonValue> {
jsonrpc: "2.0".to_string(),
id: JsonRpcId::Number(1),
method: "initialize".to_string(),
params: None,
};
let response = server.dispatch(request);
assert_eq!(response.id, JsonRpcId::Number(1));
assert!(response.error.is_none());
let result = response.result.expect("initialize result");
assert_eq!(result["protocolVersion"], MCP_SERVER_PROTOCOL_VERSION);
assert_eq!(result["serverInfo"]["name"], "test");
assert_eq!(result["serverInfo"]["version"], "9.9.9");
}
#[test]
fn dispatch_tools_list_returns_registered_tools() {
let tool = McpTool {
name: "echo".to_string(),
description: Some("Echo".to_string()),
input_schema: Some(json!({"type": "object"})),
annotations: None,
meta: None,
};
let server = McpServer {
spec: McpServerSpec {
server_name: "test".to_string(),
server_version: "0.0.0".to_string(),
tools: vec![tool.clone()],
tool_handler: Box::new(|_, _| Ok(String::new())),
},
stdin: BufReader::new(stdin()),
stdout: stdout(),
};
let request = JsonRpcRequest::<JsonValue> {
jsonrpc: "2.0".to_string(),
id: JsonRpcId::Number(2),
method: "tools/list".to_string(),
params: None,
};
let response = server.dispatch(request);
assert!(response.error.is_none());
let result = response.result.expect("tools/list result");
assert_eq!(result["tools"][0]["name"], "echo");
}
#[test]
fn dispatch_tools_call_wraps_handler_output() {
let server = McpServer {
spec: McpServerSpec {
server_name: "test".to_string(),
server_version: "0.0.0".to_string(),
tools: Vec::new(),
tool_handler: Box::new(|name, args| Ok(format!("called {name} with {args}"))),
},
stdin: BufReader::new(stdin()),
stdout: stdout(),
};
let request = JsonRpcRequest::<JsonValue> {
jsonrpc: "2.0".to_string(),
id: JsonRpcId::Number(3),
method: "tools/call".to_string(),
params: Some(json!({
"name": "echo",
"arguments": {"text": "hi"}
})),
};
let response = server.dispatch(request);
assert!(response.error.is_none());
let result = response.result.expect("tools/call result");
assert_eq!(result["isError"], false);
assert_eq!(result["content"][0]["type"], "text");
assert!(result["content"][0]["text"]
.as_str()
.unwrap()
.starts_with("called echo"));
}
#[test]
fn dispatch_tools_call_surfaces_handler_error() {
let server = McpServer {
spec: McpServerSpec {
server_name: "test".to_string(),
server_version: "0.0.0".to_string(),
tools: Vec::new(),
tool_handler: Box::new(|_, _| Err("boom".to_string())),
},
stdin: BufReader::new(stdin()),
stdout: stdout(),
};
let request = JsonRpcRequest::<JsonValue> {
jsonrpc: "2.0".to_string(),
id: JsonRpcId::Number(4),
method: "tools/call".to_string(),
params: Some(json!({"name": "broken"})),
};
let response = server.dispatch(request);
let result = response.result.expect("tools/call result");
assert_eq!(result["isError"], true);
assert_eq!(result["content"][0]["text"], "boom");
}
#[test]
fn dispatch_unknown_method_returns_method_not_found() {
let server = McpServer {
spec: McpServerSpec {
server_name: "test".to_string(),
server_version: "0.0.0".to_string(),
tools: Vec::new(),
tool_handler: Box::new(|_, _| Ok(String::new())),
},
stdin: BufReader::new(stdin()),
stdout: stdout(),
};
let request = JsonRpcRequest::<JsonValue> {
jsonrpc: "2.0".to_string(),
id: JsonRpcId::Number(5),
method: "nonsense".to_string(),
params: None,
};
let response = server.dispatch(request);
let error = response.error.expect("error payload");
assert_eq!(error.code, -32601);
}
}

9
rust/crates/runtime/src/oauth.rs
View File

@@ -335,7 +335,14 @@ fn credentials_home_dir() -> io::Result<PathBuf> {
return Ok(PathBuf::from(path));
}
let home = std::env::var_os("HOME")
.ok_or_else(|| io::Error::new(io::ErrorKind::NotFound, "HOME is not set"))?;
.or_else(|| std::env::var_os("USERPROFILE"))
.ok_or_else(|| {
io::Error::new(
io::ErrorKind::NotFound,
"HOME is not set (on Windows, set USERPROFILE or HOME, \
or use CLAW_CONFIG_HOME to point directly at the config directory)",
)
})?;
Ok(PathBuf::from(home).join(".claw"))
}

34
rust/crates/runtime/src/permission_enforcer.rs
View File

@@ -65,6 +65,40 @@ impl PermissionEnforcer {
matches!(self.check(tool_name, input), EnforcementResult::Allowed)
}
/// Check permission with an explicitly provided required mode.
/// Used when the required mode is determined dynamically (e.g., bash command classification).
pub fn check_with_required_mode(
&self,
tool_name: &str,
input: &str,
required_mode: PermissionMode,
) -> EnforcementResult {
// When the active mode is Prompt, defer to the caller's interactive
// prompt flow rather than hard-denying.
if self.policy.active_mode() == PermissionMode::Prompt {
return EnforcementResult::Allowed;
}
let active_mode = self.policy.active_mode();
// Check if active mode meets the dynamically determined required mode
if active_mode >= required_mode {
return EnforcementResult::Allowed;
}
// Permission denied - active mode is insufficient
EnforcementResult::Denied {
tool: tool_name.to_owned(),
active_mode: active_mode.as_str().to_owned(),
required_mode: required_mode.as_str().to_owned(),
reason: format!(
"'{tool_name}' with input '{input}' requires '{}' permission, but current mode is '{}'",
required_mode.as_str(),
active_mode.as_str()
),
}
}
#[must_use]
pub fn active_mode(&self) -> PermissionMode {
self.policy.active_mode()

102
rust/crates/runtime/src/prompt.rs
View File

@@ -4,6 +4,7 @@ use std::path::{Path, PathBuf};
use std::process::Command;
use crate::config::{ConfigError, ConfigLoader, RuntimeConfig};
use crate::git_context::GitContext;
/// Errors raised while assembling the final system prompt.
#[derive(Debug)]
@@ -56,6 +57,7 @@ pub struct ProjectContext {
pub current_date: String,
pub git_status: Option<String>,
pub git_diff: Option<String>,
pub git_context: Option<GitContext>,
pub instruction_files: Vec<ContextFile>,
}
@@ -71,6 +73,7 @@ impl ProjectContext {
current_date: current_date.into(),
git_status: None,
git_diff: None,
git_context: None,
instruction_files,
})
}
@@ -82,6 +85,7 @@ impl ProjectContext {
let mut context = Self::discover(cwd, current_date)?;
context.git_status = read_git_status(&context.cwd);
context.git_diff = read_git_diff(&context.cwd);
context.git_context = GitContext::detect(&context.cwd);
Ok(context)
}
}
@@ -299,11 +303,27 @@ fn render_project_context(project_context: &ProjectContext) -> String {
lines.push("Git status snapshot:".to_string());
lines.push(status.clone());
}
if let Some(ref gc) = project_context.git_context {
if !gc.recent_commits.is_empty() {
lines.push(String::new());
lines.push("Recent commits (last 5):".to_string());
for c in &gc.recent_commits {
lines.push(format!(" {} {}", c.hash, c.subject));
}
}
}
if let Some(diff) = &project_context.git_diff {
lines.push(String::new());
lines.push("Git diff snapshot:".to_string());
lines.push(diff.clone());
}
if let Some(git_context) = &project_context.git_context {
let rendered = git_context.render();
if !rendered.is_empty() {
lines.push(String::new());
lines.push(rendered);
}
}
lines.join("\n")
}
@@ -639,6 +659,88 @@ mod tests {
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn discover_with_git_includes_recent_commits_and_renders_them() {
// given: a git repo with three commits and a current branch
let _guard = env_lock();
ensure_valid_cwd();
let root = temp_dir();
fs::create_dir_all(&root).expect("root dir");
std::process::Command::new("git")
.args(["init", "--quiet", "-b", "main"])
.current_dir(&root)
.status()
.expect("git init should run");
std::process::Command::new("git")
.args(["config", "user.email", "tests@example.com"])
.current_dir(&root)
.status()
.expect("git config email should run");
std::process::Command::new("git")
.args(["config", "user.name", "Runtime Prompt Tests"])
.current_dir(&root)
.status()
.expect("git config name should run");
for (file, message) in [
("a.txt", "first commit"),
("b.txt", "second commit"),
("c.txt", "third commit"),
] {
fs::write(root.join(file), "x\n").expect("write commit file");
std::process::Command::new("git")
.args(["add", file])
.current_dir(&root)
.status()
.expect("git add should run");
std::process::Command::new("git")
.args(["commit", "-m", message, "--quiet"])
.current_dir(&root)
.status()
.expect("git commit should run");
}
fs::write(root.join("d.txt"), "staged\n").expect("write staged file");
std::process::Command::new("git")
.args(["add", "d.txt"])
.current_dir(&root)
.status()
.expect("git add staged should run");
// when: discovering project context with git auto-include
let context =
ProjectContext::discover_with_git(&root, "2026-03-31").expect("context should load");
let rendered = SystemPromptBuilder::new()
.with_os("linux", "6.8")
.with_project_context(context.clone())
.render();
// then: branch, recent commits and staged files are present in context
let gc = context
.git_context
.as_ref()
.expect("git context should be present");
let commits: String = gc
.recent_commits
.iter()
.map(|c| c.subject.clone())
.collect::<Vec<_>>()
.join("\n");
assert!(commits.contains("first commit"));
assert!(commits.contains("second commit"));
assert!(commits.contains("third commit"));
assert_eq!(gc.recent_commits.len(), 3);
let status = context.git_status.as_deref().expect("status snapshot");
assert!(status.contains("## main"));
assert!(status.contains("A d.txt"));
assert!(rendered.contains("Recent commits (last 5):"));
assert!(rendered.contains("first commit"));
assert!(rendered.contains("Git status snapshot:"));
assert!(rendered.contains("## main"));
fs::remove_dir_all(root).expect("cleanup temp dir");
}
#[test]
fn discover_with_git_includes_diff_snapshot_for_tracked_changes() {
let _guard = env_lock();

4
rust/crates/runtime/src/recovery_recipes.rs
View File

@@ -48,7 +48,9 @@ impl FailureScenario {
WorkerFailureKind::TrustGate => Self::TrustPromptUnresolved,
WorkerFailureKind::PromptDelivery => Self::PromptMisdelivery,
WorkerFailureKind::Protocol => Self::McpHandshakeFailure,
WorkerFailureKind::Provider => Self::ProviderFailure,
WorkerFailureKind::Provider | WorkerFailureKind::StartupNoEvidence => {
Self::ProviderFailure
}
}
}
}

225
rust/crates/runtime/src/session.rs
View File

@@ -13,6 +13,7 @@ const SESSION_VERSION: u32 = 1;
const ROTATE_AFTER_BYTES: u64 = 256 * 1024;
const MAX_ROTATED_FILES: usize = 3;
static SESSION_ID_COUNTER: AtomicU64 = AtomicU64::new(0);
static LAST_TIMESTAMP_MS: AtomicU64 = AtomicU64::new(0);
/// Speaker role associated with a persisted conversation message.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -65,6 +66,13 @@ pub struct SessionFork {
pub branch_name: Option<String>,
}
/// A single user prompt recorded with a timestamp for history tracking.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct SessionPromptEntry {
pub timestamp_ms: u64,
pub text: String,
}
#[derive(Debug, Clone, PartialEq, Eq)]
struct SessionPersistence {
path: PathBuf,
@@ -88,6 +96,12 @@ pub struct Session {
pub compaction: Option<SessionCompaction>,
pub fork: Option<SessionFork>,
pub workspace_root: Option<PathBuf>,
pub prompt_history: Vec<SessionPromptEntry>,
/// The model used in this session, persisted so resumed sessions can
/// report which model was originally used.
/// Timestamp of last successful health check (ROADMAP #38)
pub last_health_check_ms: Option<u64>,
pub model: Option<String>,
persistence: Option<SessionPersistence>,
}
@@ -101,6 +115,8 @@ impl PartialEq for Session {
&& self.compaction == other.compaction
&& self.fork == other.fork
&& self.workspace_root == other.workspace_root
&& self.prompt_history == other.prompt_history
&& self.last_health_check_ms == other.last_health_check_ms
}
}
@@ -151,6 +167,9 @@ impl Session {
compaction: None,
fork: None,
workspace_root: None,
prompt_history: Vec::new(),
last_health_check_ms: None,
model: None,
persistence: None,
}
}
@@ -252,6 +271,9 @@ impl Session {
branch_name: normalize_optional_string(branch_name),
}),
workspace_root: self.workspace_root.clone(),
prompt_history: self.prompt_history.clone(),
last_health_check_ms: self.last_health_check_ms,
model: self.model.clone(),
persistence: None,
}
}
@@ -295,6 +317,17 @@ impl Session {
JsonValue::String(workspace_root_to_string(workspace_root)?),
);
}
if !self.prompt_history.is_empty() {
object.insert(
"prompt_history".to_string(),
JsonValue::Array(
self.prompt_history
.iter()
.map(SessionPromptEntry::to_jsonl_record)
.collect(),
),
);
}
Ok(JsonValue::Object(object))
}
@@ -339,6 +372,20 @@ impl Session {
.get("workspace_root")
.and_then(JsonValue::as_str)
.map(PathBuf::from);
let prompt_history = object
.get("prompt_history")
.and_then(JsonValue::as_array)
.map(|entries| {
entries
.iter()
.filter_map(SessionPromptEntry::from_json_opt)
.collect()
})
.unwrap_or_default();
let model = object
.get("model")
.and_then(JsonValue::as_str)
.map(String::from);
Ok(Self {
version,
session_id,
@@ -348,6 +395,9 @@ impl Session {
compaction,
fork,
workspace_root,
prompt_history,
last_health_check_ms: None,
model,
persistence: None,
})
}
@@ -361,6 +411,8 @@ impl Session {
let mut compaction = None;
let mut fork = None;
let mut workspace_root = None;
let mut model = None;
let mut prompt_history = Vec::new();
for (line_number, raw_line) in contents.lines().enumerate() {
let line = raw_line.trim();
@@ -399,6 +451,10 @@ impl Session {
.get("workspace_root")
.and_then(JsonValue::as_str)
.map(PathBuf::from);
model = object
.get("model")
.and_then(JsonValue::as_str)
.map(String::from);
}
"message" => {
let message_value = object.get("message").ok_or_else(|| {
@@ -414,6 +470,13 @@ impl Session {
object.clone(),
))?);
}
"prompt_history" => {
if let Some(entry) =
SessionPromptEntry::from_json_opt(&JsonValue::Object(object.clone()))
{
prompt_history.push(entry);
}
}
other => {
return Err(SessionError::Format(format!(
"unsupported JSONL record type at line {}: {other}",
@@ -433,15 +496,38 @@ impl Session {
compaction,
fork,
workspace_root,
prompt_history,
last_health_check_ms: None,
model,
persistence: None,
})
}
/// Record a user prompt with the current wall-clock timestamp.
///
/// The entry is appended to the in-memory history and, when a persistence
/// path is configured, incrementally written to the JSONL session file.
pub fn push_prompt_entry(&mut self, text: impl Into<String>) -> Result<(), SessionError> {
let timestamp_ms = current_time_millis();
let entry = SessionPromptEntry {
timestamp_ms,
text: text.into(),
};
self.prompt_history.push(entry);
let entry_ref = self.prompt_history.last().expect("entry was just pushed");
self.append_persisted_prompt_entry(entry_ref)
}
fn render_jsonl_snapshot(&self) -> Result<String, SessionError> {
let mut lines = vec![self.meta_record()?.render()];
if let Some(compaction) = &self.compaction {
lines.push(compaction.to_jsonl_record()?.render());
}
lines.extend(
self.prompt_history
.iter()
.map(|entry| entry.to_jsonl_record().render()),
);
lines.extend(
self.messages
.iter()
@@ -468,6 +554,25 @@ impl Session {
Ok(())
}
fn append_persisted_prompt_entry(
&self,
entry: &SessionPromptEntry,
) -> Result<(), SessionError> {
let Some(path) = self.persistence_path() else {
return Ok(());
};
let needs_bootstrap = !path.exists() || fs::metadata(path)?.len() == 0;
if needs_bootstrap {
self.save_to_path(path)?;
return Ok(());
}
let mut file = OpenOptions::new().append(true).open(path)?;
writeln!(file, "{}", entry.to_jsonl_record().render())?;
Ok(())
}
fn meta_record(&self) -> Result<JsonValue, SessionError> {
let mut object = BTreeMap::new();
object.insert(
@@ -499,6 +604,9 @@ impl Session {
JsonValue::String(workspace_root_to_string(workspace_root)?),
);
}
if let Some(model) = &self.model {
object.insert("model".to_string(), JsonValue::String(model.clone()));
}
Ok(JsonValue::Object(object))
}
@@ -784,6 +892,33 @@ impl SessionFork {
}
}
impl SessionPromptEntry {
#[must_use]
pub fn to_jsonl_record(&self) -> JsonValue {
let mut object = BTreeMap::new();
object.insert(
"type".to_string(),
JsonValue::String("prompt_history".to_string()),
);
object.insert(
"timestamp_ms".to_string(),
JsonValue::Number(i64::try_from(self.timestamp_ms).unwrap_or(i64::MAX)),
);
object.insert("text".to_string(), JsonValue::String(self.text.clone()));
JsonValue::Object(object)
}
fn from_json_opt(value: &JsonValue) -> Option<Self> {
let object = value.as_object()?;
let timestamp_ms = object
.get("timestamp_ms")
.and_then(JsonValue::as_i64)
.and_then(|value| u64::try_from(value).ok())?;
let text = object.get("text").and_then(JsonValue::as_str)?.to_string();
Some(Self { timestamp_ms, text })
}
}
fn message_record(message: &ConversationMessage) -> JsonValue {
let mut object = BTreeMap::new();
object.insert("type".to_string(), JsonValue::String("message".to_string()));
@@ -896,10 +1031,27 @@ fn normalize_optional_string(value: Option<String>) -> Option<String> {
}
fn current_time_millis() -> u64 {
SystemTime::now()
let wall_clock = SystemTime::now()
.duration_since(UNIX_EPOCH)
.map(|duration| u64::try_from(duration.as_millis()).unwrap_or(u64::MAX))
.unwrap_or_default()
.unwrap_or_default();
let mut candidate = wall_clock;
loop {
let previous = LAST_TIMESTAMP_MS.load(Ordering::Relaxed);
if candidate <= previous {
candidate = previous.saturating_add(1);
}
match LAST_TIMESTAMP_MS.compare_exchange(
previous,
candidate,
Ordering::SeqCst,
Ordering::SeqCst,
) {
Ok(_) => return candidate,
Err(actual) => candidate = actual.saturating_add(1),
}
}
}
fn generate_session_id() -> String {
@@ -991,8 +1143,8 @@ fn cleanup_rotated_logs(path: &Path) -> Result<(), SessionError> {
#[cfg(test)]
mod tests {
use super::{
cleanup_rotated_logs, rotate_session_file_if_needed, ContentBlock, ConversationMessage,
MessageRole, Session, SessionFork,
cleanup_rotated_logs, current_time_millis, rotate_session_file_if_needed, ContentBlock,
ConversationMessage, MessageRole, Session, SessionFork,
};
use crate::json::JsonValue;
use crate::usage::TokenUsage;
@@ -1000,6 +1152,16 @@ mod tests {
use std::path::{Path, PathBuf};
use std::time::{SystemTime, UNIX_EPOCH};
#[test]
fn session_timestamps_are_monotonic_under_tight_loops() {
let first = current_time_millis();
let second = current_time_millis();
let third = current_time_millis();
assert!(first < second);
assert!(second < third);
}
#[test]
fn persists_and_restores_session_jsonl() {
let mut session = Session::new();
@@ -1326,3 +1488,58 @@ mod tests {
.collect()
}
}
/// Per-worktree session isolation: returns a session directory namespaced
/// by the workspace fingerprint of the given working directory.
/// This prevents parallel `opencode serve` instances from colliding.
/// Called by external consumers (e.g. clawhip) to enumerate sessions for a CWD.
#[allow(dead_code)]
pub fn workspace_sessions_dir(cwd: &std::path::Path) -> Result<std::path::PathBuf, SessionError> {
let store = crate::session_control::SessionStore::from_cwd(cwd)
.map_err(|e| SessionError::Io(std::io::Error::other(e.to_string())))?;
Ok(store.sessions_dir().to_path_buf())
}
#[cfg(test)]
mod workspace_sessions_dir_tests {
use super::*;
use std::fs;
#[test]
fn workspace_sessions_dir_returns_fingerprinted_path_for_valid_cwd() {
let tmp = std::env::temp_dir().join("claw-session-dir-test");
fs::create_dir_all(&tmp).expect("create temp dir");
let result = workspace_sessions_dir(&tmp);
assert!(
result.is_ok(),
"workspace_sessions_dir should succeed for a valid CWD, got: {result:?}"
);
let dir = result.unwrap();
// The returned path should be non-empty and end with a hash component
assert!(!dir.as_os_str().is_empty());
// Two calls with the same CWD should produce identical paths (deterministic)
let result2 = workspace_sessions_dir(&tmp).unwrap();
assert_eq!(dir, result2, "workspace_sessions_dir must be deterministic");
fs::remove_dir_all(&tmp).ok();
}
#[test]
fn workspace_sessions_dir_differs_for_different_cwds() {
let tmp_a = std::env::temp_dir().join("claw-session-dir-a");
let tmp_b = std::env::temp_dir().join("claw-session-dir-b");
fs::create_dir_all(&tmp_a).expect("create dir a");
fs::create_dir_all(&tmp_b).expect("create dir b");
let dir_a = workspace_sessions_dir(&tmp_a).expect("dir a");
let dir_b = workspace_sessions_dir(&tmp_b).expect("dir b");
assert_ne!(
dir_a, dir_b,
"different CWDs must produce different session dirs"
);
fs::remove_dir_all(&tmp_a).ok();
fs::remove_dir_all(&tmp_b).ok();
}
}

777
rust/crates/runtime/src/session_control.rs
View File

@@ -7,6 +7,302 @@ use std::time::UNIX_EPOCH;
use crate::session::{Session, SessionError};
/// Per-worktree session store that namespaces on-disk session files by
/// workspace fingerprint so that parallel `opencode serve` instances never
/// collide.
///
/// Create via [`SessionStore::from_cwd`] (derives the store path from the
/// server's working directory) or [`SessionStore::from_data_dir`] (honours an
/// explicit `--data-dir` flag). Both constructors produce a directory layout
/// of `<data_dir>/sessions/<workspace_hash>/` where `<workspace_hash>` is a
/// stable hex digest of the canonical workspace root.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct SessionStore {
/// Resolved root of the session namespace, e.g.
/// `/home/user/project/.claw/sessions/a1b2c3d4e5f60718/`.
sessions_root: PathBuf,
/// The canonical workspace path that was fingerprinted.
workspace_root: PathBuf,
}
impl SessionStore {
/// Build a store from the server's current working directory.
///
/// The on-disk layout becomes `<cwd>/.claw/sessions/<workspace_hash>/`.
pub fn from_cwd(cwd: impl AsRef<Path>) -> Result<Self, SessionControlError> {
let cwd = cwd.as_ref();
let sessions_root = cwd
.join(".claw")
.join("sessions")
.join(workspace_fingerprint(cwd));
fs::create_dir_all(&sessions_root)?;
Ok(Self {
sessions_root,
workspace_root: cwd.to_path_buf(),
})
}
/// Build a store from an explicit `--data-dir` flag.
///
/// The on-disk layout becomes `<data_dir>/sessions/<workspace_hash>/`
/// where `<workspace_hash>` is derived from `workspace_root`.
pub fn from_data_dir(
data_dir: impl AsRef<Path>,
workspace_root: impl AsRef<Path>,
) -> Result<Self, SessionControlError> {
let workspace_root = workspace_root.as_ref();
let sessions_root = data_dir
.as_ref()
.join("sessions")
.join(workspace_fingerprint(workspace_root));
fs::create_dir_all(&sessions_root)?;
Ok(Self {
sessions_root,
workspace_root: workspace_root.to_path_buf(),
})
}
/// The fully resolved sessions directory for this namespace.
#[must_use]
pub fn sessions_dir(&self) -> &Path {
&self.sessions_root
}
/// The workspace root this store is bound to.
#[must_use]
pub fn workspace_root(&self) -> &Path {
&self.workspace_root
}
#[must_use]
pub fn create_handle(&self, session_id: &str) -> SessionHandle {
let id = session_id.to_string();
let path = self
.sessions_root
.join(format!("{id}.{PRIMARY_SESSION_EXTENSION}"));
SessionHandle { id, path }
}
pub fn resolve_reference(&self, reference: &str) -> Result<SessionHandle, SessionControlError> {
if is_session_reference_alias(reference) {
let latest = self.latest_session()?;
return Ok(SessionHandle {
id: latest.id,
path: latest.path,
});
}
let direct = PathBuf::from(reference);
let candidate = if direct.is_absolute() {
direct.clone()
} else {
self.workspace_root.join(&direct)
};
let looks_like_path = direct.extension().is_some() || direct.components().count() > 1;
let path = if candidate.exists() {
candidate
} else if looks_like_path {
return Err(SessionControlError::Format(
format_missing_session_reference(reference),
));
} else {
self.resolve_managed_path(reference)?
};
Ok(SessionHandle {
id: session_id_from_path(&path).unwrap_or_else(|| reference.to_string()),
path,
})
}
pub fn resolve_managed_path(&self, session_id: &str) -> Result<PathBuf, SessionControlError> {
for extension in [PRIMARY_SESSION_EXTENSION, LEGACY_SESSION_EXTENSION] {
let path = self.sessions_root.join(format!("{session_id}.{extension}"));
if path.exists() {
return Ok(path);
}
}
if let Some(legacy_root) = self.legacy_sessions_root() {
for extension in [PRIMARY_SESSION_EXTENSION, LEGACY_SESSION_EXTENSION] {
let path = legacy_root.join(format!("{session_id}.{extension}"));
if !path.exists() {
continue;
}
let session = Session::load_from_path(&path)?;
self.validate_loaded_session(&path, &session)?;
return Ok(path);
}
}
Err(SessionControlError::Format(
format_missing_session_reference(session_id),
))
}
pub fn list_sessions(&self) -> Result<Vec<ManagedSessionSummary>, SessionControlError> {
let mut sessions = Vec::new();
self.collect_sessions_from_dir(&self.sessions_root, &mut sessions)?;
if let Some(legacy_root) = self.legacy_sessions_root() {
self.collect_sessions_from_dir(&legacy_root, &mut sessions)?;
}
sort_managed_sessions(&mut sessions);
Ok(sessions)
}
pub fn latest_session(&self) -> Result<ManagedSessionSummary, SessionControlError> {
self.list_sessions()?
.into_iter()
.next()
.ok_or_else(|| SessionControlError::Format(format_no_managed_sessions()))
}
pub fn load_session(
&self,
reference: &str,
) -> Result<LoadedManagedSession, SessionControlError> {
let handle = self.resolve_reference(reference)?;
let session = Session::load_from_path(&handle.path)?;
self.validate_loaded_session(&handle.path, &session)?;
Ok(LoadedManagedSession {
handle: SessionHandle {
id: session.session_id.clone(),
path: handle.path,
},
session,
})
}
pub fn fork_session(
&self,
session: &Session,
branch_name: Option<String>,
) -> Result<ForkedManagedSession, SessionControlError> {
let parent_session_id = session.session_id.clone();
let forked = session
.fork(branch_name)
.with_workspace_root(self.workspace_root.clone());
let handle = self.create_handle(&forked.session_id);
let branch_name = forked
.fork
.as_ref()
.and_then(|fork| fork.branch_name.clone());
let forked = forked.with_persistence_path(handle.path.clone());
forked.save_to_path(&handle.path)?;
Ok(ForkedManagedSession {
parent_session_id,
handle,
session: forked,
branch_name,
})
}
fn legacy_sessions_root(&self) -> Option<PathBuf> {
self.sessions_root
.parent()
.filter(|parent| parent.file_name().is_some_and(|name| name == "sessions"))
.map(Path::to_path_buf)
}
fn validate_loaded_session(
&self,
session_path: &Path,
session: &Session,
) -> Result<(), SessionControlError> {
let Some(actual) = session.workspace_root() else {
if path_is_within_workspace(session_path, &self.workspace_root) {
return Ok(());
}
return Err(SessionControlError::Format(
format_legacy_session_missing_workspace_root(session_path, &self.workspace_root),
));
};
if workspace_roots_match(actual, &self.workspace_root) {
return Ok(());
}
Err(SessionControlError::WorkspaceMismatch {
expected: self.workspace_root.clone(),
actual: actual.to_path_buf(),
})
}
fn collect_sessions_from_dir(
&self,
directory: &Path,
sessions: &mut Vec<ManagedSessionSummary>,
) -> Result<(), SessionControlError> {
let entries = match fs::read_dir(directory) {
Ok(entries) => entries,
Err(err) if err.kind() == std::io::ErrorKind::NotFound => return Ok(()),
Err(err) => return Err(err.into()),
};
for entry in entries {
let entry = entry?;
let path = entry.path();
if !is_managed_session_file(&path) {
continue;
}
let metadata = entry.metadata()?;
let modified_epoch_millis = metadata
.modified()
.ok()
.and_then(|time| time.duration_since(UNIX_EPOCH).ok())
.map(|duration| duration.as_millis())
.unwrap_or_default();
let summary = match Session::load_from_path(&path) {
Ok(session) => {
if self.validate_loaded_session(&path, &session).is_err() {
continue;
}
ManagedSessionSummary {
id: session.session_id,
path,
updated_at_ms: session.updated_at_ms,
modified_epoch_millis,
message_count: session.messages.len(),
parent_session_id: session
.fork
.as_ref()
.map(|fork| fork.parent_session_id.clone()),
branch_name: session
.fork
.as_ref()
.and_then(|fork| fork.branch_name.clone()),
}
}
Err(_) => ManagedSessionSummary {
id: path
.file_stem()
.and_then(|value| value.to_str())
.unwrap_or("unknown")
.to_string(),
path,
updated_at_ms: 0,
modified_epoch_millis,
message_count: 0,
parent_session_id: None,
branch_name: None,
},
};
sessions.push(summary);
}
Ok(())
}
}
/// Stable hex fingerprint of a workspace path.
///
/// Uses FNV-1a (64-bit) to produce a 16-char hex string that partitions the
/// on-disk session directory per workspace root.
#[must_use]
pub fn workspace_fingerprint(workspace_root: &Path) -> String {
let input = workspace_root.to_string_lossy();
let mut hash = 0xcbf2_9ce4_8422_2325_u64;
for byte in input.as_bytes() {
hash ^= u64::from(*byte);
hash = hash.wrapping_mul(0x0100_0000_01b3);
}
format!("{hash:016x}")
}
pub const PRIMARY_SESSION_EXTENSION: &str = "jsonl";
pub const LEGACY_SESSION_EXTENSION: &str = "json";
pub const LATEST_SESSION_REFERENCE: &str = "latest";
@@ -23,12 +319,23 @@ pub struct SessionHandle {
pub struct ManagedSessionSummary {
pub id: String,
pub path: PathBuf,
pub updated_at_ms: u64,
pub modified_epoch_millis: u128,
pub message_count: usize,
pub parent_session_id: Option<String>,
pub branch_name: Option<String>,
}
fn sort_managed_sessions(sessions: &mut [ManagedSessionSummary]) {
sessions.sort_by(|left, right| {
right
.updated_at_ms
.cmp(&left.updated_at_ms)
.then_with(|| right.modified_epoch_millis.cmp(&left.modified_epoch_millis))
.then_with(|| right.id.cmp(&left.id))
});
}
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct LoadedManagedSession {
pub handle: SessionHandle,
@@ -48,6 +355,7 @@ pub enum SessionControlError {
Io(std::io::Error),
Session(SessionError),
Format(String),
WorkspaceMismatch { expected: PathBuf, actual: PathBuf },
}
impl Display for SessionControlError {
@@ -56,6 +364,12 @@ impl Display for SessionControlError {
Self::Io(error) => write!(f, "{error}"),
Self::Session(error) => write!(f, "{error}"),
Self::Format(error) => write!(f, "{error}"),
Self::WorkspaceMismatch { expected, actual } => write!(
f,
"session workspace mismatch: expected {}, found {}",
expected.display(),
actual.display()
),
}
}
}
@@ -81,9 +395,8 @@ pub fn sessions_dir() -> Result<PathBuf, SessionControlError> {
pub fn managed_sessions_dir_for(
base_dir: impl AsRef<Path>,
) -> Result<PathBuf, SessionControlError> {
let path = base_dir.as_ref().join(".claw").join("sessions");
fs::create_dir_all(&path)?;
Ok(path)
let store = SessionStore::from_cwd(base_dir)?;
Ok(store.sessions_dir().to_path_buf())
}
pub fn create_managed_session_handle(
@@ -96,10 +409,8 @@ pub fn create_managed_session_handle_for(
base_dir: impl AsRef<Path>,
session_id: &str,
) -> Result<SessionHandle, SessionControlError> {
let id = session_id.to_string();
let path =
managed_sessions_dir_for(base_dir)?.join(format!("{id}.{PRIMARY_SESSION_EXTENSION}"));
Ok(SessionHandle { id, path })
let store = SessionStore::from_cwd(base_dir)?;
Ok(store.create_handle(session_id))
}
pub fn resolve_session_reference(reference: &str) -> Result<SessionHandle, SessionControlError> {
@@ -110,36 +421,8 @@ pub fn resolve_session_reference_for(
base_dir: impl AsRef<Path>,
reference: &str,
) -> Result<SessionHandle, SessionControlError> {
let base_dir = base_dir.as_ref();
if is_session_reference_alias(reference) {
let latest = latest_managed_session_for(base_dir)?;
return Ok(SessionHandle {
id: latest.id,
path: latest.path,
});
}
let direct = PathBuf::from(reference);
let candidate = if direct.is_absolute() {
direct.clone()
} else {
base_dir.join(&direct)
};
let looks_like_path = direct.extension().is_some() || direct.components().count() > 1;
let path = if candidate.exists() {
candidate
} else if looks_like_path {
return Err(SessionControlError::Format(
format_missing_session_reference(reference),
));
} else {
resolve_managed_session_path_for(base_dir, reference)?
};
Ok(SessionHandle {
id: session_id_from_path(&path).unwrap_or_else(|| reference.to_string()),
path,
})
let store = SessionStore::from_cwd(base_dir)?;
store.resolve_reference(reference)
}
pub fn resolve_managed_session_path(session_id: &str) -> Result<PathBuf, SessionControlError> {
@@ -150,16 +433,8 @@ pub fn resolve_managed_session_path_for(
base_dir: impl AsRef<Path>,
session_id: &str,
) -> Result<PathBuf, SessionControlError> {
let directory = managed_sessions_dir_for(base_dir)?;
for extension in [PRIMARY_SESSION_EXTENSION, LEGACY_SESSION_EXTENSION] {
let path = directory.join(format!("{session_id}.{extension}"));
if path.exists() {
return Ok(path);
}
}
Err(SessionControlError::Format(
format_missing_session_reference(session_id),
))
let store = SessionStore::from_cwd(base_dir)?;
store.resolve_managed_path(session_id)
}
#[must_use]
@@ -178,64 +453,8 @@ pub fn list_managed_sessions() -> Result<Vec<ManagedSessionSummary>, SessionCont
pub fn list_managed_sessions_for(
base_dir: impl AsRef<Path>,
) -> Result<Vec<ManagedSessionSummary>, SessionControlError> {
let mut sessions = Vec::new();
for entry in fs::read_dir(managed_sessions_dir_for(base_dir)?)? {
let entry = entry?;
let path = entry.path();
if !is_managed_session_file(&path) {
continue;
}
let metadata = entry.metadata()?;
let modified_epoch_millis = metadata
.modified()
.ok()
.and_then(|time| time.duration_since(UNIX_EPOCH).ok())
.map(|duration| duration.as_millis())
.unwrap_or_default();
let (id, message_count, parent_session_id, branch_name) =
match Session::load_from_path(&path) {
Ok(session) => {
let parent_session_id = session
.fork
.as_ref()
.map(|fork| fork.parent_session_id.clone());
let branch_name = session
.fork
.as_ref()
.and_then(|fork| fork.branch_name.clone());
(
session.session_id,
session.messages.len(),
parent_session_id,
branch_name,
)
}
Err(_) => (
path.file_stem()
.and_then(|value| value.to_str())
.unwrap_or("unknown")
.to_string(),
0,
None,
None,
),
};
sessions.push(ManagedSessionSummary {
id,
path,
modified_epoch_millis,
message_count,
parent_session_id,
branch_name,
});
}
sessions.sort_by(|left, right| {
right
.modified_epoch_millis
.cmp(&left.modified_epoch_millis)
.then_with(|| right.id.cmp(&left.id))
});
Ok(sessions)
let store = SessionStore::from_cwd(base_dir)?;
store.list_sessions()
}
pub fn latest_managed_session() -> Result<ManagedSessionSummary, SessionControlError> {
@@ -245,10 +464,8 @@ pub fn latest_managed_session() -> Result<ManagedSessionSummary, SessionControlE
pub fn latest_managed_session_for(
base_dir: impl AsRef<Path>,
) -> Result<ManagedSessionSummary, SessionControlError> {
list_managed_sessions_for(base_dir)?
.into_iter()
.next()
.ok_or_else(|| SessionControlError::Format(format_no_managed_sessions()))
let store = SessionStore::from_cwd(base_dir)?;
store.latest_session()
}
pub fn load_managed_session(reference: &str) -> Result<LoadedManagedSession, SessionControlError> {
@@ -259,15 +476,8 @@ pub fn load_managed_session_for(
base_dir: impl AsRef<Path>,
reference: &str,
) -> Result<LoadedManagedSession, SessionControlError> {
let handle = resolve_session_reference_for(base_dir, reference)?;
let session = Session::load_from_path(&handle.path)?;
Ok(LoadedManagedSession {
handle: SessionHandle {
id: session.session_id.clone(),
path: handle.path,
},
session,
})
let store = SessionStore::from_cwd(base_dir)?;
store.load_session(reference)
}
pub fn fork_managed_session(
@@ -282,21 +492,8 @@ pub fn fork_managed_session_for(
session: &Session,
branch_name: Option<String>,
) -> Result<ForkedManagedSession, SessionControlError> {
let parent_session_id = session.session_id.clone();
let forked = session.fork(branch_name);
let handle = create_managed_session_handle_for(base_dir, &forked.session_id)?;
let branch_name = forked
.fork
.as_ref()
.and_then(|fork| fork.branch_name.clone());
let forked = forked.with_persistence_path(handle.path.clone());
forked.save_to_path(&handle.path)?;
Ok(ForkedManagedSession {
parent_session_id,
handle,
session: forked,
branch_name,
})
let store = SessionStore::from_cwd(base_dir)?;
store.fork_session(session, branch_name)
}
#[must_use]
@@ -328,12 +525,36 @@ fn format_no_managed_sessions() -> String {
)
}
fn format_legacy_session_missing_workspace_root(
session_path: &Path,
workspace_root: &Path,
) -> String {
format!(
"legacy session is missing workspace binding: {}\nOpen it from its original workspace or re-save it from {}.",
session_path.display(),
workspace_root.display()
)
}
fn workspace_roots_match(left: &Path, right: &Path) -> bool {
canonicalize_for_compare(left) == canonicalize_for_compare(right)
}
fn canonicalize_for_compare(path: &Path) -> PathBuf {
fs::canonicalize(path).unwrap_or_else(|_| path.to_path_buf())
}
fn path_is_within_workspace(path: &Path, workspace_root: &Path) -> bool {
canonicalize_for_compare(path).starts_with(canonicalize_for_compare(workspace_root))
}
#[cfg(test)]
mod tests {
use super::{
create_managed_session_handle_for, fork_managed_session_for, is_session_reference_alias,
list_managed_sessions_for, load_managed_session_for, resolve_session_reference_for,
ManagedSessionSummary, LATEST_SESSION_REFERENCE,
workspace_fingerprint, ManagedSessionSummary, SessionControlError, SessionStore,
LATEST_SESSION_REFERENCE,
};
use crate::session::Session;
use std::fs;
@@ -349,7 +570,7 @@ mod tests {
}
fn persist_session(root: &Path, text: &str) -> Session {
let mut session = Session::new();
let mut session = Session::new().with_workspace_root(root.to_path_buf());
session
.push_user_text(text)
.expect("session message should save");
@@ -385,6 +606,35 @@ mod tests {
.expect("session summary should exist")
}
#[test]
fn latest_session_prefers_semantic_updated_at_over_file_mtime() {
let mut sessions = vec![
ManagedSessionSummary {
id: "older-file-newer-session".to_string(),
path: PathBuf::from("/tmp/older"),
updated_at_ms: 200,
modified_epoch_millis: 100,
message_count: 2,
parent_session_id: None,
branch_name: None,
},
ManagedSessionSummary {
id: "newer-file-older-session".to_string(),
path: PathBuf::from("/tmp/newer"),
updated_at_ms: 100,
modified_epoch_millis: 200,
message_count: 1,
parent_session_id: None,
branch_name: None,
},
];
crate::session_control::sort_managed_sessions(&mut sessions);
assert_eq!(sessions[0].id, "older-file-newer-session");
assert_eq!(sessions[1].id, "newer-file-older-session");
}
#[test]
fn creates_and_lists_managed_sessions() {
// given
@@ -456,4 +706,261 @@ mod tests {
);
fs::remove_dir_all(root).expect("temp dir should clean up");
}
// ------------------------------------------------------------------
// Per-worktree session isolation (SessionStore) tests
// ------------------------------------------------------------------
fn persist_session_via_store(store: &SessionStore, text: &str) -> Session {
let mut session = Session::new().with_workspace_root(store.workspace_root().to_path_buf());
session
.push_user_text(text)
.expect("session message should save");
let handle = store.create_handle(&session.session_id);
let session = session.with_persistence_path(handle.path.clone());
session
.save_to_path(&handle.path)
.expect("session should persist");
session
}
#[test]
fn workspace_fingerprint_is_deterministic_and_differs_per_path() {
// given
let path_a = Path::new("/tmp/worktree-alpha");
let path_b = Path::new("/tmp/worktree-beta");
// when
let fp_a1 = workspace_fingerprint(path_a);
let fp_a2 = workspace_fingerprint(path_a);
let fp_b = workspace_fingerprint(path_b);
// then
assert_eq!(fp_a1, fp_a2, "same path must produce the same fingerprint");
assert_ne!(
fp_a1, fp_b,
"different paths must produce different fingerprints"
);
assert_eq!(fp_a1.len(), 16, "fingerprint must be a 16-char hex string");
}
#[test]
fn session_store_from_cwd_isolates_sessions_by_workspace() {
// given
let base = temp_dir();
let workspace_a = base.join("repo-alpha");
let workspace_b = base.join("repo-beta");
fs::create_dir_all(&workspace_a).expect("workspace a should exist");
fs::create_dir_all(&workspace_b).expect("workspace b should exist");
let store_a = SessionStore::from_cwd(&workspace_a).expect("store a should build");
let store_b = SessionStore::from_cwd(&workspace_b).expect("store b should build");
// when
let session_a = persist_session_via_store(&store_a, "alpha work");
let _session_b = persist_session_via_store(&store_b, "beta work");
// then — each store only sees its own sessions
let list_a = store_a.list_sessions().expect("list a");
let list_b = store_b.list_sessions().expect("list b");
assert_eq!(list_a.len(), 1, "store a should see exactly one session");
assert_eq!(list_b.len(), 1, "store b should see exactly one session");
assert_eq!(list_a[0].id, session_a.session_id);
assert_ne!(
store_a.sessions_dir(),
store_b.sessions_dir(),
"session directories must differ across workspaces"
);
fs::remove_dir_all(base).expect("temp dir should clean up");
}
#[test]
fn session_store_from_data_dir_namespaces_by_workspace() {
// given
let base = temp_dir();
let data_dir = base.join("global-data");
let workspace_a = PathBuf::from("/tmp/project-one");
let workspace_b = PathBuf::from("/tmp/project-two");
fs::create_dir_all(&data_dir).expect("data dir should exist");
let store_a =
SessionStore::from_data_dir(&data_dir, &workspace_a).expect("store a should build");
let store_b =
SessionStore::from_data_dir(&data_dir, &workspace_b).expect("store b should build");
// when
persist_session_via_store(&store_a, "work in project-one");
persist_session_via_store(&store_b, "work in project-two");
// then
assert_ne!(
store_a.sessions_dir(),
store_b.sessions_dir(),
"data-dir stores must namespace by workspace"
);
assert_eq!(store_a.list_sessions().expect("list a").len(), 1);
assert_eq!(store_b.list_sessions().expect("list b").len(), 1);
assert_eq!(store_a.workspace_root(), workspace_a.as_path());
assert_eq!(store_b.workspace_root(), workspace_b.as_path());
fs::remove_dir_all(base).expect("temp dir should clean up");
}
#[test]
fn session_store_create_and_load_round_trip() {
// given
let base = temp_dir();
fs::create_dir_all(&base).expect("base dir should exist");
let store = SessionStore::from_cwd(&base).expect("store should build");
let session = persist_session_via_store(&store, "round-trip message");
// when
let loaded = store
.load_session(&session.session_id)
.expect("session should load via store");
// then
assert_eq!(loaded.handle.id, session.session_id);
assert_eq!(loaded.session.messages.len(), 1);
fs::remove_dir_all(base).expect("temp dir should clean up");
}
#[test]
fn session_store_rejects_legacy_session_from_other_workspace() {
// given
let base = temp_dir();
let workspace_a = base.join("repo-alpha");
let workspace_b = base.join("repo-beta");
fs::create_dir_all(&workspace_a).expect("workspace a should exist");
fs::create_dir_all(&workspace_b).expect("workspace b should exist");
let store_b = SessionStore::from_cwd(&workspace_b).expect("store b should build");
let legacy_root = workspace_b.join(".claw").join("sessions");
fs::create_dir_all(&legacy_root).expect("legacy root should exist");
let legacy_path = legacy_root.join("legacy-cross.jsonl");
let session = Session::new()
.with_workspace_root(workspace_a.clone())
.with_persistence_path(legacy_path.clone());
session
.save_to_path(&legacy_path)
.expect("legacy session should persist");
// when
let err = store_b
.load_session("legacy-cross")
.expect_err("workspace mismatch should be rejected");
// then
match err {
SessionControlError::WorkspaceMismatch { expected, actual } => {
assert_eq!(expected, workspace_b);
assert_eq!(actual, workspace_a);
}
other => panic!("expected workspace mismatch, got {other:?}"),
}
fs::remove_dir_all(base).expect("temp dir should clean up");
}
#[test]
fn session_store_loads_safe_legacy_session_from_same_workspace() {
// given
let base = temp_dir();
fs::create_dir_all(&base).expect("base dir should exist");
let store = SessionStore::from_cwd(&base).expect("store should build");
let legacy_root = base.join(".claw").join("sessions");
let legacy_path = legacy_root.join("legacy-safe.jsonl");
fs::create_dir_all(&legacy_root).expect("legacy root should exist");
let session = Session::new()
.with_workspace_root(base.clone())
.with_persistence_path(legacy_path.clone());
session
.save_to_path(&legacy_path)
.expect("legacy session should persist");
// when
let loaded = store
.load_session("legacy-safe")
.expect("same-workspace legacy session should load");
// then
assert_eq!(loaded.handle.id, session.session_id);
assert_eq!(loaded.handle.path, legacy_path);
assert_eq!(loaded.session.workspace_root(), Some(base.as_path()));
fs::remove_dir_all(base).expect("temp dir should clean up");
}
#[test]
fn session_store_loads_unbound_legacy_session_from_same_workspace() {
// given
let base = temp_dir();
fs::create_dir_all(&base).expect("base dir should exist");
let store = SessionStore::from_cwd(&base).expect("store should build");
let legacy_root = base.join(".claw").join("sessions");
let legacy_path = legacy_root.join("legacy-unbound.json");
fs::create_dir_all(&legacy_root).expect("legacy root should exist");
let session = Session::new().with_persistence_path(legacy_path.clone());
session
.save_to_path(&legacy_path)
.expect("legacy session should persist");
// when
let loaded = store
.load_session("legacy-unbound")
.expect("same-workspace legacy session without workspace binding should load");
// then
assert_eq!(loaded.handle.path, legacy_path);
assert_eq!(loaded.session.workspace_root(), None);
fs::remove_dir_all(base).expect("temp dir should clean up");
}
#[test]
fn session_store_latest_and_resolve_reference() {
// given
let base = temp_dir();
fs::create_dir_all(&base).expect("base dir should exist");
let store = SessionStore::from_cwd(&base).expect("store should build");
let _older = persist_session_via_store(&store, "older");
wait_for_next_millisecond();
let newer = persist_session_via_store(&store, "newer");
// when
let latest = store.latest_session().expect("latest should resolve");
let handle = store
.resolve_reference("latest")
.expect("latest alias should resolve");
// then
assert_eq!(latest.id, newer.session_id);
assert_eq!(handle.id, newer.session_id);
fs::remove_dir_all(base).expect("temp dir should clean up");
}
#[test]
fn session_store_fork_stays_in_same_namespace() {
// given
let base = temp_dir();
fs::create_dir_all(&base).expect("base dir should exist");
let store = SessionStore::from_cwd(&base).expect("store should build");
let source = persist_session_via_store(&store, "parent work");
// when
let forked = store
.fork_session(&source, Some("bugfix".to_string()))
.expect("fork should succeed");
let sessions = store.list_sessions().expect("list sessions");
// then
assert_eq!(
sessions.len(),
2,
"forked session must land in the same namespace"
);
assert_eq!(forked.parent_session_id, source.session_id);
assert_eq!(forked.branch_name.as_deref(), Some("bugfix"));
assert!(
forked.handle.path.starts_with(store.sessions_dir()),
"forked session path must be inside the store namespace"
);
fs::remove_dir_all(base).expect("temp dir should clean up");
}
}

84
rust/crates/runtime/src/session_identity.rs Normal file
View File

@@ -0,0 +1,84 @@
use std::collections::hash_map::DefaultHasher;
use std::env;
use std::hash::{Hash, Hasher};
use std::process;
use std::sync::atomic::{AtomicBool, AtomicU64, Ordering};
use std::sync::OnceLock;
use std::time::{SystemTime, UNIX_EPOCH};
static BOOT_SESSION_ID: OnceLock<String> = OnceLock::new();
static BOOT_SESSION_COUNTER: AtomicU64 = AtomicU64::new(0);
static ACTIVE_SESSION: AtomicBool = AtomicBool::new(false);
#[must_use]
pub fn current_boot_session_id() -> &'static str {
BOOT_SESSION_ID.get_or_init(resolve_boot_session_id)
}
pub fn begin_session() {
ACTIVE_SESSION.store(true, Ordering::SeqCst);
}
pub fn end_session() {
ACTIVE_SESSION.store(false, Ordering::SeqCst);
}
#[must_use]
pub fn is_active_session() -> bool {
ACTIVE_SESSION.load(Ordering::SeqCst)
}
fn resolve_boot_session_id() -> String {
match env::var("CLAW_SESSION_ID") {
Ok(value) if !value.trim().is_empty() => value,
_ => generate_boot_session_id(),
}
}
fn generate_boot_session_id() -> String {
let nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap_or_default()
.as_nanos();
let counter = BOOT_SESSION_COUNTER.fetch_add(1, Ordering::Relaxed);
let mut hasher = DefaultHasher::new();
process::id().hash(&mut hasher);
nanos.hash(&mut hasher);
counter.hash(&mut hasher);
format!("boot-{:016x}", hasher.finish())
}
#[cfg(test)]
mod tests {
use super::{begin_session, current_boot_session_id, end_session, is_active_session};
#[test]
fn given_current_boot_session_id_when_called_twice_then_it_is_stable() {
let first = current_boot_session_id();
let second = current_boot_session_id();
assert_eq!(first, second);
assert!(first.starts_with("boot-"));
}
#[test]
fn given_current_boot_session_id_when_inspected_then_it_is_opaque_and_non_empty() {
let session_id = current_boot_session_id();
assert!(!session_id.trim().is_empty());
assert_eq!(session_id.len(), 21);
assert!(!session_id.contains(' '));
}
#[test]
fn given_begin_and_end_session_when_checked_then_active_state_toggles() {
end_session();
assert!(!is_active_session());
begin_session();
assert!(is_active_session());
end_session();
assert!(!is_active_session());
}
}

429
rust/crates/runtime/src/stale_base.rs Normal file
View File

@@ -0,0 +1,429 @@
#![allow(clippy::must_use_candidate)]
use std::path::Path;
use std::process::Command;
/// Outcome of comparing the worktree HEAD against the expected base commit.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum BaseCommitState {
/// HEAD matches the expected base commit.
Matches,
/// HEAD has diverged from the expected base.
Diverged { expected: String, actual: String },
/// No expected base was supplied (neither flag nor file).
NoExpectedBase,
/// The working directory is not inside a git repository.
NotAGitRepo,
}
/// Where the expected base commit originated from.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum BaseCommitSource {
Flag(String),
File(String),
}
/// Read the `.claw-base` file from the given directory and return the trimmed
/// commit hash, or `None` when the file is absent or empty.
pub fn read_claw_base_file(cwd: &Path) -> Option<String> {
let path = cwd.join(".claw-base");
let content = std::fs::read_to_string(path).ok()?;
let trimmed = content.trim();
if trimmed.is_empty() {
None
} else {
Some(trimmed.to_string())
}
}
/// Resolve the expected base commit: prefer the `--base-commit` flag value,
/// fall back to reading `.claw-base` from `cwd`.
pub fn resolve_expected_base(flag_value: Option<&str>, cwd: &Path) -> Option<BaseCommitSource> {
if let Some(value) = flag_value {
let trimmed = value.trim();
if !trimmed.is_empty() {
return Some(BaseCommitSource::Flag(trimmed.to_string()));
}
}
read_claw_base_file(cwd).map(BaseCommitSource::File)
}
/// Verify that the worktree HEAD matches `expected_base`.
///
/// Returns [`BaseCommitState::NoExpectedBase`] when no expected commit is
/// provided (the check is effectively a no-op in that case).
pub fn check_base_commit(cwd: &Path, expected_base: Option<&BaseCommitSource>) -> BaseCommitState {
let Some(source) = expected_base else {
return BaseCommitState::NoExpectedBase;
};
let expected_raw = match source {
BaseCommitSource::Flag(value) | BaseCommitSource::File(value) => value.as_str(),
};
let Some(head_sha) = resolve_head_sha(cwd) else {
return BaseCommitState::NotAGitRepo;
};
let Some(expected_sha) = resolve_rev(cwd, expected_raw) else {
// If the expected ref cannot be resolved, compare raw strings as a
// best-effort fallback (e.g. partial SHA provided by the caller).
return if head_sha.starts_with(expected_raw) || expected_raw.starts_with(&head_sha) {
BaseCommitState::Matches
} else {
BaseCommitState::Diverged {
expected: expected_raw.to_string(),
actual: head_sha,
}
};
};
if head_sha == expected_sha {
BaseCommitState::Matches
} else {
BaseCommitState::Diverged {
expected: expected_sha,
actual: head_sha,
}
}
}
/// Format a human-readable warning when the base commit has diverged.
///
/// Returns `None` for non-warning states (`Matches`, `NoExpectedBase`).
pub fn format_stale_base_warning(state: &BaseCommitState) -> Option<String> {
match state {
BaseCommitState::Diverged { expected, actual } => Some(format!(
"warning: worktree HEAD ({actual}) does not match expected base commit ({expected}). \
Session may run against a stale codebase."
)),
BaseCommitState::NotAGitRepo => {
Some("warning: stale-base check skipped — not inside a git repository.".to_string())
}
BaseCommitState::Matches | BaseCommitState::NoExpectedBase => None,
}
}
fn resolve_head_sha(cwd: &Path) -> Option<String> {
resolve_rev(cwd, "HEAD")
}
fn resolve_rev(cwd: &Path, rev: &str) -> Option<String> {
let output = Command::new("git")
.args(["rev-parse", rev])
.current_dir(cwd)
.output()
.ok()?;
if !output.status.success() {
return None;
}
let sha = String::from_utf8(output.stdout).ok()?;
let trimmed = sha.trim();
if trimmed.is_empty() {
None
} else {
Some(trimmed.to_string())
}
}
#[cfg(test)]
mod tests {
use super::*;
use std::fs;
use std::process::Command;
use std::time::{SystemTime, UNIX_EPOCH};
fn temp_dir() -> std::path::PathBuf {
let nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.expect("time should be after epoch")
.as_nanos();
std::env::temp_dir().join(format!("runtime-stale-base-{nanos}"))
}
fn init_repo(path: &std::path::Path) {
fs::create_dir_all(path).expect("create repo dir");
run(path, &["init", "--quiet", "-b", "main"]);
run(path, &["config", "user.email", "tests@example.com"]);
run(path, &["config", "user.name", "Stale Base Tests"]);
fs::write(path.join("init.txt"), "initial\n").expect("write init file");
run(path, &["add", "."]);
run(path, &["commit", "-m", "initial commit", "--quiet"]);
}
fn run(cwd: &std::path::Path, args: &[&str]) {
let status = Command::new("git")
.args(args)
.current_dir(cwd)
.status()
.unwrap_or_else(|e| panic!("git {} failed to execute: {e}", args.join(" ")));
assert!(
status.success(),
"git {} exited with {status}",
args.join(" ")
);
}
fn commit_file(repo: &std::path::Path, name: &str, msg: &str) {
fs::write(repo.join(name), format!("{msg}\n")).expect("write file");
run(repo, &["add", name]);
run(repo, &["commit", "-m", msg, "--quiet"]);
}
fn head_sha(repo: &std::path::Path) -> String {
let output = Command::new("git")
.args(["rev-parse", "HEAD"])
.current_dir(repo)
.output()
.expect("git rev-parse HEAD");
String::from_utf8(output.stdout)
.expect("valid utf8")
.trim()
.to_string()
}
#[test]
fn matches_when_head_equals_expected_base() {
// given
let root = temp_dir();
init_repo(&root);
let sha = head_sha(&root);
let source = BaseCommitSource::Flag(sha);
// when
let state = check_base_commit(&root, Some(&source));
// then
assert_eq!(state, BaseCommitState::Matches);
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn diverged_when_head_moved_past_expected_base() {
// given
let root = temp_dir();
init_repo(&root);
let old_sha = head_sha(&root);
commit_file(&root, "extra.txt", "move head forward");
let new_sha = head_sha(&root);
let source = BaseCommitSource::Flag(old_sha.clone());
// when
let state = check_base_commit(&root, Some(&source));
// then
assert_eq!(
state,
BaseCommitState::Diverged {
expected: old_sha,
actual: new_sha,
}
);
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn no_expected_base_when_source_is_none() {
// given
let root = temp_dir();
init_repo(&root);
// when
let state = check_base_commit(&root, None);
// then
assert_eq!(state, BaseCommitState::NoExpectedBase);
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn not_a_git_repo_when_outside_repo() {
// given
let root = temp_dir();
fs::create_dir_all(&root).expect("create dir");
let source = BaseCommitSource::Flag("abc1234".to_string());
// when
let state = check_base_commit(&root, Some(&source));
// then
assert_eq!(state, BaseCommitState::NotAGitRepo);
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn reads_claw_base_file() {
// given
let root = temp_dir();
fs::create_dir_all(&root).expect("create dir");
fs::write(root.join(".claw-base"), "abc1234def5678\n").expect("write .claw-base");
// when
let value = read_claw_base_file(&root);
// then
assert_eq!(value, Some("abc1234def5678".to_string()));
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn returns_none_for_missing_claw_base_file() {
// given
let root = temp_dir();
fs::create_dir_all(&root).expect("create dir");
// when
let value = read_claw_base_file(&root);
// then
assert!(value.is_none());
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn returns_none_for_empty_claw_base_file() {
// given
let root = temp_dir();
fs::create_dir_all(&root).expect("create dir");
fs::write(root.join(".claw-base"), " \n").expect("write empty .claw-base");
// when
let value = read_claw_base_file(&root);
// then
assert!(value.is_none());
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn resolve_expected_base_prefers_flag_over_file() {
// given
let root = temp_dir();
fs::create_dir_all(&root).expect("create dir");
fs::write(root.join(".claw-base"), "from_file\n").expect("write .claw-base");
// when
let source = resolve_expected_base(Some("from_flag"), &root);
// then
assert_eq!(
source,
Some(BaseCommitSource::Flag("from_flag".to_string()))
);
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn resolve_expected_base_falls_back_to_file() {
// given
let root = temp_dir();
fs::create_dir_all(&root).expect("create dir");
fs::write(root.join(".claw-base"), "from_file\n").expect("write .claw-base");
// when
let source = resolve_expected_base(None, &root);
// then
assert_eq!(
source,
Some(BaseCommitSource::File("from_file".to_string()))
);
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn resolve_expected_base_returns_none_when_nothing_available() {
// given
let root = temp_dir();
fs::create_dir_all(&root).expect("create dir");
// when
let source = resolve_expected_base(None, &root);
// then
assert!(source.is_none());
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn format_warning_returns_message_for_diverged() {
// given
let state = BaseCommitState::Diverged {
expected: "abc1234".to_string(),
actual: "def5678".to_string(),
};
// when
let warning = format_stale_base_warning(&state);
// then
let message = warning.expect("should produce warning");
assert!(message.contains("abc1234"));
assert!(message.contains("def5678"));
assert!(message.contains("stale codebase"));
}
#[test]
fn format_warning_returns_none_for_matches() {
// given
let state = BaseCommitState::Matches;
// when
let warning = format_stale_base_warning(&state);
// then
assert!(warning.is_none());
}
#[test]
fn format_warning_returns_none_for_no_expected_base() {
// given
let state = BaseCommitState::NoExpectedBase;
// when
let warning = format_stale_base_warning(&state);
// then
assert!(warning.is_none());
}
#[test]
fn matches_with_claw_base_file_in_real_repo() {
// given
let root = temp_dir();
init_repo(&root);
let sha = head_sha(&root);
fs::write(root.join(".claw-base"), format!("{sha}\n")).expect("write .claw-base");
let source = resolve_expected_base(None, &root);
// when
let state = check_base_commit(&root, source.as_ref());
// then
assert_eq!(state, BaseCommitState::Matches);
fs::remove_dir_all(&root).expect("cleanup");
}
#[test]
fn diverged_with_claw_base_file_after_new_commit() {
// given
let root = temp_dir();
init_repo(&root);
let old_sha = head_sha(&root);
fs::write(root.join(".claw-base"), format!("{old_sha}\n")).expect("write .claw-base");
commit_file(&root, "new.txt", "advance head");
let new_sha = head_sha(&root);
let source = resolve_expected_base(None, &root);
// when
let state = check_base_commit(&root, source.as_ref());
// then
assert_eq!(
state,
BaseCommitState::Diverged {
expected: old_sha,
actual: new_sha,
}
);
fs::remove_dir_all(&root).expect("cleanup");
}
}

69
rust/crates/runtime/src/task_packet.rs
View File

@@ -1,11 +1,42 @@
use serde::{Deserialize, Serialize};
use std::fmt::{Display, Formatter};
/// Task scope resolution for defining the granularity of work.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum TaskScope {
/// Work across the entire workspace
Workspace,
/// Work within a specific module/crate
Module,
/// Work on a single file
SingleFile,
/// Custom scope defined by the user
Custom,
}
impl std::fmt::Display for TaskScope {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
match self {
Self::Workspace => write!(f, "workspace"),
Self::Module => write!(f, "module"),
Self::SingleFile => write!(f, "single-file"),
Self::Custom => write!(f, "custom"),
}
}
}
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct TaskPacket {
pub objective: String,
pub scope: String,
pub scope: TaskScope,
/// Optional scope path when scope is `Module`, `SingleFile`, or `Custom`
#[serde(skip_serializing_if = "Option::is_none")]
pub scope_path: Option<String>,
pub repo: String,
/// Worktree path for the task
#[serde(skip_serializing_if = "Option::is_none")]
pub worktree: Option<String>,
pub branch_policy: String,
pub acceptance_tests: Vec<String>,
pub commit_policy: String,
@@ -57,7 +88,6 @@ pub fn validate_packet(packet: TaskPacket) -> Result<ValidatedPacket, TaskPacket
let mut errors = Vec::new();
validate_required("objective", &packet.objective, &mut errors);
validate_required("scope", &packet.scope, &mut errors);
validate_required("repo", &packet.repo, &mut errors);
validate_required("branch_policy", &packet.branch_policy, &mut errors);
validate_required("commit_policy", &packet.commit_policy, &mut errors);
@@ -68,6 +98,9 @@ pub fn validate_packet(packet: TaskPacket) -> Result<ValidatedPacket, TaskPacket
);
validate_required("escalation_policy", &packet.escalation_policy, &mut errors);
// Validate scope-specific requirements
validate_scope_requirements(&packet, &mut errors);
for (index, test) in packet.acceptance_tests.iter().enumerate() {
if test.trim().is_empty() {
errors.push(format!(
@@ -83,6 +116,26 @@ pub fn validate_packet(packet: TaskPacket) -> Result<ValidatedPacket, TaskPacket
}
}
fn validate_scope_requirements(packet: &TaskPacket, errors: &mut Vec<String>) {
// Scope path is required for Module, SingleFile, and Custom scopes
let needs_scope_path = matches!(
packet.scope,
TaskScope::Module | TaskScope::SingleFile | TaskScope::Custom
);
if needs_scope_path
&& packet
.scope_path
.as_ref()
.is_none_or(|p| p.trim().is_empty())
{
errors.push(format!(
"scope_path is required for scope '{}'",
packet.scope
));
}
}
fn validate_required(field: &str, value: &str, errors: &mut Vec<String>) {
if value.trim().is_empty() {
errors.push(format!("{field} must not be empty"));
@@ -96,8 +149,10 @@ mod tests {
fn sample_packet() -> TaskPacket {
TaskPacket {
objective: "Implement typed task packet format".to_string(),
scope: "runtime/task system".to_string(),
scope: TaskScope::Module,
scope_path: Some("runtime/task system".to_string()),
repo: "claw-code-parity".to_string(),
worktree: Some("/tmp/wt-1".to_string()),
branch_policy: "origin/main only".to_string(),
acceptance_tests: vec![
"cargo build --workspace".to_string(),
@@ -119,9 +174,12 @@ mod tests {
#[test]
fn invalid_packet_accumulates_errors() {
use super::TaskScope;
let packet = TaskPacket {
objective: " ".to_string(),
scope: String::new(),
scope: TaskScope::Workspace,
scope_path: None,
worktree: None,
repo: String::new(),
branch_policy: "\t".to_string(),
acceptance_tests: vec!["ok".to_string(), " ".to_string()],
@@ -136,9 +194,6 @@ mod tests {
assert!(error
.errors()
.contains(&"objective must not be empty".to_string()));
assert!(error
.errors()
.contains(&"scope must not be empty".to_string()));
assert!(error
.errors()
.contains(&"repo must not be empty".to_string()));

16
rust/crates/runtime/src/task_registry.rs
View File

@@ -85,11 +85,12 @@ impl TaskRegistry {
packet: TaskPacket,
) -> Result<Task, TaskPacketValidationError> {
let packet = validate_packet(packet)?.into_inner();
Ok(self.create_task(
packet.objective.clone(),
Some(packet.scope.clone()),
Some(packet),
))
// Use scope_path as description if available, otherwise use scope as string
let description = packet
.scope_path
.clone()
.or_else(|| Some(packet.scope.to_string()));
Ok(self.create_task(packet.objective.clone(), description, Some(packet)))
}
fn create_task(
@@ -249,10 +250,13 @@ mod tests {
#[test]
fn creates_task_from_packet() {
use crate::task_packet::TaskScope;
let registry = TaskRegistry::new();
let packet = TaskPacket {
objective: "Ship task packet support".to_string(),
scope: "runtime/task system".to_string(),
scope: TaskScope::Module,
scope_path: Some("runtime/task system".to_string()),
worktree: Some("/tmp/wt-task".to_string()),
repo: "claw-code-parity".to_string(),
branch_policy: "origin/main only".to_string(),
acceptance_tests: vec!["cargo test --workspace".to_string()],

649
rust/crates/runtime/src/worker_boot.rs
View File

@@ -18,6 +18,8 @@ use std::time::{SystemTime, UNIX_EPOCH};
use serde::{Deserialize, Serialize};
use crate::current_boot_session_id;
fn now_secs() -> u64 {
SystemTime::now()
.duration_since(UNIX_EPOCH)
@@ -56,6 +58,7 @@ pub enum WorkerFailureKind {
PromptDelivery,
Protocol,
Provider,
StartupNoEvidence,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
@@ -78,6 +81,7 @@ pub enum WorkerEventKind {
Restarted,
Finished,
Failed,
StartupNoEvidence,
}
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
@@ -92,9 +96,50 @@ pub enum WorkerTrustResolution {
pub enum WorkerPromptTarget {
Shell,
WrongTarget,
WrongTask,
Unknown,
}
/// Classification of startup failure when no evidence is available.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum StartupFailureClassification {
/// Trust prompt is required but not detected/resolved
TrustRequired,
/// Prompt was delivered to wrong target (shell misdelivery)
PromptMisdelivery,
/// Prompt was sent but acceptance timed out
PromptAcceptanceTimeout,
/// Transport layer is dead/unresponsive
TransportDead,
/// Worker process crashed during startup
WorkerCrashed,
/// Cannot determine specific cause
Unknown,
}
/// Evidence bundle collected when worker startup times out without clear evidence.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct StartupEvidenceBundle {
/// Last known worker lifecycle state before timeout
pub last_lifecycle_state: WorkerStatus,
/// The pane/command that was being executed
pub pane_command: String,
/// Timestamp when prompt was sent (if any), unix epoch seconds
#[serde(skip_serializing_if = "Option::is_none")]
pub prompt_sent_at: Option<u64>,
/// Whether prompt acceptance was detected
pub prompt_acceptance_state: bool,
/// Result of trust prompt detection at timeout
pub trust_prompt_detected: bool,
/// Transport health summary (true = healthy/responsive)
pub transport_healthy: bool,
/// MCP health summary (true = all servers healthy)
pub mcp_healthy: bool,
/// Seconds since worker creation
pub elapsed_seconds: u64,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
#[serde(tag = "type", rename_all = "snake_case")]
pub enum WorkerEventPayload {
@@ -108,8 +153,26 @@ pub enum WorkerEventPayload {
observed_target: WorkerPromptTarget,
#[serde(skip_serializing_if = "Option::is_none")]
observed_cwd: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
observed_prompt_preview: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
task_receipt: Option<WorkerTaskReceipt>,
recovery_armed: bool,
},
StartupNoEvidence {
evidence: StartupEvidenceBundle,
classification: StartupFailureClassification,
},
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct WorkerTaskReceipt {
pub repo: String,
pub task_kind: String,
pub source_surface: String,
#[serde(default, skip_serializing_if = "Vec::is_empty")]
pub expected_artifacts: Vec<String>,
pub objective_preview: String,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
@@ -134,6 +197,7 @@ pub struct Worker {
pub prompt_delivery_attempts: u32,
pub prompt_in_flight: bool,
pub last_prompt: Option<String>,
pub expected_receipt: Option<WorkerTaskReceipt>,
pub replay_prompt: Option<String>,
pub last_error: Option<WorkerFailure>,
pub created_at: u64,
@@ -182,6 +246,7 @@ impl WorkerRegistry {
prompt_delivery_attempts: 0,
prompt_in_flight: false,
last_prompt: None,
expected_receipt: None,
replay_prompt: None,
last_error: None,
created_at: ts,
@@ -257,6 +322,7 @@ impl WorkerRegistry {
&lowered,
worker.last_prompt.as_deref(),
&worker.cwd,
worker.expected_receipt.as_ref(),
)
})
.flatten()
@@ -272,6 +338,10 @@ impl WorkerRegistry {
"worker prompt landed in the wrong target instead of {}: {}",
worker.cwd, prompt_preview
),
WorkerPromptTarget::WrongTask => format!(
"worker prompt receipt mismatched the expected task context for {}: {}",
worker.cwd, prompt_preview
),
WorkerPromptTarget::Unknown => format!(
"worker prompt delivery failed before reaching coding agent: {prompt_preview}"
),
@@ -291,6 +361,8 @@ impl WorkerRegistry {
prompt_preview: prompt_preview.clone(),
observed_target: observation.target,
observed_cwd: observation.observed_cwd.clone(),
observed_prompt_preview: observation.observed_prompt_preview.clone(),
task_receipt: worker.expected_receipt.clone(),
recovery_armed: false,
}),
);
@@ -306,6 +378,8 @@ impl WorkerRegistry {
prompt_preview,
observed_target: observation.target,
observed_cwd: observation.observed_cwd,
observed_prompt_preview: observation.observed_prompt_preview,
task_receipt: worker.expected_receipt.clone(),
recovery_armed: true,
}),
);
@@ -374,7 +448,12 @@ impl WorkerRegistry {
Ok(worker.clone())
}
pub fn send_prompt(&self, worker_id: &str, prompt: Option<&str>) -> Result<Worker, String> {
pub fn send_prompt(
&self,
worker_id: &str,
prompt: Option<&str>,
task_receipt: Option<WorkerTaskReceipt>,
) -> Result<Worker, String> {
let mut inner = self.inner.lock().expect("worker registry lock poisoned");
let worker = inner
.workers
@@ -398,6 +477,7 @@ impl WorkerRegistry {
worker.prompt_delivery_attempts += 1;
worker.prompt_in_flight = true;
worker.last_prompt = Some(next_prompt.clone());
worker.expected_receipt = task_receipt;
worker.replay_prompt = None;
worker.last_error = None;
worker.status = WorkerStatus::Running;
@@ -528,6 +608,117 @@ impl WorkerRegistry {
Ok(worker.clone())
}
/// Handle startup timeout by emitting typed `worker.startup_no_evidence` event with evidence bundle.
/// Classifier attempts to down-rank the vague bucket into a specific failure classification.
pub fn observe_startup_timeout(
&self,
worker_id: &str,
pane_command: &str,
transport_healthy: bool,
mcp_healthy: bool,
) -> Result<Worker, String> {
let mut inner = self.inner.lock().expect("worker registry lock poisoned");
let worker = inner
.workers
.get_mut(worker_id)
.ok_or_else(|| format!("worker not found: {worker_id}"))?;
let now = now_secs();
let elapsed = now.saturating_sub(worker.created_at);
// Build evidence bundle
let evidence = StartupEvidenceBundle {
last_lifecycle_state: worker.status,
pane_command: pane_command.to_string(),
prompt_sent_at: if worker.prompt_delivery_attempts > 0 {
Some(worker.updated_at)
} else {
None
},
prompt_acceptance_state: worker.status == WorkerStatus::Running
&& !worker.prompt_in_flight,
trust_prompt_detected: worker
.events
.iter()
.any(|e| e.kind == WorkerEventKind::TrustRequired),
transport_healthy,
mcp_healthy,
elapsed_seconds: elapsed,
};
// Classify the failure
let classification = classify_startup_failure(&evidence);
// Emit failure with evidence
worker.last_error = Some(WorkerFailure {
kind: WorkerFailureKind::StartupNoEvidence,
message: format!(
"worker startup stalled after {elapsed}s — classified as {classification:?}"
),
created_at: now,
});
worker.status = WorkerStatus::Failed;
worker.prompt_in_flight = false;
push_event(
worker,
WorkerEventKind::StartupNoEvidence,
WorkerStatus::Failed,
Some(format!(
"startup timeout with evidence: last_state={:?}, trust_detected={}, prompt_accepted={}",
evidence.last_lifecycle_state,
evidence.trust_prompt_detected,
evidence.prompt_acceptance_state
)),
Some(WorkerEventPayload::StartupNoEvidence {
evidence,
classification,
}),
);
Ok(worker.clone())
}
}
/// Classify startup failure based on evidence bundle.
/// Attempts to down-rank the vague `startup-no-evidence` bucket into a specific failure class.
fn classify_startup_failure(evidence: &StartupEvidenceBundle) -> StartupFailureClassification {
// Check for transport death first
if !evidence.transport_healthy {
return StartupFailureClassification::TransportDead;
}
// Check for trust prompt that wasn't resolved
if evidence.trust_prompt_detected
&& evidence.last_lifecycle_state == WorkerStatus::TrustRequired
{
return StartupFailureClassification::TrustRequired;
}
// Check for prompt acceptance timeout
if evidence.prompt_sent_at.is_some()
&& !evidence.prompt_acceptance_state
&& evidence.last_lifecycle_state == WorkerStatus::Running
{
return StartupFailureClassification::PromptAcceptanceTimeout;
}
// Check for misdelivery when prompt was sent but not accepted
if evidence.prompt_sent_at.is_some()
&& !evidence.prompt_acceptance_state
&& evidence.elapsed_seconds > 30
{
return StartupFailureClassification::PromptMisdelivery;
}
// If MCP is unhealthy but transport is fine, worker may have crashed
if !evidence.mcp_healthy && evidence.transport_healthy {
return StartupFailureClassification::WorkerCrashed;
}
// Default to unknown if no stronger classification exists
StartupFailureClassification::Unknown
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
@@ -548,6 +739,7 @@ fn prompt_misdelivery_is_relevant(worker: &Worker) -> bool {
struct PromptDeliveryObservation {
target: WorkerPromptTarget,
observed_cwd: Option<String>,
observed_prompt_preview: Option<String>,
}
fn push_event(
@@ -560,6 +752,7 @@ fn push_event(
let timestamp = now_secs();
let seq = worker.events.len() as u64 + 1;
worker.updated_at = timestamp;
worker.status = status;
worker.events.push(WorkerEvent {
seq,
kind,
@@ -568,6 +761,52 @@ fn push_event(
payload,
timestamp,
});
emit_state_file(worker);
}
/// Write current worker state to `.claw/worker-state.json` under the worker's cwd.
/// This is the file-based observability surface: external observers (clawhip, orchestrators)
/// poll this file instead of requiring an HTTP route on the opencode binary.
#[derive(serde::Serialize)]
struct StateSnapshot<'a> {
worker_id: &'a str,
session_id: &'a str,
status: WorkerStatus,
is_ready: bool,
trust_gate_cleared: bool,
prompt_in_flight: bool,
last_event: Option<&'a WorkerEvent>,
updated_at: u64,
/// Seconds since last state transition. Clawhip uses this to detect
/// stalled workers without computing epoch deltas.
seconds_since_update: u64,
}
fn emit_state_file(worker: &Worker) {
let state_dir = std::path::Path::new(&worker.cwd).join(".claw");
if std::fs::create_dir_all(&state_dir).is_err() {
return;
}
let state_path = state_dir.join("worker-state.json");
let tmp_path = state_dir.join("worker-state.json.tmp");
let now = now_secs();
let snapshot = StateSnapshot {
worker_id: &worker.worker_id,
session_id: current_boot_session_id(),
status: worker.status,
is_ready: worker.status == WorkerStatus::ReadyForPrompt,
trust_gate_cleared: worker.trust_gate_cleared,
prompt_in_flight: worker.prompt_in_flight,
last_event: worker.events.last(),
updated_at: worker.updated_at,
seconds_since_update: now.saturating_sub(worker.updated_at),
};
if let Ok(json) = serde_json::to_string_pretty(&snapshot) {
let _ = std::fs::write(&tmp_path, json);
let _ = std::fs::rename(&tmp_path, &state_path);
}
}
fn path_matches_allowlist(cwd: &str, trusted_root: &str) -> bool {
@@ -654,6 +893,7 @@ fn detect_prompt_misdelivery(
lowered: &str,
prompt: Option<&str>,
expected_cwd: &str,
expected_receipt: Option<&WorkerTaskReceipt>,
) -> Option<PromptDeliveryObservation> {
let Some(prompt) = prompt else {
return None;
@@ -668,12 +908,30 @@ fn detect_prompt_misdelivery(
return None;
}
let prompt_visible = lowered.contains(&prompt_snippet);
let observed_prompt_preview = detect_prompt_echo(screen_text);
if let Some(receipt) = expected_receipt {
let receipt_visible = task_receipt_visible(lowered, receipt);
let mismatched_prompt_visible = observed_prompt_preview
.as_deref()
.map(str::to_ascii_lowercase)
.is_some_and(|preview| !preview.contains(&prompt_snippet));
if (prompt_visible || mismatched_prompt_visible) && !receipt_visible {
return Some(PromptDeliveryObservation {
target: WorkerPromptTarget::WrongTask,
observed_cwd: detect_observed_shell_cwd(screen_text),
observed_prompt_preview,
});
}
}
if let Some(observed_cwd) = detect_observed_shell_cwd(screen_text) {
if prompt_visible && !cwd_matches_observed_target(expected_cwd, &observed_cwd) {
return Some(PromptDeliveryObservation {
target: WorkerPromptTarget::WrongTarget,
observed_cwd: Some(observed_cwd),
observed_prompt_preview,
});
}
}
@@ -691,6 +949,7 @@ fn detect_prompt_misdelivery(
(shell_error && prompt_visible).then_some(PromptDeliveryObservation {
target: WorkerPromptTarget::Shell,
observed_cwd: None,
observed_prompt_preview,
})
}
@@ -703,10 +962,38 @@ fn prompt_preview(prompt: &str) -> String {
format!("{}", preview.trim_end())
}
fn detect_prompt_echo(screen_text: &str) -> Option<String> {
screen_text.lines().find_map(|line| {
line.trim_start()
.strip_prefix('')
.map(str::trim)
.filter(|value| !value.is_empty())
.map(str::to_string)
})
}
fn task_receipt_visible(lowered_screen_text: &str, receipt: &WorkerTaskReceipt) -> bool {
let expected_tokens = [
receipt.repo.to_ascii_lowercase(),
receipt.task_kind.to_ascii_lowercase(),
receipt.source_surface.to_ascii_lowercase(),
receipt.objective_preview.to_ascii_lowercase(),
];
expected_tokens
.iter()
.all(|token| lowered_screen_text.contains(token))
&& receipt
.expected_artifacts
.iter()
.all(|artifact| lowered_screen_text.contains(&artifact.to_ascii_lowercase()))
}
fn prompt_misdelivery_detail(observation: &PromptDeliveryObservation) -> &'static str {
match observation.target {
WorkerPromptTarget::Shell => "shell misdelivery detected",
WorkerPromptTarget::WrongTarget => "prompt landed in wrong target",
WorkerPromptTarget::WrongTask => "prompt receipt mismatched expected task context",
WorkerPromptTarget::Unknown => "prompt delivery failure detected",
}
}
@@ -820,7 +1107,7 @@ mod tests {
WorkerFailureKind::TrustGate
);
let send_before_resolve = registry.send_prompt(&worker.worker_id, Some("ship it"));
let send_before_resolve = registry.send_prompt(&worker.worker_id, Some("ship it"), None);
assert!(send_before_resolve
.expect_err("prompt delivery should be gated")
.contains("not ready for prompt delivery"));
@@ -860,7 +1147,7 @@ mod tests {
.expect("ready observe should succeed");
let running = registry
.send_prompt(&worker.worker_id, Some("Implement worker handshake"))
.send_prompt(&worker.worker_id, Some("Implement worker handshake"), None)
.expect("prompt send should succeed");
assert_eq!(running.status, WorkerStatus::Running);
assert_eq!(running.prompt_delivery_attempts, 1);
@@ -896,6 +1183,8 @@ mod tests {
prompt_preview: "Implement worker handshake".to_string(),
observed_target: WorkerPromptTarget::Shell,
observed_cwd: None,
observed_prompt_preview: None,
task_receipt: None,
recovery_armed: false,
})
);
@@ -911,12 +1200,14 @@ mod tests {
prompt_preview: "Implement worker handshake".to_string(),
observed_target: WorkerPromptTarget::Shell,
observed_cwd: None,
observed_prompt_preview: None,
task_receipt: None,
recovery_armed: true,
})
);
let replayed = registry
.send_prompt(&worker.worker_id, None)
.send_prompt(&worker.worker_id, None, None)
.expect("replay send should succeed");
assert_eq!(replayed.status, WorkerStatus::Running);
assert!(replayed.replay_prompt.is_none());
@@ -931,7 +1222,11 @@ mod tests {
.observe(&worker.worker_id, "Ready for input\n>")
.expect("ready observe should succeed");
registry
.send_prompt(&worker.worker_id, Some("Run the worker bootstrap tests"))
.send_prompt(
&worker.worker_id,
Some("Run the worker bootstrap tests"),
None,
)
.expect("prompt send should succeed");
let recovered = registry
@@ -962,6 +1257,8 @@ mod tests {
prompt_preview: "Run the worker bootstrap tests".to_string(),
observed_target: WorkerPromptTarget::WrongTarget,
observed_cwd: Some("/tmp/repo-target-b".to_string()),
observed_prompt_preview: None,
task_receipt: None,
recovery_armed: false,
})
);
@@ -1004,6 +1301,75 @@ mod tests {
assert!(ready.last_error.is_none());
}
#[test]
fn wrong_task_receipt_mismatch_is_detected_before_execution_continues() {
let registry = WorkerRegistry::new();
let worker = registry.create("/tmp/repo-task", &[], true);
registry
.observe(&worker.worker_id, "Ready for input\n>")
.expect("ready observe should succeed");
registry
.send_prompt(
&worker.worker_id,
Some("Implement worker handshake"),
Some(WorkerTaskReceipt {
repo: "claw-code".to_string(),
task_kind: "repo_code".to_string(),
source_surface: "omx_team".to_string(),
expected_artifacts: vec!["patch".to_string(), "tests".to_string()],
objective_preview: "Implement worker handshake".to_string(),
}),
)
.expect("prompt send should succeed");
let recovered = registry
.observe(
&worker.worker_id,
" Explain this KakaoTalk screenshot for a friend\nI can help analyze the screenshot…",
)
.expect("mismatch observe should succeed");
assert_eq!(recovered.status, WorkerStatus::ReadyForPrompt);
assert_eq!(
recovered
.last_error
.expect("mismatch error should exist")
.kind,
WorkerFailureKind::PromptDelivery
);
let mismatch = recovered
.events
.iter()
.find(|event| event.kind == WorkerEventKind::PromptMisdelivery)
.expect("wrong-task event should exist");
assert_eq!(mismatch.status, WorkerStatus::Failed);
assert_eq!(
mismatch.payload,
Some(WorkerEventPayload::PromptDelivery {
prompt_preview: "Implement worker handshake".to_string(),
observed_target: WorkerPromptTarget::WrongTask,
observed_cwd: None,
observed_prompt_preview: Some(
"Explain this KakaoTalk screenshot for a friend".to_string()
),
task_receipt: Some(WorkerTaskReceipt {
repo: "claw-code".to_string(),
task_kind: "repo_code".to_string(),
source_surface: "omx_team".to_string(),
expected_artifacts: vec!["patch".to_string(), "tests".to_string()],
objective_preview: "Implement worker handshake".to_string(),
}),
recovery_armed: false,
})
);
let replay = recovered
.events
.iter()
.find(|event| event.kind == WorkerEventKind::PromptReplayArmed)
.expect("replay event should exist");
assert_eq!(replay.status, WorkerStatus::ReadyForPrompt);
}
#[test]
fn restart_and_terminate_reset_or_finish_worker() {
let registry = WorkerRegistry::new();
@@ -1012,7 +1378,7 @@ mod tests {
.observe(&worker.worker_id, "Ready for input\n>")
.expect("ready observe should succeed");
registry
.send_prompt(&worker.worker_id, Some("Run tests"))
.send_prompt(&worker.worker_id, Some("Run tests"), None)
.expect("prompt send should succeed");
let restarted = registry
@@ -1041,7 +1407,7 @@ mod tests {
.observe(&worker.worker_id, "Ready for input\n>")
.expect("ready observe should succeed");
registry
.send_prompt(&worker.worker_id, Some("Run tests"))
.send_prompt(&worker.worker_id, Some("Run tests"), None)
.expect("prompt send should succeed");
let failed = registry
@@ -1058,6 +1424,62 @@ mod tests {
.any(|event| event.kind == WorkerEventKind::Failed));
}
#[test]
fn emit_state_file_writes_worker_status_on_transition() {
let cwd_path = std::env::temp_dir().join(format!(
"claw-state-test-{}",
std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap_or_default()
.as_nanos()
));
std::fs::create_dir_all(&cwd_path).expect("test dir should create");
let cwd = cwd_path.to_str().expect("test path should be utf8");
let registry = WorkerRegistry::new();
let worker = registry.create(cwd, &[], true);
// After create the worker is Spawning — state file should exist
let state_path = cwd_path.join(".claw").join("worker-state.json");
assert!(
state_path.exists(),
"state file should exist after worker creation"
);
let raw = std::fs::read_to_string(&state_path).expect("state file should be readable");
let value: serde_json::Value =
serde_json::from_str(&raw).expect("state file should be valid JSON");
assert_eq!(
value["status"].as_str(),
Some("spawning"),
"initial status should be spawning"
);
assert_eq!(
value["session_id"].as_str(),
Some(current_boot_session_id())
);
assert_eq!(value["is_ready"].as_bool(), Some(false));
// Transition to ReadyForPrompt by observing trust-cleared text
registry
.observe(&worker.worker_id, "Ready for input\n>")
.expect("observe ready should succeed");
let raw = std::fs::read_to_string(&state_path)
.expect("state file should be readable after observe");
let value: serde_json::Value =
serde_json::from_str(&raw).expect("state file should be valid JSON after observe");
assert_eq!(
value["status"].as_str(),
Some("ready_for_prompt"),
"status should be ready_for_prompt after observe"
);
assert_eq!(
value["is_ready"].as_bool(),
Some(true),
"is_ready should be true when ReadyForPrompt"
);
}
#[test]
fn observe_completion_accepts_normal_finish_with_tokens() {
let registry = WorkerRegistry::new();
@@ -1066,7 +1488,7 @@ mod tests {
.observe(&worker.worker_id, "Ready for input\n>")
.expect("ready observe should succeed");
registry
.send_prompt(&worker.worker_id, Some("Run tests"))
.send_prompt(&worker.worker_id, Some("Run tests"), None)
.expect("prompt send should succeed");
let finished = registry
@@ -1080,4 +1502,215 @@ mod tests {
.iter()
.any(|event| event.kind == WorkerEventKind::Finished));
}
#[test]
fn startup_timeout_emits_evidence_bundle_with_classification() {
let registry = WorkerRegistry::new();
let worker = registry.create("/tmp/repo-timeout", &[], true);
// Simulate startup timeout with transport dead
let timed_out = registry
.observe_startup_timeout(&worker.worker_id, "cargo test", false, true)
.expect("startup timeout observe should succeed");
assert_eq!(timed_out.status, WorkerStatus::Failed);
let error = timed_out
.last_error
.expect("startup timeout error should exist");
assert_eq!(error.kind, WorkerFailureKind::StartupNoEvidence);
// Check for "TransportDead" (the Debug representation of the enum variant)
assert!(
error.message.contains("TransportDead"),
"expected TransportDead in: {}",
error.message
);
let event = timed_out
.events
.iter()
.find(|e| e.kind == WorkerEventKind::StartupNoEvidence)
.expect("startup no evidence event should exist");
match event.payload.as_ref() {
Some(WorkerEventPayload::StartupNoEvidence {
evidence,
classification,
}) => {
assert_eq!(
evidence.last_lifecycle_state,
WorkerStatus::Spawning,
"last state should be spawning"
);
assert_eq!(evidence.pane_command, "cargo test");
assert!(!evidence.transport_healthy);
assert!(evidence.mcp_healthy);
assert_eq!(*classification, StartupFailureClassification::TransportDead);
}
_ => panic!(
"expected StartupNoEvidence payload, got {:?}",
event.payload
),
}
}
#[test]
fn startup_timeout_classifies_trust_required_when_prompt_blocked() {
let registry = WorkerRegistry::new();
let worker = registry.create("/tmp/repo-trust", &[], false);
// Simulate trust prompt detected but not resolved
registry
.observe(
&worker.worker_id,
"Do you trust the files in this folder?\n1. Yes, proceed\n2. No",
)
.expect("trust observe should succeed");
// Now simulate startup timeout
let timed_out = registry
.observe_startup_timeout(&worker.worker_id, "claw prompt", true, true)
.expect("startup timeout observe should succeed");
let event = timed_out
.events
.iter()
.find(|e| e.kind == WorkerEventKind::StartupNoEvidence)
.expect("startup no evidence event should exist");
match event.payload.as_ref() {
Some(WorkerEventPayload::StartupNoEvidence { classification, .. }) => {
assert_eq!(
*classification,
StartupFailureClassification::TrustRequired,
"should classify as trust_required when trust prompt detected"
);
}
_ => panic!("expected StartupNoEvidence payload"),
}
}
#[test]
fn startup_timeout_classifies_prompt_acceptance_timeout() {
let registry = WorkerRegistry::new();
let worker = registry.create("/tmp/repo-accept", &[], true);
// Get worker to ReadyForPrompt
registry
.observe(&worker.worker_id, "Ready for your input\n>")
.expect("ready observe should succeed");
// Send prompt but don't get acceptance
registry
.send_prompt(&worker.worker_id, Some("Run tests"), None)
.expect("prompt send should succeed");
// Simulate startup timeout while prompt is still in flight
let timed_out = registry
.observe_startup_timeout(&worker.worker_id, "claw prompt", true, true)
.expect("startup timeout observe should succeed");
let event = timed_out
.events
.iter()
.find(|e| e.kind == WorkerEventKind::StartupNoEvidence)
.expect("startup no evidence event should exist");
match event.payload.as_ref() {
Some(WorkerEventPayload::StartupNoEvidence {
evidence,
classification,
}) => {
assert!(
evidence.prompt_sent_at.is_some(),
"should have prompt_sent_at"
);
assert!(!evidence.prompt_acceptance_state, "prompt not yet accepted");
assert_eq!(
*classification,
StartupFailureClassification::PromptAcceptanceTimeout
);
}
_ => panic!("expected StartupNoEvidence payload"),
}
}
#[test]
fn startup_evidence_bundle_serializes_correctly() {
let bundle = StartupEvidenceBundle {
last_lifecycle_state: WorkerStatus::Running,
pane_command: "test command".to_string(),
prompt_sent_at: Some(1_234_567_890),
prompt_acceptance_state: false,
trust_prompt_detected: true,
transport_healthy: true,
mcp_healthy: false,
elapsed_seconds: 60,
};
let json = serde_json::to_string(&bundle).expect("should serialize");
assert!(json.contains("\"last_lifecycle_state\""));
assert!(json.contains("\"pane_command\""));
assert!(json.contains("\"prompt_sent_at\":1234567890"));
assert!(json.contains("\"trust_prompt_detected\":true"));
assert!(json.contains("\"transport_healthy\":true"));
assert!(json.contains("\"mcp_healthy\":false"));
let deserialized: StartupEvidenceBundle =
serde_json::from_str(&json).expect("should deserialize");
assert_eq!(deserialized.last_lifecycle_state, WorkerStatus::Running);
assert_eq!(deserialized.prompt_sent_at, Some(1_234_567_890));
}
#[test]
fn classify_startup_failure_detects_transport_dead() {
let evidence = StartupEvidenceBundle {
last_lifecycle_state: WorkerStatus::Spawning,
pane_command: "test".to_string(),
prompt_sent_at: None,
prompt_acceptance_state: false,
trust_prompt_detected: false,
transport_healthy: false,
mcp_healthy: true,
elapsed_seconds: 30,
};
let classification = classify_startup_failure(&evidence);
assert_eq!(classification, StartupFailureClassification::TransportDead);
}
#[test]
fn classify_startup_failure_defaults_to_unknown() {
let evidence = StartupEvidenceBundle {
last_lifecycle_state: WorkerStatus::Spawning,
pane_command: "test".to_string(),
prompt_sent_at: None,
prompt_acceptance_state: false,
trust_prompt_detected: false,
transport_healthy: true,
mcp_healthy: true,
elapsed_seconds: 10,
};
let classification = classify_startup_failure(&evidence);
assert_eq!(classification, StartupFailureClassification::Unknown);
}
#[test]
fn classify_startup_failure_detects_worker_crashed() {
// Worker crashed scenario: transport healthy but MCP unhealthy
// Don't have prompt in flight (no prompt_sent_at) to avoid matching PromptAcceptanceTimeout
let evidence = StartupEvidenceBundle {
last_lifecycle_state: WorkerStatus::Spawning,
pane_command: "test".to_string(),
prompt_sent_at: None, // No prompt sent yet
prompt_acceptance_state: false,
trust_prompt_detected: false,
transport_healthy: true,
mcp_healthy: false, // MCP unhealthy but transport healthy suggests crash
elapsed_seconds: 45,
};
let classification = classify_startup_failure(&evidence);
assert_eq!(classification, StartupFailureClassification::WorkerCrashed);
}
}

2
rust/crates/runtime/tests/integration_tests.rs
View File

@@ -304,7 +304,7 @@ fn worker_provider_failure_flows_through_recovery_to_policy() {
.observe(&worker.worker_id, "Ready for your input\n>")
.expect("ready observe should succeed");
registry
.send_prompt(&worker.worker_id, Some("Run analysis"))
.send_prompt(&worker.worker_id, Some("Run analysis"), None)
.expect("prompt send should succeed");
// Session completes with provider failure (finish="unknown", tokens=0)

57
rust/crates/rusty-claude-cli/build.rs Normal file
View File

@@ -0,0 +1,57 @@
use std::env;
use std::process::Command;
fn main() {
// Get git SHA (short hash)
let git_sha = Command::new("git")
.args(["rev-parse", "--short", "HEAD"])
.output()
.ok()
.and_then(|output| {
if output.status.success() {
String::from_utf8(output.stdout).ok()
} else {
None
}
})
.map_or_else(|| "unknown".to_string(), |s| s.trim().to_string());
println!("cargo:rustc-env=GIT_SHA={git_sha}");
// TARGET is always set by Cargo during build
let target = env::var("TARGET").unwrap_or_else(|_| "unknown".to_string());
println!("cargo:rustc-env=TARGET={target}");
// Build date from SOURCE_DATE_EPOCH (reproducible builds) or current UTC date.
// Intentionally ignoring time component to keep output deterministic within a day.
let build_date = std::env::var("SOURCE_DATE_EPOCH")
.ok()
.and_then(|epoch| epoch.parse::<i64>().ok())
.map(|_ts| {
// Use SOURCE_DATE_EPOCH to derive date via chrono if available;
// for simplicity we just use the env var as a signal and fall back
// to build-time env. In practice CI sets this via workflow.
std::env::var("BUILD_DATE").unwrap_or_else(|_| "unknown".to_string())
})
.or_else(|| std::env::var("BUILD_DATE").ok())
.unwrap_or_else(|| {
// Fall back to current date via `date` command
Command::new("date")
.args(["+%Y-%m-%d"])
.output()
.ok()
.and_then(|o| {
if o.status.success() {
String::from_utf8(o.stdout).ok()
} else {
None
}
})
.map_or_else(|| "unknown".to_string(), |s| s.trim().to_string())
});
println!("cargo:rustc-env=BUILD_DATE={build_date}");
// Rerun if git state changes
println!("cargo:rerun-if-changed=.git/HEAD");
println!("cargo:rerun-if-changed=.git/refs");
}

4
rust/crates/rusty-claude-cli/src/init.rs
View File

@@ -9,7 +9,7 @@ const STARTER_CLAW_JSON: &str = concat!(
"}\n",
);
const GITIGNORE_COMMENT: &str = "# Claw Code local artifacts";
const GITIGNORE_ENTRIES: [&str; 2] = [".claw/settings.local.json", ".claw/sessions/"];
const GITIGNORE_ENTRIES: [&str; 3] = [".claw/settings.local.json", ".claw/sessions/", ".clawhip/"];
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub(crate) enum InitStatus {
@@ -375,6 +375,7 @@ mod tests {
let gitignore = fs::read_to_string(root.join(".gitignore")).expect("read gitignore");
assert!(gitignore.contains(".claw/settings.local.json"));
assert!(gitignore.contains(".claw/sessions/"));
assert!(gitignore.contains(".clawhip/"));
let claude_md = fs::read_to_string(root.join("CLAUDE.md")).expect("read claude md");
assert!(claude_md.contains("Languages: Rust."));
assert!(claude_md.contains("cargo clippy --workspace --all-targets -- -D warnings"));
@@ -407,6 +408,7 @@ mod tests {
let gitignore = fs::read_to_string(root.join(".gitignore")).expect("read gitignore");
assert_eq!(gitignore.matches(".claw/settings.local.json").count(), 1);
assert_eq!(gitignore.matches(".claw/sessions/").count(), 1);
assert_eq!(gitignore.matches(".clawhip/").count(), 1);
fs::remove_dir_all(root).expect("cleanup temp dir");
}

4054
rust/crates/rusty-claude-cli/src/main.rs
View File

File diff suppressed because it is too large Load Diff

290
rust/crates/rusty-claude-cli/src/render.rs
View File

@@ -249,13 +249,14 @@ impl TerminalRenderer {
#[must_use]
pub fn render_markdown(&self, markdown: &str) -> String {
let normalized = normalize_nested_fences(markdown);
let mut output = String::new();
let mut state = RenderState::default();
let mut code_language = String::new();
let mut code_buffer = String::new();
let mut in_code_block = false;
for event in Parser::new_ext(markdown, Options::all()) {
for event in Parser::new_ext(&normalized, Options::all()) {
self.render_event(
event,
&mut state,
@@ -634,8 +635,186 @@ fn apply_code_block_background(line: &str) -> String {
format!("\u{1b}[48;5;236m{with_background}\u{1b}[0m{trailing_newline}")
}
/// Pre-process raw markdown so that fenced code blocks whose body contains
/// fence markers of equal or greater length are wrapped with a longer fence.
///
/// LLMs frequently emit triple-backtick code blocks that contain triple-backtick
/// examples. `CommonMark` (and pulldown-cmark) treats the inner marker as the
/// closing fence, breaking the render. This function detects the situation and
/// upgrades the outer fence to use enough backticks (or tildes) that the inner
/// markers become ordinary content.
#[allow(
clippy::too_many_lines,
clippy::items_after_statements,
clippy::manual_repeat_n,
clippy::manual_str_repeat
)]
fn normalize_nested_fences(markdown: &str) -> String {
// A fence line is either "labeled" (has an info string ⇒ always an opener)
// or "bare" (no info string ⇒ could be opener or closer).
#[derive(Debug, Clone)]
struct FenceLine {
char: char,
len: usize,
has_info: bool,
indent: usize,
}
fn parse_fence_line(line: &str) -> Option<FenceLine> {
let trimmed = line.trim_end_matches('\n').trim_end_matches('\r');
let indent = trimmed.chars().take_while(|c| *c == ' ').count();
if indent > 3 {
return None;
}
let rest = &trimmed[indent..];
let ch = rest.chars().next()?;
if ch != '`' && ch != '~' {
return None;
}
let len = rest.chars().take_while(|c| *c == ch).count();
if len < 3 {
return None;
}
let after = &rest[len..];
if ch == '`' && after.contains('`') {
return None;
}
let has_info = !after.trim().is_empty();
Some(FenceLine {
char: ch,
len,
has_info,
indent,
})
}
let lines: Vec<&str> = markdown.split_inclusive('\n').collect();
// Handle final line that may lack trailing newline.
// split_inclusive already keeps the original chunks, including a
// final chunk without '\n' if the input doesn't end with one.
// First pass: classify every line.
let fence_info: Vec<Option<FenceLine>> = lines.iter().map(|l| parse_fence_line(l)).collect();
// Second pass: pair openers with closers using a stack, recording
// (opener_idx, closer_idx) pairs plus the max fence length found between
// them.
struct StackEntry {
line_idx: usize,
fence: FenceLine,
}
let mut stack: Vec<StackEntry> = Vec::new();
// Paired blocks: (opener_line, closer_line, max_inner_fence_len)
let mut pairs: Vec<(usize, usize, usize)> = Vec::new();
for (i, fi) in fence_info.iter().enumerate() {
let Some(fl) = fi else { continue };
if fl.has_info {
// Labeled fence ⇒ always an opener.
stack.push(StackEntry {
line_idx: i,
fence: fl.clone(),
});
} else {
// Bare fence ⇒ try to close the top of the stack if compatible.
let closes_top = stack
.last()
.is_some_and(|top| top.fence.char == fl.char && fl.len >= top.fence.len);
if closes_top {
let opener = stack.pop().unwrap();
// Find max fence length of any fence line strictly between
// opener and closer (these are the nested fences).
let inner_max = fence_info[opener.line_idx + 1..i]
.iter()
.filter_map(|fi| fi.as_ref().map(|f| f.len))
.max()
.unwrap_or(0);
pairs.push((opener.line_idx, i, inner_max));
} else {
// Treat as opener.
stack.push(StackEntry {
line_idx: i,
fence: fl.clone(),
});
}
}
}
// Determine which lines need rewriting. A pair needs rewriting when
// its opener length <= max inner fence length.
struct Rewrite {
char: char,
new_len: usize,
indent: usize,
}
let mut rewrites: std::collections::HashMap<usize, Rewrite> = std::collections::HashMap::new();
for (opener_idx, closer_idx, inner_max) in &pairs {
let opener_fl = fence_info[*opener_idx].as_ref().unwrap();
if opener_fl.len <= *inner_max {
let new_len = inner_max + 1;
let info_part = {
let trimmed = lines[*opener_idx]
.trim_end_matches('\n')
.trim_end_matches('\r');
let rest = &trimmed[opener_fl.indent..];
rest[opener_fl.len..].to_string()
};
rewrites.insert(
*opener_idx,
Rewrite {
char: opener_fl.char,
new_len,
indent: opener_fl.indent,
},
);
let closer_fl = fence_info[*closer_idx].as_ref().unwrap();
rewrites.insert(
*closer_idx,
Rewrite {
char: closer_fl.char,
new_len,
indent: closer_fl.indent,
},
);
// Store info string only in the opener; closer keeps the trailing
// portion which is already handled through the original line.
// Actually, we rebuild both lines from scratch below, including
// the info string for the opener.
let _ = info_part; // consumed in rebuild
}
}
if rewrites.is_empty() {
return markdown.to_string();
}
// Rebuild.
let mut out = String::with_capacity(markdown.len() + rewrites.len() * 4);
for (i, line) in lines.iter().enumerate() {
if let Some(rw) = rewrites.get(&i) {
let fence_str: String = std::iter::repeat(rw.char).take(rw.new_len).collect();
let indent_str: String = std::iter::repeat(' ').take(rw.indent).collect();
// Recover the original info string (if any) and trailing newline.
let trimmed = line.trim_end_matches('\n').trim_end_matches('\r');
let fi = fence_info[i].as_ref().unwrap();
let info = &trimmed[fi.indent + fi.len..];
let trailing = &line[trimmed.len()..];
out.push_str(&indent_str);
out.push_str(&fence_str);
out.push_str(info);
out.push_str(trailing);
} else {
out.push_str(line);
}
}
out
}
fn find_stream_safe_boundary(markdown: &str) -> Option<usize> {
let mut in_fence = false;
let mut open_fence: Option<FenceMarker> = None;
let mut last_boundary = None;
for (offset, line) in markdown.split_inclusive('\n').scan(0usize, |cursor, line| {
@@ -643,20 +822,21 @@ fn find_stream_safe_boundary(markdown: &str) -> Option<usize> {
*cursor += line.len();
Some((start, line))
}) {
let trimmed = line.trim_start();
if trimmed.starts_with("```") || trimmed.starts_with("~~~") {
in_fence = !in_fence;
if !in_fence {
let line_without_newline = line.trim_end_matches('\n');
if let Some(opener) = open_fence {
if line_closes_fence(line_without_newline, opener) {
open_fence = None;
last_boundary = Some(offset + line.len());
}
continue;
}
if in_fence {
if let Some(opener) = parse_fence_opener(line_without_newline) {
open_fence = Some(opener);
continue;
}
if trimmed.is_empty() {
if line_without_newline.trim().is_empty() {
last_boundary = Some(offset + line.len());
}
}
@@ -664,6 +844,46 @@ fn find_stream_safe_boundary(markdown: &str) -> Option<usize> {
last_boundary
}
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
struct FenceMarker {
character: char,
length: usize,
}
fn parse_fence_opener(line: &str) -> Option<FenceMarker> {
let indent = line.chars().take_while(|c| *c == ' ').count();
if indent > 3 {
return None;
}
let rest = &line[indent..];
let character = rest.chars().next()?;
if character != '`' && character != '~' {
return None;
}
let length = rest.chars().take_while(|c| *c == character).count();
if length < 3 {
return None;
}
let info_string = &rest[length..];
if character == '`' && info_string.contains('`') {
return None;
}
Some(FenceMarker { character, length })
}
fn line_closes_fence(line: &str, opener: FenceMarker) -> bool {
let indent = line.chars().take_while(|c| *c == ' ').count();
if indent > 3 {
return false;
}
let rest = &line[indent..];
let length = rest.chars().take_while(|c| *c == opener.character).count();
if length < opener.length {
return false;
}
rest[length..].chars().all(|c| c == ' ' || c == '\t')
}
fn visible_width(input: &str) -> usize {
strip_ansi(input).chars().count()
}
@@ -778,6 +998,60 @@ mod tests {
assert!(strip_ansi(&code).contains("fn main()"));
}
#[test]
fn streaming_state_holds_outer_fence_with_nested_inner_fence() {
let renderer = TerminalRenderer::new();
let mut state = MarkdownStreamState::default();
assert_eq!(
state.push(&renderer, "````markdown\n```rust\nfn inner() {}\n"),
None,
"inner triple backticks must not close the outer four-backtick fence"
);
assert_eq!(
state.push(&renderer, "```\n"),
None,
"closing the inner fence must not flush the outer fence"
);
let flushed = state
.push(&renderer, "````\n")
.expect("closing the outer four-backtick fence flushes the buffered block");
let plain_text = strip_ansi(&flushed);
assert!(plain_text.contains("fn inner()"));
assert!(plain_text.contains("```rust"));
}
#[test]
fn streaming_state_distinguishes_backtick_and_tilde_fences() {
let renderer = TerminalRenderer::new();
let mut state = MarkdownStreamState::default();
assert_eq!(state.push(&renderer, "~~~text\n"), None);
assert_eq!(
state.push(&renderer, "```\nstill inside tilde fence\n"),
None,
"a backtick fence cannot close a tilde-opened fence"
);
assert_eq!(state.push(&renderer, "```\n"), None);
let flushed = state
.push(&renderer, "~~~\n")
.expect("matching tilde marker closes the fence");
let plain_text = strip_ansi(&flushed);
assert!(plain_text.contains("still inside tilde fence"));
}
#[test]
fn renders_nested_fenced_code_block_preserves_inner_markers() {
let terminal_renderer = TerminalRenderer::new();
let markdown_output =
terminal_renderer.markdown_to_ansi("````markdown\n```rust\nfn nested() {}\n```\n````");
let plain_text = strip_ansi(&markdown_output);
assert!(plain_text.contains("╭─ markdown"));
assert!(plain_text.contains("```rust"));
assert!(plain_text.contains("fn nested()"));
}
#[test]
fn spinner_advances_frames() {
let terminal_renderer = TerminalRenderer::new();

2
rust/crates/rusty-claude-cli/tests/cli_flags_and_config_defaults.rs
View File

@@ -266,7 +266,7 @@ fn command_in(cwd: &Path) -> Command {
fn write_session(root: &Path, label: &str) -> PathBuf {
let session_path = root.join(format!("{label}.jsonl"));
let mut session = Session::new();
let mut session = Session::new().with_workspace_root(root.to_path_buf());
session
.push_user_text(format!("session fixture for {label}"))
.expect("session write should succeed");

159
rust/crates/rusty-claude-cli/tests/compact_output.rs Normal file
View File

@@ -0,0 +1,159 @@
use std::fs;
use std::path::PathBuf;
use std::process::{Command, Output};
use std::sync::atomic::{AtomicU64, Ordering};
use std::time::{SystemTime, UNIX_EPOCH};
use mock_anthropic_service::{MockAnthropicService, SCENARIO_PREFIX};
static TEMP_COUNTER: AtomicU64 = AtomicU64::new(0);
#[test]
fn compact_flag_prints_only_final_assistant_text_without_tool_call_details() {
// given a workspace pointed at the mock Anthropic service and a fixture file
// that the read_file_roundtrip scenario will fetch through a tool call
let runtime = tokio::runtime::Runtime::new().expect("tokio runtime should build");
let server = runtime
.block_on(MockAnthropicService::spawn())
.expect("mock service should start");
let base_url = server.base_url();
let workspace = unique_temp_dir("compact-read-file");
let config_home = workspace.join("config-home");
let home = workspace.join("home");
fs::create_dir_all(&workspace).expect("workspace should exist");
fs::create_dir_all(&config_home).expect("config home should exist");
fs::create_dir_all(&home).expect("home should exist");
fs::write(workspace.join("fixture.txt"), "alpha parity line\n").expect("fixture should write");
// when we run claw in compact text mode against a tool-using scenario
let prompt = format!("{SCENARIO_PREFIX}read_file_roundtrip");
let output = run_claw(
&workspace,
&config_home,
&home,
&base_url,
&[
"--model",
"sonnet",
"--permission-mode",
"read-only",
"--allowedTools",
"read_file",
"--compact",
&prompt,
],
);
// then the command exits successfully and stdout contains exactly the final
// assistant text with no tool call IDs, JSON envelopes, or spinner output
assert!(
output.status.success(),
"compact run should succeed\nstdout:\n{}\n\nstderr:\n{}",
String::from_utf8_lossy(&output.stdout),
String::from_utf8_lossy(&output.stderr),
);
let stdout = String::from_utf8(output.stdout).expect("stdout should be utf8");
let trimmed = stdout.trim_end_matches('\n');
assert_eq!(
trimmed, "read_file roundtrip complete: alpha parity line",
"compact stdout should contain only the final assistant text"
);
assert!(
!stdout.contains("toolu_"),
"compact stdout must not leak tool_use_id ({stdout:?})"
);
assert!(
!stdout.contains("\"tool_uses\""),
"compact stdout must not leak json envelopes ({stdout:?})"
);
assert!(
!stdout.contains("Thinking"),
"compact stdout must not include the spinner banner ({stdout:?})"
);
fs::remove_dir_all(&workspace).expect("workspace cleanup should succeed");
}
#[test]
fn compact_flag_streaming_text_only_emits_final_message_text() {
// given a workspace pointed at the mock Anthropic service running the
// streaming_text scenario which only emits a single assistant text block
let runtime = tokio::runtime::Runtime::new().expect("tokio runtime should build");
let server = runtime
.block_on(MockAnthropicService::spawn())
.expect("mock service should start");
let base_url = server.base_url();
let workspace = unique_temp_dir("compact-streaming-text");
let config_home = workspace.join("config-home");
let home = workspace.join("home");
fs::create_dir_all(&workspace).expect("workspace should exist");
fs::create_dir_all(&config_home).expect("config home should exist");
fs::create_dir_all(&home).expect("home should exist");
// when we invoke claw with --compact for the streaming text scenario
let prompt = format!("{SCENARIO_PREFIX}streaming_text");
let output = run_claw(
&workspace,
&config_home,
&home,
&base_url,
&[
"--model",
"sonnet",
"--permission-mode",
"read-only",
"--compact",
&prompt,
],
);
// then stdout should be exactly the assistant text followed by a newline
assert!(
output.status.success(),
"compact streaming run should succeed\nstdout:\n{}\n\nstderr:\n{}",
String::from_utf8_lossy(&output.stdout),
String::from_utf8_lossy(&output.stderr),
);
let stdout = String::from_utf8(output.stdout).expect("stdout should be utf8");
assert_eq!(
stdout, "Mock streaming says hello from the parity harness.\n",
"compact streaming stdout should contain only the final assistant text"
);
fs::remove_dir_all(&workspace).expect("workspace cleanup should succeed");
}
fn run_claw(
cwd: &std::path::Path,
config_home: &std::path::Path,
home: &std::path::Path,
base_url: &str,
args: &[&str],
) -> Output {
let mut command = Command::new(env!("CARGO_BIN_EXE_claw"));
command
.current_dir(cwd)
.env_clear()
.env("ANTHROPIC_API_KEY", "test-compact-key")
.env("ANTHROPIC_BASE_URL", base_url)
.env("CLAW_CONFIG_HOME", config_home)
.env("HOME", home)
.env("NO_COLOR", "1")
.env("PATH", "/usr/bin:/bin")
.args(args);
command.output().expect("claw should launch")
}
fn unique_temp_dir(label: &str) -> PathBuf {
let millis = SystemTime::now()
.duration_since(UNIX_EPOCH)
.expect("clock should be after epoch")
.as_millis();
let counter = TEMP_COUNTER.fetch_add(1, Ordering::Relaxed);
std::env::temp_dir().join(format!(
"claw-compact-{label}-{}-{millis}-{counter}",
std::process::id()
))
}

25
rust/crates/rusty-claude-cli/tests/mock_parity_harness.rs
View File

@@ -183,17 +183,24 @@ fn clean_env_cli_reaches_mock_anthropic_service_across_scripted_parity_scenarios
}
let captured = runtime.block_on(server.captured_requests());
assert_eq!(
captured.len(),
21,
"twelve scenarios should produce twenty-one requests"
);
assert!(captured
// After `be561bf` added count_tokens preflight, each turn sends an
// extra POST to `/v1/messages/count_tokens` before the messages POST.
// The original count (21) assumed messages-only requests. We now
// filter to `/v1/messages` and verify that subset matches the original
// scenario expectation.
let messages_only: Vec<_> = captured
.iter()
.all(|request| request.path == "/v1/messages"));
assert!(captured.iter().all(|request| request.stream));
.filter(|r| r.path == "/v1/messages")
.collect();
assert_eq!(
messages_only.len(),
21,
"twelve scenarios should produce twenty-one /v1/messages requests (total captured: {}, includes count_tokens)",
captured.len()
);
assert!(messages_only.iter().all(|request| request.stream));
let scenarios = captured
let scenarios = messages_only
.iter()
.map(|request| request.scenario.as_str())
.collect::<Vec<_>>();

160
rust/crates/rusty-claude-cli/tests/output_format_contract.rs
View File

@@ -4,6 +4,7 @@ use std::process::{Command, Output};
use std::sync::atomic::{AtomicU64, Ordering};
use std::time::{SystemTime, UNIX_EPOCH};
use runtime::Session;
use serde_json::Value;
static TEMP_COUNTER: AtomicU64 = AtomicU64::new(0);
@@ -38,6 +39,8 @@ fn status_and_sandbox_emit_json_when_requested() {
let status = assert_json_command(&root, &["--output-format", "json", "status"]);
assert_eq!(status["kind"], "status");
assert_eq!(status["active_session"], false);
assert!(status["session_id"].is_null());
assert!(status["workspace"]["cwd"].as_str().is_some());
let sandbox = assert_json_command(&root, &["--output-format", "json", "sandbox"]);
@@ -45,6 +48,24 @@ fn status_and_sandbox_emit_json_when_requested() {
assert!(sandbox["filesystem_mode"].as_str().is_some());
}
#[test]
fn acp_guidance_emits_json_when_requested() {
let root = unique_temp_dir("acp-json");
fs::create_dir_all(&root).expect("temp dir should exist");
let acp = assert_json_command(&root, &["--output-format", "json", "acp"]);
assert_eq!(acp["kind"], "acp");
assert_eq!(acp["status"], "discoverability_only");
assert_eq!(acp["supported"], false);
assert_eq!(acp["serve_alias_only"], true);
assert_eq!(acp["discoverability_tracking"], "ROADMAP #64a");
assert_eq!(acp["tracking"], "ROADMAP #76");
assert!(acp["message"]
.as_str()
.expect("acp message")
.contains("discoverability alias"));
}
#[test]
fn inventory_commands_emit_structured_json_when_requested() {
let root = unique_temp_dir("inventory-json");
@@ -173,13 +194,15 @@ fn dump_manifests_and_init_emit_json_when_requested() {
fs::create_dir_all(&root).expect("temp dir should exist");
let upstream = write_upstream_fixture(&root);
let manifests = assert_json_command_with_env(
let manifests = assert_json_command(
&root,
&["--output-format", "json", "dump-manifests"],
&[(
"CLAUDE_CODE_UPSTREAM",
&[
"--output-format",
"json",
"dump-manifests",
"--manifests-dir",
upstream.to_str().expect("utf8 upstream"),
)],
],
);
assert_eq!(manifests["kind"], "dump-manifests");
assert_eq!(manifests["commands"], 1);
@@ -206,7 +229,7 @@ fn doctor_and_resume_status_emit_json_when_requested() {
assert!(summary["failures"].as_u64().is_some());
let checks = doctor["checks"].as_array().expect("doctor checks");
assert_eq!(checks.len(), 5);
assert_eq!(checks.len(), 6);
let check_names = checks
.iter()
.map(|check| {
@@ -218,7 +241,27 @@ fn doctor_and_resume_status_emit_json_when_requested() {
.collect::<Vec<_>>();
assert_eq!(
check_names,
vec!["auth", "config", "workspace", "sandbox", "system"]
vec![
"auth",
"config",
"install source",
"workspace",
"sandbox",
"system"
]
);
let install_source = checks
.iter()
.find(|check| check["name"] == "install source")
.expect("install source check");
assert_eq!(
install_source["official_repo"],
"https://github.com/ultraworkers/claw-code"
);
assert_eq!(
install_source["deprecated_install"],
"cargo install claw-code"
);
let workspace = checks
@@ -236,12 +279,7 @@ fn doctor_and_resume_status_emit_json_when_requested() {
assert!(sandbox["enabled"].is_boolean());
assert!(sandbox["fallback_reason"].is_null() || sandbox["fallback_reason"].is_string());
let session_path = root.join("session.jsonl");
fs::write(
&session_path,
"{\"type\":\"session_meta\",\"version\":3,\"session_id\":\"resume-json\",\"created_at_ms\":0,\"updated_at_ms\":0}\n{\"type\":\"message\",\"message\":{\"role\":\"user\",\"blocks\":[{\"type\":\"text\",\"text\":\"hello\"}]}}\n",
)
.expect("session should write");
let session_path = write_session_fixture(&root, "resume-json", Some("hello"));
let resumed = assert_json_command(
&root,
&[
@@ -253,7 +291,8 @@ fn doctor_and_resume_status_emit_json_when_requested() {
],
);
assert_eq!(resumed["kind"], "status");
assert_eq!(resumed["model"], "restored-session");
// model is null in resume mode (not known without --model flag)
assert!(resumed["model"].is_null());
assert_eq!(resumed["usage"]["messages"], 1);
assert!(resumed["workspace"]["cwd"].as_str().is_some());
assert!(resumed["sandbox"]["filesystem_mode"].as_str().is_some());
@@ -267,12 +306,7 @@ fn resumed_inventory_commands_emit_structured_json_when_requested() {
fs::create_dir_all(&config_home).expect("config home should exist");
fs::create_dir_all(&home).expect("home should exist");
let session_path = root.join("session.jsonl");
fs::write(
&session_path,
"{\"type\":\"session_meta\",\"version\":3,\"session_id\":\"resume-inventory-json\",\"created_at_ms\":0,\"updated_at_ms\":0}\n{\"type\":\"message\",\"message\":{\"role\":\"user\",\"blocks\":[{\"type\":\"text\",\"text\":\"inventory\"}]}}\n",
)
.expect("session should write");
let session_path = write_session_fixture(&root, "resume-inventory-json", Some("inventory"));
let mcp = assert_json_command_with_env(
&root,
@@ -323,12 +357,7 @@ fn resumed_version_and_init_emit_structured_json_when_requested() {
let root = unique_temp_dir("resume-version-init-json");
fs::create_dir_all(&root).expect("temp dir should exist");
let session_path = root.join("session.jsonl");
fs::write(
&session_path,
"{\"type\":\"session_meta\",\"version\":3,\"session_id\":\"resume-version-init-json\",\"created_at_ms\":0,\"updated_at_ms\":0}\n",
)
.expect("session should write");
let session_path = write_session_fixture(&root, "resume-version-init-json", None);
let version = assert_json_command(
&root,
@@ -357,6 +386,47 @@ fn resumed_version_and_init_emit_structured_json_when_requested() {
assert!(root.join("CLAUDE.md").exists());
}
#[test]
fn status_json_surfaces_active_session_and_boot_session_id_from_worker_state() {
let root = unique_temp_dir("status-worker-state-json");
fs::create_dir_all(&root).expect("temp dir should exist");
write_worker_state_fixture(&root, "running", "boot-fixture-123");
let status = assert_json_command(&root, &["--output-format", "json", "status"]);
assert_eq!(status["kind"], "status");
assert_eq!(status["active_session"], true);
assert_eq!(status["session_id"], "boot-fixture-123");
}
#[test]
fn status_text_surfaces_active_session_and_boot_session_id_from_worker_state() {
let root = unique_temp_dir("status-worker-state-text");
fs::create_dir_all(&root).expect("temp dir should exist");
write_worker_state_fixture(&root, "running", "boot-fixture-456");
let output = run_claw(&root, &["status"], &[]);
assert!(output.status.success());
let stdout = String::from_utf8_lossy(&output.stdout);
assert!(stdout.contains("Session active (boot-fixture-456)"));
}
#[test]
fn worker_state_fixture_round_trips_session_id_across_status_surface() {
let root = unique_temp_dir("status-worker-state-roundtrip");
fs::create_dir_all(&root).expect("temp dir should exist");
let session_id = "boot-roundtrip-789";
write_worker_state_fixture(&root, "running", session_id);
let status = assert_json_command(&root, &["--output-format", "json", "status"]);
assert_eq!(status["active_session"], true);
assert_eq!(status["session_id"], session_id);
let raw = fs::read_to_string(root.join(".claw").join("worker-state.json"))
.expect("worker state should exist");
let state: Value = serde_json::from_str(&raw).expect("worker state should be valid json");
assert_eq!(state["session_id"], session_id);
}
fn assert_json_command(current_dir: &Path, args: &[&str]) -> Value {
assert_json_command_with_env(current_dir, args, &[])
}
@@ -404,6 +474,44 @@ fn write_upstream_fixture(root: &Path) -> PathBuf {
upstream
}
fn write_worker_state_fixture(root: &Path, status: &str, session_id: &str) {
let claw_dir = root.join(".claw");
fs::create_dir_all(&claw_dir).expect("worker state dir should exist");
fs::write(
claw_dir.join("worker-state.json"),
serde_json::to_string_pretty(&serde_json::json!({
"worker_id": "worker-test",
"session_id": session_id,
"status": status,
"is_ready": status == "ready_for_prompt",
"trust_gate_cleared": false,
"prompt_in_flight": status == "running",
"updated_at": 1,
"seconds_since_update": 0
}))
.expect("worker state json should serialize"),
)
.expect("worker state fixture should write");
}
fn write_session_fixture(root: &Path, session_id: &str, user_text: Option<&str>) -> PathBuf {
let session_path = root.join("session.jsonl");
let mut session = Session::new()
.with_workspace_root(root.to_path_buf())
.with_persistence_path(session_path.clone());
session.session_id = session_id.to_string();
if let Some(text) = user_text {
session
.push_user_text(text)
.expect("session fixture message should persist");
} else {
session
.save_to_path(&session_path)
.expect("session fixture should persist");
}
session_path
}
fn write_agent(root: &Path, name: &str, description: &str, model: &str, reasoning: &str) {
fs::create_dir_all(root).expect("agent root should exist");
fs::write(

237
rust/crates/rusty-claude-cli/tests/resume_slash_commands.rs
View File

@@ -20,7 +20,7 @@ fn resumed_binary_accepts_slash_commands_with_arguments() {
let session_path = temp_dir.join("session.jsonl");
let export_path = temp_dir.join("notes.txt");
let mut session = Session::new();
let mut session = workspace_session(&temp_dir);
session
.push_user_text("ship the slash command harness")
.expect("session write should succeed");
@@ -122,7 +122,7 @@ fn resumed_config_command_loads_settings_files_end_to_end() {
fs::create_dir_all(&config_home).expect("config home should exist");
let session_path = project_dir.join("session.jsonl");
Session::new()
workspace_session(&project_dir)
.with_persistence_path(&session_path)
.save_to_path(&session_path)
.expect("session should persist");
@@ -180,13 +180,11 @@ fn resume_latest_restores_the_most_recent_managed_session() {
// given
let temp_dir = unique_temp_dir("resume-latest");
let project_dir = temp_dir.join("project");
let sessions_dir = project_dir.join(".claw").join("sessions");
fs::create_dir_all(&sessions_dir).expect("sessions dir should exist");
let store = runtime::SessionStore::from_cwd(&project_dir).expect("session store should build");
let older_path = store.create_handle("session-older").path;
let newer_path = store.create_handle("session-newer").path;
let older_path = sessions_dir.join("session-older.jsonl");
let newer_path = sessions_dir.join("session-newer.jsonl");
let mut older = Session::new().with_persistence_path(&older_path);
let mut older = workspace_session(&project_dir).with_persistence_path(&older_path);
older
.push_user_text("older session")
.expect("older session write should succeed");
@@ -194,7 +192,7 @@ fn resume_latest_restores_the_most_recent_managed_session() {
.save_to_path(&older_path)
.expect("older session should persist");
let mut newer = Session::new().with_persistence_path(&newer_path);
let mut newer = workspace_session(&project_dir).with_persistence_path(&newer_path);
newer
.push_user_text("newer session")
.expect("newer session write should succeed");
@@ -229,7 +227,7 @@ fn resumed_status_command_emits_structured_json_when_requested() {
fs::create_dir_all(&temp_dir).expect("temp dir should exist");
let session_path = temp_dir.join("session.jsonl");
let mut session = Session::new();
let mut session = workspace_session(&temp_dir);
session
.push_user_text("resume status json fixture")
.expect("session write should succeed");
@@ -261,7 +259,8 @@ fn resumed_status_command_emits_structured_json_when_requested() {
let parsed: Value =
serde_json::from_str(stdout.trim()).expect("resume status output should be json");
assert_eq!(parsed["kind"], "status");
assert_eq!(parsed["model"], "restored-session");
// model is null in resume mode (not known without --model flag)
assert!(parsed["model"].is_null());
assert_eq!(parsed["permission_mode"], "danger-full-access");
assert_eq!(parsed["usage"]["messages"], 1);
assert!(parsed["usage"]["turns"].is_number());
@@ -275,6 +274,47 @@ fn resumed_status_command_emits_structured_json_when_requested() {
assert!(parsed["sandbox"]["filesystem_mode"].as_str().is_some());
}
#[test]
fn resumed_status_surfaces_persisted_model() {
// given — create a session with model already set
let temp_dir = unique_temp_dir("resume-status-model");
fs::create_dir_all(&temp_dir).expect("temp dir should exist");
let session_path = temp_dir.join("session.jsonl");
let mut session = workspace_session(&temp_dir);
session.model = Some("claude-sonnet-4-6".to_string());
session
.push_user_text("model persistence fixture")
.expect("write ok");
session.save_to_path(&session_path).expect("persist ok");
// when
let output = run_claw(
&temp_dir,
&[
"--output-format",
"json",
"--resume",
session_path.to_str().expect("utf8 path"),
"/status",
],
);
// then
assert!(
output.status.success(),
"stderr:\n{}",
String::from_utf8_lossy(&output.stderr)
);
let stdout = String::from_utf8(output.stdout).expect("utf8");
let parsed: Value = serde_json::from_str(stdout.trim()).expect("should be json");
assert_eq!(parsed["kind"], "status");
assert_eq!(
parsed["model"], "claude-sonnet-4-6",
"model should round-trip through session metadata"
);
}
#[test]
fn resumed_sandbox_command_emits_structured_json_when_requested() {
// given
@@ -282,7 +322,7 @@ fn resumed_sandbox_command_emits_structured_json_when_requested() {
fs::create_dir_all(&temp_dir).expect("temp dir should exist");
let session_path = temp_dir.join("session.jsonl");
Session::new()
workspace_session(&temp_dir)
.save_to_path(&session_path)
.expect("session should persist");
@@ -318,10 +358,183 @@ fn resumed_sandbox_command_emits_structured_json_when_requested() {
assert!(parsed["markers"].is_array());
}
#[test]
fn resumed_version_command_emits_structured_json() {
let temp_dir = unique_temp_dir("resume-version-json");
fs::create_dir_all(&temp_dir).expect("temp dir should exist");
let session_path = temp_dir.join("session.jsonl");
workspace_session(&temp_dir)
.save_to_path(&session_path)
.expect("session should persist");
let output = run_claw(
&temp_dir,
&[
"--output-format",
"json",
"--resume",
session_path.to_str().expect("utf8 path"),
"/version",
],
);
assert!(
output.status.success(),
"stderr:\n{}",
String::from_utf8_lossy(&output.stderr)
);
let stdout = String::from_utf8(output.stdout).expect("utf8");
let parsed: Value = serde_json::from_str(stdout.trim()).expect("should be json");
assert_eq!(parsed["kind"], "version");
assert!(parsed["version"].as_str().is_some());
assert!(parsed["git_sha"].as_str().is_some());
assert!(parsed["target"].as_str().is_some());
}
#[test]
fn resumed_export_command_emits_structured_json() {
let temp_dir = unique_temp_dir("resume-export-json");
fs::create_dir_all(&temp_dir).expect("temp dir should exist");
let session_path = temp_dir.join("session.jsonl");
let mut session = workspace_session(&temp_dir);
session
.push_user_text("export json fixture")
.expect("write ok");
session.save_to_path(&session_path).expect("persist ok");
let output = run_claw(
&temp_dir,
&[
"--output-format",
"json",
"--resume",
session_path.to_str().expect("utf8 path"),
"/export",
],
);
assert!(
output.status.success(),
"stderr:\n{}",
String::from_utf8_lossy(&output.stderr)
);
let stdout = String::from_utf8(output.stdout).expect("utf8");
let parsed: Value = serde_json::from_str(stdout.trim()).expect("should be json");
assert_eq!(parsed["kind"], "export");
assert!(parsed["file"].as_str().is_some());
assert_eq!(parsed["message_count"], 1);
}
#[test]
fn resumed_help_command_emits_structured_json() {
let temp_dir = unique_temp_dir("resume-help-json");
fs::create_dir_all(&temp_dir).expect("temp dir should exist");
let session_path = temp_dir.join("session.jsonl");
workspace_session(&temp_dir)
.save_to_path(&session_path)
.expect("persist ok");
let output = run_claw(
&temp_dir,
&[
"--output-format",
"json",
"--resume",
session_path.to_str().expect("utf8 path"),
"/help",
],
);
assert!(
output.status.success(),
"stderr:\n{}",
String::from_utf8_lossy(&output.stderr)
);
let stdout = String::from_utf8(output.stdout).expect("utf8");
let parsed: Value = serde_json::from_str(stdout.trim()).expect("should be json");
assert_eq!(parsed["kind"], "help");
assert!(parsed["text"].as_str().is_some());
let text = parsed["text"].as_str().unwrap();
assert!(text.contains("/status"), "help text should list /status");
}
#[test]
fn resumed_no_command_emits_restored_json() {
let temp_dir = unique_temp_dir("resume-no-cmd-json");
fs::create_dir_all(&temp_dir).expect("temp dir should exist");
let session_path = temp_dir.join("session.jsonl");
let mut session = workspace_session(&temp_dir);
session
.push_user_text("restored json fixture")
.expect("write ok");
session.save_to_path(&session_path).expect("persist ok");
let output = run_claw(
&temp_dir,
&[
"--output-format",
"json",
"--resume",
session_path.to_str().expect("utf8 path"),
],
);
assert!(
output.status.success(),
"stderr:\n{}",
String::from_utf8_lossy(&output.stderr)
);
let stdout = String::from_utf8(output.stdout).expect("utf8");
let parsed: Value = serde_json::from_str(stdout.trim()).expect("should be json");
assert_eq!(parsed["kind"], "restored");
assert!(parsed["session_id"].as_str().is_some());
assert!(parsed["path"].as_str().is_some());
assert_eq!(parsed["message_count"], 1);
}
#[test]
fn resumed_stub_command_emits_not_implemented_json() {
let temp_dir = unique_temp_dir("resume-stub-json");
fs::create_dir_all(&temp_dir).expect("temp dir should exist");
let session_path = temp_dir.join("session.jsonl");
workspace_session(&temp_dir)
.save_to_path(&session_path)
.expect("persist ok");
let output = run_claw(
&temp_dir,
&[
"--output-format",
"json",
"--resume",
session_path.to_str().expect("utf8 path"),
"/allowed-tools",
],
);
// Stub commands exit with code 2
assert!(!output.status.success());
let stderr = String::from_utf8(output.stderr).expect("utf8");
let parsed: Value = serde_json::from_str(stderr.trim()).expect("should be json");
assert_eq!(parsed["type"], "error");
assert!(
parsed["error"]
.as_str()
.unwrap()
.contains("not yet implemented"),
"error should say not yet implemented: {:?}",
parsed["error"]
);
}
fn run_claw(current_dir: &Path, args: &[&str]) -> Output {
run_claw_with_env(current_dir, args, &[])
}
fn workspace_session(root: &Path) -> Session {
Session::new().with_workspace_root(root.to_path_buf())
}
fn run_claw_with_env(current_dir: &Path, args: &[&str], envs: &[(&str, &str)]) -> Output {
let mut command = Command::new(env!("CARGO_BIN_EXE_claw"));
command.current_dir(current_dir).args(args);

1
rust/crates/tools/Cargo.toml
View File

@@ -8,6 +8,7 @@ publish.workspace = true
[dependencies]
api = { path = "../api" }
commands = { path = "../commands" }
flate2 = "1"
plugins = { path = "../plugins" }
runtime = { path = "../runtime" }
reqwest = { version = "0.12", default-features = false, features = ["blocking", "rustls-tls"] }

2103
rust/crates/tools/src/lib.rs
View File

File diff suppressed because it is too large Load Diff

548
rust/crates/tools/src/pdf_extract.rs Normal file
View File

@@ -0,0 +1,548 @@
//! Minimal PDF text extraction.
//!
//! Reads a PDF file, locates `/Contents` stream objects, decompresses with
//! flate2 when the stream uses `/FlateDecode`, and extracts text operators
//! found between `BT` / `ET` markers.
use std::io::Read as _;
use std::path::Path;
/// Extract all readable text from a PDF file.
///
/// Returns the concatenated text found inside BT/ET operators across all
/// content streams. Non-text pages or encrypted PDFs yield an empty string
/// rather than an error.
pub fn extract_text(path: &Path) -> Result<String, String> {
let data = std::fs::read(path).map_err(|e| format!("failed to read PDF: {e}"))?;
Ok(extract_text_from_bytes(&data))
}
/// Core extraction from raw PDF bytes — useful for testing without touching the
/// filesystem.
pub(crate) fn extract_text_from_bytes(data: &[u8]) -> String {
let mut all_text = String::new();
let mut offset = 0;
while offset < data.len() {
let Some(stream_start) = find_subsequence(&data[offset..], b"stream") else {
break;
};
let abs_start = offset + stream_start;
// Determine the byte offset right after "stream\r\n" or "stream\n".
let content_start = skip_stream_eol(data, abs_start + b"stream".len());
let Some(end_rel) = find_subsequence(&data[content_start..], b"endstream") else {
break;
};
let content_end = content_start + end_rel;
// Look backwards from "stream" for a FlateDecode hint in the object
// dictionary. We scan at most 512 bytes before the stream keyword.
let dict_window_start = abs_start.saturating_sub(512);
let dict_window = &data[dict_window_start..abs_start];
let is_flate = find_subsequence(dict_window, b"FlateDecode").is_some();
// Only process streams whose parent dictionary references /Contents or
// looks like a page content stream (contains /Length). We intentionally
// keep this loose to cover both inline and referenced content streams.
let raw = &data[content_start..content_end];
let decompressed;
let stream_bytes: &[u8] = if is_flate {
if let Ok(buf) = inflate(raw) {
decompressed = buf;
&decompressed
} else {
offset = content_end;
continue;
}
} else {
raw
};
let text = extract_bt_et_text(stream_bytes);
if !text.is_empty() {
if !all_text.is_empty() {
all_text.push('\n');
}
all_text.push_str(&text);
}
offset = content_end;
}
all_text
}
/// Inflate (zlib / deflate) compressed data via `flate2`.
fn inflate(data: &[u8]) -> Result<Vec<u8>, String> {
let mut decoder = flate2::read::ZlibDecoder::new(data);
let mut buf = Vec::new();
decoder
.read_to_end(&mut buf)
.map_err(|e| format!("flate2 inflate error: {e}"))?;
Ok(buf)
}
/// Extract text from PDF content-stream operators between BT and ET markers.
///
/// Handles the common text-showing operators:
/// - `Tj` — show a string
/// - `TJ` — show an array of strings/numbers
/// - `'` — move to next line and show string
/// - `"` — set spacing, move to next line and show string
fn extract_bt_et_text(stream: &[u8]) -> String {
let text = String::from_utf8_lossy(stream);
let mut result = String::new();
let mut in_bt = false;
for line in text.lines() {
let trimmed = line.trim();
if trimmed == "BT" {
in_bt = true;
continue;
}
if trimmed == "ET" {
in_bt = false;
continue;
}
if !in_bt {
continue;
}
// Tj operator: (text) Tj
if trimmed.ends_with("Tj") {
if let Some(s) = extract_parenthesized_string(trimmed) {
if !result.is_empty() && !result.ends_with('\n') {
result.push(' ');
}
result.push_str(&s);
}
}
// TJ operator: [ (text) 123 (text) ] TJ
else if trimmed.ends_with("TJ") {
let extracted = extract_tj_array(trimmed);
if !extracted.is_empty() {
if !result.is_empty() && !result.ends_with('\n') {
result.push(' ');
}
result.push_str(&extracted);
}
}
// ' operator: (text) ' and " operator: aw ac (text) "
else if is_newline_show_operator(trimmed) {
if let Some(s) = extract_parenthesized_string(trimmed) {
if !result.is_empty() {
result.push('\n');
}
result.push_str(&s);
}
}
}
result
}
/// Returns `true` when `trimmed` looks like a `'` or `"` text-show operator.
fn is_newline_show_operator(trimmed: &str) -> bool {
(trimmed.ends_with('\'') && trimmed.len() > 1)
|| (trimmed.ends_with('"') && trimmed.contains('('))
}
/// Pull the text from the first `(…)` group, handling escaped parens and
/// common PDF escape sequences.
fn extract_parenthesized_string(input: &str) -> Option<String> {
let open = input.find('(')?;
let bytes = input.as_bytes();
let mut depth = 0;
let mut result = String::new();
let mut i = open;
while i < bytes.len() {
match bytes[i] {
b'(' => {
if depth > 0 {
result.push('(');
}
depth += 1;
}
b')' => {
depth -= 1;
if depth == 0 {
return Some(result);
}
result.push(')');
}
b'\\' if i + 1 < bytes.len() => {
i += 1;
match bytes[i] {
b'n' => result.push('\n'),
b'r' => result.push('\r'),
b't' => result.push('\t'),
b'\\' => result.push('\\'),
b'(' => result.push('('),
b')' => result.push(')'),
// Octal sequences — up to 3 digits.
d @ b'0'..=b'7' => {
let mut octal = u32::from(d - b'0');
for _ in 0..2 {
if i + 1 < bytes.len()
&& bytes[i + 1].is_ascii_digit()
&& bytes[i + 1] <= b'7'
{
i += 1;
octal = octal * 8 + u32::from(bytes[i] - b'0');
} else {
break;
}
}
if let Some(ch) = char::from_u32(octal) {
result.push(ch);
}
}
other => result.push(char::from(other)),
}
}
ch => result.push(char::from(ch)),
}
i += 1;
}
None // unbalanced
}
/// Extract concatenated strings from a TJ array like `[ (Hello) -120 (World) ] TJ`.
fn extract_tj_array(input: &str) -> String {
let mut result = String::new();
let Some(bracket_start) = input.find('[') else {
return result;
};
let Some(bracket_end) = input.rfind(']') else {
return result;
};
let inner = &input[bracket_start + 1..bracket_end];
let mut i = 0;
let bytes = inner.as_bytes();
while i < bytes.len() {
if bytes[i] == b'(' {
// Reconstruct the parenthesized string and extract it.
if let Some(s) = extract_parenthesized_string(&inner[i..]) {
result.push_str(&s);
// Skip past the closing paren.
let mut depth = 0u32;
for &b in &bytes[i..] {
i += 1;
if b == b'(' {
depth += 1;
} else if b == b')' {
depth -= 1;
if depth == 0 {
break;
}
}
}
continue;
}
}
i += 1;
}
result
}
/// Skip past the end-of-line marker that immediately follows the `stream`
/// keyword. Per the PDF spec this is either `\r\n` or `\n`.
fn skip_stream_eol(data: &[u8], pos: usize) -> usize {
if pos < data.len() && data[pos] == b'\r' {
if pos + 1 < data.len() && data[pos + 1] == b'\n' {
return pos + 2;
}
return pos + 1;
}
if pos < data.len() && data[pos] == b'\n' {
return pos + 1;
}
pos
}
/// Simple byte-subsequence search.
fn find_subsequence(haystack: &[u8], needle: &[u8]) -> Option<usize> {
haystack
.windows(needle.len())
.position(|window| window == needle)
}
/// Check if a user-supplied path looks like a PDF file reference.
#[must_use]
pub fn looks_like_pdf_path(text: &str) -> Option<&str> {
for token in text.split_whitespace() {
let cleaned = token.trim_matches(|c: char| c == '\'' || c == '"' || c == '`');
if let Some(dot_pos) = cleaned.rfind('.') {
if cleaned[dot_pos + 1..].eq_ignore_ascii_case("pdf") && dot_pos > 0 {
return Some(cleaned);
}
}
}
None
}
/// Auto-extract text from a PDF path mentioned in a user prompt.
///
/// Returns `Some((path, extracted_text))` when a `.pdf` path is detected and
/// the file exists, otherwise `None`.
#[must_use]
pub fn maybe_extract_pdf_from_prompt(prompt: &str) -> Option<(String, String)> {
let pdf_path = looks_like_pdf_path(prompt)?;
let path = Path::new(pdf_path);
if !path.exists() {
return None;
}
let text = extract_text(path).ok()?;
if text.is_empty() {
return None;
}
Some((pdf_path.to_string(), text))
}
#[cfg(test)]
mod tests {
use super::*;
/// Build a minimal valid PDF with a single page containing uncompressed
/// text. This is the smallest PDF structure that exercises the BT/ET
/// extraction path.
fn build_simple_pdf(text: &str) -> Vec<u8> {
let content_stream = format!("BT\n/F1 12 Tf\n({text}) Tj\nET");
let stream_bytes = content_stream.as_bytes();
let mut pdf = Vec::new();
// Header
pdf.extend_from_slice(b"%PDF-1.4\n");
// Object 1 — Catalog
let obj1_offset = pdf.len();
pdf.extend_from_slice(b"1 0 obj\n<< /Type /Catalog /Pages 2 0 R >>\nendobj\n");
// Object 2 — Pages
let obj2_offset = pdf.len();
pdf.extend_from_slice(b"2 0 obj\n<< /Type /Pages /Kids [3 0 R] /Count 1 >>\nendobj\n");
// Object 3 — Page
let obj3_offset = pdf.len();
pdf.extend_from_slice(
b"3 0 obj\n<< /Type /Page /Parent 2 0 R /Contents 4 0 R >>\nendobj\n",
);
// Object 4 — Content stream (uncompressed)
let obj4_offset = pdf.len();
let length = stream_bytes.len();
let header = format!("4 0 obj\n<< /Length {length} >>\nstream\n");
pdf.extend_from_slice(header.as_bytes());
pdf.extend_from_slice(stream_bytes);
pdf.extend_from_slice(b"\nendstream\nendobj\n");
// Cross-reference table
let xref_offset = pdf.len();
pdf.extend_from_slice(b"xref\n0 5\n");
pdf.extend_from_slice(b"0000000000 65535 f \n");
pdf.extend_from_slice(format!("{obj1_offset:010} 00000 n \n").as_bytes());
pdf.extend_from_slice(format!("{obj2_offset:010} 00000 n \n").as_bytes());
pdf.extend_from_slice(format!("{obj3_offset:010} 00000 n \n").as_bytes());
pdf.extend_from_slice(format!("{obj4_offset:010} 00000 n \n").as_bytes());
// Trailer
pdf.extend_from_slice(b"trailer\n<< /Size 5 /Root 1 0 R >>\n");
pdf.extend_from_slice(format!("startxref\n{xref_offset}\n%%EOF\n").as_bytes());
pdf
}
/// Build a minimal PDF with flate-compressed content stream.
fn build_flate_pdf(text: &str) -> Vec<u8> {
use flate2::write::ZlibEncoder;
use flate2::Compression;
use std::io::Write as _;
let content_stream = format!("BT\n/F1 12 Tf\n({text}) Tj\nET");
let mut encoder = ZlibEncoder::new(Vec::new(), Compression::default());
encoder
.write_all(content_stream.as_bytes())
.expect("compress");
let compressed = encoder.finish().expect("finish");
let mut pdf = Vec::new();
pdf.extend_from_slice(b"%PDF-1.4\n");
let obj1_offset = pdf.len();
pdf.extend_from_slice(b"1 0 obj\n<< /Type /Catalog /Pages 2 0 R >>\nendobj\n");
let obj2_offset = pdf.len();
pdf.extend_from_slice(b"2 0 obj\n<< /Type /Pages /Kids [3 0 R] /Count 1 >>\nendobj\n");
let obj3_offset = pdf.len();
pdf.extend_from_slice(
b"3 0 obj\n<< /Type /Page /Parent 2 0 R /Contents 4 0 R >>\nendobj\n",
);
let obj4_offset = pdf.len();
let length = compressed.len();
let header = format!("4 0 obj\n<< /Length {length} /Filter /FlateDecode >>\nstream\n");
pdf.extend_from_slice(header.as_bytes());
pdf.extend_from_slice(&compressed);
pdf.extend_from_slice(b"\nendstream\nendobj\n");
let xref_offset = pdf.len();
pdf.extend_from_slice(b"xref\n0 5\n");
pdf.extend_from_slice(b"0000000000 65535 f \n");
pdf.extend_from_slice(format!("{obj1_offset:010} 00000 n \n").as_bytes());
pdf.extend_from_slice(format!("{obj2_offset:010} 00000 n \n").as_bytes());
pdf.extend_from_slice(format!("{obj3_offset:010} 00000 n \n").as_bytes());
pdf.extend_from_slice(format!("{obj4_offset:010} 00000 n \n").as_bytes());
pdf.extend_from_slice(b"trailer\n<< /Size 5 /Root 1 0 R >>\n");
pdf.extend_from_slice(format!("startxref\n{xref_offset}\n%%EOF\n").as_bytes());
pdf
}
#[test]
fn extracts_uncompressed_text_from_minimal_pdf() {
// given
let pdf_bytes = build_simple_pdf("Hello World");
// when
let text = extract_text_from_bytes(&pdf_bytes);
// then
assert_eq!(text, "Hello World");
}
#[test]
fn extracts_text_from_flate_compressed_stream() {
// given
let pdf_bytes = build_flate_pdf("Compressed PDF Text");
// when
let text = extract_text_from_bytes(&pdf_bytes);
// then
assert_eq!(text, "Compressed PDF Text");
}
#[test]
fn handles_tj_array_operator() {
// given
let stream = b"BT\n/F1 12 Tf\n[ (Hello) -120 ( World) ] TJ\nET";
// Build a raw PDF with TJ array operator instead of simple Tj.
let content_stream = std::str::from_utf8(stream).unwrap();
let raw = format!(
"%PDF-1.4\n1 0 obj\n<< /Type /Catalog >>\nendobj\n\
2 0 obj\n<< /Length {} >>\nstream\n{}\nendstream\nendobj\n%%EOF\n",
content_stream.len(),
content_stream
);
let pdf_bytes = raw.into_bytes();
// when
let text = extract_text_from_bytes(&pdf_bytes);
// then
assert_eq!(text, "Hello World");
}
#[test]
fn handles_escaped_parentheses() {
// given
let content = b"BT\n(Hello \\(World\\)) Tj\nET";
let raw = format!(
"%PDF-1.4\n1 0 obj\n<< /Length {} >>\nstream\n",
content.len()
);
let mut pdf_bytes = raw.into_bytes();
pdf_bytes.extend_from_slice(content);
pdf_bytes.extend_from_slice(b"\nendstream\nendobj\n%%EOF\n");
// when
let text = extract_text_from_bytes(&pdf_bytes);
// then
assert_eq!(text, "Hello (World)");
}
#[test]
fn returns_empty_for_non_pdf_data() {
// given
let data = b"This is not a PDF file at all";
// when
let text = extract_text_from_bytes(data);
// then
assert!(text.is_empty());
}
#[test]
fn extracts_text_from_file_on_disk() {
// given
let pdf_bytes = build_simple_pdf("Disk Test");
let dir = std::env::temp_dir().join("clawd-pdf-extract-test");
std::fs::create_dir_all(&dir).unwrap();
let pdf_path = dir.join("test.pdf");
std::fs::write(&pdf_path, &pdf_bytes).unwrap();
// when
let text = extract_text(&pdf_path).unwrap();
// then
assert_eq!(text, "Disk Test");
// cleanup
let _ = std::fs::remove_dir_all(&dir);
}
#[test]
fn looks_like_pdf_path_detects_pdf_references() {
// given / when / then
assert_eq!(
looks_like_pdf_path("Please read /tmp/report.pdf"),
Some("/tmp/report.pdf")
);
assert_eq!(looks_like_pdf_path("Check file.PDF now"), Some("file.PDF"));
assert_eq!(looks_like_pdf_path("no pdf here"), None);
}
#[test]
fn maybe_extract_pdf_from_prompt_returns_none_for_missing_file() {
// given
let prompt = "Read /tmp/nonexistent-abc123.pdf please";
// when
let result = maybe_extract_pdf_from_prompt(prompt);
// then
assert!(result.is_none());
}
#[test]
fn maybe_extract_pdf_from_prompt_extracts_existing_file() {
// given
let pdf_bytes = build_simple_pdf("Auto Extracted");
let dir = std::env::temp_dir().join("clawd-pdf-auto-extract-test");
std::fs::create_dir_all(&dir).unwrap();
let pdf_path = dir.join("auto.pdf");
std::fs::write(&pdf_path, &pdf_bytes).unwrap();
let prompt = format!("Summarize {}", pdf_path.display());
// when
let result = maybe_extract_pdf_from_prompt(&prompt);
// then
let (path, text) = result.expect("should extract");
assert_eq!(path, pdf_path.display().to_string());
assert_eq!(text, "Auto Extracted");
// cleanup
let _ = std::fs::remove_dir_all(&dir);
}
}