diff --git a/.github/hooks/pre-push b/.github/hooks/pre-push index de2b9259..a6e245c0 100755 --- a/.github/hooks/pre-push +++ b/.github/hooks/pre-push @@ -13,7 +13,7 @@ cd "$repo_root" if [[ -x scripts/roadmap-check-ids.sh ]]; then echo "pre-push: scripts/roadmap-check-ids.sh" >&2 - scripts/roadmap-check-ids.sh + scripts/roadmap-check-ids.sh >&2 fi if [[ "${SKIP_CLAW_PRE_PUSH_BUILD:-}" == "1" ]]; then diff --git a/.gitignore b/.gitignore index 6259e5b7..fcf4f9fe 100644 --- a/.gitignore +++ b/.gitignore @@ -8,6 +8,7 @@ archive/ # Claw Code local artifacts .claw/settings.local.json .claw/sessions/ +.claw/rules.local/ .clawhip/ status-help.txt # Legacy Python port session scratch artifacts diff --git a/ROADMAP.md b/ROADMAP.md index e21cdc79..15a94650 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -1244,8 +1244,7 @@ Model name prefix now wins unconditionally over env-var presence. Regression tes 45. **`claw dump-manifests` fails with opaque "No such file or directory"** — dogfooded 2026-04-09. `claw dump-manifests` emits `error: failed to extract manifests: No such file or directory (os error 2)` with no indication of which file or directory is missing. **Partial fix at `47aa1a5`+1**: error message now includes `looked in: ` so the build-tree path is visible, what manifests are, or how to fix it. Fix shape: (a) surface the missing path in the error message; (b) add a pre-check that explains what manifests are and where they should be (e.g. `.claw/manifests/` or the plugins directory); (c) if the command is only valid after `claw init` or after installing plugins, say so explicitly. Source: Jobdori dogfood 2026-04-09. -45. **`claw dump-manifests` fails with opaque `No such file or directory`** — **done (verified 2026-04-12):** current `main` now accepts `claw dump-manifests --manifests-dir PATH`, pre-checks for the required upstream manifest files (`src/commands.ts`, `src/tools.ts`, `src/entrypoints/cli.tsx`), and replaces the opaque os error with guidance that points users to `CLAUDE_CODE_UPSTREAM` or `--manifests-dir`. Fresh proof: parser coverage for both flag forms, unit coverage for missing-manifest and explicit-path flows, and `output_format_contract` JSON coverage via the new flag all pass. **Original filing below.** -45. **`claw dump-manifests` fails with opaque `No such file or directory`** — **done (verified 2026-04-12):** current `main` now accepts `claw dump-manifests --manifests-dir PATH`, pre-checks for the required upstream manifest files (`src/commands.ts`, `src/tools.ts`, `src/entrypoints/cli.tsx`), and replaces the opaque os error with guidance that points users to `CLAUDE_CODE_UPSTREAM` or `--manifests-dir`. Fresh proof: parser coverage for both flag forms, unit coverage for missing-manifest and explicit-path flows, and `output_format_contract` JSON coverage via the new flag all pass. **Original filing below.** +45. **`claw dump-manifests` fails with opaque `No such file or directory`** — **done (verified 2026-06-03):** current `main` now emits a self-contained Rust resolver inventory for `claw dump-manifests` without requiring upstream TypeScript files, build-machine paths, or `CLAUDE_CODE_UPSTREAM`. Explicit `--manifests-dir PATH` scopes resolver discovery to another directory and missing/not-directory values emit typed `missing_manifests` guidance. Fresh proof: parser coverage for both flag forms, unit coverage for self-contained default, explicit-directory, and missing-directory flows, plus `output_format_contract` JSON coverage all pass. **Original filing below.** 46. **`/tokens`, `/cache`, `/stats` were dead spec — parse arms missing** — dogfooded 2026-04-09. All three had spec entries with `resume_supported: true` but no parse arms, producing the circular error "Unknown slash command: /tokens — Did you mean /tokens". Also `SlashCommand::Stats` existed but was unimplemented in both REPL and resume dispatch. **Done at `60ec2ae` 2026-04-09**: `"tokens" | "cache"` now alias to `SlashCommand::Stats`; `Stats` is wired in both REPL and resume path with full JSON output. Source: Jobdori dogfood. 47. **`/diff` fails with cryptic "unknown option 'cached'" outside a git repo; resume /diff used wrong CWD** — dogfooded 2026-04-09. `claw --resume /diff` in a non-git directory produced `git diff --cached failed: error: unknown option 'cached'` because git falls back to `--no-index` mode outside a git tree. Also resume `/diff` used `session_path.parent()` (the `.claw/sessions//` dir) as CWD for the diff — never a git repo. **Done at `aef85f8` 2026-04-09**: `render_diff_report_for()` now checks `git rev-parse --is-inside-work-tree` first and returns a clear "no git repository" message; resume `/diff` uses `std::env::current_dir()`. Source: Jobdori dogfood. @@ -1547,7 +1546,7 @@ Original filing (2026-04-13): user requested a `-acp` parameter to support ACP p **Source.** Jobdori dogfood 2026-04-17 against `/tmp/cd3` on main HEAD `e58c194` in response to Clawhip pinpoint nudge at `1494653681222811751`. Distinct from #80/#81/#82 (status/error surfaces lie about *static* runtime state): this is a surface that lies about *time itself*, and the lie is smeared into every live-agent system prompt, not just a single error string or status field. -84. **`claw dump-manifests` default search path is the build machine's absolute filesystem path baked in at compile time — broken and information-leaking for any user running a distributed binary** — dogfooded 2026-04-17 on main HEAD `70a0f0c` from `/tmp/cd4` (fresh workspace). Running `claw dump-manifests` with no arguments emits: +84. **DONE — `claw dump-manifests` no longer bakes or leaks the build machine's absolute filesystem path** — fixed 2026-06-03 in `fix: make dump-manifests self-contained`. The runtime default now uses the current workspace and emits the Rust resolver inventory directly, so distributed binaries no longer depend on upstream TypeScript source files or compile-time `CARGO_MANIFEST_DIR` paths. Explicit `--manifests-dir` remains as a discovery-root override and invalid roots return typed `missing_manifests` diagnostics. Original filing below: running `claw dump-manifests` with no arguments emitted: ``` error: Manifest source files are missing. repo root: /Users/yeongyu/clawd/claw-code @@ -6303,7 +6302,7 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed) 422. **`export --output-format json` and `--resume latest` report the same "no managed sessions" scenario using two different `kind` codes — `no_managed_sessions` vs `session_load_failed` — making "no session found" undetectable by a single kind-code check** — dogfooded 2026-04-30 KST (UTC+9) by Jobdori on `e939777f`. Running `claw export --output-format json` with no session present returns (on stderr, exit 1): `{"error":"no managed sessions found in .claw/sessions//","hint":"Start \`claw\` to create a session, then rerun with \`--resume latest\`.\nNote: claw partitions sessions per workspace fingerprint; sessions from other CWDs are invisible.","kind":"no_managed_sessions","type":"error"}`. Running `claw --resume latest /status --output-format json` with no session present returns (on stderr, exit 1): `{"error":"failed to restore session: no managed sessions found in .claw/sessions//","hint":"Start \`claw\` to create a session, then rerun with \`--resume latest\`.\nNote: claw partitions sessions per workspace fingerprint; sessions from other CWDs are invisible.","kind":"session_load_failed","type":"error"}`. Both describe the same root condition — there are no sessions to operate on — but they expose it via different `kind` discriminants. Automation that checks `kind == "no_managed_sessions"` to detect a cold workspace will miss the `--resume` path's `session_load_failed`, and vice versa. A wrapper that guards "run with --resume only if a session exists" must special-case both codes. The hint text is identical between them, suggesting the messages are logically equivalent. Additionally neither code matches the proposed canonical names `session_not_found` / `session_load_failed` as stable `ErrorKind` discriminants described in ROADMAP #77's fix shape, which explicitly proposes typed error-kind codes for session lifecycle failures. **Required fix shape:** (a) unify "no sessions found for this workspace fingerprint" under a single canonical `kind` code — either `no_managed_sessions` or `session_not_found` — used consistently by every command path that encounters an empty session registry; (b) if `session_load_failed` is a more general category (covering e.g. corrupt session files, IO errors, schema version mismatches), it should nest a concrete `reason:"no_managed_sessions"` or `reason:"session_not_found"` sub-field so callers can distinguish "empty registry" from "found but unreadable"; (c) align with the canonical error-kind contract proposed in #77; (d) add regression coverage proving `export` and `--resume latest` in an empty workspace both return an error with the same top-level `kind` code. **Why this matters:** session guard-rails in orchestration need a single stable `kind` to detect cold workspaces without enumerating all possible no-session synonyms. Two divergent codes for the same condition make defensive automation brittle and contradict the promise of machine-readable error envelopes. Source: Jobdori live dogfood, `e939777f`, 2026-04-30 KST (UTC+9). -407. **`config --output-format json` returns `files[].loaded:false` with no `load_error`, `not_found`, or `skip_reason` field — automation cannot distinguish "file does not exist", "file exists but parse failed", and "file exists but was skipped by policy" from the same `loaded:false` value; also `loaded_files` and `merged_keys` are bare integers with no per-file attribution** — dogfooded 2026-04-30 by Jobdori on `e939777f`. Running `./claw --output-format json config` on a workspace with 5 discovered config files returns `{"kind":"config","cwd":"...","files":[{"loaded":false,"path":"/Users/yeongyu/.claw.json","source":"user"},{"loaded":true,"path":"/Users/yeongyu/.claw/settings.json","source":"user"},{"loaded":true,"path":"/Users/yeongyu/clawd/claw-code/.claw.json","source":"project"},{"loaded":false,"path":"/Users/yeongyu/clawd/claw-code/.claw/settings.json","source":"project"},{"loaded":false,"path":"/Users/yeongyu/clawd/claw-code/.claw/settings.local.json","source":"local"}],"loaded_files":2,"merged_keys":2}`. Three of five files have `loaded:false` with no accompanying `not_found:true`, `parse_error`, `io_error`, or `skip_reason`; automation must stat each path separately to guess why. Also `loaded_files:2` and `merged_keys:2` are bare counts — ambiguous whether `merged_keys:2` means 2 total top-level JSON keys across all files or 2 unique merged settings. **Required fix shape:** (a) add `not_found: bool` and optional `load_error: string` to each `files[]` entry so callers can distinguish missing, parse-broken, and policy-skipped files without filesystem probing; (b) document or rename `merged_keys` as `merged_setting_count` or `total_merged_keys` to remove the int-semantics ambiguity; (c) optionally add `merged_keys_by_file: [{path, keys}]` for attribution; (d) add regression coverage proving `files[]` entries with `loaded:false` carry at minimum `not_found` distinguishing non-existent paths from load failures. Source: Jobdori live dogfood, `e939777f`, 2026-04-30. +407. **DONE — `config --output-format json` returns structured file load states instead of bare `loaded:false` ambiguity** — fixed 2026-06-03 in `fix: report config file load statuses`. `claw config --output-format json` now emits `files[].status` (`loaded`, `not_found`, `skipped`, `load_error`), `reason`/`skip_reason`, and `detail` where applicable, plus top-level `load_error`, `merged_key_count`, and `merged_keys_meaning`. The config list surface is best-effort so one broken settings file no longer erases the rest of the discovery report, while section-specific config requests still preserve the typed nonzero parse-error envelope. Regression coverage: `inspect_classifies_missing_loaded_and_legacy_skipped_files`, `inspect_reports_parse_errors_but_keeps_valid_merged_config`, `config_json_reports_structured_unloaded_file_reasons_407`, `config_json_list_reports_parse_errors_without_dropping_file_statuses_407`, and existing `config_parse_error_has_typed_error_kind_and_hint_764`. 408. **`status --output-format json` `workspace.changed_files` is ambiguous — on a workspace with 5 untracked files, `changed_files:5`, `staged_files:0`, `unstaged_files:0`, `untracked_files:5`; it is unclear whether `changed_files` is the sum of all four git-status categories or only a subset; automation cannot tell if `changed_files:5` means "5 tracked modified" or "5 total non-clean files including untracked"** — dogfooded 2026-04-30 by Jobdori on `e939777f`. Running `./claw --output-format json status` returns `{"workspace":{"changed_files":5,"staged_files":0,"unstaged_files":0,"untracked_files":5,...}}` — `changed_files==untracked_files==5` with staged and unstaged both zero. The field name `changed_files` implies "modified tracked files" but the value equals the untracked count, not `staged+unstaged`. Without a comment or documented definition, automation must probe whether `changed_files = staged + unstaged` (excludes untracked) or `changed_files = staged + unstaged + untracked + conflicted` (total dirty). Also `git_state:"dirty · 5 files · 5 untracked"` repeats the same data as a prose string alongside the structured integer fields — redundant human-readable string alongside machine-readable integers. **Required fix shape:** (a) document and stabilize `changed_files` as either `tracked_dirty_count` (staged+unstaged only) or `total_non-clean_count` (staged+unstaged+untracked+conflicted) and rename to remove the ambiguity; (b) ensure a machine consumer can compute `is_clean` as a single boolean field without interpreting `git_state` prose; (c) deprecate or remove `git_state` prose string now that all its constituent counts are available as integers; (d) add regression coverage proving `changed_files` semantics against a workspace with staged, unstaged, untracked, and conflicted files. Source: Jobdori live dogfood, `e939777f`, 2026-04-30. @@ -6345,58 +6344,58 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed) 422. **Unknown top-level subcommands fall through to chat prompt path instead of returning `unknown_subcommand` error — typos silently send the subcommand string as a chat message to the configured LLM** — dogfooded 2026-05-11 by Jobdori on `b98b9a71` in response to Clawhip pinpoint nudge at `1503215095088676956`. Reproduction: `unset ANTHROPIC_AUTH_TOKEN; export ANTHROPIC_API_KEY=fake-key-for-routing-test; claw completely-bogus-subcommand --output-format json` returns `{"error":"api returned 401 Unauthorized (authentication_error) [trace req_011...]: invalid x-api-key","kind":"api_http_error"}` — proving the unknown token reached the Anthropic API endpoint as a chat prompt. With valid credentials, the bogus subcommand string would be silently consumed as a chat message, billing the user for a typo and producing whatever continuation the LLM generates. **Pre-error path:** `claw --output-format json` with no creds returns `kind:"missing_credentials"` (the auth gate fires first), masking the routing bug. Only with creds present does the fallthrough manifest as the actual prompt being sent. **Sibling exit-code bug:** when the chat-path 401 returns, the JSON envelope is `kind:"api_http_error"` but exit code is **0**, while `cli_parse` errors (e.g. `--no-such-flag`) and `missing_credentials` errors correctly exit **1**. Exit-code parity between error envelopes is broken — automation that gates on `$?` will treat the 401-as-chat as success. **Required fix shape:** (a) reserve unknown top-level tokens that match no registered subcommand and emit `kind:"unknown_subcommand"` with `unknown:` field and exit code 1, BEFORE the chat fallback path; (b) when a token is intended as a chat prompt, require an explicit verb (`prompt`, `chat`, `ask`) or `--prompt` flag; (c) ensure exit codes are non-zero for all `kind:*_error` envelopes; (d) regression test: `claw --output-format json` with valid auth returns `kind:"unknown_subcommand"` exit 1, never reaches the API. **Why this matters:** automation that calls `claw ` with a programmatically constructed verb (typo, version drift, refactored command) silently bills tokens and produces hallucinated output instead of a typed error. Cross-cluster with #108 (CLI fallthrough discovered earlier) — #422 is the post-#108 audit confirming the routing bug still bites with valid credentials. Source: Jobdori live dogfood, `b98b9a71`, 2026-05-11. -423. **`claw prompt` does not read prompt text from stdin when no positional prompt arg is provided — `echo "what is 2+2" | claw prompt --output-format json` returns `kind:"unknown" error:"prompt subcommand requires a prompt string"` instead of consuming stdin** — dogfooded 2026-05-11 by Jobdori on `3c563fa1` in response to Clawhip pinpoint nudge at `1503222644739276951`. Reproduction: `echo "what is 2+2" | claw prompt --output-format json` → `{"error":"prompt subcommand requires a prompt string","hint":null,"kind":"unknown","type":"error"}` exit 1. Same for `claw prompt --output-format json` with stdin redirected from a file. The most common Unix automation pattern (`cmd | claw prompt`) is broken because the prompt subcommand only reads the positional argument, never falls through to stdin. **Sibling envelope-kind bug:** the error `kind` is `"unknown"` instead of a typed `"missing_argument"` or `"validation_error"`. The `unknown` discriminator is the catch-all bucket — automation that switches on `kind` to differentiate input-validation errors from runtime errors gets no signal here. **Required fix shape:** (a) when `prompt` subcommand has no positional prompt arg AND stdin is not a TTY (i.e., piped or redirected), read stdin to EOF and use that as the prompt; (b) emit `kind:"missing_argument"` (not `"unknown"`) when both positional arg and stdin are absent; (c) add `--prompt-stdin` or `--stdin` opt-in flag for explicit control; (d) regression tests: `echo X | claw prompt --output-format json` reaches the runtime with prompt=X, AND `claw prompt < /dev/null` returns `kind:"missing_argument"` exit 1. **Why this matters:** Unix pipelines are the foundation of CLI automation. Every other major CLI (curl, jq, gh, kubectl) accepts stdin as the primary input when no positional arg is given. Breaking this convention forces automation to either inline the prompt as a shell-quoted string (escaping nightmare for multiline/code) or write to a temp file first. The `kind:"unknown"` error category compounds the problem by making the failure indistinguishable from a runtime crash. Source: Jobdori live dogfood, `3c563fa1`, 2026-05-11. +423. **DONE — `claw prompt` reads prompt text from stdin when no positional prompt arg is provided** — fixed 2026-06-03 in `fix: read prompt subcommand input from stdin`. `parse_args()` now treats non-empty piped stdin as the prompt body for `claw prompt` when the positional prompt is empty, and supports `--stdin` / `--prompt-stdin` to append piped context to an explicit positional prompt. The existing `missing_prompt` JSON/stdout contract is preserved for closed or whitespace-only stdin. User docs now show `printf '...' | ./target/debug/claw prompt --output-format json`, and regression coverage verifies both a pure stdin prompt and explicit stdin context reach the mock Anthropic provider request and return structured JSON output. -424. **`--model` rejects bare canonical Anthropic model names (`claude-opus-4-7`, `claude-opus-4-6`, `claude-sonnet-4-6`) as `invalid_model_syntax` — only short aliases (`opus`, `sonnet`, `haiku`) and full prefixed form (`anthropic/claude-opus-4-7`) work; sibling: error message stale-suggests `claude-opus-4-6` not `4-7`** — dogfooded 2026-05-11 by Jobdori on `6c0c305a` in response to Clawhip pinpoint nudge at `1503230194889134103`. Reproduction: `claw --model claude-opus-4-7 status --output-format json` → `{"error":"invalid model syntax: 'claude-opus-4-7'. Expected provider/model (e.g., anthropic/claude-opus-4-6) or known alias (opus, sonnet, haiku)","kind":"invalid_model_syntax"}`. Same for `claude-opus-4-6`, `claude-sonnet-4-6`. Forcing `--model anthropic/claude-opus-4-7` works (`model:"anthropic/claude-opus-4-7"`, `model_source:"flag"`). Three problems compounded: (a) Anthropic-canonical model names without provider prefix are rejected even though the `claude-` prefix unambiguously identifies the provider; (b) the error suggests `anthropic/claude-opus-4-6` as the example — `4-7` shipped 2026-04-16 and is the current production Anthropic frontier model, the suggestion is one model behind; (c) the alias list `opus, sonnet, haiku` doesn't disambiguate version (which `opus` does the alias resolve to — `opus-4-6` or `opus-4-7`?). **Required fix shape:** (a) accept bare `claude-*` and `gpt-*` model names as canonical-named-without-prefix and route via name-prefix detection (already implemented for prefix-routed mode); (b) update the example in `invalid_model_syntax` error to current frontier (`anthropic/claude-opus-4-7`); (c) document or expose `opus` → exact-version mapping in the error message and in `claw doctor`/`status` output (`model_alias_resolved_to: "claude-opus-4-7"`); (d) regression test: `claw --model claude-opus-4-7 status --output-format json` returns `model_source:"flag"`, not `kind:"invalid_model_syntax"`. **Sibling bug observed in same probe:** `enabledPlugins` deprecation warning repeats 3 times in stderr for the same `~/.claw/settings.json` load — config file is being loaded/parsed 3 times during a single `status` invocation. **Why this matters:** every Anthropic doc, every CCAPI route, every internal tooling references models by their bare canonical name (`claude-opus-4-7`). Forcing the `anthropic/` prefix breaks copy-paste from Anthropic's own examples and adds a redundant token to every invocation. The stale `4-6` suggestion in the error message actively misdirects users away from the current model. Source: Jobdori live dogfood, `6c0c305a`, 2026-05-11. +424. **DONE — `--model` accepts bare canonical provider model names and Anthropic routing prefixes are stripped before provider calls** — fixed 2026-06-03 in `fix: normalize Anthropic model routing`. `validate_model_syntax()` now accepts unambiguous bare `claude-*` and `gpt-*` model IDs while preserving raw model provenance, and Anthropic `/v1/messages` plus `/v1/messages/count_tokens` request bodies strip the CLI-only `anthropic/` routing prefix so default/alias models do not reach Anthropic as `anthropic/claude-*`. Existing `qwen-*`/`grok-*` prefix-hint behavior remains intentionally unchanged for provider families whose bare names are ambiguous with DashScope/xAI routing. Regression coverage: `standard_messages_body_strips_anthropic_routing_prefix`, `send_message_strips_anthropic_routing_prefix_on_wire`, `default_model_alias_uses_anthropic_routing_prefix`, and the bare `--model=claude-opus-4-6 status` / `--model gpt-4 prompt` parser assertions in `parses_single_word_command_aliases_without_falling_back_to_prompt_mode`. -425. **Config file precedence (`.claw/settings.json` always wins over `.claw.json`) is undocumented in user-facing surfaces — `config --output-format json` reports both files as `loaded:true` with no `precedence_rank` or `wins_for_keys` attribution; sibling: deprecation warning fires 4× per status invocation (was 3× in #424, regression upward)** — dogfooded 2026-05-11 by Jobdori on `d7dbe951` in response to Clawhip pinpoint nudge at `1503237744451649537`. Reproduction: create `.claw.json` with `{"model":"anthropic/claude-sonnet-4-6"}` and `.claw/settings.json` with `{"model":"anthropic/claude-opus-4-7"}` in the same workspace. `claw status --output-format json` returns `model:"anthropic/claude-opus-4-7", model_source:"config"`. Reverse the files (.claw.json=opus, settings.json=sonnet) → `model:"anthropic/claude-sonnet-4-6"`. Confirmed: `.claw/settings.json` **always** wins over `.claw.json` for conflicting keys, regardless of file mtime or alphabetical order. `claw config --output-format json` reports both as `loaded:true` with no `precedence_rank`, `effective_for_keys`, or `shadowed_keys` attribution. The only signal of precedence is the final merged value in `status` — automation cannot programmatically discover which file contributed which key without re-implementing the merge logic. **Sibling bug (regression from #424):** the `enabledPlugins` deprecation warning now fires **4 times** in stderr per single `status` invocation (was 3× in #424's probe at HEAD `6c0c305a`; current HEAD `d7dbe951` shows 4×). Config load count went up by 1. **Sibling bug observed in config-section probe:** `claw config model --output-format json` with a `.claw.json` that contains a benign unknown key (e.g., `"alpha":"x"`) returns `{"error":"/path/.claw.json: unknown key \"alpha\" (line 1)","kind":"unknown"}` — the entire config command fails with a generic `unknown` kind instead of (a) tolerating unrecognized keys with a warning, or (b) emitting a typed `kind:"unknown_key"` error scoped to the offending file/key. **Required fix shape:** (a) document precedence order in `USAGE.md` (`.claw/settings.local.json > .claw/settings.json > .claw.json` for project scope; `user`/`system` scope at each layer); (b) add `precedence_rank:int` and optional `wins_for_keys:[string]` / `shadowed_keys:[string]` to each entry in `config --output-format json` `files[]`; (c) dedupe the deprecation warning to fire **once per discovered file** instead of N× per load pass; (d) make `config
--output-format json` tolerate unknown keys with warnings, OR emit `kind:"unknown_key"` with `path:` and `key:` fields scoped to the offending file. **Why this matters:** users mixing legacy `.claw.json` with new `.claw/settings.json` have no way to verify which file is actually controlling their runtime. The undocumented precedence + missing per-key attribution forces trial-and-error to debug config drift. Cross-references #407 (config files no load_error) and #415 (config section returns merged_keys count not values). Source: Jobdori live dogfood, `d7dbe951`, 2026-05-11. +425. **DONE — config JSON exposes file precedence attribution and unknown config keys are warnings** — fixed 2026-06-03 in `fix: attribute config precedence in JSON`. Runtime config inspection now reports every discovered file with `precedence_rank`, `wins_for_keys`, and `shadowed_keys`, so `.claw/settings.json` overriding legacy `.claw.json` is visible without reimplementing merge order. Unknown keys are tolerated as structured validation warnings, including `claw config
--output-format json`, while wrong-type errors still fail. The deprecation-warning path remains deduplicated once per process for text-mode `status`, and JSON config surfaces collect warnings structurally without stderr duplication. Docs in `USAGE.md` now spell out the precedence chain and JSON attribution fields. Regression coverage: `config_json_attributes_precedence_and_shadowed_keys_425`, `config_section_json_tolerates_unknown_keys_as_warnings_425`, `status_deduplicates_config_deprecation_warnings_per_invocation_425`, and the runtime validator unknown-key warning tests. -426. **`ANTHROPIC_MODEL` env var bypasses the `invalid_model_syntax` validator that `--model` enforces — bogus model strings are accepted with `status:"ok"`, deferred-failing only when the first API call is made** — dogfooded 2026-05-11 by Jobdori on `3730b459` in response to Clawhip pinpoint nudge at `1503245298800136296`. Reproduction (asymmetric validation): `claw --model bogus-model-xyz status --output-format json` returns `kind:"invalid_model_syntax"` exit 1; `ANTHROPIC_MODEL=bogus-model-xyz claw status --output-format json` returns `model:"bogus-model-xyz", model_raw:"bogus-model-xyz", model_source:"env", status:"ok"` — the doctor surface lies that the configured model is valid when it is not. The bogus model only manifests as a failure when the first prompt fires and the API rejects it with 404/400. Three sibling discoveries in the same probe: (a) **alias indirection invisible**: `ANTHROPIC_MODEL=opus claw status --output-format json` returns `model:"claude-opus-4-6", model_raw:"opus", model_source:"env"` — the `opus` alias resolves to `claude-opus-4-6` (the *previous* frontier, not the current `claude-opus-4-7` released 2026-04-16). Users typing `opus` get yesterday's model with no warning. (b) **`CLAW_MODEL` env var silently ignored**: `CLAW_MODEL=opus claw status` shows `model:"claude-opus-4-6" model_source:"default"` — the `CLAW_MODEL` env var (the project-namespaced equivalent that users expect) does not exist; only `ANTHROPIC_MODEL` is honored. No warning when a `CLAW_*` env var that looks like it should work is set. (c) **`ANTHROPIC_DEFAULT_MODEL` also silently ignored**: the longer-named env var that some Anthropic SDKs use is not recognized. **Required fix shape:** (a) symmetric validation: `ANTHROPIC_MODEL` env value must pass the same `invalid_model_syntax` check that `--model` does, and `claw status` must return `kind:"invalid_model"` / `status:"warn"` (not `status:"ok"`) when the resolved model is unrecognized; (b) expose alias resolution in `status`: add `model_alias_resolved_to:string|null` field so automation can see `opus → claude-opus-4-6`; (c) bump the `opus` alias to `claude-opus-4-7` (current frontier) or document the alias-to-version mapping policy explicitly; (d) accept `CLAW_MODEL` and `ANTHROPIC_DEFAULT_MODEL` env vars with parity to `ANTHROPIC_MODEL`, OR emit a warning when those env vars are set but unrecognized. **Why this matters:** the most common automation pattern is `export ANTHROPIC_MODEL=...` in a shell rc file. Bogus values pass silently, alias indirection hides the actual model in use, and `CLAW_MODEL` looking like a working name but doing nothing is a footgun. Cross-references #424 (bare canonical names rejected at validator level) — together #424 + #426 make model selection inconsistent across CLI flag, env var, and alias paths. Source: Jobdori live dogfood, `3730b459`, 2026-05-11. +426. **DONE — environment model selection is validated and status exposes alias/env provenance** — fixed 2026-06-03 in `fix: validate env model selection`. `CLAW_MODEL`, `ANTHROPIC_MODEL`, and `ANTHROPIC_DEFAULT_MODEL` now share the same env-model path before config/default fallback; prompt/REPL startup validates the resolved model before provider construction; and `status --output-format json` reports invalid env/config models as `status:"warn"` with `model_validation_error_kind:"invalid_model"` while preserving workspace/config/sandbox context. Status JSON now includes `model_alias_resolved_to` and `model_env_var`, making alias expansion and the winning env var auditable. The built-in/default `opus` alias now targets `anthropic/claude-opus-4-7` / `claude-opus-4-7`, with docs updated in `USAGE.md` and `rust/README.md`; the API alias table keeps token-limit metadata for both `claude-opus-4-7` and legacy `claude-opus-4-6`. Regression coverage: `status_json_accepts_namespaced_model_env_and_surfaces_alias_426`, `status_json_warns_on_invalid_model_env_426`, model alias/unit tests, and provider alias tests. -427. **Subcommand `--help` paths (`resume`, `session`, `compact`) hit the auth gate and trigger config validation before returning static help — `claw resume --help` with no credentials returns `missing_credentials` error instead of help text** — dogfooded 2026-05-11 by Jobdori on `1fecdf09` in response to Clawhip pinpoint nudge at `1503252843669491892`. Reproduction (no env vars, isolated `CLAW_CONFIG_HOME`): `claw resume --help` returns `{"error":"missing Anthropic credentials; export ANTHROPIC_AUTH_TOKEN or ANTHROPIC_API_KEY..."}` instead of usage text. Same for `claw session --help`, `claw compact --help`. By contrast, `claw prompt --help` and `claw --help` (top-level) return proper usage text without auth. Even worse: with a broken `.claw.json` discovered up the parent directory tree (e.g., `mcpServers.missing-command: missing string field command`), the subcommand `--help` paths fail with `[error-kind: unknown]` from config validation — config load is happening before `--help` is parsed. **Sibling exit-code bug:** `claw resume --help --output-format json` returns `kind:"missing_credentials"` but exits **0** (the exit-code parity bug from #422 reproduces on this path too — only `cli_parse` exits 1 consistently). **Sibling: `claw resume ` should be local-only** but also hits `missing_credentials` — `resume` of a session that doesn't exist on disk should return `kind:"session_not_found"` from a local lookup, not require API credentials. Same class as ROADMAP #357 (session list requires creds) and #369 (session help/fork require credentials) — now confirmed for `resume`. **Required fix shape:** (a) `--help` MUST short-circuit before any auth check, config load, or session resolution — emit static usage text from a compiled-in string table, no I/O; (b) `resume ` must check the local session store first; if the id is absent on disk, emit `kind:"session_not_found"` with `sessions_dir` field; only require auth when resuming a known-on-disk session that requires re-establishing API context; (c) ensure exit code 1 for all error envelopes including `missing_credentials` returned from a `--help` path that should never have reached the auth gate; (d) regression test: with empty `CLAW_CONFIG_HOME` and no env vars, every `claw --help` returns usage text on stdout, exit 0, no `kind:*_error` envelope. **Why this matters:** `--help` is the universal CLI discovery primitive. Failing `--help` because of missing API credentials or broken config files makes claw undiscoverable to users debugging an already-broken setup. Cross-references #357 (session list), #369 (session help/fork), #422 (exit code parity), #108 (subcommand fallthrough). Source: Jobdori live dogfood, `1fecdf09`, 2026-05-11. +427. **DONE — resume/session/compact help short-circuits locally and missing resume sessions report the session store** — fixed 2026-06-03 in `fix: keep session help local`. `claw resume --help`, `claw --resume --help`, `claw session --help`, and `claw compact --help` now route through static `LocalHelpTopic` output before config loading, session resolution, credential checks, provider startup, or slash-command interactive-only fallthrough. The direct `claw resume ` alias now shares the existing `--resume` restore parser, so `claw resume --output-format json` returns a local `session_not_found` restore envelope with `sessions_dir` and exit code 1 instead of reaching provider credentials. Regression coverage: `resume_session_compact_help_short_circuits_before_config_or_auth_427`, `resume_missing_session_json_reports_local_store_before_auth_427`, local help parser tests, and resume parser tests. -428. **Default `permission_mode` is `danger-full-access` — claw runs with FULL filesystem + network + tool access out of the box, with no opt-in flag and no warning from `doctor`** — dogfooded 2026-05-11 by Jobdori on `72048449` in response to Clawhip pinpoint nudge at `1503260393622212628`. Reproduction (no env vars, isolated `CLAW_CONFIG_HOME`, no config files, no CLI flags): `claw status --output-format json` returns `permission_mode:"danger-full-access"` as the default. The three supported modes per the validator error message are `read-only`, `workspace-write`, `danger-full-access` — and `danger-full-access` is chosen with zero user opt-in. `claw doctor --output-format json` produces a `sandbox` check with `status:"warn", summary:"sandbox was requested but is not currently active"` (because macOS lacks Linux `unshare`), but **emits no warning, info, or summary about the permission_mode itself being danger-full-access**. There is no `permissions` check in `doctor` output at all. **Required fix shape:** (a) change default `permission_mode` to `workspace-write` (safe-by-default: filesystem write limited to cwd, network limited to LLM endpoints, no arbitrary command exec); (b) require explicit `--permission-mode danger-full-access` or `--dangerously-skip-permissions` to opt into full access; (c) add a `permissions` check to `doctor --output-format json` that emits `status:"warn"` when `permission_mode == "danger-full-access"` without explicit source (flag/env/config), with details like `mode:"danger-full-access", source:"default", message:"running with full access without explicit opt-in"`; (d) document the three modes and the default in USAGE.md with one-paragraph descriptions of what each mode allows. **Sibling typed-error bug:** `claw --permission-mode bogus-mode status --output-format json` returns `kind:"unknown"` instead of `kind:"invalid_permission_mode"` — same catch-all problem as #424, #426. **Sibling flag-name asymmetry:** `--dangerously-skip-permissions` works but `--skip-permissions` (Claude Code's flag) returns `kind:"cli_parse"` `unknown option`. Users migrating from Claude Code lose the short flag name. **Why this matters:** every other security-conscious CLI (Docker, kubectl, terraform) requires explicit opt-in for dangerous modes. Defaulting to `danger-full-access` is a footgun for first-time users who pipe `curl install.sh | sh` and immediately get a tool with full filesystem write and arbitrary command exec. The doctor surface is the only diagnostic users consult before trusting the tool, and it stays silent about the most permissive setting. Cross-references #50, #87, #91, #94, #97, #101, #106, #115, #123 (permission-audit sweep) — those all cover permission *rule* and *list* surfaces; #428 covers the *mode default* itself. Source: Jobdori live dogfood, `72048449`, 2026-05-11. +428. **DONE — default permission mode is workspace-write with auditable permission provenance** — fixed 2026-06-03 in `fix: default to workspace-write permissions`. Fresh invocations now resolve the fallback permission mode to `workspace-write` instead of `danger-full-access`; `danger-full-access` requires an explicit `--permission-mode danger-full-access`, `--dangerously-skip-permissions`, `--skip-permissions`, env, or config opt-in. `status --output-format json` includes `permission_mode_source` and `permission_mode_env_var`, and `doctor --output-format json` includes a `permissions` check with `mode`, `source`, `source_explicit`, `message`, and tool allow/gate lists. Invalid CLI permission modes now emit typed `invalid_permission_mode` JSON errors, and docs describe the three modes plus the safe default. Regression coverage: `default_permission_mode_is_workspace_write_and_audited_428`, `explicit_danger_permission_mode_is_audited_and_alias_supported_428`, `invalid_permission_mode_json_is_typed_428`, parser default tests, classifier coverage, and `given_workspace_write_enforcer_when_web_tools_then_denied`. -429. **No global `--cwd`/`-C`/`--directory` flag — `claw` cannot be invoked against an arbitrary working directory without first `cd`-ing into it; `--cwd` only exists as a subcommand option for `system-prompt`, and the `cli_parse` "Did you mean --acp?" suggestion is misleading (the `--acp` flag is unrelated to directory selection)** — dogfooded 2026-05-11 by Jobdori on `ec882f4c` in response to Clawhip pinpoint nudge at `1503267943285264394`. Reproduction: `claw --cwd /tmp/claw-dog-cwd status --output-format json` → `{"error":"unknown option: --cwd","hint":"Did you mean --acp?\nRun `claw --help` for usage.","kind":"cli_parse"}`. Same error for `--cwd `, `--cwd `, `--cwd `, `--cwd ""`. Inspecting `claw --help`: `--cwd PATH` appears ONLY in the usage line `claw system-prompt [--cwd PATH] [--date YYYY-MM-DD]` — it is not a global flag and is not accepted by `status`, `doctor`, `mcp list`, `init`, or any other subcommand. Users programmatically running claw against multiple workspaces must `cd` into each one before invoking, breaking the `subprocess.run(['claw', 'status', '--cwd', ws], cwd=other_dir)` pattern that every other major CLI (cargo `-C`, git `-C`, npm `--prefix`, gh `--repo` semantically, kubectl `--kubeconfig`+`--context`) supports. **Sibling misleading-suggestion bug:** the `cli_parse` error's `hint` field suggests `Did you mean --acp?` for `--cwd`. `--acp` is the alias for ACP/Zed editor integration (entirely unrelated to working directory). The Levenshtein-distance auto-complete is matching on first-character similarity without considering semantic relatedness. Users following the hint get a totally orthogonal feature. **Required fix shape:** (a) add a global `--cwd PATH` / `-C PATH` flag accepted before any subcommand, parsed in the global flag pre-pass; (b) validate the path exists and is a directory; emit `kind:"invalid_cwd"` with `path:` and `reason:` (`"not_found"`/`"not_a_directory"`/`"empty"`) when validation fails; (c) document the precedence: `--cwd` flag > `$PWD` > `env::current_dir()`; (d) fix the "Did you mean" hint algorithm to filter suggestions by semantic category (don't suggest `--acp` for `--cwd`; suggest `claw system-prompt --cwd PATH` if the user clearly wants `cwd` override but used the wrong scope); (e) regression test: `claw --cwd /tmp status --output-format json` from any `$PWD` returns `workspace.cwd:"/private/tmp"` (or `cwd:"/tmp"` after #421 fix). **Why this matters:** every claw automation orchestrator runs claw against multiple workspaces from a single parent process. Forcing `cd` before each invocation breaks parallelism (can't use shared cwd across concurrent invocations), breaks subprocess wrappers that want to pass cwd explicitly, and breaks `xargs`/`parallel`-style pipelines. Cross-references #421 (cwd canonicalization leak — fix should canonicalize but report user-input via `--cwd`). Source: Jobdori live dogfood, `ec882f4c`, 2026-05-11. +429. **DONE — global workspace directory override is accepted and validated before dispatch** — fixed 2026-06-03 in `fix: add global cwd override`. `claw --cwd PATH ...`, `claw -C PATH ...`, and `claw --directory PATH ...` now run as if launched from the selected workspace before config, status, doctor, MCP, skills, and other command dispatch. The override takes precedence over process `$PWD`; invalid values emit typed `invalid_cwd` JSON errors with `path` and `reason` (`not_found`, `not_a_directory`, or `empty`) instead of the old misleading `Did you mean --acp?` CLI parse path. Help/usage docs list the global flags and the precedence/validation contract. Regression coverage: `global_cwd_flag_routes_status_workspace_and_short_alias_429`, `global_cwd_flag_reports_typed_invalid_paths_429`, and classifier coverage for `invalid_cwd`. -430. **`dump-manifests` is documented as "emit every skill/agent/tool manifest the resolver would load for the current cwd" but actually requires the upstream Claude Code TypeScript source files (`src/commands.ts`, `src/tools.ts`, `src/entrypoints/cli.tsx`) — the command is unusable for any user who installed claw without cloning the original Claude Code repo** — dogfooded 2026-05-11 by Jobdori on `075c2144` in response to Clawhip pinpoint nudge at `1503275502046023690`. Reproduction: `claw dump-manifests --output-format json` returns `{"error":"Manifest source files are missing.","hint":"repo root: /private/tmp/claw-dog-0530\n missing: src/commands.ts, src/tools.ts, src/entrypoints/cli.tsx\n Hint: set CLAUDE_CODE_UPSTREAM=/path/to/upstream or pass \`claw dump-manifests --manifests-dir /path/to/upstream\`.","kind":"missing_manifests"}`. The fresh-main worktree at `/private/tmp/claw-dog-0530` does not contain these TypeScript files because the Rust port doesn't include the upstream TS source. The `--help` text says the command works against "the current cwd" but in practice it requires `CLAUDE_CODE_UPSTREAM=` pointing at an unshipped TS source tree. **Three sibling problems compounded:** (a) **derivative-work disclosure leak**: the error message exposes that `claw-code` is a port of Claude Code (`CLAUDE_CODE_UPSTREAM` env var name) — even if true, surfacing this in a casual diagnostic message couples user-facing behavior to upstream provenance details. (b) **kind drift**: `claw dump-manifests --manifests-dir /tmp/nonexistent --output-format json` returns `kind:"unknown"`, while `claw dump-manifests` (no override) returns `kind:"missing_manifests"`. Same root cause (no usable upstream), two different `kind` discriminators — automation cannot switch on a single error type. (c) **export-positional-arg silently dropped**: probed in the same run — `claw export ` ignores the path and returns `kind:"no_managed_sessions"` regardless of what positional arg was passed. The `--help` advertises `[PATH]` as the output-file destination but the path is discarded before validation, indistinguishable from invocation with no args. **Required fix shape:** (a) make `dump-manifests` emit the manifests claw-code itself ships with (Rust-resolver-discovered skills/agents/tools), independent of any upstream TS source — that matches the `--help` description; (b) if upstream-comparison is genuinely needed for parity work, move it to a separate command like `parity dump-upstream-manifests` and remove the upstream dependency from `dump-manifests`; (c) standardize on one error `kind` for the manifest-missing failure mode (`missing_manifests` is more descriptive than `unknown`); (d) `claw export ` must validate the path positional arg before the session-discovery check, so users see `kind:"invalid_output_path"` (or similar) when the path is malformed instead of always seeing `kind:"no_managed_sessions"`. **Why this matters:** `dump-manifests` is the inventory surface a downstream automation lane would call to learn what claw can do in the current workspace. If it's broken without upstream TS source, downstream lanes can't introspect — they have to fall back to `agents list`/`skills list`/`mcp list` separately and re-aggregate. Cross-references #422 (kind:unknown for unknown_subcommand), #423 (kind:unknown for missing_argument), #428 (kind:unknown for invalid_permission_mode) — `kind:"unknown"` keeps appearing as the catch-all for surfaces that should have typed kinds. Source: Jobdori live dogfood, `075c2144`, 2026-05-11. +430. **DONE — `dump-manifests` emits the self-contained Rust resolver inventory instead of requiring upstream Claude Code TypeScript source files** — fixed 2026-06-03 in `fix: make dump-manifests self-contained`. `claw dump-manifests --output-format json` now succeeds from an installed workspace with `source:"rust-resolver"`, command/tool/agent/skill/bootstrap manifests, no `CLAUDE_CODE_UPSTREAM` hint, and no `src/commands.ts` dependency. Explicit `--manifests-dir` scopes resolver discovery to another directory and missing/not-directory roots emit typed `missing_manifests` JSON. Sibling export diagnostics now validate explicit positional/`--output` paths before session discovery and return typed `invalid_output_path` JSON with `path` and `reason`. Regression coverage: `dump_manifests_defaults_to_rust_resolver_inventory`, `dump_manifests_scopes_explicit_manifest_dir_without_upstream_ts`, `dump_manifests_missing_explicit_dir_has_typed_kind`, `dump_manifests_and_init_emit_json_when_requested`, `local_json_surfaces_have_non_empty_action_contract_714`, and `export_invalid_output_path_reports_typed_json_430`. -431. **`skills uninstall ` requires Anthropic credentials despite being a local filesystem operation — `claw skills uninstall nonexistent-skill-xyz --output-format json` returns `kind:"missing_credentials"` instead of resolving locally that the skill doesn't exist** — dogfooded 2026-05-11 by Jobdori on `328fd114` in response to Clawhip pinpoint nudge at `1503275502046023690` (sibling probe to #430). Reproduction (no creds, isolated `CLAW_CONFIG_HOME`): `claw skills uninstall nonexistent-skill-xyz --output-format json` returns `{"error":"missing Anthropic credentials; export ANTHROPIC_AUTH_TOKEN or ANTHROPIC_API_KEY...","kind":"missing_credentials"}`. Uninstalling a skill is a pure local filesystem operation: read the skills directory, find the named skill, remove its files. There is no semantic reason to require API credentials. Same class of bug as #357 (`session list` requires creds), #369 (`session help/fork` require creds), and #427 (`resume ` requires creds). **Three sibling findings in same probe:** (a) `claw skills install ` returns `{"error":"No such file or directory (os error 2)","kind":"unknown"}` — leaks raw OS error string with no hint about expected install source format (path vs name vs URL?), and the catch-all `kind:"unknown"` again instead of typed `kind:"skill_install_source_not_found"`. (b) `claw skills install` (no args) returns `action:"help"` with `unexpected:"install"` — but `install` IS a documented subcommand. The handler treats it as "unknown action" instead of "missing required argument". Should emit `kind:"missing_argument"` with `argument:"install_source"`. (c) `claw agents create my-agent` returns `action:"help"` with `unexpected:"create my-agent"` — there is no agent-creation surface at all. Users must hand-craft `.claw/agents/.md` files with no scaffolding command, while `claw init` only creates the top-level `.claw/` skeleton. **Required fix shape:** (a) `skills uninstall ` must be local-first: enumerate the local skills dir, return `kind:"skill_not_found"` (with `skills_dir:` and `available_names:[]` fields) for missing, or remove the files and return `kind:"skills"` with `action:"uninstall", removed:` for present skills; (b) `skills install ` must distinguish source forms (`path:`, `name:`, `url:`) and emit `kind:"invalid_install_source"` with the parsed-and-failed reason; (c) `skills install` (no args) emits `kind:"missing_argument"` with `argument:"install_source"`; (d) add `claw agents create ` (or `claw init agent `) that scaffolds `.claw/agents/.md` with a stub frontmatter; or document explicitly that agents are user-authored only. **Why this matters:** lifecycle commands (`uninstall`, `install`, `create`) are the primary surface for managing claw's extension surface area. If `uninstall` requires API creds, an offline user who fat-fingered an install can't undo it. If `install` returns a raw OS error, automation can't programmatically recover. If `agents create` doesn't exist, agent authoring is undocumented file-touching only. Cross-references #357, #369, #427 (auth-gate-on-local-ops cluster), and #422/#423/#428/#430 (`kind:"unknown"` catch-all cluster). Source: Jobdori live dogfood, `328fd114`, 2026-05-11. +431. **DONE — `skills uninstall ` resolves locally instead of requiring Anthropic credentials** — fixed 2026-06-03 in `fix: keep skills lifecycle local`. `claw skills uninstall nonexistent-skill-xyz --output-format json` now stays on the local skills lifecycle surface and emits `kind:"skills"`, `action:"uninstall"`, `error_kind:"skill_not_found"`, `skills_dir`, `available_names`, and a hint without provider credentials. `claw skills install` no-arg emits typed `missing_argument` with `argument:"install_source"`; `claw skills install ` emits typed `invalid_install_source` with `source`, `source_kind`, `reason`, and a recovery hint. Installed skill roundtrips remove the installed files through the shared local lifecycle helper. `claw agents create ` now scaffolds `.claw/agents/.toml` and lists through the existing TOML agent discovery surface. Regression coverage: `skills_lifecycle_errors_have_typed_local_json_795_431`, `skills_install_uninstall_roundtrip_stays_local_431`, `agents_create_scaffolds_toml_and_lists_locally_431`, local command routing tests, parser discriminant tests, and command help/docs assertions. -432. **`--allowedTools` validator inconsistency: tool name list is half snake_case (`bash`, `read_file`, `write_file`, `edit_file`, `glob_search`, `grep_search`) and half PascalCase (`WebFetch`, `WebSearch`, `TodoWrite`, `Skill`, `Agent`, `Sleep`) with three UPPERCASE entries (`REPL`, `LSP`, `MCP`); accepts undocumented CamelCase aliases (`Read`, `Write`, `Edit`) and silently translates them to snake_case; argument parsing consumes the next positional when value is missing** — dogfooded 2026-05-11 by Jobdori on `fad53e2d` in response to Clawhip pinpoint nudge at `1503283046856655029`. Reproduction: `claw --allowedTools status --output-format json` → `{"error":"unsupported tool in --allowedTools: status (expected one of: bash, read_file, write_file, edit_file, glob_search, grep_search, WebFetch, WebSearch, TodoWrite, Skill, Agent, ToolSearch, NotebookEdit, Sleep, SendUserMessage, Config, EnterPlanMode, ExitPlanMode, StructuredOutput, REPL, PowerShell, AskUserQuestion, TaskCreate, RunTaskPacket, TaskGet, TaskList, TaskStop, TaskUpdate, TaskOutput, WorkerCreate, WorkerGet, WorkerObserve, WorkerResolveTrust, WorkerAwaitReady, WorkerSendPrompt, WorkerRestart, WorkerTerminate, WorkerObserveCompletion, TeamCreate, TeamDelete, CronCreate, CronDelete, CronList, LSP, ListMcpResources, ReadMcpResource, McpAuth, RemoteTrigger, MCP, TestingPermission)","kind":"unknown"}`. The `status` subcommand was consumed as the `--allowedTools` value because the flag parser doesn't distinguish missing-value from end-of-flag-args. The error reveals **the supported tool list mixes naming conventions inconsistently within a single error message**: snake_case (`bash`, `read_file`, `write_file`, `edit_file`, `glob_search`, `grep_search`), PascalCase (`WebFetch`, `WebSearch`, `TodoWrite`, `Skill`, `Agent`, `Sleep`, `Config`, `PowerShell`, `AskUserQuestion`, `TaskCreate`, `WorkerCreate`, `TeamCreate`, `CronCreate`), UPPERCASE (`REPL`, `LSP`, `MCP`), and CamelCase compounds (`McpAuth`, `RemoteTrigger`). **Hidden alias mapping**: `claw --allowedTools Read,Write,Edit status --output-format json` is accepted and returns `allowed_tools.entries:["edit_file","read_file","write_file"]` — proving the validator has an undocumented CamelCase→snake_case alias map (`Read`→`read_file`, `Write`→`write_file`, `Edit`→`edit_file`) that is not surfaced in the error message. Users who copy-paste tool names from Claude Code documentation work, users who copy from the validator error don't. **Sibling missing-value bug:** `claw --allowedTools status` with `status` as a positional subcommand is interpreted as `--allowedTools=status`, swallowing the subcommand. The flag parser must require a value for `--allowedTools` and emit `kind:"missing_argument"` when followed by a recognized subcommand or `--`-prefixed flag instead of silently treating the next arg as a tool name. **Sibling typed-kind bug:** both errors use `kind:"unknown"` instead of typed `kind:"invalid_tool_name"` / `kind:"missing_argument"` — the catch-all keeps appearing (#422/#423/#424/#428/#430/#431/#432). **Required fix shape:** (a) standardize the canonical tool-name registry on one casing convention (snake_case is most CLI-ergonomic) and update both the registry and all CamelCase aliases; (b) document and expose the alias map (`tool_aliases:{Read:"read_file",...}`) in `claw doctor`/`status` and in the validator error; (c) flag parser must require a value for `--allowedTools` and refuse to consume a recognized subcommand or `-`/`--`-prefixed token as the value, emit `kind:"missing_argument"` with `argument:"--allowedTools"`; (d) emit `kind:"invalid_tool_name"` with `tool_name:` and `available:[]` fields instead of `kind:"unknown"`; (e) regression test that `claw --allowedTools ` rejects with `missing_argument`, and that the canonical name list in errors uses the same casing as the alias map. **Why this matters:** `--allowedTools` is the primary surface for restricting claw's tool surface area (security-relevant). Inconsistent naming between the validator error and the alias map means users following the error message guidance pick names that work in some places and fail in others. The missing-value bug silently swallows a subcommand, leading to confusing "unsupported tool: status" errors when the user actually wanted to run `claw status`. Cross-references #94/#97/#101/#106/#115/#123 (permission-rule audit), #428 (default permission_mode), #422/#423/#424/#428/#430/#431 (`kind:"unknown"` catch-all). Source: Jobdori live dogfood, `fad53e2d`, 2026-05-11. +432. **DONE — `--allowedTools` uses a canonical snake_case registry with typed diagnostics and documented aliases** — fixed 2026-06-04 in `fix: type allowed tools validation`. `GlobalToolRegistry::normalize_allowed_tools` now normalizes built-in, plugin, runtime, and MCP wrapper tool names to canonical snake_case allow-list entries while still accepting documented aliases such as `read`, `Read`, and legacy provider-facing names like `WebFetch`/`MCPTool`. Provider tool definitions and CLI/subagent executors compare against canonical names, so aliases do not break internal dispatch. `claw --allowedTools status --output-format json` now refuses to consume `status` as a value and emits typed `missing_argument` JSON with `argument:"--allowedTools"`; unsupported names emit typed `invalid_tool_name` JSON with `tool_name`, `available`, and `tool_aliases`. `status --output-format json` exposes `allowed_tools.available` and `allowed_tools.aliases`, and help/usage docs describe canonical names plus aliases. Regression coverage: `parses_allowed_tools_flags_with_aliases_and_lists`, `rejects_allowed_tools_followed_by_subcommand_or_flag_432`, `rejects_unknown_allowed_tools`, `allowed_tools_errors_have_typed_json_and_alias_map_432`, `allowed_tools_normalize_to_canonical_snake_case_and_aliases_432`, status JSON alias assertions, MCP wrapper normalization coverage, and classifier coverage for `invalid_tool_name`. -433. **Repeated `--output-format` flag silently takes the last value without warning — `claw --output-format json --output-format text status` produces text output, no signal that the prior `json` was overridden; sibling: `--output-format` value is case-sensitive (`JSON` rejected as `kind:"unknown"`); sibling: no `CLAW_OUTPUT_FORMAT` env var for default format override** — dogfooded 2026-05-11 by Jobdori on `ce39d5c5` in response to Clawhip pinpoint nudge at `1503290592556220488`. Reproduction: `claw --output-format json --output-format text status` returns the text-format `Status\n Model claude-opus-4-6...` table — the first `--output-format json` was silently overridden. No warning, no `format_overridden:true` field, no stderr message. Scripts that compose flag arrays from multiple sources (`flags=("${BASE_FLAGS[@]}" --output-format json)` while `BASE_FLAGS` already contains `--output-format text`) silently get the wrong format. **Three sibling findings in same probe:** (a) **case-sensitivity drift**: `claw --output-format JSON status` returns `{"error":"unsupported value for --output-format: JSON (expected text or json)","kind":"unknown"}` — error message tells user to use lowercase `json` but doesn't accept the uppercase form that users often type from muscle memory. Most CLI flag-value validators (cargo, kubectl, gh) are case-insensitive for enum values or accept both forms with normalization. (b) **`kind:"unknown"` for invalid format value**: same catch-all bucket bug as #422/#423/#424/#428/#430/#431/#432 — should be `kind:"invalid_output_format"` with `value:` and `expected:["text","json"]` fields. (c) **no env-var default for output format**: `CLAW_OUTPUT_FORMAT=json claw status` silently ignored — no env override for the global default, forcing scripts to repeat `--output-format json` on every invocation. Other major CLIs honor `KUBECTL_OUTPUT=`, `AWS_DEFAULT_OUTPUT=`, `GH_NO_PROMPT=` etc. (d) **silently-ignored env vars `CLAW_LOG`/`RUST_LOG`**: no env-based log level control surfaced in `claw doctor` — debug logging requires undocumented `RUST_LOG=` (Rust convention) but `claw --help` doesn't mention either. **Required fix shape:** (a) repeated `--output-format` (or any flag that takes a value, not a count flag) emits a warning to stderr (`warning: --output-format specified multiple times; using last value 'text'`) and adds a `format_source:"flag", format_overridden:[]` field to the JSON envelope; (b) accept case-insensitive enum values for `--output-format` (`JSON`, `Json`, `json` all work), document the canonical lowercase form in `--help`; (c) emit `kind:"invalid_output_format"` (not `kind:"unknown"`) when value is invalid; (d) accept `CLAW_OUTPUT_FORMAT` env var as the default for `--output-format`, with flag-overrides-env precedence documented; (e) document `RUST_LOG` / `CLAW_LOG` in `--help` or doctor output as the log-level env vars; (f) regression test: repeated flag emits stderr warning + JSON metadata field; case-insensitive enum accepts all three casings; env-var default is honored when flag is absent. **Why this matters:** scripts that compose flag arrays from multiple sources (CI envs + per-invocation flags) silently get the wrong output format. Case-sensitive enum values trip up users typing from muscle memory. Missing env-var defaults force per-invocation flag repetition. Cross-references #422/#423/#424/#428/#430/#431/#432 (`kind:"unknown"` catch-all cluster). Source: Jobdori live dogfood, `ce39d5c5`, 2026-05-11. +433. **DONE — `--output-format` selection is typed, case-insensitive, env-configurable, and auditable** — fixed 2026-06-04 in `fix: type output format selection`. `CliOutputFormat::parse` now accepts `text`/`json` in any casing, `CLAW_OUTPUT_FORMAT` seeds the default output format when no CLI output-format flag is present, explicit flags override the env default, and repeated flags emit `warning: --output-format specified multiple times; using last value '...'`. `status --output-format json` exposes `format_source`, `format_raw`, and `format_overridden`; invalid values return typed `invalid_output_format` JSON with `value`, `expected:["text","json"]`, and a recovery hint instead of `kind:"unknown"`. Top-level help documents `CLAW_OUTPUT_FORMAT`, `CLAW_LOG`, and `RUST_LOG`, and doctor system JSON surfaces those env values. Regression coverage: `output_format_flags_and_env_have_typed_contract_433` and `classify_error_kind_returns_correct_discriminants`. Verification: `cargo fmt --manifest-path rust/Cargo.toml --all -- --check`, focused output-format and classifier tests, `scripts/roadmap-check-ids.sh`, `git diff --check`, `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --no-run`, and `cargo build --manifest-path rust/Cargo.toml --workspace --locked`. -434. **POSIX `--` end-of-flags separator is not recognized — `claw -- "-prompt-with-dash"` returns `{"error":"unknown option: --","hint":"Did you mean -V?","kind":"cli_parse"}` instead of treating subsequent args as positional; shorthand prompt mode cannot accept dash-prefixed prompts at all** — dogfooded 2026-05-11 by Jobdori on `0e5f6958` in response to Clawhip pinpoint nudge at `1503298142286905484`. Reproduction: `claw -- "-prompt-with-dash" --output-format json` returns `{"error":"unknown option: --","hint":"Did you mean -V?\nRun \`claw --help\` for usage.","kind":"cli_parse"}`. The POSIX/GNU CLI convention — universally honored by cargo, git, npm, gh, kubectl, grep, ls, find, etc. — is that `--` terminates flag parsing and treats everything after it as positional arguments. claw rejects `--` itself as an unknown flag. **Sibling misleading-suggestion bug (recurring from #429):** the `cli_parse` hint suggests `Did you mean -V?` for `--`. `-V` is the version flag; `--` is the end-of-flags separator. They have no semantic relationship; the auto-complete is matching on prefix-character similarity only. **Sibling shorthand-prompt limitation:** `claw "-just a prompt" --output-format json` returns `{"error":"unknown option: -just a prompt","kind":"cli_parse"}` and `claw "--bogus-flag-like" --output-format json` returns the same. The shorthand non-interactive prompt mode (documented as `claw [--model MODEL] [--output-format text|json] TEXT`) cannot accept any TEXT that starts with `-` or `--`, even when the entire string is shell-quoted as a single token. Users must use the explicit `prompt` verb (`claw prompt "-prompt-with-dash"` works) to escape this, but the explicit verb is documented as alternative not required. **Required fix shape:** (a) accept POSIX `--` as the end-of-flags marker globally — every arg after `--` is positional; (b) shorthand prompt mode must distinguish "this looks like a flag" from "this is a quoted positional that happens to start with `-`" by looking at whether the token matches any registered flag name (`-h`, `-V`, `--help`, `--version`, etc.) — strings that don't match any flag should be treated as prompt text; (c) fix the "Did you mean" hint algorithm to filter by semantic category (don't suggest `-V` for `--`, suggest "use \`--\` to terminate flag parsing" if the user types just `--`); (d) regression test: `claw -- "-foo"` reaches the runtime with prompt=`-foo`; `claw "-not-a-flag"` is treated as shorthand prompt when no registered flag matches; canonical `--` is recognized. **Why this matters:** POSIX `--` is the universal mechanism for passing arbitrary text (filenames starting with `-`, prompts containing flag-like syntax, log lines, etc.) to a CLI. Failing on `--` makes claw fundamentally unergonomic in shell pipelines (`echo "-q for quiet" | xargs claw` fails). The shorthand-prompt limitation forces users to remember the `prompt` verb specifically when their prompt happens to start with `-`. Cross-references #422 (unknown subcommand fallthrough), #423 (stdin not consumed by prompt), #429 ("Did you mean --acp" misleading suggestion). Source: Jobdori live dogfood, `0e5f6958`, 2026-05-11. +434. **DONE — POSIX `--` and dash-prefixed shorthand prompts stay on the prompt path** — fixed 2026-06-04 in CI recovery after `41678eb` turned Rust CI red. Global argument parsing now treats `--` as an end-of-flags separator, stops JSON-output pre-scans before the separator, and forwards every following token as positional prompt text. Shorthand prompt mode accepts dash-prefixed text that is not a registered or near-miss CLI flag (`-not-a-flag`, `--bogus-flag-like literal`) while still rejecting real typo-like options such as `--resum` with the `--resume` suggestion. Direct `/status` invocation routes to the local status action per the resume-safe slash command contract, matching the CI-red parser regression tests restored after `7cfd83f`. Help, USAGE, and rust README document the `claw -- "-prompt-with-dash"` form. Regression coverage: `parses_dash_prefixed_prompt_text_434`, plus rerun CI-red parser tests `parses_bare_prompt_and_json_output_flag` and `parses_direct_agents_mcp_and_skills_slash_commands`. Verification: `cargo fmt --manifest-path rust/Cargo.toml --all -- --check`, focused parser tests, `scripts/roadmap-check-ids.sh`, `git diff --check -- USAGE.md rust/README.md rust/crates/rusty-claude-cli/src/main.rs ROADMAP.md`, docs source-of-truth/release-readiness/unit helper checks, `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --no-run`, `cargo build --manifest-path rust/Cargo.toml --workspace --locked`, and `cargo clippy --manifest-path rust/Cargo.toml --workspace`. Local `cargo test --manifest-path rust/Cargo.toml --workspace` still hits the pre-existing Darwin-only `runtime::worker_boot::startup_preflight_warns_when_git_metadata_is_not_writable` permission assertion after all CLI parser tests pass; the red GitHub jobs were parser failures on head `41678eb`. -435. **`claw --resume latest` on a fresh workspace exit code is 0 in text mode but 1 in JSON mode (text mode lies about success); sibling: failed `--resume` creates the `.claw/sessions//` directory tree as a filesystem side effect of the failure** — dogfooded 2026-05-11 by Jobdori on `e29010ed` in response to Clawhip pinpoint nudge at `1503305692566655096`. Reproduction (fresh empty dir, no `.claw/`, no sessions): `claw --resume latest` (text mode) prints `failed to restore session: no managed sessions found in .claw/sessions/0ead448127a2de44/` and exits **0**. Same invocation with `--output-format json` correctly exits **1** with `kind:"session_load_failed"`. Exit-code parity broken on the same input depending on format flag. **Sibling filesystem-side-effect bug:** after the failed `--resume latest` on a fresh empty workspace, the directory `.claw/sessions/0ead448127a2de44/` (the workspace-fingerprint partition) is created on disk despite the operation failing. The user did not opt into creating workspace metadata — they asked to resume an existing session, the resume failed, and now there's a partition directory hanging around. The fingerprint directory ought to be created lazily on first successful session save, not as a side effect of every resume attempt. **Three sibling findings in the same probe:** (a) **`claw --compact` alone (no other args) drops into the interactive REPL with the ANSI welcome banner** — `--compact` is documented as a modifier that strips tool call details in text mode for piping (`--compact ... useful for piping`), not as a verb that activates the REPL. Running `claw --compact` with no positional should be a no-op or an error explaining the flag needs a subcommand or prompt; entering the REPL is the wrong default. (b) **`claw --compact "hello"` (shorthand prompt) returns `{"error":"unknown subcommand: hello.","hint":"Did you mean help","kind":"unknown"}` — `--compact` disables shorthand prompt mode entirely**, treating the positional as a subcommand instead of as prompt text. Users must use the explicit `prompt` verb (`claw --compact prompt "hello"`) which contradicts the `claw [flags] TEXT` usage line in `--help`. (c) `kind:"unknown"` again for the unknown-subcommand error in --compact path — same catch-all bucket bug appearing for the 11th time across pinpoints. **Required fix shape:** (a) exit code 1 for all `failed_to_restore` / `session_load_failed` text-mode failures; text mode should print to stderr and exit non-zero, not print to stdout and exit 0; (b) defer `.claw/sessions//` creation to first successful save; failed `--resume` must not leave filesystem droppings; (c) `claw --compact` alone (no positional, no subcommand, stdin is TTY) should emit `kind:"missing_argument"` with `argument:"prompt or subcommand"` rather than activating the REPL; (d) `--compact` must be transparent to shorthand prompt mode parsing — `claw --compact "hello"` is equivalent to `claw --compact prompt "hello"`, both should reach the prompt path; (e) emit typed `kind:"unknown_subcommand"` not `kind:"unknown"` for fallthrough cases. **Why this matters:** scripts that gate on `$?` after `claw --resume latest` see success on text mode and failure on JSON mode — the same operation, two outcomes. The filesystem side effect pollutes a user's worktree with workspace partitions they didn't ask for, and CI pipelines that snapshot `.claw/` size silently grow on every failed `--resume`. Cross-references #422 (exit-code parity across error envelopes), #423 (`kind:"unknown"` for `missing_argument`), #434 (shorthand prompt limitations). Source: Jobdori live dogfood, `e29010ed`, 2026-05-11. +435. **DONE — failed resume is non-zero and side-effect free; `--compact` stays a prompt modifier** — fixed 2026-06-04 in `fix: keep failed resume side-effect free`. Fresh-workspace `claw --resume latest` exits 1 in text and JSON modes; text writes the restore failure to stderr, JSON writes a typed `no_managed_sessions` restore envelope to stdout, and failed lookup no longer creates `.claw/sessions//`. `SessionStore::from_cwd`/`from_data_dir` now only derive the fingerprinted path; session save remains responsible for creating it. Global `--compact` no longer starts the REPL when it has no prompt or stdin: it returns typed `missing_argument` with `argument:"prompt or subcommand"`. `claw --compact "hello"` remains shorthand prompt mode and reaches provider/auth validation rather than command-not-found. Regression coverage: `session_store_from_cwd_is_side_effect_free_until_save`, `resume_latest_missing_session_fails_without_creating_session_dirs_435`, `compact_flag_missing_argument_and_shorthand_prompt_contract_435`, and `parses_compact_flag_for_prompt_mode`; broader checks reran `runtime session_control`, `resume_slash_commands`, `output_format_contract`, `claw` bin tests, `cargo fmt --all -- --check`, `scripts/roadmap-check-ids.sh`, `git diff --check`, and `cargo build --workspace --locked`. -436. **`claw init` shipped `.claw.json` template explicitly sets `permissions.defaultMode:"dontAsk"` — every user who runs `claw init` gets a config file that disables permission prompts by default; sibling: `init` creates an empty `.claw/` directory with no settings.json template inside, and when `.claw/` already exists it skips the whole artifact (no settings template materialized)** — dogfooded 2026-05-11 by Jobdori on `b8f989b6` in response to Clawhip pinpoint nudge at `1503313241751949335`. Reproduction: `mkdir /tmp/probe && cd /tmp/probe && claw init --output-format json` returns `artifacts:[{name:".claw/",status:"created"},{name:".claw.json",status:"created"},...]`. Inspecting the created `.claw.json`: `{"permissions":{"defaultMode":"dontAsk"}}`. This is the polar opposite of safe-by-default: every user who follows the documented onboarding flow (`claw init` after `curl install.sh`) ships their workspace with permission prompts disabled. Compounds with **#428** (default runtime permission_mode is `danger-full-access`) — between the runtime default and the init template, a fresh claw setup has zero user-facing safety friction. **Sibling: `.claw/` artifact is an empty directory.** After `claw init`, `find .claw -type f` returns nothing. No `settings.json`, no template, no scaffolding — just `mkdir .claw`. The `--help` description implies init produces a usable workspace, but `.claw/settings.json` (the project-scope counterpart of `~/.claw/settings.json`) is never templated. **Sibling: `.claw/` skip-on-exists drops the entire artifact.** If `.claw/` already exists (e.g., from a partial setup, a `--resume` failure side effect per #435, or manual creation), `claw init` returns `.claw/: skipped` and does not materialize any expected sub-content. The other artifacts (`.claw.json`, `.gitignore`, `CLAUDE.md`) are still created, but a future `claw skills install` or `claw plugins enable` may expect `.claw/` to contain template files that are now missing. **Required fix shape:** (a) the shipped `.claw.json` template must default to `permissions.defaultMode:"acceptEdits"` or `"plan"` (safe-by-default modes per #428 spec) — `"dontAsk"` requires explicit opt-in; (b) `claw init` must materialize `.claw/settings.json` with documented schema defaults inside `.claw/` so the directory is useful on its own; (c) when `.claw/` already exists, `init` must report `partial` status (not `skipped`) and still try to create missing sub-files like `.claw/settings.json` without overwriting existing files; (d) emit per-sub-file artifact entries for `.claw/settings.json` and `.claw/sessions/` (skipped status if absent, deferred-to-first-save acceptable) so automation knows what's present; (e) regression test: `claw init` produces a `.claw.json` whose `permissions.defaultMode` is NOT `dontAsk`; `.claw/` contains at least one templated file. **Why this matters:** init is the primary onboarding surface. Every first-time user piping `curl install.sh | sh && claw init` gets a workspace pre-configured to skip permission prompts — and that workspace gets committed to the user's repo via the `init`-added entry. The `.claw/` empty-directory bug means feature discovery (skills, plugins) lacks the scaffolding it implies. Cross-references #428 (runtime default permission_mode), #50/#87/#91/#94/#97/#101/#106/#115/#123 (permission-rule audit), #435 (filesystem side effects on failed resume). Source: Jobdori live dogfood, `b8f989b6`, 2026-05-11. +436. **DONE — `claw init` scaffolds safe project settings and reports partial/deferred artifacts** — fixed 2026-06-04 in `fix: scaffold safe init settings`. The starter `.claw.json` and new `.claw/settings.json` template now both use `permissions.defaultMode:"acceptEdits"` instead of unsafe `dontAsk`. Fresh init materializes `.claw/settings.json`, keeps `.claw/sessions/` deferred until the first successful session save, and emits per-artifact entries for `.claw/`, `.claw/settings.json`, `.claw/sessions/`, `.claw.json`, `.gitignore`, and `CLAUDE.md`. When `.claw/` already exists but its settings template is missing, init creates `.claw/settings.json` without overwriting existing files and reports `.claw/` as `partial` rather than `skipped`; idempotent reruns keep existing artifacts skipped and session storage deferred. JSON init output now includes `partial[]` and `deferred[]` alongside `created[]`, `updated[]`, and `skipped[]`, and init help/USAGE document the artifact statuses. Regression coverage: `initialize_repo_creates_expected_files_and_gitignore_entries`, `initialize_repo_is_idempotent_and_preserves_existing_files`, `artifacts_with_status_partitions_fresh_and_idempotent_runs`, and `init_json_envelope_has_hint_and_already_initialized_783`. -437. **`version --output-format json` omits build provenance fields — no `is_dirty`, `branch`, `commit_date`, `commit_timestamp`, `rustc_version`; `git_sha` is truncated to 7 chars instead of full 40-char hash; sibling: `executable_path` leaks the build host's path (`/tmp/claw-dog-0530/...`) into runtime output** — dogfooded 2026-05-11 by Jobdori on `8cf628a5` in response to Clawhip pinpoint nudge at `1503320791582900344`. Reproduction: `claw version --output-format json` returns `{"build_date":"2026-05-11","executable_path":"/tmp/claw-dog-0530/rust/target/release/claw","git_sha":"b98b9a7","kind":"version","message":"Claw Code\n Version 0.1.0\n Git SHA b98b9a7\n Target aarch64-apple-darwin\n Build date 2026-05-11","target":"aarch64-apple-darwin","version":"0.1.0"}`. Critical provenance fields missing: (a) **`is_dirty`** — was the working tree clean at build time? Automation that pins on build provenance cannot tell if the binary was built from a clean commit or includes uncommitted changes; (b) **`branch`** — was this built from `main`, `dev/rust`, a release tag, or a feature branch? The `git_sha` alone doesn't reveal the integration point; (c) **`commit_date` / `commit_timestamp`** — only `build_date` (when the binary was compiled) is exposed; the commit itself might be days/weeks older if the build happened later. Reproducibility audits need both; (d) **`rustc_version`** — what Rust compiler version produced this binary? Critical for security advisories (e.g., known regressions in specific rustc versions); (e) **`git_sha` truncated to 7 chars** ("b98b9a7" instead of full "b98b9a71..."): 7-char shas have known collision rates in large repos and prevent unambiguous git rev-parse round-trip. **Sibling: `executable_path` leaks build-host path.** The `executable_path` field returns `/tmp/claw-dog-0530/rust/target/release/claw` — the directory where the binary was compiled, embedded into the binary metadata. For a binary copied/installed/symlinked to a different location, this field still reports the build path, not the actual invocation path. Either the field should reflect the runtime path via `std::env::current_exe()` at runtime (not compile-time), or it should be dropped to avoid leaking compile-host filesystem layout. **Sibling: prose `message` field duplicates structured data.** The `message` field still contains the entire text-mode prose version block (`"Claw Code\n Version 0.1.0\n Git SHA b98b9a7\n..."`) — every field present as structured JSON (`version`, `git_sha`, `target`, `build_date`) is also embedded in the prose. Same issue as #391 (`version json includes prose message field`) which was closed as "fixed" — the prose remains. **Required fix shape:** (a) add `is_dirty:bool`, `branch:string|null`, `commit_date:string` (ISO-8601), `commit_timestamp:int` (Unix epoch), `rustc_version:string` to the JSON envelope; (b) preserve full 40-char `git_sha` and add `git_sha_short:string` as a derived field if 7-char form is needed for UX; (c) `executable_path` should be `std::env::current_exe()` at runtime, not the compile-time path; (d) drop the prose `message` field from JSON or rename it `human_readable:string` and make it explicitly secondary to the structured fields; (e) re-verify #391 closure — the prose `message` is still present, the fix didn't fully land. **Why this matters:** version surface is the canonical provenance probe for security audits, build reproducibility, and bug-report metadata. Missing `is_dirty` means automated triage cannot distinguish "issue against a clean main commit" from "issue against a developer's uncommitted hack". Truncated `git_sha` blocks unambiguous git lookup. Leaked `executable_path` exposes build-host layout. Cross-references #391 (version prose duplication — apparently not fully fixed), #334 (version json omits build_date — fixed, but partial scope), #100 (commit identity audit). Source: Jobdori live dogfood, `8cf628a5`, 2026-05-11. +437. **DONE — `version --output-format json` exposes complete build provenance without duplicating prose** — fixed 2026-06-04 in `fix: expose complete version provenance`. Build metadata now records the full 40-character `git_sha`, separate derived `git_sha_short`, `is_dirty`, `branch`, ISO-8601 `commit_date`, Unix `commit_timestamp`, `rustc_version`, target, and build date. Version JSON exposes those fields at top level and mirrors them under `binary_provenance`; `workspace_git_sha` is also a full SHA and `workspace_match` now compares full commit identities. `executable_path` is resolved at runtime with `std::env::current_exe()` instead of reporting a compile-host path. The prose report is no longer duplicated in JSON as `message`; JSON callers get the secondary text block as `human_readable`. Docs in `USAGE.md` and `rust/README.md` describe the provenance contract. Regression coverage: `version_emits_json_when_requested`, `version_status_doctor_include_binary_provenance_797`, `resumed_version_and_init_emit_structured_json_when_requested`, and `resumed_version_command_emits_structured_json`. -438. **Memory file discovery only recognizes `CLAUDE.md` — `AGENTS.md` (industry convention used by OpenCode/Codex/Aider/Cursor) and `CLAW.md` (project's own brand name) are silently ignored despite being present in the workspace** — dogfooded 2026-05-11 by Jobdori on `d3a982dd` in response to Clawhip pinpoint nudge at `1503328341422244012`. Reproduction (fresh empty dir, isolated `CLAW_CONFIG_HOME`): create three files in cwd — `CLAUDE.md` (marker `MARKER-FROM-CLAUDE-MD`), `AGENTS.md` (marker `MARKER-FROM-AGENTS-MD`), `CLAW.md` (marker `MARKER-FROM-CLAW-MD`). Run `claw status --output-format json` → `workspace.memory_file_count: 1`. Run `claw system-prompt --output-format json` and search the `message` field for each marker: only `MARKER-FROM-CLAUDE-MD` is found; `MARKER-FROM-AGENTS-MD` and `MARKER-FROM-CLAW-MD` are absent. `claw-code` exclusively recognizes the Claude-branded filename inherited from upstream Claude Code; the project's own `CLAW.md` brand name and the cross-tool industry convention `AGENTS.md` are both silently dropped. **Three sibling implications:** (a) **brand-consistency gap**: a project rebranded from Claude Code to Claw Code that introduces `CLAUDE.md` as its only memory file is internally inconsistent. Users naturally expect `claw ` to read `CLAW.md`. (b) **industry-convention gap**: `AGENTS.md` is the convergent convention for OpenCode (oh-my-opencode/sisyphus), OpenAI Codex CLI, Aider, Cursor, Continue.dev, and most ACP harnesses. Users with mixed-tool workflows maintain a shared `AGENTS.md` and expect every AI coding tool to honor it. (c) **silent failure mode**: there is no warning when `AGENTS.md` or `CLAW.md` exist but are not loaded. Users who copy-paste `AGENTS.md` from another tool's docs see `memory_file_count` stay at 0 or 1 and have to guess why their instructions aren't applied. **Required fix shape:** (a) discover and load **`CLAUDE.md`, `CLAW.md`, `AGENTS.md`** in that priority order (existing config-precedence pattern); (b) all three contribute to `memory_file_count` with `memory_files:[{path, source:"claude_md"|"claw_md"|"agents_md", chars}]` array exposed in `status --output-format json`; (c) when multiple files exist, merge or document the precedence: project-specific `CLAUDE.md`/`CLAW.md` overrides industry-shared `AGENTS.md`; (d) `claw doctor --output-format json` adds a `memory` check that warns when `AGENTS.md` exists but is not the loaded variant (alerting users that they may be relying on the wrong file); (e) regression test: workspace with all three files results in `memory_file_count >= 1` and the system prompt contains markers from at least the highest-precedence file. **Why this matters:** `AGENTS.md` is the lingua-franca instruction file for cross-tool AI coding workflows. A team using OpenCode for one project and Claw Code for another keeps their conventions in a shared `AGENTS.md`. Forcing them to also maintain a `CLAUDE.md` for claw-code (with identical content) is friction that breaks the value proposition of a fork. Cross-references #438 itself (the multi-file convention), and AGENTS.md ecosystem references in oh-my-opencode/sisyphus docs. Source: Jobdori live dogfood, `d3a982dd`, 2026-05-11. +438. **DONE — memory discovery loads `CLAUDE.md`, `CLAW.md`, and `AGENTS.md` with structured provenance** — fixed 2026-06-04 in `fix: load Claw and Agents memory files`. Project memory discovery now checks root instruction files in `CLAUDE.md`, `CLAW.md`, then `AGENTS.md` order for each discovered directory, preserves existing scoped `.claw/CLAUDE.md`, `.claude/CLAUDE.md`, `.claw/instructions.md`, and rules-directory imports, and exposes each loaded file's `path`, `source`, `chars`, and `contributes` in `status --output-format json` as `workspace.memory_files[]`. `system-prompt --output-format json` returns the same memory metadata alongside the rendered `message`/`sections`, and all non-duplicate loaded files contribute to the prompt so CLAUDE/CLAW/AGENTS markers are visible together. `claw doctor --output-format json` now includes a dedicated `memory` check with loaded memory metadata and `unloaded_memory_files[]` warnings for present `CLAW.md`/`AGENTS.md` candidates that were skipped (for example empty or duplicate-content variants). Docs in `USAGE.md` and `rust/README.md` describe the priority and JSON contracts. Regression coverage: `discovers_claude_claw_agents_and_dot_claude_instruction_files_together`, `memory_files_load_claude_claw_agents_and_surface_json_438`, and `memory_health_surfaces_loaded_and_unloaded_files_438`. -439. **Memory file discovery walks ALL ancestor directories up to `$HOME` boundary, silently loading any `CLAUDE.md` it finds — `/tmp/CLAUDE.md` left from a previous test silently bleeds into every project under `/tmp/*/`; no `--no-parent-memory` flag, no `.no-claude-md-boundary` marker file to limit discovery scope** — dogfooded 2026-05-11 by Jobdori on `f4a96740` in response to Clawhip pinpoint nudge at `1503335892461293675`. Reproduction: create three nested `CLAUDE.md` files with unique markers — `/tmp/claw-nested-probe/CLAUDE.md` (`PARENT_CLAUDE`), `subproj/CLAUDE.md` (`CHILD_CLAUDE`), `subproj/deep/CLAUDE.md` (`DEEP_CLAUDE`). Run `claw system-prompt --output-format json` from `subproj/deep/nest/` (note: `nest` has no `CLAUDE.md`). The `message` field contains **all three markers** (PARENT + CHILD + DEEP) and `status --output-format json` reports `memory_file_count: 3`. Boundary tests: (a) `$HOME/CLAUDE.md` is NOT picked up from `/tmp/no-claude-dir` (discovery stops at `$HOME` boundary, good); (b) From `/tmp/deep` (no nested CLAUDE.md), `/tmp/CLAUDE.md` IS picked up (count: 1); (c) git-root is NOT a discovery boundary — running from a git subdir still walks above the git root. **Ambient-context-bleed footgun:** any stale `/tmp/CLAUDE.md` (or `/home//projects/CLAUDE.md`, or any ancestor-path CLAUDE.md left over from a previous experiment, copy-paste, or AI-generated example) silently bleeds into every workspace nested below it. The user has no signal in `status --output-format json` indicating which ancestor file is contributing — only the aggregate `memory_file_count`. **Three required fixes:** (a) **expose discovery list**: `status --output-format json` and `system-prompt --output-format json` must include `memory_files:[{path, source:"workspace"|"ancestor"|"parent_dir"|"home", chars, contributes:bool}]` so users can see what's leaking in; (b) **add `--no-parent-memory` flag** to limit discovery to cwd only (no ancestor walk), or add a boundary marker (`.claude-no-walk`, `.claw-root`, or honor `.git` as the boundary by default — most users expect repo-root scope); (c) **`doctor` warns** when ancestor `CLAUDE.md` files are loaded from outside the current git repo (suggests they may be unintentional). **Sibling discovery scope question:** discovery walks up to `$HOME` — but for a user with a project at `/Users/foo/work/proj`, that's `/Users/foo/work/CLAUDE.md` + `/Users/foo/CLAUDE.md` (if it exists) both load. The home boundary is exclusive, but the entire `/Users/foo` tree under home is in scope. **Why this matters:** test workspaces, scratch dirs, AI-generated example projects, and shared `/tmp` workdirs are full of stale `CLAUDE.md` files. The current discovery rule means every claw invocation can silently inherit context from arbitrary ancestor paths. Cross-references #438 (memory discovery only finds CLAUDE.md, not AGENTS.md or CLAW.md), #421 (cwd canonicalization leak — the canonicalized form determines which ancestor walk path is used). Source: Jobdori live dogfood, `f4a96740`, 2026-05-11. +439. **DONE — memory discovery is git-root bounded and reports memory origins** — fixed 2026-06-04 in `fix: bound parent memory discovery`. Project memory discovery now walks only from the current directory up to the nearest git root when one exists, and otherwise stays cwd-local, so stale parent `CLAUDE.md` files outside the project no longer bleed into scratch workspaces. Loaded memory JSON in both `status --output-format json` and `system-prompt --output-format json` now includes `origin`, `scope_path`, and `outside_project` alongside `path`, `source`, `chars`, and `contributes`; origins distinguish `workspace`, `parent_dir`, `ancestor`, `home`, and `outside_project`. The `memory` doctor check warns if an outside-project memory file is ever loaded, while still listing loaded and skipped memory candidates structurally. Docs in `USAGE.md` and `rust/README.md` describe the git-root boundary and expanded JSON fields. Regression coverage: `discovery_stops_at_git_root_boundary_439`, `discovery_without_git_root_stays_cwd_local_439`, and `memory_discovery_stops_at_git_root_and_reports_origins_439`. -440. **One invalid `mcpServers` entry blocks ALL OTHER valid MCP servers from loading — `mcp list --output-format json` returns `configured_servers: 0, servers: []` when even one server has a missing/invalid `command` field, despite other servers in the same config being well-formed; sibling: config parser halts on first invalid entry, never reports the remaining invalid entries** — dogfooded 2026-05-11 by Jobdori on `bd126905` in response to Clawhip pinpoint nudge at `1503343442904879156`. Reproduction: write `.claw.json` containing six `mcpServers` entries — one valid (`valid-server: {command:"/bin/echo", args:["hello"]}`) and five with progressive defects (missing-command, empty-command, null-command, wrong-type-command, extra-unknown-field). Run `claw mcp list --output-format json` → `{"action":"list","config_load_error":"/private/tmp/claw-mcp-probe/.claw.json: mcpServers.missing-command-server: missing string field command","configured_servers":0,"kind":"mcp","servers":[],"status":"degraded"}`. The error mentions only `missing-command-server` (the first invalid entry in JSON-object iteration order); the other four invalid entries are never surfaced. The valid `valid-server` entry is silently dropped because the parser bails on the first error. `status --output-format json` correctly propagates the same `config_load_error` and sets `status:"degraded"`, but no field tells automation which servers are valid vs broken — `servers:[]` is the only signal. **Three problems compounded:** (a) **all-or-nothing loading**: ROADMAP product principle #5 says "partial success is first-class," but mcp config loading is binary. One bad server kills the entire MCP plane; (b) **first-error-only reporting**: a `.claw.json` with five invalid entries surfaces only one error message — the user fixes that one and runs again, gets the next error, and so on. Five iterations needed to discover all errors; (c) **no per-server status**: even with the partial-success fix, the JSON envelope needs `servers:[{name, valid:bool, error?, command?, args?}]` so automation can see which entries are usable. **Required fix shape:** (a) the MCP config parser must collect ALL invalid entries into an `invalid_servers:[{name, error_field, reason}]` array and load all valid ones into `servers:[]`; do not abort on first error; (b) `configured_servers` reflects the count of *valid* loaded servers (not zero) when there are valid entries alongside invalid ones; (c) expose `total_configured:int` (count of entries in source `.claw.json`) AND `valid_count:int` (loaded), AND `invalid_count:int` (rejected) — three distinct counts; (d) `doctor --output-format json` adds an `mcp_validation` check that lists each invalid entry with its error message; (e) regression test: `.claw.json` with one valid + one invalid entry results in `configured_servers: 1, invalid_servers: [{name:"...", reason:"..."}]`. **Why this matters:** users iterate on MCP server lists during onboarding — one typo kills the entire plane, including servers they got working previously. The first-error-only reporting forces N iterations through N invalid entries instead of a single fix-everything-at-once pass. Cross-references #407 (config files no load_error per-file), #415 (config section merged_keys count only), #416 (plugins list prose), #428 (default permission mode), and Product Principle #5. Source: Jobdori live dogfood, `bd126905`, 2026-05-11. +440. **DONE — invalid `mcpServers` siblings no longer drop valid MCP servers** — fixed 2026-06-04 in `fix: load partial MCP configs`. MCP config loading now records every invalid server entry as `invalid_servers:[{name, scope, path, error_field, reason, valid:false}]` while retaining valid siblings in `servers[]`; valid entries carry `valid:true`, `configured_servers` and `valid_count` report loaded valid servers, `invalid_count` reports rejected entries, and `total_configured` reports all discovered entries. `status --output-format json` mirrors the `mcp_validation` summary, and `doctor --output-format json` includes an `mcp validation` check for one-pass repair. Empty stdio commands and unknown per-transport fields are per-server validation errors instead of global config failures. Regression coverage: `loads_valid_mcp_servers_and_collects_all_invalid_siblings_440`, `records_invalid_mcp_server_shapes_without_rejecting_config_440`, `mcp_loads_valid_servers_and_reports_invalid_siblings_440`, and `mcp_degraded_config_and_failed_usage_are_distinct_json_contracts`. 441. **`hooks` config schema diverges from Claude Code documented format — claw-code expects `{"hooks":{"PreToolUse":["command-string"]}}` (array of command strings) while Claude Code documentation specifies `{"hooks":{"PreToolUse":[{"matcher":"Read","hooks":[{"type":"command","command":"..."}]}]}}` (structured matcher objects); users copy-pasting from Claude Code docs see `field "hooks.PreToolUse" must be an array of strings`** — dogfooded 2026-05-11 by Jobdori on `86ff83c2` in response to Clawhip pinpoint nudge at `1503350990680887418`. Reproduction: write `.claw.json` with the Claude-Code-documented hook format `{"hooks":{"PreToolUse":[{"matcher":"Read","hooks":[{"type":"command","command":"/bin/echo pretool"}]}]}}`. Run `claw status --output-format json` → `config_load_error: "/private/tmp/claw-hook-probe/.claw.json: field \"hooks.PreToolUse\" must be an array of strings, got an array (line 3)"`, `status: "degraded"`. The error wording ("must be an array of strings, got an array") is confusingly tautological — the user did provide an array; the parser objects that the array contains objects instead of strings. Replacing with the claw-code-actual format `{"hooks":{"PreToolUse":["/bin/echo pretool"]}}` succeeds: `config_load_error: null, status: "ok"`. The two formats are fundamentally incompatible: claw-code drops the `matcher` field (no tool-specific filtering at the config layer), drops the `type:"command"` discriminator (no future expansion to other hook types), and treats each entry as a bare command string instead of a structured hook spec. **Sibling: PR #3000 (justcode049) was attempting to tolerate object-style hook entries** — that PR's title `fix: tolerate object-style hook entries in config parser` confirms this is a known user complaint, but the PR is still conflicting and unmerged. **Three sibling findings in same probe:** (a) **unknown event names reject entire hooks config**: `.claw.json` with `hooks.InvalidEvent` (not a real event name like `PreToolUse`/`PostToolUse`/`Stop`/`Notification`) triggers `config_load_error: "unknown key \"hooks.InvalidEvent\""` and rejects ALL hooks in the same file, even valid ones — same "one bad apple kills all" pattern as #440 (MCP servers). (b) **`kind:"unknown"` for the validation error** — should be `kind:"invalid_hooks_config"` or `kind:"unknown_hook_event"` (catch-all cluster #422/#423/#424/#428/#430/#431/#432/#433/#435 — 13th occurrence). (c) **first-error-only halting**: a `.claw.json` with `hooks.Stop:"not-an-array"` (type mismatch) AND `hooks.InvalidEvent` (unknown name) AND `hooks.Notification:[{}]` (empty entry) surfaces only the FIRST error in iteration order — user must fix one at a time across 3 iterations. **Required fix shape:** (a) **adopt Claude Code's structured hook format as the canonical**: support `{matcher, hooks:[{type, command}]}` natively, with `matcher` for tool-filtering, `type` for hook-type discriminator (future-proof for `inline`/`webhook`/etc beyond just `command`); (b) **keep backward compat for bare command strings**: legacy `["command-string"]` arrays still load, but emit a deprecation warning suggesting migration to the structured form; (c) **partial-success loading**: invalid hook entries surface in `invalid_hooks:[{event, index, reason}]` while valid ones load — same fix as #440 for MCP; (d) **typed `kind:"invalid_hooks_config"` envelope** instead of `kind:"unknown"`; (e) **rebase and merge PR #3000** which addresses this directly; (f) regression test: Claude-Code-documented hook config loads without error on claw-code. **Why this matters:** users migrating from Claude Code to Claw Code hit this on their first `.claw.json` write. The error message ("array of strings, got an array") is unhelpful; the documentation doesn't surface the schema divergence; and Claude Code's structured format is strictly more expressive (matchers, types) than claw-code's bare-string format. Cross-references #407 (config files no load_error), #410 (list-envelope schema drift), #428 (default permission mode), #440 (one invalid MCP entry blocks all), PR #3000 (justcode049's pending fix). Source: Jobdori live dogfood, `86ff83c2`, 2026-05-11. @@ -7756,10 +7755,14 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed) 794. **`claw plugins install /nonexistent/path` returned `error_kind:"unknown"` + `hint:null`** — dogfooded 2026-05-27 on `57a57ef7`. The error message `"plugin source '/path' was not found"` had no classifier arm, falling to `"unknown"`. Fix: added `plugin_source_not_found` classifier arm (`message.contains("plugin source") && message.contains("was not found")`); added `"plugin_source_not_found"` → `"Check that the path or URL is correct..."` to `fallback_hint_for_error_kind`. Unit test assertion added to `test_classify_error_kind`; integration test `plugins_install_not_found_path_returns_typed_kind_794` added. 56 CLI contract tests pass. [SCOPE: claw-code] Source: Jobdori plugins install probe on `57a57ef7`, 2026-05-27. -795. **`claw skills install /nonexistent` returned `skill_not_found + hint:null` and `claw skills uninstall x` returned `unsupported_skills_action + hint:null`** — dogfooded 2026-05-27 on `491f179a`. Both error kinds were missing from `fallback_hint_for_error_kind` table, so even though classify returned a typed kind, the hint field was always null. Fix: added `"skill_not_found"` → hint suggesting `claw skills list` / `claw skills install`; added `"unsupported_skills_action"` → hint listing supported actions. Integration test `skills_install_not_found_and_unsupported_action_have_hints_795` covers both paths. 57 CLI contract tests pass. [SCOPE: claw-code] Source: Jobdori skills lifecycle probe on `491f179a`, 2026-05-27. +795. **`claw skills install /nonexistent` returned `skill_not_found + hint:null` and `claw skills uninstall x` returned `unsupported_skills_action + hint:null`** — dogfooded 2026-05-27 on `491f179a`. Both error kinds were missing from `fallback_hint_for_error_kind` table, so even though classify returned a typed kind, the hint field was always null. Fix: added `skill_not_found` and `unsupported_skills_action` fallback hints. ROADMAP #431 later moved the lifecycle surface fully local: install failures now emit typed `invalid_install_source`, uninstall failures emit local `skill_not_found` with `skills_dir` and `available_names`, and the combined regression is covered by `skills_lifecycle_errors_have_typed_local_json_795_431` plus the install/uninstall roundtrip test. [SCOPE: claw-code] Source: Jobdori skills lifecycle probe on `491f179a`, 2026-05-27. 796. **`claw agents show ` and `claw skills show ` returned confusing `agent_not_found`/`skill_not_found` for the concatenated "name extra" string** — dogfooded 2026-05-27 on `18b4cee5`. `join_optional_args` passes all tokens as a space-joined string; both `show` handlers called `split_once(' ')` to extract the name but did not check if the remainder (after the first split) contained additional tokens. Extra positional args (including `--flags`) became part of the "name", silently mangling the lookup. Fix: added second `split_once(' ')` on the extracted name; if the result has two parts, return `unexpected_extra_args` with a usage hint. Valid single-name lookups are unaffected. Two new integration tests `agents_show_extra_positional_arg_returns_unexpected_extra_796`, `skills_show_extra_positional_arg_returns_unexpected_extra_796`. 59 CLI contract tests pass. [SCOPE: claw-code] Source: Jobdori agents/skills show extra-arg probe on `18b4cee5`, 2026-05-27. -797. **Installed `claw version --output-format json` reports `git_sha:null` / `Git SHA unknown`, so dogfood cannot tie the binary under test to a source revision** — dogfooded 2026-05-27 from `#clawcode-building-in-public` using the installed `/home/bellman/.cargo/bin/claw` binary in a clean `ultraworkers/claw-code` checkout. `claw version --output-format json` returned `{"kind":"version","version":"0.1.0","git_sha":null,"target":null,"build_date":"2026-03-31"...}` while `claw status --output-format json` only reported workspace state (`git_branch`, clean/dirty counts) and did not provide any executable-vs-workspace provenance comparison. This is a clawability gap in event/log opacity and stale-binary confusion: an operator can run `doctor/status/version` successfully but still cannot prove which commit the installed CLI came from, whether it matches `origin/main`, or whether the observed behavior is from a stale packaged binary. **Required fix shape:** (a) embed build git SHA/target/build provenance in installed/release binaries whenever the source tree is available; (b) when provenance is missing, emit a typed `binary_provenance.status:"unknown"` rather than only `git_sha:null`; (c) have `status`/`doctor` include a redaction-safe comparison between executable provenance and workspace HEAD when running inside a git checkout; (d) add regression/packaging coverage proving release/local install paths preserve or explicitly classify provenance. **Why this matters:** dogfood reports and automation need to distinguish current-source failures from stale or unknown binary lineage before opening/rebasing/closing PRs. Source: gaebal-gajae live dogfood on 2026-05-27; active repo checkout had open PR #3124 DIRTY with no checks and PR #3125 CLEAN, but the installed binary itself could not identify its source revision. +797. **DONE — Installed `claw version --output-format json` reports `git_sha:null` / `Git SHA unknown`, so dogfood cannot tie the binary under test to a source revision** — dogfooded 2026-05-27 from `#clawcode-building-in-public` using an installed binary in a clean `ultraworkers/claw-code` checkout. The gap was that version/status/doctor did not provide a structured executable-vs-workspace provenance object when build metadata was missing or stale. [SCOPE: claw-code] + + **Fix applied.** `version --output-format json` now includes a `binary_provenance` object with `status:"known"|"unknown"`, build git SHA, target, build date, executable path, workspace HEAD SHA, `workspace_match`, and a structured hint when provenance is missing or mismatched. `status --output-format json` exposes the same object, and `doctor --output-format json` includes it in the `system` check so dogfood reports can distinguish current-source failures from stale or unknown binary lineage. + + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli version_status_doctor_include_binary_provenance_797 -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli version_emits_json_when_requested -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli doctor_and_resume_status_emit_json_when_requested -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract -- --nocapture`; direct probes `cargo run --manifest-path rust/Cargo.toml -q -p rusty-claude-cli -- --output-format json version` and `cargo run --manifest-path rust/Cargo.toml -q -p rusty-claude-cli -- --output-format json status`; `cargo build --manifest-path rust/Cargo.toml --workspace --locked`. 798. **`claw plugins show ` returned `unexpected_extra_args` + `hint:null`** — dogfooded 2026-05-27 on `9976585f`. The plugins arg parser at the top level emitted `"unexpected extra arguments after 'claw plugins show ...': ..."` with no `\n` delimiter (parity gap with #791 config fix). Fix: appended `\nUsage: claw plugins [list|show |...]` to the error format string. Integration test `plugins_extra_args_have_non_null_hint_797`. Committed as `bff37000`. 60 CLI contract tests pass. [SCOPE: claw-code] @@ -7778,14 +7781,34 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed) 805. **`claw skills show ` in text mode silently returned "No skills found." instead of an error** — dogfooded 2026-05-27 on `2c3c0f60`. The text-mode show handler in `handle_skills_slash_command` returned `render_skills_report(&matched)` with an empty vec instead of checking for empty match and returning an error. JSON mode already returned `skill_not_found` since #706. Fix: added `matched.is_empty()` guard with `skill_not_found` error + `\n` hint suggesting `claw skills list`. 62 CLI contract tests pass. [SCOPE: claw-code] 806. **`claw plugins show ` in text mode returned "No plugins installed." instead of an error** — dogfooded 2026-05-27 on `ae6a207d`. The text-mode path in `print_plugins` printed `payload.message` (the full list render) without checking if the requested plugin existed. JSON mode correctly returned `plugin_not_found`. Fix: added show-action filtering + not-found guard to text-mode path; added `starts_with("plugin_not_found:")` arm to classifier for the new error prefix. 63 CLI contract tests pass. [SCOPE: claw-code] -807. **`claw models` / `claw model` with `--output-format json` hang with zero stdout instead of returning bounded model discovery/help JSON or a typed unsupported response** — dogfooded 2026-05-27 on `ae6a207` while checking docs/usage model-alias surface after PR #3162 opened. Both `cargo run -q -p rusty-claude-cli -- models --output-format json` and the actual rebuilt `./rust/target/debug/claw models --output-format json` timed out under an 8s outer timeout with stdout `0`; stderr only contained config deprecation warnings. The same silent timeout reproduced for `models help --output-format json`, `model --output-format json`, and `model help --output-format json`. **Required fix shape:** (a) make `model(s)` help/list/discovery commands return bounded stdout JSON without entering prompt/provider/auth paths; (b) if the command is unsupported, return a standard typed JSON error envelope with `error_kind`, non-null `hint`, and `message`; (c) ensure docs model-alias tables and CLI model discovery surfaces do not diverge; (d) add regression coverage for `models --output-format json`, `models help --output-format json`, `model --output-format json`, and `model help --output-format json` proving they do not hang or emit zero-byte stdout. **Why this matters:** model selection is a setup/control-plane surface. If the natural model discovery commands hang silently, claws cannot verify aliases like `qwen-max` / `qwen-plus`, distinguish unsupported command spelling from provider startup, or safely guide users during first-run model setup. Source: gaebal-gajae 13:30/14:00 dogfood probe; GitHub issue creation was blocked by API rate limit, so the finding was recorded directly in ROADMAP. -808. **Control-plane commands `claw config`, `claw settings`, `claw status`, and `claw doctor` with `--output-format json` hang with zero stdout instead of returning bounded JSON/help or a typed unsupported envelope** — dogfooded 2026-05-27 on `86f45a1` after ROADMAP #807 landed. Each of `./rust/target/debug/claw config --output-format json`, `config help --output-format json`, `settings --output-format json`, `settings help --output-format json`, `status --output-format json`, and `doctor --output-format json` timed out under an 8s outer timeout with stdout `0`; stderr only contained the local deprecated `enabledPlugins` settings warning. **Required fix shape:** keep non-interactive control-plane/info commands out of prompt/provider startup paths; return bounded JSON stdout for supported status/config/help surfaces, or a standard typed JSON error envelope with `error_kind`, non-null `hint`, and `message` for unsupported spellings; add timeout/nonzero-stdout regression coverage for the six repro commands. **Why this matters:** claws and users need first-run diagnostics/config/status surfaces that are safe to call from scripts. Silent hangs make setup triage indistinguishable from provider startup, auth, or model discovery failures. Source: gaebal-gajae 17:00 dogfood probe; rechecked 17:30 after `cargo build --manifest-path rust/Cargo.toml -p rusty-claude-cli` produced `claw --version` Git SHA `23a7de6`, and the same timeout reproduced for current HOME and a clean `HOME=/tmp/claw-clean-home-1730` (clean HOME produced rc 124, stdout 0, stderr 0 for `config`, `status`, and `doctor`). [SCOPE: claw-code] -809. **Top-level help/version/MCP/plugin JSON spellings hang with zero stdout in trailing `--output-format json` form instead of returning bounded JSON/help or typed unsupported envelopes** — dogfooded 2026-05-27 on rebuilt main `db81598` (`cargo build --manifest-path rust/Cargo.toml -p rusty-claude-cli`; `claw --version` Git SHA `db81598`). `help --output-format json`, `version --output-format json`, `mcp --output-format json`, `mcp help --output-format json`, `plugins --output-format json`, and `plugins help --output-format json` each timed out under an 8s outer timeout with stdout `0`; stderr only contained the local deprecated `enabledPlugins` settings warning. Leading global-style probes (`--help --output-format json`, `--version --output-format json`) fail immediately as `[error-kind: cli_parse] unknown option`, so the hang is again in the trailing subcommand-style routing/startup path. **Required fix shape:** treat help/version/MCP/plugin discovery surfaces as bounded non-interactive control-plane commands; either return JSON help/list/version payloads or standard typed JSON unsupported envelopes with `error_kind`, non-null `hint`, and `message`; add timeout/nonzero-stdout regression coverage for the six trailing repro commands and parser-envelope coverage for leading global-style spellings. **Why this matters:** claws need safe scriptable help/version/plugin/MCP discovery before provider/session startup; silent hangs hide whether a command is unsupported, misparsed, or initializing runtime state. Source: gaebal-gajae 19:00 dogfood probe. [SCOPE: claw-code] -810. **TTY JSON success for `config`/`plugins --output-format json` contaminates stdout with deprecated-settings warnings before the JSON object** — dogfooded 2026-05-27 on rebuilt main `db81598` after #809. Under pseudo-TTY (`script -q -c "./rust/target/debug/claw config --output-format json"` and `plugins --output-format json`), the commands return rc `0` and bounded JSON, but stdout begins with `warning: /home/bellman/.claw/settings.json: field "enabledPlugins" is deprecated ...` before the JSON object (`first_json_index=121`). Parsing succeeds only after manually stripping the warning/prefix; raw stdout is not valid JSON. **Required fix shape:** in JSON mode, keep diagnostics/warnings on stderr or include structured warning fields inside the JSON envelope, but never prepend human warnings to stdout; add regression coverage that raw stdout from JSON commands parses from byte 0 under TTY and non-TTY modes. **Why this matters:** even when the TTY path avoids the hang from #807/#808/#809, claws and scripts still cannot safely `json.loads(stdout)` if configuration warnings are mixed into stdout. Source: gaebal-gajae 20:00 pseudo-TTY dogfood probe. [SCOPE: claw-code] -811. **Previously typed JSON error/list surfaces hang in plain non-TTY trailing `--output-format json` form instead of emitting their JSON envelopes** — dogfooded 2026-05-27 on rebuilt main `b0e94c9` after #810. In plain non-TTY automation, `agents list --bogus --output-format json`, `skills show does-not-exist --output-format json`, `plugins show does-not-exist --output-format json`, `diff --output-format json`, `sessions show does-not-exist --output-format json`, and `resume bogus --output-format json` each timed out under an 8s outer timeout with stdout `0`; stderr only contained the local deprecated `enabledPlugins` settings warning. Several of these surfaces had prior roadmap fixes for typed JSON/text envelopes, so this is a regression-class scriptability gap: the command-specific envelope may exist, but plain non-TTY trailing JSON invocation routes into interactive startup before reaching it. **Required fix shape:** ensure trailing `--output-format json` is honored before any interactive/provider/session startup for error/list surfaces; add plain non-TTY timeout regression coverage that asserts raw stdout is a parseable typed JSON envelope for the six repro commands, including `error_kind`, non-null `hint`, and `message` where applicable. **Why this matters:** claws primarily invoke CLI checks from non-TTY automation; a fix that only works in manual/TTY mode still leaves JSON error handling unusable for agents. Source: gaebal-gajae 20:30 dogfood probe. [SCOPE: claw-code] +807. **DONE — `claw models` / `claw model` with `--output-format json` hang with zero stdout instead of returning bounded model discovery/help JSON or a typed unsupported response** — dogfooded 2026-05-27 on `ae6a207` while checking docs/usage model-alias surface after PR #3162 opened. Both `cargo run -q -p rusty-claude-cli -- models --output-format json` and the actual rebuilt `./rust/target/debug/claw models --output-format json` timed out under an 8s outer timeout with stdout `0`; stderr only contained config deprecation warnings. The same silent timeout reproduced for `models help --output-format json`, `model --output-format json`, and `model help --output-format json`. **Required fix shape:** (a) make `model(s)` help/list/discovery commands return bounded stdout JSON without entering prompt/provider/auth paths; (b) if the command is unsupported, return a standard typed JSON error envelope with `error_kind`, non-null `hint`, and `message`; (c) ensure docs model-alias tables and CLI model discovery surfaces do not diverge; (d) add regression coverage for `models --output-format json`, `models help --output-format json`, `model --output-format json`, and `model help --output-format json` proving they do not hang or emit zero-byte stdout. **Why this matters:** model selection is a setup/control-plane surface. If the natural model discovery commands hang silently, claws cannot verify aliases like `qwen-max` / `qwen-plus`, distinguish unsupported command spelling from provider startup, or safely guide users during first-run model setup. Source: gaebal-gajae 13:30/14:00 dogfood probe; GitHub issue creation was blocked by API rate limit, so the finding was recorded directly in ROADMAP. + + **Fix applied.** `model` and `models` now route to a local `CliAction::Models` surface. Bare `models --output-format json` emits bounded local model metadata (default model, built-in aliases, optional configured model) without provider startup, while `model help --output-format json` routes through the structured local help envelope. + + **Verification.** Regression test `models_json_and_model_help_json_are_local_807` asserts bounded exit, parseable stdout JSON, empty stderr, no `missing_credentials`, and `requires_provider_request:false` for the models list envelope. +808. **DONE — Control-plane commands `claw config`, `claw settings`, `claw status`, and `claw doctor` with `--output-format json` hang with zero stdout instead of returning bounded JSON/help or a typed unsupported envelope** — dogfooded 2026-05-27 on `86f45a1` after ROADMAP #807 landed. Each of `./rust/target/debug/claw config --output-format json`, `config help --output-format json`, `settings --output-format json`, `settings help --output-format json`, `status --output-format json`, and `doctor --output-format json` timed out under an 8s outer timeout with stdout `0`; stderr only contained the local deprecated `enabledPlugins` settings warning. **Required fix shape:** keep non-interactive control-plane/info commands out of prompt/provider startup paths; return bounded JSON stdout for supported status/config/help surfaces, or a standard typed JSON error envelope with `error_kind`, non-null `hint`, and `message` for unsupported spellings; add timeout/nonzero-stdout regression coverage for the six repro commands. **Why this matters:** claws and users need first-run diagnostics/config/status surfaces that are safe to call from scripts. Silent hangs make setup triage indistinguishable from provider startup, auth, or model discovery failures. Source: gaebal-gajae 17:00 dogfood probe; rechecked 17:30 after `cargo build --manifest-path rust/Cargo.toml -p rusty-claude-cli` produced `claw --version` Git SHA `23a7de6`, and the same timeout reproduced for current HOME and a clean `HOME=/tmp/claw-clean-home-1730` (clean HOME produced rc 124, stdout 0, stderr 0 for `config`, `status`, and `doctor`). [SCOPE: claw-code] + + **Fix applied.** `settings` now routes locally: bare `settings --output-format json` reuses the config JSON envelope for the synthetic `settings` section, and `settings help --output-format json` returns a structured local help envelope. Existing `config`, `status`, and `doctor` JSON routes remain local. + + **Verification.** Regression test `settings_json_and_help_json_are_local_808` asserts bounded exit, parseable stdout JSON, empty stderr, no `missing_credentials`, `section:"settings"` for bare settings, and structured help for `settings help --output-format json`. +809. **DONE — Top-level help/version/MCP/plugin JSON spellings hang with zero stdout in trailing `--output-format json` form instead of returning bounded JSON/help or typed unsupported envelopes** — dogfooded 2026-05-27 on rebuilt main `db81598` (`cargo build --manifest-path rust/Cargo.toml -p rusty-claude-cli`; `claw --version` Git SHA `db81598`). `help --output-format json`, `version --output-format json`, `mcp --output-format json`, `mcp help --output-format json`, `plugins --output-format json`, and `plugins help --output-format json` each timed out under an 8s outer timeout with stdout `0`; stderr only contained the local deprecated `enabledPlugins` settings warning. The current parser routes these as bounded local surfaces. + + **Fix applied.** `help`, `version`, `mcp`, and `plugins` now resolve to local `CliAction` paths with parsed `CliOutputFormat::Json`; `parse_local_help_action()` maps `mcp` and `plugins` help topics directly to local JSON help envelopes. + + **Verification.** Static evidence in `rust/crates/rusty-claude-cli/src/main.rs`: `wants_help`/`wants_version` preserve `CliOutputFormat::Json`, `parse_local_help_action()` maps `mcp` and `plugins` to local help topics, and match arms route `mcp`/`plugins` to local handlers before prompt/provider startup. +810. **DONE — TTY JSON success for `config`/`plugins --output-format json` contaminates stdout with deprecated-settings warnings before the JSON object** — dogfooded 2026-05-27 on rebuilt main `db81598` after #809. Under pseudo-TTY (`script -q -c "./rust/target/debug/claw config --output-format json"` and `plugins --output-format json`), the commands return rc `0` and bounded JSON, but stdout begins with `warning: /home/bellman/.claw/settings.json: field "enabledPlugins" is deprecated ...` before the JSON object (`first_json_index=121`). Parsing succeeds only after manually stripping the warning/prefix; raw stdout is not valid JSON. **Required fix shape:** in JSON mode, keep diagnostics/warnings on stderr or include structured warning fields inside the JSON envelope, but never prepend human warnings to stdout; add regression coverage that raw stdout from JSON commands parses from byte 0 under TTY and non-TTY modes. **Why this matters:** even when the TTY path avoids the hang from #807/#808/#809, claws and scripts still cannot safely `json.loads(stdout)` if configuration warnings are mixed into stdout. Source: gaebal-gajae 20:00 pseudo-TTY dogfood probe. [SCOPE: claw-code] + + **Fix applied.** Existing global JSON-mode settings warning suppression now prevents deprecated `enabledPlugins` prose from prefixing JSON stdout, and the regression matrix asserts stdout starts with `{` at byte 0 for representative local JSON surfaces under an isolated deprecated settings fixture. + + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli global_json_surfaces_suppress_config_deprecation_stderr_810_821_824 -- --nocapture`. +811. **DONE — Previously typed JSON error/list surfaces hang in plain non-TTY trailing `--output-format json` form instead of emitting their JSON envelopes** — dogfooded 2026-05-27 on rebuilt main `b0e94c9` after #810. In plain non-TTY automation, `agents list --bogus --output-format json`, `skills show does-not-exist --output-format json`, `plugins show does-not-exist --output-format json`, `diff --output-format json`, `sessions show does-not-exist --output-format json`, and `resume bogus --output-format json` each timed out under an 8s outer timeout with stdout `0`; stderr only contained the local deprecated `enabledPlugins` settings warning. Current code parses trailing JSON mode before local dispatch and routes JSON abort envelopes to stdout. + + **Fix applied.** Trailing `--output-format json` is parsed globally before local command matching, so inventory/error surfaces keep their typed local JSON envelopes instead of falling through to runtime/provider startup. The top-level JSON abort handler routes structured errors to stdout. + + **Verification.** Static evidence in `parse_args()` shows global `--output-format` parsing before local command matching; focused tests cover representative affected surfaces including `agents_list_flag_shaped_filter_returns_unknown_option_792`, `plugins_list_flag_shaped_filter_returns_cli_parse_on_stdout_793_817`, `diff_non_git_dir_has_error_kind_and_hint_801`, and resume/export abort-envelope checks around #819/#820/#823. -812. **`claw --output-format json doctor --help` must stay a local help fast path and never fall through into runtime/provider startup** — dogfooded 2026-05-28 04:01 UTC after #701 worktree drift. The reported repro was `cargo run -q --bin claw -- --output-format json doctor --help`, which did not produce local help promptly and had to be killed, while the positive control `cargo run -q --bin claw -- --output-format json --help` emitted valid JSON help. Fresh bounded repro on branch `fix/doctor-help-json-local` did not reproduce the hang on current code (`timeout 5s cargo run -q --bin claw -- --output-format json doctor --help` exited 0 with a `kind:"help"`/`status:"ok"` doctor help envelope), which means the parser fast path is present but under-tested for this exact dogfood surface. +812. **DONE — `claw --output-format json doctor --help` must stay a local help fast path and never fall through into runtime/provider startup** — dogfooded 2026-05-28 04:01 UTC after #701 worktree drift. The reported repro was `cargo run -q --bin claw -- --output-format json doctor --help`, which did not produce local help promptly and had to be killed, while the positive control `cargo run -q --bin claw -- --output-format json --help` emitted valid JSON help. Fresh bounded repro on branch `fix/doctor-help-json-local` did not reproduce the hang on current code (`timeout 5s cargo run -q --bin claw -- --output-format json doctor --help` exited 0 with a `kind:"help"`/`status:"ok"` doctor help envelope), and current regression coverage preserves this fast path. **Pinpoint.** The guarded path is `rust/crates/rusty-claude-cli/src/main.rs`: global `--output-format json` is parsed before `rest`, `parse_local_help_action()` maps `doctor --help` to `CliAction::HelpTopic { topic: Doctor }`, and `print_help_topic()` must return without calling `run_doctor()`, `LiveCli`, provider setup, session resume, or runtime startup. The previous risk class is help fallthrough: treating `doctor --help` as prompt text or as `doctor` diagnostics would either hit provider/session startup or run checks instead of local help. @@ -7795,13 +7818,13 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed) **Verification.** Regression tests: `doctor_help_json_is_local_structured_and_bounded_702` and `doctor_help_text_stays_plaintext_and_local_702` in `rust/crates/rusty-claude-cli/tests/output_format_contract.rs`; focused command repros recorded in `/tmp/claw_doctor_help_json.out` and `/tmp/claw_doctor_help_json.err` during the doctor-help fix branch. -813. **Dogfood probe shell-string loops can fabricate CLI argv failures for JSON help surfaces** — dogfooded 2026-05-28 after #3185 merged. A verification loop used a single shell string variable (`cmd="--output-format json doctor --help"`; then `cargo run -q --bin claw -- $cmd | python3 -c 'json.load(...)'`). The resulting channel transcript showed `unknown option: --output-format json doctor --help` and Python JSON parse stack noise, even though explicit argv invocations on fresh `main` all returned valid JSON: `cargo run -q --bin claw -- --output-format json doctor --help`, `cargo run -q --bin claw -- doctor --help --output-format json`, and `cargo run -q --bin claw -- help doctor --output-format json`. This is a dogfood-harness test-brittleness / event-log opacity gap, not a product parser regression. The log made a probe-construction mistake look like a claw-code failure. +813. **DONE — Dogfood probe shell-string loops can fabricate CLI argv failures for JSON help surfaces** — dogfooded 2026-05-28 after #3185 merged. A verification loop used a single shell string variable (`cmd="--output-format json doctor --help"`; then `cargo run -q --bin claw -- $cmd | python3 -c 'json.load(...)'`). The resulting channel transcript showed `unknown option: --output-format json doctor --help` and Python JSON parse stack noise, even though explicit argv invocations on fresh `main` all returned valid JSON: `cargo run -q --bin claw -- --output-format json doctor --help`, `cargo run -q --bin claw -- doctor --help --output-format json`, and `cargo run -q --bin claw -- help doctor --output-format json`. This is a dogfood-harness test-brittleness / event-log opacity gap, not a product parser regression. The log made a probe-construction mistake look like a claw-code failure. - **Required fix shape.** Add a tiny argv-safe dogfood helper (script or documented recipe) that runs CLI probes as explicit argv arrays rather than interpolated shell strings, captures stdout/stderr separately, and labels probe-construction failures distinctly from product failures. For ad-hoc shell loops, prefer arrays/functions (`run_probe --output-format json doctor --help`) over `$cmd` strings; never pipe unknown stdout directly into a JSON parser without first recording rc/stdout/stderr. + **Fix applied.** Added `scripts/dogfood-probe.py`, an argv-safe helper that accepts a target executable plus arguments after `--`, invokes `subprocess.run` without shell interpolation, records the exact argv vector, captures rc/stdout/stderr as separate fields, and labels `timeout`, `probe_error`, and `product_error` separately. Its optional `--stdout-json-byte0` assertion requires stdout to be parseable JSON starting at byte 0, so JSON parser stack noise is replaced by a structured probe result. - **Acceptance.** Future dogfood reports for argv-sensitive CLI surfaces include the exact argv vector and can distinguish `probe_error` from `product_error`; reproducing the three doctor-help forms through the helper yields three parseable JSON objects from byte 0 without Python parser stack noise. [SCOPE: claw-code dogfood harness] + **Verification.** `python3 -m unittest tests.test_roadmap_helpers.RoadmapHelperTests.test_dogfood_probe_runs_explicit_argv_and_separates_channels tests.test_roadmap_helpers.RoadmapHelperTests.test_dogfood_probe_labels_timeout_separately_from_product_error tests.test_roadmap_helpers.RoadmapHelperTests.test_dogfood_probe_labels_probe_construction_failure tests.test_roadmap_helpers.RoadmapHelperTests.test_dogfood_probe_labels_stdout_json_prefix_failure_as_product_error` passes. The fixture tests cover explicit argv preservation for `--output-format json doctor --help`, separated stdout/stderr capture, timeout classification, construction-error classification, and byte-0 JSON product-error classification. [SCOPE: claw-code dogfood harness] -814. **Plain non-TTY trailing `--output-format json` still times out for inventory/error surfaces after #3186** — dogfooded 2026-05-28 07:00 on fresh `main` `0e6d48d9d` after #3186 merged. Using explicit argv probes with separated stdout/stderr (per #813) reproduced the older #811 class on current main: `cargo run -q --bin claw -- agents list --bogus --output-format json`, `skills show does-not-exist --output-format json`, and `plugins show does-not-exist --output-format json` each hit the 5s timeout (`rc=124`) with `stdout` length 0; stderr contained only compile warnings plus the local deprecated `enabledPlugins` settings warning. This confirms the argv-safe probe harness can distinguish product failure from probe-construction failure, and the product gap remains for trailing JSON flag forms on inventory/error surfaces. +814. **DONE — Plain non-TTY trailing `--output-format json` still times out for inventory/error surfaces after #3186** — dogfooded 2026-05-28 07:00 on fresh `main` `0e6d48d9d` after #3186 merged. Using explicit argv probes with separated stdout/stderr (per #813) reproduced the older #811 class on current main: `cargo run -q --bin claw -- agents list --bogus --output-format json`, `skills show does-not-exist --output-format json`, and `plugins show does-not-exist --output-format json` each hit the 5s timeout (`rc=124`) with `stdout` length 0; stderr contained only compile warnings plus the local deprecated `enabledPlugins` settings warning. Follow-up evidence showed the product path fixed upstream and current tests preserve local JSON error routing. **Required fix shape.** Parse trailing `--output-format json` for local inventory/error commands before any REPL/provider startup in plain non-TTY mode, matching the already-working leading global form where applicable. Add timeout regression coverage for at least `agents list --bogus --output-format json`, `skills show does-not-exist --output-format json`, and `plugins show does-not-exist --output-format json` asserting nonzero stdout with a single parseable JSON envelope containing `status:"error"`, `error_kind`, and non-null `hint`. Keep deprecation/config warnings out of stdout in JSON mode. @@ -7809,43 +7832,71 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed) **Follow-up verification (2026-05-28 07:30 on `main` `09ff1caf4`).** After #3187 merged, rerunning the same three commands with explicit argv showed the product path had already been fixed upstream: `agents list --bogus --output-format json` returned rc 1 with a JSON `unknown_option` envelope, `skills show does-not-exist --output-format json` returned rc 1 with `skill_not_found`, and `plugins show does-not-exist --output-format json` returned rc 1 with `plugin_not_found`. Stdout was nonzero and parseable in all three cases; warnings stayed on stderr. Remaining actionable lesson is process-level: ROADMAP record #814 is preserved as historical repro + verification, not an open product blocker. -815. **`claw --output-format json config` reports the same deprecated-settings warning twice: once structurally in `warnings[]` and once as prose on stderr** — dogfooded 2026-05-28 08:00 on current `main` after #3188. `timeout 5s cargo run -q --bin claw -- --output-format json config >out 2>err` exits 0 with parseable stdout JSON (`kind:"config", action:"list", status:"ok"`) and `warnings.length == 1`, but stderr still contains the same `enabledPlugins is deprecated` warning once. This is better than older stdout contamination, but still duplicates the same diagnostic across two channels in JSON mode. A machine consumer that reads the structured warning also sees an extra prose warning on stderr; a log scraper may count one config issue twice. + **Fix applied.** Current trailing JSON-mode routing reaches local inventory handlers for these argv-safe probes; handled JSON errors emit parseable stdout envelopes and do not require provider credentials/session startup. + + **Verification.** Existing follow-up probe evidence records `agents list --bogus --output-format json`, `skills show does-not-exist --output-format json`, and `plugins show does-not-exist --output-format json` returning parseable JSON envelopes; current contract tests additionally cover agents/plugin local parse/error envelopes with stdout JSON. + +815. **DONE — `claw --output-format json config` reports the same deprecated-settings warning twice: once structurally in `warnings[]` and once as prose on stderr** — dogfooded 2026-05-28 08:00 on current `main` after #3188. `timeout 5s cargo run -q --bin claw -- --output-format json config >out 2>err` exits 0 with parseable stdout JSON (`kind:"config", action:"list", status:"ok"`) and `warnings.length == 1`, but stderr still contains the same `enabledPlugins is deprecated` warning once. Current config JSON keeps that diagnostic structured without duplicating it on stderr. **Required fix shape.** In JSON mode for config/list surfaces that already include `warnings[]`, suppress eager prose emission of the same config warning on stderr or mark it as already collected. Text mode should keep the human stderr warning. Add regression coverage asserting `claw --output-format json config` returns exactly one structured warning and zero duplicate `enabledPlugins` prose lines on stderr. **Acceptance.** With a deprecated `enabledPlugins` key present, `claw --output-format json config` exits 0, stdout parses from byte 0 and includes `warnings[]`, and stderr has no duplicate deprecation warning for the same file/key. [SCOPE: claw-code] -816. **JSON-mode local/list surfaces still leak deprecated config prose warnings on stderr outside `config`** — dogfooded 2026-05-28 09:30 on `main` `89e7f415a` after #3190. `./target/debug/claw --output-format json config` is now fixed (`rc=0`, parseable stdout, `warnings[]`, stderr empty), but sibling JSON surfaces still emit the same app-level config warning to stderr when `~/.claw/settings.json` contains deprecated `enabledPlugins`: `plugins list` (`kind:"plugin"`), `mcp list` (`kind:"mcp"`), and `doctor` (`kind:"doctor"`) all return parseable JSON with `rc=0` while stderr contains `enabledPlugins is deprecated`. `skills list` and `version` stay clean. This leaves machine consumers with a global JSON-mode cleanliness gap even after the config-specific duplicate was fixed. + **Fix applied.** JSON-mode config rendering collects deprecated settings diagnostics into `warnings[]` and suppresses the duplicate prose `enabledPlugins` warning on stderr; text mode preserves the human stderr warning. + + **Verification.** `config_json_reports_deprecations_structurally_without_stderr_duplicate_815` asserts a deprecated `enabledPlugins` fixture appears in JSON `warnings[]`, does not appear on stderr for `--output-format json config`, and still appears on stderr for text `config`. + +816. **DONE — JSON-mode local/list surfaces still leak deprecated config prose warnings on stderr outside `config`** — dogfooded 2026-05-28 09:30 on `main` `89e7f415a` after #3190. `./target/debug/claw --output-format json config` was fixed, but sibling JSON surfaces still emitted the same app-level config warning to stderr when `~/.claw/settings.json` contained deprecated `enabledPlugins`: `plugins list`, `mcp list`, and `doctor`. Current global JSON-mode suppression covers these local/list surfaces. **Required fix shape.** Treat JSON output mode as a global app-level diagnostic routing contract: local/list/status surfaces that successfully return structured JSON should not write config deprecation prose to stderr. Either collect those warnings into each relevant JSON envelope where a warnings field exists, or suppress config-warning emission during JSON-mode preloading/default resolution for surfaces that cannot represent warnings yet. Preserve human stderr warnings in text mode. **Acceptance.** With deprecated `enabledPlugins` present, `claw --output-format json plugins list`, `claw --output-format json mcp list`, and `claw --output-format json doctor` exit 0, stdout parses from byte 0, and stderr contains zero `enabledPlugins is deprecated` app-level warning lines. Text mode still prints the warning. [SCOPE: claw-code] -817. **`claw --output-format json plugins list --` writes its JSON error envelope to stderr while sibling local inventory commands use stdout** — dogfooded 2026-05-28 12:30 on `main` `9494e3c26`. Trailing bare `--` is a useful parser edge because automation sometimes injects delimiter sentinels. `agents list --` and `skills list --` return rc 1 with parseable JSON on stdout and empty stderr. `mcp list --` also returns a parseable JSON error on stdout. `config --` returns rc 0 with a structured config error on stdout. But `plugins list --` returns rc 1, stdout empty, and writes the JSON error envelope to stderr: `{"action":"abort","error":"unknown option for `claw plugins list`: --", ...}`. This is machine-readable, but channel-inconsistent and surprising for JSON-mode consumers that read stdout for command payloads. + **Fix applied.** JSON-mode config-warning suppression is applied globally before local JSON surfaces load settings, covering sibling list/status/diagnostic commands while preserving text-mode stderr warnings. + + **Verification.** `global_json_surfaces_suppress_config_deprecation_stderr_810_821_824` covers `plugins list`, `mcp list`, `doctor`, and additional JSON surfaces under a deprecated `enabledPlugins` fixture with empty stderr; `local_text_surface_preserves_config_deprecation_stderr_816` verifies text mode still emits the warning. + +817. **DONE — `claw --output-format json plugins list --` writes its JSON error envelope to stderr while sibling local inventory commands use stdout** — dogfooded 2026-05-28 12:30 on `main` `9494e3c26`. Trailing bare `--` is a useful parser edge because automation sometimes injects delimiter sentinels. `plugins list --` returned rc 1, stdout empty, and wrote the JSON error envelope to stderr. Current plugin list parse-error routing matches sibling JSON inventory/local surfaces. **Required fix shape.** Align `plugins list` parse-error routing with the other JSON inventory/local surfaces: in JSON mode, print the structured CLI error envelope to stdout and keep stderr empty for this handled parse error. Preserve text-mode stderr behavior. Add regression coverage for `claw --output-format json plugins list --` asserting rc 1, stdout parseable JSON with `error_kind:"cli_parse"`, and empty stderr. **Acceptance.** `claw --output-format json plugins list --` exits 1, stdout parses from byte 0 as the existing JSON error envelope, stderr is empty, and text mode still reports the parse error to stderr. [SCOPE: claw-code] -818. **`AGENTS.md` and `.claude/CLAUDE.md` silently omitted from instruction file cascade** — dogfooded 2026-05-29 08:00. When a repo contains `AGENTS.md` (OpenAI Codex / multi-agent convention) or `.claude/CLAUDE.md` (scoped Claude Code convention), claw-code does not load either file as part of the instruction/context cascade on startup. Users following either convention discover this only by noticing their persona/context instructions have no effect — no warning, no missing-file diagnostic, no documentation note. This is a friction gap for any team migrating to or simultaneously using claw-code alongside Claude Code or Codex workflows, since the two most common non-CLAUDE.md instruction files are silently ignored. + **Fix applied.** The `plugins list` flag/filter guard emits handled JSON parse errors directly to stdout in JSON mode while keeping text-mode parse errors on stderr. + + **Verification.** `plugins_list_trailing_dash_json_error_uses_stdout_817`, `plugins_list_trailing_dash_text_error_stays_on_stderr_817`, and `plugins_list_flag_shaped_filter_returns_cli_parse_on_stdout_793_817` cover rc 1, stdout JSON with `error_kind:"cli_parse"`, empty stderr in JSON mode, and preserved text stderr behavior. + +818. **DONE — `AGENTS.md` and `.claude/CLAUDE.md` silently omitted from instruction file cascade** — dogfooded 2026-05-29 08:00. When a repo contains `AGENTS.md` (OpenAI Codex / multi-agent convention) or `.claude/CLAUDE.md` (scoped Claude Code convention), claw-code does not load either file as part of the instruction/context cascade on startup. Users following either convention discover this only by noticing their persona/context instructions have no effect — no warning, no missing-file diagnostic, no documentation note. This is a friction gap for any team migrating to or simultaneously using claw-code alongside Claude Code or Codex workflows, since the two most common non-CLAUDE.md instruction files are silently ignored. **Required fix shape.** Add `AGENTS.md` (project root) and `.claude/CLAUDE.md` (`.claude/` subdirectory) to the instruction file cascade that already loads `CLAUDE.md`. Apply the same merge-and-precedence semantics as existing instruction files. Log a debug trace (not stderr noise) when either file is loaded. Add test coverage: a fixture repo with `AGENTS.md` only, `.claude/CLAUDE.md` only, and both present alongside `CLAUDE.md` should each have the relevant content visible in the resolved instruction context. **Acceptance.** `claw` launched in a repo containing `AGENTS.md` or `.claude/CLAUDE.md` loads those files into the instruction context. No warning emitted for absent optional files. Existing `CLAUDE.md`-only repos unaffected. PR #3195. [SCOPE: claw-code] -819. **`claw --output-format json export --session ` writes JSON error envelope to stderr, stdout empty** — dogfooded 2026-05-29 09:30 on `main` `37a9a543`. `claw --output-format json export --session does-not-exist` exits rc=1 with stdout length 0 and the full JSON error envelope on stderr: `{"action":"abort","error":"session not found: does-not-exist","error_kind":"session_not_found",...}`. This is the same channel-routing inconsistency class as #817 (plugins list trailing-dash, fixed in #3194): handled errors in JSON mode should go to stdout, not stderr, so machine consumers can parse the envelope from stdout byte 0 regardless of which surface triggered the error. + **Fix applied.** The instruction cascade now loads `AGENTS.md` and `.claude/CLAUDE.md` from the same ancestor walk that already loads `CLAUDE.md`, `CLAUDE.local.md`, `.claw/CLAUDE.md`, and `.claw/instructions.md`, preserving the existing merge/dedupe semantics and avoiding warnings for absent optional files. + + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p runtime discovers_agents_markdown_instruction_file -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p runtime discovers_scoped_dot_claude_claude_markdown_instruction_file -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p runtime discovers_claude_agents_and_dot_claude_instruction_files_together -- --nocapture`. + +819. **DONE — `claw --output-format json export --session ` writes JSON error envelope to stderr, stdout empty** — dogfooded 2026-05-29 09:30 on `main` `37a9a543`. `claw --output-format json export --session does-not-exist` exits rc=1 with stdout length 0 and the full JSON error envelope on stderr: `{"action":"abort","error":"session not found: does-not-exist","error_kind":"session_not_found",...}`. This is the same channel-routing inconsistency class as #817 (plugins list trailing-dash, fixed in #3194): handled errors in JSON mode should go to stdout, not stderr, so machine consumers can parse the envelope from stdout byte 0 regardless of which surface triggered the error. **Required fix shape.** Align `export --session ` error routing with the inventory surfaces fixed in #817: in JSON mode, write the `session_not_found` error envelope to stdout (rc=1) and keep stderr empty. Preserve text-mode behavior (stderr message). Add regression coverage asserting rc=1, stdout parseable JSON with `error_kind:"session_not_found"`, and empty stderr. **Acceptance.** `claw --output-format json export --session does-not-exist` exits 1, stdout contains the JSON error envelope from byte 0, stderr is empty. Text mode still prints the error to stderr. [SCOPE: claw-code] -820. **`interactive_only` error class always routes JSON envelope to stderr (stdout empty)** — dogfooded 2026-05-29 10:00 on `main` `efe59c22`. All `interactive_only` errors share the same routing gap as #819 (`export --session `): `claw --output-format json session list`, `session switch `, `session delete `, and `session fork ` each exit rc=1, stdout empty, JSON envelope on stderr. The envelope is well-formed (`error_kind:"interactive_only"`, `hint:...`, `action:"abort"`) but the channel is wrong for JSON mode. Any surface that returns `interactive_only` is affected; these are all the `claw session` subcommands. This is the same root cause as #817 (plugins) and #819 (export): the top-level error handler writes `Err(...)` to stderr instead of routing to stdout when `--output-format json` is active. + **Fix applied.** The JSON abort handler now emits export/session-not-found envelopes on stdout in JSON mode while preserving text-mode stderr behavior. The explicit missing-session regression asserts rc 1, `error_kind:"session_not_found"`, abort envelope, and empty stderr. + + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli export_missing_session_json_error_uses_stdout_819 -- --nocapture`. + +820. **DONE — `interactive_only` error class always routes JSON envelope to stderr (stdout empty)** — dogfooded 2026-05-29 10:00 on `main` `efe59c22`. All `interactive_only` errors shared the same routing gap as #819: JSON envelopes were well-formed but written to stderr. Current JSON abort handling routes `interactive_only` envelopes to stdout. **Required fix shape.** In the top-level error handler (or the `interactive_only` classifier arm in `main.rs`), detect JSON output mode and write the structured error envelope to stdout (rc=1) instead of stderr. Scope the fix to the `interactive_only` error_kind so all affected surfaces are repaired in one pass. Add regression coverage for at least `claw --output-format json session list` asserting rc=1, stdout parseable JSON with `error_kind:"interactive_only"`, stderr empty. **Acceptance.** All `claw --output-format json session ` invocations exit 1 with the JSON envelope on stdout and empty stderr. Text mode continues to print the error to stderr. [SCOPE: claw-code] -821. **`status`, `sandbox`, and `system-prompt` in JSON mode still emit config deprecation warning to stderr** — dogfooded 2026-05-29 10:30 on `main` `42aff269`. After #816 fixed config deprecation stderr leakage for `plugins list`, `mcp list`, `doctor`, and `config`, three JSON-mode surfaces continue to emit the `enabledPlugins is deprecated` prose warning to stderr: `claw --output-format json status` (122 bytes stderr), `claw --output-format json sandbox` (122 bytes stderr), `claw --output-format json system-prompt` (122 bytes stderr). These surfaces return well-formed JSON on stdout (rc=0) but leak the config warning to stderr, leaving machine consumers with mixed-channel output. `version`, `acp`, `agents`, `skills`, `mcp`, `plugins`, and `doctor` all have clean stderr after #816. + **Fix applied.** The JSON abort handler now classifies `interactive_only` and prints the structured envelope to stdout in JSON mode; text-mode errors still use stderr. + + **Verification.** Session/abort contract assertions in `output_format_contract.rs` around #819/#820/#823 require JSON-mode interactive-only failures to provide a stdout JSON envelope and no JSON envelope on stderr. + +821. **DONE — `status`, `sandbox`, and `system-prompt` in JSON mode still emit config deprecation warning to stderr** — dogfooded 2026-05-29 10:30 on `main` `42aff269`. After #816 fixed config deprecation stderr leakage for `plugins list`, `mcp list`, `doctor`, and `config`, three JSON-mode surfaces continue to emit the `enabledPlugins is deprecated` prose warning to stderr: `claw --output-format json status` (122 bytes stderr), `claw --output-format json sandbox` (122 bytes stderr), `claw --output-format json system-prompt` (122 bytes stderr). These surfaces return well-formed JSON on stdout (rc=0) but leak the config warning to stderr, leaving machine consumers with mixed-channel output. `version`, `acp`, `agents`, `skills`, `mcp`, `plugins`, and `doctor` all have clean stderr after #816. **Required fix shape.** Extend the JSON-mode config-warning suppression applied in #816 to cover `status`, `sandbox`, and `system-prompt`. The fix should apply globally: any JSON-mode surface that completes successfully should not emit config deprecation prose to stderr. Text mode should keep the human stderr warning. @@ -7853,56 +7904,110 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed) **Follow-up (2026-05-29 12:00, `main` `3dbb35c3`).** Broader sweep confirms additional surfaces with the same 122-byte stderr leak in JSON mode: `--resume latest /config` (all subforms: bare, `env`, `hooks`, `model`, `plugins`) and `--resume latest /providers` (doctor alias). The fix must apply to all config-loading paths, not just the three originally documented surfaces. The suppression guard should fire at the settings-load level so any JSON-mode invocation benefits without per-surface patching. -822. **Unknown top-level subcommand falls through to REPL/provider startup instead of returning a `command_not_found` error** — dogfooded 2026-05-29 11:00 on `main` `69b59079`. `claw --output-format json foobar` does not return a structured `command_not_found` error; instead it falls through to the interactive/API path and hits `missing_credentials` (rc=1, stderr: `{"error_kind":"missing_credentials",...}`). Two gaps in one: (1) the unrecognized command word is silently treated as a prompt/text argument, not flagged as unknown, so the user gets a misleading "no credentials" error instead of "command not found"; (2) the resulting error goes to stderr. This makes automation scripts that probe for command availability impossible to distinguish from auth failures. + **Fix applied.** The warning-suppression regression matrix now covers `status`, `sandbox`, and `system-prompt` with deprecated `enabledPlugins` settings, asserting successful JSON, stdout JSON from byte 0, and empty stderr while preserving the existing text-mode warning assertion. + + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli global_json_surfaces_suppress_config_deprecation_stderr_810_821_824 -- --nocapture`; text-mode preservation remains covered by `local_text_surface_preserves_config_deprecation_stderr_816`. + +822. **DONE — Unknown top-level subcommand falls through to REPL/provider startup instead of returning a `command_not_found` error** — dogfooded 2026-05-29 11:00 on `main` `69b59079`. `claw --output-format json foobar` returned `missing_credentials` after prompt/provider fallthrough instead of a structured `command_not_found`. Current command-shaped unknown tokens are rejected before provider startup. **Required fix shape.** Before falling through to the REPL/prompt path, check whether the first positional arg matches any known subcommand. If not, return a typed error: `{"error_kind":"command_not_found","message":"unknown command: foobar","hint":"Run `claw --help` for available commands.","status":"error"}` on stdout (JSON mode, rc=1) or stderr (text mode). This mirrors the behavior of `--bogus-flag` (which correctly returns `cli_parse`) but for unknown positional commands. **Acceptance.** `claw --output-format json foobar` exits 1, stdout contains JSON with `error_kind:"command_not_found"`, stderr empty. Text mode prints the error to stderr. No provider startup attempted. [SCOPE: claw-code] -823. **`claw --output-format json prompt` with missing/empty prompt text routes JSON error to stderr (stdout empty)** — dogfooded 2026-05-29 11:30 on `main` `3a76c4f4`. `claw --output-format json prompt` (no text) and `claw --output-format json prompt ""` (empty string) both exit rc=1, stdout empty, and write `{"error_kind":"missing_prompt","action":"abort",...}` to stderr. The envelope is well-formed but channel-inconsistent: JSON mode machine consumers reading stdout for command results get empty stdout and must check stderr to detect the error. This is the same class as #819 (export session-not-found) and #820 (interactive_only / session subcommands), and the same root cause: the top-level abort handler writes to stderr regardless of output-format mode. + **Fix applied.** Unknown command-shaped top-level tokens now trip the pre-provider `command_not_found:` guard, and the classifier maps that prefix to `error_kind:"command_not_found"` with JSON-mode output on stdout. + + **Verification.** `unknown_subcommand_json_emits_command_not_found`, `unknown_subcommand_text_emits_command_not_found_on_stderr`, `unknown_subcommand_typo_with_suggestions_json_emits_command_not_found`, and updated `unknown_subcommand_returns_typed_kind_785` cover JSON stdout, text stderr, suggestion hints, and no `missing_credentials` fallthrough. + +823. **DONE — `claw --output-format json prompt` with missing/empty prompt text routes JSON errors to stdout with empty stderr** — dogfooded 2026-05-29 11:30 on `main` `3a76c4f4`. `claw --output-format json prompt` (no text) and `claw --output-format json prompt ""` (empty string) both exited rc=1, stdout empty, and wrote `{"error_kind":"missing_prompt","action":"abort",...}` to stderr. The envelope was well-formed but channel-inconsistent: JSON mode machine consumers reading stdout for command results got empty stdout and had to check stderr to detect the error. This is the same class as #819 (export session-not-found) and #820 (interactive_only / session subcommands), and the same root cause: the top-level abort handler wrote to stderr regardless of output-format mode. **Required fix shape.** In JSON mode, route `missing_prompt` abort errors to stdout (rc=1) and keep stderr empty. This is the same fix pattern as #817/#819/#820: detect JSON output mode in the abort handler and redirect the structured envelope to stdout. Add regression coverage for `claw --output-format json prompt` (no arg) and `claw --output-format json prompt ""` asserting rc=1, stdout parseable JSON with `error_kind:"missing_prompt"`, stderr empty. **Acceptance.** Both invocations exit 1 with JSON envelope on stdout and empty stderr. Text mode still prints to stderr. [SCOPE: claw-code] -824. **Global settings-load deprecation warning still leaks to stderr in JSON mode for `status`, `sandbox`, `system-prompt`, `skills`, `mcp`, `agents` surfaces** — dogfooded 2026-05-29 13:30 on `main` `b4b1ba10`. After #816 and #821 (doc), the `enabledPlugins is deprecated` config warning still reaches stderr on every JSON-mode surface that loads settings: `claw --output-format json status`, `sandbox`, `system-prompt`, `mcp list`, `skills list`, `agents list` all emit `warning: /path/.claw/settings.json: field "enabledPlugins" is deprecated (line 2)...` to stderr. Root cause: `emit_config_warning_once()` in `runtime/src/config.rs` always uses `eprintln!` with no output-format awareness. The `config` surface avoids the duplicate by collecting warnings into a structured `warnings[]` field, but all other surfaces hit the raw `eprintln!` path. + **Fix applied.** The top-level JSON abort handler now emits structured error envelopes to stdout, so both missing `prompt` text paths keep the existing `missing_prompt` classification while preserving empty stderr. Regression coverage now asserts `claw --output-format json prompt` and `claw --output-format json prompt ""` exit rc=1, parse stdout JSON with `error_kind:"missing_prompt"`, and leave stderr empty. + + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli prompt_no_arg_json_error_kind_750 -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli prompt_empty_arg_json_stdout_missing_prompt_823 -- --nocapture`. + +824. **DONE — Global settings-load deprecation warning still leaks to stderr in JSON mode for `status`, `sandbox`, `system-prompt`, `skills`, `mcp`, `agents` surfaces** — dogfooded 2026-05-29 13:30 on `main` `b4b1ba10`. After #816 and #821 (doc), the `enabledPlugins is deprecated` config warning still reaches stderr on every JSON-mode surface that loads settings: `claw --output-format json status`, `sandbox`, `system-prompt`, `mcp list`, `skills list`, `agents list` all emit `warning: /path/.claw/settings.json: field "enabledPlugins" is deprecated (line 2)...` to stderr. Root cause: `emit_config_warning_once()` in `runtime/src/config.rs` always uses `eprintln!` with no output-format awareness. The `config` surface avoids the duplicate by collecting warnings into a structured `warnings[]` field, but all other surfaces hit the raw `eprintln!` path. **Required fix shape.** Add a global `SUPPRESS_CONFIG_WARNINGS_STDERR: AtomicBool` flag in `config.rs`. Set it to `true` immediately when `--output-format json` is detected in `main.rs` (before any settings load). Gate `emit_config_warning_once` on that flag. Text-mode invocations continue to print to stderr; JSON-mode invocations silently suppress the prose warning (warnings remain available via structured `config` output). **Acceptance.** With deprecated `enabledPlugins` in `~/.claw/settings.json`, all JSON-mode surfaces (`status`, `sandbox`, `system-prompt`, `mcp list`, `skills list`, `agents list`, plus all `--resume /config*` forms) exit with empty stderr. Text-mode output is unchanged. [SCOPE: claw-code] -825. **Unknown single-word subcommand falls through to provider startup and surfaces `missing_credentials` instead of `command_not_found`** — dogfooded 2026-05-29 14:00 on `main` `de7edd5b`. `claw foobar` (and `claw --output-format json foobar`) hit the `looks_like_subcommand_typo` guard, which checked for close fuzzy matches but fell through silently when no suggestions matched. The fallthrough routed to `CliAction::Prompt`, triggering Anthropic provider startup and a misleading `missing_credentials` error (or burning API tokens if credentials were present). The `command_not_found` error kind existed in the registry but was never emitted by this path. + **Fix applied.** The focused matrix now exercises the global settings-load path for `status`, `sandbox`, `system-prompt`, `mcp list`, `skills list`, `agents list`, and a generated-session resume `/config` invocation under deprecated `enabledPlugins`, requiring empty stderr for every JSON-mode surface. + + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli global_json_surfaces_suppress_config_deprecation_stderr_810_821_824 -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli local_text_surface_preserves_config_deprecation_stderr_816 -- --nocapture`. + +825. **DONE — Unknown single-word subcommand falls through to provider startup and surfaces `missing_credentials` instead of `command_not_found`** — dogfooded 2026-05-29 14:00 on `main` `de7edd5b`. `claw foobar` (and `claw --output-format json foobar`) hit the `looks_like_subcommand_typo` guard, then fell through to provider startup when no suggestions matched. Current code emits `command_not_found` for this path. **Required fix shape.** When `looks_like_subcommand_typo` fires on a single-word positional arg with no close suggestions, emit `command_not_found:` rather than falling through. Add `command_not_found:` prefix classifier to `classify_error_kind`. Result: clean `{"error_kind":"command_not_found",...}` envelope on stdout (JSON mode), error on stderr (text mode), zero provider startup. **Acceptance.** `claw --output-format json foobar` exits 1, stdout `error_kind:"command_not_found"`, stderr empty, no Anthropic call. Typo with suggestions (`claw statuz`) also gets `command_not_found` plus `hint` with suggestions. [SCOPE: claw-code] -826. **Multi-word unknown subcommand still falls through to `missing_credentials`** — dogfooded 2026-05-29 14:38 on `main` `70d64be0`. After #825 fixed single-word unknown subcommands, multi-word invocations (`claw foobar baz`) are still undetected: the `looks_like_subcommand_typo` guard only fires when `rest.len() == 1`. When there are two or more positional args, the first word is treated as a prompt and all args join into a prompt string → provider startup → `missing_credentials`. Same misleading-error class as #825 but for multi-word cases. + **Fix applied.** The `looks_like_subcommand_typo` path emits `command_not_found:` for unknown single-word command-shaped tokens even when there are no close suggestions, and typo suggestions are unified under the same typed error kind. + + **Verification.** `unknown_subcommand_json_emits_command_not_found`, `unknown_subcommand_text_emits_command_not_found_on_stderr`, `unknown_subcommand_typo_with_suggestions_json_emits_command_not_found`, and classifier coverage in `classify_error_kind_returns_correct_discriminants` verify `command_not_found` instead of `missing_credentials` before provider startup. + +826. **DONE — Multi-word unknown subcommand still falls through to `missing_credentials`** — dogfooded 2026-05-29 14:38 on `main` `70d64be0`. After #825 fixed single-word unknown subcommands, multi-word invocations (`claw foobar baz`) are still undetected: the `looks_like_subcommand_typo` guard only fires when `rest.len() == 1`. When there are two or more positional args, the first word is treated as a prompt and all args join into a prompt string → provider startup → `missing_credentials`. Same misleading-error class as #825 but for multi-word cases. **Required fix shape.** Extend the command-not-found guard to also fire when `rest.len() > 1` and `rest[0]` passes `looks_like_subcommand_typo` but does not match any known subcommand. The multi-arg case should also emit `command_not_found` — with a note that if literal multi-word prompt was intended, use `claw prompt ` or `echo 'text' | claw`. **Acceptance.** `claw --output-format json foobar baz` exits 1, stdout `error_kind:"command_not_found"`, stderr empty, no provider startup. `claw "write a haiku"` (valid prompt passthrough) is unaffected. [SCOPE: claw-code] -827. **`--resume /unknown-slash-command` emits `error_kind:"unknown"` instead of a typed kind** — dogfooded 2026-05-29 14:58 on `main` `d47b0151`. `claw --resume latest --output-format json /bogus` exits rc=2 with `{"error_kind":"unknown",...}` on stdout (correct channel, correct rc) but the opaque `"unknown"` kind gives machine consumers no way to distinguish "unrecognized slash command" from other error classes. The error has a useful `hint` with suggestions, but the `error_kind` field is `"unknown"` across all unrecognized resume slash commands. + **Fix applied.** JSON-mode command-shaped unknown subcommands now emit `command_not_found:` before provider startup even when additional tokens follow. Text-mode multi-word prompt shorthand remains available, but JSON automation no longer turns `claw --output-format json foobar baz` into a credential-gated prompt request. + + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli multi_word_unknown_subcommand_json_emits_command_not_found_826 -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli unknown_subcommand_json_emits_command_not_found -- --nocapture`; direct probe `cargo run --manifest-path rust/Cargo.toml -q -p rusty-claude-cli -- --output-format json foobar baz`. + +827. **DONE — `--resume /unknown-slash-command` emits `error_kind:"unknown"` instead of a typed kind** — dogfooded 2026-05-29 14:58 on `main` `d47b0151`. `claw --resume latest --output-format json /bogus` exits rc=2 with `{"error_kind":"unknown",...}` on stdout (correct channel, correct rc) but the opaque `"unknown"` kind gives machine consumers no way to distinguish "unrecognized slash command" from other error classes. The error has a useful `hint` with suggestions, but the `error_kind` field is `"unknown"` across all unrecognized resume slash commands. **Required fix shape.** Introduce a typed `error_kind` for unrecognized slash commands (e.g. `unknown_slash_command` or `command_not_found`). Update the JSON emit in the `--resume` unknown-command handler to use the typed kind. Add regression coverage asserting the typed kind. **Acceptance.** `claw --resume latest --output-format json /bogus` exits rc=2, stdout `error_kind:"unknown_slash_command"` (or similar typed constant), stderr empty. [SCOPE: claw-code] -828. **`/approve` and `/deny` outside REPL emit `unknown_slash_command` instead of `interactive_only`** — dogfooded 2026-05-29 16:05 on `main` `9d05573f`. `claw --output-format json /approve` exited rc=1 with `error_kind:"unknown_slash_command"` — these are valid REPL-only slash commands but are not `SlashCommand` enum variants, so they fell through to `format_unknown_direct_slash_command`. Machine consumers saw the wrong error class. + **Fix applied.** Unknown direct and resumed slash commands now use the classifier-friendly `unknown_slash_command:` prefix, so the JSON resume-command error path emits `error_kind:"unknown_slash_command"` instead of falling back to `unknown`. Direct slash command coverage and the new resumed-session regression both assert stdout JSON and empty stderr. + + **Verification.** `cargo fmt --manifest-path rust/Cargo.toml --all -- --check`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli direct_unknown_slash_command_emits_typed_error_kind -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli resume_unknown_slash_command_emits_typed_error_kind_827 -- --nocapture`; direct probe `cargo run --manifest-path rust/Cargo.toml -q -p rusty-claude-cli -- --resume .claw/sessions/491726c4e6bde42d/session-1778832949219-0.jsonl --output-format json /boguscommand`. + +828. **DONE — `/approve` and `/deny` outside REPL emit `unknown_slash_command` instead of `interactive_only`** — dogfooded 2026-05-29 16:05 on `main` `9d05573f`. `claw --output-format json /approve` exited rc=1 with `error_kind:"unknown_slash_command"` — these are valid REPL-only slash commands but are not `SlashCommand` enum variants, so they fell through to `format_unknown_direct_slash_command`. Machine consumers saw the wrong error class. **Fix applied.** `SlashCommand::Unknown` arm now special-cases `approve | yes | y | deny | no | n` and emits `interactive_only:` prefix before falling through to `format_unknown_direct_slash_command`. Both `error_kind` and hint are correct. **Acceptance.** `claw --output-format json /approve` exits rc=1, stdout `error_kind:"interactive_only"`, stderr empty. [SCOPE: claw-code] -829. **`interactive_only` hint incorrectly suggests `--resume` for commands that are not resume-safe** — dogfooded 2026-05-29 16:40 on `main` `187aebd7`. `claw --output-format json /commit` hint says `"use claw --resume SESSION.jsonl /commit"` but `/commit` is not resume-safe (no `[resume]` marker in `/help`). Same for `/pr`, `/issue`, `/bughunter`, `/ultraplan`. The generic `interactive_only` hint template does not distinguish resume-safe from live-REPL-only commands, so it always suggests `--resume` regardless. Users who follow the hint will get `interactive_only` again. + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli approve_deny_outside_repl_emits_interactive_only -- --nocapture`; direct probes `cargo run --manifest-path rust/Cargo.toml -q -p rusty-claude-cli -- --output-format json /approve` and `cargo run --manifest-path rust/Cargo.toml -q -p rusty-claude-cli -- --output-format json /deny`. + +829. **DONE — `interactive_only` hint incorrectly suggests `--resume` for commands that are not resume-safe** — dogfooded 2026-05-29 16:40 on `main` `187aebd7`. `claw --output-format json /commit` hint says `"use claw --resume SESSION.jsonl /commit"` but `/commit` is not resume-safe (no `[resume]` marker in `/help`). Same for `/pr`, `/issue`, `/bughunter`, `/ultraplan`. The generic `interactive_only` hint template does not distinguish resume-safe from live-REPL-only commands, so it always suggests `--resume` regardless. Users who follow the hint will get `interactive_only` again. **Required fix shape.** The generic `interactive_only:` message formatter (line ~1745 in `main.rs`) currently always appends `or use claw --resume SESSION.jsonl {command_name}`. This should be conditioned on whether the slash command appears in the resume-safe command list. Non-resume-safe interactive commands should only say `Start claw and run it there.` **Acceptance.** `claw --output-format json /commit` hint does NOT mention `--resume`. `claw --output-format json /status` (resume-safe) hint still mentions `--resume`. [SCOPE: claw-code] -830. **`claw mcp show` (missing server name arg) emits `error_kind:"unknown_mcp_action"` instead of `missing_argument`** — dogfooded 2026-05-29 17:00 on `main` `ac5b19de`. `claw --output-format json mcp show` (no server name supplied) exits with `error_kind:"unknown_mcp_action"`. However `show` IS a known MCP action — the error is a missing required argument (server name), not an unknown action. Machine consumers inspecting `error_kind` cannot distinguish "I don't know this action" from "I know this action but a required arg is missing". + **Fix applied.** The direct slash-command guidance now consults the shared `resume_supported` command metadata before adding a `--resume` remediation. Non-resume-safe commands such as `/commit`, `/pr`, `/issue`, `/bughunter`, and `/ultraplan` only point users to the live REPL, while resume-safe commands keep the `--resume SESSION.jsonl` hint. + + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli non_resume_safe_interactive_only_hint_omits_resume_suggestion -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli resume_safe_interactive_only_hint_includes_resume_suggestion -- --nocapture`; direct probes `cargo run --manifest-path rust/Cargo.toml -q -p rusty-claude-cli -- --output-format json /commit` and `cargo run --manifest-path rust/Cargo.toml -q -p rusty-claude-cli -- --output-format json /status`. + +830. **DONE — `claw mcp show` (missing server name arg) emits `error_kind:"unknown_mcp_action"` instead of `missing_argument`** — dogfooded 2026-05-29 17:00 on `main` `ac5b19de`. `claw --output-format json mcp show` (no server name supplied) exits with `error_kind:"unknown_mcp_action"`. However `show` IS a known MCP action — the error is a missing required argument (server name), not an unknown action. Machine consumers inspecting `error_kind` cannot distinguish "I don't know this action" from "I know this action but a required arg is missing". **Required fix shape.** The MCP subcommand parser should detect `show` with no following token and emit `missing_argument: mcp show requires a server name.\nUsage: claw mcp show ` with a distinct `error_kind`. Update the classifier arm to return `missing_argument` for this prefix. **Acceptance.** `claw --output-format json mcp show` exits rc=1, stdout `error_kind:"missing_argument"`, stderr empty. Hint contains usage example. [SCOPE: claw-code] + + **Fix applied.** `mcp show` without a server name now emits a typed `missing_argument` response instead of reusing `unknown_mcp_action`. The direct JSON path returns `{kind:"mcp", action:"show", status:"error", error_kind:"missing_argument"}` with a usage hint on stdout and an empty stderr stream; the slash-command parser also classifies `/mcp show` as `missing_argument` via the shared error-kind classifier. + + **Verification.** `cargo fmt --manifest-path rust/Cargo.toml --all -- --check`; `cargo test --manifest-path rust/Cargo.toml -p commands mcp -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli mcp_show_missing_server_name_returns_missing_argument_830 -- --nocapture`; `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli classify_error_kind_returns_correct_discriminants -- --nocapture`; direct probe `cargo run --manifest-path rust/Cargo.toml -q -p rusty-claude-cli -- --output-format json mcp show`. + +831. **DONE — Direct resume-safe slash commands route to `interactive_only` instead of local JSON actions** — PR #3205 showed that direct slash invocations such as `claw --output-format json /status`, `/diff`, `/version`, `/doctor`, and `/sandbox` were parsed successfully as resume-safe slash commands, but the direct CLI parser still fell through to generic `interactive_only` guidance instead of dispatching to the same pure-local `CliAction` handlers as the bare subcommands. + + **Required fix shape.** In the direct slash CLI parser, map resume-safe local slash command variants to the corresponding local `CliAction` variants. Preserve non-resume-safe slash command guidance from #829. + + **Acceptance.** `claw --output-format json /version`, `/sandbox`, `/diff`, and `/status` succeed with their expected local JSON `kind` and environment-dependent local `status`, stdout JSON, and empty stderr; non-resume-safe slash commands still emit `interactive_only` without bogus local routing. [SCOPE: claw-code] + + **Fix applied.** `parse_direct_slash_cli_action` now routes `/status`, `/diff`, `/version`, `/doctor`, and `/sandbox` directly to the same local `CliAction` variants as `status`, `diff`, `version`, `doctor`, and `sandbox`. The generic `interactive_only` branch remains the fallback for valid but live-REPL-only slash commands, preserving the #829 non-resume-safe hint behavior. + + **Verification.** `cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli direct_resume_safe_slash_commands_route_to_local_json_actions_831 -- --nocapture`. + +832. **DONE — roadmap-next-id helper missing explicit ROADMAP path behavior lacked regression coverage** — follow-up to #725 and PR #3117 after dogfood showed `scripts/roadmap-next-id.sh /tmp/nonexistent-roadmap` already failed correctly but the helper tests did not pin that behavior. The missing-path case is important because docs-only PRs can otherwise regress back to printing a next id for an absent explicit file. + + **Fix applied.** Added `test_roadmap_next_id_fails_when_explicit_roadmap_path_is_missing`, proving an explicit missing ROADMAP path exits nonzero, keeps stdout empty, and reports both `ROADMAP not found` and the requested path on stderr. Added `tests/__init__.py` so `python3 -m unittest tests.test_roadmap_helpers` resolves this repository's tests package consistently. + + **Verification.** `python3 -m unittest tests.test_roadmap_helpers`; `scripts/roadmap-check-ids.sh`; `scripts/roadmap-next-id.sh`. diff --git a/USAGE.md b/USAGE.md index cc15da2a..edea2d1e 100644 --- a/USAGE.md +++ b/USAGE.md @@ -51,26 +51,27 @@ cd rust ``` **Note:** Diagnostic verbs (`doctor`, `status`, `sandbox`, `version`) support `--output-format json` for machine-readable output. Invalid suffix arguments (e.g., `--json`) are now rejected at parse time rather than falling through to prompt dispatch. +`version --output-format json` reports structured build provenance including full `git_sha`, derived `git_sha_short`, `is_dirty`, `branch`, `commit_date`, `commit_timestamp`, `rustc_version`, runtime `executable_path`, and `binary_provenance`; JSON keeps the prose report in `human_readable` instead of duplicating it under `message`. `status --output-format json` exposes `workspace.memory_files[]` with `path`, `source`, `origin`, `scope_path`, `outside_project`, `chars`, and `contributes` for every loaded project memory file. ### Initialize a repository -Set up a new repository with `.claw` config, `.claw.json`, `.gitignore` entries, and a `CLAUDE.md` guidance file: +Set up a new repository with `.claw/settings.json`, `.claw.json`, `.gitignore` entries, and a `CLAUDE.md` guidance file: ```bash cd /path/to/your/repo ./target/debug/claw init ``` -Text mode (human-readable) shows artifact creation summary with project path and next steps. Idempotent — running multiple times in the same repo marks already-created files as "skipped". +Text mode (human-readable) shows artifact creation summary with project path and next steps. Idempotent — running multiple times in the same repo marks already-created files as "skipped", reports `.claw/` as "partial" when missing sub-files are materialized, and keeps `.claw/sessions/` deferred until the first successful session save. JSON mode for scripting: ```bash ./target/debug/claw init --output-format json ``` -Returns structured output with `project_path`, `created[]`, `updated[]`, `skipped[]` arrays (one per artifact), and `artifacts[]` carrying each file's `name` and machine-stable `status` tag. The legacy `message` field preserves backward compatibility. +Returns structured output with `project_path`, `created[]`, `updated[]`, `partial[]`, `deferred[]`, and `skipped[]` arrays (one per artifact status), and `artifacts[]` carrying each file's `name` and machine-stable `status` tag. The legacy `message` field preserves backward compatibility. -**Why structured fields matter:** Claws can detect per-artifact state (`created` vs `updated` vs `skipped`) without substring-matching human prose. Use the `created[]`, `updated[]`, and `skipped[]` arrays for conditional follow-up logic (e.g., only commit if files were actually created, not just updated). +**Why structured fields matter:** Claws can detect per-artifact state (`created`, `updated`, `partial`, `deferred`, or `skipped`) without substring-matching human prose. Use the status arrays for conditional follow-up logic (e.g., only commit if files were actually created, not just updated). ### Interactive REPL @@ -86,6 +87,12 @@ cd rust ./target/debug/claw prompt "summarize this repository" ``` +Pipe prompt text through stdin when automation already produces the prompt body: + +```bash +printf 'summarize this repository\n' | ./target/debug/claw prompt --output-format json +``` + ### Shorthand prompt mode ```bash @@ -93,6 +100,12 @@ cd rust ./target/debug/claw "explain rust/crates/runtime/src/lib.rs" ``` +Use the POSIX `--` end-of-flags separator when the shorthand prompt itself begins with `-` or `--`: + +```bash +./target/debug/claw -- "-summarize this dash-prefixed text" +``` + ### JSON output for scripting ```bash @@ -187,17 +200,24 @@ cd rust ./target/debug/claw --permission-mode read-only prompt "summarize Cargo.toml" ./target/debug/claw --permission-mode workspace-write prompt "update README.md" ./target/debug/claw --allowedTools read,glob "inspect the runtime crate" +./target/debug/claw --cwd ../other-workspace status --output-format json ``` -Supported permission modes: +Global workspace override flags: `--cwd PATH`, `-C PATH`, and `--directory PATH` are accepted before any subcommand. They are validated before command dispatch and take precedence over the process `$PWD`; invalid paths return typed `invalid_cwd` JSON errors in JSON mode. -- `read-only` -- `workspace-write` -- `danger-full-access` +`--allowedTools` accepts canonical snake_case tool names (for example `read_file`, `glob_search`, `web_fetch`) plus documented aliases such as `read`, `glob`, `Read`, and `WebFetch`. `claw status --output-format json` exposes `allowed_tools.available` and `allowed_tools.aliases`, and invalid values return typed `invalid_tool_name` JSON with `tool_name`, `available`, and `tool_aliases`. A missing value before a subcommand or another flag returns `missing_argument` with `argument:"--allowedTools"`. + +`--output-format` accepts `text` or `json` case-insensitively and normalizes to the canonical lowercase modes. `CLAW_OUTPUT_FORMAT=json` sets the default output format for scripts, while an explicit `--output-format` flag takes precedence. Repeating the flag emits a stderr warning and JSON status envelopes expose `format_source`, `format_raw`, and `format_overridden` so composed flag arrays are auditable; invalid values return typed `invalid_output_format` JSON with `value` and `expected:["text","json"]`. + +Supported permission modes (default: `workspace-write`): + +- `read-only` allows inspection-only local tools such as file reads, glob/grep searches, local skills, and status-style reporting. It does not allow workspace mutation, network-fetch/search tools, or arbitrary command execution. +- `workspace-write` is the safe default. It allows reads plus direct file-editing tools inside the current workspace, including write/edit/notebook/config/plan-mode updates, while still gating network-fetch/search tools, arbitrary shell execution, subagent launches, REPL subprocesses, and other full-access tools behind an explicit escalation. +- `danger-full-access` allows every registered tool requirement, including arbitrary command execution, web fetch/search, subagent launches, subprocess REPLs, and unrestricted tool access. Select it only with an explicit `--permission-mode danger-full-access`, `--dangerously-skip-permissions`, `--skip-permissions`, env, or config opt-in. Model aliases currently supported by the CLI: -- `opus` → `claude-opus-4-6` +- `opus` → `claude-opus-4-7` - `sonnet` → `claude-sonnet-4-6` - `haiku` → `claude-haiku-4-5-20251213` @@ -292,6 +312,18 @@ cd rust ./target/debug/claw --model "llama3.2" prompt "summarize this repository in one sentence" ``` +For Ollama tags with punctuation (for example `qwen2.5-coder:7b`), `OPENAI_BASE_URL` selects the local OpenAI-compatible route even when `OPENAI_API_KEY` is unset: + +```bash +export OPENAI_BASE_URL="http://127.0.0.1:11434/v1" +unset OPENAI_API_KEY + +cd rust +./target/debug/claw --model "qwen2.5-coder:7b" prompt "reply with ready" +``` + +If the local server exposes a slash-containing model ID, prefix it with `local/` so Claw selects the OpenAI-compatible transport while sending the remainder verbatim on the wire: `--model "local/Qwen/Qwen3.6-27B-FP8"`. + ### OpenRouter ```bash @@ -334,7 +366,7 @@ Reasoning variants (`qwen-qwq-*`, `qwq-*`, `*-thinking`) automatically strip `te The OpenAI-compatible backend also serves as the gateway for **OpenRouter**, **Ollama**, and any other service that speaks the OpenAI `/v1/chat/completions` wire format — just point `OPENAI_BASE_URL` at the service. -**Model-name prefix routing:** If a model name starts with `openai/`, `gpt-`, `qwen/`, `qwen-`, `kimi/`, or `kimi-`, the provider is selected by the prefix regardless of which env vars are set. This prevents accidental misrouting to Anthropic when multiple credentials exist in the environment. For the default OpenAI API, `openai/` is a routing prefix and is stripped before the request hits the wire. For a custom `OPENAI_BASE_URL`, slash-containing OpenAI-compatible slugs (for example OpenRouter-style `openai/gpt-4.1-mini`) are preserved so the gateway receives the model ID it expects. +**Model-name prefix routing:** If a model name starts with `openai/`, `local/`, `gpt-`, `qwen/`, `qwen-`, `kimi/`, or `kimi-`, the provider is selected by the prefix regardless of which env vars are set. This prevents accidental misrouting to Anthropic when multiple credentials exist in the environment. For the default OpenAI API and local/private OpenAI-compatible endpoints, `openai/` is a routing prefix and is stripped before the request hits the wire. For non-local custom `OPENAI_BASE_URL` gateways, slash-containing OpenAI-compatible slugs (for example OpenRouter-style `openai/gpt-4.1-mini`) are preserved so the gateway receives the model ID it expects. The `local/` prefix is an explicit escape hatch for local slash-containing model IDs: it is stripped while the rest of the model ID is sent verbatim. ### Tested models and aliases @@ -342,17 +374,19 @@ These are the models registered in the built-in alias table with known token lim | Alias | Resolved model name | Provider | Max output tokens | Context window | |---|---|---|---|---| -| `opus` | `claude-opus-4-6` | Anthropic | 32 000 | 200 000 | +| `opus` | `claude-opus-4-7` | Anthropic | 32 000 | 200 000 | | `sonnet` | `claude-sonnet-4-6` | Anthropic | 64 000 | 200 000 | | `haiku` | `claude-haiku-4-5-20251213` | Anthropic | 64 000 | 200 000 | | `grok` / `grok-3` | `grok-3` | xAI | 64 000 | 131 072 | | `grok-mini` / `grok-3-mini` | `grok-3-mini` | xAI | 64 000 | 131 072 | | `grok-2` | `grok-2` | xAI | — | — | | `kimi` | `kimi-k2.5` | DashScope | 16 384 | 256 000 | +| `qwen-max` | `qwen-max` | DashScope | 8 192 | 131 072 | +| `qwen-plus` | `qwen-plus` | DashScope | 8 192 | 131 072 | | `gpt-4.1` / `gpt-4.1-mini` / `gpt-4.1-nano` | same | OpenAI-compatible | 32 768 | 1 047 576 | | `gpt-5.4` / `gpt-5.4-mini` / `gpt-5.4-nano` | same | OpenAI-compatible | 128 000 | 1 000 000 / 400 000 | -Any model name that does not match an alias is passed through verbatim after provider routing is resolved. This is how you use OpenRouter model slugs (`openai/gpt-4.1-mini` with a custom `OPENAI_BASE_URL`), Ollama tags (`llama3.2`), or full Anthropic model IDs (`claude-sonnet-4-20250514`). +Any model name that does not match an alias is passed through verbatim after provider routing is resolved. This is how you use OpenRouter model slugs (`openai/gpt-4.1-mini` with a custom `OPENAI_BASE_URL`), Ollama tags (`llama3.2` or `qwen2.5-coder:7b`), slash-containing local IDs (`local/Qwen/Qwen3.6-27B-FP8`), or full Anthropic model IDs (`claude-sonnet-4-20250514`). ### User-defined aliases @@ -362,7 +396,7 @@ You can add custom aliases in any settings file (`~/.claw/settings.json`, `.claw { "aliases": { "fast": "claude-haiku-4-5-20251213", - "smart": "claude-opus-4-6", + "smart": "claude-opus-4-7", "cheap": "grok-3-mini" } } @@ -370,13 +404,15 @@ You can add custom aliases in any settings file (`~/.claw/settings.json`, `.claw Local project settings override user-level settings. Aliases resolve through the built-in table, so `"fast": "haiku"` also works. +Model selection precedence is CLI flag, environment, config, then default. The environment model slot accepts `CLAW_MODEL`, `ANTHROPIC_MODEL`, and `ANTHROPIC_DEFAULT_MODEL` in that order; aliases from those variables are resolved and validated before provider startup. `claw --output-format json status` exposes `model_raw`, `model_alias_resolved_to`, and `model_env_var` so automation can see the winning value. + ### How provider detection works 1. If the resolved model name starts with `claude` → Anthropic. 2. If it starts with `grok` → xAI. -3. If it starts with `openai/` or `gpt-` → OpenAI-compatible. +3. If it starts with `openai/`, `local/`, or `gpt-` → OpenAI-compatible. 4. If it starts with `qwen/`, `qwen-`, `kimi/`, or `kimi-` → DashScope-compatible OpenAI wire format. -5. If `OPENAI_BASE_URL` and `OPENAI_API_KEY` are set, unknown model names route to the OpenAI-compatible client for local/gateway servers. +5. If `OPENAI_BASE_URL` is set, local-looking unknown model names such as `llama3.2` or `qwen2.5-coder:7b` route to the OpenAI-compatible client for local/gateway servers. 6. Otherwise, `claw` checks which credential is set: Anthropic first, then OpenAI, then xAI. If only `OPENAI_BASE_URL` is set, it still routes to OpenAI-compatible for authless local servers. 7. If nothing matches, it defaults to Anthropic. @@ -417,6 +453,9 @@ The name "codex" appears in the Claw Code ecosystem but it does **not** refer to export HTTPS_PROXY="http://proxy.corp.example:3128" export HTTP_PROXY="http://proxy.corp.example:3128" export NO_PROXY="localhost,127.0.0.1,.corp.example" +export CLAW_OUTPUT_FORMAT="json" # default non-interactive output format; flags override it +export CLAW_LOG="debug" # claw-specific log level selector surfaced by help/doctor +export RUST_LOG="claw=debug" # Rust logging convention surfaced by help/doctor cd rust ./target/debug/claw prompt "hello via the corporate proxy" @@ -452,11 +491,12 @@ let client = build_http_client_with(&config).expect("proxy client"); ## Skills -Use `/skills list` in the interactive REPL or `claw skills --output-format json` from the direct CLI to inspect installed skills. For offline/local installs, install the directory that contains `SKILL.md`, then verify the discovered name before invoking it: +Use `/skills list` in the interactive REPL or `claw skills --output-format json` from the direct CLI to inspect installed skills. For offline/local installs, install the directory that contains `SKILL.md`, then verify the discovered name before invoking it. `skills install`, `skills uninstall`, and `agents create` are local filesystem lifecycle commands; they do not require provider credentials. ```text /skills install /absolute/path/to/my-skill /skills list +/skills uninstall my-skill /skills my-skill ``` @@ -469,6 +509,7 @@ cd rust ./target/debug/claw status ./target/debug/claw sandbox ./target/debug/claw agents +./target/debug/claw agents create my-agent ./target/debug/claw mcp ./target/debug/claw skills ./target/debug/claw system-prompt --cwd .. --date 2026-04-04 @@ -488,6 +529,7 @@ git clone https://github.com/Xquik-dev/tweetclaw cd claw-code/rust ./target/debug/claw skills install ../../tweetclaw/skills/tweetclaw ./target/debug/claw skills show tweetclaw +./target/debug/claw skills uninstall tweetclaw ``` TweetClaw gives `claw` users a local skill guide for OpenClaw/Xquik workflows @@ -495,6 +537,15 @@ such as tweet search, reply search, follower export, monitors, webhooks, and approval-gated posting. Configure any Xquik credentials outside the prompt and avoid pasting API keys into chat. +## Author a local agent + +`claw agents create ` scaffolds a local `.claw/agents/.toml` file for the current workspace. The scaffold is intentionally small so you can edit the description, model, and reasoning effort before listing or invoking agents: + +```bash +./target/debug/claw agents create release-checker +./target/debug/claw agents list +``` + ## Session management REPL turns are persisted under `.claw/sessions/` in the current workspace. @@ -517,6 +568,73 @@ Runtime config is loaded in this order, with later entries overriding earlier on 4. `/.claw/settings.json` 5. `/.claw/settings.local.json` +The list is also the precedence chain: project-local settings override project settings, project settings override the legacy project `.claw.json`, and project files override user files. `claw --output-format json config` includes each discovered file's `precedence_rank`, `wins_for_keys`, and `shadowed_keys` so automation can see which file controls each effective key without reimplementing the merge order. + +## MCP server validation + +`claw mcp --output-format json` loads valid `mcpServers` entries even when sibling entries are malformed. The JSON list envelope distinguishes the total configured entries from the valid and invalid subsets: + +```json +{ + "configured_servers": 1, + "total_configured": 2, + "valid_count": 1, + "invalid_count": 1, + "servers": [{ "name": "valid-server", "valid": true }], + "invalid_servers": [ + { + "name": "missing-command", + "error_field": "command", + "reason": ".claw.json: mcpServers.missing-command: missing string field command", + "valid": false + } + ] +} +``` + +`status --output-format json` mirrors this under `mcp_validation`, and `doctor --output-format json` includes an `mcp validation` check so automation can repair every rejected server entry without losing usable MCP servers. + +## Hook configuration + +`hooks.PreToolUse`, `hooks.PostToolUse`, and `hooks.PostToolUseFailure` accept either legacy command strings or object-style entries with a `matcher` and nested command hooks: + +```json +{ + "hooks": { + "PreToolUse": [ + "echo legacy hook", + { + "matcher": "Bash", + "hooks": [ + { "type": "command", "command": "scripts/audit-bash.sh" } + ] + } + ] + } +} +``` + +Object-style matchers are optional. When present, they match tool names case-insensitively and support `*` wildcards plus comma or pipe separated alternatives. Nested hook `type` may be omitted or set to `"command"`; each nested command runs in configuration order. + +## Project instruction rules + +In addition to root instruction files such as `CLAUDE.md`, `CLAW.md`, `AGENTS.md`, `.claw/CLAUDE.md`, `.claude/CLAUDE.md`, and `.claw/instructions.md`, `claw` loads sorted Markdown/text rule files from: + +- `/.claw/rules/` (`.md`, `.txt`, `.mdc`) for shared project rules. +- `/.claw/rules.local/` for personal local rules; this path is gitignored. + +Root instruction-file priority is `CLAUDE.md`, then `CLAW.md`, then `AGENTS.md` for each discovered directory. Discovery is bounded to the current git root when one exists, otherwise to the current directory only, so stale parent files outside the project do not silently bleed into the prompt. All loaded files contribute to the system prompt and to `status --output-format json` as `workspace.memory_files:[{path, source, origin, scope_path, outside_project, chars, contributes}]`; `claw doctor --output-format json` includes a `memory` check so automation can detect loaded and unexpected unloaded memory-file candidates without parsing prompt text. + +By default, `claw` also imports detected rules from common AI coding tools such as Cursor (`.cursorrules`, `.cursor/rules/`), GitHub Copilot (`.github/copilot-instructions.md`), Windsurf, Plandex, and Crush. Control this with `rulesImport` in any settings file: + +```json +{ + "rulesImport": "none" +} +``` + +Use `"auto"` (the default) to import every supported framework, `"none"` to load only Claw instruction/rules files, or an array such as `["cursor", "copilot"]` to import selected frameworks. + ## Mock parity harness The workspace includes a deterministic Anthropic-compatible mock service and parity harness. diff --git a/docs/MODEL_COMPATIBILITY.md b/docs/MODEL_COMPATIBILITY.md index ec332fde..13919d42 100644 --- a/docs/MODEL_COMPATIBILITY.md +++ b/docs/MODEL_COMPATIBILITY.md @@ -148,12 +148,12 @@ pub const DEFAULT_DASHSCOPE_BASE_URL: &str = "https://dashscope.aliyuncs.com/com **Affected models:** Slash-containing model IDs routed through the OpenAI-compatible provider, especially custom gateways configured with `OPENAI_BASE_URL` such as OpenRouter, local routers, or other `/v1/chat/completions` services. **Behavior:** -- The default OpenAI API treats `openai/` as a routing prefix and sends the bare model name on the wire. -- Custom OpenAI-compatible base URLs preserve slash-containing slugs such as `openai/gpt-4.1-mini` so the gateway receives the exact model ID it expects. +- The default OpenAI API and local/private OpenAI-compatible base URLs treat `openai/` as a routing prefix and send the bare model name on the wire. +- Non-local custom OpenAI-compatible base URLs preserve slash-containing slugs such as `openai/gpt-4.1-mini` so gateways like OpenRouter receive the exact model ID they expect. Local slash-containing model IDs can use `local/`, which strips only that escape-hatch prefix and sends the remainder verbatim. - `MessageRequest::extra_body` passes through custom request JSON after core fields are populated. This supports provider-specific options such as `web_search_options` and `parallel_tool_calls`. - Protected core fields (`model`, `messages`, `stream`, `tools`, `tool_choice`, `max_tokens`, `max_completion_tokens`) cannot be overridden through `extra_body`. -**Testing:** See `custom_openai_gateway_preserves_slash_model_ids_and_extra_body_params` in `openai_compat_integration.rs` and `extra_body_params_are_passed_through_without_overriding_core_fields` in `openai_compat.rs`. +**Testing:** See `custom_openai_gateway_preserves_slash_model_ids_and_extra_body_params` in `openai_compat_integration.rs`, `wire_model_strips_openai_prefix_for_default_and_local_preserves_custom_gateways`, `local_routing_prefix_strips_only_escape_hatch`, and `extra_body_params_are_passed_through_without_overriding_core_fields` in `openai_compat.rs`. ## Implementation Details diff --git a/docs/local-openai-compatible-providers.md b/docs/local-openai-compatible-providers.md index a0b22a52..aabbe696 100644 --- a/docs/local-openai-compatible-providers.md +++ b/docs/local-openai-compatible-providers.md @@ -13,7 +13,7 @@ If you need the most polished daily-driver experience for a specific non-Claude ## OpenAI-compatible routing basics -Set `OPENAI_BASE_URL` to the server’s `/v1` endpoint and set `OPENAI_API_KEY` to either the required token or a harmless placeholder for local servers that expect an Authorization header. The model name must match what the server exposes. +Set `OPENAI_BASE_URL` to the server’s `/v1` endpoint and set `OPENAI_API_KEY` to either the required token or a harmless placeholder for local servers that expect an Authorization header. Authless local/private OpenAI-compatible servers can leave `OPENAI_API_KEY` unset. The model name must match what the server exposes. ```bash export OPENAI_BASE_URL="http://127.0.0.1:11434/v1" @@ -24,8 +24,8 @@ claw --model "qwen3:latest" prompt "Reply exactly HELLO_WORLD_123" Routing notes: - Use the `openai/` prefix for OpenAI-compatible gateways when you need prefix routing to win over ambient Anthropic credentials, for example `--model "openai/gpt-4.1-mini"` with OpenRouter. -- For local servers, prefer the exact model ID reported by the server (`qwen3:latest`, `llama3.2`, `Qwen/Qwen2.5-Coder-7B-Instruct`, etc.). If your local gateway exposes slash-containing IDs, use that exact slug. -- If you have multiple provider keys in your environment, remove unrelated keys while smoke-testing a local route or choose a model prefix that unambiguously selects the intended provider. +- For local servers, prefer the exact model ID reported by the server (`qwen3:latest`, `llama3.2`, etc.). If your local gateway exposes slash-containing IDs, prefix the exact slug with `local/` so Claw routes through OpenAI-compatible transport while sending the rest verbatim, for example `--model "local/Qwen/Qwen2.5-Coder-7B-Instruct"`. +- If you have multiple provider keys in your environment, `OPENAI_BASE_URL` plus local-looking tags such as `llama3.2` or `qwen2.5-coder:7b` selects the local OpenAI-compatible route; use `local/` for slash-containing local IDs. - Tool workflows need model/server support for OpenAI-compatible tool calls. Plain prompt smoke tests can pass even when slash/tool workflows still fail because the server returns an incompatible tool-call shape. ## Raw `/v1/chat/completions` smoke test @@ -58,11 +58,11 @@ In another shell: ```bash export OPENAI_BASE_URL="http://127.0.0.1:11434/v1" -export OPENAI_API_KEY="local-dev-token" +unset OPENAI_API_KEY claw --model "qwen3:latest" prompt "Reply exactly HELLO_WORLD_123" ``` -If Ollama is running without auth and your build accepts authless local OpenAI-compatible servers, `unset OPENAI_API_KEY` is also acceptable. Use a placeholder token rather than a real cloud API key for local testing. +If Ollama is running without auth, `unset OPENAI_API_KEY` is acceptable. Use a placeholder token rather than a real cloud API key if your local server requires an Authorization header. ## llama.cpp server diff --git a/rust/Cargo.lock b/rust/Cargo.lock index d428d7af..8f1a171d 100755 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -2244,7 +2244,6 @@ version = "0.1.3" dependencies = [ "api", "commands", - "compat-harness", "crossterm", "log", "mock-anthropic-service", diff --git a/rust/README.md b/rust/README.md index b8f6bcb9..a1e609c0 100644 --- a/rust/README.md +++ b/rust/README.md @@ -15,7 +15,7 @@ cargo run -p rusty-claude-cli -- --help cargo build --workspace # Run the interactive REPL -cargo run -p rusty-claude-cli -- --model claude-opus-4-6 +cargo run -p rusty-claude-cli -- --model claude-opus-4-7 # One-shot prompt cargo run -p rusty-claude-cli -- prompt "explain this codebase" @@ -87,7 +87,7 @@ Primary artifacts: | Sub-agent / agent surfaces | ✅ | | Todo tracking | ✅ | | Notebook editing | ✅ | -| CLAUDE.md / project memory | ✅ | +| CLAUDE.md / CLAW.md / AGENTS.md project memory | ✅ | | Config file hierarchy (`.claw.json` + merged config sections) | ✅ | | Permission system | ✅ | | MCP server lifecycle + inspection | ✅ | @@ -100,7 +100,7 @@ Primary artifacts: | Slash commands (including `/skills`, `/agents`, `/mcp`, `/doctor`, `/plugin`, `/subagent`) | ✅ | | Hooks (`/hooks`, config-backed lifecycle hooks) | ✅ | | Plugin management surfaces | ✅ | -| Skills inventory / install surfaces | ✅ | +| Skills inventory / install / uninstall surfaces | ✅ | | Machine-readable JSON output across core CLI surfaces | ✅ | ## Model Aliases @@ -109,7 +109,7 @@ Short names resolve to the latest model versions: | Alias | Resolves To | |-------|------------| -| `opus` | `claude-opus-4-6` | +| `opus` | `claude-opus-4-7` | | `sonnet` | `claude-sonnet-4-6` | | `haiku` | `claude-haiku-4-5-20251213` | @@ -122,10 +122,11 @@ claw [OPTIONS] [COMMAND] Flags: --model MODEL - --output-format text|json + --output-format text|json (case-insensitive; CLAW_OUTPUT_FORMAT supplies the default, flags override env) --permission-mode MODE - --dangerously-skip-permissions - --allowedTools TOOLS + --cwd PATH, -C PATH, --directory PATH + --dangerously-skip-permissions, --skip-permissions + --allowedTools TOOLS canonical snake_case names or aliases; status JSON exposes allowed_tools.available/aliases --resume [SESSION.jsonl|session-id|latest] --version, -V @@ -146,6 +147,12 @@ Top-level commands: ``` `claw acp` is a local discoverability surface for editor-first users: it reports the current ACP/Zed status without starting the runtime. As of April 16, 2026, claw-code does **not** ship an ACP/Zed daemon or JSON-RPC entrypoint yet, and `claw acp serve` is only a status alias until the real protocol surface lands. Status queries exit 0 and expose the same machine-readable contract via `--output-format json`; malformed ACP invocations exit 1 with `kind: unsupported_acp_invocation`. +`--output-format` accepts `text` or `json` in any casing. `CLAW_OUTPUT_FORMAT=json` selects JSON as the default for non-interactive commands, explicit flags override it, repeated flags warn on stderr, and status JSON exposes `format_source`, `format_raw`, and `format_overridden`. Help and doctor output also surface `CLAW_LOG` / `RUST_LOG` as the logging environment knobs. +`claw version --output-format json` is the provenance probe for automation: it reports full `git_sha`, derived `git_sha_short`, `is_dirty`, `branch`, `commit_date`, `commit_timestamp`, `rustc_version`, runtime `executable_path`, and `binary_provenance`; the text report is available as `human_readable` instead of a duplicate `message` field. +`status --output-format json` reports loaded project memory files under `workspace.memory_files[]` with each file's `path`, `source` (`claude_md`, `claw_md`, `agents_md`, or scoped/rule sources), `origin`, `scope_path`, `outside_project`, `chars`, and `contributes`; `claw doctor --output-format json` includes a dedicated `memory` check. Root instruction-file priority is `CLAUDE.md`, then `CLAW.md`, then `AGENTS.md`, discovery is bounded to the current git root when present (otherwise cwd only), and all non-duplicate loaded files contribute to the rendered system prompt. +`claw mcp --output-format json` reports partial MCP config success: valid servers remain in `servers[]` while malformed siblings appear in `invalid_servers[]`, with `total_configured`, `valid_count`, and `invalid_count` split out for automation. `status` mirrors this as `mcp_validation`, and doctor includes an `mcp validation` check. +Shorthand prompt mode honors the POSIX `--` end-of-flags separator, so `claw -- "-prompt-with-dash"` and unknown dash-prefixed non-flag text stay on the prompt path instead of being treated as CLI options. +`claw dump-manifests` is self-contained: it emits the Rust resolver inventory for the selected workspace (commands, tools, agents, skills, and bootstrap phases) without requiring an upstream Claude Code TypeScript checkout. Use `--manifests-dir PATH` only to scope resolver discovery to another directory. The command surface is moving quickly. For the canonical live help text, run: @@ -166,8 +173,8 @@ The REPL now exposes a much broader surface than the original minimal shell: - plugin management: `/plugin` (with aliases `/plugins`, `/marketplace`) Notable claw-first surfaces now available directly in slash form: -- `/skills [list|install |help]` -- `/agents [list|help]` +- `/skills [list|show |install |uninstall |help]` +- `/agents [list|show |create |help]` - `/mcp [list|show |help]` - `/doctor` - `/plugin [list|install |enable |disable |uninstall |update ]` @@ -184,7 +191,7 @@ rust/ └── crates/ ├── api/ # Provider clients + streaming + request preflight ├── commands/ # Shared slash-command registry + help rendering - ├── compat-harness/ # TS manifest extraction harness + ├── compat-harness/ # Compatibility/parity harness utilities ├── mock-anthropic-service/ # Deterministic local Anthropic-compatible mock ├── plugins/ # Plugin metadata, manager, install/enable/disable surfaces ├── runtime/ # Session, config, permissions, MCP, prompts, auth/runtime loop @@ -197,7 +204,7 @@ rust/ - **api** — provider clients, SSE streaming, request/response types, auth (`ANTHROPIC_API_KEY` + bearer-token support), request-size/context-window preflight - **commands** — slash command definitions, parsing, help text generation, JSON/text command rendering -- **compat-harness** — extracts tool/prompt manifests from upstream TS source +- **compat-harness** — compatibility and parity helpers for comparing behavior with upstream fixtures - **mock-anthropic-service** — deterministic `/v1/messages` mock for CLI parity tests and local harness runs - **plugins** — plugin metadata, install/enable/disable/update flows, plugin tool definitions, hook integration surfaces - **runtime** — `ConversationRuntime`, config loading, session persistence, permission policy, MCP client lifecycle, system prompt assembly, usage tracking @@ -210,8 +217,8 @@ rust/ - **~20K lines** of Rust - **9 crates** in workspace - **Binary name:** `claw` -- **Default model:** `claude-opus-4-6` -- **Default permissions:** `danger-full-access` +- **Default model:** `claude-opus-4-7` +- **Default permissions:** `workspace-write` ## License diff --git a/rust/crates/api/src/client.rs b/rust/crates/api/src/client.rs index 6e68fd2e..55d200c5 100644 --- a/rust/crates/api/src/client.rs +++ b/rust/crates/api/src/client.rs @@ -161,7 +161,7 @@ mod tests { #[test] fn resolves_existing_and_grok_aliases() { - assert_eq!(resolve_model_alias("opus"), "claude-opus-4-6"); + assert_eq!(resolve_model_alias("opus"), "claude-opus-4-7"); assert_eq!(resolve_model_alias("grok"), "grok-3"); assert_eq!(resolve_model_alias("grok-mini"), "grok-3-mini"); } @@ -235,4 +235,22 @@ mod tests { other => panic!("Expected ProviderClient::OpenAi for qwen-plus, got: {other:?}"), } } + + #[test] + fn local_openai_base_url_routes_authless_ollama_models() { + let _lock = env_lock(); + let _base_url = EnvVarGuard::set("OPENAI_BASE_URL", Some("http://127.0.0.1:11434/v1")); + let _openai_key = EnvVarGuard::set("OPENAI_API_KEY", None); + let _anthropic_key = EnvVarGuard::set("ANTHROPIC_API_KEY", Some("test-anthropic-key")); + let _anthropic_token = EnvVarGuard::set("ANTHROPIC_AUTH_TOKEN", None); + + let client = ProviderClient::from_model("qwen2.5-coder:7b") + .expect("local model should route to OpenAI-compatible client without auth"); + match client { + ProviderClient::OpenAi(openai_client) => { + assert_eq!(openai_client.base_url(), "http://127.0.0.1:11434/v1") + } + other => panic!("Expected ProviderClient::OpenAi for local model, got: {other:?}"), + } + } } diff --git a/rust/crates/api/src/providers/anthropic.rs b/rust/crates/api/src/providers/anthropic.rs index dd458195..430b3eff 100644 --- a/rust/crates/api/src/providers/anthropic.rs +++ b/rust/crates/api/src/providers/anthropic.rs @@ -487,8 +487,7 @@ impl AnthropicClient { request: &MessageRequest, ) -> Result { let request_url = format!("{}/v1/messages", self.base_url.trim_end_matches('/')); - let mut request_body = self.request_profile.render_json_body(request)?; - strip_unsupported_beta_body_fields(&mut request_body); + let request_body = render_standard_messages_body(&self.request_profile, request)?; let request_builder = self.build_request(&request_url).json(&request_body); request_builder.send().await.map_err(ApiError::from) } @@ -548,8 +547,7 @@ impl AnthropicClient { "{}/v1/messages/count_tokens", self.base_url.trim_end_matches('/') ); - let mut request_body = self.request_profile.render_json_body(request)?; - strip_unsupported_beta_body_fields(&mut request_body); + let request_body = render_standard_messages_body(&self.request_profile, request)?; let response = self .build_request(&request_url) .json(&request_body) @@ -1036,6 +1034,21 @@ fn enrich_bearer_auth_error(error: ApiError, auth: &AuthSource) -> ApiError { } } +fn anthropic_wire_model(model: &str) -> &str { + model.strip_prefix("anthropic/").unwrap_or(model) +} + +fn render_standard_messages_body( + request_profile: &AnthropicRequestProfile, + request: &MessageRequest, +) -> Result { + let mut wire_request = request.clone(); + wire_request.model = anthropic_wire_model(&request.model).to_string(); + let mut body = request_profile.render_json_body(&wire_request)?; + strip_unsupported_beta_body_fields(&mut body); + Ok(body) +} + /// Remove beta-only body fields that the standard `/v1/messages` and /// `/v1/messages/count_tokens` endpoints reject as `Extra inputs are not /// permitted`. The `betas` opt-in is communicated via the `anthropic-beta` @@ -1609,6 +1622,27 @@ mod tests { ); } + #[test] + fn standard_messages_body_strips_anthropic_routing_prefix() { + let client = AnthropicClient::new("test-key"); + let request = MessageRequest { + model: "anthropic/claude-opus-4-6".to_string(), + max_tokens: 64, + messages: vec![], + system: None, + tools: None, + tool_choice: None, + stream: false, + ..Default::default() + }; + + let rendered = super::render_standard_messages_body(client.request_profile(), &request) + .expect("body should render"); + + assert_eq!(rendered["model"], serde_json::json!("claude-opus-4-6")); + assert!(rendered.get("betas").is_none()); + } + #[test] fn enrich_bearer_auth_error_appends_sk_ant_hint_on_401_with_pure_bearer_token() { // given diff --git a/rust/crates/api/src/providers/mod.rs b/rust/crates/api/src/providers/mod.rs index 237e9799..f8fe6244 100644 --- a/rust/crates/api/src/providers/mod.rs +++ b/rust/crates/api/src/providers/mod.rs @@ -211,7 +211,7 @@ pub fn resolve_model_alias(model: &str) -> String { .find_map(|(alias, metadata)| { (*alias == lower).then_some(match metadata.provider { ProviderKind::Anthropic => match *alias { - "opus" => "claude-opus-4-6", + "opus" => "claude-opus-4-7", "sonnet" => "claude-sonnet-4-6", "haiku" => "claude-haiku-4-5-20251213", _ => trimmed, @@ -262,6 +262,14 @@ pub fn metadata_for_model(model: &str) -> Option { default_base_url: openai_compat::DEFAULT_OPENAI_BASE_URL, }); } + if canonical.starts_with("local/") { + return Some(ProviderMetadata { + provider: ProviderKind::OpenAi, + auth_env: "OPENAI_API_KEY", + base_url_env: "OPENAI_BASE_URL", + default_base_url: openai_compat::DEFAULT_OPENAI_BASE_URL, + }); + } // Alibaba DashScope compatible-mode endpoint. Routes qwen/* and bare // qwen-* model names (qwen-max, qwen-plus, qwen-turbo, qwen-qwq, etc.) // to the OpenAI-compat client pointed at DashScope's /compatible-mode/v1. @@ -337,17 +345,21 @@ pub fn provider_diagnostics_for_model(model: &str) -> ProviderDiagnostics { } } +fn looks_like_local_openai_model(model: &str) -> bool { + model.contains(':') || model.contains('.') +} + #[must_use] pub fn detect_provider_kind(model: &str) -> ProviderKind { - if let Some(metadata) = metadata_for_model(model) { + let resolved_model = resolve_model_alias(model); + if let Some(metadata) = metadata_for_model(&resolved_model) { return metadata.provider; } - // When OPENAI_BASE_URL is set, the user explicitly configured an - // OpenAI-compatible endpoint. Prefer it over the Anthropic fallback - // even when the model name has no recognized prefix — this is the - // common case for local providers (Ollama, LM Studio, vLLM, etc.) - // where model names like "qwen2.5-coder:7b" don't match any prefix. - if std::env::var_os("OPENAI_BASE_URL").is_some() && openai_compat::has_api_key("OPENAI_API_KEY") + // When OPENAI_BASE_URL is set and the unknown model name looks like a + // local server tag (for example `llama3.2` or `qwen2.5-coder:7b`), prefer + // the OpenAI-compatible endpoint over ambient Anthropic credentials. + if std::env::var_os("OPENAI_BASE_URL").is_some() + && looks_like_local_openai_model(&resolved_model) { return ProviderKind::OpenAi; } @@ -608,7 +620,7 @@ pub fn model_token_limit(model: &str) -> Option { let canonical = resolve_model_alias(model); let base_model = canonical.rsplit('/').next().unwrap_or(canonical.as_str()); match base_model { - "claude-opus-4-6" => Some(ModelTokenLimit { + "claude-opus-4-7" | "claude-opus-4-6" => Some(ModelTokenLimit { max_output_tokens: 32_000, context_window_tokens: 200_000, }), @@ -1042,6 +1054,18 @@ mod tests { assert_eq!(kind2, ProviderKind::OpenAi); } + #[test] + fn local_prefix_routes_to_openai_not_anthropic() { + let meta = super::metadata_for_model("local/Qwen/Qwen3.6-27B-FP8") + .expect("local/ prefix must resolve to OpenAI-compatible metadata"); + assert_eq!(meta.provider, ProviderKind::OpenAi); + assert_eq!(meta.auth_env, "OPENAI_API_KEY"); + assert_eq!(meta.base_url_env, "OPENAI_BASE_URL"); + + let kind = detect_provider_kind("local/Qwen/Qwen3.6-27B-FP8"); + assert_eq!(kind, ProviderKind::OpenAi); + } + #[test] fn qwen_prefix_routes_to_dashscope_not_anthropic() { // User request from Discord #clawcode-get-help: web3g wants to use diff --git a/rust/crates/api/src/providers/openai_compat.rs b/rust/crates/api/src/providers/openai_compat.rs index cfeb4c3c..a1a82b88 100644 --- a/rust/crates/api/src/providers/openai_compat.rs +++ b/rust/crates/api/src/providers/openai_compat.rs @@ -1,5 +1,6 @@ use std::borrow::Cow; use std::collections::{BTreeMap, VecDeque}; +use std::net::Ipv4Addr; use std::sync::atomic::{AtomicU64, Ordering}; use std::time::{Duration, SystemTime, UNIX_EPOCH}; @@ -131,13 +132,22 @@ impl OpenAiCompatClient { } pub fn from_env(config: OpenAiCompatConfig) -> Result { - let Some(api_key) = read_env_non_empty(config.api_key_env)? else { - return Err(ApiError::missing_credentials( - config.provider_name, - config.credential_env_vars(), - )); + let base_url = read_base_url(config); + let api_key = match read_env_non_empty(config.api_key_env)? { + Some(api_key) => api_key, + None if config.provider_name == "OpenAI" + && is_local_openai_compatible_base_url(&base_url) => + { + "local-dev-token".to_string() + } + None => { + return Err(ApiError::missing_credentials( + config.provider_name, + config.credential_env_vars(), + )); + } }; - Ok(Self::new(api_key, config)) + Ok(Self::new(api_key, config).with_base_url(base_url)) } #[must_use] @@ -933,14 +943,18 @@ pub fn model_requires_reasoning_content_in_history(model: &str) -> bool { /// Strip routing prefix (e.g., "openai/gpt-4" → "gpt-4") for the wire. /// The prefix is used only to select transport; the backend expects the -/// bare model id. +/// bare model id. Use `local/` to force OpenAI-compatible routing while +/// preserving any slashes that follow the prefix. #[allow(dead_code)] fn strip_routing_prefix(model: &str) -> &str { if let Some(pos) = model.find('/') { let prefix = &model[..pos]; // Only strip if the prefix before "/" is a known routing prefix, // not if "/" appears in the middle of the model name for other reasons. - if matches!(prefix, "openai" | "xai" | "grok" | "qwen" | "kimi") { + if matches!( + prefix, + "openai" | "xai" | "grok" | "qwen" | "kimi" | "local" + ) { &model[pos + 1..] } else { model @@ -950,6 +964,44 @@ fn strip_routing_prefix(model: &str) -> &str { } } +fn normalize_base_url_for_model_routing(url: &str) -> &str { + let trimmed = url.trim_end_matches('/'); + trimmed + .strip_suffix("/chat/completions") + .map(|value| value.trim_end_matches('/')) + .unwrap_or(trimmed) +} + +fn url_host(url: &str) -> &str { + let after_scheme = url.split_once("://").map_or(url, |(_, rest)| rest); + let authority = after_scheme.split(['/', '?', '#']).next().unwrap_or(""); + let host_port = authority + .rsplit_once('@') + .map_or(authority, |(_, host_port)| host_port); + if host_port.starts_with('[') { + return host_port + .split(']') + .next() + .unwrap_or("") + .trim_start_matches('['); + } + host_port.split(':').next().unwrap_or("") +} + +fn is_local_openai_compatible_base_url(url: &str) -> bool { + let host = url_host(url.trim()); + if host.eq_ignore_ascii_case("localhost") || host == "::1" { + return true; + } + let Ok(address) = host.parse::() else { + return false; + }; + let [first, second, ..] = address.octets(); + matches!(first, 10 | 127) + || first == 192 && second == 168 + || first == 172 && (16..=31).contains(&second) +} + fn wire_model_for_base_url<'a>( model: &'a str, config: OpenAiCompatConfig, @@ -962,26 +1014,22 @@ fn wire_model_for_base_url<'a>( let lowered_prefix = prefix.to_ascii_lowercase(); if lowered_prefix == "openai" { - let trimmed_base_url = base_url.trim_end_matches('/'); - let default_openai = DEFAULT_OPENAI_BASE_URL.trim_end_matches('/'); - if matches!( - lowered_prefix.as_str(), - "xai" | "grok" | "kimi" | "gemini" | "gemma" - ) { + let normalized_base_url = normalize_base_url_for_model_routing(base_url); + let default_base_url = normalize_base_url_for_model_routing(config.default_base_url); + if normalized_base_url.eq_ignore_ascii_case(default_base_url) + || is_local_openai_compatible_base_url(base_url) + { return Cow::Borrowed(&model[pos + 1..]); } - if config.provider_name == "OpenAI" && trimmed_base_url != default_openai { - // Only preserve the full slug if it's NOT a model we want to strip - if !model.contains("gemini") && !model.contains("gemma") { - return Cow::Borrowed(model); - } - } - return Cow::Borrowed(&model[pos + 1..]); + return Cow::Borrowed(model); } if matches!(lowered_prefix.as_str(), "xai" | "grok" | "qwen" | "kimi") { return Cow::Borrowed(&model[pos + 1..]); } + if lowered_prefix == "local" { + return Cow::Borrowed(&model[pos + 1..]); + } Cow::Borrowed(model) } @@ -1133,6 +1181,13 @@ fn build_chat_completion_request_for_base_url( payload[key] = value.clone(); } + // DeepSeek V4 Pro/Flash thinking mode requires this provider-specific opt-in + // and also requires assistant reasoning history to be echoed as `reasoning_content`. + // Apply it after extra_body so callers cannot accidentally override the required shape. + if model_requires_reasoning_content_in_history(wire_model) { + payload["thinking"] = json!({"type": "enabled"}); + } + payload } @@ -1190,16 +1245,19 @@ pub fn translate_message(message: &InputMessage, model: &str) -> Vec { InputContentBlock::ToolResult { .. } => {} } } - let include_reasoning = - model_requires_reasoning_content_in_history(model) && !reasoning.is_empty(); - if text.is_empty() && tool_calls.is_empty() && !include_reasoning { + let needs_reasoning = model_requires_reasoning_content_in_history(model); + if text.is_empty() && tool_calls.is_empty() && reasoning.is_empty() { Vec::new() } else { let mut msg = serde_json::json!({ "role": "assistant", - "content": (!text.is_empty()).then_some(text), }); - if include_reasoning { + if !text.is_empty() { + msg["content"] = json!(text); + } else if !needs_reasoning { + msg["content"] = Value::Null; + } + if needs_reasoning { msg["reasoning_content"] = json!(reasoning); } // Only include tool_calls when non-empty: some providers reject @@ -1752,6 +1810,7 @@ mod tests { ToolChoice, ToolDefinition, ToolResultContentBlock, }; use serde_json::json; + use std::borrow::Cow; use std::collections::BTreeMap; use std::sync::{Mutex, OnceLock}; @@ -1850,6 +1909,31 @@ mod tests { assert_eq!(assistant["content"], json!("answer")); } + #[test] + fn deepseek_v4_assistant_with_only_tool_calls_omits_content_and_includes_reasoning() { + let request = MessageRequest { + model: "deepseek-v4-pro".to_string(), + max_tokens: 100, + messages: vec![InputMessage { + role: "assistant".to_string(), + content: vec![InputContentBlock::ToolUse { + id: "call_1".to_string(), + name: "get_weather".to_string(), + input: json!({"city": "Paris"}), + }], + }], + stream: false, + ..Default::default() + }; + + let payload = build_chat_completion_request(&request, OpenAiCompatConfig::openai()); + let assistant = &payload["messages"][0]; + + assert!(assistant.get("content").is_none()); + assert_eq!(assistant["reasoning_content"], json!("")); + assert_eq!(assistant["tool_calls"].as_array().map(Vec::len), Some(1)); + } + #[test] fn deepseek_v4_flash_request_includes_reasoning_content_for_assistant_history() { // Given an assistant history turn containing thinking. @@ -2036,6 +2120,49 @@ mod tests { assert_eq!(payload["reasoning_effort"], json!("high")); } + #[test] + fn deepseek_v4_request_includes_thinking_parameter() { + let payload = build_chat_completion_request( + &MessageRequest { + model: "deepseek-v4-pro".to_string(), + max_tokens: 1024, + messages: vec![InputMessage::user_text("hello")], + ..Default::default() + }, + OpenAiCompatConfig::openai(), + ); + assert_eq!(payload["thinking"], json!({"type": "enabled"})); + assert_eq!(payload["model"], json!("deepseek-v4-pro")); + + let mut extra_body = BTreeMap::new(); + extra_body.insert("thinking".to_string(), json!({"type": "disabled"})); + let payload_with_override = build_chat_completion_request( + &MessageRequest { + model: "openai/deepseek-v4-flash".to_string(), + max_tokens: 1024, + messages: vec![InputMessage::user_text("hello")], + extra_body, + ..Default::default() + }, + OpenAiCompatConfig::openai(), + ); + assert_eq!( + payload_with_override["thinking"], + json!({"type": "enabled"}) + ); + + let non_deepseek_payload = build_chat_completion_request( + &MessageRequest { + model: "gpt-4o".to_string(), + max_tokens: 64, + messages: vec![InputMessage::user_text("hello")], + ..Default::default() + }, + OpenAiCompatConfig::openai(), + ); + assert!(non_deepseek_payload.get("thinking").is_none()); + } + #[test] fn reasoning_effort_omitted_when_not_set() { let payload = build_chat_completion_request( @@ -2123,6 +2250,28 @@ mod tests { )); } + #[test] + fn local_openai_base_url_does_not_require_api_key() { + let _lock = env_lock(); + let original_base_url = std::env::var_os("OPENAI_BASE_URL"); + let original_api_key = std::env::var_os("OPENAI_API_KEY"); + std::env::set_var("OPENAI_BASE_URL", "http://127.0.0.1:11434/v1"); + std::env::remove_var("OPENAI_API_KEY"); + + let client = OpenAiCompatClient::from_env(OpenAiCompatConfig::openai()) + .expect("local OpenAI-compatible endpoint should not require an API key"); + assert_eq!(client.base_url(), "http://127.0.0.1:11434/v1"); + + match original_base_url { + Some(value) => std::env::set_var("OPENAI_BASE_URL", value), + None => std::env::remove_var("OPENAI_BASE_URL"), + } + match original_api_key { + Some(value) => std::env::set_var("OPENAI_API_KEY", value), + None => std::env::remove_var("OPENAI_API_KEY"), + } + } + #[test] fn endpoint_builder_accepts_base_urls_and_full_endpoints() { assert_eq!( @@ -2738,6 +2887,66 @@ mod tests { } } + #[test] + fn wire_model_strips_openai_prefix_for_default_and_local_preserves_custom_gateways() { + assert_eq!( + super::wire_model_for_base_url( + "openai/gpt-4o", + OpenAiCompatConfig::openai(), + super::DEFAULT_OPENAI_BASE_URL, + ), + Cow::Borrowed("gpt-4o") + ); + assert_eq!( + super::wire_model_for_base_url( + "openai/qwen2.5-coder:7b", + OpenAiCompatConfig::openai(), + "http://127.0.0.1:11434/v1", + ), + Cow::Borrowed("qwen2.5-coder:7b") + ); + assert_eq!( + super::wire_model_for_base_url( + "openai/llama3.2", + OpenAiCompatConfig::openai(), + "http://localhost:11434/v1/chat/completions", + ), + Cow::Borrowed("llama3.2") + ); + assert_eq!( + super::wire_model_for_base_url( + "openai/gpt-4.1-mini", + OpenAiCompatConfig::openai(), + "https://openrouter.ai/api/v1", + ), + Cow::Borrowed("openai/gpt-4.1-mini") + ); + assert_eq!( + super::wire_model_for_base_url( + "openai/gpt-4.1-mini", + OpenAiCompatConfig::openai(), + "https://not-localhost.example.com/v1", + ), + Cow::Borrowed("openai/gpt-4.1-mini") + ); + } + + #[test] + fn local_routing_prefix_strips_only_escape_hatch() { + assert_eq!( + super::strip_routing_prefix("local/Qwen/Qwen3.6-27B-FP8"), + "Qwen/Qwen3.6-27B-FP8" + ); + assert_eq!( + super::wire_model_for_base_url( + "local/Qwen/Qwen3.6-27B-FP8", + OpenAiCompatConfig::openai(), + "http://127.0.0.1:8000/v1", + ), + Cow::Borrowed("Qwen/Qwen3.6-27B-FP8") + ); + } + #[test] fn check_request_body_size_allows_large_requests_for_openai() { // Create a request that exceeds DashScope's limit but is under OpenAI's 100MB limit diff --git a/rust/crates/api/tests/client_integration.rs b/rust/crates/api/tests/client_integration.rs index 15959e71..c53e34c5 100644 --- a/rust/crates/api/tests/client_integration.rs +++ b/rust/crates/api/tests/client_integration.rs @@ -103,6 +103,58 @@ async fn send_message_posts_json_and_parses_response() { ); } +#[tokio::test] +async fn send_message_strips_anthropic_routing_prefix_on_wire() { + let state = Arc::new(Mutex::new(Vec::::new())); + let server = spawn_server( + state.clone(), + vec![ + http_response("200 OK", "application/json", "{\"input_tokens\":1}"), + http_response( + "200 OK", + "application/json", + concat!( + "{", + "\"id\":\"msg_prefixed\",", + "\"type\":\"message\",", + "\"role\":\"assistant\",", + "\"content\":[{\"type\":\"text\",\"text\":\"ok\"}],", + "\"model\":\"claude-opus-4-6\",", + "\"stop_reason\":\"end_turn\",", + "\"stop_sequence\":null,", + "\"usage\":{\"input_tokens\":1,\"output_tokens\":1}", + "}" + ), + ), + ], + ) + .await; + + let client = AnthropicClient::new("test-key").with_base_url(server.base_url()); + client + .send_message(&MessageRequest { + model: "anthropic/claude-opus-4-6".to_string(), + ..sample_request(false) + }) + .await + .expect("request should succeed"); + + let captured = state.lock().await; + assert_eq!( + captured.len(), + 2, + "count_tokens and messages requests should be captured" + ); + let count_tokens_body: serde_json::Value = + serde_json::from_str(&captured[0].body).expect("count_tokens body should be json"); + let messages_body: serde_json::Value = + serde_json::from_str(&captured[1].body).expect("request body should be json"); + assert_eq!(captured[0].path, "/v1/messages/count_tokens"); + assert_eq!(captured[1].path, "/v1/messages"); + assert_eq!(count_tokens_body["model"], json!("claude-opus-4-6")); + assert_eq!(messages_body["model"], json!("claude-opus-4-6")); +} + #[tokio::test] async fn send_message_blocks_oversized_requests_before_the_http_call() { let state = Arc::new(Mutex::new(Vec::::new())); diff --git a/rust/crates/api/tests/openai_compat_integration.rs b/rust/crates/api/tests/openai_compat_integration.rs index d8744675..4521ebed 100644 --- a/rust/crates/api/tests/openai_compat_integration.rs +++ b/rust/crates/api/tests/openai_compat_integration.rs @@ -159,10 +159,15 @@ async fn send_message_preserves_deepseek_reasoning_content_before_text() { }, ] ); + + let captured = state.lock().await; + let request = captured.first().expect("server should capture request"); + let body: serde_json::Value = serde_json::from_str(&request.body).expect("json body"); + assert_eq!(body["thinking"], json!({"type": "enabled"})); } #[tokio::test] -async fn custom_openai_gateway_preserves_slash_model_ids_and_extra_body_params() { +async fn local_openai_gateway_strips_routing_prefix_and_preserves_extra_body_params() { let state = Arc::new(Mutex::new(Vec::::new())); let body = concat!( "{", @@ -206,7 +211,7 @@ async fn custom_openai_gateway_preserves_slash_model_ids_and_extra_body_params() let captured = state.lock().await; let request = captured.first().expect("captured request"); let body: serde_json::Value = serde_json::from_str(&request.body).expect("json body"); - assert_eq!(body["model"], json!("openai/gpt-4.1-mini")); + assert_eq!(body["model"], json!("gpt-4.1-mini")); assert_eq!( body["web_search_options"], json!({"search_context_size": "low"}) diff --git a/rust/crates/commands/src/lib.rs b/rust/crates/commands/src/lib.rs index a8fd88d5..088a386b 100644 --- a/rust/crates/commands/src/lib.rs +++ b/rust/crates/commands/src/lib.rs @@ -6,8 +6,9 @@ use std::path::{Path, PathBuf}; use plugins::{PluginError, PluginLoadFailure, PluginManager, PluginSummary}; use runtime::{ - compact_session, CompactionConfig, ConfigLoader, ConfigSource, McpOAuthConfig, McpServerConfig, - RuntimeConfig, ScopedMcpServerConfig, Session, + compact_session, CompactionConfig, ConfigLoader, ConfigSource, McpConfigCollection, + McpInvalidServerConfig, McpOAuthConfig, McpServerConfig, RuntimeConfig, ScopedMcpServerConfig, + Session, }; use serde_json::{json, Value}; @@ -239,15 +240,15 @@ const SLASH_COMMAND_SPECS: &[SlashCommandSpec] = &[ SlashCommandSpec { name: "agents", aliases: &[], - summary: "List configured agents", - argument_hint: Some("[list|help]"), + summary: "List, show, or create configured agents", + argument_hint: Some("[list|show |create |help]"), resume_supported: true, }, SlashCommandSpec { name: "skills", aliases: &["skill"], - summary: "List, install, or invoke available skills", - argument_hint: Some("[list|install |help| [args]]"), + summary: "List, install, uninstall, or invoke available skills", + argument_hint: Some("[list|show |install |uninstall |help| [args]]"), resume_supported: true, }, SlashCommandSpec { @@ -1670,7 +1671,11 @@ fn parse_mcp_command(args: &[&str]) -> Result Err(usage_error("mcp list", "")), - ["show"] => Err(usage_error("mcp show", "")), + ["show"] => Err(command_error( + "missing_argument: mcp show requires a server name.", + "mcp", + "/mcp show ", + )), ["show", target] => Ok(SlashCommand::Mcp { action: Some("show".to_string()), target: Some((*target).to_string()), @@ -1763,13 +1768,25 @@ fn parse_list_or_help_args( args: Option, ) -> Result, SlashCommandParseError> { match normalize_optional_args(args.as_deref()) { - None | Some("list" | "help" | "-h" | "--help") => Ok(args), + None + | Some( + "list" | "help" | "-h" | "--help" | "show" | "info" | "describe" | "create", + ) => Ok(args), + Some(value) + if value.starts_with("list ") + || value.starts_with("show ") + || value.starts_with("info ") + || value.starts_with("describe ") + || value.starts_with("create ") => + { + Ok(args) + } Some(unexpected) => Err(command_error( &format!( - "Unexpected arguments for /{command}: {unexpected}. Use /{command}, /{command} list, or /{command} help." + "Unexpected arguments for /{command}: {unexpected}. Use /{command}, /{command} list, /{command} show , /{command} create , or /{command} help." ), command, - &format!("/{command} [list|help]"), + &format!("/{command} [list|show |create |help]"), )), } } @@ -1783,14 +1800,6 @@ fn parse_skills_args(args: Option<&str>) -> Result, SlashCommandP return Ok(Some(args.to_string())); } - if args == "install" { - return Err(command_error( - "Usage: /skills install ", - "skills", - "/skills install ", - )); - } - if let Some(target) = args.strip_prefix("install").map(str::trim) { if !target.is_empty() { return Ok(Some(format!("install {target}"))); @@ -2191,6 +2200,30 @@ struct InstalledSkill { installed_path: PathBuf, } +#[derive(Debug, Clone, PartialEq, Eq)] +struct UninstalledSkill { + invocation_name: String, + registry_root: PathBuf, + removed_path: PathBuf, + available_names: Vec, +} + +#[derive(Debug, Clone, PartialEq, Eq)] +enum SkillUninstallOutcome { + Removed(UninstalledSkill), + Missing { + requested: String, + registry_root: PathBuf, + available_names: Vec, + }, +} + +#[derive(Debug, Clone, PartialEq, Eq)] +struct CreatedAgent { + name: String, + path: PathBuf, +} + #[derive(Debug, Clone, PartialEq, Eq)] enum SkillInstallSource { Directory { root: PathBuf, prompt_path: PathBuf }, @@ -2418,10 +2451,32 @@ pub fn handle_agents_slash_command(args: Option<&str>, cwd: &Path) -> std::io::R } Ok(render_agents_report(&matched)) } + Some("create") => Err(std::io::Error::new( + std::io::ErrorKind::InvalidInput, + "missing_argument: agents create requires an agent name.\nUsage: claw agents create ", + )), + Some(args) if args.starts_with("create ") => { + let mut parts = args.split_whitespace(); + let _ = parts.next(); + let Some(name) = parts.next() else { + return Err(std::io::Error::new( + std::io::ErrorKind::InvalidInput, + "missing_argument: agents create requires an agent name.\nUsage: claw agents create ", + )); + }; + if let Some(extra) = parts.next() { + return Err(std::io::Error::new( + std::io::ErrorKind::InvalidInput, + format!("unexpected extra arguments after agent name\nUsage: claw agents create \nUnexpected extra: '{extra}'"), + )); + } + let agent = create_agent(name, cwd)?; + Ok(render_agent_create_report(&agent)) + } Some(args) if is_help_arg(args) => Ok(render_agents_usage(None)), Some(args) => Err(std::io::Error::new( std::io::ErrorKind::InvalidInput, - format!("unknown agents subcommand: {args}.\nSupported: list, show, help"), + format!("unknown agents subcommand: {args}.\nSupported: list, show, create, help"), )), } } @@ -2518,10 +2573,32 @@ pub fn handle_agents_slash_command_json(args: Option<&str>, cwd: &Path) -> std:: } Ok(render_agents_report_json_with_action(cwd, &matched, "show")) } + Some("create") => Ok(render_agents_missing_argument_json("create", "agent_name")), + Some(args) if args.starts_with("create ") => { + let mut parts = args.split_whitespace(); + let _ = parts.next(); + let Some(name) = parts.next() else { + return Ok(render_agents_missing_argument_json("create", "agent_name")); + }; + if let Some(extra) = parts.next() { + return Ok(json!({ + "kind": "agents", + "action": "create", + "status": "error", + "error_kind": "unexpected_extra_args", + "unexpected": extra, + "hint": format!("Usage: claw agents create \nUnexpected extra: '{extra}'"), + })); + } + match create_agent(name, cwd) { + Ok(agent) => Ok(render_agent_create_report_json(&agent)), + Err(error) => Ok(render_agent_create_error_json(name, &error)), + } + } Some(args) if is_help_arg(args) => Ok(render_agents_usage_json(None)), Some(args) => Err(std::io::Error::new( std::io::ErrorKind::InvalidInput, - format!("unknown agents subcommand: {args}.\nSupported: list, show, help"), + format!("unknown agents subcommand: {args}.\nSupported: list, show, create, help"), )), } } @@ -2623,15 +2700,53 @@ pub fn handle_skills_slash_command(args: Option<&str>, cwd: &Path) -> std::io::R } Ok(render_skills_report(&matched)) } - Some("install") => Ok(render_skills_usage(Some("install"))), + Some("install") => Err(std::io::Error::new( + std::io::ErrorKind::InvalidInput, + "missing_argument: skills install requires an install source.\nUsage: claw skills install ", + )), Some(args) if args.starts_with("install ") => { let target = args["install ".len()..].trim(); if target.is_empty() { - return Ok(render_skills_usage(Some("install"))); + return Err(std::io::Error::new( + std::io::ErrorKind::InvalidInput, + "missing_argument: skills install requires an install source.\nUsage: claw skills install ", + )); } let install = install_skill(target, cwd)?; Ok(render_skill_install_report(&install)) } + Some("uninstall" | "remove" | "delete") => Err(std::io::Error::new( + std::io::ErrorKind::InvalidInput, + "missing_argument: skills uninstall requires a skill name.\nUsage: claw skills uninstall ", + )), + Some(args) + if args.starts_with("uninstall ") + || args.starts_with("remove ") + || args.starts_with("delete ") => + { + let (_, target) = args.split_once(' ').unwrap_or_default(); + let target = target.trim(); + if target.is_empty() { + return Err(std::io::Error::new( + std::io::ErrorKind::InvalidInput, + "missing_argument: skills uninstall requires a skill name.\nUsage: claw skills uninstall ", + )); + } + match uninstall_skill(target)? { + SkillUninstallOutcome::Removed(skill) => Ok(render_skill_uninstall_report(&skill)), + SkillUninstallOutcome::Missing { + requested, + available_names, + .. + } => Err(std::io::Error::new( + std::io::ErrorKind::NotFound, + format!( + "skill '{requested}' not found\nAvailable skills: {}\nRun `claw skills list` to see available skills.", + format_optional_list(&available_names) + ), + )), + } + } Some(args) if is_help_arg(args) => Ok(render_skills_usage(None)), Some(args) => Ok(render_skills_usage(Some(args))), } @@ -2730,14 +2845,58 @@ pub fn handle_skills_slash_command_json(args: Option<&str>, cwd: &Path) -> std:: } Ok(render_skills_report_json_with_action(&matched, "show")) } - Some("install") => Ok(render_skills_usage_json(Some("install"))), + Some("install") => Ok(render_skills_missing_argument_json( + "install", + "install_source", + "Usage: claw skills install ", + )), Some(args) if args.starts_with("install ") => { let target = args["install ".len()..].trim(); if target.is_empty() { - return Ok(render_skills_usage_json(Some("install"))); + return Ok(render_skills_missing_argument_json( + "install", + "install_source", + "Usage: claw skills install ", + )); + } + match install_skill(target, cwd) { + Ok(install) => Ok(render_skill_install_report_json(&install)), + Err(error) => Ok(render_skill_install_error_json(target, &error)), + } + } + Some("uninstall" | "remove" | "delete") => Ok(render_skills_missing_argument_json( + "uninstall", + "skill_name", + "Usage: claw skills uninstall ", + )), + Some(args) + if args.starts_with("uninstall ") + || args.starts_with("remove ") + || args.starts_with("delete ") => + { + let (_, target) = args.split_once(' ').unwrap_or_default(); + let target = target.trim(); + if target.is_empty() { + return Ok(render_skills_missing_argument_json( + "uninstall", + "skill_name", + "Usage: claw skills uninstall ", + )); + } + match uninstall_skill(target)? { + SkillUninstallOutcome::Removed(skill) => { + Ok(render_skill_uninstall_report_json(&skill)) + } + SkillUninstallOutcome::Missing { + requested, + registry_root, + available_names, + } => Ok(render_skill_uninstall_missing_json( + &requested, + ®istry_root, + &available_names, + )), } - let install = install_skill(target, cwd)?; - Ok(render_skill_install_report_json(&install)) } Some(args) if is_help_arg(args) => Ok(render_skills_usage_json(None)), Some(args) => Ok(render_skills_usage_json(Some(args))), @@ -2747,9 +2906,11 @@ pub fn handle_skills_slash_command_json(args: Option<&str>, cwd: &Path) -> std:: #[must_use] pub fn classify_skills_slash_command(args: Option<&str>) -> SkillSlashDispatch { match normalize_optional_args(args) { - None | Some("list" | "help" | "-h" | "--help" | "show" | "info" | "describe") => { - SkillSlashDispatch::Local - } + None + | Some( + "list" | "help" | "-h" | "--help" | "show" | "info" | "describe" | "install" + | "uninstall" | "remove" | "delete", + ) => SkillSlashDispatch::Local, Some(args) if args .split_whitespace() @@ -2757,7 +2918,12 @@ pub fn classify_skills_slash_command(args: Option<&str>) -> SkillSlashDispatch { { SkillSlashDispatch::Local } - Some(args) if args == "install" || args.starts_with("install ") => { + Some(args) + if args.starts_with("install ") + || args.starts_with("uninstall ") + || args.starts_with("remove ") + || args.starts_with("delete ") => + { SkillSlashDispatch::Local } Some(args) @@ -2802,7 +2968,7 @@ pub fn resolve_skill_invocation( message.push_str(&names.join(", ")); } } - message.push_str("\n Usage: /skills [list|install |help| [args]]"); + message.push_str("\n Usage: /skills [list|show |install |uninstall |help| [args]]"); return Err(message); } } @@ -2899,31 +3065,23 @@ fn render_mcp_report_for( } match normalize_optional_args(args) { - None | Some("list") => { - // #144: degrade gracefully on config parse failure (same contract - // as #143 for `status`). Text mode prepends a "Config load error" - // block before the MCP list; the list falls back to empty. - match loader.load() { - Ok(runtime_config) => Ok(render_mcp_summary_report( - cwd, - runtime_config.mcp().servers(), - )), - Err(err) => { - let empty = std::collections::BTreeMap::new(); - Ok(format!( - "Config load error\n Status fail\n Summary runtime config failed to load; reporting partial MCP view\n Details {err}\n Hint `claw doctor` classifies config parse errors; fix the listed field and rerun\n\n{}", - render_mcp_summary_report(cwd, &empty) - )) - } + None | Some("list") => match loader.load() { + Ok(runtime_config) => Ok(render_mcp_summary_report(cwd, runtime_config.mcp())), + Err(err) => { + let empty = McpConfigCollection::default(); + Ok(format!( + "Config load error\n Status fail\n Summary runtime config failed to load; reporting partial MCP view\n Details {err}\n Hint `claw doctor` classifies config parse errors; fix the listed field and rerun\n\n{}", + render_mcp_summary_report(cwd, &empty) + )) } - } + }, Some(args) if is_help_arg(args) => Ok(render_mcp_usage(None)), - Some("show") => Ok(render_mcp_usage(Some("show"))), + Some("show") => Ok(render_mcp_missing_argument_text("show")), Some(args) if args.split_whitespace().next() == Some("show") => { let mut parts = args.split_whitespace(); let _ = parts.next(); let Some(server_name) = parts.next() else { - return Ok(render_mcp_usage(Some("show"))); + return Ok(render_mcp_missing_argument_text("show")); }; if parts.next().is_some() { return Ok(render_mcp_usage(Some(args))); @@ -2935,7 +3093,7 @@ fn render_mcp_report_for( Ok(runtime_config) => Ok(render_mcp_server_report( cwd, server_name, - runtime_config.mcp().get(server_name), + runtime_config.mcp(), )), Err(err) => Ok(format!( "Config load error\n Status fail\n Summary runtime config failed to load; cannot resolve `{server_name}`\n Details {err}\n Hint `claw doctor` classifies config parse errors; fix the listed field and rerun" @@ -2997,42 +3155,45 @@ fn render_mcp_report_json_for( } match normalize_optional_args(args) { - None | Some("list") => { - // #144: match #143's degraded envelope contract. On config parse - // failure, emit top-level `status: "degraded"` with - // `config_load_error`, empty servers[], and exit 0. On clean - // runs, the existing serializer adds `status: "ok"` below. - match load_runtime_config_without_stderr_warnings(loader) { - Ok(runtime_config) => { - let mut value = - render_mcp_summary_report_json(cwd, runtime_config.mcp().servers()); - if let Some(map) = value.as_object_mut() { - map.insert("status".to_string(), Value::String("ok".to_string())); - map.insert("config_load_error".to_string(), Value::Null); - } - Ok(value) - } - Err(err) => { - let empty = std::collections::BTreeMap::new(); - let mut value = render_mcp_summary_report_json(cwd, &empty); - if let Some(map) = value.as_object_mut() { - map.insert("status".to_string(), Value::String("degraded".to_string())); - map.insert( - "config_load_error".to_string(), - Value::String(err.to_string()), - ); - } - Ok(value) + None | Some("list") => match load_runtime_config_without_stderr_warnings(loader) { + Ok(runtime_config) => { + let mut value = render_mcp_summary_report_json(cwd, runtime_config.mcp()); + if let Some(map) = value.as_object_mut() { + map.insert( + "status".to_string(), + Value::String( + if runtime_config.mcp().has_invalid_servers() { + "degraded" + } else { + "ok" + } + .to_string(), + ), + ); + map.insert("config_load_error".to_string(), Value::Null); } + Ok(value) } - } + Err(err) => { + let empty = McpConfigCollection::default(); + let mut value = render_mcp_summary_report_json(cwd, &empty); + if let Some(map) = value.as_object_mut() { + map.insert("status".to_string(), Value::String("degraded".to_string())); + map.insert( + "config_load_error".to_string(), + Value::String(err.to_string()), + ); + } + Ok(value) + } + }, Some(args) if is_help_arg(args) => Ok(render_mcp_usage_json(None)), - Some("show") => Ok(render_mcp_usage_json(Some("show"))), + Some("show") => Ok(render_mcp_missing_argument_json("show")), Some(args) if args.split_whitespace().next() == Some("show") => { let mut parts = args.split_whitespace(); let _ = parts.next(); let Some(server_name) = parts.next() else { - return Ok(render_mcp_usage_json(Some("show"))); + return Ok(render_mcp_missing_argument_json("show")); }; if parts.next().is_some() { return Ok(render_mcp_usage_json(Some(args))); @@ -3040,16 +3201,21 @@ fn render_mcp_report_json_for( // #144: same degradation pattern for show action. match load_runtime_config_without_stderr_warnings(loader) { Ok(runtime_config) => { - let mut value = render_mcp_server_report_json( - cwd, - server_name, - runtime_config.mcp().get(server_name), - ); + let mut value = + render_mcp_server_report_json(cwd, server_name, runtime_config.mcp()); if let Some(map) = value.as_object_mut() { - // Only override status to "ok" if the server was found; - // render_mcp_server_report_json already sets status:"error" for not-found. if map.get("found") == Some(&Value::Bool(true)) { - map.insert("status".to_string(), Value::String("ok".to_string())); + map.insert( + "status".to_string(), + Value::String( + if runtime_config.mcp().has_invalid_servers() { + "degraded" + } else { + "ok" + } + .to_string(), + ), + ); } map.insert("config_load_error".to_string(), Value::Null); } @@ -3457,6 +3623,103 @@ fn install_skill_into( }) } +fn uninstall_skill(target: &str) -> std::io::Result { + let registry_root = default_skill_install_root()?; + let requested = sanitize_skill_invocation_name(target).unwrap_or_else(|| { + target + .trim() + .trim_start_matches('/') + .trim_start_matches('$') + .to_ascii_lowercase() + }); + let available_names = installed_skill_names(®istry_root)?; + let matched_name = available_names + .iter() + .find(|name| name.eq_ignore_ascii_case(&requested)) + .cloned(); + + let Some(invocation_name) = matched_name else { + return Ok(SkillUninstallOutcome::Missing { + requested, + registry_root, + available_names, + }); + }; + + let removed_path = registry_root.join(&invocation_name); + if removed_path.is_dir() { + fs::remove_dir_all(&removed_path)?; + } else { + fs::remove_file(&removed_path)?; + } + let available_names = available_names + .into_iter() + .filter(|name| !name.eq_ignore_ascii_case(&invocation_name)) + .collect(); + + Ok(SkillUninstallOutcome::Removed(UninstalledSkill { + invocation_name, + registry_root, + removed_path, + available_names, + })) +} + +fn installed_skill_names(registry_root: &Path) -> std::io::Result> { + let entries = match fs::read_dir(registry_root) { + Ok(entries) => entries, + Err(error) if error.kind() == std::io::ErrorKind::NotFound => return Ok(Vec::new()), + Err(error) => return Err(error), + }; + let mut names = Vec::new(); + for entry in entries { + let entry = entry?; + let path = entry.path(); + if path.is_dir() && path.join("SKILL.md").is_file() { + names.push(entry.file_name().to_string_lossy().to_string()); + } else if path + .extension() + .is_some_and(|extension| extension.to_string_lossy().eq_ignore_ascii_case("md")) + { + if let Some(stem) = path.file_stem() { + names.push(stem.to_string_lossy().to_string()); + } + } + } + names.sort(); + Ok(names) +} + +fn create_agent(name: &str, cwd: &Path) -> std::io::Result { + let Some(name) = sanitize_skill_invocation_name(name) else { + return Err(std::io::Error::new( + std::io::ErrorKind::InvalidInput, + "invalid_agent_name: agent name must contain at least one alphanumeric character", + )); + }; + let root = cwd.join(".claw").join("agents"); + let path = root.join(format!("{name}.toml")); + if path.exists() { + return Err(std::io::Error::new( + std::io::ErrorKind::AlreadyExists, + format!( + "agent_already_exists: agent '{name}' already exists at {}", + path.display() + ), + )); + } + + fs::create_dir_all(&root)?; + fs::write( + &path, + format!( + "name = \"{name}\"\ndescription = \"Describe when to use this agent.\"\nmodel_reasoning_effort = \"medium\"\n" + ), + )?; + + Ok(CreatedAgent { name, path }) +} + fn default_skill_install_root() -> std::io::Result { if let Ok(claw_config_home) = env::var("CLAW_CONFIG_HOME") { return Ok(PathBuf::from(claw_config_home).join("skills")); @@ -3898,6 +4161,59 @@ fn render_agents_report_json_with_action( }) } +fn render_agents_missing_argument_json(action: &str, argument: &str) -> Value { + json!({ + "kind": "agents", + "action": action, + "status": "error", + "error_kind": "missing_argument", + "argument": argument, + "hint": "Usage: claw agents create ", + }) +} + +fn render_agent_create_report(agent: &CreatedAgent) -> String { + format!( + "Agents\n Result created {}\n Path {}\n Format TOML", + agent.name, + agent.path.display() + ) +} + +fn render_agent_create_report_json(agent: &CreatedAgent) -> Value { + json!({ + "kind": "agents", + "status": "ok", + "action": "create", + "result": "created", + "name": &agent.name, + "path": agent.path.display().to_string(), + "format": "toml", + }) +} + +fn render_agent_create_error_json(name: &str, error: &std::io::Error) -> Value { + let message = error.to_string(); + let error_kind = if message.starts_with("invalid_agent_name:") { + "invalid_agent_name" + } else if message.starts_with("agent_already_exists:") + || error.kind() == std::io::ErrorKind::AlreadyExists + { + "agent_already_exists" + } else { + "agent_create_failed" + }; + json!({ + "kind": "agents", + "status": "error", + "action": "create", + "error_kind": error_kind, + "name": name, + "message": message, + "hint": "Use `claw agents create ` with a simple alphanumeric, dash, underscore, or dot name.", + }) +} + fn agent_detail(agent: &AgentSummary) -> String { let mut parts = vec![agent.name.clone()]; if let Some(description) = &agent.description { @@ -4015,55 +4331,176 @@ fn render_skill_install_report_json(skill: &InstalledSkill) -> Value { }) } -fn render_mcp_summary_report( - cwd: &Path, - servers: &BTreeMap, -) -> String { +fn render_skills_missing_argument_json(action: &str, argument: &str, hint: &str) -> Value { + json!({ + "kind": "skills", + "action": action, + "status": "error", + "error_kind": "missing_argument", + "argument": argument, + "hint": hint, + }) +} + +fn render_skill_install_error_json(target: &str, error: &std::io::Error) -> Value { + let source_kind = skill_install_source_kind(target); + json!({ + "kind": "skills", + "action": "install", + "status": "error", + "error_kind": "invalid_install_source", + "source": target, + "source_kind": source_kind, + "reason": io_error_reason(error), + "message": format!("invalid install source: {error}"), + "hint": match source_kind { + "url" => "Remote skill install is not supported yet; pass a local directory containing SKILL.md or a markdown file.", + "name" => "Skill install expects a local path, not a registry name. Pass a directory containing SKILL.md or a markdown file.", + _ => "Check that the path exists and is a directory containing SKILL.md or a markdown file.", + }, + }) +} + +fn render_skill_uninstall_report(skill: &UninstalledSkill) -> String { + format!( + "Skills\n Result uninstalled {}\n Registry {}\n Removed path {}\n Remaining {}", + skill.invocation_name, + skill.registry_root.display(), + skill.removed_path.display(), + format_optional_list(&skill.available_names) + ) +} + +fn render_skill_uninstall_report_json(skill: &UninstalledSkill) -> Value { + json!({ + "kind": "skills", + "status": "ok", + "action": "uninstall", + "result": "removed", + "removed": &skill.invocation_name, + "skills_dir": skill.registry_root.display().to_string(), + "removed_path": skill.removed_path.display().to_string(), + "available_names": &skill.available_names, + }) +} + +fn render_skill_uninstall_missing_json( + requested: &str, + registry_root: &Path, + available_names: &[String], +) -> Value { + json!({ + "kind": "skills", + "status": "error", + "action": "uninstall", + "error_kind": "skill_not_found", + "requested": requested, + "skills_dir": registry_root.display().to_string(), + "available_names": available_names, + "message": format!("skill '{requested}' not found"), + "hint": "Run `claw skills list` to see available skills.", + }) +} + +fn skill_install_source_kind(source: &str) -> &'static str { + let trimmed = source.trim(); + if trimmed.contains("://") { + "url" + } else if Path::new(trimmed).is_absolute() + || trimmed.starts_with('.') + || trimmed.contains('/') + || trimmed.contains('\\') + { + "path" + } else { + "name" + } +} + +fn io_error_reason(error: &std::io::Error) -> &'static str { + match error.kind() { + std::io::ErrorKind::NotFound => "not_found", + std::io::ErrorKind::AlreadyExists => "already_exists", + std::io::ErrorKind::PermissionDenied => "permission_denied", + std::io::ErrorKind::InvalidInput => "invalid", + _ => "io_error", + } +} + +fn render_mcp_summary_report(cwd: &Path, mcp: &McpConfigCollection) -> String { + let servers = mcp.servers(); let mut lines = vec![ "MCP".to_string(), format!(" Working directory {}", cwd.display()), - format!(" Configured servers {}", servers.len()), + format!(" Configured servers {}", mcp.valid_count()), + format!(" Total entries {}", mcp.total_configured()), + format!(" Invalid entries {}", mcp.invalid_count()), ]; if servers.is_empty() { - lines.push(" No MCP servers configured.".to_string()); - return lines.join("\n"); + lines.push(" No valid MCP servers configured.".to_string()); } - lines.push(String::new()); - for (name, server) in servers { - lines.push(format!( - " {name:<16} {transport:<13} {scope:<7} {summary}", - transport = mcp_transport_label(&server.config), - scope = config_source_label(server.scope), - summary = mcp_server_summary(&server.config) - )); + if !servers.is_empty() { + lines.push(String::new()); + for (name, server) in servers { + lines.push(format!( + " {name:<16} {transport:<13} {scope:<7} {summary}", + transport = mcp_transport_label(&server.config), + scope = config_source_label(server.scope), + summary = mcp_server_summary(&server.config) + )); + } + } + + if !mcp.invalid_servers().is_empty() { + lines.push(String::new()); + lines.push(" Invalid MCP servers".to_string()); + for invalid in mcp.invalid_servers() { + lines.push(format!(" - {}: {}", invalid.name, invalid.reason)); + } } lines.join("\n") } -fn render_mcp_summary_report_json( - cwd: &Path, - servers: &BTreeMap, -) -> Value { +fn render_mcp_summary_report_json(cwd: &Path, mcp: &McpConfigCollection) -> Value { json!({ "kind": "mcp", "action": "list", "working_directory": cwd.display().to_string(), - "configured_servers": servers.len(), - "servers": servers + "configured_servers": mcp.valid_count(), + "total_configured": mcp.total_configured(), + "valid_count": mcp.valid_count(), + "invalid_count": mcp.invalid_count(), + "invalid_servers": invalid_mcp_servers_json(mcp.invalid_servers()), + "servers": mcp + .servers() .iter() .map(|(name, server)| mcp_server_json(name, server)) .collect::>(), }) } -fn render_mcp_server_report( - cwd: &Path, - server_name: &str, - server: Option<&ScopedMcpServerConfig>, -) -> String { - let Some(server) = server else { +fn invalid_mcp_servers_json(invalid_servers: &[McpInvalidServerConfig]) -> Value { + Value::Array( + invalid_servers + .iter() + .map(|server| { + json!({ + "name": &server.name, + "scope": config_source_json(server.scope), + "path": server.path.display().to_string(), + "error_field": &server.error_field, + "reason": &server.reason, + "valid": false, + }) + }) + .collect::>(), + ) +} + +fn render_mcp_server_report(cwd: &Path, server_name: &str, mcp: &McpConfigCollection) -> String { + let Some(server) = mcp.get(server_name) else { return format!( "MCP\n Working directory {}\n Result server `{server_name}` is not configured", cwd.display() @@ -4141,9 +4578,9 @@ fn render_mcp_server_report( fn render_mcp_server_report_json( cwd: &Path, server_name: &str, - server: Option<&ScopedMcpServerConfig>, + mcp: &McpConfigCollection, ) -> Value { - match server { + match mcp.get(server_name) { Some(server) => json!({ "kind": "mcp", "action": "show", @@ -4151,6 +4588,10 @@ fn render_mcp_server_report_json( "working_directory": cwd.display().to_string(), "found": true, "server": mcp_server_json(server_name, server), + "total_configured": mcp.total_configured(), + "valid_count": mcp.valid_count(), + "invalid_count": mcp.invalid_count(), + "invalid_servers": invalid_mcp_servers_json(mcp.invalid_servers()), }), None => json!({ "kind": "mcp", @@ -4163,6 +4604,10 @@ fn render_mcp_server_report_json( "message": format!("server `{server_name}` is not configured"), // #761: hint so callers know how to enumerate configured MCP servers "hint": "Run `claw mcp list` to see configured servers.", + "total_configured": mcp.total_configured(), + "valid_count": mcp.valid_count(), + "invalid_count": mcp.invalid_count(), + "invalid_servers": invalid_mcp_servers_json(mcp.invalid_servers()), }), } } @@ -4184,8 +4629,10 @@ fn help_path_from_args(args: &str) -> Option> { fn render_agents_usage(unexpected: Option<&str>) -> String { let mut lines = vec![ "Agents".to_string(), - " Usage /agents [list|help]".to_string(), - " Direct CLI claw agents".to_string(), + " Usage /agents [list|show |create |help]".to_string(), + " Direct CLI claw agents [list|show |create |help]".to_string(), + " Format TOML files (.toml); create scaffolds .claw/agents/.toml" + .to_string(), " Sources .claw/agents, ~/.claw/agents, $CLAW_CONFIG_HOME/agents".to_string(), ]; if let Some(args) = unexpected { @@ -4201,8 +4648,10 @@ fn render_agents_usage_json(unexpected: Option<&str>) -> Value { "ok": unexpected.is_none(), "status": if unexpected.is_some() { "error" } else { "ok" }, "usage": { - "slash_command": "/agents [list|help]", - "direct_cli": "claw agents [list|help]", + "slash_command": "/agents [list|show |create |help]", + "direct_cli": "claw agents [list|show |create |help]", + "format": "toml", + "create": "claw agents create ", "sources": [".claw/agents", "~/.claw/agents", "$CLAW_CONFIG_HOME/agents"], }, "unexpected": unexpected, @@ -4212,9 +4661,10 @@ fn render_agents_usage_json(unexpected: Option<&str>) -> Value { fn render_skills_usage(unexpected: Option<&str>) -> String { let mut lines = vec![ "Skills".to_string(), - " Usage /skills [list|install |help| [args]]".to_string(), + " Usage /skills [list|show |install |uninstall |help| [args]]".to_string(), " Alias /skill".to_string(), - " Direct CLI claw skills [list|install |help| [args]]".to_string(), + " Direct CLI claw skills [list|show |install |uninstall |help| [args]]".to_string(), + " Lifecycle install , uninstall ".to_string(), " Invoke /skills help overview -> $help overview".to_string(), " Install root $CLAW_CONFIG_HOME/skills or ~/.claw/skills".to_string(), " Sources .claw/skills, .omc/skills, .agents/skills, .codex/skills, .claude/skills, ~/.claw/skills, ~/.omc/skills, ~/.claude/skills/omc-learned, ~/.codex/skills, ~/.claude/skills, legacy /commands".to_string(), @@ -4232,9 +4682,10 @@ fn render_skills_usage_json(unexpected: Option<&str>) -> Value { "ok": unexpected.is_none(), "status": if unexpected.is_some() { "error" } else { "ok" }, "usage": { - "slash_command": "/skills [list|install |help| [args]]", + "slash_command": "/skills [list|show |install |uninstall |help| [args]]", "aliases": ["/skill"], - "direct_cli": "claw skills [list|install |help| [args]]", + "direct_cli": "claw skills [list|show |install |uninstall |help| [args]]", + "lifecycle": ["install ", "uninstall "], "invoke": "/skills help overview -> $help overview", "install_root": "$CLAW_CONFIG_HOME/skills or ~/.claw/skills", "sources": [ @@ -4269,6 +4720,44 @@ fn render_mcp_usage(unexpected: Option<&str>) -> String { lines.join("\n") } +fn render_mcp_missing_argument_text(action: &str) -> String { + let hint = match action { + "show" => "use `claw mcp show ` to inspect a server", + _ => "provide the required argument for this MCP action", + }; + format!( + "MCP\n Error missing argument for '{action}'\n Hint {hint}\n Usage /mcp [list|show |help]" + ) +} + +fn render_mcp_missing_argument_json(action: &str) -> Value { + let (message, hint) = match action { + "show" => ( + "mcp show requires a server name", + "Usage: claw mcp show ", + ), + _ => ( + "mcp action requires an argument", + "Usage: claw mcp [list|show |help]", + ), + }; + json!({ + "kind": "mcp", + "action": action, + "ok": false, + "status": "error", + "error_kind": "missing_argument", + "message": message, + "hint": hint, + "usage": { + "slash_command": "/mcp [list|show |help]", + "direct_cli": "claw mcp [list|show |help]", + "sources": [".claw/settings.json", ".claw/settings.local.json"], + }, + "unexpected": Value::Null, + }) +} + fn render_mcp_usage_json(unexpected: Option<&str>) -> Value { // #748: add error_kind when unexpected is set, matching agents/plugins unknown-subcommand shape. let error_kind: Value = if unexpected.is_some() { @@ -4512,6 +5001,7 @@ fn mcp_server_details_json(config: &McpServerConfig) -> Value { fn mcp_server_json(name: &str, server: &ScopedMcpServerConfig) -> Value { json!({ "name": name, + "valid": true, "required": server.required, "scope": config_source_json(server.scope), "transport": mcp_transport_json(&server.config), @@ -5071,16 +5561,17 @@ mod tests { #[test] fn rejects_invalid_agents_arguments() { // given - let agents_input = "/agents show planner"; + let agents_input = "/agents frobnicate"; // when let agents_error = parse_error_message(agents_input); // then assert!(agents_error.contains( - "Unexpected arguments for /agents: show planner. Use /agents, /agents list, or /agents help." + "Unexpected arguments for /agents: frobnicate. Use /agents, /agents list, /agents show , /agents create , or /agents help." )); - assert!(agents_error.contains(" Usage /agents [list|help]")); + assert!(agents_error + .contains(" Usage /agents [list|show |create |help]")); } #[test] @@ -5102,6 +5593,13 @@ mod tests { "`skills {arg}` must be Local, not Invoke" ); } + for arg in ["uninstall", "uninstall plan", "remove plan", "delete plan"] { + assert_eq!( + classify_skills_slash_command(Some(arg)), + SkillSlashDispatch::Local, + "`skills {arg}` must be Local, not Invoke" + ); + } // Bare invocable tokens still dispatch to Invoke. assert_eq!( classify_skills_slash_command(Some("plan")), @@ -5129,6 +5627,10 @@ mod tests { classify_skills_slash_command(Some("install ./skill-pack")), SkillSlashDispatch::Local ); + assert_eq!( + classify_skills_slash_command(Some("uninstall help")), + SkillSlashDispatch::Local + ); } #[test] @@ -5221,8 +5723,10 @@ mod tests { "/plugin [list|install |enable |disable |uninstall |update ]" )); assert!(help.contains("aliases: /plugins, /marketplace")); - assert!(help.contains("/agents [list|help]")); - assert!(help.contains("/skills [list|install |help| [args]]")); + assert!(help.contains("/agents [list|show |create |help]")); + assert!(help.contains( + "/skills [list|show |install |uninstall |help| [args]]" + )); assert!(help.contains("aliases: /skill")); assert!(!help.contains("/login")); assert!(!help.contains("/logout")); @@ -5567,10 +6071,27 @@ mod tests { #[test] fn renders_agents_reports_as_json() { + let _guard = env_guard(); let workspace = temp_dir("agents-json-workspace"); let project_agents = workspace.join(".codex").join("agents"); let user_home = temp_dir("agents-json-home"); let user_agents = user_home.join(".codex").join("agents"); + let isolated_home = temp_dir("agents-json-isolated-home"); + let config_home = temp_dir("agents-json-config-home"); + let codex_home = temp_dir("agents-json-codex-home"); + let claude_config = temp_dir("agents-json-claude-config"); + fs::create_dir_all(&isolated_home).expect("isolated home"); + fs::create_dir_all(&config_home).expect("config home"); + fs::create_dir_all(&codex_home).expect("codex home"); + fs::create_dir_all(&claude_config).expect("claude config"); + let original_home = std::env::var_os("HOME"); + let original_claw_config_home = std::env::var_os("CLAW_CONFIG_HOME"); + let original_codex_home = std::env::var_os("CODEX_HOME"); + let original_claude_config_dir = std::env::var_os("CLAUDE_CONFIG_DIR"); + std::env::set_var("HOME", &isolated_home); + std::env::set_var("CLAW_CONFIG_HOME", &config_home); + std::env::set_var("CODEX_HOME", &codex_home); + std::env::set_var("CLAUDE_CONFIG_DIR", &claude_config); write_agent( &project_agents, @@ -5622,7 +6143,10 @@ mod tests { assert_eq!(help["kind"], "agents"); assert_eq!(help["action"], "help"); assert_eq!(help["status"], "ok"); - assert_eq!(help["usage"]["direct_cli"], "claw agents [list|help]"); + assert_eq!( + help["usage"]["direct_cli"], + "claw agents [list|show |create |help]" + ); // `show ` is now valid. Known agent returns ok with matching entry. let show_planner = handle_agents_slash_command_json(Some("show planner"), &workspace) @@ -5644,6 +6168,14 @@ mod tests { let _ = fs::remove_dir_all(workspace); let _ = fs::remove_dir_all(user_home); + restore_env_var("HOME", original_home); + restore_env_var("CLAW_CONFIG_HOME", original_claw_config_home); + restore_env_var("CODEX_HOME", original_codex_home); + restore_env_var("CLAUDE_CONFIG_DIR", original_claude_config_dir); + let _ = fs::remove_dir_all(isolated_home); + let _ = fs::remove_dir_all(config_home); + let _ = fs::remove_dir_all(codex_home); + let _ = fs::remove_dir_all(claude_config); } #[test] @@ -5774,7 +6306,7 @@ mod tests { assert_eq!(help["usage"]["aliases"][0], "/skill"); assert_eq!( help["usage"]["direct_cli"], - "claw skills [list|install |help| [args]]" + "claw skills [list|show |install |uninstall |help| [args]]" ); let _ = fs::remove_dir_all(workspace); @@ -5787,13 +6319,20 @@ mod tests { let agents_help = super::handle_agents_slash_command(Some("help"), &cwd).expect("agents help"); - assert!(agents_help.contains("Usage /agents [list|help]")); - assert!(agents_help.contains("Direct CLI claw agents")); + assert!( + agents_help.contains("Usage /agents [list|show |create |help]") + ); + assert!(agents_help + .contains("Direct CLI claw agents [list|show |create |help]")); + assert!(agents_help.contains( + "Format TOML files (.toml); create scaffolds .claw/agents/.toml" + )); assert!(agents_help .contains("Sources .claw/agents, ~/.claw/agents, $CLAW_CONFIG_HOME/agents")); // `show ` is now valid. For an agent that doesn't exist it returns Err(NotFound). - let agents_show_missing = super::handle_agents_slash_command(Some("show planner"), &cwd); + let agents_show_missing = + super::handle_agents_slash_command(Some("show definitely-missing-agent-431"), &cwd); assert!( agents_show_missing.is_err(), "show of a missing agent should Err" @@ -5812,9 +6351,11 @@ mod tests { let skills_help = super::handle_skills_slash_command(Some("--help"), &cwd).expect("skills help"); - assert!(skills_help - .contains("Usage /skills [list|install |help| [args]]")); + assert!(skills_help.contains( + "Usage /skills [list|show |install |uninstall |help| [args]]" + )); assert!(skills_help.contains("Alias /skill")); + assert!(skills_help.contains("Lifecycle install , uninstall ")); assert!(skills_help.contains("Invoke /skills help overview -> $help overview")); assert!(skills_help.contains("Install root $CLAW_CONFIG_HOME/skills or ~/.claw/skills")); assert!(skills_help.contains(".omc/skills")); @@ -5828,15 +6369,17 @@ mod tests { let skills_install_help = super::handle_skills_slash_command(Some("install --help"), &cwd) .expect("nested skills help"); - assert!(skills_install_help - .contains("Usage /skills [list|install |help| [args]]")); + assert!(skills_install_help.contains( + "Usage /skills [list|show |install |uninstall |help| [args]]" + )); assert!(skills_install_help.contains("Alias /skill")); assert!(skills_install_help.contains("Unexpected install")); let skills_unknown_help = super::handle_skills_slash_command(Some("show --help"), &cwd).expect("skills help"); - assert!(skills_unknown_help - .contains("Usage /skills [list|install |help| [args]]")); + assert!(skills_unknown_help.contains( + "Usage /skills [list|show |install |uninstall |help| [args]]" + )); assert!(skills_unknown_help.contains("Unexpected show")); let skills_help_json = @@ -6111,12 +6654,9 @@ mod tests { } #[test] - fn mcp_degrades_gracefully_on_malformed_mcp_config_144() { - // #144: mirror of #143's partial-success contract for `claw mcp`. - // Previously `mcp` hard-failed on any config parse error, hiding - // well-formed servers and forcing claws to fall back to `doctor`. - // Now `mcp` emits a degraded envelope instead: exit 0, status: - // "degraded", config_load_error populated, servers[] empty. + fn mcp_loads_valid_servers_and_reports_invalid_siblings_440() { + // #440: invalid sibling MCP entries must not drop valid servers, and + // the JSON envelope must expose all rejected entries for one-pass repair. let _guard = env_guard(); let workspace = temp_dir("mcp-degrades-144"); let config_home = temp_dir("mcp-degrades-144-cfg"); @@ -6146,17 +6686,19 @@ mod tests { Some("degraded"), "top-level status should be 'degraded': {list}" ); - let err = list["config_load_error"] + assert!(list["config_load_error"].is_null()); + assert_eq!(list["configured_servers"], 1); + assert_eq!(list["total_configured"], 2); + assert_eq!(list["valid_count"], 1); + assert_eq!(list["invalid_count"], 1); + assert_eq!(list["servers"][0]["name"], "everything"); + assert_eq!(list["servers"][0]["valid"], true); + assert_eq!(list["invalid_servers"][0]["name"], "missing-command"); + assert!(list["invalid_servers"][0]["reason"] .as_str() - .expect("config_load_error must be a string on degraded runs"); - assert!( - err.contains("mcpServers.missing-command"), - "config_load_error should name the malformed field path: {err}" - ); - assert_eq!(list["configured_servers"], 0); - assert!(list["servers"].as_array().unwrap().is_empty()); + .is_some_and(|reason| reason.contains("missing string field command"))); - // show action: should also degrade (not hard-fail). + // show action still resolves valid siblings while carrying validation metadata. let show = render_mcp_report_json_for(&loader, &workspace, Some("show everything")) .expect("mcp show should not hard-fail on config parse errors (#144)"); assert_eq!(show["kind"], "mcp"); @@ -6166,7 +6708,11 @@ mod tests { Some("degraded"), "show action should also report status: 'degraded': {show}" ); - assert!(show["config_load_error"].is_string()); + assert!(show["config_load_error"].is_null()); + assert_eq!(show["found"], true); + assert_eq!(show["server"]["name"], "everything"); + assert_eq!(show["server"]["valid"], true); + assert_eq!(show["invalid_count"], 1); // Clean path: status: "ok", config_load_error: null. let clean_ws = temp_dir("mcp-degrades-144-clean"); diff --git a/rust/crates/runtime/src/bash.rs b/rust/crates/runtime/src/bash.rs index dddf3ccf..c2a35367 100644 --- a/rust/crates/runtime/src/bash.rs +++ b/rust/crates/runtime/src/bash.rs @@ -330,20 +330,24 @@ fn prepare_tokio_command( prepare_sandbox_dirs(cwd); } - if let Some(launcher) = build_linux_sandbox_command(command, cwd, sandbox_status) { - let mut prepared = TokioCommand::new(launcher.program); - prepared.args(launcher.args); - prepared.current_dir(cwd); - prepared.envs(launcher.env); - return prepared; - } + let mut prepared = + if let Some(launcher) = build_linux_sandbox_command(command, cwd, sandbox_status) { + let mut cmd = TokioCommand::new(launcher.program); + cmd.args(launcher.args); + cmd.envs(launcher.env); + cmd + } else { + let mut cmd = TokioCommand::new("sh"); + cmd.arg("-lc").arg(command); + if sandbox_status.filesystem_active { + cmd.env("HOME", cwd.join(".sandbox-home")); + cmd.env("TMPDIR", cwd.join(".sandbox-tmp")); + } + cmd + }; - let mut prepared = TokioCommand::new("sh"); - prepared.arg("-lc").arg(command).current_dir(cwd); - if sandbox_status.filesystem_active { - prepared.env("HOME", cwd.join(".sandbox-home")); - prepared.env("TMPDIR", cwd.join(".sandbox-tmp")); - } + prepared.current_dir(cwd); + prepared.stdin(Stdio::null()); prepared } @@ -419,6 +423,27 @@ mod tests { assert_eq!(structured[0]["event"], "test.hung"); assert_eq!(structured[0]["data"]["provenance"], "bash.timeout"); } + + #[test] + fn prevents_stdin_hangs_by_redirecting_to_null() { + let output = execute_bash(BashCommandInput { + command: String::from("cat"), + timeout: Some(2_000), + description: None, + run_in_background: Some(false), + dangerously_disable_sandbox: Some(true), + namespace_restrictions: None, + isolate_network: None, + filesystem_mode: None, + allowed_mounts: None, + }) + .expect("bash command should execute cleanly"); + + assert!( + !output.interrupted, + "Command hung and was cut off by the timeout!" + ); + } } /// Maximum output bytes before truncation (16 KiB, matching upstream). diff --git a/rust/crates/runtime/src/config.rs b/rust/crates/runtime/src/config.rs index b31c0168..c853479b 100644 --- a/rust/crates/runtime/src/config.rs +++ b/rust/crates/runtime/src/config.rs @@ -70,6 +70,50 @@ pub struct RuntimeConfig { feature_config: RuntimeFeatureConfig, } +/// Machine-readable load state for a discovered config file. +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum ConfigFileStatus { + Loaded, + NotFound, + Skipped, + LoadError, +} + +impl ConfigFileStatus { + #[must_use] + pub fn as_str(self) -> &'static str { + match self { + Self::Loaded => "loaded", + Self::NotFound => "not_found", + Self::Skipped => "skipped", + Self::LoadError => "load_error", + } + } +} + +/// Structured status for one discovered config file. +#[derive(Debug, Clone, PartialEq, Eq)] +pub struct ConfigFileReport { + pub entry: ConfigEntry, + pub loaded: bool, + pub status: ConfigFileStatus, + pub reason: Option, + pub detail: Option, + pub precedence_rank: usize, + pub wins_for_keys: Vec, + pub shadowed_keys: Vec, + key_paths: Vec, +} + +/// Best-effort inspection of the config discovery and load pipeline. +#[derive(Debug, Clone, PartialEq, Eq)] +pub struct ConfigInspection { + pub files: Vec, + pub runtime_config: Option, + pub warnings: Vec, + pub load_error: Option, +} + /// Parsed plugin-related settings extracted from runtime config. #[derive(Debug, Clone, PartialEq, Eq, Default)] pub struct RuntimePluginConfig { @@ -117,6 +161,32 @@ pub struct RuntimeFeatureConfig { provider_fallbacks: ProviderFallbackConfig, trusted_roots: Vec, api_timeout: ApiTimeoutConfig, + rules_import: RulesImportConfig, +} + +/// Controls which external AI coding framework rules are imported into the system prompt. +#[derive(Debug, Clone, PartialEq, Eq, Default)] +pub enum RulesImportConfig { + /// Import from all supported frameworks when files are detected. + #[default] + Auto, + /// Do not import external framework rules; keep Claw instruction files only. + None, + /// Import only the named frameworks. + List(Vec), +} + +impl RulesImportConfig { + #[must_use] + pub fn should_import(&self, framework: &str) -> bool { + match self { + Self::Auto => true, + Self::None => false, + Self::List(frameworks) => frameworks + .iter() + .any(|candidate| candidate.eq_ignore_ascii_case(framework)), + } + } } /// Ordered chain of fallback model identifiers used when the primary @@ -131,9 +201,16 @@ pub struct ProviderFallbackConfig { /// Hook command lists grouped by lifecycle stage. #[derive(Debug, Clone, PartialEq, Eq, Default)] pub struct RuntimeHookConfig { - pre_tool_use: Vec, - post_tool_use: Vec, - post_tool_use_failure: Vec, + pre_tool_use: Vec, + post_tool_use: Vec, + post_tool_use_failure: Vec, +} + +/// A hook command plus optional tool matcher from object-style hook config. +#[derive(Debug, Clone, PartialEq, Eq)] +pub struct RuntimeHookCommand { + command: String, + matcher: Option, } /// Raw permission rule lists grouped by allow, deny, and ask behavior. @@ -152,9 +229,19 @@ pub struct RuntimePermissionRuleConfig { #[derive(Debug, Clone, PartialEq, Eq, Default)] pub struct McpConfigCollection { servers: BTreeMap, + invalid_servers: Vec, + total_configured: usize, +} + +#[derive(Debug, Clone, PartialEq, Eq)] +pub struct McpInvalidServerConfig { + pub name: String, + pub scope: ConfigSource, + pub path: PathBuf, + pub error_field: String, + pub reason: String, } -/// MCP server config paired with the scope that defined it. #[derive(Debug, Clone, PartialEq, Eq)] pub struct ScopedMcpServerConfig { pub required: bool, @@ -331,12 +418,12 @@ impl ConfigLoader { pub fn load(&self) -> Result { let mut merged = BTreeMap::new(); let mut loaded_entries = Vec::new(); - let mut mcp_servers = BTreeMap::new(); + let mut mcp = McpConfigCollection::default(); let mut all_warnings = Vec::new(); for entry in self.discover() { crate::config_validate::check_unsupported_format(&entry.path)?; - let Some(parsed) = read_optional_json_object(&entry.path)? else { + let OptionalConfigFile::Loaded(parsed) = read_optional_json_object(&entry.path)? else { continue; }; let validation = crate::config_validate::validate_config_file( @@ -350,7 +437,7 @@ impl ConfigLoader { } all_warnings.extend(validation.warnings); validate_optional_hooks_config(&parsed.object, &entry.path)?; - merge_mcp_servers(&mut mcp_servers, entry.source, &parsed.object, &entry.path)?; + merge_mcp_servers(&mut mcp, entry.source, &parsed.object, &entry.path)?; deep_merge_objects(&mut merged, &parsed.object); loaded_entries.push(entry); } @@ -359,30 +446,7 @@ impl ConfigLoader { emit_config_warning_once(&warning.to_string()); } - let merged_value = JsonValue::Object(merged.clone()); - - let feature_config = RuntimeFeatureConfig { - hooks: parse_optional_hooks_config(&merged_value)?, - plugins: parse_optional_plugin_config(&merged_value)?, - mcp: McpConfigCollection { - servers: mcp_servers, - }, - oauth: parse_optional_oauth_config(&merged_value, "merged settings.oauth")?, - model: parse_optional_model(&merged_value), - aliases: parse_optional_aliases(&merged_value)?, - permission_mode: parse_optional_permission_mode(&merged_value)?, - permission_rules: parse_optional_permission_rules(&merged_value)?, - sandbox: parse_optional_sandbox_config(&merged_value)?, - provider_fallbacks: parse_optional_provider_fallbacks(&merged_value)?, - trusted_roots: parse_optional_trusted_roots(&merged_value)?, - api_timeout: parse_optional_api_timeout_config(&merged_value)?, - }; - - Ok(RuntimeConfig { - merged, - loaded_entries, - feature_config, - }) + build_runtime_config(merged, loaded_entries, mcp) } /// Like [`load`] but also returns the list of validation warnings collected during @@ -393,12 +457,12 @@ impl ConfigLoader { pub fn load_collecting_warnings(&self) -> Result<(RuntimeConfig, Vec), ConfigError> { let mut merged = BTreeMap::new(); let mut loaded_entries = Vec::new(); - let mut mcp_servers = BTreeMap::new(); + let mut mcp = McpConfigCollection::default(); let mut all_warnings: Vec = Vec::new(); for entry in self.discover() { crate::config_validate::check_unsupported_format(&entry.path)?; - let Some(parsed) = read_optional_json_object(&entry.path)? else { + let OptionalConfigFile::Loaded(parsed) = read_optional_json_object(&entry.path)? else { continue; }; let validation = crate::config_validate::validate_config_file( @@ -412,37 +476,300 @@ impl ConfigLoader { } all_warnings.extend(validation.warnings.iter().map(|w| w.to_string())); validate_optional_hooks_config(&parsed.object, &entry.path)?; - merge_mcp_servers(&mut mcp_servers, entry.source, &parsed.object, &entry.path)?; + merge_mcp_servers(&mut mcp, entry.source, &parsed.object, &entry.path)?; deep_merge_objects(&mut merged, &parsed.object); loaded_entries.push(entry); } - let merged_value = JsonValue::Object(merged.clone()); - - let feature_config = RuntimeFeatureConfig { - hooks: parse_optional_hooks_config(&merged_value)?, - plugins: parse_optional_plugin_config(&merged_value)?, - mcp: McpConfigCollection { - servers: mcp_servers, - }, - oauth: parse_optional_oauth_config(&merged_value, "merged settings.oauth")?, - model: parse_optional_model(&merged_value), - aliases: parse_optional_aliases(&merged_value)?, - permission_mode: parse_optional_permission_mode(&merged_value)?, - permission_rules: parse_optional_permission_rules(&merged_value)?, - sandbox: parse_optional_sandbox_config(&merged_value)?, - provider_fallbacks: parse_optional_provider_fallbacks(&merged_value)?, - trusted_roots: parse_optional_trusted_roots(&merged_value)?, - api_timeout: parse_optional_api_timeout_config(&merged_value)?, - }; - - let config = RuntimeConfig { - merged, - loaded_entries, - feature_config, - }; + let config = build_runtime_config(merged, loaded_entries, mcp)?; Ok((config, all_warnings)) } + + /// Inspect every discovered config path and return per-file status details. + /// Unlike [`Self::load`], this is best-effort: invalid files are reported in + /// `files[]` and skipped from the merged runtime view so JSON config callers can + /// show the whole discovery picture without collapsing every unloaded path to + /// `loaded:false`. + #[must_use] + pub fn inspect_collecting_warnings(&self) -> ConfigInspection { + let mut merged = BTreeMap::new(); + let mut loaded_entries = Vec::new(); + let mut mcp = McpConfigCollection::default(); + let mut warnings = Vec::new(); + let mut files = Vec::new(); + let mut load_error = None; + + for (index, entry) in self.discover().into_iter().enumerate() { + let precedence_rank = index + 1; + if let Err(error) = crate::config_validate::check_unsupported_format(&entry.path) { + let detail = error.to_string(); + load_error.get_or_insert_with(|| detail.clone()); + files.push(ConfigFileReport::load_error( + entry, + precedence_rank, + "unsupported_format", + detail, + )); + continue; + } + + let parsed = match read_optional_json_object(&entry.path) { + Ok(OptionalConfigFile::Loaded(parsed)) => parsed, + Ok(OptionalConfigFile::NotFound) => { + files.push(ConfigFileReport::not_found(entry, precedence_rank)); + continue; + } + Ok(OptionalConfigFile::Skipped { reason, detail }) => { + files.push(ConfigFileReport::skipped( + entry, + precedence_rank, + reason, + detail, + )); + continue; + } + Err(error) => { + let reason = config_error_reason(&error).to_string(); + let detail = error.to_string(); + load_error.get_or_insert_with(|| detail.clone()); + files.push(ConfigFileReport::load_error( + entry, + precedence_rank, + reason, + detail, + )); + continue; + } + }; + + let validation = crate::config_validate::validate_config_file( + &parsed.object, + &parsed.source, + &entry.path, + ); + if !validation.is_ok() { + let detail = validation.errors[0].to_string(); + load_error.get_or_insert_with(|| detail.clone()); + files.push(ConfigFileReport::load_error( + entry, + precedence_rank, + "validation_error", + detail, + )); + continue; + } + warnings.extend( + validation + .warnings + .iter() + .map(|warning| warning.to_string()), + ); + + if let Err(error) = validate_optional_hooks_config(&parsed.object, &entry.path) { + let detail = error.to_string(); + load_error.get_or_insert_with(|| detail.clone()); + files.push(ConfigFileReport::load_error( + entry, + precedence_rank, + "validation_error", + detail, + )); + continue; + } + + if let Err(error) = + merge_mcp_servers(&mut mcp, entry.source, &parsed.object, &entry.path) + { + let detail = error.to_string(); + load_error.get_or_insert_with(|| detail.clone()); + files.push(ConfigFileReport::load_error( + entry, + precedence_rank, + "parse_error", + detail, + )); + continue; + } + + let key_paths = collect_config_key_paths(&parsed.object); + deep_merge_objects(&mut merged, &parsed.object); + loaded_entries.push(entry.clone()); + files.push(ConfigFileReport::loaded(entry, precedence_rank, key_paths)); + } + + annotate_config_file_precedence(&mut files); + + let runtime_config = match build_runtime_config(merged, loaded_entries, mcp) { + Ok(config) => Some(config), + Err(error) => { + load_error.get_or_insert_with(|| error.to_string()); + None + } + }; + + ConfigInspection { + files, + runtime_config, + warnings, + load_error, + } + } +} + +impl ConfigFileReport { + fn loaded(entry: ConfigEntry, precedence_rank: usize, key_paths: Vec) -> Self { + Self { + entry, + loaded: true, + status: ConfigFileStatus::Loaded, + reason: None, + detail: None, + precedence_rank, + wins_for_keys: Vec::new(), + shadowed_keys: Vec::new(), + key_paths, + } + } + + fn not_found(entry: ConfigEntry, precedence_rank: usize) -> Self { + Self { + entry, + loaded: false, + status: ConfigFileStatus::NotFound, + reason: Some("not_found".to_string()), + detail: None, + precedence_rank, + wins_for_keys: Vec::new(), + shadowed_keys: Vec::new(), + key_paths: Vec::new(), + } + } + + fn skipped( + entry: ConfigEntry, + precedence_rank: usize, + reason: String, + detail: Option, + ) -> Self { + Self { + entry, + loaded: false, + status: ConfigFileStatus::Skipped, + reason: Some(reason), + detail, + precedence_rank, + wins_for_keys: Vec::new(), + shadowed_keys: Vec::new(), + key_paths: Vec::new(), + } + } + + fn load_error( + entry: ConfigEntry, + precedence_rank: usize, + reason: impl Into, + detail: String, + ) -> Self { + Self { + entry, + loaded: false, + status: ConfigFileStatus::LoadError, + reason: Some(reason.into()), + detail: Some(detail), + precedence_rank, + wins_for_keys: Vec::new(), + shadowed_keys: Vec::new(), + key_paths: Vec::new(), + } + } +} + +fn annotate_config_file_precedence(files: &mut [ConfigFileReport]) { + let mut winning_file_by_key = BTreeMap::new(); + for (index, file) in files.iter().enumerate() { + if !file.loaded { + continue; + } + for key in &file.key_paths { + winning_file_by_key.insert(key.clone(), index); + } + } + + for (index, file) in files.iter_mut().enumerate() { + if !file.loaded { + continue; + } + let mut wins_for_keys = Vec::new(); + let mut shadowed_keys = Vec::new(); + for key in &file.key_paths { + if winning_file_by_key.get(key).copied() == Some(index) { + wins_for_keys.push(key.clone()); + } else { + shadowed_keys.push(key.clone()); + } + } + file.wins_for_keys = wins_for_keys; + file.shadowed_keys = shadowed_keys; + } +} + +fn collect_config_key_paths(object: &BTreeMap) -> Vec { + let mut keys = Vec::new(); + for (key, value) in object { + collect_config_key_paths_for_value(key, value, &mut keys); + } + keys +} + +fn collect_config_key_paths_for_value(prefix: &str, value: &JsonValue, keys: &mut Vec) { + match value { + JsonValue::Object(object) if !object.is_empty() => { + for (key, nested) in object { + collect_config_key_paths_for_value(&format!("{prefix}.{key}"), nested, keys); + } + } + _ => keys.push(prefix.to_string()), + } +} + +fn build_runtime_config( + merged: BTreeMap, + loaded_entries: Vec, + mcp: McpConfigCollection, +) -> Result { + let merged_value = JsonValue::Object(merged.clone()); + + let feature_config = RuntimeFeatureConfig { + hooks: parse_optional_hooks_config(&merged_value)?, + plugins: parse_optional_plugin_config(&merged_value)?, + mcp, + oauth: parse_optional_oauth_config(&merged_value, "merged settings.oauth")?, + model: parse_optional_model(&merged_value), + aliases: parse_optional_aliases(&merged_value)?, + permission_mode: parse_optional_permission_mode(&merged_value)?, + permission_rules: parse_optional_permission_rules(&merged_value)?, + sandbox: parse_optional_sandbox_config(&merged_value)?, + provider_fallbacks: parse_optional_provider_fallbacks(&merged_value)?, + trusted_roots: parse_optional_trusted_roots(&merged_value)?, + api_timeout: parse_optional_api_timeout_config(&merged_value)?, + rules_import: parse_optional_rules_import(&merged_value)?, + }; + + Ok(RuntimeConfig { + merged, + loaded_entries, + feature_config, + }) +} + +fn config_error_reason(error: &ConfigError) -> &'static str { + match error { + ConfigError::Io(io_error) if io_error.kind() == std::io::ErrorKind::PermissionDenied => { + "permission_denied" + } + ConfigError::Io(_) => "io_error", + ConfigError::Parse(_) => "parse_error", + } } impl RuntimeConfig { @@ -535,6 +862,11 @@ impl RuntimeConfig { &self.feature_config.trusted_roots } + #[must_use] + pub fn rules_import(&self) -> &RulesImportConfig { + &self.feature_config.rules_import + } + /// Merge config-level default trusted roots with per-call roots. /// /// Config roots are defaults and are kept first; per-call roots extend the @@ -615,6 +947,11 @@ impl RuntimeFeatureConfig { &self.trusted_roots } + #[must_use] + pub fn rules_import(&self) -> &RulesImportConfig { + &self.rules_import + } + /// Merge this config's default trusted roots with per-call roots. #[must_use] pub fn trusted_roots_with_overrides(&self, per_call_roots: &[String]) -> Vec { @@ -809,12 +1146,76 @@ fn write_settings_root( fs::write(path, format!("{rendered}\n")).map_err(ConfigError::Io) } +impl RuntimeHookCommand { + #[must_use] + pub fn new(command: impl Into) -> Self { + Self { + command: command.into(), + matcher: None, + } + } + + #[must_use] + pub fn with_matcher(command: impl Into, matcher: Option) -> Self { + Self { + command: command.into(), + matcher: matcher.and_then(|value| { + let trimmed = value.trim(); + if trimmed.is_empty() { + None + } else { + Some(trimmed.to_string()) + } + }), + } + } + + #[must_use] + pub fn command(&self) -> &str { + &self.command + } + + #[must_use] + pub fn matcher(&self) -> Option<&str> { + self.matcher.as_deref() + } + + #[must_use] + pub fn matches_tool(&self, tool_name: &str) -> bool { + self.matcher + .as_deref() + .is_none_or(|matcher| hook_matcher_matches(matcher, tool_name)) + } +} + impl RuntimeHookConfig { #[must_use] pub fn new( pre_tool_use: Vec, post_tool_use: Vec, post_tool_use_failure: Vec, + ) -> Self { + Self::from_hook_commands( + pre_tool_use + .into_iter() + .map(RuntimeHookCommand::new) + .collect(), + post_tool_use + .into_iter() + .map(RuntimeHookCommand::new) + .collect(), + post_tool_use_failure + .into_iter() + .map(RuntimeHookCommand::new) + .collect(), + ) + } + + #[must_use] + pub fn from_hook_commands( + pre_tool_use: Vec, + post_tool_use: Vec, + post_tool_use_failure: Vec, ) -> Self { Self { pre_tool_use, @@ -824,12 +1225,22 @@ impl RuntimeHookConfig { } #[must_use] - pub fn pre_tool_use(&self) -> &[String] { + pub fn pre_tool_use(&self) -> Vec { + hook_commands(&self.pre_tool_use) + } + + #[must_use] + pub fn pre_tool_use_entries(&self) -> &[RuntimeHookCommand] { &self.pre_tool_use } #[must_use] - pub fn post_tool_use(&self) -> &[String] { + pub fn post_tool_use(&self) -> Vec { + hook_commands(&self.post_tool_use) + } + + #[must_use] + pub fn post_tool_use_entries(&self) -> &[RuntimeHookCommand] { &self.post_tool_use } @@ -841,20 +1252,72 @@ impl RuntimeHookConfig { } pub fn extend(&mut self, other: &Self) { - extend_unique(&mut self.pre_tool_use, other.pre_tool_use()); - extend_unique(&mut self.post_tool_use, other.post_tool_use()); - extend_unique( + extend_unique_hook_commands(&mut self.pre_tool_use, other.pre_tool_use_entries()); + extend_unique_hook_commands(&mut self.post_tool_use, other.post_tool_use_entries()); + extend_unique_hook_commands( &mut self.post_tool_use_failure, - other.post_tool_use_failure(), + other.post_tool_use_failure_entries(), ); } #[must_use] - pub fn post_tool_use_failure(&self) -> &[String] { + pub fn post_tool_use_failure(&self) -> Vec { + hook_commands(&self.post_tool_use_failure) + } + + #[must_use] + pub fn post_tool_use_failure_entries(&self) -> &[RuntimeHookCommand] { &self.post_tool_use_failure } } +fn hook_commands(commands: &[RuntimeHookCommand]) -> Vec { + commands.iter().map(|entry| entry.command.clone()).collect() +} + +fn hook_matcher_matches(matcher: &str, tool_name: &str) -> bool { + matcher + .split([',', '|']) + .map(str::trim) + .filter(|part| !part.is_empty()) + .any(|part| { + part == "*" || part.eq_ignore_ascii_case(tool_name) || wildcard_match(part, tool_name) + }) +} + +fn wildcard_match(pattern: &str, value: &str) -> bool { + if !pattern.contains('*') { + return false; + } + let pattern = pattern.to_ascii_lowercase(); + let value = value.to_ascii_lowercase(); + let parts = pattern.split('*').collect::>(); + let mut remainder = value.as_str(); + let starts_with_wildcard = pattern.starts_with('*'); + let ends_with_wildcard = pattern.ends_with('*'); + + if let Some(first) = parts.first().filter(|part| !part.is_empty()) { + if !starts_with_wildcard && !remainder.starts_with(first) { + return false; + } + if let Some(index) = remainder.find(first) { + remainder = &remainder[index + first.len()..]; + } + } + + for part in parts.iter().skip(1).filter(|part| !part.is_empty()) { + let Some(index) = remainder.find(part) else { + return false; + }; + remainder = &remainder[index + part.len()..]; + } + + ends_with_wildcard + || parts + .last() + .is_none_or(|last| last.is_empty() || remainder.is_empty()) +} + impl RuntimePermissionRuleConfig { #[must_use] pub fn new( @@ -898,6 +1361,31 @@ impl McpConfigCollection { &self.servers } + #[must_use] + pub fn invalid_servers(&self) -> &[McpInvalidServerConfig] { + &self.invalid_servers + } + + #[must_use] + pub fn total_configured(&self) -> usize { + self.total_configured + } + + #[must_use] + pub fn valid_count(&self) -> usize { + self.servers.len() + } + + #[must_use] + pub fn invalid_count(&self) -> usize { + self.invalid_servers.len() + } + + #[must_use] + pub fn has_invalid_servers(&self) -> bool { + !self.invalid_servers.is_empty() + } + #[must_use] pub fn get(&self, name: &str) -> Option<&ScopedMcpServerConfig> { self.servers.get(name) @@ -931,16 +1419,27 @@ struct ParsedConfigFile { source: String, } -fn read_optional_json_object(path: &Path) -> Result, ConfigError> { +enum OptionalConfigFile { + Loaded(ParsedConfigFile), + NotFound, + Skipped { + reason: String, + detail: Option, + }, +} + +fn read_optional_json_object(path: &Path) -> Result { let is_legacy_config = path.file_name().and_then(|name| name.to_str()) == Some(".claw.json"); let contents = match fs::read_to_string(path) { Ok(contents) => contents, - Err(error) if error.kind() == std::io::ErrorKind::NotFound => return Ok(None), + Err(error) if error.kind() == std::io::ErrorKind::NotFound => { + return Ok(OptionalConfigFile::NotFound); + } Err(error) => return Err(ConfigError::Io(error)), }; if contents.trim().is_empty() { - return Ok(Some(ParsedConfigFile { + return Ok(OptionalConfigFile::Loaded(ParsedConfigFile { object: BTreeMap::new(), source: contents, })); @@ -948,26 +1447,37 @@ fn read_optional_json_object(path: &Path) -> Result, Co let parsed = match JsonValue::parse(&contents) { Ok(parsed) => parsed, - Err(_error) if is_legacy_config => return Ok(None), + Err(error) if is_legacy_config => { + return Ok(OptionalConfigFile::Skipped { + reason: "legacy_invalid_json".to_string(), + detail: Some(format!("{}: {error}", path.display())), + }); + } Err(error) => return Err(ConfigError::Parse(format!("{}: {error}", path.display()))), }; let Some(object) = parsed.as_object() else { if is_legacy_config { - return Ok(None); + return Ok(OptionalConfigFile::Skipped { + reason: "legacy_non_object".to_string(), + detail: Some(format!( + "{}: top-level legacy settings value is not a JSON object", + path.display() + )), + }); } return Err(ConfigError::Parse(format!( "{}: top-level settings value must be a JSON object", path.display() ))); }; - Ok(Some(ParsedConfigFile { + Ok(OptionalConfigFile::Loaded(ParsedConfigFile { object: object.clone(), source: contents, })) } fn merge_mcp_servers( - target: &mut BTreeMap, + target: &mut McpConfigCollection, source: ConfigSource, root: &BTreeMap, path: &Path, @@ -976,21 +1486,48 @@ fn merge_mcp_servers( return Ok(()); }; let servers = expect_object(mcp_servers, &format!("{}: mcpServers", path.display()))?; + target.total_configured += servers.len(); for (name, value) in servers { - let parsed = parse_mcp_server_config( - name, - value, - &format!("{}: mcpServers.{name}", path.display()), - )?; - target.insert( + let context = format!("{}: mcpServers.{name}", path.display()); + let Ok(object) = expect_object(value, &context) else { + let error = expect_object(value, &context).expect_err("object parse must fail"); + target.servers.remove(name); + target + .invalid_servers + .push(mcp_invalid_server(name, source, path, &context, &error)); + continue; + }; + let required = match optional_bool(object, "required", &context) { + Ok(required) => required.unwrap_or(false), + Err(error) => { + target.servers.remove(name); + target + .invalid_servers + .push(mcp_invalid_server(name, source, path, &context, &error)); + continue; + } + }; + if let Err(error) = validate_mcp_server_keys(name, object, &context) { + target.servers.remove(name); + target + .invalid_servers + .push(mcp_invalid_server(name, source, path, &context, &error)); + continue; + } + let parsed = match parse_mcp_server_config(name, value, &context) { + Ok(parsed) => parsed, + Err(error) => { + target.servers.remove(name); + target + .invalid_servers + .push(mcp_invalid_server(name, source, path, &context, &error)); + continue; + } + }; + target.servers.insert( name.clone(), ScopedMcpServerConfig { - required: optional_bool( - expect_object(value, &format!("{}: mcpServers.{name}", path.display()))?, - "required", - &format!("{}: mcpServers.{name}", path.display()), - )? - .unwrap_or(false), + required, scope: source, config: parsed, }, @@ -999,6 +1536,98 @@ fn merge_mcp_servers( Ok(()) } +fn mcp_invalid_server( + name: &str, + source: ConfigSource, + path: &Path, + context: &str, + error: &ConfigError, +) -> McpInvalidServerConfig { + let reason = config_error_detail(error); + McpInvalidServerConfig { + name: name.to_string(), + scope: source, + path: path.to_path_buf(), + error_field: mcp_error_field(name, context, &reason), + reason, + } +} + +fn config_error_detail(error: &ConfigError) -> String { + match error { + ConfigError::Io(error) => error.to_string(), + ConfigError::Parse(reason) => reason.clone(), + } +} + +fn mcp_error_field(name: &str, context: &str, reason: &str) -> String { + if let Some(field) = reason + .split("missing string field ") + .nth(1) + .and_then(|tail| tail.split_whitespace().next()) + { + return field + .trim_matches(|ch: char| !ch.is_ascii_alphanumeric() && ch != '_') + .to_string(); + } + if let Some(field) = reason + .split("field ") + .nth(1) + .and_then(|tail| tail.split_whitespace().next()) + { + return field + .trim_matches(|ch: char| !ch.is_ascii_alphanumeric() && ch != '_') + .to_string(); + } + reason + .split_once(context) + .and_then(|(_, tail)| tail.trim_start_matches('.').split(':').next()) + .filter(|field| !field.is_empty()) + .map(str::to_string) + .unwrap_or_else(|| format!("mcpServers.{name}")) +} + +fn validate_mcp_server_keys( + server_name: &str, + object: &BTreeMap, + context: &str, +) -> Result<(), ConfigError> { + let server_type = + optional_string(object, "type", context)?.unwrap_or_else(|| infer_mcp_server_type(object)); + let allowed = match server_type { + "stdio" => &[ + "type", + "command", + "args", + "env", + "toolCallTimeoutMs", + "required", + ][..], + "sse" | "http" => &[ + "type", + "url", + "headers", + "headersHelper", + "oauth", + "required", + ][..], + "ws" => &["type", "url", "headers", "headersHelper", "required"][..], + "sdk" => &["type", "name", "required"][..], + "claudeai-proxy" => &["type", "url", "id", "required"][..], + other => { + return Err(ConfigError::Parse(format!( + "{context}: unsupported MCP server type for {server_name}: {other}" + ))); + } + }; + if let Some(key) = object.keys().find(|key| !allowed.contains(&key.as_str())) { + return Err(ConfigError::Parse(format!( + "{context}: unknown MCP server field {key}" + ))); + } + Ok(()) +} + fn parse_optional_model(root: &JsonValue) -> Option { root.as_object() .and_then(|object| object.get("model")) @@ -1029,9 +1658,11 @@ fn parse_optional_hooks_config_object( }; let hooks = expect_object(hooks_value, context)?; Ok(RuntimeHookConfig { - pre_tool_use: optional_string_array(hooks, "PreToolUse", context)?.unwrap_or_default(), - post_tool_use: optional_string_array(hooks, "PostToolUse", context)?.unwrap_or_default(), - post_tool_use_failure: optional_string_array(hooks, "PostToolUseFailure", context)? + pre_tool_use: optional_hook_command_array(hooks, "PreToolUse", context)? + .unwrap_or_default(), + post_tool_use: optional_hook_command_array(hooks, "PostToolUse", context)? + .unwrap_or_default(), + post_tool_use_failure: optional_hook_command_array(hooks, "PostToolUseFailure", context)? .unwrap_or_default(), }) } @@ -1206,6 +1837,37 @@ fn parse_optional_trusted_roots(root: &JsonValue) -> Result, ConfigE ) } +fn parse_optional_rules_import(root: &JsonValue) -> Result { + let Some(object) = root.as_object() else { + return Ok(RulesImportConfig::default()); + }; + let Some(value) = object.get("rulesImport") else { + return Ok(RulesImportConfig::default()); + }; + + match value { + JsonValue::String(value) if value.eq_ignore_ascii_case("auto") => Ok(RulesImportConfig::Auto), + JsonValue::String(value) if value.eq_ignore_ascii_case("none") => Ok(RulesImportConfig::None), + JsonValue::String(value) => Err(ConfigError::Parse(format!( + "merged settings.rulesImport: expected \"auto\", \"none\", or an array of framework names, got \"{value}\"" + ))), + JsonValue::Array(values) => values + .iter() + .map(|item| { + item.as_str().map(str::to_string).ok_or_else(|| { + ConfigError::Parse( + "merged settings.rulesImport: array entries must be strings".to_string(), + ) + }) + }) + .collect::, _>>() + .map(RulesImportConfig::List), + _ => Err(ConfigError::Parse( + "merged settings.rulesImport: expected \"auto\", \"none\", or an array of framework names".to_string(), + )), + } +} + fn parse_filesystem_mode_label(value: &str) -> Result { match value { "off" => Ok(FilesystemIsolationMode::Off), @@ -1252,7 +1914,7 @@ fn parse_mcp_server_config( optional_string(object, "type", context)?.unwrap_or_else(|| infer_mcp_server_type(object)); match server_type { "stdio" => Ok(McpServerConfig::Stdio(McpStdioServerConfig { - command: expect_string(object, "command", context)?.to_string(), + command: expect_non_empty_string(object, "command", context)?.to_string(), args: optional_string_array(object, "args", context)?.unwrap_or_default(), env: optional_string_map(object, "env", context)?.unwrap_or_default(), tool_call_timeout_ms: optional_u64(object, "toolCallTimeoutMs", context)?, @@ -1327,6 +1989,20 @@ fn expect_object<'a>( .ok_or_else(|| ConfigError::Parse(format!("{context}: expected JSON object"))) } +fn expect_non_empty_string<'a>( + object: &'a BTreeMap, + key: &str, + context: &str, +) -> Result<&'a str, ConfigError> { + let value = expect_string(object, key, context)?; + if value.trim().is_empty() { + return Err(ConfigError::Parse(format!( + "{context}: field {key} must be a non-empty string" + ))); + } + Ok(value) +} + fn expect_string<'a>( object: &'a BTreeMap, key: &str, @@ -1475,6 +2151,106 @@ fn optional_string_array( } } +fn optional_hook_command_array( + object: &BTreeMap, + key: &str, + context: &str, +) -> Result>, ConfigError> { + let Some(value) = object.get(key) else { + return Ok(None); + }; + let Some(array) = value.as_array() else { + return Err(ConfigError::Parse(format!( + "{context}: field {key} must be an array" + ))); + }; + + let mut commands = Vec::new(); + for (index, item) in array.iter().enumerate() { + if let Some(command) = item.as_str() { + commands.push(RuntimeHookCommand::new(command.to_string())); + continue; + } + + let Some(entry) = item.as_object() else { + return Err(ConfigError::Parse(format!( + "{context}: field {key}[{index}] must be a string or hook object" + ))); + }; + let matcher = optional_hook_matcher(entry, context, key, index)?; + let hooks = entry + .get("hooks") + .and_then(JsonValue::as_array) + .ok_or_else(|| { + ConfigError::Parse(format!( + "{context}: field {key}[{index}].hooks must be an array" + )) + })?; + for (hook_index, hook) in hooks.iter().enumerate() { + let Some(hook_object) = hook.as_object() else { + return Err(ConfigError::Parse(format!( + "{context}: field {key}[{index}].hooks[{hook_index}] must be an object" + ))); + }; + if let Some(hook_type) = hook_object.get("type") { + let Some(hook_type) = hook_type.as_str() else { + return Err(ConfigError::Parse(format!( + "{context}: field {key}[{index}].hooks[{hook_index}].type must be a string" + ))); + }; + if hook_type != "command" { + return Err(ConfigError::Parse(format!( + "{context}: field {key}[{index}].hooks[{hook_index}].type must be \"command\"" + ))); + } + } + let command = hook_object + .get("command") + .and_then(JsonValue::as_str) + .filter(|command| !command.trim().is_empty()) + .ok_or_else(|| { + ConfigError::Parse(format!( + "{context}: field {key}[{index}].hooks[{hook_index}].command must be a non-empty string" + )) + })?; + commands.push(RuntimeHookCommand::with_matcher( + command.to_string(), + matcher.clone(), + )); + } + } + Ok(Some(commands)) +} + +fn optional_hook_matcher( + entry: &BTreeMap, + context: &str, + key: &str, + index: usize, +) -> Result, ConfigError> { + entry + .get("matcher") + .map(|value| { + value.as_str().map(str::to_string).ok_or_else(|| { + ConfigError::Parse(format!( + "{context}: field {key}[{index}].matcher must be a string" + )) + }) + }) + .transpose() +} + +fn extend_unique_hook_commands( + target: &mut Vec, + values: &[RuntimeHookCommand], +) { + for value in values { + if !target.iter().any(|existing| existing == value) { + target.push(value.clone()); + } + } +} + fn optional_string_map( object: &BTreeMap, key: &str, @@ -1521,24 +2297,12 @@ fn deep_merge_objects( } } -fn extend_unique(target: &mut Vec, values: &[String]) { - for value in values { - push_unique(target, value.clone()); - } -} - -fn push_unique(target: &mut Vec, value: String) { - if !target.iter().any(|existing| existing == &value) { - target.push(value); - } -} - #[cfg(test)] mod tests { use super::{ - deep_merge_objects, parse_permission_mode_label, ConfigLoader, ConfigSource, - McpServerConfig, McpTransport, ResolvedPermissionMode, RuntimeFeatureConfig, - RuntimeHookConfig, RuntimePluginConfig, CLAW_SETTINGS_SCHEMA_NAME, + deep_merge_objects, parse_permission_mode_label, ConfigFileStatus, ConfigLoader, + ConfigSource, McpServerConfig, McpTransport, ResolvedPermissionMode, RuntimeFeatureConfig, + RuntimeHookCommand, RuntimeHookConfig, RuntimePluginConfig, CLAW_SETTINGS_SCHEMA_NAME, }; use crate::json::JsonValue; use crate::sandbox::FilesystemIsolationMode; @@ -1670,6 +2434,145 @@ mod tests { fs::remove_dir_all(root).expect("cleanup temp dir"); } + #[test] + fn parses_object_style_hook_entries_with_matchers() { + let root = temp_dir(); + let cwd = root.join("project"); + let home = root.join("home").join(".claw"); + fs::create_dir_all(&home).expect("home config dir"); + fs::create_dir_all(&cwd).expect("project dir"); + fs::write( + home.join("settings.json"), + r#"{"hooks":{"PreToolUse":["legacy",{"matcher":"Bash","hooks":[{"type":"command","command":"bash-one"},{"type":"command","command":"bash-two"}]},{"matcher":"Read*","hooks":[{"command":"read-any"}]}]}}"#, + ) + .expect("write settings"); + + let loaded = ConfigLoader::new(&cwd, &home) + .load() + .expect("config should load"); + + assert_eq!( + loaded.hooks().pre_tool_use(), + vec![ + "legacy".to_string(), + "bash-one".to_string(), + "bash-two".to_string(), + "read-any".to_string(), + ] + ); + let entries = loaded.hooks().pre_tool_use_entries(); + assert_eq!(entries[0], RuntimeHookCommand::new("legacy")); + assert_eq!(entries[1].matcher(), Some("Bash")); + assert!(entries[1].matches_tool("bash")); + assert!(!entries[1].matches_tool("Read")); + assert!(entries[3].matches_tool("ReadFile")); + + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + + #[test] + fn rejects_object_style_hook_entries_without_command() { + let root = temp_dir(); + let cwd = root.join("project"); + let home = root.join("home").join(".claw"); + fs::create_dir_all(&home).expect("home config dir"); + fs::create_dir_all(&cwd).expect("project dir"); + fs::write( + home.join("settings.json"), + r#"{"hooks":{"PreToolUse":[{"matcher":"Bash","hooks":[{"type":"command"}]}]}}"#, + ) + .expect("write settings"); + + let error = ConfigLoader::new(&cwd, &home) + .load() + .expect_err("config should reject malformed hook entry"); + + assert!(error + .to_string() + .contains("command must be a non-empty string")); + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + + #[test] + fn inspect_classifies_missing_loaded_and_legacy_skipped_files() { + let root = temp_dir(); + let cwd = root.join("project"); + let home = root.join("home").join(".claw"); + fs::create_dir_all(cwd.join(".claw")).expect("project config dir"); + fs::create_dir_all(&home).expect("home config dir"); + fs::write(cwd.join(".claw.json"), "{not json").expect("write legacy config"); + fs::write( + cwd.join(".claw").join("settings.json"), + r#"{"model":"opus"}"#, + ) + .expect("write project settings"); + + let inspection = ConfigLoader::new(&cwd, &home).inspect_collecting_warnings(); + + assert!( + inspection.load_error.is_none(), + "{:?}", + inspection.load_error + ); + assert!(inspection.runtime_config.is_some()); + let loaded = inspection + .files + .iter() + .find(|file| file.status == ConfigFileStatus::Loaded) + .expect("loaded file"); + assert!(loaded.loaded); + assert!(loaded.reason.is_none()); + let missing = inspection + .files + .iter() + .find(|file| file.status == ConfigFileStatus::NotFound) + .expect("missing file"); + assert_eq!(missing.reason.as_deref(), Some("not_found")); + let skipped = inspection + .files + .iter() + .find(|file| file.status == ConfigFileStatus::Skipped) + .expect("skipped legacy file"); + assert_eq!(skipped.reason.as_deref(), Some("legacy_invalid_json")); + assert!(!skipped.loaded); + + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + + #[test] + fn inspect_reports_parse_errors_but_keeps_valid_merged_config() { + let root = temp_dir(); + let cwd = root.join("project"); + let home = root.join("home").join(".claw"); + fs::create_dir_all(cwd.join(".claw")).expect("project config dir"); + fs::create_dir_all(&home).expect("home config dir"); + fs::write(home.join("settings.json"), r#"{"model":"sonnet"}"#) + .expect("write user settings"); + fs::write(cwd.join(".claw").join("settings.json"), "{not json") + .expect("write invalid project settings"); + + let inspection = ConfigLoader::new(&cwd, &home).inspect_collecting_warnings(); + + assert!(inspection + .load_error + .as_deref() + .is_some_and(|error| error.contains("settings.json"))); + let runtime_config = inspection.runtime_config.expect("valid files still merge"); + assert_eq!(runtime_config.model(), Some("sonnet")); + let error_file = inspection + .files + .iter() + .find(|file| file.status == ConfigFileStatus::LoadError) + .expect("load error file"); + assert_eq!(error_file.reason.as_deref(), Some("parse_error")); + assert!(error_file + .detail + .as_deref() + .is_some_and(|detail| detail.contains("settings.json"))); + + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + #[test] fn parses_sandbox_config() { let root = temp_dir(); @@ -1768,6 +2671,72 @@ mod tests { fs::remove_dir_all(root).expect("cleanup temp dir"); } + #[test] + fn parses_rules_import_config() { + let root = temp_dir(); + let cwd = root.join("project"); + let home = root.join("home").join(".claw"); + fs::create_dir_all(&home).expect("home config dir"); + fs::create_dir_all(&cwd).expect("project dir"); + fs::write( + home.join("settings.json"), + r#"{"rulesImport": ["cursor", "copilot"]}"#, + ) + .expect("write settings"); + + let loaded = ConfigLoader::new(&cwd, &home) + .load() + .expect("config should load"); + + assert!(loaded.rules_import().should_import("cursor")); + assert!(loaded.rules_import().should_import("copilot")); + assert!(!loaded.rules_import().should_import("windsurf")); + + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + + #[test] + fn rules_import_none_disables_external_frameworks() { + let root = temp_dir(); + let cwd = root.join("project"); + let home = root.join("home").join(".claw"); + fs::create_dir_all(&home).expect("home config dir"); + fs::create_dir_all(&cwd).expect("project dir"); + fs::write(home.join("settings.json"), r#"{"rulesImport": "none"}"#) + .expect("write settings"); + + let loaded = ConfigLoader::new(&cwd, &home) + .load() + .expect("config should load"); + + assert!(!loaded.rules_import().should_import("cursor")); + assert!(!loaded.rules_import().should_import("copilot")); + + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + + #[test] + fn rejects_rules_import_array_with_non_string_entries() { + let root = temp_dir(); + let cwd = root.join("project"); + let home = root.join("home").join(".claw"); + fs::create_dir_all(&home).expect("home config dir"); + fs::create_dir_all(&cwd).expect("project dir"); + fs::write( + home.join("settings.json"), + r#"{"rulesImport": ["cursor", 42]}"#, + ) + .expect("write settings"); + + let error = ConfigLoader::new(&cwd, &home) + .load() + .expect_err("config should fail"); + + assert!(error.to_string().contains("rulesImport")); + + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + #[test] fn parses_trusted_roots_from_settings() { // given @@ -2083,7 +3052,7 @@ mod tests { } #[test] - fn rejects_invalid_mcp_server_shapes() { + fn records_invalid_mcp_server_shapes_without_rejecting_config_440() { // given let root = temp_dir(); let cwd = root.join("project"); @@ -2097,18 +3066,72 @@ mod tests { .expect("write broken settings"); // when - let error = ConfigLoader::new(&cwd, &home) + let loaded = ConfigLoader::new(&cwd, &home) .load() - .expect_err("config should fail"); + .expect("invalid MCP entries should not block otherwise loadable config"); // then - assert!(error - .to_string() + assert!(loaded.mcp().servers().is_empty()); + assert_eq!(loaded.mcp().total_configured(), 1); + assert_eq!(loaded.mcp().invalid_count(), 1); + let invalid = &loaded.mcp().invalid_servers()[0]; + assert_eq!(invalid.name, "broken"); + assert_eq!(invalid.error_field, "url"); + assert!(invalid + .reason .contains("mcpServers.broken: missing string field url")); fs::remove_dir_all(root).expect("cleanup temp dir"); } + #[test] + fn loads_valid_mcp_servers_and_collects_all_invalid_siblings_440() { + let root = temp_dir(); + let cwd = root.join("project"); + let home = root.join("home").join(".claw"); + fs::create_dir_all(&home).expect("home config dir"); + fs::create_dir_all(&cwd).expect("project dir"); + fs::write( + home.join("settings.json"), + r#"{ + "mcpServers": { + "valid-server": {"command": "/bin/echo", "args": ["hello"]}, + "missing-command": {"args": ["arg-only"]}, + "empty-command": {"command": ""}, + "wrong-type-command": {"command": 42}, + "extra-unknown-field": {"command": "/bin/echo", "extra": true} + } + }"#, + ) + .expect("write mixed settings"); + + let loaded = ConfigLoader::new(&cwd, &home) + .load() + .expect("valid MCP entries should load beside invalid siblings"); + + assert_eq!(loaded.mcp().total_configured(), 5); + assert_eq!(loaded.mcp().valid_count(), 1); + assert_eq!(loaded.mcp().invalid_count(), 4); + assert!(loaded.mcp().get("valid-server").is_some()); + let invalid_names = loaded + .mcp() + .invalid_servers() + .iter() + .map(|server| server.name.as_str()) + .collect::>(); + assert_eq!( + invalid_names, + vec![ + "empty-command", + "extra-unknown-field", + "missing-command", + "wrong-type-command", + ] + ); + + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + #[test] fn parses_user_defined_model_aliases_from_settings() { // given @@ -2322,23 +3345,23 @@ mod tests { .expect("write user settings"); // when - let error = ConfigLoader::new(&cwd, &home) - .load() - .expect_err("config should fail"); + let (_config, warnings) = ConfigLoader::new(&cwd, &home) + .load_collecting_warnings() + .expect("unknown config keys should load with warnings"); // then - let rendered = error.to_string(); + let rendered = warnings.join("\n"); assert!( rendered.contains(&user_settings.display().to_string()), - "error should include file path, got: {rendered}" + "warning should include file path, got: {rendered}" ); assert!( rendered.contains("line 3"), - "error should include line number, got: {rendered}" + "warning should include line number, got: {rendered}" ); assert!( rendered.contains("telemetry"), - "error should name the offending field, got: {rendered}" + "warning should name the offending field, got: {rendered}" ); fs::remove_dir_all(root).expect("cleanup temp dir"); @@ -2360,28 +3383,23 @@ mod tests { .expect("write user settings"); // when - let error = ConfigLoader::new(&cwd, &home) - .load() - .expect_err("config should fail"); + let (_config, warnings) = ConfigLoader::new(&cwd, &home) + .load_collecting_warnings() + .expect("legacy unknown config keys should load with warnings"); // then - let rendered = error.to_string(); + let rendered = warnings.join("\n"); assert!( rendered.contains(&user_settings.display().to_string()), - "error should include file path, got: {rendered}" + "warning should include file path, got: {rendered}" ); assert!( rendered.contains("line 3"), - "error should include line number, got: {rendered}" + "warning should include line number, got: {rendered}" ); assert!( rendered.contains("allowedTools"), - "error should call out the unknown field, got: {rendered}" - ); - // allowedTools is an unknown key; validator should name it in the error - assert!( - rendered.contains("allowedTools"), - "error should name the offending field, got: {rendered}" + "warning should name the offending field, got: {rendered}" ); fs::remove_dir_all(root).expect("cleanup temp dir"); @@ -2441,19 +3459,19 @@ mod tests { fs::write(&user_settings, "{\n \"modle\": \"opus\"\n}\n").expect("write user settings"); // when - let error = ConfigLoader::new(&cwd, &home) - .load() - .expect_err("config should fail"); + let (_config, warnings) = ConfigLoader::new(&cwd, &home) + .load_collecting_warnings() + .expect("unknown config keys should load with warnings"); // then - let rendered = error.to_string(); + let rendered = warnings.join("\n"); assert!( rendered.contains("modle"), - "error should name the offending field, got: {rendered}" + "warning should name the offending field, got: {rendered}" ); assert!( rendered.contains("model"), - "error should suggest the closest known key, got: {rendered}" + "warning should suggest the closest known key, got: {rendered}" ); fs::remove_dir_all(root).expect("cleanup temp dir"); diff --git a/rust/crates/runtime/src/config_validate.rs b/rust/crates/runtime/src/config_validate.rs index 3ea064eb..bea04572 100644 --- a/rust/crates/runtime/src/config_validate.rs +++ b/rust/crates/runtime/src/config_validate.rs @@ -92,6 +92,8 @@ enum FieldType { Bool, Object, StringArray, + HookArray, + RulesImport, Number, } @@ -102,6 +104,8 @@ impl FieldType { Self::Bool => "a boolean", Self::Object => "an object", Self::StringArray => "an array of strings", + Self::RulesImport => "a string or an array of strings", + Self::HookArray => "an array of strings or hook objects", Self::Number => "a number", } } @@ -114,6 +118,16 @@ impl FieldType { Self::StringArray => value .as_array() .is_some_and(|arr| arr.iter().all(|v| v.as_str().is_some())), + Self::HookArray => value.as_array().is_some_and(|arr| { + arr.iter() + .all(|entry| entry.as_str().is_some() || entry.as_object().is_some()) + }), + Self::RulesImport => { + value.as_str().is_some() + || value + .as_array() + .is_some_and(|arr| arr.iter().all(|v| v.as_str().is_some())) + } Self::Number => value.as_i64().is_some(), } } @@ -201,20 +215,24 @@ const TOP_LEVEL_FIELDS: &[FieldSpec] = &[ name: "provider", expected: FieldType::Object, }, + FieldSpec { + name: "rulesImport", + expected: FieldType::RulesImport, + }, ]; const HOOKS_FIELDS: &[FieldSpec] = &[ FieldSpec { name: "PreToolUse", - expected: FieldType::StringArray, + expected: FieldType::HookArray, }, FieldSpec { name: "PostToolUse", - expected: FieldType::StringArray, + expected: FieldType::HookArray, }, FieldSpec { name: "PostToolUseFailure", - expected: FieldType::StringArray, + expected: FieldType::HookArray, }, ]; @@ -406,9 +424,10 @@ fn validate_object_keys( } else if DEPRECATED_FIELDS.iter().any(|d| d.name == key) { // Deprecated key — handled separately, not an unknown-key error. } else { - // Unknown key. + // Unknown key — preserve compatibility by surfacing it as a warning + // instead of blocking otherwise valid config files. let suggestion = suggest_field(key, &known_names); - result.errors.push(ConfigDiagnostic { + result.warnings.push(ConfigDiagnostic { path: path_display.to_string(), field: field_path, line: find_key_line(source, key), @@ -587,10 +606,11 @@ mod tests { let result = validate_config_file(object, source, &test_path()); // then - assert_eq!(result.errors.len(), 1); - assert_eq!(result.errors[0].field, "unknownField"); + assert!(result.errors.is_empty()); + assert_eq!(result.warnings.len(), 1); + assert_eq!(result.warnings[0].field, "unknownField"); assert!(matches!( - result.errors[0].kind, + result.warnings[0].kind, DiagnosticKind::UnknownKey { .. } )); } @@ -670,9 +690,10 @@ mod tests { let result = validate_config_file(object, source, &test_path()); // then - assert_eq!(result.errors.len(), 1); - assert_eq!(result.errors[0].line, Some(3)); - assert_eq!(result.errors[0].field, "badKey"); + assert!(result.errors.is_empty()); + assert_eq!(result.warnings.len(), 1); + assert_eq!(result.warnings[0].line, Some(3)); + assert_eq!(result.warnings[0].field, "badKey"); } #[test] @@ -701,8 +722,60 @@ mod tests { let result = validate_config_file(object, source, &test_path()); // then + assert!(result.errors.is_empty()); + assert_eq!(result.warnings.len(), 1); + assert_eq!(result.warnings[0].field, "hooks.BadHook"); + } + + #[test] + fn validates_object_style_hook_entries() { + let source = r#"{"hooks":{"PreToolUse":["legacy",{"matcher":"Bash","hooks":[{"type":"command","command":"echo ok"}]}]}}"#; + let parsed = JsonValue::parse(source).expect("valid json"); + let object = parsed.as_object().expect("object"); + + let result = validate_config_file(object, source, &test_path()); + + assert!(result.errors.is_empty(), "{:?}", result.errors); + } + + #[test] + fn rejects_wrong_hook_entry_types() { + let source = r#"{"hooks":{"PreToolUse":[42]}}"#; + let parsed = JsonValue::parse(source).expect("valid json"); + let object = parsed.as_object().expect("object"); + + let result = validate_config_file(object, source, &test_path()); + assert_eq!(result.errors.len(), 1); - assert_eq!(result.errors[0].field, "hooks.BadHook"); + assert_eq!(result.errors[0].field, "hooks.PreToolUse"); + } + + #[test] + fn validates_rules_import_string_and_array_forms() { + for source in [ + r#"{"rulesImport":"auto"}"#, + r#"{"rulesImport":"none"}"#, + r#"{"rulesImport":["cursor","copilot"]}"#, + ] { + let parsed = JsonValue::parse(source).expect("valid json"); + let object = parsed.as_object().expect("object"); + + let result = validate_config_file(object, source, &test_path()); + + assert!(result.errors.is_empty(), "{source}: {:?}", result.errors); + } + } + + #[test] + fn rejects_rules_import_wrong_type() { + let source = r#"{"rulesImport":42}"#; + let parsed = JsonValue::parse(source).expect("valid json"); + let object = parsed.as_object().expect("object"); + + let result = validate_config_file(object, source, &test_path()); + + assert_eq!(result.errors.len(), 1); + assert_eq!(result.errors[0].field, "rulesImport"); } #[test] @@ -716,8 +789,9 @@ mod tests { let result = validate_config_file(object, source, &test_path()); // then - assert_eq!(result.errors.len(), 1); - assert_eq!(result.errors[0].field, "permissions.denyAll"); + assert!(result.errors.is_empty()); + assert_eq!(result.warnings.len(), 1); + assert_eq!(result.warnings[0].field, "permissions.denyAll"); } #[test] @@ -731,8 +805,9 @@ mod tests { let result = validate_config_file(object, source, &test_path()); // then - assert_eq!(result.errors.len(), 1); - assert_eq!(result.errors[0].field, "sandbox.containerMode"); + assert!(result.errors.is_empty()); + assert_eq!(result.warnings.len(), 1); + assert_eq!(result.warnings[0].field, "sandbox.containerMode"); } #[test] @@ -746,8 +821,9 @@ mod tests { let result = validate_config_file(object, source, &test_path()); // then - assert_eq!(result.errors.len(), 1); - assert_eq!(result.errors[0].field, "plugins.autoUpdate"); + assert!(result.errors.is_empty()); + assert_eq!(result.warnings.len(), 1); + assert_eq!(result.warnings[0].field, "plugins.autoUpdate"); } #[test] @@ -761,8 +837,9 @@ mod tests { let result = validate_config_file(object, source, &test_path()); // then - assert_eq!(result.errors.len(), 1); - assert_eq!(result.errors[0].field, "oauth.secret"); + assert!(result.errors.is_empty()); + assert_eq!(result.warnings.len(), 1); + assert_eq!(result.warnings[0].field, "oauth.secret"); } #[test] @@ -797,8 +874,9 @@ mod tests { let result = validate_config_file(object, source, &test_path()); // then - assert_eq!(result.errors.len(), 1); - match &result.errors[0].kind { + assert!(result.errors.is_empty()); + assert_eq!(result.warnings.len(), 1); + match &result.warnings[0].kind { DiagnosticKind::UnknownKey { suggestion: Some(s), } => assert_eq!(s, "model"), @@ -809,7 +887,7 @@ mod tests { #[test] fn format_diagnostics_includes_all_entries() { // given - let source = r#"{"permissionMode": "plan", "badKey": 1}"#; + let source = r#"{"model": 42, "badKey": 1}"#; let parsed = JsonValue::parse(source).expect("valid json"); let object = parsed.as_object().expect("object"); let result = validate_config_file(object, source, &test_path()); @@ -821,7 +899,7 @@ mod tests { assert!(output.contains("warning:")); assert!(output.contains("error:")); assert!(output.contains("badKey")); - assert!(output.contains("permissionMode")); + assert!(output.contains("model")); } #[test] diff --git a/rust/crates/runtime/src/hooks.rs b/rust/crates/runtime/src/hooks.rs index 6abd69fb..2d9f25e7 100644 --- a/rust/crates/runtime/src/hooks.rs +++ b/rust/crates/runtime/src/hooks.rs @@ -11,7 +11,7 @@ use std::time::Duration; use serde_json::{json, Value}; -use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig}; +use crate::config::{RuntimeFeatureConfig, RuntimeHookCommand, RuntimeHookConfig}; use crate::permissions::PermissionOverride; const HOOK_PREVIEW_CHAR_LIMIT: usize = 160; @@ -182,7 +182,7 @@ impl HookRunner { ) -> HookRunResult { Self::run_commands( HookEvent::PreToolUse, - self.config.pre_tool_use(), + self.config.pre_tool_use_entries(), tool_name, tool_input, None, @@ -232,7 +232,7 @@ impl HookRunner { ) -> HookRunResult { Self::run_commands( HookEvent::PostToolUse, - self.config.post_tool_use(), + self.config.post_tool_use_entries(), tool_name, tool_input, Some(tool_output), @@ -282,7 +282,7 @@ impl HookRunner { ) -> HookRunResult { Self::run_commands( HookEvent::PostToolUseFailure, - self.config.post_tool_use_failure(), + self.config.post_tool_use_failure_entries(), tool_name, tool_input, Some(tool_error), @@ -312,7 +312,7 @@ impl HookRunner { #[allow(clippy::too_many_arguments)] fn run_commands( event: HookEvent, - commands: &[String], + commands: &[RuntimeHookCommand], tool_name: &str, tool_input: &str, tool_output: Option<&str>, @@ -342,17 +342,21 @@ impl HookRunner { let payload = hook_payload(event, tool_name, tool_input, tool_output, is_error).to_string(); let mut result = HookRunResult::allow(Vec::new()); - for command in commands { + for command in commands + .iter() + .filter(|command| command.matches_tool(tool_name)) + { + let command_text = command.command(); if let Some(reporter) = reporter.as_deref_mut() { reporter.on_event(&HookProgressEvent::Started { event, tool_name: tool_name.to_string(), - command: command.clone(), + command: command_text.to_string(), }); } match Self::run_command( - command, + command_text, event, tool_name, tool_input, @@ -366,7 +370,7 @@ impl HookRunner { reporter.on_event(&HookProgressEvent::Completed { event, tool_name: tool_name.to_string(), - command: command.clone(), + command: command_text.to_string(), }); } merge_parsed_hook_output(&mut result, parsed); @@ -376,7 +380,7 @@ impl HookRunner { reporter.on_event(&HookProgressEvent::Completed { event, tool_name: tool_name.to_string(), - command: command.clone(), + command: command_text.to_string(), }); } merge_parsed_hook_output(&mut result, parsed); @@ -388,7 +392,7 @@ impl HookRunner { reporter.on_event(&HookProgressEvent::Completed { event, tool_name: tool_name.to_string(), - command: command.clone(), + command: command_text.to_string(), }); } merge_parsed_hook_output(&mut result, parsed); @@ -400,7 +404,7 @@ impl HookRunner { reporter.on_event(&HookProgressEvent::Cancelled { event, tool_name: tool_name.to_string(), - command: command.clone(), + command: command_text.to_string(), }); } result.cancelled = true; @@ -737,7 +741,7 @@ fn format_hook_failure(command: &str, code: i32, stdout: Option<&str>, stderr: & fn shell_command(command: &str) -> CommandWithStdin { #[cfg(windows)] - let mut command_builder = { + let command_builder = { let mut command_builder = Command::new("cmd"); command_builder.arg("/C").arg(command); CommandWithStdin::new(command_builder) @@ -825,7 +829,7 @@ mod tests { HookAbortSignal, HookEvent, HookProgressEvent, HookProgressReporter, HookRunResult, HookRunner, }; - use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig}; + use crate::config::{RuntimeFeatureConfig, RuntimeHookCommand, RuntimeHookConfig}; use crate::permissions::PermissionOverride; struct RecordingReporter { @@ -851,6 +855,37 @@ mod tests { assert_eq!(result, HookRunResult::allow(vec!["pre ok".to_string()])); } + #[test] + fn object_style_hook_matchers_filter_runtime_execution() { + let runner = HookRunner::new(RuntimeHookConfig::from_hook_commands( + vec![ + RuntimeHookCommand::new(shell_snippet("printf 'legacy'")), + RuntimeHookCommand::with_matcher( + shell_snippet("printf 'bash only'"), + Some("Bash".to_string()), + ), + RuntimeHookCommand::with_matcher( + shell_snippet("printf 'read only'"), + Some("Read*".to_string()), + ), + ], + Vec::new(), + Vec::new(), + )); + + let read_result = runner.run_pre_tool_use("ReadFile", r#"{"path":"README.md"}"#); + let bash_result = runner.run_pre_tool_use("Bash", r#"{"command":"pwd"}"#); + + assert_eq!( + read_result, + HookRunResult::allow(vec!["legacy".to_string(), "read only".to_string()]) + ); + assert_eq!( + bash_result, + HookRunResult::allow(vec!["legacy".to_string(), "bash only".to_string()]) + ); + } + #[test] fn denies_exit_code_two() { let runner = HookRunner::new(RuntimeHookConfig::new( diff --git a/rust/crates/runtime/src/lib.rs b/rust/crates/runtime/src/lib.rs index f3997273..d3e4da2e 100644 --- a/rust/crates/runtime/src/lib.rs +++ b/rust/crates/runtime/src/lib.rs @@ -66,11 +66,13 @@ pub use compact::{ }; pub use config::{ suppress_config_warnings_for_json_mode, ApiTimeoutConfig, ConfigEntry, ConfigError, - ConfigLoader, ConfigSource, McpConfigCollection, McpManagedProxyServerConfig, McpOAuthConfig, + ConfigFileReport, ConfigFileStatus, ConfigInspection, ConfigLoader, ConfigSource, + McpConfigCollection, McpInvalidServerConfig, McpManagedProxyServerConfig, McpOAuthConfig, McpRemoteServerConfig, McpSdkServerConfig, McpServerConfig, McpStdioServerConfig, McpTransport, McpWebSocketServerConfig, OAuthConfig, ProviderFallbackConfig, ResolvedPermissionMode, - RuntimeConfig, RuntimeFeatureConfig, RuntimeHookConfig, RuntimePermissionRuleConfig, - RuntimePluginConfig, ScopedMcpServerConfig, CLAW_SETTINGS_SCHEMA_NAME, + RulesImportConfig, RuntimeConfig, RuntimeFeatureConfig, RuntimeHookCommand, RuntimeHookConfig, + RuntimePermissionRuleConfig, RuntimePluginConfig, ScopedMcpServerConfig, + CLAW_SETTINGS_SCHEMA_NAME, }; pub use config_validate::{ check_unsupported_format, format_diagnostics, validate_config_file, ConfigDiagnostic, @@ -141,8 +143,9 @@ pub use policy_engine::{ PolicyEvaluation, PolicyRule, ReconcileReason, ReviewStatus, }; pub use prompt::{ - load_system_prompt, prepend_bullets, ContextFile, ModelFamilyIdentity, ProjectContext, - PromptBuildError, SystemPromptBuilder, FRONTIER_MODEL_NAME, SYSTEM_PROMPT_DYNAMIC_BOUNDARY, + load_system_prompt, load_system_prompt_with_context, prepend_bullets, ContextFile, + ModelFamilyIdentity, ProjectContext, PromptBuildError, SystemPromptBuilder, + FRONTIER_MODEL_NAME, SYSTEM_PROMPT_DYNAMIC_BOUNDARY, }; pub use recovery_recipes::{ attempt_recovery, recipe_for, EscalationPolicy, FailureScenario, RecoveryAttemptState, diff --git a/rust/crates/runtime/src/prompt.rs b/rust/crates/runtime/src/prompt.rs index a41078d4..e62e32ea 100644 --- a/rust/crates/runtime/src/prompt.rs +++ b/rust/crates/runtime/src/prompt.rs @@ -3,7 +3,7 @@ use std::hash::{Hash, Hasher}; use std::path::{Path, PathBuf}; use std::process::Command; -use crate::config::{ConfigError, ConfigLoader, RuntimeConfig}; +use crate::config::{ConfigError, ConfigLoader, RulesImportConfig, RuntimeConfig}; use crate::git_context::GitContext; /// Errors raised while assembling the final system prompt. @@ -69,6 +69,18 @@ pub struct ContextFile { pub content: String, } +impl ContextFile { + #[must_use] + pub fn source(&self) -> &'static str { + instruction_file_source(&self.path) + } + + #[must_use] + pub fn char_count(&self) -> usize { + self.content.chars().count() + } +} + /// Project-local context injected into the rendered system prompt. #[derive(Debug, Clone, Default, PartialEq, Eq)] pub struct ProjectContext { @@ -86,7 +98,24 @@ impl ProjectContext { current_date: impl Into, ) -> std::io::Result { let cwd = cwd.into(); - let instruction_files = discover_instruction_files(&cwd)?; + let instruction_files = discover_instruction_files(&cwd, &RulesImportConfig::default())?; + Ok(Self { + cwd, + current_date: current_date.into(), + git_status: None, + git_diff: None, + git_context: None, + instruction_files, + }) + } + + pub fn discover_with_rules_import( + cwd: impl Into, + current_date: impl Into, + rules_import: &RulesImportConfig, + ) -> std::io::Result { + let cwd = cwd.into(); + let instruction_files = discover_instruction_files(&cwd, rules_import)?; Ok(Self { cwd, current_date: current_date.into(), @@ -109,6 +138,18 @@ impl ProjectContext { } } +fn discover_with_git_and_rules_import( + cwd: impl Into, + current_date: impl Into, + rules_import: &RulesImportConfig, +) -> std::io::Result { + let mut context = ProjectContext::discover_with_rules_import(cwd, current_date, rules_import)?; + context.git_status = read_git_status(&context.cwd); + context.git_diff = read_git_diff(&context.cwd); + context.git_context = GitContext::detect(&context.cwd); + Ok(context) +} + /// Builder for the runtime system prompt and dynamic environment sections. #[derive(Debug, Clone, Default, PartialEq, Eq)] pub struct SystemPromptBuilder { @@ -227,30 +268,81 @@ pub fn prepend_bullets(items: Vec) -> Vec { items.into_iter().map(|item| format!(" - {item}")).collect() } -fn discover_instruction_files(cwd: &Path) -> std::io::Result> { - let mut directories = Vec::new(); - let mut cursor = Some(cwd); - while let Some(dir) = cursor { - directories.push(dir.to_path_buf()); - cursor = dir.parent(); +fn instruction_file_source(path: &Path) -> &'static str { + let file_name = path.file_name().and_then(|name| name.to_str()); + let parent_name = path + .parent() + .and_then(|parent| parent.file_name()) + .and_then(|name| name.to_str()); + + match (parent_name, file_name) { + (Some(".claw"), Some("CLAUDE.md")) => "claw_claude_md", + (Some(".claude"), Some("CLAUDE.md")) => "claude_claude_md", + (_, Some("CLAUDE.md")) => "claude_md", + (_, Some("CLAW.md")) => "claw_md", + (_, Some("AGENTS.md")) => "agents_md", + (_, Some("CLAUDE.local.md")) => "claude_local_md", + (Some(".claw"), Some("instructions.md")) => "claw_instructions", + _ => "rule_file", } +} +fn discover_instruction_files( + cwd: &Path, + rules_import: &RulesImportConfig, +) -> std::io::Result> { + let mut directories = instruction_discovery_dirs(cwd); directories.reverse(); let mut files = Vec::new(); for dir in directories { for candidate in [ dir.join("CLAUDE.md"), + dir.join("CLAW.md"), + dir.join("AGENTS.md"), dir.join("CLAUDE.local.md"), dir.join(".claw").join("CLAUDE.md"), + dir.join(".claude").join("CLAUDE.md"), dir.join(".claw").join("instructions.md"), ] { push_context_file(&mut files, candidate)?; } + push_rules_dir(&mut files, dir.join(".claw").join("rules"))?; + push_rules_dir(&mut files, dir.join(".claw").join("rules.local"))?; + push_framework_imports(&mut files, &dir, rules_import)? } Ok(dedupe_instruction_files(files)) } +fn instruction_discovery_dirs(cwd: &Path) -> Vec { + let boundary = nearest_git_root(cwd).unwrap_or_else(|| cwd.to_path_buf()); + let mut directories = Vec::new(); + let mut cursor = Some(cwd); + while let Some(dir) = cursor { + directories.push(dir.to_path_buf()); + if dir == boundary { + break; + } + cursor = dir.parent(); + } + directories +} + +fn nearest_git_root(cwd: &Path) -> Option { + let mut cursor = Some(cwd); + while let Some(dir) = cursor { + let git_marker = dir.join(".git"); + if git_marker.is_dir() || git_marker.is_file() { + return Some(dir.to_path_buf()); + } + cursor = dir.parent(); + } + None +} + fn push_context_file(files: &mut Vec, path: PathBuf) -> std::io::Result<()> { + if path.is_dir() { + return Ok(()); + } match fs::read_to_string(&path) { Ok(content) if !content.trim().is_empty() => { files.push(ContextFile { path, content }); @@ -262,6 +354,64 @@ fn push_context_file(files: &mut Vec, path: PathBuf) -> std::io::Re } } +fn push_rules_dir(files: &mut Vec, dir: PathBuf) -> std::io::Result<()> { + if dir.is_file() { + return Ok(()); + } + let entries = match fs::read_dir(&dir) { + Ok(entries) => entries, + Err(error) if error.kind() == std::io::ErrorKind::NotFound => return Ok(()), + Err(error) => return Err(error), + }; + let mut paths = entries + .filter_map(Result::ok) + .map(|entry| entry.path()) + .filter(|path| path.is_file() && is_supported_rule_file(path)) + .collect::>(); + paths.sort(); + for path in paths { + push_context_file(files, path)?; + } + Ok(()) +} + +fn is_supported_rule_file(path: &Path) -> bool { + path.extension() + .and_then(|extension| extension.to_str()) + .is_some_and(|extension| { + matches!( + extension.to_ascii_lowercase().as_str(), + "md" | "txt" | "mdc" + ) + }) +} + +fn push_framework_imports( + files: &mut Vec, + dir: &Path, + rules_import: &RulesImportConfig, +) -> std::io::Result<()> { + if rules_import.should_import("cursor") { + push_context_file(files, dir.join(".cursorrules"))?; + push_rules_dir(files, dir.join(".cursor").join("rules"))?; + } + if rules_import.should_import("copilot") { + push_context_file(files, dir.join(".github").join("copilot-instructions.md"))?; + } + if rules_import.should_import("windsurf") { + push_context_file(files, dir.join(".windsurfrules"))?; + push_rules_dir(files, dir.join(".windsurfrules"))?; + } + if rules_import.should_import("plandex") { + push_context_file(files, dir.join(".plandex").join("instructions.md"))?; + } + if rules_import.should_import("crush") { + push_context_file(files, dir.join(".crush").join("CLAUDE.md"))?; + push_rules_dir(files, dir.join(".crush").join("rules"))?; + } + Ok(()) +} + fn read_git_status(cwd: &Path) -> Option { let output = Command::new("git") .args(["--no-optional-locks", "status", "--short", "--branch"]) @@ -332,7 +482,7 @@ fn render_project_context(project_context: &ProjectContext) -> String { ]; if !project_context.instruction_files.is_empty() { bullets.push(format!( - "Claude instruction files discovered: {}.", + "Project instruction files discovered: {}.", project_context.instruction_files.len() )); } @@ -367,7 +517,7 @@ fn render_project_context(project_context: &ProjectContext) -> String { } fn render_instruction_files(files: &[ContextFile]) -> String { - let mut sections = vec!["# Claude instructions".to_string()]; + let mut sections = vec!["# Project instructions".to_string()]; let mut remaining_chars = MAX_TOTAL_INSTRUCTION_CHARS; for file in files { if remaining_chars == 0 { @@ -476,14 +626,30 @@ pub fn load_system_prompt( model_family: ModelFamilyIdentity, ) -> Result, PromptBuildError> { let cwd = cwd.into(); - let project_context = ProjectContext::discover_with_git(&cwd, current_date.into())?; + let (sections, _) = + load_system_prompt_with_context(cwd, current_date, os_name, os_version, model_family)?; + Ok(sections) +} + +/// Loads config and project context, then renders the system prompt text plus metadata. +pub fn load_system_prompt_with_context( + cwd: impl Into, + current_date: impl Into, + os_name: impl Into, + os_version: impl Into, + model_family: ModelFamilyIdentity, +) -> Result<(Vec, ProjectContext), PromptBuildError> { + let cwd = cwd.into(); let config = ConfigLoader::default_for(&cwd).load()?; - Ok(SystemPromptBuilder::new() + let project_context = + discover_with_git_and_rules_import(&cwd, current_date.into(), config.rules_import())?; + let sections = SystemPromptBuilder::new() .with_os(os_name, os_version) .with_model_family(model_family) - .with_project_context(project_context) + .with_project_context(project_context.clone()) .with_runtime_config(config) - .build()) + .build(); + Ok((sections, project_context)) } fn render_config_section(config: &RuntimeConfig) -> String { @@ -590,11 +756,84 @@ mod tests { } } + #[test] + fn discovers_claw_rules_files_in_sorted_order() { + let root = temp_dir(); + let rules = root.join(".claw").join("rules"); + let local_rules = root.join(".claw").join("rules.local"); + fs::create_dir_all(&rules).expect("rules dir"); + fs::create_dir_all(&local_rules).expect("local rules dir"); + fs::write(rules.join("b.txt"), "b rule").expect("write b rule"); + fs::write(rules.join("a.md"), "a rule").expect("write a rule"); + fs::write(rules.join("ignored.json"), "ignored rule").expect("write ignored"); + fs::write(local_rules.join("c.mdc"), "c local rule").expect("write local rule"); + + let context = ProjectContext::discover(&root, "2026-03-31").expect("context should load"); + let contents = context + .instruction_files + .iter() + .map(|file| file.content.as_str()) + .collect::>(); + + assert_eq!(contents, vec!["a rule", "b rule", "c local rule"]); + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + + #[test] + fn rules_import_none_suppresses_external_framework_rules() { + let root = temp_dir(); + fs::create_dir_all(root.join(".claw").join("rules")).expect("rules dir"); + fs::write( + root.join(".claw").join("rules").join("project.md"), + "claw rule", + ) + .expect("write claw rule"); + fs::write(root.join(".cursorrules"), "cursor rule").expect("write cursor rule"); + + let context = ProjectContext::discover_with_rules_import( + &root, + "2026-03-31", + &crate::config::RulesImportConfig::None, + ) + .expect("context should load"); + let rendered = render_instruction_files(&context.instruction_files); + + assert!(rendered.contains("claw rule")); + assert!(!rendered.contains("cursor rule")); + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + + #[test] + fn rules_import_list_loads_only_selected_framework_rules() { + let root = temp_dir(); + fs::create_dir_all(&root).expect("root dir"); + fs::write(root.join(".cursorrules"), "cursor rule").expect("write cursor rule"); + fs::create_dir_all(root.join(".github")).expect("github dir"); + fs::write( + root.join(".github").join("copilot-instructions.md"), + "copilot rule", + ) + .expect("write copilot rule"); + + let context = ProjectContext::discover_with_rules_import( + &root, + "2026-03-31", + &crate::config::RulesImportConfig::List(vec!["copilot".to_string()]), + ) + .expect("context should load"); + let rendered = render_instruction_files(&context.instruction_files); + + assert!(rendered.contains("copilot rule")); + assert!(!rendered.contains("cursor rule")); + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + #[test] fn discovers_instruction_files_from_ancestor_chain() { let root = temp_dir(); let nested = root.join("apps").join("api"); fs::create_dir_all(nested.join(".claw")).expect("nested claw dir"); + fs::create_dir(root.join(".git")).expect("git boundary"); fs::write(root.join("CLAUDE.md"), "root instructions").expect("write root instructions"); fs::write(root.join("CLAUDE.local.md"), "local instructions") .expect("write local instructions"); @@ -636,11 +875,80 @@ mod tests { fs::remove_dir_all(root).expect("cleanup temp dir"); } + #[test] + fn discovers_agents_markdown_instruction_file() { + let root = temp_dir(); + fs::create_dir_all(&root).expect("root dir"); + fs::write(root.join("AGENTS.md"), "agents-only instructions").expect("write AGENTS.md"); + + let context = ProjectContext::discover(&root, "2026-03-31").expect("context should load"); + + assert_eq!(context.instruction_files.len(), 1); + assert!(context.instruction_files[0].path.ends_with("AGENTS.md")); + assert!(render_instruction_files(&context.instruction_files) + .contains("agents-only instructions")); + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + + #[test] + fn discovers_scoped_dot_claude_claude_markdown_instruction_file() { + let root = temp_dir(); + fs::create_dir_all(root.join(".claude")).expect("dot claude dir"); + fs::write( + root.join(".claude").join("CLAUDE.md"), + "dot-claude-only instructions", + ) + .expect("write .claude/CLAUDE.md"); + + let context = ProjectContext::discover(&root, "2026-03-31").expect("context should load"); + + assert_eq!(context.instruction_files.len(), 1); + assert!(context.instruction_files[0] + .path + .ends_with(".claude/CLAUDE.md")); + assert!(render_instruction_files(&context.instruction_files) + .contains("dot-claude-only instructions")); + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + + #[test] + fn discovers_claude_claw_agents_and_dot_claude_instruction_files_together() { + let root = temp_dir(); + fs::create_dir_all(root.join(".claude")).expect("dot claude dir"); + fs::write(root.join("CLAUDE.md"), "claude instructions").expect("write CLAUDE.md"); + fs::write(root.join("CLAW.md"), "claw instructions").expect("write CLAW.md"); + fs::write(root.join("AGENTS.md"), "agents instructions").expect("write AGENTS.md"); + fs::write( + root.join(".claude").join("CLAUDE.md"), + "dot claude instructions", + ) + .expect("write .claude/CLAUDE.md"); + + let context = ProjectContext::discover(&root, "2026-03-31").expect("context should load"); + let rendered = render_instruction_files(&context.instruction_files); + let sources = context + .instruction_files + .iter() + .map(ContextFile::source) + .collect::>(); + + assert_eq!( + sources, + vec!["claude_md", "claw_md", "agents_md", "claude_claude_md"] + ); + assert!(rendered.contains("claude instructions")); + assert!(rendered.contains("claw instructions")); + assert!(rendered.contains("agents instructions")); + assert!(rendered.contains("dot claude instructions")); + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + #[test] fn dedupes_identical_instruction_content_across_scopes() { let root = temp_dir(); let nested = root.join("apps").join("api"); fs::create_dir_all(&nested).expect("nested dir"); + fs::create_dir(root.join(".git")).expect("git boundary"); fs::write(root.join("CLAUDE.md"), "same rules\n\n").expect("write root"); fs::write(nested.join("CLAUDE.md"), "same rules\n").expect("write nested"); @@ -653,6 +961,50 @@ mod tests { fs::remove_dir_all(root).expect("cleanup temp dir"); } + #[test] + fn discovery_stops_at_git_root_boundary_439() { + let root = temp_dir(); + let repo = root.join("repo"); + let nested = repo.join("subproj").join("deep").join("nest"); + fs::create_dir_all(&nested).expect("nested dir"); + fs::create_dir(repo.join(".git")).expect("git boundary"); + fs::write(root.join("CLAUDE.md"), "PARENT_CLAUDE").expect("write parent"); + fs::write(repo.join("CLAUDE.md"), "REPO_CLAUDE").expect("write repo"); + fs::write(repo.join("subproj").join("CLAUDE.md"), "CHILD_CLAUDE").expect("write child"); + fs::write( + repo.join("subproj").join("deep").join("CLAUDE.md"), + "DEEP_CLAUDE", + ) + .expect("write deep"); + + let context = ProjectContext::discover(&nested, "2026-03-31").expect("context should load"); + let rendered = render_instruction_files(&context.instruction_files); + + assert!(!rendered.contains("PARENT_CLAUDE")); + assert!(rendered.contains("REPO_CLAUDE")); + assert!(rendered.contains("CHILD_CLAUDE")); + assert!(rendered.contains("DEEP_CLAUDE")); + assert_eq!(context.instruction_files.len(), 3); + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + + #[test] + fn discovery_without_git_root_stays_cwd_local_439() { + let root = temp_dir(); + let nested = root.join("scratch"); + fs::create_dir_all(&nested).expect("nested dir"); + fs::write(root.join("CLAUDE.md"), "PARENT_CLAUDE").expect("write parent"); + fs::write(nested.join("CLAUDE.md"), "SCRATCH_CLAUDE").expect("write scratch"); + + let context = ProjectContext::discover(&nested, "2026-03-31").expect("context should load"); + let rendered = render_instruction_files(&context.instruction_files); + + assert!(!rendered.contains("PARENT_CLAUDE")); + assert!(rendered.contains("SCRATCH_CLAUDE")); + assert_eq!(context.instruction_files.len(), 1); + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + #[test] fn truncates_large_instruction_content_for_rendering() { let rendered = render_instruction_content(&"x".repeat(4500)); @@ -876,6 +1228,51 @@ mod tests { fs::remove_dir_all(root).expect("cleanup temp dir"); } + #[test] + fn load_system_prompt_respects_rules_import_config() { + let root = temp_dir(); + fs::create_dir_all(root.join(".claw")).expect("claw dir"); + fs::write(root.join(".cursorrules"), "cursor rule").expect("write cursor rule"); + fs::write( + root.join(".claw").join("settings.json"), + r#"{"rulesImport":"none"}"#, + ) + .expect("write settings"); + + let _guard = env_lock(); + ensure_valid_cwd(); + let previous = std::env::current_dir().expect("cwd"); + let original_home = std::env::var("HOME").ok(); + let original_claw_home = std::env::var("CLAW_CONFIG_HOME").ok(); + std::env::set_var("HOME", &root); + std::env::set_var("CLAW_CONFIG_HOME", root.join("missing-home")); + std::env::set_current_dir(&root).expect("change cwd"); + let prompt = super::load_system_prompt( + &root, + "2026-03-31", + "linux", + "6.8", + ModelFamilyIdentity::Claude, + ) + .expect("system prompt should load") + .join("\n\n"); + std::env::set_current_dir(previous).expect("restore cwd"); + if let Some(value) = original_home { + std::env::set_var("HOME", value); + } else { + std::env::remove_var("HOME"); + } + if let Some(value) = original_claw_home { + std::env::set_var("CLAW_CONFIG_HOME", value); + } else { + std::env::remove_var("CLAW_CONFIG_HOME"); + } + + assert!(!prompt.contains("cursor rule")); + assert!(prompt.contains("rulesImport")); + fs::remove_dir_all(root).expect("cleanup temp dir"); + } + #[test] fn renders_default_claude_model_family_identity() { // given: a prompt builder without an explicit model family override @@ -945,7 +1342,7 @@ mod tests { assert!(prompt.contains("# System")); assert!(prompt.contains("# Project context")); - assert!(prompt.contains("# Claude instructions")); + assert!(prompt.contains("# Project instructions")); assert!(prompt.contains("Project rules")); assert!(prompt.contains("permissionMode")); assert!(prompt.contains(SYSTEM_PROMPT_DYNAMIC_BOUNDARY)); @@ -990,7 +1387,7 @@ mod tests { path: PathBuf::from("/tmp/project/CLAUDE.md"), content: "Project rules".to_string(), }]); - assert!(rendered.contains("# Claude instructions")); + assert!(rendered.contains("# Project instructions")); assert!(rendered.contains("scope: /tmp/project")); assert!(rendered.contains("Project rules")); } diff --git a/rust/crates/runtime/src/session_control.rs b/rust/crates/runtime/src/session_control.rs index e6c3f6c0..ebb252e1 100644 --- a/rust/crates/runtime/src/session_control.rs +++ b/rust/crates/runtime/src/session_control.rs @@ -28,7 +28,8 @@ pub struct SessionStore { impl SessionStore { /// Build a store from the server's current working directory. /// - /// The on-disk layout becomes `/.claw/sessions//`. + /// The on-disk layout is `/.claw/sessions//`, + /// created lazily on first successful session save. pub fn from_cwd(cwd: impl AsRef) -> Result { let cwd = cwd.as_ref(); // #151: canonicalize so equivalent paths (symlinks, relative vs @@ -40,7 +41,6 @@ impl SessionStore { .join(".claw") .join("sessions") .join(workspace_fingerprint(&canonical_cwd)); - fs::create_dir_all(&sessions_root)?; Ok(Self { sessions_root, workspace_root: canonical_cwd, @@ -49,7 +49,8 @@ impl SessionStore { /// Build a store from an explicit `--data-dir` flag. /// - /// The on-disk layout becomes `/sessions//` + /// The on-disk layout is `/sessions//`, + /// created lazily on first successful session save. /// where `` is derived from `workspace_root`. pub fn from_data_dir( data_dir: impl AsRef, @@ -64,7 +65,6 @@ impl SessionStore { .as_ref() .join("sessions") .join(workspace_fingerprint(&canonical_workspace)); - fs::create_dir_all(&sessions_root)?; Ok(Self { sessions_root, workspace_root: canonical_workspace, @@ -760,14 +760,21 @@ mod tests { use crate::session::Session; use std::fs; use std::path::{Path, PathBuf}; + use std::sync::atomic::{AtomicU64, Ordering}; use std::time::{SystemTime, UNIX_EPOCH}; + static TEMP_COUNTER: AtomicU64 = AtomicU64::new(0); + fn temp_dir() -> PathBuf { let nanos = SystemTime::now() .duration_since(UNIX_EPOCH) .expect("time should be after epoch") .as_nanos(); - std::env::temp_dir().join(format!("runtime-session-control-{nanos}")) + let counter = TEMP_COUNTER.fetch_add(1, Ordering::Relaxed); + std::env::temp_dir().join(format!( + "runtime-session-control-{}-{nanos}-{counter}", + std::process::id() + )) } fn persist_session(root: &Path, text: &str) -> Session { @@ -981,6 +988,38 @@ mod tests { } } + #[test] + fn session_store_from_cwd_is_side_effect_free_until_save() { + // given + let base = temp_dir(); + let workspace = base.join("fresh-workspace"); + fs::create_dir_all(&workspace).expect("workspace should exist"); + + // when + let store = SessionStore::from_cwd(&workspace).expect("store should build"); + + // then — resolving the store must not create .claw/session partitions. + assert!( + !workspace.join(".claw").exists(), + "session store construction must not create .claw side effects" + ); + assert!( + !store.sessions_dir().exists(), + "session partition should be created lazily on save" + ); + + let session = persist_session_via_store(&store, "first saved turn"); + assert!( + store + .sessions_dir() + .join(format!("{}.jsonl", session.session_id)) + .exists(), + "saving a managed session should create the lazy session partition" + ); + + fs::remove_dir_all(base).expect("temp dir should clean up"); + } + #[test] fn session_store_from_cwd_isolates_sessions_by_workspace() { // given diff --git a/rust/crates/rusty-claude-cli/Cargo.toml b/rust/crates/rusty-claude-cli/Cargo.toml index 10f52eac..d0441760 100644 --- a/rust/crates/rusty-claude-cli/Cargo.toml +++ b/rust/crates/rusty-claude-cli/Cargo.toml @@ -12,7 +12,6 @@ path = "src/main.rs" [dependencies] api = { path = "../api" } commands = { path = "../commands" } -compat-harness = { path = "../compat-harness" } crossterm = "0.28" pulldown-cmark = "0.13" rustyline = "15" diff --git a/rust/crates/rusty-claude-cli/build.rs b/rust/crates/rusty-claude-cli/build.rs index 551408ce..fc4e3c45 100644 --- a/rust/crates/rusty-claude-cli/build.rs +++ b/rust/crates/rusty-claude-cli/build.rs @@ -1,10 +1,9 @@ use std::env; use std::process::Command; -fn main() { - // Get git SHA (short hash) - let git_sha = Command::new("git") - .args(["rev-parse", "--short", "HEAD"]) +fn command_output(program: &str, args: &[&str]) -> Option { + Command::new(program) + .args(args) .output() .ok() .and_then(|output| { @@ -14,11 +13,37 @@ fn main() { None } }) - .map_or_else(|| "unknown".to_string(), |s| s.trim().to_string()); + .map(|value| value.trim().to_string()) + .filter(|value| !value.is_empty()) +} + +fn main() { + let git_sha = + command_output("git", &["rev-parse", "HEAD"]).unwrap_or_else(|| "unknown".to_string()); + let git_sha_short = command_output("git", &["rev-parse", "--short=12", "HEAD"]) + .or_else(|| git_sha.get(..git_sha.len().min(12)).map(str::to_string)) + .unwrap_or_else(|| "unknown".to_string()); + let git_dirty = command_output("git", &["status", "--porcelain"]) + .map(|status| (!status.trim().is_empty()).to_string()) + .unwrap_or_else(|| "false".to_string()); + let git_branch = command_output("git", &["branch", "--show-current"]) + .unwrap_or_else(|| "unknown".to_string()); + let git_commit_date = command_output("git", &["show", "-s", "--format=%cI", "HEAD"]) + .unwrap_or_else(|| "unknown".to_string()); + let git_commit_timestamp = command_output("git", &["show", "-s", "--format=%ct", "HEAD"]) + .unwrap_or_else(|| "unknown".to_string()); + let rustc_version = + command_output("rustc", &["--version"]).unwrap_or_else(|| "unknown".to_string()); println!("cargo:rustc-env=GIT_SHA={git_sha}"); + println!("cargo:rustc-env=GIT_SHA_SHORT={git_sha_short}"); + println!("cargo:rustc-env=GIT_DIRTY={git_dirty}"); + println!("cargo:rustc-env=GIT_BRANCH={git_branch}"); + println!("cargo:rustc-env=GIT_COMMIT_DATE={git_commit_date}"); + println!("cargo:rustc-env=GIT_COMMIT_TIMESTAMP={git_commit_timestamp}"); + println!("cargo:rustc-env=RUSTC_VERSION={rustc_version}"); - // TARGET is always set by Cargo during build + // TARGET is always set by Cargo during build. let target = env::var("TARGET").unwrap_or_else(|_| "unknown".to_string()); println!("cargo:rustc-env=TARGET={target}"); @@ -35,23 +60,12 @@ fn main() { }) .or_else(|| std::env::var("BUILD_DATE").ok()) .unwrap_or_else(|| { - // Fall back to current date via `date` command - Command::new("date") - .args(["+%Y-%m-%d"]) - .output() - .ok() - .and_then(|o| { - if o.status.success() { - String::from_utf8(o.stdout).ok() - } else { - None - } - }) - .map_or_else(|| "unknown".to_string(), |s| s.trim().to_string()) + command_output("date", &["+%Y-%m-%d"]).unwrap_or_else(|| "unknown".to_string()) }); println!("cargo:rustc-env=BUILD_DATE={build_date}"); - // Rerun if git state changes - println!("cargo:rerun-if-changed=.git/HEAD"); - println!("cargo:rerun-if-changed=.git/refs"); + // Rerun if git state changes. Paths are relative to this package root. + println!("cargo:rerun-if-changed=../../../.git/HEAD"); + println!("cargo:rerun-if-changed=../../../.git/refs"); + println!("cargo:rerun-if-changed=../../../.git/index"); } diff --git a/rust/crates/rusty-claude-cli/src/init.rs b/rust/crates/rusty-claude-cli/src/init.rs index eb012dbd..ac192339 100644 --- a/rust/crates/rusty-claude-cli/src/init.rs +++ b/rust/crates/rusty-claude-cli/src/init.rs @@ -4,7 +4,14 @@ use std::path::{Path, PathBuf}; const STARTER_CLAW_JSON: &str = concat!( "{\n", " \"permissions\": {\n", - " \"defaultMode\": \"dontAsk\"\n", + " \"defaultMode\": \"acceptEdits\"\n", + " }\n", + "}\n", +); +const STARTER_SETTINGS_JSON: &str = concat!( + "{\n", + " \"permissions\": {\n", + " \"defaultMode\": \"acceptEdits\"\n", " }\n", "}\n", ); @@ -15,6 +22,8 @@ const GITIGNORE_ENTRIES: [&str; 3] = [".claw/settings.local.json", ".claw/sessio pub(crate) enum InitStatus { Created, Updated, + Partial, + Deferred, Skipped, } @@ -24,6 +33,8 @@ impl InitStatus { match self { Self::Created => "created", Self::Updated => "updated", + Self::Partial => "partial (created missing sub-files)", + Self::Deferred => "deferred (created on first session save)", Self::Skipped => "skipped (already exists)", } } @@ -36,6 +47,8 @@ impl InitStatus { match self { Self::Created => "created", Self::Updated => "updated", + Self::Partial => "partial", + Self::Deferred => "deferred", Self::Skipped => "skipped", } } @@ -123,9 +136,30 @@ pub(crate) fn initialize_repo(cwd: &Path) -> Result, /// Where the resolved model string originated. source: ModelSource, + /// Alias-expanded target when `raw` differs from `resolved`. + alias_resolved_to: Option, + /// Environment variable that supplied the model, when source is Env. + env_var: Option, +} +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +enum PermissionModeSource { + Flag, + Env, + Config, + Default, +} + +impl PermissionModeSource { + fn as_str(self) -> &'static str { + match self { + Self::Flag => "flag", + Self::Env => "env", + Self::Config => "config", + Self::Default => "default", + } + } + + fn is_explicit(self) -> bool { + !matches!(self, Self::Default) + } +} + +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +struct PermissionModeProvenance { + mode: PermissionMode, + source: PermissionModeSource, + env_var: Option<&'static str>, +} + +impl PermissionModeProvenance { + fn from_flag(mode: PermissionMode) -> Self { + Self { + mode, + source: PermissionModeSource::Flag, + env_var: None, + } + } + + fn default_fallback() -> Self { + Self { + mode: PermissionMode::WorkspaceWrite, + source: PermissionModeSource::Default, + env_var: None, + } + } +} + +struct EnvModel { + name: &'static str, + value: String, } impl ModelProvenance { @@ -113,49 +170,90 @@ impl ModelProvenance { resolved: DEFAULT_MODEL.to_string(), raw: None, source: ModelSource::Default, + alias_resolved_to: None, + env_var: None, } } - fn from_flag(raw: &str) -> Self { + fn from_flag(raw: &str, resolved: &str) -> Self { + Self::from_resolved(raw, resolved, ModelSource::Flag, None) + } + + fn from_raw(raw: &str, source: ModelSource, env_var: Option<&str>) -> Self { + let resolved = resolve_model_alias_with_config(raw); + Self::from_resolved(raw, &resolved, source, env_var) + } + + fn from_resolved( + raw: &str, + resolved: &str, + source: ModelSource, + env_var: Option<&str>, + ) -> Self { + let raw_trimmed = raw.trim(); + let alias_resolved_to = (raw_trimmed != resolved).then(|| resolved.to_string()); Self { - resolved: resolve_model_alias_with_config(raw), + resolved: resolved.to_string(), raw: Some(raw.to_string()), - source: ModelSource::Flag, + source, + alias_resolved_to, + env_var: env_var.map(str::to_string), } } - fn from_env_or_config_or_default(cli_model: &str) -> Self { + fn from_env_or_config_or_default(cli_model: &str) -> Result { // Only called when no --model flag was passed. Probe env first, // then config, else fall back to default. Mirrors the logic in // resolve_repl_model() but captures the source. if cli_model != DEFAULT_MODEL { - // Already resolved from some prior path; treat as flag. - return Self { - resolved: cli_model.to_string(), - raw: Some(cli_model.to_string()), - source: ModelSource::Flag, - }; + let provenance = Self::from_resolved(cli_model, cli_model, ModelSource::Flag, None); + provenance.validate()?; + return Ok(provenance); } - if let Some(env_model) = env::var("ANTHROPIC_MODEL") - .ok() - .map(|value| value.trim().to_string()) - .filter(|value| !value.is_empty()) - { - return Self { - resolved: resolve_model_alias_with_config(&env_model), - raw: Some(env_model), - source: ModelSource::Env, - }; + if let Some(env_model) = env_model_for_runtime() { + let provenance = + Self::from_raw(&env_model.value, ModelSource::Env, Some(env_model.name)); + provenance.validate()?; + return Ok(provenance); } if let Some(config_model) = config_model_for_current_dir() { - return Self { - resolved: resolve_model_alias_with_config(&config_model), - raw: Some(config_model), - source: ModelSource::Config, - }; + let provenance = Self::from_raw(&config_model, ModelSource::Config, None); + provenance.validate()?; + return Ok(provenance); } - Self::default_fallback() + Ok(Self::default_fallback()) } + + fn validate(&self) -> Result<(), String> { + validate_model_syntax(&self.resolved).map_err(|error| { + let source = match self.source { + ModelSource::Flag => "--model", + ModelSource::Env => self.env_var.as_deref().unwrap_or("environment"), + ModelSource::Config => "config model", + ModelSource::Default => "default model", + }; + if let Some(raw) = &self.raw { + format!( + "invalid_model: {source} model `{raw}` is invalid after alias resolution to `{}`.\n{error}", + self.resolved + ) + } else { + error + } + }) + } +} + +fn env_model_for_runtime() -> Option { + ["CLAW_MODEL", "ANTHROPIC_MODEL", "ANTHROPIC_DEFAULT_MODEL"] + .into_iter() + .find_map(|name| { + env::var(name) + .ok() + .map(|value| value.trim().to_string()) + .filter(|value| !value.is_empty()) + .map(|value| EnvModel { name, value }) + }) } fn max_tokens_for_model(model: &str) -> u32 { @@ -171,6 +269,12 @@ const DEFAULT_OAUTH_CALLBACK_PORT: u16 = 4545; const VERSION: &str = env!("CARGO_PKG_VERSION"); const BUILD_TARGET: Option<&str> = option_env!("TARGET"); const GIT_SHA: Option<&str> = option_env!("GIT_SHA"); +const GIT_SHA_SHORT: Option<&str> = option_env!("GIT_SHA_SHORT"); +const GIT_DIRTY: Option<&str> = option_env!("GIT_DIRTY"); +const GIT_BRANCH: Option<&str> = option_env!("GIT_BRANCH"); +const GIT_COMMIT_DATE: Option<&str> = option_env!("GIT_COMMIT_DATE"); +const GIT_COMMIT_TIMESTAMP: Option<&str> = option_env!("GIT_COMMIT_TIMESTAMP"); +const RUSTC_VERSION: Option<&str> = option_env!("RUSTC_VERSION"); const INTERNAL_PROGRESS_HEARTBEAT_INTERVAL: Duration = Duration::from_secs(3); const POST_TOOL_STALL_TIMEOUT: Duration = Duration::from_secs(10); const PRIMARY_SESSION_EXTENSION: &str = "jsonl"; @@ -188,6 +292,10 @@ const CLI_OPTION_SUGGESTIONS: &[&str] = &[ "--model", "--output-format", "--permission-mode", + "--cwd", + "--directory", + "-C", + "--skip-permissions", "--dangerously-skip-permissions", "--allowedTools", "--allowed-tools", @@ -200,6 +308,17 @@ const CLI_OPTION_SUGGESTIONS: &[&str] = &[ "-p", ]; +fn is_registered_cli_flag_token(value: &str) -> bool { + let flag = value.split_once('=').map_or(value, |(flag, _)| flag); + CLI_OPTION_SUGGESTIONS.contains(&flag) +} + +fn should_reject_unknown_option_like(value: &str) -> bool { + is_registered_cli_flag_token(value) + || (value.starts_with("--") + && suggest_closest_term(value, CLI_OPTION_SUGGESTIONS).is_some()) +} + type AllowedToolSet = BTreeSet; type RuntimePluginStateBuildOutput = ( Option>>, @@ -212,10 +331,7 @@ fn main() { // When --output-format json is active, emit errors as JSON so downstream // tools can parse failures the same way they parse successes (ROADMAP #42). let argv: Vec = std::env::args().collect(); - let json_output = argv - .windows(2) - .any(|w| w[0] == "--output-format" && w[1] == "json") - || argv.iter().any(|a| a == "--output-format=json"); + let json_output = raw_args_request_json_output(&argv[1..]); if json_output { // #77/#696: classify error by prefix so downstream claws can route // without regex-scraping prose. Keep the legacy `type`/`kind` @@ -225,23 +341,70 @@ fn main() { let (short_reason, inline_hint) = split_error_hint(&message); // #781: fall back to a kind-derived hint when the message has no \n-delimited hint let hint = inline_hint.or_else(|| fallback_hint_for_error_kind(kind).map(String::from)); + let mut error_json = serde_json::json!({ + "type": "error", + "kind": kind, + "status": "error", + "error_kind": kind, + "error": short_reason, + "message": short_reason, + "action": "abort", + "hint": hint, + "exit_code": 1, + }); + if kind == "invalid_cwd" { + if let Some(error) = error.downcast_ref::() { + if let Some(object) = error_json.as_object_mut() { + object.insert("path".to_string(), serde_json::json!(&error.path)); + object.insert( + "reason".to_string(), + serde_json::json!(error.reason.as_str()), + ); + } + } + } else if kind == "invalid_output_path" { + if let Some(error) = error.downcast_ref::() { + if let Some(object) = error_json.as_object_mut() { + object.insert("path".to_string(), serde_json::json!(&error.path)); + object.insert( + "reason".to_string(), + serde_json::json!(error.reason.as_str()), + ); + } + } + } else if kind == "invalid_output_format" { + if let Some(object) = error_json.as_object_mut() { + object.insert( + "value".to_string(), + serde_json::json!(invalid_output_format_value(&message)), + ); + object.insert("expected".to_string(), serde_json::json!(["text", "json"])); + } + } else if kind == "invalid_tool_name" { + let (tool_name, available, aliases) = invalid_tool_name_details(&message); + if let Some(object) = error_json.as_object_mut() { + if let Some(tool_name) = tool_name { + object.insert("tool_name".to_string(), serde_json::json!(tool_name)); + } + object.insert("available".to_string(), serde_json::json!(available)); + object.insert("tool_aliases".to_string(), aliases); + } + } else if kind == "missing_argument" { + if let Some(object) = error_json.as_object_mut() { + if message.contains("--allowedTools") { + object.insert("argument".to_string(), serde_json::json!("--allowedTools")); + } else if message.contains("prompt or subcommand") { + object.insert( + "argument".to_string(), + serde_json::json!("prompt or subcommand"), + ); + } + } + } // #819/#820/#823: JSON mode error envelopes must go to stdout so machine // consumers can parse failures from stdout byte 0 (parity with all // non-interactive command guards that already use println! / to_stdout). - println!( - "{}", - serde_json::json!({ - "type": "error", - "kind": kind, - "status": "error", - "error_kind": kind, - "error": short_reason, - "message": short_reason, - "action": "abort", - "hint": hint, - "exit_code": 1, - }) - ); + println!("{}", error_json); } else { // #156: Add machine-readable error kind to text output so stderr observers // don't need to regex-scrape the prose. @@ -266,7 +429,7 @@ Run `claw --help` for usage." /// #77: Classify a stringified error message into a machine-readable kind. /// -/// Returns a snake_case token that downstream consumers can switch on instead +/// Returns a `snake_case` token that downstream consumers can switch on instead /// of regex-scraping the prose. The classification is best-effort prefix/keyword /// matching against the error messages produced throughout the CLI surface. fn classify_error_kind(message: &str) -> &'static str { @@ -277,7 +440,9 @@ fn classify_error_kind(message: &str) -> &'static str { "command_not_found" } else if message.contains("missing Anthropic credentials") { "missing_credentials" - } else if message.contains("Manifest source files are missing") { + } else if message.contains("Manifest source files are missing") + || message.starts_with("missing_manifests:") + { "missing_manifests" } else if message.contains("no worker state file found") { "missing_worker_state" @@ -297,14 +462,30 @@ fn classify_error_kind(message: &str) -> &'static str { "session_load_failed" } else if message.contains("unsupported ACP invocation") { "unsupported_acp_invocation" + } else if message.starts_with("missing_argument:") { + "missing_argument" } else if message.contains("unsupported skills action") { "unsupported_skills_action" + } else if message.starts_with("invalid_install_source:") { + "invalid_install_source" + } else if message.starts_with("invalid_cwd:") { + "invalid_cwd" + } else if message.starts_with("invalid_output_path:") { + "invalid_output_path" + } else if message.starts_with("invalid_output_format:") { + "invalid_output_format" + } else if message.starts_with("invalid_tool_name:") { + "invalid_tool_name" } else if message.contains("unrecognized argument") || message.contains("unknown option") { "cli_parse" } else if message.starts_with("missing_flag_value:") { "missing_flag_value" + } else if message.starts_with("invalid_permission_mode:") { + "invalid_permission_mode" } else if message.starts_with("invalid_flag_value:") { "invalid_flag_value" + } else if message.starts_with("invalid_model:") { + "invalid_model" } else if message.contains("invalid model syntax") { "invalid_model_syntax" } else if message.contains("is not yet implemented") { @@ -388,9 +569,9 @@ fn classify_error_kind(message: &str) -> &'static str { } } -/// #77: Split a multi-line error message into (short_reason, optional_hint). +/// #77: Split a multi-line error message into (`short_reason`, `optional_hint`). /// -/// The short_reason is the first line (up to the first newline), and the hint +/// The `short_reason` is the first line (up to the first newline), and the hint /// is the remaining text or `None` if there's no newline. This prevents the /// runbook prose from being stuffed into the `error` field that downstream /// parsers expect to be the short reason alone. @@ -401,6 +582,51 @@ fn split_error_hint(message: &str) -> (String, Option) { } } +fn invalid_tool_name_details(message: &str) -> (Option, Vec, Value) { + let tool_name = message + .strip_prefix("invalid_tool_name: unsupported tool in --allowedTools:") + .and_then(|rest| rest.lines().next()) + .map(str::trim) + .filter(|value| !value.is_empty()) + .map(ToOwned::to_owned); + let available = message + .lines() + .find_map(|line| line.strip_prefix("Available:")) + .map(|line| { + line.split(',') + .map(str::trim) + .filter(|value| !value.is_empty()) + .map(ToOwned::to_owned) + .collect::>() + }) + .unwrap_or_default(); + let aliases = message + .lines() + .find_map(|line| line.strip_prefix("Aliases:")) + .map(|line| { + line.split(',') + .filter_map(|entry| entry.trim().split_once('=')) + .map(|(alias, canonical)| { + ( + alias.trim().to_string(), + Value::String(canonical.trim().to_string()), + ) + }) + .collect::>() + }) + .unwrap_or_default(); + (tool_name, available, Value::Object(aliases)) +} + +fn invalid_output_format_value(message: &str) -> Option { + message + .strip_prefix("invalid_output_format: unsupported value for --output-format:") + .and_then(|rest| rest.lines().next()) + .map(str::trim) + .filter(|value| !value.is_empty()) + .map(ToOwned::to_owned) +} + /// #781: derive a stable fallback hint from a classified error kind when the error /// message itself has no `\n`-delimited hint. Returns `None` for kinds where the /// message is self-explanatory or no canonical remediation exists. @@ -415,6 +641,9 @@ fn fallback_hint_for_error_kind(kind: &str) -> Option<&'static str> { "missing_credentials" => { Some("Set ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN before running claw.") } + "config_parse_error" => Some( + "Fix the JSON syntax or schema in the referenced .claw/settings.json or .claw.json file, then rerun the command.", + ), // #787: session load failures have no \n-delimited hint from the OS error path "session_load_failed" => Some( "Pass a path to a .jsonl session file, not a directory. Managed sessions live in .claw/sessions/.", @@ -433,14 +662,240 @@ fn fallback_hint_for_error_kind(kind: &str) -> Option<&'static str> { "skill_not_found" => Some( "Run `claw skills list` to see available skills, or `claw skills install ` to install a new one.", ), - // #795: unsupported action on skills (e.g. /skills uninstall) with no \n hint + // #795/#431: unsupported/invalid skills lifecycle input should include actionable local guidance. "unsupported_skills_action" => Some( - "Supported: list, install , show , help. Run `claw skills help` for details.", + "Supported: list, show , install , uninstall , help. Run `claw skills help` for details.", ), + "invalid_install_source" => Some( + "Pass a local skill directory containing SKILL.md or a standalone markdown file.", + ), + "invalid_tool_name" => Some( + "Use canonical snake_case tool names from `available` or documented aliases from `tool_aliases`.", + ), + "invalid_output_format" => Some("Use --output-format text or --output-format json."), _ => None, } } +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +enum InvalidCwdReason { + Empty, + NotFound, + NotADirectory, +} + +impl InvalidCwdReason { + fn as_str(self) -> &'static str { + match self { + Self::Empty => "empty", + Self::NotFound => "not_found", + Self::NotADirectory => "not_a_directory", + } + } +} + +#[derive(Debug)] +struct InvalidCwdError { + path: String, + reason: InvalidCwdReason, +} + +impl InvalidCwdError { + fn new(path: impl Into, reason: InvalidCwdReason) -> Self { + Self { + path: path.into(), + reason, + } + } +} + +impl std::fmt::Display for InvalidCwdError { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + write!( + f, + "invalid_cwd: {}: `{}`\nUsage: --cwd , -C , or --directory ", + self.reason.as_str(), + self.path + ) + } +} + +impl std::error::Error for InvalidCwdError {} + +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +enum InvalidOutputPathReason { + Empty, + ParentNotFound, + ParentNotADirectory, + PathIsDirectory, +} + +impl InvalidOutputPathReason { + fn as_str(self) -> &'static str { + match self { + Self::Empty => "empty", + Self::ParentNotFound => "parent_not_found", + Self::ParentNotADirectory => "parent_not_a_directory", + Self::PathIsDirectory => "path_is_directory", + } + } +} + +#[derive(Debug)] +struct InvalidOutputPathError { + path: String, + reason: InvalidOutputPathReason, +} + +impl InvalidOutputPathError { + fn new(path: impl Into, reason: InvalidOutputPathReason) -> Self { + Self { + path: path.into(), + reason, + } + } +} + +impl std::fmt::Display for InvalidOutputPathError { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + write!( + f, + "invalid_output_path: {}: `{}`\nUsage: claw export [PATH] [--session SESSION] [--output PATH]", + self.reason.as_str(), + self.path + ) + } +} + +impl std::error::Error for InvalidOutputPathError {} + +fn split_global_cwd_args( + args: &[String], +) -> Result<(Vec, Option), Box> { + let mut filtered = Vec::with_capacity(args.len()); + let mut cwd = None; + let mut index = 0; + + while index < args.len() { + let arg = &args[index]; + match arg.as_str() { + "--cwd" | "-C" | "--directory" => { + let value = args.get(index + 1).ok_or_else(|| { + io::Error::new( + io::ErrorKind::InvalidInput, + "missing_flag_value: missing value for --cwd.\nUsage: --cwd , -C , or --directory ", + ) + })?; + cwd = Some(validate_global_cwd(value)?); + index += 2; + } + flag if flag.starts_with("--cwd=") => { + let value = &flag[6..]; + cwd = Some(validate_global_cwd(value)?); + index += 1; + } + flag if flag.starts_with("--directory=") => { + let value = &flag[12..]; + cwd = Some(validate_global_cwd(value)?); + index += 1; + } + flag if global_flag_takes_value(flag) => { + filtered.push(arg.clone()); + if let Some(value) = args.get(index + 1) { + filtered.push(value.clone()); + index += 2; + } else { + index += 1; + } + } + flag if global_flag_is_value_inline(flag) => { + filtered.push(arg.clone()); + index += 1; + } + flag if global_flag_without_value(flag) => { + filtered.push(arg.clone()); + index += 1; + } + "--" => { + filtered.extend(args[index..].iter().cloned()); + break; + } + other if other.starts_with('-') => { + filtered.push(arg.clone()); + index += 1; + } + _ => { + filtered.extend(args[index..].iter().cloned()); + break; + } + } + } + + Ok((filtered, cwd)) +} + +fn global_flag_takes_value(flag: &str) -> bool { + matches!( + flag, + "--model" + | "--output-format" + | "--permission-mode" + | "--base-commit" + | "--reasoning-effort" + | "--allowedTools" + | "--allowed-tools" + ) +} + +fn global_flag_is_value_inline(flag: &str) -> bool { + flag.starts_with("--model=") + || flag.starts_with("--output-format=") + || flag.starts_with("--permission-mode=") + || flag.starts_with("--base-commit=") + || flag.starts_with("--reasoning-effort=") + || flag.starts_with("--allowedTools=") + || flag.starts_with("--allowed-tools=") +} + +fn global_flag_without_value(flag: &str) -> bool { + matches!( + flag, + "--help" + | "-h" + | "--version" + | "-V" + | "--dangerously-skip-permissions" + | "--skip-permissions" + | "--compact" + | "--allow-broad-cwd" + | "--print" + | "--acp" + | "-acp" + ) +} + +fn validate_global_cwd(value: &str) -> Result { + if value.trim().is_empty() { + return Err(InvalidCwdError::new(value, InvalidCwdReason::Empty)); + } + let path = PathBuf::from(value); + match fs::metadata(&path) { + Ok(metadata) if metadata.is_dir() => Ok(path), + Ok(_) => Err(InvalidCwdError::new(value, InvalidCwdReason::NotADirectory)), + Err(error) if error.kind() == io::ErrorKind::NotFound => { + Err(InvalidCwdError::new(value, InvalidCwdReason::NotFound)) + } + Err(_) => Err(InvalidCwdError::new(value, InvalidCwdReason::NotFound)), + } +} + +fn apply_global_cwd(cwd: Option) -> Result<(), Box> { + if let Some(cwd) = cwd { + env::set_current_dir(cwd)?; + } + Ok(()) +} + /// Read piped stdin content when stdin is not a terminal. /// /// Returns `None` when stdin is attached to a terminal (interactive REPL use), @@ -540,13 +995,12 @@ fn run() -> Result<(), Box> { // #824: suppress config deprecation prose warnings to stderr when JSON // output mode is active. Scan the raw argv before parse_args so the // suppression is in place before any settings file is loaded. - let json_mode = args - .windows(2) - .any(|w| w[0] == "--output-format" && w[1] == "json") - || args.iter().any(|a| a == "--output-format=json"); + let json_mode = raw_args_request_json_output(&args); if json_mode { runtime::suppress_config_warnings_for_json_mode(); } + let (args, cwd) = split_global_cwd_args(&args)?; + apply_global_cwd(cwd)?; match parse_args(&args)? { CliAction::DumpManifests { output_format, @@ -620,11 +1074,15 @@ fn run() -> Result<(), Box> { None }; let effective_prompt = merge_prompt_with_stdin(&prompt, stdin_context.as_deref()); - let mut cli = LiveCli::new(model, true, allowed_tools, permission_mode)?; + let resolved_model = resolve_repl_model(model)?; + let mut cli = LiveCli::new(resolved_model, true, allowed_tools, permission_mode)?; cli.set_reasoning_effort(reasoning_effort); cli.run_turn_with_output(&effective_prompt, output_format, compact)?; } - CliAction::Doctor { output_format } => run_doctor(output_format)?, + CliAction::Doctor { + output_format, + permission_mode, + } => run_doctor(output_format, permission_mode)?, CliAction::Acp { output_format } => print_acp_status(output_format)?, CliAction::State { output_format } => run_worker_state(output_format)?, CliAction::Init { output_format } => run_init(output_format)?, @@ -645,6 +1103,10 @@ fn run() -> Result<(), Box> { ); } }, + CliAction::Models { + action, + output_format, + } => print_models(action.as_deref(), output_format)?, CliAction::Diff { output_format } => match output_format { CliOutputFormat::Text => { println!("{}", render_diff_report()?); @@ -732,7 +1194,7 @@ enum CliAction { // None means no flag was supplied; env/config/default fallback is // resolved inside `print_status_snapshot`. model_flag_raw: Option, - permission_mode: PermissionMode, + permission_mode: PermissionModeProvenance, output_format: CliOutputFormat, allowed_tools: Option, }, @@ -752,6 +1214,7 @@ enum CliAction { }, Doctor { output_format: CliOutputFormat, + permission_mode: PermissionModeProvenance, }, Acp { output_format: CliOutputFormat, @@ -768,6 +1231,10 @@ enum CliAction { section: Option, output_format: CliOutputFormat, }, + Models { + action: Option, + output_format: CliOutputFormat, + }, Diff { output_format: CliOutputFormat, }, @@ -804,6 +1271,9 @@ enum LocalHelpTopic { // `claw --help` has one consistent contract. Init, State, + Resume, + Session, + Compact, Export, Version, SystemPrompt, @@ -815,6 +1285,8 @@ enum LocalHelpTopic { Plugins, Mcp, Config, + Model, + Settings, Diff, } @@ -824,16 +1296,145 @@ enum CliOutputFormat { Json, } +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +enum OutputFormatSource { + Default, + Env, + Flag, +} + +impl OutputFormatSource { + fn as_str(self) -> &'static str { + match self { + Self::Default => "default", + Self::Env => "env", + Self::Flag => "flag", + } + } +} + +#[derive(Debug, Clone, PartialEq, Eq)] +struct OutputFormatSelection { + format: CliOutputFormat, + source: OutputFormatSource, + raw: Option, + overridden: Vec, +} + +impl Default for OutputFormatSelection { + fn default() -> Self { + Self { + format: CliOutputFormat::Text, + source: OutputFormatSource::Default, + raw: None, + overridden: Vec::new(), + } + } +} + +static OUTPUT_FORMAT_SELECTION: OnceLock> = OnceLock::new(); + +fn output_format_selection_cell() -> &'static Mutex { + OUTPUT_FORMAT_SELECTION.get_or_init(|| Mutex::new(OutputFormatSelection::default())) +} + +fn set_current_output_format_selection(selection: &OutputFormatSelection) { + *output_format_selection_cell() + .lock() + .unwrap_or_else(std::sync::PoisonError::into_inner) = selection.clone(); +} + +fn current_output_format_selection() -> OutputFormatSelection { + output_format_selection_cell() + .lock() + .unwrap_or_else(std::sync::PoisonError::into_inner) + .clone() +} + +fn cli_has_output_format_flag(args: &[String]) -> bool { + args.iter() + .take_while(|arg| arg.as_str() != "--") + .any(|arg| arg == "--output-format" || arg.starts_with("--output-format=")) +} + +fn raw_args_request_json_output(args: &[String]) -> bool { + let mut values = Vec::new(); + let mut index = 0; + while index < args.len() { + let arg = &args[index]; + if arg == "--" { + break; + } + if arg == "--output-format" { + if let Some(value) = args.get(index + 1) { + values.push(value.as_str()); + } + index += 2; + continue; + } + if let Some(value) = arg.strip_prefix("--output-format=") { + values.push(value); + } + index += 1; + } + if let Some(value) = values.last() { + let value = value.trim(); + return !value.eq_ignore_ascii_case("text"); + } + env::var("CLAW_OUTPUT_FORMAT").ok().is_some_and(|value| { + let value = value.trim(); + !value.is_empty() && !value.eq_ignore_ascii_case("text") + }) +} + +fn output_format_selection_from_env() -> Result { + match env::var("CLAW_OUTPUT_FORMAT") { + Ok(raw) if !raw.trim().is_empty() => Ok(OutputFormatSelection { + format: CliOutputFormat::parse(&raw)?, + source: OutputFormatSource::Env, + raw: Some(raw), + overridden: Vec::new(), + }), + _ => Ok(OutputFormatSelection::default()), + } +} + +fn apply_output_format_flag( + selection: &mut OutputFormatSelection, + value: &str, +) -> Result { + let parsed = CliOutputFormat::parse(value)?; + if selection.source == OutputFormatSource::Flag { + let previous = selection + .raw + .clone() + .unwrap_or_else(|| selection.format.as_str().to_string()); + eprintln!("warning: --output-format specified multiple times; using last value '{value}'"); + selection.overridden.push(previous); + } + selection.format = parsed; + selection.source = OutputFormatSource::Flag; + selection.raw = Some(value.to_string()); + set_current_output_format_selection(selection); + Ok(parsed) +} impl CliOutputFormat { fn parse(value: &str) -> Result { - match value { - "text" => Ok(Self::Text), - "json" => Ok(Self::Json), + match value.trim() { + value if value.eq_ignore_ascii_case("text") => Ok(Self::Text), + value if value.eq_ignore_ascii_case("json") => Ok(Self::Json), other => Err(format!( - "unsupported value for --output-format: {other} (expected text or json)" + "invalid_output_format: unsupported value for --output-format: {other}\nExpected: text, json\nHint: Use --output-format text or --output-format json." )), } } + + fn as_str(self) -> &'static str { + match self { + Self::Text => "text", + Self::Json => "json", + } + } } #[allow(clippy::too_many_lines)] @@ -842,7 +1443,13 @@ fn parse_args(args: &[String]) -> Result { // #148: when user passes --model/--model=, capture the raw input so we // can attribute source: "flag" later. None means no flag was supplied. let mut model_flag_raw: Option = None; - let mut output_format = CliOutputFormat::Text; + let mut output_format_selection = if cli_has_output_format_flag(args) { + OutputFormatSelection::default() + } else { + output_format_selection_from_env()? + }; + set_current_output_format_selection(&output_format_selection); + let mut output_format = output_format_selection.format; let mut permission_mode_override = None; let mut wants_help = false; let mut wants_version = false; @@ -855,6 +1462,7 @@ fn parse_args(args: &[String]) -> Result { // flag parsing. None until `-p ` is seen. let mut short_p_prompt: Option = None; let mut rest: Vec = Vec::new(); + let mut positional_after_separator = false; let mut index = 0; while index < args.len() { @@ -906,25 +1514,26 @@ fn parse_args(args: &[String]) -> Result { let value = args .get(index + 1) .ok_or_else(|| "missing_flag_value: missing value for --output-format.\nUsage: --output-format text or --output-format json".to_string())?; - output_format = CliOutputFormat::parse(value)?; + output_format = apply_output_format_flag(&mut output_format_selection, value)?; index += 2; } "--permission-mode" => { let value = args .get(index + 1) - .ok_or_else(|| "missing_flag_value: missing value for --permission-mode.\nUsage: --permission-mode default|acceptEdits|bypassPermissions|dangerFullAccess".to_string())?; + .ok_or_else(|| "missing_flag_value: missing value for --permission-mode.\nUsage: --permission-mode read-only|workspace-write|danger-full-access".to_string())?; permission_mode_override = Some(parse_permission_mode_arg(value)?); index += 2; } flag if flag.starts_with("--output-format=") => { - output_format = CliOutputFormat::parse(&flag[16..])?; + output_format = + apply_output_format_flag(&mut output_format_selection, &flag[16..])?; index += 1; } flag if flag.starts_with("--permission-mode=") => { permission_mode_override = Some(parse_permission_mode_arg(&flag[18..])?); index += 1; } - "--dangerously-skip-permissions" => { + "--dangerously-skip-permissions" | "--skip-permissions" => { permission_mode_override = Some(PermissionMode::DangerFullAccess); index += 1; } @@ -969,6 +1578,16 @@ fn parse_args(args: &[String]) -> Result { allow_broad_cwd = true; index += 1; } + "--" => { + if rest.is_empty() { + positional_after_separator = true; + rest.extend(args[index + 1..].iter().cloned()); + } else { + rest.push("--".to_string()); + rest.extend(args[index + 1..].iter().cloned()); + } + break; + } "-p" => { // Claw Code compat: -p "prompt" = one-shot prompt. // #755: consume exactly one token so subsequent flags like @@ -1026,20 +1645,35 @@ fn parse_args(args: &[String]) -> Result { "--allowedTools" | "--allowed-tools" => { let value = args .get(index + 1) - .ok_or_else(|| "missing_flag_value: missing value for --allowedTools.\nUsage: --allowedTools e.g. --allowedTools Bash".to_string())?; + .ok_or_else(allowed_tools_missing_error)?; + if value.starts_with('-') || is_known_top_level_subcommand(value) { + return Err(allowed_tools_missing_error()); + } allowed_tool_values.push(value.clone()); index += 2; } flag if flag.starts_with("--allowedTools=") => { - allowed_tool_values.push(flag[15..].to_string()); + let value = flag[15..].to_string(); + if value.trim().is_empty() { + return Err(allowed_tools_missing_error()); + } + allowed_tool_values.push(value); index += 1; } flag if flag.starts_with("--allowed-tools=") => { - allowed_tool_values.push(flag[16..].to_string()); + let value = flag[16..].to_string(); + if value.trim().is_empty() { + return Err(allowed_tools_missing_error()); + } + allowed_tool_values.push(value); index += 1; } other if rest.is_empty() && other.starts_with('-') => { - return Err(format_unknown_option(other)) + if should_reject_unknown_option_like(other) { + return Err(format_unknown_option(other)); + } + rest.push(other.to_string()); + index += 1; } other => { rest.push(other.to_string()); @@ -1064,6 +1698,10 @@ fn parse_args(args: &[String]) -> Result { "acp" => Some(LocalHelpTopic::Acp), "init" => Some(LocalHelpTopic::Init), "state" => Some(LocalHelpTopic::State), + "resume" => Some(LocalHelpTopic::Resume), + "session" => Some(LocalHelpTopic::Session), + "compact" => Some(LocalHelpTopic::Compact), + "--resume" => Some(LocalHelpTopic::Resume), "export" => Some(LocalHelpTopic::Export), "version" => Some(LocalHelpTopic::Version), "system-prompt" => Some(LocalHelpTopic::SystemPrompt), @@ -1074,6 +1712,8 @@ fn parse_args(args: &[String]) -> Result { "plugins" | "plugin" | "marketplace" => Some(LocalHelpTopic::Plugins), "mcp" => Some(LocalHelpTopic::Mcp), "config" => Some(LocalHelpTopic::Config), + "model" | "models" => Some(LocalHelpTopic::Model), + "settings" => Some(LocalHelpTopic::Settings), "diff" => Some(LocalHelpTopic::Diff), _ => None, }; @@ -1108,13 +1748,32 @@ fn parse_args(args: &[String]) -> Result { }); } + if positional_after_separator && !rest.is_empty() { + let permission_mode = permission_mode_override.unwrap_or_else(default_permission_mode); + return Ok(CliAction::Prompt { + prompt: rest.join(" "), + model, + output_format, + allowed_tools, + permission_mode, + compact, + base_commit, + reasoning_effort: reasoning_effort.clone(), + allow_broad_cwd, + }); + } + if rest.is_empty() { let permission_mode = permission_mode_override.unwrap_or_else(default_permission_mode); + let stdin_is_terminal = std::io::stdin().is_terminal(); + if compact && stdin_is_terminal { + return Err(compact_missing_argument_error()); + } // When stdin is not a terminal (pipe/redirect) and no prompt is given on the // command line, read stdin as the prompt and dispatch as a one-shot Prompt // rather than starting the interactive REPL (which would consume the pipe and // print the startup banner, then exit without sending anything to the API). - if !std::io::stdin().is_terminal() { + if !stdin_is_terminal { let mut buf = String::new(); let _ = std::io::Read::read_to_string(&mut std::io::stdin(), &mut buf); let piped = buf.trim().to_string(); @@ -1125,12 +1784,15 @@ fn parse_args(args: &[String]) -> Result { allowed_tools, permission_mode, output_format, - compact: false, + compact, base_commit, reasoning_effort, allow_broad_cwd, }); } + if compact { + return Err(compact_missing_argument_error()); + } // Non-TTY stdin with no piped content: refuse to start the interactive // REPL (it would block forever waiting for input that will never arrive). // (#696: emit a typed error instead of hanging indefinitely) @@ -1148,11 +1810,14 @@ fn parse_args(args: &[String]) -> Result { allow_broad_cwd, }); } + if let Some(action) = parse_local_help_action(&rest, output_format) { + return action; + } if rest.first().map(String::as_str) == Some("--resume") { return parse_resume_args(&rest[1..], output_format); } - if let Some(action) = parse_local_help_action(&rest, output_format) { - return action; + if rest.first().map(String::as_str) == Some("resume") { + return parse_resume_args(&rest[1..], output_format); } // #696: `claw compact` is the bare name of the interactive `/compact` // slash command, not a prompt. When extra args such as `--help` appear @@ -1180,6 +1845,11 @@ fn parse_args(args: &[String]) -> Result { // structurally without an earlier default-resolution load writing prose // warnings to stderr. let permission_mode = || permission_mode_override.unwrap_or_else(default_permission_mode); + let permission_mode_provenance = || { + permission_mode_override + .map(PermissionModeProvenance::from_flag) + .unwrap_or_else(permission_mode_provenance_for_current_dir) + }; match rest[0].as_str() { "dump-manifests" => parse_dump_manifests_args(&rest[1..], output_format), @@ -1290,10 +1960,23 @@ fn parse_args(args: &[String]) -> Result { "interactive_only: `claw ultraplan` is a slash command.\nStart `claw` and run `/ultraplan` inside the REPL." .to_string(), ), - "model" if rest.len() > 1 => Err( - "interactive_only: `claw model` is a slash command.\nStart `claw` and run `/model [model-name]` inside the REPL." - .to_string(), - ), + "model" | "models" => { + let tail = &rest[1..]; + let action = tail.first().cloned(); + if tail.len() > 1 { + return Err(format!( + "unexpected extra arguments after `claw {} {}`: {}\nUsage: claw {} [help] [--output-format json]", + rest[0], + tail[0], + tail[1..].join(" "), + rest[0] + )); + } + Ok(CliAction::Models { + action, + output_format, + }) + } // #771: usage/stats/fork are slash-only verbs with no multi-arg match arms "usage" => Err( "interactive_only: `claw usage` is a slash command.\nUse `claw --resume SESSION.jsonl /usage` or start `claw` and run `/usage`." @@ -1311,9 +1994,9 @@ fn parse_args(args: &[String]) -> Result { let args = join_optional_args(&rest[1..]); if let Some(action) = args.as_deref() { let first_word = action.split_whitespace().next().unwrap_or(action); - if matches!(first_word, "remove" | "add" | "uninstall" | "delete") { + if matches!(first_word, "add") { return Err(format!( - "unsupported skills action: {first_word}. Supported actions: list, install , help, or [args]" + "unsupported skills action: {first_word}. Supported actions: list, show , install , uninstall , help, or [args]" )); } } @@ -1335,6 +2018,25 @@ fn parse_args(args: &[String]) -> Result { }), } } + "settings" => { + let tail = &rest[1..]; + if tail.is_empty() { + Ok(CliAction::Config { + section: Some("settings".to_string()), + output_format, + }) + } else if tail.len() == 1 && matches!(tail[0].as_str(), "help" | "--help" | "-h") { + Ok(CliAction::HelpTopic { + topic: LocalHelpTopic::Settings, + output_format, + }) + } else { + Err(format!( + "unexpected extra arguments after `claw settings`: {}\nUsage: claw settings [help] [--output-format json]", + tail.join(" ") + )) + } + } "system-prompt" => parse_system_prompt_args(&rest[1..], model, output_format), "acp" => parse_acp_args(&rest[1..], output_format), "login" | "logout" => Err(removed_auth_surface_error(rest[0].as_str())), @@ -1350,10 +2052,37 @@ fn parse_args(args: &[String]) -> Result { } "export" => parse_export_args(&rest[1..], output_format), "prompt" => { - let prompt = rest[1..].join(" "); + let mut read_stdin = false; + let prompt_parts = rest[1..] + .iter() + .filter_map(|arg| { + if matches!(arg.as_str(), "--stdin" | "--prompt-stdin") { + read_stdin = true; + None + } else { + Some(arg.as_str()) + } + }) + .collect::>(); + let positional_prompt = prompt_parts.join(" "); + let stdin_prompt = if read_stdin || positional_prompt.trim().is_empty() { + read_piped_stdin() + } else { + None + }; + let prompt = if read_stdin { + merge_prompt_with_stdin(&positional_prompt, stdin_prompt.as_deref()) + } else { + stdin_prompt + .as_deref() + .map(str::trim) + .unwrap_or(&positional_prompt) + .to_string() + }; if prompt.trim().is_empty() { - // #750: provide error_kind-compatible prefix + \n for hint extraction - return Err("missing_prompt: prompt subcommand requires a prompt string.\nUsage: claw prompt or echo '' | claw".to_string()); + // #750/#823/#423: provide error_kind-compatible prefix + \n for hint extraction. + return Err("missing_prompt: prompt subcommand requires a prompt string. +Usage: claw prompt or echo '' | claw prompt".to_string()); } Ok(CliAction::Prompt { prompt, @@ -1372,20 +2101,24 @@ fn parse_args(args: &[String]) -> Result { model, output_format, allowed_tools, - permission_mode(), + permission_mode_provenance(), compact, base_commit, reasoning_effort, allow_broad_cwd, ), other => { - if rest.len() == 1 && looks_like_subcommand_typo(other) { - // #825: always emit a command_not_found error for - // single-word all-alpha/dash tokens that don't match any - // known subcommand — with or without close suggestions. - // Multi-word cases fall through to CliAction::Prompt so - // natural language prompts like `claw explain this` work. - // (#826 documents the multi-word gap as a known limitation.) + if !compact + && !other.starts_with('-') + && looks_like_subcommand_typo(other) + && (rest.len() == 1 + || (output_format == CliOutputFormat::Json && model_flag_raw.is_none())) + { + // #825/#826: emit command_not_found before provider startup for + // command-shaped tokens that do not match known subcommands. + // Text-mode multi-word prompt shorthand remains available, but + // JSON-mode automation must not turn an unknown command into a + // credential-gated prompt request. let mut message = format!("command_not_found: unknown subcommand: {other}."); if let Some(suggestions) = suggest_similar_subcommand(other) { if let Some(line) = render_suggestion_line("Did you mean", &suggestions) { @@ -1450,6 +2183,11 @@ fn parse_local_help_action( "system-prompt" => LocalHelpTopic::SystemPrompt, "dump-manifests" => LocalHelpTopic::DumpManifests, "bootstrap-plan" => LocalHelpTopic::BootstrapPlan, + "resume" | "--resume" => LocalHelpTopic::Resume, + "session" => LocalHelpTopic::Session, + "compact" => LocalHelpTopic::Compact, + "model" | "models" => LocalHelpTopic::Model, + "settings" => LocalHelpTopic::Settings, _ => return None, }; let has_non_help = rest[1..].iter().any(|a| !is_help_flag(a)); @@ -1510,11 +2248,16 @@ fn parse_single_word_command_alias( "system-prompt" => Some(LocalHelpTopic::SystemPrompt), "dump-manifests" => Some(LocalHelpTopic::DumpManifests), "bootstrap-plan" => Some(LocalHelpTopic::BootstrapPlan), + "resume" => Some(LocalHelpTopic::Resume), + "session" => Some(LocalHelpTopic::Session), + "compact" => Some(LocalHelpTopic::Compact), "agents" | "agent" => Some(LocalHelpTopic::Agents), "skills" | "skill" => Some(LocalHelpTopic::Skills), "plugins" | "plugin" | "marketplace" => Some(LocalHelpTopic::Plugins), "mcp" => Some(LocalHelpTopic::Mcp), "config" => Some(LocalHelpTopic::Config), + "model" | "models" => Some(LocalHelpTopic::Model), + "settings" => Some(LocalHelpTopic::Settings), "diff" => Some(LocalHelpTopic::Diff), _ => None, }; @@ -1559,11 +2302,16 @@ fn parse_single_word_command_alias( "system-prompt" => Some(LocalHelpTopic::SystemPrompt), "dump-manifests" => Some(LocalHelpTopic::DumpManifests), "bootstrap-plan" => Some(LocalHelpTopic::BootstrapPlan), + "resume" => Some(LocalHelpTopic::Resume), + "session" => Some(LocalHelpTopic::Session), + "compact" => Some(LocalHelpTopic::Compact), "agents" | "agent" => Some(LocalHelpTopic::Agents), "skills" | "skill" => Some(LocalHelpTopic::Skills), "plugins" | "plugin" | "marketplace" => Some(LocalHelpTopic::Plugins), "mcp" => Some(LocalHelpTopic::Mcp), "config" => Some(LocalHelpTopic::Config), + "model" | "models" => Some(LocalHelpTopic::Model), + "settings" => Some(LocalHelpTopic::Settings), "diff" => Some(LocalHelpTopic::Diff), _ => None, }; @@ -1587,12 +2335,19 @@ fn parse_single_word_command_alias( "status" => Some(Ok(CliAction::Status { model: model.to_string(), model_flag_raw: model_flag_raw.map(str::to_string), // #148 - permission_mode: permission_mode_override.unwrap_or_else(default_permission_mode), + permission_mode: permission_mode_override + .map(PermissionModeProvenance::from_flag) + .unwrap_or_else(permission_mode_provenance_for_current_dir), output_format, allowed_tools, })), "sandbox" => Some(Ok(CliAction::Sandbox { output_format })), - "doctor" => Some(Ok(CliAction::Doctor { output_format })), + "doctor" => Some(Ok(CliAction::Doctor { + output_format, + permission_mode: permission_mode_override + .map(PermissionModeProvenance::from_flag) + .unwrap_or_else(permission_mode_provenance_for_current_dir), + })), "state" => Some(Ok(CliAction::State { output_format })), // #146: let `config` and `diff` fall through to parse_subcommand // where they are wired as pure-local introspection, instead of @@ -1698,7 +2453,7 @@ fn parse_direct_slash_cli_action( model: String, output_format: CliOutputFormat, allowed_tools: Option, - permission_mode: PermissionMode, + permission_mode: PermissionModeProvenance, compact: bool, base_commit: Option, reasoning_effort: Option, @@ -1707,6 +2462,20 @@ fn parse_direct_slash_cli_action( let raw = rest.join(" "); match SlashCommand::parse(&raw) { Ok(Some(SlashCommand::Help)) => Ok(CliAction::Help { output_format }), + Ok(Some(SlashCommand::Status)) => Ok(CliAction::Status { + model, + model_flag_raw: None, + permission_mode, + output_format, + allowed_tools, + }), + Ok(Some(SlashCommand::Sandbox)) => Ok(CliAction::Sandbox { output_format }), + Ok(Some(SlashCommand::Diff)) => Ok(CliAction::Diff { output_format }), + Ok(Some(SlashCommand::Version)) => Ok(CliAction::Version { output_format }), + Ok(Some(SlashCommand::Doctor)) => Ok(CliAction::Doctor { + output_format, + permission_mode, + }), Ok(Some(SlashCommand::Agents { args })) => Ok(CliAction::Agents { args, output_format, @@ -1727,7 +2496,7 @@ fn parse_direct_slash_cli_action( model, output_format, allowed_tools, - permission_mode, + permission_mode: permission_mode.mode, compact, base_commit, reasoning_effort: reasoning_effort.clone(), @@ -1782,6 +2551,9 @@ fn parse_direct_slash_cli_action( } fn format_unknown_option(option: &str) -> String { + if option == "--" { + return "end_of_flags: `--` terminates flag parsing. Pass literal prompt text after it, for example `claw -- \"-literal prompt\"`.\nRun `claw --help` for usage.".to_string(); + } let mut message = format!("unknown option: {option}"); if let Some(suggestion) = suggest_closest_term(option, CLI_OPTION_SUGGESTIONS) { message.push_str("\nDid you mean "); @@ -1903,6 +2675,41 @@ fn suggest_similar_subcommand(input: &str) -> Option> { (!suggestions.is_empty()).then_some(suggestions) } +fn is_known_top_level_subcommand(value: &str) -> bool { + matches!( + value, + "help" + | "version" + | "status" + | "sandbox" + | "doctor" + | "state" + | "dump-manifests" + | "bootstrap-plan" + | "agents" + | "agent" + | "mcp" + | "skills" + | "skill" + | "plugins" + | "plugin" + | "marketplace" + | "system-prompt" + | "acp" + | "init" + | "export" + | "prompt" + | "resume" + | "session" + | "compact" + | "config" + | "model" + | "models" + | "settings" + | "diff" + ) +} + fn common_prefix_len(left: &str, right: &str) -> usize { left.chars() .zip(right.chars()) @@ -1968,7 +2775,7 @@ fn levenshtein_distance(left: &str, right: &str) -> usize { fn resolve_model_alias(model: &str) -> &str { match model { - "opus" => "anthropic/claude-opus-4-6", + "opus" => "anthropic/claude-opus-4-7", "sonnet" => "anthropic/claude-sonnet-4-6", "haiku" => "anthropic/claude-haiku-4-5-20251213", _ => model, @@ -2001,6 +2808,12 @@ fn validate_model_syntax(model: &str) -> Result<(), String> { trimmed )); } + if is_bare_provider_model(trimmed) { + return Ok(()); + } + if is_local_openai_model_syntax(trimmed) { + return Ok(()); + } // Check provider/model format: provider_id/model_id let parts: Vec<&str> = trimmed.split('/').collect(); if parts.len() != 2 || parts[0].is_empty() || parts[1].is_empty() { @@ -2027,6 +2840,17 @@ fn validate_model_syntax(model: &str) -> Result<(), String> { Ok(()) } +fn is_bare_provider_model(model: &str) -> bool { + model.starts_with("claude-") || model.starts_with("gpt-") +} + +fn is_local_openai_model_syntax(model: &str) -> bool { + if let Some(rest) = model.strip_prefix("local/") { + return !rest.is_empty() && rest.split('/').all(|segment| !segment.is_empty()); + } + std::env::var_os("OPENAI_BASE_URL").is_some() && (model.contains(':') || model.contains('.')) +} + fn config_alias_for_current_dir(alias: &str) -> Option { if alias.is_empty() { return None; @@ -2044,6 +2868,25 @@ fn normalize_allowed_tools(values: &[String]) -> Result, current_tool_registry()?.normalize_allowed_tools(values) } +fn allowed_tools_missing_error() -> String { + "missing_argument: --allowedTools requires a tool list before subcommands or flags.\nUsage: --allowedTools [,...] e.g. --allowedTools read,glob".to_string() +} + +fn compact_missing_argument_error() -> String { + "missing_argument: --compact requires prompt text, piped stdin, or a subcommand. argument: prompt or subcommand\nUsage: claw --compact or echo '' | claw --compact" + .to_string() +} + +fn allowed_tool_aliases_json(registry: &GlobalToolRegistry) -> Value { + Value::Object( + registry + .allowed_tool_aliases() + .into_iter() + .map(|(alias, canonical)| (alias, Value::String(canonical))) + .collect(), + ) +} + fn current_tool_registry() -> Result { let cwd = env::current_dir().map_err(|error| error.to_string())?; let loader = ConfigLoader::default_for(&cwd); @@ -2065,7 +2908,7 @@ fn parse_permission_mode_arg(value: &str) -> Result { normalize_permission_mode(value) .ok_or_else(|| { format!( - "invalid_flag_value: unsupported permission mode '{value}'.\nUsage: --permission-mode read-only|workspace-write|danger-full-access" + "invalid_permission_mode: unsupported permission mode '{value}'.\nUsage: --permission-mode read-only|workspace-write|danger-full-access" ) }) .map(permission_mode_from_label) @@ -2089,13 +2932,32 @@ fn permission_mode_from_resolved(mode: ResolvedPermissionMode) -> PermissionMode } fn default_permission_mode() -> PermissionMode { - env::var("RUSTY_CLAUDE_PERMISSION_MODE") + permission_mode_provenance_for_current_dir().mode +} + +fn permission_mode_provenance_for_current_dir() -> PermissionModeProvenance { + if let Some(mode) = env::var("RUSTY_CLAUDE_PERMISSION_MODE") .ok() .as_deref() .and_then(normalize_permission_mode) .map(permission_mode_from_label) - .or_else(config_permission_mode_for_current_dir) - .unwrap_or(PermissionMode::DangerFullAccess) + { + return PermissionModeProvenance { + mode, + source: PermissionModeSource::Env, + env_var: Some("RUSTY_CLAUDE_PERMISSION_MODE"), + }; + } + + if let Some(mode) = config_permission_mode_for_current_dir() { + return PermissionModeProvenance { + mode, + source: PermissionModeSource::Config, + env_var: None, + }; + } + + PermissionModeProvenance::default_fallback() } fn config_permission_mode_for_current_dir() -> Option { @@ -2114,21 +2976,47 @@ fn config_model_for_current_dir() -> Option { loader.load().ok()?.model().map(ToOwned::to_owned) } -fn resolve_repl_model(cli_model: String) -> String { - if cli_model != DEFAULT_MODEL { - return cli_model; - } - if let Some(env_model) = env::var("ANTHROPIC_MODEL") - .ok() - .map(|value| value.trim().to_string()) - .filter(|value| !value.is_empty()) - { - return resolve_model_alias_with_config(&env_model); - } - if let Some(config_model) = config_model_for_current_dir() { - return resolve_model_alias_with_config(&config_model); - } - cli_model +fn resolve_repl_model(cli_model: String) -> Result { + Ok(ModelProvenance::from_env_or_config_or_default(&cli_model)?.resolved) +} + +fn print_model_validation_warning_status( + error: &str, + usage: StatusUsage, + permission_mode: &str, + context: &StatusContext, + allowed_tools: Option<&AllowedToolSet>, +) -> Result<(), Box> { + let kind = classify_error_kind(error); + let (short_reason, inline_hint) = split_error_hint(error); + let hint = inline_hint.or_else(|| fallback_hint_for_error_kind(kind).map(String::from)); + let format_selection = current_output_format_selection(); + let mut value = status_json_value( + None, + usage, + permission_mode, + context, + None, + None, + allowed_tools, + Some(&format_selection), + ); + let object = value + .as_object_mut() + .expect("status_json_value should render an object"); + object.insert("status".to_string(), serde_json::json!("warn")); + object.insert("error_kind".to_string(), serde_json::json!(kind)); + object.insert( + "model_validation_error".to_string(), + serde_json::json!(short_reason), + ); + object.insert( + "model_validation_error_kind".to_string(), + serde_json::json!(kind), + ); + object.insert("model_validation_hint".to_string(), serde_json::json!(hint)); + println!("{}", serde_json::to_string_pretty(&value)?); + Ok(()) } fn provider_label(kind: ProviderKind) -> &'static str { @@ -2541,6 +3429,7 @@ impl DoctorReport { fn json_value(&self) -> Value { let report = self.render(); let (ok_count, warn_count, fail_count) = self.counts(); + let tool_registry = GlobalToolRegistry::builtin(); json!({ "kind": "doctor", "action": "doctor", @@ -2559,6 +3448,10 @@ impl DoctorReport { .iter() .map(DiagnosticCheck::json_value) .collect::>(), + "allowed_tools": { + "available": tool_registry.canonical_allowed_tool_names(), + "aliases": allowed_tool_aliases_json(&tool_registry), + }, }) } } @@ -2579,6 +3472,7 @@ fn render_diagnostic_check(check: &DiagnosticCheck) -> String { fn render_doctor_report( config_warning_mode: ConfigWarningMode, + permission_mode: PermissionModeProvenance, ) -> Result> { let cwd = env::current_dir()?; let config_loader = ConfigLoader::default_for(&cwd); @@ -2599,6 +3493,16 @@ fn render_doctor_report( config.as_ref().ok(), config.as_ref().err().map(ToString::to_string).as_deref(), ); + let memory_files = memory_file_summaries_for( + &cwd, + project_root.as_deref(), + &project_context.instruction_files, + ); + let mcp_validation = config + .as_ref() + .ok() + .map(|runtime_config| McpValidationSummary::from_collection(runtime_config.mcp())) + .unwrap_or_default(); let context = StatusContext { cwd: cwd.clone(), session_path: None, @@ -2608,6 +3512,12 @@ fn render_doctor_report( .map_or(0, |runtime_config| runtime_config.loaded_entries().len()), discovered_config_files: discovered_config.len(), memory_file_count: project_context.instruction_files.len(), + memory_files: memory_files.clone(), + unloaded_memory_files: unloaded_memory_candidates( + &cwd, + project_root.as_deref(), + &memory_files, + ), project_root, git_branch, git_summary, @@ -2616,29 +3526,40 @@ fn render_doctor_report( session_lifecycle: classify_session_lifecycle_for(&cwd), boot_preflight, sandbox_status: resolve_sandbox_status(sandbox_config.sandbox(), &cwd), + binary_provenance: binary_provenance_for(Some(&cwd)), // Doctor path has its own config check; StatusContext here is only // fed into health renderers that don't read config_load_error. config_load_error: config.as_ref().err().map(ToString::to_string), config_load_error_kind: None, + mcp_validation: mcp_validation.clone(), }; Ok(DoctorReport { checks: vec![ check_auth_health(), check_config_health(&config_loader, config.as_ref()), + check_mcp_validation_health(&mcp_validation), check_install_source_health(), check_workspace_health(&context), + check_memory_health(&context), check_boot_preflight_health(&context), check_sandbox_health(&context.sandbox_status), + check_permission_health(permission_mode), check_system_health(&cwd, config.as_ref().ok()), ], }) } -fn run_doctor(output_format: CliOutputFormat) -> Result<(), Box> { - let report = render_doctor_report(match output_format { - CliOutputFormat::Json => ConfigWarningMode::SuppressStderr, - CliOutputFormat::Text => ConfigWarningMode::EmitStderr, - })?; +fn run_doctor( + output_format: CliOutputFormat, + permission_mode: PermissionModeProvenance, +) -> Result<(), Box> { + let report = render_doctor_report( + match output_format { + CliOutputFormat::Json => ConfigWarningMode::SuppressStderr, + CliOutputFormat::Text => ConfigWarningMode::EmitStderr, + }, + permission_mode, + )?; let message = report.render(); match output_format { CliOutputFormat::Text => println!("{message}"), @@ -2877,8 +3798,14 @@ fn check_config_health( } details.push(format!( "MCP servers {}", - runtime_config.mcp().servers().len() + runtime_config.mcp().valid_count() )); + if runtime_config.mcp().invalid_count() > 0 { + details.push(format!( + "MCP invalid {}", + runtime_config.mcp().invalid_count() + )); + } if present_paths.is_empty() { details.push("Discovered files (defaults active)".to_string()); } else { @@ -2905,7 +3832,11 @@ fn check_config_health( ("resolved_model".to_string(), json!(runtime_config.model())), ( "mcp_servers".to_string(), - json!(runtime_config.mcp().servers().len()), + json!(runtime_config.mcp().valid_count()), + ), + ( + "mcp_invalid_servers".to_string(), + json!(runtime_config.mcp().invalid_count()), ), ])) } @@ -2937,6 +3868,118 @@ fn check_config_health( } } +fn check_mcp_validation_health(summary: &McpValidationSummary) -> DiagnosticCheck { + let mut details = vec![ + format!("Total entries {}", summary.total_configured), + format!("Valid entries {}", summary.valid_count), + format!("Invalid entries {}", summary.invalid_count()), + ]; + details.extend( + summary + .invalid_servers + .iter() + .map(|server| format!("Invalid server {} ({})", server.name, server.reason)), + ); + + DiagnosticCheck::new( + "MCP validation", + if summary.has_invalid_servers() { + DiagnosticLevel::Warn + } else { + DiagnosticLevel::Ok + }, + if summary.has_invalid_servers() { + format!( + "{} MCP server entries are invalid; {} valid entries remain loaded", + summary.invalid_count(), + summary.valid_count + ) + } else { + format!("{} MCP server entries validated", summary.valid_count) + }, + ) + .with_hint(if summary.has_invalid_servers() { + "Inspect `claw mcp list --output-format json` invalid_servers and fix each rejected mcpServers entry." + } else { + "" + }) + .with_details(details) + .with_data(Map::from_iter([ + ( + "total_configured".to_string(), + json!(summary.total_configured), + ), + ("valid_count".to_string(), json!(summary.valid_count)), + ("invalid_count".to_string(), json!(summary.invalid_count())), + ( + "invalid_servers".to_string(), + Value::Array(invalid_mcp_servers_json(&summary.invalid_servers)), + ), + ])) +} + +fn check_permission_health(permission_mode: PermissionModeProvenance) -> DiagnosticCheck { + let mode = permission_mode.mode.as_str(); + let source = permission_mode.source.as_str(); + let explicit = permission_mode.source.is_explicit(); + let warning = matches!(permission_mode.mode, PermissionMode::DangerFullAccess) && !explicit; + let message = if warning { + "running with full access without explicit opt-in" + } else if matches!(permission_mode.mode, PermissionMode::DangerFullAccess) { + "danger-full-access was explicitly selected" + } else if matches!(permission_mode.mode, PermissionMode::WorkspaceWrite) && !explicit { + "default permission mode is workspace-write" + } else { + "permission mode is explicitly bounded below danger-full-access" + }; + let source_detail = permission_mode.env_var.map_or_else( + || source.to_string(), + |env_var| format!("{source}:{env_var}"), + ); + let specs = mvp_tool_specs(); + let tools_satisfied = specs + .iter() + .filter(|spec| permission_mode.mode >= spec.required_permission) + .map(|spec| spec.name) + .collect::>(); + let tools_gated = specs + .iter() + .filter(|spec| permission_mode.mode < spec.required_permission) + .map(|spec| spec.name) + .collect::>(); + + DiagnosticCheck::new( + "Permissions", + if warning { + DiagnosticLevel::Warn + } else { + DiagnosticLevel::Ok + }, + message, + ) + .with_details(vec![ + format!("Mode {mode}"), + format!("Source {source_detail}"), + format!("Explicit opt-in {explicit}"), + format!("Tools allowed {}", tools_satisfied.join(", ")), + format!("Tools gated {}", tools_gated.join(", ")), + ]) + .with_hint(if warning { + "Use the workspace-write default, or pass --permission-mode danger-full-access / --dangerously-skip-permissions only when full filesystem, network, and command access is intentional." + } else { + "Use --permission-mode read-only|workspace-write|danger-full-access to make the runtime permission boundary explicit." + }) + .with_data(Map::from_iter([ + ("mode".to_string(), json!(mode)), + ("source".to_string(), json!(source)), + ("source_explicit".to_string(), json!(explicit)), + ("env_var".to_string(), json!(permission_mode.env_var)), + ("message".to_string(), json!(message)), + ("tools_satisfied".to_string(), json!(tools_satisfied)), + ("tools_gated".to_string(), json!(tools_gated)), + ])) +} + fn check_install_source_health() -> DiagnosticCheck { DiagnosticCheck::new( "Install source", @@ -3012,6 +4055,19 @@ fn check_workspace_health(context: &StatusContext) -> DiagnosticCheck { "Memory files {} · config files loaded {}/{}", context.memory_file_count, context.loaded_config_files, context.discovered_config_files ), + format!( + "Loaded memory {}", + if context.memory_files.is_empty() { + "".to_string() + } else { + context + .memory_files + .iter() + .map(|file| format!("{}:{}", file.source, file.path)) + .collect::>() + .join(", ") + } + ), format!( "Stale base {}", stale_base_warning.as_deref().unwrap_or("ok") @@ -3040,6 +4096,14 @@ fn check_workspace_health(context: &StatusContext) -> DiagnosticCheck { "memory_file_count".to_string(), json!(context.memory_file_count), ), + ( + "memory_files".to_string(), + Value::Array(memory_files_json(&context.memory_files)), + ), + ( + "unloaded_memory_files".to_string(), + json!(context.unloaded_memory_files), + ), ( "loaded_config_files".to_string(), json!(context.loaded_config_files), @@ -3055,6 +4119,62 @@ fn check_workspace_health(context: &StatusContext) -> DiagnosticCheck { ])) } +fn check_memory_health(context: &StatusContext) -> DiagnosticCheck { + let has_unloaded = !context.unloaded_memory_files.is_empty(); + let has_outside_project = context.memory_files.iter().any(|file| file.outside_project); + let mut details = vec![format!("Loaded files {}", context.memory_file_count)]; + details.extend(context.memory_files.iter().map(|file| { + format!( + "Loaded {} ({}, chars={})", + file.path, file.source, file.chars + ) + })); + details.extend( + context + .unloaded_memory_files + .iter() + .map(|path| format!("Unloaded {path}")), + ); + + DiagnosticCheck::new( + "Memory", + if has_unloaded || has_outside_project { + DiagnosticLevel::Warn + } else { + DiagnosticLevel::Ok + }, + if has_outside_project { + "memory files outside the current git project are loaded".to_string() + } else if has_unloaded { + "some workspace memory files exist but were not loaded".to_string() + } else { + format!("{} workspace memory files loaded", context.memory_file_count) + }, + ) + .with_hint(if has_outside_project { + "Inspect workspace.memory_files in `claw status --output-format json`; move unintended ancestor instructions inside the git project or run from the intended workspace root." + } else if has_unloaded { + "Move instructions into CLAUDE.md, CLAW.md, or AGENTS.md within the current workspace ancestry, or inspect workspace.memory_files in `claw status --output-format json`." + } else { + "" + }) + .with_details(details) + .with_data(Map::from_iter([ + ( + "memory_file_count".to_string(), + json!(context.memory_file_count), + ), + ( + "memory_files".to_string(), + Value::Array(memory_files_json(&context.memory_files)), + ), + ( + "unloaded_memory_files".to_string(), + json!(context.unloaded_memory_files), + ), + ])) +} + fn check_boot_preflight_health(context: &StatusContext) -> DiagnosticCheck { let preflight = &context.boot_preflight; let missing_binaries = preflight @@ -3229,10 +4349,27 @@ fn check_system_health(cwd: &Path, config: Option<&runtime::RuntimeConfig>) -> D format!("Version {}", VERSION), format!("Build target {}", BUILD_TARGET.unwrap_or("")), format!("Git SHA {}", GIT_SHA.unwrap_or("")), + format!( + "Output format env CLAW_OUTPUT_FORMAT={}", + env::var("CLAW_OUTPUT_FORMAT").unwrap_or_else(|_| "".to_string()) + ), + format!( + "Logging env CLAW_LOG={} RUST_LOG={}", + env::var("CLAW_LOG").unwrap_or_else(|_| "".to_string()), + env::var("RUST_LOG").unwrap_or_else(|_| "".to_string()) + ), ]; if let Some(model) = default_model { details.push(format!("Default model {model}")); } + let binary_provenance = binary_provenance_for(Some(cwd)); + details.push(format!( + "Binary provenance status={} workspace_match={}", + binary_provenance.status(), + binary_provenance + .workspace_match + .map_or_else(|| "unknown".to_string(), |matches| matches.to_string()) + )); DiagnosticCheck::new( "System", DiagnosticLevel::Ok, @@ -3246,7 +4383,17 @@ fn check_system_health(cwd: &Path, config: Option<&runtime::RuntimeConfig>) -> D ("version".to_string(), json!(VERSION)), ("build_target".to_string(), json!(BUILD_TARGET)), ("git_sha".to_string(), json!(GIT_SHA)), + ( + "binary_provenance".to_string(), + binary_provenance.json_value(), + ), ("default_model".to_string(), json!(default_model)), + ( + "claw_output_format".to_string(), + json!(env::var("CLAW_OUTPUT_FORMAT").ok()), + ), + ("claw_log".to_string(), json!(env::var("CLAW_LOG").ok())), + ("rust_log".to_string(), json!(env::var("RUST_LOG").ok())), ])) } @@ -3278,12 +4425,12 @@ fn dump_manifests( manifests_dir: Option<&Path>, output_format: CliOutputFormat, ) -> Result<(), Box> { - let workspace_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("../.."); + let workspace_dir = env::current_dir()?; dump_manifests_at_path(&workspace_dir, manifests_dir, output_format) } -const DUMP_MANIFESTS_OVERRIDE_HINT: &str = - "Hint: set CLAUDE_CODE_UPSTREAM=/path/to/upstream or pass `claw dump-manifests --manifests-dir /path/to/upstream`."; +const DUMP_MANIFESTS_USAGE_HINT: &str = + "Usage: claw dump-manifests [--manifests-dir ] [--output-format json]"; // Internal function for testing that accepts a workspace directory path. fn dump_manifests_at_path( @@ -3291,72 +4438,105 @@ fn dump_manifests_at_path( manifests_dir: Option<&Path>, output_format: CliOutputFormat, ) -> Result<(), Box> { - let paths = if let Some(dir) = manifests_dir { - let resolved = dir.canonicalize().unwrap_or_else(|_| dir.to_path_buf()); - UpstreamPaths::from_repo_root(resolved) - } else { - // Surface the resolved path in the error so users can diagnose missing - // manifest files without guessing what path the binary expected. - let resolved = workspace_dir - .canonicalize() - .unwrap_or_else(|_| workspace_dir.to_path_buf()); - UpstreamPaths::from_workspace_dir(&resolved) - }; + let discovery_root = manifests_dir.unwrap_or(workspace_dir); + let resolved_root = discovery_root + .canonicalize() + .unwrap_or_else(|_| discovery_root.to_path_buf()); - let source_root = paths.repo_root(); - if !source_root.exists() { + if !resolved_root.exists() { return Err(format!( - "Manifest source directory does not exist.\n looked in: {}\n {DUMP_MANIFESTS_OVERRIDE_HINT}", - source_root.display(), + "missing_manifests: manifest discovery directory does not exist.\n looked in: {}\n {DUMP_MANIFESTS_USAGE_HINT}", + resolved_root.display(), + ) + .into()); + } + if !resolved_root.is_dir() { + return Err(format!( + "missing_manifests: manifest discovery path is not a directory.\n looked in: {}\n {DUMP_MANIFESTS_USAGE_HINT}", + resolved_root.display(), ) .into()); } - let required_paths = [ - ("src/commands.ts", paths.commands_path()), - ("src/tools.ts", paths.tools_path()), - ("src/entrypoints/cli.tsx", paths.cli_path()), - ]; - let missing = required_paths - .iter() - .filter_map(|(label, path)| (!path.is_file()).then_some(*label)) - .collect::>(); - if !missing.is_empty() { - return Err(format!( - "Manifest source files are missing.\n repo root: {}\n missing: {}\n {DUMP_MANIFESTS_OVERRIDE_HINT}", - source_root.display(), - missing.join(", "), - ) - .into()); - } - - match extract_manifest(&paths) { - Ok(manifest) => { - match output_format { - CliOutputFormat::Text => { - println!("commands: {}", manifest.commands.entries().len()); - println!("tools: {}", manifest.tools.entries().len()); - println!("bootstrap phases: {}", manifest.bootstrap.phases().len()); - } - CliOutputFormat::Json => println!( - "{}", - serde_json::to_string_pretty(&json!({ - "kind": "dump-manifests", - "action": "dump", - "commands": manifest.commands.entries().len(), - "tools": manifest.tools.entries().len(), - "bootstrap_phases": manifest.bootstrap.phases().len(), - }))? - ), - } - Ok(()) + let manifest = build_rust_resolver_manifest(&resolved_root)?; + match output_format { + CliOutputFormat::Text => { + println!("Manifest Dump"); + println!(" Source rust-resolver"); + println!(" Workspace {}", resolved_root.display()); + println!(" Commands {}", manifest["commands"]); + println!(" Tools {}", manifest["tools"]); + println!(" Agents {}", manifest["agents"]); + println!(" Skills {}", manifest["skills"]); + println!(" Bootstrap phases {}", manifest["bootstrap_phases"]); } - Err(error) => Err(format!( - "failed to extract manifests: {error}\n looked in: {path}\n {DUMP_MANIFESTS_OVERRIDE_HINT}", - path = paths.repo_root().display() - ) - .into()), + CliOutputFormat::Json => println!("{}", serde_json::to_string_pretty(&manifest)?), } + Ok(()) +} + +fn build_rust_resolver_manifest(workspace_dir: &Path) -> Result> { + let command_entries = slash_command_specs() + .iter() + .map(|spec| { + json!({ + "name": spec.name, + "aliases": spec.aliases, + "summary": spec.summary, + "argument_hint": spec.argument_hint, + "resume_supported": spec.resume_supported, + "implemented": !STUB_COMMANDS.contains(&spec.name), + }) + }) + .collect::>(); + + let tool_entries = mvp_tool_specs() + .into_iter() + .map(|spec| { + json!({ + "name": spec.name, + "description": spec.description, + "required_permission": spec.required_permission.as_str(), + "input_schema": spec.input_schema, + }) + }) + .collect::>(); + + let agent_report = handle_agents_slash_command_json(None, workspace_dir)?; + let skill_report = handle_skills_slash_command_json(None, workspace_dir)?; + let agents = agent_report + .get("agents") + .and_then(Value::as_array) + .cloned() + .unwrap_or_default(); + let skills = skill_report + .get("skills") + .and_then(Value::as_array) + .cloned() + .unwrap_or_default(); + let bootstrap = runtime::BootstrapPlan::claude_code_default() + .phases() + .iter() + .map(|phase| format!("{phase:?}")) + .collect::>(); + + Ok(json!({ + "kind": "dump-manifests", + "action": "dump", + "status": "ok", + "source": "rust-resolver", + "workspace": workspace_dir.display().to_string(), + "commands": command_entries.len(), + "tools": tool_entries.len(), + "agents": agents.len(), + "skills": skills.len(), + "bootstrap_phases": bootstrap.len(), + "command_manifests": command_entries, + "tool_manifests": tool_entries, + "agent_manifests": agents, + "skill_manifests": skills, + "bootstrap_manifest": bootstrap, + })) } fn print_bootstrap_plan(output_format: CliOutputFormat) -> Result<(), Box> { @@ -3390,13 +4570,20 @@ fn print_system_prompt( model: &str, output_format: CliOutputFormat, ) -> Result<(), Box> { - let sections = load_system_prompt( + let (sections, project_context) = load_system_prompt_with_context( cwd, date, env::consts::OS, "unknown", model_family_identity_for(model), )?; + let (project_root, _) = + parse_git_status_metadata_for(&project_context.cwd, project_context.git_status.as_deref()); + let memory_files = memory_file_summaries_for( + &project_context.cwd, + project_root.as_deref(), + &project_context.instruction_files, + ); let message = sections.join( " @@ -3412,6 +4599,8 @@ fn print_system_prompt( "status": "ok", "message": message, "sections": sections, + "memory_file_count": memory_files.len(), + "memory_files": memory_files_json(&memory_files), }))? ), } @@ -3429,17 +4618,25 @@ fn print_version(output_format: CliOutputFormat) -> Result<(), Box serde_json::Value { - let executable_path = env::current_exe().ok().map(|p| p.display().to_string()); + let cwd = env::current_dir().ok(); + let binary_provenance = binary_provenance_for(cwd.as_deref()); json!({ "kind": "version", "action": "show", "status": "ok", - "message": render_version_report(), + "human_readable": render_version_report(), "version": VERSION, - "git_sha": GIT_SHA, - "target": BUILD_TARGET, - "build_date": DEFAULT_DATE, - "executable_path": executable_path, + "git_sha": binary_provenance.git_sha, + "git_sha_short": binary_provenance.git_sha_short, + "is_dirty": binary_provenance.is_dirty, + "branch": binary_provenance.branch, + "commit_date": binary_provenance.commit_date, + "commit_timestamp": binary_provenance.commit_timestamp, + "rustc_version": binary_provenance.rustc_version, + "target": binary_provenance.target, + "build_date": binary_provenance.build_date, + "executable_path": binary_provenance.executable_path, + "binary_provenance": binary_provenance.json_value(), }) } @@ -3457,6 +4654,7 @@ fn resume_session(session_path: &Path, commands: &[String], output_format: CliOu // #787: fall back to kind-derived hint when message has no \n delimiter let hint = inline_hint.or_else(|| fallback_hint_for_error_kind(kind).map(String::from)); + let sessions_dir = sessions_dir().ok().map(|path| path.display().to_string()); // #819: JSON mode resume errors go to stdout for parity with other // non-interactive command guards. println!( @@ -3469,6 +4667,7 @@ fn resume_session(session_path: &Path, commands: &[String], output_format: CliOu "error": short_reason, "exit_code": 1, "hint": hint, + "sessions_dir": sessions_dir, }) ); } else { @@ -3639,6 +4838,197 @@ struct ResumeCommandOutcome { json: Option, } +#[derive(Debug, Clone, PartialEq, Eq)] +struct MemoryFileSummary { + path: String, + source: String, + chars: usize, + origin: String, + scope_path: String, + outside_project: bool, + contributes: bool, +} + +impl MemoryFileSummary { + fn json_value(&self) -> serde_json::Value { + json!({ + "path": self.path, + "source": self.source, + "chars": self.chars, + "origin": self.origin, + "scope_path": self.scope_path, + "outside_project": self.outside_project, + "contributes": self.contributes, + }) + } +} + +#[derive(Debug, Clone, Default, PartialEq, Eq)] +struct McpValidationSummary { + total_configured: usize, + valid_count: usize, + invalid_servers: Vec, +} + +impl McpValidationSummary { + fn from_collection(collection: &McpConfigCollection) -> Self { + Self { + total_configured: collection.total_configured(), + valid_count: collection.valid_count(), + invalid_servers: collection.invalid_servers().to_vec(), + } + } + + fn invalid_count(&self) -> usize { + self.invalid_servers.len() + } + + fn has_invalid_servers(&self) -> bool { + !self.invalid_servers.is_empty() + } + + fn json_value(&self) -> serde_json::Value { + json!({ + "total_configured": self.total_configured, + "valid_count": self.valid_count, + "invalid_count": self.invalid_count(), + "invalid_servers": invalid_mcp_servers_json(&self.invalid_servers), + }) + } +} + +fn invalid_mcp_servers_json(invalid_servers: &[McpInvalidServerConfig]) -> Vec { + invalid_servers + .iter() + .map(|server| { + json!({ + "name": &server.name, + "scope": config_source_json_value(server.scope), + "path": server.path.display().to_string(), + "error_field": &server.error_field, + "reason": &server.reason, + "valid": false, + }) + }) + .collect() +} + +fn config_source_json_value(source: ConfigSource) -> serde_json::Value { + let id = match source { + ConfigSource::User => "user", + ConfigSource::Project => "project", + ConfigSource::Local => "local", + }; + json!({"id": id, "label": id}) +} + +fn memory_file_summaries_for( + cwd: &Path, + project_root: Option<&Path>, + files: &[ContextFile], +) -> Vec { + let cwd = cwd.canonicalize().unwrap_or_else(|_| cwd.to_path_buf()); + let project_root = + project_root.map(|path| path.canonicalize().unwrap_or_else(|_| path.to_path_buf())); + files + .iter() + .map(|file| { + let path = file + .path + .canonicalize() + .unwrap_or_else(|_| file.path.clone()); + let scope_path = memory_scope_path(&path); + let origin = memory_origin(&cwd, project_root.as_deref(), &scope_path); + let outside_project = project_root + .as_ref() + .is_some_and(|root| !path.starts_with(root)); + MemoryFileSummary { + path: file.path.display().to_string(), + source: file.source().to_string(), + origin: origin.to_string(), + scope_path: scope_path.display().to_string(), + chars: file.char_count(), + outside_project, + contributes: true, + } + }) + .collect() +} + +fn memory_scope_path(path: &Path) -> PathBuf { + let Some(parent) = path.parent() else { + return PathBuf::from("."); + }; + let parent_name = parent.file_name().and_then(|name| name.to_str()); + if matches!(parent_name, Some(".claw" | ".claude")) { + return parent.parent().unwrap_or(parent).to_path_buf(); + } + if matches!(parent_name, Some("rules" | "rules.local")) { + if let Some(grandparent) = parent.parent() { + if grandparent.file_name().and_then(|name| name.to_str()) == Some(".claw") { + return grandparent.parent().unwrap_or(grandparent).to_path_buf(); + } + } + } + parent.to_path_buf() +} + +fn memory_origin(cwd: &Path, project_root: Option<&Path>, scope_path: &Path) -> &'static str { + if scope_path == cwd { + return "workspace"; + } + if project_root.is_some_and(|root| !scope_path.starts_with(root)) { + return "outside_project"; + } + if let Some(home) = env::var_os("HOME").map(PathBuf::from) { + let home = home.canonicalize().unwrap_or(home); + if scope_path == home { + return "home"; + } + } + if cwd.parent().is_some_and(|parent| parent == scope_path) { + return "parent_dir"; + } + if cwd.starts_with(scope_path) { + return "ancestor"; + } + "workspace" +} + +fn memory_files_json(files: &[MemoryFileSummary]) -> Vec { + files.iter().map(MemoryFileSummary::json_value).collect() +} + +fn unloaded_memory_candidates( + cwd: &Path, + project_root: Option<&Path>, + files: &[MemoryFileSummary], +) -> Vec { + let mut loaded = files + .iter() + .map(|file| PathBuf::from(&file.path)) + .collect::>(); + loaded.sort(); + + let boundary = project_root.unwrap_or(cwd); + let mut missing = Vec::new(); + let mut cursor = Some(cwd); + while let Some(dir) = cursor { + for name in ["CLAW.md", "AGENTS.md"] { + let candidate = dir.join(name); + if candidate.is_file() && !loaded.iter().any(|path| path == &candidate) { + missing.push(candidate.display().to_string()); + } + } + if dir == boundary { + break; + } + cursor = dir.parent(); + } + missing.sort(); + missing.dedup(); + missing +} #[derive(Debug, Clone)] struct StatusContext { cwd: PathBuf, @@ -3646,6 +5036,8 @@ struct StatusContext { loaded_config_files: usize, discovered_config_files: usize, memory_file_count: usize, + memory_files: Vec, + unloaded_memory_files: Vec, project_root: Option, git_branch: Option, git_summary: GitWorkspaceSummary, @@ -3654,6 +5046,7 @@ struct StatusContext { session_lifecycle: SessionLifecycleSummary, boot_preflight: BootPreflightSnapshot, sandbox_status: runtime::SandboxStatus, + binary_provenance: BinaryProvenance, /// #143: when `.claw.json` (or another loaded config file) fails to parse, /// we capture the parse error here and still populate every field that /// doesn't depend on runtime config (workspace, git, sandbox defaults, @@ -3666,6 +5059,123 @@ struct StatusContext { /// readable string so downstream claws can switch on the kind token /// instead of regex-scraping the prose. config_load_error_kind: Option<&'static str>, + mcp_validation: McpValidationSummary, +} + +#[derive(Debug, Clone, PartialEq, Eq)] +struct BinaryProvenance { + git_sha: Option, + git_sha_short: Option, + is_dirty: bool, + branch: Option, + commit_date: String, + commit_timestamp: i64, + rustc_version: String, + target: Option, + build_date: String, + executable_path: Option, + workspace_git_sha: Option, + workspace_match: Option, + hint: Option, +} + +impl BinaryProvenance { + fn status(&self) -> &'static str { + if self.git_sha.is_some() { + "known" + } else { + "unknown" + } + } + + fn json_value(&self) -> serde_json::Value { + json!({ + "status": self.status(), + "git_sha": self.git_sha, + "git_sha_short": self.git_sha_short, + "is_dirty": self.is_dirty, + "branch": self.branch, + "commit_date": self.commit_date, + "commit_timestamp": self.commit_timestamp, + "rustc_version": self.rustc_version, + "target": self.target, + "build_date": self.build_date, + "executable_path": self.executable_path, + "workspace_git_sha": self.workspace_git_sha, + "workspace_match": self.workspace_match, + "hint": self.hint, + }) + } +} + +fn known_build_metadata(value: Option<&str>) -> Option { + let value = value?.trim(); + if value.is_empty() || value == "unknown" { + None + } else { + Some(value.to_string()) + } +} + +fn parse_build_bool(value: Option<&str>) -> bool { + value + .map(str::trim) + .is_some_and(|value| value.eq_ignore_ascii_case("true") || value == "1") +} + +fn parse_build_timestamp(value: Option<&str>) -> i64 { + value + .and_then(|value| value.trim().parse::().ok()) + .unwrap_or(0) +} + +fn binary_provenance_for(cwd: Option<&Path>) -> BinaryProvenance { + let git_sha = known_build_metadata(GIT_SHA); + let git_sha_short = known_build_metadata(GIT_SHA_SHORT).or_else(|| { + git_sha + .as_ref() + .map(|sha| sha.chars().take(12).collect::()) + }); + let target = known_build_metadata(BUILD_TARGET); + let workspace_git_sha = cwd.and_then(|cwd| { + run_git_capture_in(cwd, &["rev-parse", "HEAD"]) + .map(|sha| sha.trim().to_string()) + .filter(|sha| !sha.is_empty()) + }); + let workspace_match = git_sha + .as_deref() + .zip(workspace_git_sha.as_deref()) + .map(|(binary, workspace)| binary == workspace); + let hint = if git_sha.is_none() { + Some( + "Build metadata did not include a git SHA; rebuild from a git checkout before filing provenance-sensitive dogfood reports." + .to_string(), + ) + } else if workspace_match == Some(false) { + Some( + "The running binary was built from a different commit than the current workspace HEAD; rebuild or switch binaries before attributing behavior to this checkout." + .to_string(), + ) + } else { + None + }; + BinaryProvenance { + git_sha, + git_sha_short, + is_dirty: parse_build_bool(GIT_DIRTY), + branch: known_build_metadata(GIT_BRANCH), + commit_date: known_build_metadata(GIT_COMMIT_DATE).unwrap_or_else(|| "unknown".to_string()), + commit_timestamp: parse_build_timestamp(GIT_COMMIT_TIMESTAMP), + rustc_version: known_build_metadata(RUSTC_VERSION).unwrap_or_else(|| "unknown".to_string()), + target, + build_date: DEFAULT_DATE.to_string(), + executable_path: env::current_exe() + .ok() + .map(|path| path.display().to_string()), + workspace_git_sha, + workspace_match, + hint, + } } #[derive(Debug, Clone, PartialEq, Eq)] @@ -4559,6 +6069,7 @@ fn run_resume_command( default_permission_mode().as_str(), &context, None, // #148: resumed sessions don't have flag provenance + None, )), json: Some(status_json_value( session.model.as_deref(), @@ -4573,6 +6084,8 @@ fn run_resume_command( &context, None, // #148: resumed sessions don't have flag provenance None, + None, + None, )), }) } @@ -4746,6 +6259,7 @@ fn run_resume_command( "load_failures": payload.load_failures.len(), }, "config_load_error": payload.config_load_error, + "mcp_validation": payload.mcp_validation.json_value(), "plugins": payload.plugins, "load_failures": payload.load_failures, }); @@ -4761,7 +6275,10 @@ fn run_resume_command( }) } SlashCommand::Doctor => { - let report = render_doctor_report(ConfigWarningMode::EmitStderr)?; + let report = render_doctor_report( + ConfigWarningMode::EmitStderr, + permission_mode_provenance_for_current_dir(), + )?; Ok(ResumeCommandOutcome { session: session.clone(), message: Some(report.render()), @@ -4991,7 +6508,7 @@ fn run_repl( ) -> Result<(), Box> { enforce_broad_cwd_policy(allow_broad_cwd, CliOutputFormat::Text)?; run_stale_base_preflight(base_commit.as_deref()); - let resolved_model = resolve_repl_model(model); + let resolved_model = resolve_repl_model(model)?; let mut cli = LiveCli::new(resolved_model, true, allowed_tools, permission_mode)?; cli.set_reasoning_effort(reasoning_effort); let mut editor = @@ -6069,7 +7586,11 @@ impl LiveCli { SlashCommand::Doctor => { println!( "{}", - render_doctor_report(ConfigWarningMode::EmitStderr)?.render() + render_doctor_report( + ConfigWarningMode::EmitStderr, + permission_mode_provenance_for_current_dir(), + )? + .render() ); false } @@ -6154,6 +7675,7 @@ impl LiveCli { self.permission_mode.as_str(), &status_context(Some(&self.session.path)).expect("status context should load"), None, // #148: REPL /status doesn't carry flag provenance + None, ) ); } @@ -6444,8 +7966,8 @@ impl LiveCli { // Propagate ok:false → non-zero exit so automation callers // can rely on exit code instead of inspecting the envelope. // (#68: mcp error envelopes previously always exited 0.) - let is_error = value.get("ok").and_then(|v| v.as_bool()) == Some(false) - || value.get("status").and_then(|v| v.as_str()) == Some("error"); + let is_error = value.get("ok").and_then(serde_json::Value::as_bool) == Some(false) + || value.get("status").and_then(serde_json::Value::as_str) == Some("error"); println!("{}", serde_json::to_string_pretty(&value)?); if is_error { std::process::exit(1); @@ -6646,6 +8168,7 @@ impl LiveCli { "load_failures": payload.load_failures.len(), }, "config_load_error": payload.config_load_error, + "mcp_validation": payload.mcp_validation.json_value(), "plugins": filtered_plugins, "load_failures": payload.load_failures, }); @@ -7344,7 +8867,7 @@ fn render_repl_help() -> String { fn print_status_snapshot( model: &str, model_flag_raw: Option<&str>, - permission_mode: PermissionMode, + permission_mode: PermissionModeProvenance, output_format: CliOutputFormat, allowed_tools: Option<&AllowedToolSet>, ) -> Result<(), Box> { @@ -7359,23 +8882,36 @@ fn print_status_snapshot( // #148: resolve model provenance. If user passed --model, source is // "flag" with the raw input preserved. Otherwise probe env -> config // -> default and record the winning source. - let provenance = match model_flag_raw { - Some(raw) => ModelProvenance { - resolved: model.to_string(), - raw: Some(raw.to_string()), - source: ModelSource::Flag, - }, + let provenance_result = match model_flag_raw { + Some(raw) => Ok(ModelProvenance::from_flag(raw, model)), None => ModelProvenance::from_env_or_config_or_default(model), }; + let provenance = match provenance_result { + Ok(provenance) => provenance, + Err(error) => match output_format { + CliOutputFormat::Json => { + return print_model_validation_warning_status( + &error, + usage, + permission_mode.mode.as_str(), + &context, + allowed_tools, + ); + } + CliOutputFormat::Text => return Err(error.into()), + }, + }; + let format_selection = current_output_format_selection(); match output_format { CliOutputFormat::Text => println!( "{}", format_status_report( &provenance.resolved, usage, - permission_mode.as_str(), + permission_mode.mode.as_str(), &context, - Some(&provenance) + Some(&provenance), + Some(&permission_mode), ) ), CliOutputFormat::Json => println!( @@ -7383,10 +8919,12 @@ fn print_status_snapshot( serde_json::to_string_pretty(&status_json_value( Some(&provenance.resolved), usage, - permission_mode.as_str(), + permission_mode.mode.as_str(), &context, Some(&provenance), + Some(&permission_mode), allowed_tools, + Some(&format_selection), ))? ), } @@ -7404,7 +8942,9 @@ fn status_json_value( // that don't have provenance (legacy resume paths) pass None, in which // case both new fields are omitted. provenance: Option<&ModelProvenance>, + permission_provenance: Option<&PermissionModeProvenance>, allowed_tools: Option<&AllowedToolSet>, + format_selection: Option<&OutputFormatSelection>, ) -> serde_json::Value { // #143: top-level `status` marker so claws can distinguish // a clean run from a degraded run (config parse failed but other fields @@ -7416,6 +8956,14 @@ fn status_json_value( let degraded = context.config_load_error.is_some(); let model_source = provenance.map(|p| p.source.as_str()); let model_raw = provenance.and_then(|p| p.raw.clone()); + let model_alias_resolved_to = provenance.and_then(|p| p.alias_resolved_to.clone()); + let model_env_var = provenance.and_then(|p| p.env_var.clone()); + let permission_mode_source = permission_provenance.map(|p| p.source.as_str()); + let permission_mode_env_var = permission_provenance.and_then(|p| p.env_var); + let tool_registry = GlobalToolRegistry::builtin(); + let available_tool_names = tool_registry.canonical_allowed_tool_names(); + let tool_aliases = allowed_tool_aliases_json(&tool_registry); + let output_format_selection = format_selection.cloned().unwrap_or_default(); // #732: always emit an array (empty when unrestricted) so callers can do // `.allowed_tools.entries | length > 0` without a null-check first. let allowed_tool_entries = allowed_tools @@ -7424,18 +8972,29 @@ fn status_json_value( json!({ "kind": "status", "action": "show", - "status": if degraded { "degraded" } else { "ok" }, + "status": if degraded || context.mcp_validation.has_invalid_servers() { "degraded" } else { "ok" }, "config_load_error": context.config_load_error, "config_load_error_kind": context.config_load_error_kind, + "mcp_validation": context.mcp_validation.json_value(), "model": model, "model_source": model_source, "model_raw": model_raw, + "model_alias_resolved_to": model_alias_resolved_to, + "model_env_var": model_env_var, "permission_mode": permission_mode, + "permission_mode_source": permission_mode_source, + "permission_mode_env_var": permission_mode_env_var, "allowed_tools": { "source": if allowed_tools.is_some() { "flag" } else { "default" }, "restricted": allowed_tools.is_some(), "entries": allowed_tool_entries, + "available": available_tool_names, + "aliases": tool_aliases, }, + "format_source": output_format_selection.source.as_str(), + "format_raw": output_format_selection.raw, + "format_overridden": output_format_selection.overridden, + "binary_provenance": context.binary_provenance.json_value(), "usage": { "messages": usage.message_count, "turns": usage.turns, @@ -7481,6 +9040,9 @@ fn status_json_value( "loaded_config_files": context.loaded_config_files, "discovered_config_files": context.discovered_config_files, "memory_file_count": context.memory_file_count, + "memory_files": memory_files_json(&context.memory_files), + "unloaded_memory_files": context.unloaded_memory_files, + "mcp_validation": context.mcp_validation.json_value(), }, "sandbox": { "enabled": context.sandbox_status.enabled, @@ -7549,12 +9111,28 @@ fn status_context( runtime_config.as_ref().ok(), config_load_error.as_deref(), ); + let memory_files = memory_file_summaries_for( + &cwd, + project_root.as_deref(), + &project_context.instruction_files, + ); + let mcp_validation = runtime_config + .as_ref() + .ok() + .map(|runtime_config| McpValidationSummary::from_collection(runtime_config.mcp())) + .unwrap_or_default(); Ok(StatusContext { cwd: cwd.clone(), session_path: session_path.map(Path::to_path_buf), loaded_config_files, discovered_config_files, memory_file_count: project_context.instruction_files.len(), + memory_files: memory_files.clone(), + unloaded_memory_files: unloaded_memory_candidates( + &cwd, + project_root.as_deref(), + &memory_files, + ), project_root, git_branch, git_summary, @@ -7563,8 +9141,10 @@ fn status_context( session_lifecycle: classify_session_lifecycle_for(&cwd), boot_preflight, sandbox_status, + binary_provenance: binary_provenance_for(Some(&cwd)), config_load_error, config_load_error_kind, + mcp_validation, }) } @@ -7577,6 +9157,7 @@ fn format_status_report( // Callers without provenance (legacy resume paths) pass None and the // source line is omitted for backward compat. provenance: Option<&ModelProvenance>, + permission_provenance: Option<&PermissionModeProvenance>, ) -> String { // #143: if config failed to parse, surface a degraded banner at the top // of the text report so humans see the parse error before the body, while @@ -7598,17 +9179,38 @@ fn format_status_report( let model_source_line = provenance .map(|p| match &p.raw { Some(raw) if raw != model => { - format!("\n Model source {} (raw: {raw})", p.source.as_str()) + let env_suffix = p + .env_var + .as_deref() + .map_or(String::new(), |name| format!(" via {name}")); + format!( + "\n Model source {}{env_suffix} (raw: {raw}, alias: {model})", + p.source.as_str() + ) + } + Some(_) => { + let env_suffix = p + .env_var + .as_deref() + .map_or(String::new(), |name| format!(" via {name}")); + format!("\n Model source {}{env_suffix}", p.source.as_str()) } - Some(_) => format!("\n Model source {}", p.source.as_str()), None => format!("\n Model source {}", p.source.as_str()), }) .unwrap_or_default(); + let permission_source_line = permission_provenance + .map(|p| { + let env_suffix = p + .env_var + .map_or(String::new(), |name| format!(" via {name}")); + format!("\n Permission source {}{env_suffix}", p.source.as_str()) + }) + .unwrap_or_default(); blocks.extend([ format!( "{status_line} Model {model}{model_source_line} - Permission mode {permission_mode} + Permission mode {permission_mode}{permission_source_line} Messages {} Turns {} Estimated tokens {}", @@ -7647,6 +9249,7 @@ fn format_status_report( Boot preflight {} Config files loaded {}/{} Memory files {} + Loaded memory {} Suggested flow /status → /diff → /commit", context.cwd.display(), context @@ -7673,6 +9276,16 @@ fn format_status_report( context.loaded_config_files, context.discovered_config_files, context.memory_file_count, + if context.memory_files.is_empty() { + "".to_string() + } else { + context + .memory_files + .iter() + .map(|file| format!("{}:{}", file.source, file.path)) + .collect::>() + .join(", ") + }, ), format_sandbox_report(&context.sandbox_status), ]); @@ -7839,8 +9452,8 @@ fn render_help_topic(topic: LocalHelpTopic) -> String { .to_string(), LocalHelpTopic::Init => "Init Usage claw init [--output-format ] - Purpose create .claw/, .claw.json, .gitignore, and CLAUDE.md in the current project - Output list of created vs. skipped files (idempotent: safe to re-run) + Purpose create .claw/settings.json, .claw.json, .gitignore, and CLAUDE.md in the current project + Output per-artifact created/updated/partial/deferred/skipped status (idempotent: safe to re-run) Formats text (default), json Related claw status · claw doctor" .to_string(), @@ -7854,6 +9467,25 @@ fn render_help_topic(topic: LocalHelpTopic) -> String { Exit codes 0 if state file exists and parses; 1 with actionable hint otherwise Related claw status · ROADMAP #139 (this worker-concept contract)" .to_string(), + LocalHelpTopic::Resume => format!( + "Resume\n Usage claw resume [session-path|session-id|{LATEST_SESSION_REFERENCE}] [/slash-command ...] [--output-format ]\n Alias claw --resume [session-path|session-id|{LATEST_SESSION_REFERENCE}]\n Purpose restore or inspect a saved session without starting a new provider turn\n Output session restore or resume-safe command output; missing sessions return session_not_found\n Formats text (default), json\n Related /resume · /session list · claw --resume {LATEST_SESSION_REFERENCE} /status" + ), + LocalHelpTopic::Session => "Session + Usage claw session --help [--output-format ] + Purpose show /session command guidance without loading config, credentials, or a session + Actions list · exists · switch · fork · delete + Direct use run /session in the REPL or claw --resume SESSION.jsonl /session + Formats text (default), json + Related claw resume · claw export · .claw/sessions/" + .to_string(), + LocalHelpTopic::Compact => "Compact + Usage claw compact --help [--output-format ] + Purpose show compaction guidance without loading config, credentials, or a session + Direct use run /compact in the REPL or claw --resume SESSION.jsonl /compact + Output compaction removes older tool-detail messages when the selected session is large enough + Formats text (default), json + Related claw resume · /compact · /status" + .to_string(), LocalHelpTopic::Export => "Export Usage claw export [--session ] [--output ] [--output-format ] Purpose serialize a managed session to JSON for review, transfer, or archival @@ -7917,6 +9549,21 @@ fn render_help_topic(topic: LocalHelpTopic) -> String { Formats text (default), json Related /config · claw doctor" .to_string(), + LocalHelpTopic::Model => "Models + Usage claw models [help] [--output-format ] + Aliases claw model + Purpose show bounded local model command guidance without entering the REPL + Output supported model-selection surfaces and current config model value + Formats text (default), json + Related /model · claw config model · claw status" + .to_string(), + LocalHelpTopic::Settings => "Settings + Usage claw settings [help] [--output-format ] + Purpose show effective settings/config using the local config envelope + Output same as claw config settings; no provider request or session resume required + Formats text (default), json + Related claw config · claw doctor" + .to_string(), LocalHelpTopic::Diff => "Diff Usage claw diff [--output-format ] Purpose show the diff of changes relative to the expected base commit @@ -7934,6 +9581,9 @@ fn local_help_topic_command(topic: LocalHelpTopic) -> &'static str { LocalHelpTopic::Acp => "acp", LocalHelpTopic::Init => "init", LocalHelpTopic::State => "state", + LocalHelpTopic::Resume => "resume", + LocalHelpTopic::Session => "session", + LocalHelpTopic::Compact => "compact", LocalHelpTopic::Export => "export", LocalHelpTopic::Version => "version", LocalHelpTopic::SystemPrompt => "system-prompt", @@ -7944,10 +9594,77 @@ fn local_help_topic_command(topic: LocalHelpTopic) -> &'static str { LocalHelpTopic::Plugins => "plugins", LocalHelpTopic::Mcp => "mcp", LocalHelpTopic::Config => "config", + LocalHelpTopic::Model => "models", + LocalHelpTopic::Settings => "settings", LocalHelpTopic::Diff => "diff", } } +fn print_models( + action: Option<&str>, + output_format: CliOutputFormat, +) -> Result<(), Box> { + let help_requested = action.is_some_and(|value| matches!(value, "help" | "--help" | "-h")); + if help_requested { + return print_help_topic(LocalHelpTopic::Model, output_format); + } + if let Some(action) = action { + return Err(format!( + "unsupported_models_action: unsupported models action: {action}.\nUsage: claw models [help] [--output-format json]" + ) + .into()); + } + + let configured_model = config_model_for_current_dir(); + let resolved_config_model = configured_model + .as_deref() + .map(resolve_model_alias_with_config); + + match output_format { + CliOutputFormat::Text => { + println!("Models"); + println!(" Default {DEFAULT_MODEL}"); + println!(" Built-in aliases opus, sonnet, haiku"); + if let Some(raw) = configured_model.as_deref() { + println!( + " Config model {raw}{}", + resolved_config_model + .as_deref() + .filter(|resolved| *resolved != raw) + .map(|resolved| format!(" -> {resolved}")) + .unwrap_or_default() + ); + } else { + println!(" Config model "); + } + println!(" Usage claw --model prompt "); + } + CliOutputFormat::Json => { + println!( + "{}", + serde_json::to_string_pretty(&json!({ + "kind": "models", + "action": "list", + "status": "ok", + "default_model": DEFAULT_MODEL, + "aliases": [ + {"name": "opus", "model": resolve_model_alias("opus")}, + {"name": "sonnet", "model": resolve_model_alias("sonnet")}, + {"name": "haiku", "model": resolve_model_alias("haiku")} + ], + "configured_model": configured_model, + "resolved_configured_model": resolved_config_model, + "local_only": true, + "requires_credentials": false, + "requires_provider_request": false, + "message": "Use --model or configure a model in claw settings." + }))? + ); + } + } + Ok(()) +} + fn render_export_help_json() -> serde_json::Value { json!({ "kind": "help", @@ -8002,15 +9719,15 @@ fn render_doctor_help_json() -> serde_json::Value { "command": "doctor", "schema_version": "1.0", "usage": "claw doctor [--output-format ]", - "purpose": "diagnose local auth, config, workspace, sandbox, boot preflight, and build metadata", + "purpose": "diagnose local auth, config, workspace memory, permissions, sandbox, boot preflight, and build metadata", "formats": ["text", "json"], "local_only": true, "requires_credentials": false, "requires_provider_request": false, "requires_session_resume": false, "mutates_workspace": false, - "output_fields": ["kind", "action", "status", "message", "report", "has_failures", "summary", "checks"], - "check_names": ["auth", "config", "install source", "workspace", "boot preflight", "sandbox", "system"], + "output_fields": ["kind", "action", "status", "message", "report", "has_failures", "summary", "checks", "allowed_tools"], + "check_names": ["auth", "config", "mcp validation", "install source", "workspace", "memory", "boot preflight", "sandbox", "permissions", "system"], "status_values": ["ok", "warn", "fail"], "options": [ { @@ -8185,24 +9902,29 @@ fn render_config_report(section: Option<&str>) -> Result runtime_config.get("env"), - "hooks" => runtime_config.get("hooks"), - "model" => runtime_config.get("model"), + let rendered = match section { + "env" => runtime_config.get("env").map(|value| value.render()), + "hooks" => runtime_config.get("hooks").map(|value| value.render()), + "model" => runtime_config.get("model").map(|value| value.render()), "plugins" => runtime_config .get("plugins") - .or_else(|| runtime_config.get("enabledPlugins")), + .or_else(|| runtime_config.get("enabledPlugins")) + .map(|value| value.render()), "mcp" | "mcp_servers" | "mcpServers" => runtime_config .get("mcp") .or_else(|| runtime_config.get("mcp_servers")) - .or_else(|| runtime_config.get("mcpServers")), - "sandbox" => runtime_config.get("sandbox"), - "permissions" => runtime_config.get("permissions"), - "skills" => runtime_config.get("skills"), - "agents" => runtime_config.get("agents"), + .or_else(|| runtime_config.get("mcpServers")) + .map(|value| value.render()), + "sandbox" => runtime_config.get("sandbox").map(|value| value.render()), + "permissions" => runtime_config + .get("permissions") + .map(|value| value.render()), + "skills" => runtime_config.get("skills").map(|value| value.render()), + "agents" => runtime_config.get("agents").map(|value| value.render()), + "settings" => Some(runtime_config.as_json().render()), other => { lines.push(format!( - " Unsupported config section '{other}'. Use: env, hooks, model, plugins, mcp, sandbox, permissions, skills, or agents." + " Unsupported config section '{other}'. Use: env, hooks, model, plugins, mcp, sandbox, permissions, skills, agents, or settings." )); return Ok(lines.join( " @@ -8212,10 +9934,7 @@ fn render_config_report(section: Option<&str>) -> Result value.render(), - None => "".to_string(), - } + rendered.unwrap_or_else(|| "".to_string()) )); return Ok(lines.join( " @@ -8236,38 +9955,28 @@ fn render_config_json( ) -> Result> { let cwd = env::current_dir()?; let loader = ConfigLoader::default_for(&cwd); - let discovered = loader.discover(); - // #773: use load_collecting_warnings so deprecation warnings are surfaced in the - // JSON envelope instead of only as unstructured stderr text. - let (runtime_config, config_warnings) = loader.load_collecting_warnings()?; - - let loaded_paths: Vec<_> = runtime_config - .loaded_entries() + // #773: keep deprecation warnings in the JSON envelope, and #407: include + // per-file status/reason/detail for every discovered config path. + let inspection = loader.inspect_collecting_warnings(); + if section.is_some() { + if let Some(error) = &inspection.load_error { + return Err(error.clone().into()); + } + } + let runtime_config = inspection + .runtime_config + .clone() + .unwrap_or_else(runtime::RuntimeConfig::empty); + let loaded_files = runtime_config.loaded_entries().len(); + let merged_keys = runtime_config.merged().len(); + let files: Vec<_> = inspection + .files .iter() - .map(|e| e.path.display().to_string()) + .map(config_file_report_json) .collect(); - let files: Vec<_> = discovered - .iter() - .map(|e| { - let source = match e.source { - ConfigSource::User => "user", - ConfigSource::Project => "project", - ConfigSource::Local => "local", - }; - let is_loaded = runtime_config - .loaded_entries() - .iter() - .any(|le| le.path == e.path); - serde_json::json!({ - "path": e.path.display().to_string(), - "source": source, - "loaded": is_loaded, - }) - }) - .collect(); - - let warnings_json: Vec = config_warnings + let warnings_json: Vec = inspection + .warnings .iter() .map(|w| serde_json::Value::String(w.clone())) .collect(); @@ -8275,14 +9984,15 @@ fn render_config_json( let base = serde_json::json!({ "kind": "config", "action": if section.is_some() { "show" } else { "list" }, - "status": "ok", + "status": if inspection.load_error.is_some() { "error" } else { "ok" }, "cwd": cwd.display().to_string(), - "loaded_files": loaded_paths.len(), - "merged_keys": runtime_config.merged().len(), + "loaded_files": loaded_files, + "merged_keys": merged_keys, + "merged_key_count": merged_keys, + "merged_keys_meaning": "count of top-level keys in the effective merged JSON object", "files": files, - // #773: deprecation warnings surfaced structurally so JSON-mode callers - // don't need to strip unstructured text from stderr "warnings": warnings_json, + "load_error": inspection.load_error.clone(), }); if let Some(section) = section { @@ -8305,16 +10015,17 @@ fn render_config_json( "permissions" => runtime_config.get("permissions").map(|v| v.render()), "skills" => runtime_config.get("skills").map(|v| v.render()), "agents" => runtime_config.get("agents").map(|v| v.render()), + "settings" => Some(runtime_config.as_json().render()), other => { // #741: populate hint field for unsupported section errors so callers reading // .hint get actionable guidance instead of null let hint = if matches!(other, "list" | "show" | "help" | "info") { format!( - "'claw config {other}' is not a subcommand. To list all config: `claw config`. To inspect a section: `claw config
` where section is one of: env, hooks, model, plugins, mcp, sandbox, permissions, skills, agents." + "'claw config {other}' is not a subcommand. To list all config: `claw config`. To inspect a section: `claw config
` where section is one of: env, hooks, model, plugins, mcp, sandbox, permissions, skills, agents, settings." ) } else { format!( - "'{other}' is not a config section. Supported: env, hooks, model, plugins, mcp, sandbox, permissions, skills, agents." + "'{other}' is not a config section. Supported: env, hooks, model, plugins, mcp, sandbox, permissions, skills, agents, settings." ) }; return Ok(serde_json::json!({ @@ -8324,12 +10035,12 @@ fn render_config_json( "error_kind": "unsupported_config_section", "section": other, "ok": false, - "error": format!("Unsupported config section '{other}'. Use: env, hooks, model, plugins, mcp, sandbox, permissions, skills, or agents."), + "error": format!("Unsupported config section '{other}'. Use: env, hooks, model, plugins, mcp, sandbox, permissions, skills, agents, or settings."), "hint": hint, - "supported_sections": ["env", "hooks", "model", "plugins", "mcp", "sandbox", "permissions", "skills", "agents"], + "supported_sections": ["env", "hooks", "model", "plugins", "mcp", "sandbox", "permissions", "skills", "agents", "settings"], "cwd": cwd.display().to_string(), - "loaded_files": loaded_paths.len(), - "files": files, + "loaded_files": loaded_files, + "files": base["files"].clone(), })); } }; @@ -8352,6 +10063,69 @@ fn render_config_json( Ok(base) } +fn config_file_report_json(file: &ConfigFileReport) -> serde_json::Value { + let source = match file.entry.source { + ConfigSource::User => "user", + ConfigSource::Project => "project", + ConfigSource::Local => "local", + }; + let mut object = serde_json::Map::new(); + object.insert( + "path".to_string(), + serde_json::Value::String(file.entry.path.display().to_string()), + ); + object.insert( + "source".to_string(), + serde_json::Value::String(source.to_string()), + ); + object.insert("loaded".to_string(), serde_json::Value::Bool(file.loaded)); + object.insert( + "precedence_rank".to_string(), + serde_json::Value::Number(serde_json::Number::from(file.precedence_rank)), + ); + object.insert( + "wins_for_keys".to_string(), + serde_json::Value::Array( + file.wins_for_keys + .iter() + .cloned() + .map(serde_json::Value::String) + .collect(), + ), + ); + object.insert( + "shadowed_keys".to_string(), + serde_json::Value::Array( + file.shadowed_keys + .iter() + .cloned() + .map(serde_json::Value::String) + .collect(), + ), + ); + object.insert( + "status".to_string(), + serde_json::Value::String(file.status.as_str().to_string()), + ); + if let Some(reason) = &file.reason { + object.insert( + "reason".to_string(), + serde_json::Value::String(reason.clone()), + ); + object.insert( + "skip_reason".to_string(), + serde_json::Value::String(reason.clone()), + ); + } + if let Some(detail) = &file.detail { + object.insert( + "detail".to_string(), + serde_json::Value::String(detail.clone()), + ); + } + serde_json::Value::Object(object) +} + fn render_memory_report() -> Result> { let cwd = env::current_dir()?; let project_context = ProjectContext::discover(&cwd, DEFAULT_DATE)?; @@ -8365,7 +10139,7 @@ fn render_memory_report() -> Result> { if project_context.instruction_files.is_empty() { lines.push("Discovered files".to_string()); lines.push( - " No CLAUDE instruction files discovered in the current directory ancestry." + " No CLAUDE.md, CLAW.md, AGENTS.md, or scoped instruction files discovered in the current directory ancestry." .to_string(), ); } else { @@ -8379,8 +10153,10 @@ fn render_memory_report() -> Result> { }; lines.push(format!(" {}. {}", index + 1, file.path.display(),)); lines.push(format!( - " lines={} preview={}", + " source={} lines={} chars={} preview={}", + file.source(), file.content.lines().count(), + file.char_count(), preview )); } @@ -8441,10 +10217,12 @@ fn init_json_value(report: &crate::init::InitReport, message: &str) -> serde_jso // Derive top-level status: "ok" when all artifacts succeeded (created or // skipped = idempotent); no failure path exists today so always "ok". let status = "ok"; - // #783: already_initialized lets orchestrators detect the idempotent case - // without checking created.len() == 0; hint gives a stable next-action pointer. + // #783/#436: already_initialized lets orchestrators detect the idempotent + // case without checking every status bucket; deferred session storage does + // not make the workspace uninitialized because it is created on first save. let already_initialized = report.artifacts_with_status(InitStatus::Created).is_empty() - && report.artifacts_with_status(InitStatus::Updated).is_empty(); + && report.artifacts_with_status(InitStatus::Updated).is_empty() + && report.artifacts_with_status(InitStatus::Partial).is_empty(); let hint = if already_initialized { "Workspace already initialised. Run `claw doctor` to verify health, or edit CLAUDE.md to customise guidance." } else { @@ -8459,6 +10237,8 @@ fn init_json_value(report: &crate::init::InitReport, message: &str) -> serde_jso "created": report.artifacts_with_status(InitStatus::Created), "updated": report.artifacts_with_status(InitStatus::Updated), "skipped": report.artifacts_with_status(InitStatus::Skipped), + "partial": report.artifacts_with_status(InitStatus::Partial), + "deferred": report.artifacts_with_status(InitStatus::Deferred), "artifacts": report.artifact_json_entries(), "hint": hint, "next_step": crate::init::InitReport::NEXT_STEP, @@ -8468,9 +10248,11 @@ fn init_json_value(report: &crate::init::InitReport, message: &str) -> serde_jso fn normalize_permission_mode(mode: &str) -> Option<&'static str> { match mode.trim() { - "read-only" => Some("read-only"), - "workspace-write" => Some("workspace-write"), - "danger-full-access" => Some("danger-full-access"), + "default" | "plan" | "read-only" => Some("read-only"), + "acceptEdits" | "auto" | "workspace-write" => Some("workspace-write"), + "dontAsk" | "bypassPermissions" | "dangerFullAccess" | "danger-full-access" => { + Some("danger-full-access") + } _ => None, } } @@ -8487,8 +10269,7 @@ fn render_diff_report_for(cwd: &Path) -> Result Result bool { Command::new("which") .arg(name) .output() - .map(|output| output.status.success()) - .unwrap_or(false) + .is_ok_and(|output| output.status.success()) } fn write_temp_text_file( @@ -8949,10 +10728,12 @@ fn parse_titled_body(value: &str) -> Option<(String, String)> { } fn render_version_report() -> String { - let git_sha = GIT_SHA.unwrap_or("unknown"); + let git_sha = GIT_SHA_SHORT.or(GIT_SHA).unwrap_or("unknown"); let target = BUILD_TARGET.unwrap_or("unknown"); + let branch = GIT_BRANCH.unwrap_or("unknown"); + let dirty = GIT_DIRTY.unwrap_or("unknown"); format!( - "Claw Code\n Version {VERSION}\n Git SHA {git_sha}\n Target {target}\n Build date {DEFAULT_DATE}" + "Claw Code\n Version {VERSION}\n Git SHA {git_sha}\n Branch {branch}\n Dirty {dirty}\n Target {target}\n Build date {DEFAULT_DATE}" ) } @@ -9044,6 +10825,52 @@ fn resolve_export_path( Ok(cwd.join(final_name)) } +fn validate_export_output_path(path: Option<&Path>) -> Result<(), InvalidOutputPathError> { + let Some(path) = path else { + return Ok(()); + }; + let raw = path.to_string_lossy(); + if raw.trim().is_empty() { + return Err(InvalidOutputPathError::new( + raw.to_string(), + InvalidOutputPathReason::Empty, + )); + } + if matches!(fs::metadata(path), Ok(metadata) if metadata.is_dir()) { + return Err(InvalidOutputPathError::new( + raw.to_string(), + InvalidOutputPathReason::PathIsDirectory, + )); + } + if let Some(parent) = path + .parent() + .filter(|parent| !parent.as_os_str().is_empty()) + { + match fs::metadata(parent) { + Ok(metadata) if metadata.is_dir() => {} + Ok(_) => { + return Err(InvalidOutputPathError::new( + raw.to_string(), + InvalidOutputPathReason::ParentNotADirectory, + )); + } + Err(error) if error.kind() == io::ErrorKind::NotFound => { + return Err(InvalidOutputPathError::new( + raw.to_string(), + InvalidOutputPathReason::ParentNotFound, + )); + } + Err(_) => { + return Err(InvalidOutputPathError::new( + raw.to_string(), + InvalidOutputPathReason::ParentNotFound, + )); + } + } + } + Ok(()) +} + const SESSION_MARKDOWN_TOOL_SUMMARY_LIMIT: usize = 280; fn summarize_tool_payload_for_markdown(payload: &str) -> String { @@ -9062,6 +10889,7 @@ fn run_export( output_path: Option<&Path>, output_format: CliOutputFormat, ) -> Result<(), Box> { + validate_export_output_path(output_path)?; let (handle, session) = load_session_reference(session_reference)?; let markdown = render_session_markdown(&session, &handle.id, &handle.path); @@ -9229,6 +11057,7 @@ struct PluginsCommandPayload { reload_runtime: bool, status: &'static str, config_load_error: Option, + mcp_validation: McpValidationSummary, plugins: Vec, load_failures: Vec, } @@ -9241,9 +11070,16 @@ fn plugins_command_payload_for( ) -> Result> { let loader = ConfigLoader::default_for(cwd); let loaded_config = load_config_with_warning_mode(&loader, config_warning_mode); - let (runtime_config, config_load_error) = match loaded_config { - Ok(runtime_config) => (runtime_config, None), - Err(error) => (runtime::RuntimeConfig::empty(), Some(error.to_string())), + let (runtime_config, config_load_error, mcp_validation) = match loaded_config { + Ok(runtime_config) => { + let mcp_validation = McpValidationSummary::from_collection(runtime_config.mcp()); + (runtime_config, None, mcp_validation) + } + Err(error) => ( + runtime::RuntimeConfig::empty(), + Some(error.to_string()), + McpValidationSummary::default(), + ), }; let mut manager = build_plugin_manager(cwd, &loader, &runtime_config); let result = handle_plugins_slash_command(action, target, &mut manager)?; @@ -9251,6 +11087,7 @@ fn plugins_command_payload_for( Ok(plugins_command_payload_from_result( result, config_load_error, + mcp_validation, &report, )) } @@ -9258,10 +11095,14 @@ fn plugins_command_payload_for( fn plugins_command_payload_from_result( result: PluginsCommandResult, config_load_error: Option, + mcp_validation: McpValidationSummary, report: &plugins::PluginRegistryReport, ) -> PluginsCommandPayload { let failures = report.failures(); - let status = if config_load_error.is_some() || !failures.is_empty() { + let status = if config_load_error.is_some() + || mcp_validation.has_invalid_servers() + || !failures.is_empty() + { "degraded" } else { "ok" @@ -9271,6 +11112,11 @@ fn plugins_command_payload_from_result( "Config load error\n Status fail\n Summary runtime config failed to load; reporting partial plugins view\n Details {error}\n Hint `claw doctor` classifies config parse errors; fix the listed field and rerun\n\n{}", result.message ), + None if mcp_validation.has_invalid_servers() => format!( + "MCP validation\n Status warn\n Summary {} MCP server entries are invalid; reporting plugins with valid MCP siblings only\n Hint Inspect `claw mcp list --output-format json` invalid_servers and fix each rejected mcpServers entry.\n\n{}", + mcp_validation.invalid_count(), + result.message + ), None => result.message, }; PluginsCommandPayload { @@ -9278,6 +11124,7 @@ fn plugins_command_payload_from_result( reload_runtime: result.reload_runtime, status, config_load_error, + mcp_validation, plugins: report.summaries().iter().map(plugin_summary_json).collect(), load_failures: failures.iter().map(plugin_load_failure_json).collect(), } @@ -11204,7 +13051,7 @@ impl ToolExecutor for CliToolExecutor { if self .allowed_tools .as_ref() - .is_some_and(|allowed| !allowed.contains(tool_name)) + .is_some_and(|allowed| !allowed.contains(&canonical_allowed_tool_name(tool_name))) { return Err(ToolError::new(format!( "tool `{tool_name}` is not enabled by the current --allowedTools setting" @@ -11323,14 +13170,21 @@ fn print_help_to(out: &mut impl Write) -> io::Result<()> { writeln!(out, " Start the interactive REPL")?; writeln!( out, - " claw [--model MODEL] [--output-format text|json] prompt TEXT" + " claw [--model MODEL] [--output-format text|json] prompt [--stdin] [TEXT]" + )?; + writeln!( + out, + " Send one prompt and exit; reads stdin when TEXT is omitted" )?; - writeln!(out, " Send one prompt and exit")?; writeln!( out, " claw [--model MODEL] [--output-format text|json] TEXT" )?; writeln!(out, " Shorthand non-interactive prompt mode")?; + writeln!( + out, + " Use `--` before TEXT when the prompt itself starts with '-' or '--'" + )?; writeln!( out, " claw --resume [SESSION.jsonl|session-id|latest] [/status] [/compact] [...]" @@ -11388,7 +13242,19 @@ fn print_help_to(out: &mut impl Write) -> io::Result<()> { )?; writeln!( out, - " --output-format FORMAT Non-interactive output format: text or json" + " --output-format FORMAT Non-interactive output format: text or json (case-insensitive)" + )?; + writeln!( + out, + " CLAW_OUTPUT_FORMAT sets the default; flags override env" + )?; + writeln!( + out, + " Log env vars: CLAW_LOG or RUST_LOG" + )?; + writeln!( + out, + " --cwd PATH, -C PATH, --directory PATH Run as if launched from PATH" )?; writeln!( out, @@ -11400,9 +13266,13 @@ fn print_help_to(out: &mut impl Write) -> io::Result<()> { )?; writeln!( out, - " --dangerously-skip-permissions Skip all permission checks" + " --dangerously-skip-permissions, --skip-permissions Skip all permission checks" )?; - writeln!(out, " --allowedTools TOOLS Restrict enabled tools (repeatable; comma-separated aliases supported)")?; + writeln!( + out, + " --allowedTools TOOLS Restrict enabled tools by canonical snake_case name or alias" + )?; + writeln!(out, " Examples: read, glob, web_fetch, WebFetch; status JSON exposes aliases")?; writeln!( out, " --version, -V Print version and build information locally" @@ -11510,9 +13380,9 @@ mod tests { split_error_hint, status_context, status_json_value, summarize_tool_payload_for_markdown, try_resolve_bare_skill_prompt, validate_no_args, write_mcp_server_fixture, CliAction, CliOutputFormat, CliToolExecutor, GitWorkspaceSummary, InternalPromptProgressEvent, - InternalPromptProgressState, LiveCli, LocalHelpTopic, PromptHistoryEntry, - SessionLifecycleKind, SessionLifecycleSummary, SlashCommand, StatusUsage, TmuxPaneSnapshot, - DEFAULT_MODEL, LATEST_SESSION_REFERENCE, STUB_COMMANDS, + InternalPromptProgressState, LiveCli, LocalHelpTopic, PermissionModeProvenance, + PromptHistoryEntry, SessionLifecycleKind, SessionLifecycleSummary, SlashCommand, + StatusUsage, TmuxPaneSnapshot, DEFAULT_MODEL, LATEST_SESSION_REFERENCE, STUB_COMMANDS, }; use api::{ApiError, MessageResponse, OutputContentBlock, Usage}; use plugins::{ @@ -11858,7 +13728,7 @@ mod tests { CliAction::Repl { model: DEFAULT_MODEL.to_string(), allowed_tools: None, - permission_mode: PermissionMode::DangerFullAccess, + permission_mode: PermissionMode::WorkspaceWrite, base_commit: None, reasoning_effort: None, allow_broad_cwd: false, @@ -11991,7 +13861,7 @@ mod tests { model: DEFAULT_MODEL.to_string(), output_format: CliOutputFormat::Text, allowed_tools: None, - permission_mode: PermissionMode::DangerFullAccess, + permission_mode: PermissionMode::WorkspaceWrite, compact: false, base_commit: None, reasoning_effort: None, @@ -12079,10 +13949,10 @@ mod tests { parse_args(&args).expect("args should parse"), CliAction::Prompt { prompt: "explain this".to_string(), - model: "anthropic/claude-opus-4-6".to_string(), + model: "anthropic/claude-opus-4-7".to_string(), output_format: CliOutputFormat::Json, allowed_tools: None, - permission_mode: PermissionMode::DangerFullAccess, + permission_mode: PermissionMode::WorkspaceWrite, compact: false, base_commit: None, reasoning_effort: None, @@ -12091,6 +13961,67 @@ mod tests { ); } + #[test] + fn parses_dash_prefixed_prompt_text_434() { + let _guard = env_lock(); + std::env::remove_var("RUSTY_CLAUDE_PERMISSION_MODE"); + + assert_eq!( + parse_args(&["--".to_string(), "-prompt-with-dash".to_string()]) + .expect("-- should terminate flag parsing"), + CliAction::Prompt { + prompt: "-prompt-with-dash".to_string(), + model: DEFAULT_MODEL.to_string(), + output_format: CliOutputFormat::Text, + allowed_tools: None, + permission_mode: PermissionMode::WorkspaceWrite, + compact: false, + base_commit: None, + reasoning_effort: None, + allow_broad_cwd: false, + } + ); + + assert_eq!( + parse_args(&["-not-a-flag".to_string()]) + .expect("unknown dash-prefixed shorthand prompt should parse as prompt text"), + CliAction::Prompt { + prompt: "-not-a-flag".to_string(), + model: DEFAULT_MODEL.to_string(), + output_format: CliOutputFormat::Text, + allowed_tools: None, + permission_mode: PermissionMode::WorkspaceWrite, + compact: false, + base_commit: None, + reasoning_effort: None, + allow_broad_cwd: false, + } + ); + + assert_eq!( + parse_args(&["--bogus-flag-like".to_string(), "literal".to_string()]) + .expect("unknown double-dash text should stay eligible for prompt shorthand"), + CliAction::Prompt { + prompt: "--bogus-flag-like literal".to_string(), + model: DEFAULT_MODEL.to_string(), + output_format: CliOutputFormat::Text, + allowed_tools: None, + permission_mode: PermissionMode::WorkspaceWrite, + compact: false, + base_commit: None, + reasoning_effort: None, + allow_broad_cwd: false, + } + ); + + assert!(parse_args(&["--".to_string()]).is_ok()); + + let error = parse_args(&["--resum".to_string()]) + .expect_err("nearby real flags should still be rejected as unknown options"); + assert!(error.contains("unknown option: --resum")); + assert!(error.contains("Did you mean --resume?")); + } + #[test] fn parses_compact_flag_for_prompt_mode() { // given a bare prompt invocation that includes the --compact flag @@ -12113,7 +14044,22 @@ mod tests { model: DEFAULT_MODEL.to_string(), output_format: CliOutputFormat::Text, allowed_tools: None, - permission_mode: PermissionMode::DangerFullAccess, + permission_mode: PermissionMode::WorkspaceWrite, + compact: true, + base_commit: None, + reasoning_effort: None, + allow_broad_cwd: false, + } + ); + assert_eq!( + parse_args(&["--compact".to_string(), "hello".to_string()]) + .expect("compact single-word prompt should parse"), + CliAction::Prompt { + prompt: "hello".to_string(), + model: DEFAULT_MODEL.to_string(), + output_format: CliOutputFormat::Text, + allowed_tools: None, + permission_mode: PermissionMode::WorkspaceWrite, compact: true, base_commit: None, reasoning_effort: None, @@ -12153,10 +14099,10 @@ mod tests { parse_args(&args).expect("args should parse"), CliAction::Prompt { prompt: "explain this".to_string(), - model: "anthropic/claude-opus-4-6".to_string(), + model: "anthropic/claude-opus-4-7".to_string(), output_format: CliOutputFormat::Text, allowed_tools: None, - permission_mode: PermissionMode::DangerFullAccess, + permission_mode: PermissionMode::WorkspaceWrite, compact: false, base_commit: None, reasoning_effort: None, @@ -12167,7 +14113,7 @@ mod tests { #[test] fn resolves_known_model_aliases() { - assert_eq!(resolve_model_alias("opus"), "anthropic/claude-opus-4-6"); + assert_eq!(resolve_model_alias("opus"), "anthropic/claude-opus-4-7"); assert_eq!(resolve_model_alias("sonnet"), "anthropic/claude-sonnet-4-6"); assert_eq!( resolve_model_alias("haiku"), @@ -12176,6 +14122,12 @@ mod tests { assert_eq!(resolve_model_alias("claude-opus"), "claude-opus"); } + #[test] + fn default_model_alias_uses_anthropic_routing_prefix() { + assert_eq!(DEFAULT_MODEL, "anthropic/claude-opus-4-7"); + assert_eq!(resolve_model_alias("opus"), "anthropic/claude-opus-4-7"); + } + #[test] fn user_defined_aliases_resolve_before_provider_dispatch() { // given @@ -12209,7 +14161,7 @@ mod tests { // then assert_eq!(direct, "anthropic/claude-haiku-4-5-20251213"); - assert_eq!(chained, "anthropic/claude-opus-4-6"); + assert_eq!(chained, "anthropic/claude-opus-4-7"); assert_eq!(cross_provider, "grok-3-mini"); assert_eq!(unknown, "unknown-model"); assert_eq!(builtin, "anthropic/claude-haiku-4-5-20251213"); @@ -12317,7 +14269,7 @@ mod tests { .map(str::to_string) .collect() ), - permission_mode: PermissionMode::DangerFullAccess, + permission_mode: PermissionMode::WorkspaceWrite, base_commit: None, reasoning_effort: None, allow_broad_cwd: false, @@ -12325,13 +14277,41 @@ mod tests { ); } + #[test] + fn rejects_allowed_tools_followed_by_subcommand_or_flag_432() { + let _env_guard = env_lock(); + let _cwd_guard = cwd_guard(); + for args in [ + vec!["--allowedTools".to_string(), "status".to_string()], + vec![ + "--allowedTools".to_string(), + "status".to_string(), + "--output-format".to_string(), + "json".to_string(), + ], + vec!["--allowedTools".to_string(), "--output-format".to_string()], + vec!["--allowedTools=".to_string()], + ] { + let error = parse_args(&args).expect_err("allowedTools missing value should reject"); + assert!( + error.starts_with("missing_argument: --allowedTools requires a tool list"), + "unexpected error for {args:?}: {error}" + ); + } + } + #[test] fn rejects_unknown_allowed_tools() { let _env_guard = env_lock(); let _cwd_guard = cwd_guard(); let error = parse_args(&["--allowedTools".to_string(), "teleport".to_string()]) .expect_err("tool should be rejected"); + assert!(error.starts_with("invalid_tool_name:")); assert!(error.contains("unsupported tool in --allowedTools: teleport")); + assert!(error.contains("Available: ")); + assert!(error.contains("web_fetch")); + assert!(error.contains("Aliases: ")); + assert!(error.contains("WebFetch=web_fetch")); } #[test] @@ -12405,6 +14385,7 @@ mod tests { parse_args(&["doctor".to_string()]).expect("doctor should parse"), CliAction::Doctor { output_format: CliOutputFormat::Text, + permission_mode: PermissionModeProvenance::default_fallback(), } ); assert_eq!( @@ -12683,6 +14664,19 @@ mod tests { } other => panic!("expected CliAction::Status, got: {other:?}"), } + match parse_args(&["--model=claude-opus-4-6".to_string(), "status".to_string()]) + .expect("bare Anthropic model should parse") + { + CliAction::Status { + model, + model_flag_raw, + .. + } => { + assert_eq!(model, "claude-opus-4-6"); + assert_eq!(model_flag_raw.as_deref(), Some("claude-opus-4-6")); + } + other => panic!("expected CliAction::Status, got: {other:?}"), + } } #[test] @@ -12893,9 +14887,10 @@ mod tests { } #[test] - fn plugins_degrades_gracefully_on_malformed_mcp_config() { - // Keep the plugins surface consistent with status/doctor/mcp: a bad - // MCP entry should not make local plugin introspection unusable. + fn plugins_degrades_on_invalid_mcp_server_without_global_config_error_440() { + // #440: invalid MCP entries should not make local plugin introspection + // unusable, and should surface as validation metadata instead of a + // whole-config parse failure. let _guard = env_lock(); let root = temp_dir(); let cwd = root.join("project-with-malformed-mcp-for-plugins"); @@ -12928,16 +14923,19 @@ mod tests { } assert_eq!(payload.status, "degraded"); - let err = payload - .config_load_error - .as_deref() - .expect("config_load_error should be populated"); - assert!( - err.contains("mcpServers.missing-command"), - "config_load_error should name the malformed MCP field: {err}" + assert!(payload.config_load_error.is_none()); + assert_eq!(payload.mcp_validation.total_configured, 1); + assert_eq!(payload.mcp_validation.valid_count, 0); + assert_eq!(payload.mcp_validation.invalid_count(), 1); + assert_eq!( + payload.mcp_validation.invalid_servers[0].name, + "missing-command" ); - assert!(payload.message.contains("Config load error")); - assert!(payload.message.contains("partial plugins view")); + assert!(payload.mcp_validation.invalid_servers[0] + .reason + .contains("missing string field command")); + assert!(payload.message.contains("MCP validation")); + assert!(payload.message.contains("valid MCP siblings only")); assert!(payload.message.contains("Plugins")); let _ = std::fs::remove_dir_all(root); @@ -12953,14 +14951,13 @@ mod tests { let root = temp_dir(); let cwd = root.join("project-with-malformed-mcp"); std::fs::create_dir_all(&cwd).expect("project dir should exist"); - // One valid server + one malformed entry missing `command`. + // Top-level `mcpServers` shape errors still degrade through the + // config_load_error path; per-server errors are handled by the #440 + // MCP validation summary instead. std::fs::write( cwd.join(".claw.json"), r#"{ - "mcpServers": { - "everything": {"command": "npx", "args": ["-y", "@modelcontextprotocol/server-everything"]}, - "missing-command": {"args": ["arg-only-no-command"]} - } + "mcpServers": "not-an-object" } "#, ) @@ -12971,17 +14968,17 @@ mod tests { .expect("status_context should not hard-fail on config parse errors (#143)") }); - // Phase 1 contract: config_load_error is populated with the parse error. + // Config-shape errors still populate config_load_error. let err = context .config_load_error .as_ref() - .expect("config_load_error should be Some when config parse fails"); + .expect("config_load_error should be Some when config shape parsing fails"); assert!( - err.contains("mcpServers.missing-command"), - "config_load_error should name the malformed field path: {err}" + err.contains("mcpServers"), + "config_load_error should name the malformed mcpServers path: {err}" ); assert!( - err.contains("missing string field command"), + err.contains("must be an object"), "config_load_error should carry the underlying parse error: {err}" ); @@ -13012,6 +15009,8 @@ mod tests { &context, None, None, + None, + None, ); assert_eq!( json.get("status").and_then(|v| v.as_str()), @@ -13021,7 +15020,7 @@ mod tests { assert!( json.get("config_load_error") .and_then(|v| v.as_str()) - .is_some_and(|s| s.contains("mcpServers.missing-command")), + .is_some_and(|s| s.contains("mcpServers")), "config_load_error should surface in JSON output: {json}" ); // Independent fields still populated. @@ -13061,6 +15060,18 @@ mod tests { Some(false), "default status should expose unrestricted tool state: {json}" ); + assert_eq!( + json.pointer("/allowed_tools/available/0") + .and_then(|v| v.as_str()), + Some("agent"), + "status JSON should expose canonical snake_case available tools: {json}" + ); + assert_eq!( + json.pointer("/allowed_tools/aliases/WebFetch") + .and_then(|v| v.as_str()), + Some("web_fetch"), + "status JSON should expose allowed-tool aliases: {json}" + ); let allowed: super::AllowedToolSet = ["read_file", "grep_search"] .into_iter() @@ -13072,7 +15083,9 @@ mod tests { "workspace-write", &context, None, + None, Some(&allowed), + None, ); assert_eq!( restricted_json @@ -13104,6 +15117,8 @@ mod tests { &clean_context, None, None, + None, + None, ); assert_eq!( clean_json.get("status").and_then(|v| v.as_str()), @@ -13179,7 +15194,7 @@ mod tests { CliAction::Status { model: DEFAULT_MODEL.to_string(), model_flag_raw: None, // #148: no --model flag passed - permission_mode: PermissionMode::DangerFullAccess, + permission_mode: PermissionModeProvenance::default_fallback(), output_format: CliOutputFormat::Text, allowed_tools: None, } @@ -13208,22 +15223,19 @@ mod tests { !err_other.contains("--output-format json"), "unrelated args should not trigger --json hint: {err_other}" ); - // #154: model syntax error should hint at provider prefix when applicable - let err_gpt = parse_args(&[ + // #424: bare canonical GPT model ids should parse and route via provider + // detection instead of forcing the local-only `openai/` routing prefix. + match parse_args(&[ "prompt".to_string(), "test".to_string(), "--model".to_string(), "gpt-4".to_string(), ]) - .expect_err("`--model gpt-4` should fail with OpenAI hint"); - assert!( - err_gpt.contains("Did you mean `openai/gpt-4`?"), - "GPT model error should hint openai/ prefix: {err_gpt}" - ); - assert!( - err_gpt.contains("OPENAI_API_KEY"), - "GPT model error should mention env var: {err_gpt}" - ); + .expect("`--model gpt-4` should parse as a bare OpenAI model") + { + CliAction::Prompt { model, .. } => assert_eq!(model, "gpt-4"), + other => panic!("expected CliAction::Prompt, got: {other:?}"), + } let err_qwen = parse_args(&[ "prompt".to_string(), "test".to_string(), @@ -13251,6 +15263,35 @@ mod tests { !err_garbage.contains("Did you mean"), "Unrelated model errors should not get a hint: {err_garbage}" ); + + let original_openai_base_url = std::env::var_os("OPENAI_BASE_URL"); + std::env::set_var("OPENAI_BASE_URL", "http://127.0.0.1:11434/v1"); + match parse_args(&[ + "prompt".to_string(), + "test".to_string(), + "--model".to_string(), + "qwen2.5-coder:7b".to_string(), + ]) + .expect("Ollama-style tag should parse when OPENAI_BASE_URL is set") + { + CliAction::Prompt { model, .. } => assert_eq!(model, "qwen2.5-coder:7b"), + other => panic!("expected CliAction::Prompt, got: {other:?}"), + } + match parse_args(&[ + "prompt".to_string(), + "test".to_string(), + "--model".to_string(), + "local/Qwen/Qwen3.6-27B-FP8".to_string(), + ]) + .expect("local/ slash-containing model should parse") + { + CliAction::Prompt { model, .. } => assert_eq!(model, "local/Qwen/Qwen3.6-27B-FP8"), + other => panic!("expected CliAction::Prompt, got: {other:?}"), + } + match original_openai_base_url { + Some(value) => std::env::set_var("OPENAI_BASE_URL", value), + None => std::env::remove_var("OPENAI_BASE_URL"), + } } #[test] @@ -13349,6 +15390,20 @@ mod tests { classify_error_kind("unsupported skills action: bogus. Supported actions: list"), "unsupported_skills_action" ); + assert_eq!( + classify_error_kind("invalid_install_source: bogus"), + "invalid_install_source" + ); + assert_eq!( + classify_error_kind("invalid_tool_name: unsupported tool in --allowedTools: teleport"), + "invalid_tool_name" + ); + assert_eq!( + classify_error_kind( + "invalid_output_format: unsupported value for --output-format: YAML" + ), + "invalid_output_format" + ); assert_eq!( classify_error_kind( "missing_flag_value: missing value for --model.\nUsage: --model " @@ -13356,8 +15411,12 @@ mod tests { "missing_flag_value" ); assert_eq!( - classify_error_kind("invalid_flag_value: unsupported permission mode 'bogus'.\nUsage: --permission-mode read-only|workspace-write|danger-full-access"), - "invalid_flag_value" + classify_error_kind("invalid_permission_mode: unsupported permission mode 'bogus'.\nUsage: --permission-mode read-only|workspace-write|danger-full-access"), + "invalid_permission_mode" + ); + assert_eq!( + classify_error_kind("invalid_cwd: not_found: `/tmp/missing`\nUsage: --cwd "), + "invalid_cwd" ); assert_eq!( classify_error_kind("is not yet implemented"), @@ -13481,6 +15540,11 @@ mod tests { classify_error_kind("unknown_option: unknown system-prompt option: --foo."), "unknown_option" ); + // #830: known command with missing required argument must not collapse to unknown. + assert_eq!( + classify_error_kind("missing_argument: mcp show requires a server name."), + "missing_argument" + ); } #[test] @@ -13815,7 +15879,7 @@ mod tests { .expect("prompt shorthand should still work"), CliAction::Prompt { prompt: "please debug this".to_string(), - model: "anthropic/claude-opus-4-6".to_string(), + model: "anthropic/claude-opus-4-7".to_string(), output_format: CliOutputFormat::Text, allowed_tools: None, permission_mode: crate::default_permission_mode(), @@ -13923,16 +15987,15 @@ mod tests { allow_broad_cwd: false, } ); - let error = parse_args(&["/status".to_string()]) - .expect_err("/status should remain REPL-only when invoked directly"); - // #829: prefix changed from "interactive-only" to "interactive_only:" - assert!( - error.contains("interactive_only:"), - "expected interactive_only: prefix, got: {error}" - ); - assert!( - error.contains("claw --resume SESSION.jsonl /status"), - "expected --resume suggestion for resume-safe /status, got: {error}" + assert_eq!( + parse_args(&["/status".to_string()]).expect("/status should parse as local status"), + CliAction::Status { + model: DEFAULT_MODEL.to_string(), + model_flag_raw: None, + permission_mode: PermissionModeProvenance::default_fallback(), + output_format: CliOutputFormat::Text, + allowed_tools: None, + } ); } @@ -13988,17 +16051,27 @@ mod tests { #[test] fn unsupported_skills_actions_return_typed_error_683() { - for action in ["remove", "add", "uninstall", "delete"] { - let error = parse_args(&["skills".to_string(), action.to_string()]) - .expect_err(&format!("skills {action} should error")); - assert!( - error.contains("unsupported skills action"), - "skills {action} should contain 'unsupported skills action', got: {error}" - ); + let error = parse_args(&["skills".to_string(), "add".to_string()]) + .expect_err("skills add should error"); + assert!( + error.contains("unsupported skills action"), + "skills add should contain 'unsupported skills action', got: {error}" + ); + assert_eq!( + classify_error_kind(&error), + "unsupported_skills_action", + "skills add should classify as unsupported_skills_action, got: {error}" + ); + + for action in ["remove", "uninstall", "delete"] { assert_eq!( - classify_error_kind(&error), - "unsupported_skills_action", - "skills {action} should classify as unsupported_skills_action, got: {error}" + parse_args(&["skills".to_string(), action.to_string()]) + .expect(&format!("skills {action} should parse")), + CliAction::Skills { + args: Some(action.to_string()), + output_format: CliOutputFormat::Text, + }, + "skills {action} should route locally so missing targets are handled without credentials" ); } } @@ -14061,7 +16134,7 @@ mod tests { model: DEFAULT_MODEL.to_string(), output_format: CliOutputFormat::Text, allowed_tools: None, - permission_mode: PermissionMode::DangerFullAccess, + permission_mode: PermissionMode::WorkspaceWrite, compact: false, base_commit: None, reasoning_effort: None, @@ -14090,7 +16163,7 @@ mod tests { model: DEFAULT_MODEL.to_string(), output_format: CliOutputFormat::Text, allowed_tools: None, - permission_mode: PermissionMode::DangerFullAccess, + permission_mode: PermissionMode::WorkspaceWrite, compact: false, base_commit: None, reasoning_effort: None, @@ -14399,7 +16472,7 @@ mod tests { fn resolve_repl_model_returns_user_supplied_model_unchanged_when_explicit() { let user_model = "anthropic/claude-sonnet-4-6".to_string(); - let resolved = resolve_repl_model(user_model); + let resolved = resolve_repl_model(user_model).expect("explicit model should resolve"); assert_eq!(resolved, "anthropic/claude-sonnet-4-6"); } @@ -14415,7 +16488,8 @@ mod tests { std::env::remove_var("ANTHROPIC_MODEL"); std::env::set_var("ANTHROPIC_MODEL", "sonnet"); - let resolved = with_current_dir(&root, || resolve_repl_model(DEFAULT_MODEL.to_string())); + let resolved = with_current_dir(&root, || resolve_repl_model(DEFAULT_MODEL.to_string())) + .expect("env model should resolve"); assert_eq!(resolved, "anthropic/claude-sonnet-4-6"); @@ -14434,7 +16508,8 @@ mod tests { std::env::set_var("CLAW_CONFIG_HOME", &config_home); std::env::remove_var("ANTHROPIC_MODEL"); - let resolved = with_current_dir(&root, || resolve_repl_model(DEFAULT_MODEL.to_string())); + let resolved = with_current_dir(&root, || resolve_repl_model(DEFAULT_MODEL.to_string())) + .expect("default model should resolve"); assert_eq!(resolved, DEFAULT_MODEL); @@ -14631,6 +16706,16 @@ mod tests { loaded_config_files: 2, discovered_config_files: 3, memory_file_count: 4, + memory_files: vec![super::MemoryFileSummary { + path: "/tmp/project/CLAUDE.md".to_string(), + source: "claude_md".to_string(), + origin: "workspace".to_string(), + scope_path: "/tmp/project".to_string(), + outside_project: false, + chars: 42, + contributes: true, + }], + unloaded_memory_files: Vec::new(), project_root: Some(PathBuf::from("/tmp")), git_branch: Some("main".to_string()), git_summary: GitWorkspaceSummary { @@ -14652,10 +16737,13 @@ mod tests { }, boot_preflight: test_boot_preflight(), sandbox_status: runtime::SandboxStatus::default(), + binary_provenance: super::binary_provenance_for(None), config_load_error: None, config_load_error_kind: None, + mcp_validation: super::McpValidationSummary::default(), }, None, // #148 + None, ); assert!(status.contains("Status")); assert!(status.contains("Model claude-sonnet")); @@ -14673,6 +16761,7 @@ mod tests { status.contains("Git state dirty · 3 files · 1 staged, 1 unstaged, 1 untracked") ); assert!(status.contains("Changed files 3")); + assert!(status.contains("Loaded memory claude_md:/tmp/project/CLAUDE.md")); assert!(status.contains("Staged 1")); assert!(status.contains("Unstaged 1")); assert!(status.contains("Untracked 1")); @@ -14779,6 +16868,8 @@ mod tests { loaded_config_files: 0, discovered_config_files: 0, memory_file_count: 0, + memory_files: Vec::new(), + unloaded_memory_files: Vec::new(), project_root: Some(PathBuf::from("/tmp/project")), git_branch: Some("feature/stale-base".to_string()), git_summary: GitWorkspaceSummary::default(), @@ -14797,8 +16888,10 @@ mod tests { }, boot_preflight: test_boot_preflight(), sandbox_status: runtime::SandboxStatus::default(), + binary_provenance: super::binary_provenance_for(None), config_load_error: None, config_load_error_kind: None, + mcp_validation: super::McpValidationSummary::default(), }; let check = super::check_workspace_health(&context); @@ -14812,6 +16905,56 @@ mod tests { .any(|detail| detail.contains("stale codebase"))); } + #[test] + fn memory_health_surfaces_loaded_and_unloaded_files_438() { + let context = super::StatusContext { + cwd: PathBuf::from("/tmp/project"), + session_path: None, + loaded_config_files: 0, + discovered_config_files: 0, + memory_file_count: 1, + memory_files: vec![super::MemoryFileSummary { + path: "/tmp/project/CLAUDE.md".to_string(), + source: "claude_md".to_string(), + origin: "workspace".to_string(), + scope_path: "/tmp/project".to_string(), + outside_project: false, + chars: 12, + contributes: true, + }], + unloaded_memory_files: vec!["/tmp/project/AGENTS.md".to_string()], + project_root: Some(PathBuf::from("/tmp/project")), + git_branch: Some("main".to_string()), + git_summary: GitWorkspaceSummary::default(), + branch_freshness: test_branch_freshness(), + stale_base_state: super::BaseCommitState::NoExpectedBase, + session_lifecycle: SessionLifecycleSummary { + kind: SessionLifecycleKind::SavedOnly, + pane_id: None, + pane_command: None, + pane_path: None, + workspace_dirty: false, + abandoned: false, + }, + boot_preflight: test_boot_preflight(), + sandbox_status: runtime::SandboxStatus::default(), + binary_provenance: super::binary_provenance_for(None), + config_load_error: None, + config_load_error_kind: None, + mcp_validation: super::McpValidationSummary::default(), + }; + + let check = super::check_memory_health(&context); + + assert_eq!(check.level, super::DiagnosticLevel::Warn); + assert_eq!(check.data["memory_file_count"], 1); + assert_eq!(check.data["memory_files"][0]["source"], "claude_md"); + assert_eq!( + check.data["unloaded_memory_files"][0], + "/tmp/project/AGENTS.md" + ); + } + #[test] fn status_json_surfaces_session_lifecycle_for_clawhip() { let context = super::StatusContext { @@ -14820,6 +16963,8 @@ mod tests { loaded_config_files: 0, discovered_config_files: 0, memory_file_count: 0, + memory_files: Vec::new(), + unloaded_memory_files: Vec::new(), project_root: Some(PathBuf::from("/tmp/project")), git_branch: Some("feature/session-lifecycle".to_string()), git_summary: GitWorkspaceSummary::default(), @@ -14835,8 +16980,10 @@ mod tests { }, boot_preflight: test_boot_preflight(), sandbox_status: runtime::SandboxStatus::default(), + binary_provenance: super::binary_provenance_for(None), config_load_error: None, config_load_error_kind: None, + mcp_validation: super::McpValidationSummary::default(), }; let value = status_json_value( @@ -14852,6 +16999,8 @@ mod tests { &context, None, None, + None, + None, ); assert_eq!( @@ -16112,7 +18261,7 @@ UU conflicted.rs", .expect("mcp tools should be allow-listable") .expect("allow-list should exist"); assert!(allowed.contains("mcp__alpha__echo")); - assert!(allowed.contains("MCPTool")); + assert!(allowed.contains("mcp_tool")); let mut executor = CliToolExecutor::new( None, @@ -16537,81 +18686,76 @@ mod sandbox_report_tests { #[cfg(test)] mod dump_manifests_tests { - use super::{dump_manifests_at_path, CliOutputFormat}; + use super::{build_rust_resolver_manifest, dump_manifests_at_path, CliOutputFormat}; use std::fs; #[test] - fn dump_manifests_shows_helpful_error_when_manifests_missing() { - let root = std::env::temp_dir().join(format!( - "claw_test_missing_manifests_{}", - std::process::id() - )); + fn dump_manifests_defaults_to_rust_resolver_inventory() { + let root = + std::env::temp_dir().join(format!("claw_test_rust_manifests_{}", std::process::id())); let workspace = root.join("workspace"); - std::fs::create_dir_all(&workspace).expect("failed to create temp workspace"); + fs::create_dir_all(&workspace).expect("workspace should exist"); - let result = dump_manifests_at_path(&workspace, None, CliOutputFormat::Text); - assert!( - result.is_err(), - "expected an error when manifests are missing" - ); + let manifest = build_rust_resolver_manifest(&workspace).expect("manifest should build"); + assert_eq!(manifest["kind"], "dump-manifests"); + assert_eq!(manifest["source"], "rust-resolver"); + assert!(manifest["commands"].as_u64().expect("commands count") > 0); + assert!(manifest["tools"].as_u64().expect("tools count") > 0); + assert!(manifest["command_manifests"] + .as_array() + .expect("command manifests") + .iter() + .any(|entry| entry["name"] == "status")); + assert!(manifest["tool_manifests"] + .as_array() + .expect("tool manifests") + .iter() + .any(|entry| entry["name"] == "read_file")); + assert!(dump_manifests_at_path(&workspace, None, CliOutputFormat::Text).is_ok()); - let error_msg = result.unwrap_err().to_string(); - - assert!( - error_msg.contains("Manifest source files are missing"), - "error message should mention missing manifest sources: {error_msg}" - ); - assert!( - error_msg.contains(&root.display().to_string()), - "error message should contain the resolved repo root path: {error_msg}" - ); - assert!( - error_msg.contains("src/commands.ts"), - "error message should mention missing commands.ts: {error_msg}" - ); - assert!( - error_msg.contains("CLAUDE_CODE_UPSTREAM"), - "error message should explain how to supply the upstream path: {error_msg}" - ); - - let _ = std::fs::remove_dir_all(&root); + let _ = fs::remove_dir_all(&root); } #[test] - fn dump_manifests_uses_explicit_manifest_dir() { + fn dump_manifests_scopes_explicit_manifest_dir_without_upstream_ts() { let root = std::env::temp_dir().join(format!( "claw_test_explicit_manifest_dir_{}", std::process::id() )); let workspace = root.join("workspace"); - let upstream = root.join("upstream"); - fs::create_dir_all(workspace.join("nested")).expect("workspace should exist"); - fs::create_dir_all(upstream.join("src/entrypoints")) - .expect("upstream fixture should exist"); - fs::write( - upstream.join("src/commands.ts"), - "import FooCommand from './commands/foo'\n", - ) - .expect("commands fixture should write"); - fs::write( - upstream.join("src/tools.ts"), - "import ReadTool from './tools/read'\n", - ) - .expect("tools fixture should write"); - fs::write( - upstream.join("src/entrypoints/cli.tsx"), - "startupProfiler()\n", - ) - .expect("cli fixture should write"); + let manifest_dir = root.join("manifest-source"); + fs::create_dir_all(&workspace).expect("workspace should exist"); + fs::create_dir_all(&manifest_dir).expect("manifest dir should exist"); - let result = dump_manifests_at_path(&workspace, Some(&upstream), CliOutputFormat::Text); + let result = dump_manifests_at_path(&workspace, Some(&manifest_dir), CliOutputFormat::Text); assert!( result.is_ok(), - "explicit manifest dir should succeed: {result:?}" + "explicit manifest dir should not require upstream TS files: {result:?}" ); let _ = fs::remove_dir_all(&root); } + + #[test] + fn dump_manifests_missing_explicit_dir_has_typed_kind() { + let root = std::env::temp_dir().join(format!( + "claw_test_missing_manifest_dir_{}", + std::process::id() + )); + let workspace = root.join("workspace"); + let missing = root.join("missing"); + fs::create_dir_all(&workspace).expect("workspace should exist"); + + let result = dump_manifests_at_path(&workspace, Some(&missing), CliOutputFormat::Text); + let error = result.expect_err("missing explicit manifest dir should fail"); + let error_msg = error.to_string(); + assert!(error_msg.starts_with("missing_manifests:")); + assert!(error_msg.contains(&missing.display().to_string())); + assert!(!error_msg.contains("CLAUDE_CODE_UPSTREAM")); + assert!(!error_msg.contains("src/commands.ts")); + + let _ = fs::remove_dir_all(&root); + } } #[cfg(test)] @@ -16623,7 +18767,7 @@ mod alias_resolution_tests { // Built-in aliases should resolve to their full IDs assert_eq!( resolve_model_alias_with_config("opus"), - "anthropic/claude-opus-4-6" + "anthropic/claude-opus-4-7" ); assert_eq!( resolve_model_alias_with_config("sonnet"), diff --git a/rust/crates/rusty-claude-cli/tests/compact_output.rs b/rust/crates/rusty-claude-cli/tests/compact_output.rs index eac2cc4b..6f3cb538 100644 --- a/rust/crates/rusty-claude-cli/tests/compact_output.rs +++ b/rust/crates/rusty-claude-cli/tests/compact_output.rs @@ -1,6 +1,7 @@ #![allow(clippy::while_let_on_iterator)] use std::fs; +use std::io::Write; use std::path::PathBuf; use std::process::{Command, Output, Stdio}; use std::sync::atomic::{AtomicU64, Ordering}; @@ -246,8 +247,121 @@ stderr: } #[test] -fn compact_subcommand_json_help_fails_fast_when_stdin_closed() { - let workspace = unique_temp_dir("compact-nontty-json-help"); +fn prompt_subcommand_reads_prompt_from_stdin_when_no_positional_arg_423() { + let runtime = tokio::runtime::Runtime::new().expect("tokio runtime should build"); + let server = runtime + .block_on(MockAnthropicService::spawn()) + .expect("mock service should start"); + let base_url = server.base_url(); + + let workspace = unique_temp_dir("prompt-stdin-423"); + let config_home = workspace.join("config-home"); + let home = workspace.join("home"); + fs::create_dir_all(&workspace).expect("workspace should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + + let prompt = format!("{SCENARIO_PREFIX}streaming_text\n"); + let output = run_claw_with_stdin( + &workspace, + &config_home, + &home, + &base_url, + &[ + "prompt", + "--output-format", + "json", + "--compact", + "--permission-mode", + "read-only", + "--model", + "sonnet", + ], + &prompt, + ); + + assert!( + output.status.success(), + "prompt stdin run should succeed\nstdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&output.stdout), + String::from_utf8_lossy(&output.stderr), + ); + let parsed: Value = serde_json::from_slice(&output.stdout).expect("stdout should parse"); + assert_eq!( + parsed["message"], + "Mock streaming says hello from the parity harness." + ); + let captured = runtime.block_on(server.captured_requests()); + assert!( + captured + .iter() + .any(|request| request.raw_body.contains("PARITY_SCENARIO:streaming_text")), + "stdin prompt should reach the provider request: {captured:?}" + ); + + fs::remove_dir_all(&workspace).expect("workspace cleanup should succeed"); +} + +#[test] +fn prompt_subcommand_stdin_flag_appends_pipe_context_423() { + let runtime = tokio::runtime::Runtime::new().expect("tokio runtime should build"); + let server = runtime + .block_on(MockAnthropicService::spawn()) + .expect("mock service should start"); + let base_url = server.base_url(); + + let workspace = unique_temp_dir("prompt-stdin-flag-423"); + let config_home = workspace.join("config-home"); + let home = workspace.join("home"); + fs::create_dir_all(&workspace).expect("workspace should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + + let prompt_context = format!("{SCENARIO_PREFIX}streaming_text\n"); + let output = run_claw_with_stdin( + &workspace, + &config_home, + &home, + &base_url, + &[ + "prompt", + "Use stdin context", + "--stdin", + "--output-format", + "json", + "--compact", + "--permission-mode", + "read-only", + "--model", + "sonnet", + ], + &prompt_context, + ); + + assert!( + output.status.success(), + "prompt --stdin run should succeed\nstdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&output.stdout), + String::from_utf8_lossy(&output.stderr), + ); + let captured = runtime.block_on(server.captured_requests()); + let provider_body = captured + .iter() + .find(|request| request.raw_body.contains("Use stdin context")) + .expect("merged prompt should reach provider"); + assert!( + provider_body + .raw_body + .contains("PARITY_SCENARIO:streaming_text"), + "merged prompt should include stdin context: {provider_body:?}" + ); + + fs::remove_dir_all(&workspace).expect("workspace cleanup should succeed"); +} + +#[test] +fn compact_subcommand_json_fails_fast_when_stdin_closed() { + let workspace = unique_temp_dir("compact-nontty-json"); let config_home = workspace.join("config-home"); let home = workspace.join("home"); fs::create_dir_all(&workspace).expect("workspace should exist"); @@ -258,19 +372,19 @@ fn compact_subcommand_json_help_fails_fast_when_stdin_closed() { &workspace, &config_home, &home, - &["compact", "--output-format", "json", "--help"], + &["compact", "--output-format", "json"], Duration::from_secs(2), ); assert!( !output.status.success(), - "compact json help should fail non-zero" + "compact json should fail non-zero" ); // #819/#820/#823: JSON abort envelopes route to stdout let stderr = String::from_utf8(output.stderr).expect("stderr should be utf8"); assert!( stderr.trim().is_empty() || !stderr.trim_start().starts_with('{'), - "compact json help should not emit JSON envelope to stderr (#819/#820/#823): {stderr}" + "compact json should not emit JSON envelope to stderr (#819/#820/#823): {stderr}" ); let stdout = String::from_utf8(output.stdout).expect("stdout should be utf8"); let parsed: Value = @@ -356,6 +470,39 @@ fn run_claw( command.output().expect("claw should launch") } +fn run_claw_with_stdin( + cwd: &std::path::Path, + config_home: &std::path::Path, + home: &std::path::Path, + base_url: &str, + args: &[&str], + stdin: &str, +) -> Output { + let mut child = Command::new(env!("CARGO_BIN_EXE_claw")) + .current_dir(cwd) + .env_clear() + .env("ANTHROPIC_API_KEY", "test-compact-key") + .env("ANTHROPIC_BASE_URL", base_url) + .env("CLAW_CONFIG_HOME", config_home) + .env("HOME", home) + .env("NO_COLOR", "1") + .env("PATH", "/usr/bin:/bin") + .stdin(Stdio::piped()) + .stdout(Stdio::piped()) + .stderr(Stdio::piped()) + .args(args) + .spawn() + .expect("claw should launch"); + child + .stdin + .as_mut() + .expect("stdin should be piped") + .write_all(stdin.as_bytes()) + .expect("stdin should write"); + child.stdin.take(); + child.wait_with_output().expect("output should collect") +} + fn run_claw_closed_stdin_with_timeout( cwd: &std::path::Path, config_home: &std::path::Path, diff --git a/rust/crates/rusty-claude-cli/tests/output_format_contract.rs b/rust/crates/rusty-claude-cli/tests/output_format_contract.rs index 240884bf..091ff59e 100644 --- a/rust/crates/rusty-claude-cli/tests/output_format_contract.rs +++ b/rust/crates/rusty-claude-cli/tests/output_format_contract.rs @@ -5,7 +5,7 @@ use std::sync::atomic::{AtomicU64, Ordering}; use std::time::{SystemTime, UNIX_EPOCH}; use runtime::Session; -use serde_json::Value; +use serde_json::{json, Value}; static TEMP_COUNTER: AtomicU64 = AtomicU64::new(0); @@ -24,6 +24,13 @@ fn help_emits_json_when_requested() { .as_str() .expect("help text") .contains("Usage:")); + assert!( + parsed["message"] + .as_str() + .expect("help text") + .contains("--cwd PATH, -C PATH, --directory PATH"), + "help JSON should document global cwd override (#429): {parsed}" + ); } #[test] @@ -103,6 +110,8 @@ fn assert_doctor_help_json_contract(parsed: &Value) { let checks = parsed["check_names"].as_array().expect("check_names"); assert!(checks.iter().any(|check| check == "auth")); assert!(checks.iter().any(|check| check == "boot preflight")); + assert!(checks.iter().any(|check| check == "memory")); + assert!(checks.iter().any(|check| check == "mcp validation")); } #[test] @@ -124,6 +133,133 @@ fn doctor_help_text_stays_plaintext_and_local_702() { serde_json::from_str::(&stdout).expect_err("text help should remain plaintext"); } +#[test] +fn resume_session_compact_help_short_circuits_before_config_or_auth_427() { + let root = unique_temp_dir("session-help-local-427"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(root.join(".claw")).expect("project config dir should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + fs::write(root.join(".claw").join("settings.json"), "{").expect("broken config should write"); + + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ("ANTHROPIC_API_KEY", ""), + ("ANTHROPIC_AUTH_TOKEN", ""), + ("OPENAI_API_KEY", ""), + ]; + + let text_cases: &[(&[&str], &str)] = &[ + (&["resume", "--help"], "Resume\n"), + (&["--resume", "--help"], "Resume\n"), + (&["session", "--help"], "Session\n"), + (&["compact", "--help"], "Compact\n"), + ]; + for (args, heading) in text_cases { + let output = run_claw(&root, args, &envs); + assert!( + output.status.success(), + "{args:?} should exit 0 before auth/config; stdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&output.stdout), + String::from_utf8_lossy(&output.stderr) + ); + let stdout = String::from_utf8_lossy(&output.stdout); + let stderr = String::from_utf8_lossy(&output.stderr); + assert!(stdout.starts_with(heading), "{args:?} stdout: {stdout}"); + assert!(stdout.contains("Usage"), "{args:?} stdout: {stdout}"); + assert!( + !stdout.contains("missing_credentials") && !stderr.contains("missing_credentials"), + "{args:?} must not hit provider auth: stdout={stdout:?} stderr={stderr:?}" + ); + assert!( + !stdout.contains("config_parse_error") && stderr.is_empty(), + "{args:?} must not load broken config: stdout={stdout:?} stderr={stderr:?}" + ); + serde_json::from_str::(&stdout).expect_err("text help should remain plaintext"); + } + + let json_cases: &[(&[&str], &str)] = &[ + (&["resume", "--help", "--output-format", "json"], "resume"), + (&["--resume", "--help", "--output-format", "json"], "resume"), + (&["session", "--help", "--output-format", "json"], "session"), + (&["compact", "--help", "--output-format", "json"], "compact"), + ]; + for (args, topic) in json_cases { + let parsed = assert_json_command_with_env(&root, args, &envs); + assert_eq!(parsed["kind"], "help", "{args:?}: {parsed}"); + assert_eq!(parsed["status"], "ok", "{args:?}: {parsed}"); + assert_eq!(parsed["topic"], *topic, "{args:?}: {parsed}"); + assert!( + parsed["message"] + .as_str() + .is_some_and(|message| message.contains("Usage")), + "{args:?} should include static usage text: {parsed}" + ); + } +} + +#[test] +fn resume_missing_session_json_reports_local_store_before_auth_427() { + let root = unique_temp_dir("resume-missing-local-427"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(&root).expect("temp dir should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ("ANTHROPIC_API_KEY", ""), + ("ANTHROPIC_AUTH_TOKEN", ""), + ("OPENAI_API_KEY", ""), + ]; + + let output = run_claw( + &root, + &[ + "resume", + "definitely-missing-session", + "--output-format", + "json", + ], + &envs, + ); + assert_eq!( + output.status.code(), + Some(1), + "missing session should exit 1" + ); + let stdout = String::from_utf8_lossy(&output.stdout); + let stderr = String::from_utf8_lossy(&output.stderr); + assert!( + stderr.is_empty(), + "JSON missing-session stderr should be empty: {stderr:?}" + ); + assert!( + !stdout.contains("missing_credentials") && !stderr.contains("missing_credentials"), + "missing session must not reach provider auth: stdout={stdout:?} stderr={stderr:?}" + ); + let parsed: Value = serde_json::from_str(stdout.trim()) + .unwrap_or_else(|_| panic!("resume missing session must emit JSON, got: {stdout:?}")); + assert_eq!(parsed["error_kind"], "session_not_found", "{parsed}"); + assert_eq!(parsed["action"], "restore", "{parsed}"); + assert!( + parsed["sessions_dir"] + .as_str() + .is_some_and(|path| path.contains(".claw") && path.contains("sessions")), + "missing-session JSON should expose the searched sessions_dir: {parsed}" + ); +} + #[test] fn version_emits_json_when_requested() { let root = unique_temp_dir("version-json"); @@ -136,14 +272,155 @@ fn version_emits_json_when_requested() { "version JSON must have action:show (#711)" ); assert_eq!(parsed["version"], env!("CARGO_PKG_VERSION")); - // Provenance fields must be present for binary identification (#507). + // Provenance fields must be present for binary identification (#507/#437). + assert!( + parsed.get("message").is_none(), + "version JSON should not duplicate the text report in legacy message; use human_readable instead: {parsed}" + ); + assert!( + parsed["human_readable"] + .as_str() + .is_some_and(|text| text.contains("Claw Code")), + "version JSON should keep text output only in human_readable: {parsed}" + ); + let git_sha = parsed["git_sha"] + .as_str() + .expect("git_sha must be the full build commit SHA in version JSON"); + assert_eq!(git_sha.len(), 40, "git_sha must not be truncated: {parsed}"); + assert!( + git_sha.chars().all(|ch| ch.is_ascii_hexdigit()), + "git_sha must be a hex commit id: {parsed}" + ); + let git_sha_short = parsed["git_sha_short"] + .as_str() + .expect("version JSON should expose the short SHA as a separate derived field"); + assert!( + git_sha.starts_with(git_sha_short), + "git_sha_short should derive from git_sha: {parsed}" + ); + assert!( + parsed["is_dirty"].is_boolean(), + "is_dirty should be boolean: {parsed}" + ); + assert!( + parsed["branch"].is_string() || parsed["branch"].is_null(), + "branch should be string|null: {parsed}" + ); + assert!( + parsed["commit_date"] + .as_str() + .is_some_and(|date| date != "unknown" && date.contains('T')), + "commit_date should be an ISO-8601 commit timestamp string: {parsed}" + ); + assert!( + parsed["commit_timestamp"].as_i64().is_some_and(|ts| ts > 0), + "commit_timestamp should be a positive Unix timestamp: {parsed}" + ); + assert!( + parsed["rustc_version"] + .as_str() + .is_some_and(|version| version.starts_with("rustc ")), + "rustc_version should identify the compiler: {parsed}" + ); assert!( parsed["build_date"].is_string(), "build_date must be a string in version JSON" ); assert!( - parsed["executable_path"].is_string(), - "executable_path must be a string in version JSON so callers can identify which binary is running" + parsed["executable_path"].as_str().is_some_and(|path| !path.is_empty()), + "executable_path must be a runtime path string so callers can identify which binary is running" + ); + let binary_provenance = parsed["binary_provenance"] + .as_object() + .expect("version JSON must include binary_provenance object (#797/#437)"); + assert!(matches!( + binary_provenance["status"].as_str(), + Some("known" | "unknown") + )); + for key in [ + "git_sha", + "git_sha_short", + "is_dirty", + "branch", + "commit_date", + "commit_timestamp", + "rustc_version", + "target", + "build_date", + "executable_path", + ] { + assert_eq!( + binary_provenance[key], parsed[key], + "binary_provenance.{key} should mirror top-level version field" + ); + } + assert!( + binary_provenance["hint"].is_string() || binary_provenance["hint"].is_null(), + "binary provenance must classify missing/stale lineage with a structured hint field" + ); +} + +#[test] +fn version_status_doctor_include_binary_provenance_797() { + let root = git_temp_dir("binary-provenance-797"); + fs::write(root.join("tracked.txt"), "v1").expect("write tracked file"); + let git_commands: &[&[&str]] = &[ + &["config", "user.email", "test@claw.test"], + &["config", "user.name", "Test"], + &["add", "tracked.txt"], + &["commit", "-m", "init"], + ]; + for args in git_commands { + let output = Command::new("git") + .args(*args) + .current_dir(&root) + .output() + .expect("git fixture command should launch"); + assert!( + output.status.success(), + "git fixture command failed: {args:?}\nstdout:\n{}\nstderr:\n{}", + String::from_utf8_lossy(&output.stdout), + String::from_utf8_lossy(&output.stderr) + ); + } + + let version = assert_json_command(&root, &["--output-format", "json", "version"]); + assert_eq!(version["kind"], "version"); + assert!(matches!( + version["binary_provenance"]["status"].as_str(), + Some("known" | "unknown") + )); + assert!(version["binary_provenance"]["workspace_git_sha"].is_string()); + assert!( + version["binary_provenance"]["workspace_match"].is_boolean() + || version["binary_provenance"]["workspace_match"].is_null() + ); + let workspace_git_sha = version["binary_provenance"]["workspace_git_sha"] + .as_str() + .expect("workspace git sha should be a string"); + assert_eq!( + workspace_git_sha.len(), + 40, + "workspace_git_sha should be a full SHA, not a truncated prefix: {version}" + ); + + let status = assert_json_command(&root, &["--output-format", "json", "status"]); + assert_eq!(status["kind"], "status"); + assert_eq!( + status["binary_provenance"]["workspace_git_sha"], + version["binary_provenance"]["workspace_git_sha"] + ); + + let doctor = assert_json_command(&root, &["--output-format", "json", "doctor"]); + let system = doctor["checks"] + .as_array() + .expect("doctor checks") + .iter() + .find(|check| check["name"] == "system") + .expect("system check"); + assert_eq!( + system["binary_provenance"]["workspace_git_sha"], + version["binary_provenance"]["workspace_git_sha"] ); } @@ -161,6 +438,52 @@ fn status_and_sandbox_emit_json_when_requested() { assert!(sandbox["filesystem_mode"].as_str().is_some()); } +// #831: direct resume-safe slash commands should use the same local CliAction +// JSON surfaces as their bare subcommands, not interactive_only guidance. +#[test] +fn direct_resume_safe_slash_commands_route_to_local_json_actions_831() { + let root = unique_temp_dir("direct-resume-safe-slash-831"); + fs::create_dir_all(&root).expect("temp dir should exist"); + Command::new("git") + .args(["init", "-q"]) + .current_dir(&root) + .output() + .expect("git init should launch"); + + for (command, expected_kind, expected_status) in [ + ("/version", "version", "ok"), + ("/sandbox", "sandbox", "warn"), + ("/diff", "diff", "ok"), + ("/status", "status", "ok"), + ] { + let output = run_claw(&root, &["--output-format", "json", command], &[]); + assert!( + output.status.success(), + "{command} should route to a local CliAction, stdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&output.stdout), + String::from_utf8_lossy(&output.stderr) + ); + let stdout = String::from_utf8_lossy(&output.stdout); + let stderr = String::from_utf8_lossy(&output.stderr); + let parsed: Value = serde_json::from_str(stdout.trim()) + .unwrap_or_else(|_| panic!("{command} must emit JSON (#831), got: {stdout:?}")); + + assert_eq!(parsed["kind"], expected_kind, "{command} kind: {parsed}"); + assert_eq!( + parsed["status"], expected_status, + "{command} status: {parsed}" + ); + assert_ne!( + parsed["error_kind"], "interactive_only", + "{command} must not emit interactive_only (#831): {parsed}" + ); + assert!( + stderr.is_empty(), + "{command} JSON mode must keep stderr empty (#831): {stderr:?}" + ); + } +} + #[test] fn status_json_surfaces_permission_mode_override_for_security_audit() { let root = unique_temp_dir("status-json-permission-mode"); @@ -187,6 +510,331 @@ fn status_json_surfaces_permission_mode_override_for_security_audit() { fs::remove_dir_all(root).expect("cleanup temp dir"); } +#[test] +fn default_permission_mode_is_workspace_write_and_audited_428() { + let root = unique_temp_dir("default-permission-mode-428"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(&root).expect("temp dir should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ("RUSTY_CLAUDE_PERMISSION_MODE", ""), + ]; + + let status = assert_json_command_with_env(&root, &["--output-format", "json", "status"], &envs); + assert_eq!(status["permission_mode"], "workspace-write"); + assert_eq!(status["permission_mode_source"], "default"); + + let doctor = assert_json_command_with_env(&root, &["--output-format", "json", "doctor"], &envs); + let permissions = doctor["checks"] + .as_array() + .expect("doctor checks") + .iter() + .find(|check| check["name"] == "permissions") + .expect("permissions check"); + assert_eq!(permissions["status"], "ok"); + assert_eq!(permissions["mode"], "workspace-write"); + assert_eq!(permissions["source"], "default"); + assert_eq!( + permissions["message"], + "default permission mode is workspace-write" + ); +} + +#[test] +fn explicit_danger_permission_mode_is_audited_and_alias_supported_428() { + let root = unique_temp_dir("danger-permission-mode-428"); + fs::create_dir_all(&root).expect("temp dir should exist"); + + let status = assert_json_command( + &root, + &["--skip-permissions", "--output-format", "json", "status"], + ); + assert_eq!(status["permission_mode"], "danger-full-access"); + assert_eq!(status["permission_mode_source"], "flag"); + + let doctor = assert_json_command( + &root, + &[ + "--permission-mode", + "danger-full-access", + "--output-format", + "json", + "doctor", + ], + ); + let permissions = doctor["checks"] + .as_array() + .expect("doctor checks") + .iter() + .find(|check| check["name"] == "permissions") + .expect("permissions check"); + assert_eq!(permissions["status"], "ok"); + assert_eq!(permissions["mode"], "danger-full-access"); + assert_eq!(permissions["source"], "flag"); + assert_eq!(permissions["source_explicit"], true); +} + +#[test] +fn invalid_permission_mode_json_is_typed_428() { + let root = unique_temp_dir("invalid-permission-mode-428"); + fs::create_dir_all(&root).expect("temp dir should exist"); + + let output = run_claw( + &root, + &[ + "--permission-mode", + "bogus-mode", + "status", + "--output-format", + "json", + ], + &[], + ); + assert_eq!(output.status.code(), Some(1)); + let stdout = String::from_utf8_lossy(&output.stdout); + let stderr = String::from_utf8_lossy(&output.stderr); + let parsed: Value = serde_json::from_str(stdout.trim()) + .unwrap_or_else(|_| panic!("invalid permission mode must emit JSON, got: {stdout:?}")); + assert_eq!(parsed["error_kind"], "invalid_permission_mode"); + assert_eq!(parsed["kind"], "invalid_permission_mode"); + assert!( + stderr.is_empty(), + "JSON error stderr should be empty: {stderr:?}" + ); +} + +#[test] +fn global_cwd_flag_routes_status_workspace_and_short_alias_429() { + let parent = unique_temp_dir("global-cwd-parent-429"); + let workspace = parent.join("workspace"); + let launcher = parent.join("launcher"); + fs::create_dir_all(&workspace).expect("workspace dir should exist"); + fs::create_dir_all(&launcher).expect("launcher dir should exist"); + + let workspace_str = workspace.to_str().expect("utf8 workspace"); + let expected_cwd = fs::canonicalize(&workspace) + .expect("workspace should canonicalize") + .display() + .to_string(); + let status = assert_json_command( + &launcher, + &["--cwd", workspace_str, "--output-format", "json", "status"], + ); + assert_eq!(status["kind"], "status"); + assert_eq!(status["workspace"]["cwd"], expected_cwd); + + let short_status = assert_json_command( + &launcher, + &["-C", workspace_str, "status", "--output-format", "json"], + ); + assert_eq!(short_status["workspace"]["cwd"], expected_cwd); + + let directory_status = assert_json_command( + &launcher, + &[ + "--directory", + workspace_str, + "--output-format=json", + "status", + ], + ); + assert_eq!(directory_status["workspace"]["cwd"], expected_cwd); +} + +#[test] +fn global_cwd_flag_reports_typed_invalid_paths_429() { + let root = unique_temp_dir("global-cwd-invalid-429"); + let file = root.join("not-a-directory"); + fs::create_dir_all(&root).expect("root dir should exist"); + fs::write(&file, "not a dir").expect("file fixture should write"); + + let missing = root.join("missing"); + let output = run_claw( + &root, + &[ + "--cwd", + missing.to_str().expect("utf8 missing path"), + "status", + "--output-format", + "json", + ], + &[], + ); + assert_eq!(output.status.code(), Some(1)); + let stdout = String::from_utf8_lossy(&output.stdout); + let parsed: Value = serde_json::from_str(stdout.trim()) + .unwrap_or_else(|_| panic!("invalid cwd should emit JSON, got: {stdout:?}")); + assert_eq!(parsed["kind"], "invalid_cwd"); + assert_eq!(parsed["error_kind"], "invalid_cwd"); + assert_eq!(parsed["reason"], "not_found"); + assert_eq!(parsed["path"], missing.to_str().expect("utf8 missing path")); + assert!(output.stderr.is_empty()); + + let file_output = run_claw( + &root, + &[ + "--cwd", + file.to_str().expect("utf8 file path"), + "status", + "--output-format=json", + ], + &[], + ); + assert_eq!(file_output.status.code(), Some(1)); + let file_stdout = String::from_utf8_lossy(&file_output.stdout); + let file_json: Value = serde_json::from_str(file_stdout.trim()) + .unwrap_or_else(|_| panic!("file cwd should emit JSON, got: {file_stdout:?}")); + assert_eq!(file_json["kind"], "invalid_cwd"); + assert_eq!(file_json["reason"], "not_a_directory"); + + let empty_output = run_claw(&root, &["--cwd", "", "status", "--output-format=json"], &[]); + assert_eq!(empty_output.status.code(), Some(1)); + let empty_stdout = String::from_utf8_lossy(&empty_output.stdout); + let empty_json: Value = serde_json::from_str(empty_stdout.trim()) + .unwrap_or_else(|_| panic!("empty cwd should emit JSON, got: {empty_stdout:?}")); + assert_eq!(empty_json["kind"], "invalid_cwd"); + assert_eq!(empty_json["reason"], "empty"); +} + +#[test] +fn export_invalid_output_path_reports_typed_json_430() { + let root = unique_temp_dir("export-invalid-output-430"); + fs::create_dir_all(&root).expect("temp dir should exist"); + + let missing_relative = "missing/transcript.md"; + let missing_output = run_claw( + &root, + &["--output-format", "json", "export", missing_relative], + &[], + ); + assert_eq!(missing_output.status.code(), Some(1)); + assert!( + missing_output.stderr.is_empty(), + "invalid export path JSON should keep stderr empty, got:\n{}", + String::from_utf8_lossy(&missing_output.stderr) + ); + let missing_stdout = String::from_utf8_lossy(&missing_output.stdout); + let missing_json: Value = serde_json::from_str(missing_stdout.trim()).unwrap_or_else(|_| { + panic!("invalid export path should emit JSON, got: {missing_stdout:?}") + }); + assert_eq!(missing_json["kind"], "invalid_output_path"); + assert_eq!(missing_json["error_kind"], "invalid_output_path"); + assert_eq!(missing_json["reason"], "parent_not_found"); + assert_eq!(missing_json["path"], missing_relative); + + let directory = root.join("existing-directory"); + fs::create_dir_all(&directory).expect("directory fixture should exist"); + let directory_output = run_claw( + &root, + &[ + "--output-format=json", + "export", + "--output", + directory.to_str().expect("utf8 directory path"), + ], + &[], + ); + assert_eq!(directory_output.status.code(), Some(1)); + assert!(directory_output.stderr.is_empty()); + let directory_stdout = String::from_utf8_lossy(&directory_output.stdout); + let directory_json: Value = + serde_json::from_str(directory_stdout.trim()).unwrap_or_else(|_| { + panic!("directory export path should emit JSON, got: {directory_stdout:?}") + }); + assert_eq!(directory_json["kind"], "invalid_output_path"); + assert_eq!(directory_json["error_kind"], "invalid_output_path"); + assert_eq!(directory_json["reason"], "path_is_directory"); + assert_eq!( + directory_json["path"], + directory.to_str().expect("utf8 directory path") + ); +} + +#[test] +fn status_json_accepts_namespaced_model_env_and_surfaces_alias_426() { + let root = unique_temp_dir("status-model-env-426"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(&root).expect("temp dir should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ("CLAW_MODEL", "opus"), + ("ANTHROPIC_MODEL", ""), + ("ANTHROPIC_DEFAULT_MODEL", ""), + ]; + let parsed = assert_json_command_with_env(&root, &["--output-format", "json", "status"], &envs); + + assert_eq!(parsed["status"], "ok"); + assert_eq!(parsed["model"], "anthropic/claude-opus-4-7"); + assert_eq!(parsed["model_source"], "env"); + assert_eq!(parsed["model_raw"], "opus"); + assert_eq!( + parsed["model_alias_resolved_to"], + "anthropic/claude-opus-4-7" + ); + assert_eq!(parsed["model_env_var"], "CLAW_MODEL"); +} + +#[test] +fn status_json_warns_on_invalid_model_env_426() { + let root = unique_temp_dir("status-invalid-model-env-426"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(&root).expect("temp dir should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ("CLAW_MODEL", ""), + ("ANTHROPIC_MODEL", "bogus-model-xyz"), + ("ANTHROPIC_DEFAULT_MODEL", ""), + ]; + let output = run_claw(&root, &["--output-format", "json", "status"], &envs); + assert!( + output.status.success(), + "invalid env model should produce status warn, not process abort; stdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&output.stdout), + String::from_utf8_lossy(&output.stderr) + ); + let parsed: Value = serde_json::from_slice(&output.stdout).expect("stdout valid json"); + + assert_eq!(parsed["kind"], "status"); + assert_eq!(parsed["status"], "warn"); + assert_eq!(parsed["model"], Value::Null); + assert_eq!(parsed["model_validation_error_kind"], "invalid_model"); + assert_eq!(parsed["error_kind"], "invalid_model"); + assert!( + parsed["model_validation_error"] + .as_str() + .is_some_and(|message| message.contains("ANTHROPIC_MODEL") + && message.contains("bogus-model-xyz")), + "warning should name env var and raw model: {parsed}" + ); + assert!( + parsed["workspace"].is_object(), + "status warning should keep local context: {parsed}" + ); +} + #[test] fn acp_guidance_emits_json_when_requested() { let root = unique_temp_dir("acp-json"); @@ -624,25 +1272,159 @@ fn bootstrap_and_system_prompt_emit_json_when_requested() { .contains("interactive agent")); } +#[test] +fn memory_files_load_claude_claw_agents_and_surface_json_438() { + let root = unique_temp_dir("memory-files-438"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(&root).expect("temp dir should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + fs::write(root.join("CLAUDE.md"), "MARKER-FROM-CLAUDE-MD\n").expect("write CLAUDE.md"); + fs::write(root.join("CLAW.md"), "MARKER-FROM-CLAW-MD\n").expect("write CLAW.md"); + fs::write(root.join("AGENTS.md"), "MARKER-FROM-AGENTS-MD\n").expect("write AGENTS.md"); + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ]; + + let status = assert_json_command_with_env(&root, &["--output-format", "json", "status"], &envs); + assert_eq!(status["workspace"]["memory_file_count"], 3); + let memory_files = status["workspace"]["memory_files"] + .as_array() + .expect("status memory files"); + let sources = memory_files + .iter() + .map(|file| file["source"].as_str().expect("memory source")) + .collect::>(); + assert_eq!(sources, vec!["claude_md", "claw_md", "agents_md"]); + assert!(memory_files + .iter() + .all(|file| file["path"].as_str().is_some())); + assert!(memory_files + .iter() + .all(|file| file["chars"].as_u64().unwrap_or(0) > 0)); + assert!(memory_files + .iter() + .all(|file| file["contributes"].as_bool() == Some(true))); + assert!(memory_files + .iter() + .all(|file| file["origin"].as_str() == Some("workspace"))); + assert!(memory_files + .iter() + .all(|file| file["scope_path"].as_str().is_some())); + assert!(memory_files + .iter() + .all(|file| file["outside_project"].as_bool() == Some(false))); + + let prompt = + assert_json_command_with_env(&root, &["--output-format", "json", "system-prompt"], &envs); + let message = prompt["message"].as_str().expect("prompt message"); + assert!(message.contains("MARKER-FROM-CLAUDE-MD")); + assert!(message.contains("MARKER-FROM-CLAW-MD")); + assert!(message.contains("MARKER-FROM-AGENTS-MD")); + assert_eq!(prompt["memory_file_count"], 3); + assert_eq!(prompt["memory_files"][1]["source"], "claw_md"); + + let doctor = assert_json_command_with_env(&root, &["--output-format", "json", "doctor"], &envs); + let memory = doctor["checks"] + .as_array() + .expect("doctor checks") + .iter() + .find(|check| check["name"] == "memory") + .expect("memory check"); + assert_eq!(memory["status"], "ok"); + assert_eq!(memory["memory_file_count"], 3); + assert_eq!(memory["memory_files"][2]["source"], "agents_md"); + assert!(memory["unloaded_memory_files"] + .as_array() + .expect("unloaded memory files") + .is_empty()); +} + +#[test] +fn memory_discovery_stops_at_git_root_and_reports_origins_439() { + let root = unique_temp_dir("memory-boundary-439"); + let repo = root.join("repo"); + let nested = repo.join("subproj").join("deep").join("nest"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(&nested).expect("nested dir should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + Command::new("git") + .args(["init", "-q"]) + .current_dir(&repo) + .output() + .expect("git init should launch"); + fs::write(root.join("CLAUDE.md"), "PARENT_CLAUDE").expect("write parent"); + fs::write(repo.join("CLAUDE.md"), "REPO_CLAUDE").expect("write repo"); + fs::write(repo.join("subproj").join("CLAUDE.md"), "CHILD_CLAUDE").expect("write child"); + fs::write( + repo.join("subproj").join("deep").join("CLAUDE.md"), + "DEEP_CLAUDE", + ) + .expect("write deep"); + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ]; + + let status = + assert_json_command_with_env(&nested, &["--output-format", "json", "status"], &envs); + assert_eq!(status["workspace"]["memory_file_count"], 3); + let memory_files = status["workspace"]["memory_files"] + .as_array() + .expect("memory files"); + let origins = memory_files + .iter() + .map(|file| file["origin"].as_str().expect("origin")) + .collect::>(); + assert_eq!(origins, vec!["ancestor", "ancestor", "parent_dir"]); + let serialized = serde_json::to_string(memory_files).expect("memory files serialize"); + assert!(!serialized.contains("PARENT_CLAUDE")); + assert!(!serialized.contains(root.join("CLAUDE.md").to_str().expect("parent path"))); + + let prompt = assert_json_command_with_env( + &nested, + &["--output-format", "json", "system-prompt"], + &envs, + ); + let message = prompt["message"].as_str().expect("prompt message"); + assert!(!message.contains("PARENT_CLAUDE")); + assert!(message.contains("REPO_CLAUDE")); + assert!(message.contains("CHILD_CLAUDE")); + assert!(message.contains("DEEP_CLAUDE")); + assert_eq!(prompt["memory_files"][0]["origin"], "ancestor"); +} + #[test] fn dump_manifests_and_init_emit_json_when_requested() { let root = unique_temp_dir("manifest-init-json"); fs::create_dir_all(&root).expect("temp dir should exist"); - let upstream = write_upstream_fixture(&root); - let manifests = assert_json_command( - &root, - &[ - "--output-format", - "json", - "dump-manifests", - "--manifests-dir", - upstream.to_str().expect("utf8 upstream"), - ], - ); + let manifests = assert_json_command(&root, &["--output-format", "json", "dump-manifests"]); assert_eq!(manifests["kind"], "dump-manifests"); - assert_eq!(manifests["commands"], 1); - assert_eq!(manifests["tools"], 1); + assert_eq!(manifests["status"], "ok"); + assert_eq!(manifests["source"], "rust-resolver"); + assert!(manifests["commands"].as_u64().expect("commands count") > 0); + assert!(manifests["tools"].as_u64().expect("tools count") > 0); + assert!(manifests["command_manifests"] + .as_array() + .expect("command manifests") + .iter() + .any(|entry| entry["name"] == "status")); + assert!(manifests["tool_manifests"] + .as_array() + .expect("tool manifests") + .iter() + .any(|entry| entry["name"] == "read_file")); let workspace = root.join("workspace"); fs::create_dir_all(&workspace).expect("workspace should exist"); @@ -671,9 +1453,13 @@ fn doctor_and_resume_status_emit_json_when_requested() { assert!(summary["ok"].as_u64().is_some()); assert!(summary["warnings"].as_u64().is_some()); assert!(summary["failures"].as_u64().is_some()); + assert_eq!(doctor["allowed_tools"]["aliases"]["WebFetch"], "web_fetch"); + assert!(doctor["allowed_tools"]["available"] + .as_array() + .is_some_and(|available| available.iter().any(|name| name == "web_fetch"))); let checks = doctor["checks"].as_array().expect("doctor checks"); - assert_eq!(checks.len(), 7); + assert_eq!(checks.len(), 10); let check_names = checks .iter() .map(|check| { @@ -694,10 +1480,13 @@ fn doctor_and_resume_status_emit_json_when_requested() { vec![ "auth", "config", + "mcp validation", "install source", "workspace", + "memory", "boot preflight", "sandbox", + "permissions", "system" ] ); @@ -721,6 +1510,17 @@ fn doctor_and_resume_status_emit_json_when_requested() { .expect("workspace check"); assert!(workspace["cwd"].as_str().is_some()); assert!(workspace["in_git_repo"].is_boolean()); + let status = assert_json_command(&root, &["--output-format", "json", "status"]); + assert_eq!(status["kind"], "status"); + assert!(matches!( + status["binary_provenance"]["status"].as_str(), + Some("known" | "unknown") + )); + assert!(status["binary_provenance"]["executable_path"].is_string()); + assert!( + status["binary_provenance"]["workspace_match"].is_boolean() + || status["binary_provenance"]["workspace_match"].is_null() + ); let boot_preflight = checks .iter() @@ -754,6 +1554,14 @@ fn doctor_and_resume_status_emit_json_when_requested() { assert!(sandbox["enabled"].is_boolean()); assert!(sandbox["fallback_reason"].is_null() || sandbox["fallback_reason"].is_string()); + let system = checks + .iter() + .find(|check| check["name"] == "system") + .expect("system check"); + assert!(matches!( + system["binary_provenance"]["status"].as_str(), + Some("known" | "unknown") + )); let session_path = write_session_fixture(&root, "resume-json", Some("hello")); let resumed = assert_json_command( &root, @@ -913,6 +1721,11 @@ fn resumed_version_and_init_emit_structured_json_when_requested() { ); assert_eq!(version["kind"], "version"); assert_eq!(version["version"], env!("CARGO_PKG_VERSION")); + assert!( + version.get("message").is_none(), + "resumed /version JSON should not include legacy prose message: {version}" + ); + assert!(version["human_readable"].as_str().is_some()); let init = assert_json_command( &root, @@ -1011,6 +1824,12 @@ fn mcp_json_reports_required_optional_and_redacts_secret_values() { assert_eq!(list["action"], "list"); assert_eq!(list["status"], "ok"); assert_eq!(list["configured_servers"], 2); + assert_eq!(list["total_configured"], 2); + assert_eq!(list["valid_count"], 2); + assert_eq!(list["invalid_count"], 0); + assert!(list["invalid_servers"] + .as_array() + .is_some_and(Vec::is_empty)); let servers = list["servers"].as_array().expect("servers array"); let required = servers .iter() @@ -1021,6 +1840,8 @@ fn mcp_json_reports_required_optional_and_redacts_secret_values() { .find(|server| server["name"] == "optional-remote") .expect("optional remote server should be listed"); assert_eq!(required["required"], true); + assert_eq!(required["valid"], true); + assert_eq!(optional["valid"], true); assert_eq!(optional["required"], false); assert_eq!(required["details"]["env_keys"][0], "TOKEN"); assert_eq!(optional["details"]["header_keys"][0], "Authorization"); @@ -1039,6 +1860,10 @@ fn mcp_json_reports_required_optional_and_redacts_secret_values() { assert_eq!(show["action"], "show"); assert_eq!(show["status"], "ok"); assert_eq!(show["server"]["required"], false); + assert_eq!(show["server"]["valid"], true); + assert_eq!(show["total_configured"], 2); + assert_eq!(show["valid_count"], 2); + assert_eq!(show["invalid_count"], 0); assert_eq!(show["server"]["details"]["header_keys"][0], "Authorization"); let show_text = serde_json::to_string(&show).expect("mcp show json should serialize"); assert!(!show_text.contains("secret-header-value")); @@ -1048,18 +1873,29 @@ fn mcp_json_reports_required_optional_and_redacts_secret_values() { #[test] fn mcp_degraded_config_and_failed_usage_are_distinct_json_contracts() { let root = unique_temp_dir("mcp-degraded-vs-failed"); + let workspace = root.join("workspace"); let config_home = root.join("config-home"); let home = root.join("home"); - fs::create_dir_all(&root).expect("workspace should exist"); + fs::create_dir_all(&workspace).expect("workspace should exist"); fs::create_dir_all(&config_home).expect("config home should exist"); fs::create_dir_all(&home).expect("home should exist"); fs::write( - root.join(".claw.json"), + workspace.join(".claw.json"), r#"{ "mcpServers": { + "valid-server": { + "command": "/bin/echo", + "args": ["hello"] + }, "missing-command": { "args": ["arg-only-no-command"], "required": true + }, + "empty-command": { + "command": "" + }, + "wrong-type-command": { + "command": 42 } } }"#, @@ -1073,18 +1909,56 @@ fn mcp_degraded_config_and_failed_usage_are_distinct_json_contracts() { ("HOME", home.to_str().expect("home")), ]; - let degraded = assert_json_command_with_env(&root, &["--output-format", "json", "mcp"], &envs); + let degraded = + assert_json_command_with_env(&workspace, &["--output-format", "json", "mcp"], &envs); assert_eq!(degraded["kind"], "mcp"); assert_eq!(degraded["action"], "list"); assert_eq!(degraded["status"], "degraded"); - assert!(degraded["config_load_error"] + assert!(degraded["config_load_error"].is_null()); + assert_eq!(degraded["configured_servers"], 1); + assert_eq!(degraded["total_configured"], 4); + assert_eq!(degraded["valid_count"], 1); + assert_eq!(degraded["invalid_count"], 3); + assert_eq!(degraded["servers"][0]["name"], "valid-server"); + assert_eq!(degraded["servers"][0]["valid"], true); + assert_eq!(degraded["invalid_servers"][0]["name"], "empty-command"); + assert_eq!(degraded["invalid_servers"][0]["error_field"], "command"); + assert!(degraded["invalid_servers"][0]["reason"] .as_str() - .is_some_and(|error| error.contains("mcpServers.missing-command"))); - assert_eq!(degraded["configured_servers"], 0); - assert!(degraded["servers"].as_array().expect("servers").is_empty()); + .is_some_and(|error| error.contains("non-empty string"))); + assert_eq!(degraded["invalid_servers"][1]["name"], "missing-command"); + assert_eq!(degraded["invalid_servers"][1]["error_field"], "command"); + assert!(degraded["invalid_servers"][1]["reason"] + .as_str() + .is_some_and(|error| error.contains("missing string field command"))); + assert_eq!(degraded["invalid_servers"][2]["name"], "wrong-type-command"); + assert_eq!(degraded["invalid_servers"][2]["error_field"], "command"); + + let status = + assert_json_command_with_env(&workspace, &["--output-format", "json", "status"], &envs); + assert_eq!(status["status"], "degraded"); + assert!(status["config_load_error"].is_null()); + assert_eq!(status["mcp_validation"]["total_configured"], 4); + assert_eq!(status["mcp_validation"]["valid_count"], 1); + assert_eq!(status["mcp_validation"]["invalid_count"], 3); + + let doctor = + assert_json_command_with_env(&workspace, &["--output-format", "json", "doctor"], &envs); + let mcp_validation = doctor["checks"] + .as_array() + .expect("doctor checks") + .iter() + .find(|check| check["name"] == "mcp validation") + .expect("mcp validation check"); + assert_eq!(mcp_validation["status"], "warn"); + assert_eq!(mcp_validation["invalid_count"], 3); + assert_eq!( + mcp_validation["invalid_servers"][0]["name"], + "empty-command" + ); let failed_output = run_claw( - &root, + &workspace, &["--output-format", "json", "mcp", "list", "extra"], &envs, ); @@ -1119,7 +1993,6 @@ fn local_json_surfaces_have_non_empty_action_contract_714() { let session_path = write_session_fixture(&workspace, "action-sweep-export", Some("export me")); let export_output = root.join("export.md"); - let upstream = write_upstream_fixture(&root); let git_init = Command::new("git") .arg("init") .current_dir(&git_workspace) @@ -1157,13 +2030,7 @@ fn local_json_surfaces_have_non_empty_action_contract_714() { ), ( &workspace, - vec![ - "--output-format".into(), - "json".into(), - "dump-manifests".into(), - "--manifests-dir".into(), - upstream.to_str().expect("upstream utf8").into(), - ], + strings(&["--output-format", "json", "dump-manifests"]), ), ( &workspace, @@ -1320,8 +2187,273 @@ fn config_json_reports_deprecations_structurally_without_stderr_duplicate_815() } #[test] -fn local_json_surfaces_suppress_config_deprecation_stderr_816() { - let root = unique_temp_dir("global-json-warning-816"); +fn status_deduplicates_config_deprecation_warnings_per_invocation_425() { + let root = unique_temp_dir("status-warning-dedup-425"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + fs::write( + config_home.join("settings.json"), + r#"{"enabledPlugins": {}}"#, + ) + .expect("deprecated config fixture should write"); + + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ]; + let output = run_claw(&root, &["status"], &envs); + assert!( + output.status.success(), + "stdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&output.stdout), + String::from_utf8_lossy(&output.stderr) + ); + let stderr = String::from_utf8(output.stderr).expect("stderr utf8"); + let warning_count = stderr + .matches("field \"enabledPlugins\" is deprecated") + .count(); + assert_eq!( + warning_count, 1, + "status should emit the deprecated enabledPlugins warning once per process:\n{stderr}" + ); +} + +#[test] +fn config_json_attributes_precedence_and_shadowed_keys_425() { + let root = unique_temp_dir("config-precedence-425"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(root.join(".claw")).expect("workspace config should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + fs::write( + root.join(".claw.json"), + r#"{"model":"anthropic/claude-sonnet-4-6","env":{"A":"legacy","B":"legacy"}}"#, + ) + .expect("legacy project config fixture should write"); + fs::write( + root.join(".claw").join("settings.json"), + r#"{"model":"anthropic/claude-opus-4-6","env":{"A":"settings","C":"settings"}}"#, + ) + .expect("project settings fixture should write"); + + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ]; + let parsed = assert_json_command_with_env(&root, &["--output-format", "json", "config"], &envs); + let files = parsed["files"].as_array().expect("files array"); + let legacy = files + .iter() + .find(|file| { + file["source"] == "project" + && file["path"] + .as_str() + .is_some_and(|path| path.ends_with(".claw.json")) + }) + .expect("project .claw.json entry"); + let settings = files + .iter() + .find(|file| { + file["source"] == "project" + && file["path"] + .as_str() + .is_some_and(|path| path.ends_with(".claw/settings.json")) + }) + .expect("project .claw/settings.json entry"); + + assert_eq!(legacy["status"], "loaded"); + assert_eq!(settings["status"], "loaded"); + assert!( + settings["precedence_rank"].as_u64().expect("settings rank") + > legacy["precedence_rank"].as_u64().expect("legacy rank"), + "later project settings must outrank legacy project config: legacy={legacy} settings={settings}" + ); + for key in ["model", "env.A"] { + assert!( + legacy["shadowed_keys"] + .as_array() + .expect("legacy shadowed keys") + .iter() + .any(|value| value.as_str() == Some(key)), + "legacy config should report {key} as shadowed: {legacy}" + ); + assert!( + settings["wins_for_keys"] + .as_array() + .expect("settings winning keys") + .iter() + .any(|value| value.as_str() == Some(key)), + "project settings should report {key} as winning: {settings}" + ); + } + assert!( + legacy["wins_for_keys"] + .as_array() + .expect("legacy winning keys") + .iter() + .any(|value| value.as_str() == Some("env.B")), + "unshadowed legacy keys should remain attributed to .claw.json: {legacy}" + ); +} + +#[test] +fn config_section_json_tolerates_unknown_keys_as_warnings_425() { + let root = unique_temp_dir("config-unknown-warning-425"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + fs::write(root.join(".claw.json"), r#"{"model":"opus","alpha":"x"}"#) + .expect("legacy config fixture should write"); + + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ]; + let parsed = assert_json_command_with_env( + &root, + &["--output-format", "json", "config", "model"], + &envs, + ); + + assert_eq!(parsed["status"], "ok"); + assert_eq!(parsed["section"], "model"); + assert_eq!(parsed["section_value"], "opus"); + assert!( + parsed["warnings"] + .as_array() + .expect("warnings array") + .iter() + .any(|warning| warning + .as_str() + .is_some_and(|text| text.contains("unknown key \"alpha\""))), + "unknown keys should be structural warnings, not section failures: {parsed}" + ); +} + +#[test] +fn config_json_reports_structured_unloaded_file_reasons_407() { + let root = unique_temp_dir("config-file-status-407"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(root.join(".claw")).expect("workspace config should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + fs::write(root.join(".claw.json"), "{not json").expect("legacy skip fixture should write"); + fs::write( + root.join(".claw").join("settings.json"), + r#"{"model":"opus"}"#, + ) + .expect("project config fixture should write"); + + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ]; + let output = run_claw(&root, &["--output-format", "json", "config"], &envs); + assert!( + output.status.success(), + "stdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&output.stdout), + String::from_utf8_lossy(&output.stderr) + ); + let parsed: Value = serde_json::from_slice(&output.stdout).expect("stdout valid json"); + + assert_eq!(parsed["kind"], "config"); + assert_eq!(parsed["status"], "ok"); + assert_eq!(parsed["loaded_files"], 1); + assert_eq!(parsed["merged_keys"], parsed["merged_key_count"]); + assert_eq!( + parsed["merged_keys_meaning"].as_str(), + Some("count of top-level keys in the effective merged JSON object") + ); + assert!(parsed["load_error"].is_null()); + + let files = parsed["files"].as_array().expect("files array"); + let loaded = files + .iter() + .find(|file| file["loaded"] == true) + .expect("loaded config file"); + assert_eq!(loaded["status"], "loaded"); + assert!(loaded.get("reason").is_none()); + let missing = files + .iter() + .find(|file| file["status"] == "not_found") + .expect("missing config file"); + assert_eq!(missing["loaded"], false); + assert_eq!(missing["reason"], "not_found"); + assert_eq!(missing["skip_reason"], "not_found"); + let skipped = files + .iter() + .find(|file| file["status"] == "skipped") + .expect("skipped legacy config file"); + assert_eq!(skipped["loaded"], false); + assert_eq!(skipped["reason"], "legacy_invalid_json"); + assert_eq!(skipped["skip_reason"], "legacy_invalid_json"); + assert!(skipped["detail"].as_str().is_some()); +} + +#[test] +fn config_json_list_reports_parse_errors_without_dropping_file_statuses_407() { + let root = unique_temp_dir("config-file-load-error-407"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(root.join(".claw")).expect("workspace config should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + fs::write(config_home.join("settings.json"), r#"{"model":"sonnet"}"#) + .expect("user config fixture should write"); + fs::write(root.join(".claw").join("settings.json"), "{not json") + .expect("invalid project config fixture should write"); + + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ]; + let output = run_claw(&root, &["--output-format", "json", "config"], &envs); + assert!( + output.status.success(), + "config list should be best-effort even with one parse-broken file; stdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&output.stdout), + String::from_utf8_lossy(&output.stderr) + ); + let parsed: Value = serde_json::from_slice(&output.stdout).expect("stdout valid json"); + + assert_eq!(parsed["status"], "error"); + assert!(parsed["load_error"].as_str().is_some()); + assert_eq!(parsed["loaded_files"], 1); + let files = parsed["files"].as_array().expect("files array"); + let error_file = files + .iter() + .find(|file| file["status"] == "load_error") + .expect("load error config file"); + assert_eq!(error_file["loaded"], false); + assert_eq!(error_file["reason"], "parse_error"); + assert_eq!(error_file["skip_reason"], "parse_error"); + assert!(error_file["detail"].as_str().is_some()); +} + +#[test] +fn global_json_surfaces_suppress_config_deprecation_stderr_810_821_824() { + let root = unique_temp_dir("global-json-warning-810-821-824"); let config_home = root.join("config-home"); let home = root.join("home"); fs::create_dir_all(&config_home).expect("config home should exist"); @@ -1340,30 +2472,65 @@ fn local_json_surfaces_suppress_config_deprecation_stderr_816() { ("HOME", home.to_str().expect("utf8 home")), ]; + let session_path = write_session_fixture(&root, "resume-config-warning-824", Some("config")); + let resume_config = format!("--resume={}", session_path.to_str().expect("utf8 session")); + for (args, expected_kind, expected_action) in [ ( - &["--output-format", "json", "plugins", "list"][..], + vec!["--output-format", "json", "plugins", "list"], "plugin", "list", ), ( - &["--output-format", "json", "mcp", "list"][..], + vec!["--output-format", "json", "mcp", "list"], "mcp", "list", ), ( - &["--output-format", "json", "doctor"][..], + vec!["--output-format", "json", "doctor"], "doctor", "doctor", ), + (vec!["--output-format", "json", "status"], "status", "show"), + ( + vec!["--output-format", "json", "sandbox"], + "sandbox", + "status", + ), + ( + vec!["--output-format", "json", "system-prompt"], + "system-prompt", + "show", + ), + ( + vec!["--output-format", "json", "skills", "list"], + "skills", + "list", + ), + ( + vec!["--output-format", "json", "agents", "list"], + "agents", + "list", + ), + ( + vec!["--output-format", "json", resume_config.as_str(), "/config"], + "config", + "list", + ), ] { - let output = run_claw(&root, args, &envs); + let output = run_claw(&root, &args, &envs); assert!( output.status.success(), "args={args:?}\nstdout:\n{}\n\nstderr:\n{}", String::from_utf8_lossy(&output.stdout), String::from_utf8_lossy(&output.stderr) ); + assert_eq!( + output.stdout.first(), + Some(&b'{'), + "args={args:?} stdout JSON must start at byte 0, got: {}", + String::from_utf8_lossy(&output.stdout) + ); let parsed: Value = serde_json::from_slice(&output.stdout).expect("stdout should be valid JSON"); assert_eq!(parsed["kind"], expected_kind, "args={args:?}"); @@ -1372,10 +2539,10 @@ fn local_json_surfaces_suppress_config_deprecation_stderr_816() { matches!(parsed["status"].as_str(), Some("ok" | "warn")), "args={args:?} should report successful local status: {parsed}" ); - let stderr = String::from_utf8(output.stderr).expect("stderr utf8"); assert!( - !stderr.contains("field \"enabledPlugins\" is deprecated"), - "successful JSON surface must not leak config deprecation prose to stderr for args={args:?}:\n{stderr}" + output.stderr.is_empty(), + "successful JSON surface must keep stderr empty for args={args:?}, got:\n{}", + String::from_utf8_lossy(&output.stderr) ); } } @@ -1447,37 +2614,29 @@ fn assert_non_empty_action(parsed: &Value, args: &[&str]) { fn run_claw(current_dir: &Path, args: &[&str], envs: &[(&str, &str)]) -> Output { let mut command = Command::new(env!("CARGO_BIN_EXE_claw")); command.current_dir(current_dir).args(args); + for key in ["CLAW_OUTPUT_FORMAT", "CLAW_LOG", "RUST_LOG"] { + if !envs.iter().any(|(env_key, _)| *env_key == key) { + command.env_remove(key); + } + } for (key, value) in envs { command.env(key, value); } command.output().expect("claw should launch") } -fn strings(items: &[&str]) -> Vec { - items.iter().map(|item| (*item).to_string()).collect() +fn parse_json_stdout(output: &Output, context: &str) -> Value { + serde_json::from_slice(&output.stdout).unwrap_or_else(|_| { + panic!( + "{context} should emit valid stdout JSON; stdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&output.stdout), + String::from_utf8_lossy(&output.stderr) + ) + }) } -fn write_upstream_fixture(root: &Path) -> PathBuf { - let upstream = root.join("claw-code"); - let src = upstream.join("src"); - let entrypoints = src.join("entrypoints"); - fs::create_dir_all(&entrypoints).expect("upstream entrypoints dir should exist"); - fs::write( - src.join("commands.ts"), - "import FooCommand from './commands/foo'\n", - ) - .expect("commands fixture should write"); - fs::write( - src.join("tools.ts"), - "import ReadTool from './tools/read'\n", - ) - .expect("tools fixture should write"); - fs::write( - entrypoints.join("cli.tsx"), - "if (args[0] === '--version') {}\nstartupProfiler()\n", - ) - .expect("cli fixture should write"); - upstream +fn strings(items: &[&str]) -> Vec { + items.iter().map(|item| (*item).to_string()).collect() } fn write_session_fixture(root: &Path, session_id: &str, user_text: Option<&str>) -> PathBuf { @@ -1680,9 +2839,9 @@ fn diff_json_changed_file_count_deduplication_733() { #[test] fn prompt_no_arg_json_error_kind_750() { - // #751/#750: `claw prompt --output-format json` with no prompt argument must emit - // error_kind:"missing_prompt" and a non-empty hint. Before #750 it returned - // error_kind:"unknown" + hint:null. + // #751/#750/#823: `claw prompt --output-format json` with no prompt argument must emit + // error_kind:"missing_prompt" with stdout JSON, empty stderr, and a non-empty hint. + // Before #823 the structured envelope could be routed to stderr, leaving stdout empty. use std::process::Command; let root = unique_temp_dir("prompt-no-arg"); fs::create_dir_all(&root).expect("temp dir"); @@ -1697,28 +2856,30 @@ fn prompt_no_arg_json_error_kind_750() { !output.status.success(), "claw prompt with no arg must exit non-zero" ); + assert_eq!( + output.status.code(), + Some(1), + "claw prompt with no arg must exit rc=1 (#823)" + ); + let stderr = String::from_utf8_lossy(&output.stderr); + assert_eq!( + stderr, "", + "claw prompt (no arg) --output-format json must keep stderr empty (#823); got: {stderr}" + ); let stdout = String::from_utf8_lossy(&output.stdout); - let stderr = String::from_utf8_lossy(&output.stderr) - .lines() - .filter(|l| l.starts_with('{')) - .collect::>() - .join(""); - let raw = if stdout.trim().starts_with('{') { - stdout.trim().to_string() - } else { - stderr - }; - let parsed: serde_json::Value = serde_json::from_str(&raw).unwrap_or_else(|_| { - panic!("claw prompt (no arg) --output-format json must emit valid JSON; got: {raw}") + let parsed: serde_json::Value = serde_json::from_str(stdout.trim()).unwrap_or_else(|_| { + panic!( + "claw prompt (no arg) --output-format json must emit valid stdout JSON; got: {stdout}" + ) }); assert_eq!( parsed["error_kind"], "missing_prompt", - "claw prompt no-arg must have error_kind:missing_prompt (#750); got: {parsed}" + "claw prompt no-arg must have error_kind:missing_prompt (#750/#823); got: {parsed}" ); let hint = parsed["hint"].as_str().unwrap_or(""); assert!( !hint.is_empty(), - "claw prompt no-arg hint must be non-empty (#750)" + "claw prompt no-arg hint must be non-empty (#750/#823)" ); assert!( hint.contains("claw prompt") || hint.contains("echo"), @@ -1726,6 +2887,50 @@ fn prompt_no_arg_json_error_kind_750() { ); } +#[test] +fn prompt_empty_arg_json_stdout_missing_prompt_823() { + // #823: `claw --output-format json prompt ""` must match the missing prompt + // channel contract: rc=1, stdout JSON, error_kind:"missing_prompt", empty stderr. + use std::process::Command; + let root = unique_temp_dir("prompt-empty-arg-823"); + fs::create_dir_all(&root).expect("temp dir"); + let bin = env!("CARGO_BIN_EXE_claw"); + + let output = Command::new(bin) + .current_dir(&root) + .args(["--output-format", "json", "prompt", ""]) + .output() + .expect("claw prompt empty arg should run"); + assert_eq!( + output.status.code(), + Some(1), + "claw prompt empty arg must exit rc=1 (#823)" + ); + let stderr = String::from_utf8_lossy(&output.stderr); + assert_eq!( + stderr, "", + "claw prompt empty arg --output-format json must keep stderr empty (#823); got: {stderr}" + ); + let stdout = String::from_utf8_lossy(&output.stdout); + let parsed: serde_json::Value = serde_json::from_str(stdout.trim()).unwrap_or_else(|_| { + panic!( + "claw prompt empty arg --output-format json must emit valid stdout JSON; got: {stdout}" + ) + }); + assert_eq!( + parsed["error_kind"], "missing_prompt", + "claw prompt empty arg must have error_kind:missing_prompt (#823); got: {parsed}" + ); + assert_eq!( + parsed["action"], "abort", + "claw prompt empty arg must retain abort action (#823); got: {parsed}" + ); + assert!( + parsed["hint"].as_str().map_or(false, |h| !h.is_empty()), + "claw prompt empty arg missing_prompt hint must be non-empty (#823)" + ); +} + #[test] fn flag_value_errors_have_error_kind_and_hint_756() { // #756: missing/invalid flag-value errors must emit typed error_kind + non-null hint. @@ -1791,6 +2996,186 @@ fn flag_value_errors_have_error_kind_and_hint_756() { "missing --model hint must be non-empty (#756): {parsed2}" ); } +#[test] +fn output_format_flags_and_env_have_typed_contract_433() { + let root = unique_temp_dir("output-format-433"); + fs::create_dir_all(&root).expect("temp dir"); + + let repeated = run_claw( + &root, + &[ + "--output-format", + "text", + "--output-format", + "JSON", + "status", + ], + &[], + ); + assert!(repeated.status.success()); + let repeated_stderr = String::from_utf8_lossy(&repeated.stderr); + assert!( + repeated_stderr.contains("warning: --output-format specified multiple times"), + "repeated output-format should warn on stderr: {repeated_stderr}" + ); + let repeated_json = parse_json_stdout(&repeated, "repeated output-format status"); + assert_eq!(repeated_json["kind"], "status"); + assert_eq!(repeated_json["format_source"], "flag"); + assert_eq!(repeated_json["format_raw"], "JSON"); + assert_eq!(repeated_json["format_overridden"][0], "text"); + + let repeated_text = run_claw( + &root, + &[ + "--output-format", + "json", + "--output-format", + "text", + "status", + ], + &[], + ); + assert!(repeated_text.status.success()); + let repeated_text_stderr = String::from_utf8_lossy(&repeated_text.stderr); + assert!( + repeated_text_stderr.contains("using last value 'text'"), + "json-to-text repeated output-format should warn: {repeated_text_stderr}" + ); + let repeated_text_stdout = String::from_utf8_lossy(&repeated_text.stdout); + assert!( + repeated_text_stdout.contains("Status"), + "last text output-format should produce text status: {repeated_text_stdout}" + ); + + for value in ["json", "JSON", "Json"] { + let parsed = assert_json_command(&root, &["--output-format", value, "status"]); + assert_eq!( + parsed["kind"], "status", + "case {value} should parse as JSON" + ); + assert_eq!(parsed["format_source"], "flag"); + assert_eq!(parsed["format_raw"], value); + } + + let from_env = + assert_json_command_with_env(&root, &["status"], &[("CLAW_OUTPUT_FORMAT", "json")]); + assert_eq!(from_env["kind"], "status"); + assert_eq!(from_env["format_source"], "env"); + assert_eq!(from_env["format_raw"], "json"); + + let flag_overrides_env = run_claw( + &root, + &["--output-format", "json", "status"], + &[("CLAW_OUTPUT_FORMAT", "text")], + ); + assert!(flag_overrides_env.status.success()); + let override_json = parse_json_stdout(&flag_overrides_env, "flag overrides env output-format"); + assert_eq!(override_json["kind"], "status"); + assert_eq!(override_json["format_source"], "flag"); + assert_eq!(override_json["format_raw"], "json"); + assert_eq!( + override_json["format_overridden"].as_array().map(Vec::len), + Some(0) + ); + + let invalid = run_claw(&root, &["--output-format", "YAML", "status"], &[]); + assert_eq!(invalid.status.code(), Some(1)); + assert!( + invalid.stderr.is_empty(), + "invalid output-format in JSON mode must keep stderr empty: {}", + String::from_utf8_lossy(&invalid.stderr) + ); + let invalid_json = parse_json_stdout(&invalid, "invalid output-format JSON error"); + assert_eq!(invalid_json["error_kind"], "invalid_output_format"); + assert_eq!(invalid_json["value"], "YAML"); + assert_eq!( + invalid_json["expected"], + serde_json::json!(["text", "json"]) + ); + assert!(invalid_json["hint"] + .as_str() + .is_some_and(|hint| hint.contains("--output-format json"))); + + let help = assert_json_command(&root, &["--output-format", "json", "help"]); + let help_text = help["message"].as_str().expect("help message"); + assert!( + help_text.contains("CLAW_OUTPUT_FORMAT"), + "help should document CLAW_OUTPUT_FORMAT: {help_text}" + ); + assert!( + help_text.contains("CLAW_LOG"), + "help should document CLAW_LOG: {help_text}" + ); + assert!( + help_text.contains("RUST_LOG"), + "help should document RUST_LOG: {help_text}" + ); + + let doctor = assert_json_command_with_env( + &root, + &["doctor"], + &[ + ("CLAW_OUTPUT_FORMAT", "json"), + ("CLAW_LOG", "debug"), + ("RUST_LOG", "claw=debug"), + ], + ); + let system_check = doctor["checks"] + .as_array() + .expect("doctor checks") + .iter() + .find(|check| check["name"] == "system") + .expect("system check"); + assert_eq!(system_check["claw_output_format"], "json"); + assert_eq!(system_check["claw_log"], "debug"); + assert_eq!(system_check["rust_log"], "claw=debug"); +} + +#[test] +fn allowed_tools_errors_have_typed_json_and_alias_map_432() { + let root = unique_temp_dir("allowed-tools-432"); + fs::create_dir_all(&root).expect("temp dir"); + + let missing = run_claw( + &root, + &["--allowedTools", "status", "--output-format", "json"], + &[], + ); + assert_eq!(missing.status.code(), Some(1)); + assert!( + missing.stderr.is_empty(), + "JSON missing allowedTools value must keep stderr empty: {}", + String::from_utf8_lossy(&missing.stderr) + ); + let missing_json = parse_json_stdout(&missing, "allowedTools subcommand missing value"); + assert_eq!(missing_json["error_kind"], "missing_argument"); + assert_eq!(missing_json["argument"], "--allowedTools"); + assert!(missing_json["hint"] + .as_str() + .is_some_and(|hint| { hint.contains("--allowedTools") && hint.contains("read,glob") })); + + let invalid = run_claw( + &root, + &["--output-format", "json", "--allowedTools", "teleport"], + &[], + ); + assert_eq!(invalid.status.code(), Some(1)); + assert!( + invalid.stderr.is_empty(), + "JSON invalid allowedTools value must keep stderr empty: {}", + String::from_utf8_lossy(&invalid.stderr) + ); + let invalid_json = parse_json_stdout(&invalid, "allowedTools invalid tool"); + assert_eq!(invalid_json["error_kind"], "invalid_tool_name"); + assert_eq!(invalid_json["tool_name"], "teleport"); + assert!(invalid_json["available"] + .as_array() + .is_some_and(|available| available.iter().any(|name| name == "web_fetch"))); + assert_eq!(invalid_json["tool_aliases"]["WebFetch"], "web_fetch"); + assert!(invalid_json["hint"] + .as_str() + .is_some_and(|hint| { hint.contains("canonical snake_case") && hint.contains("aliases") })); +} #[test] fn short_p_flag_swallows_no_flags_755() { @@ -2055,6 +3440,46 @@ fn export_json_has_kind_702() { } } +#[test] +fn export_missing_session_json_error_uses_stdout_819() { + let root = unique_temp_dir("export-missing-session-819"); + fs::create_dir_all(&root).expect("temp dir should exist"); + + let output = run_claw( + &root, + &[ + "--output-format", + "json", + "export", + "--session", + "does-not-exist", + ], + &[], + ); + assert_eq!( + output.status.code(), + Some(1), + "export missing session should exit rc=1 (#819)" + ); + let stdout = String::from_utf8_lossy(&output.stdout); + let stderr = String::from_utf8_lossy(&output.stderr); + assert!( + stderr.is_empty(), + "export missing session JSON mode must keep stderr empty (#819), got: {stderr:?}" + ); + let parsed: serde_json::Value = serde_json::from_str(stdout.trim()).unwrap_or_else(|_| { + panic!("export missing session must emit valid stdout JSON (#819), got: {stdout:?}") + }); + assert_eq!( + parsed["error_kind"], "session_not_found", + "export missing session must emit session_not_found (#819): {parsed}" + ); + assert_eq!( + parsed["action"], "abort", + "export missing session should use the abort envelope (#819): {parsed}" + ); +} + #[test] fn config_parse_error_has_typed_error_kind_and_hint_764() { // #764: Malformed .claw/settings.json must emit error_kind:config_parse_error @@ -2316,10 +3741,10 @@ fn session_with_unknown_subcommand_returns_interactive_only_not_credentials_767( #[test] fn slash_only_verbs_with_args_return_interactive_only_not_credentials_770() { // #770: `claw cost breakdown`, `claw clear --force`, `claw memory reset`, - // `claw ultraplan bogus`, `claw model opus extra` all fell through to - // CliAction::Prompt and reached the credential gate, returning - // error_kind:"missing_credentials". These are all slash-only commands; - // any multi-token invocation should return interactive_only guidance. + // and `claw ultraplan bogus` all fell through to CliAction::Prompt and + // reached the credential gate, returning error_kind:"missing_credentials". + // These remain slash-only commands; multi-token invocations should return + // interactive_only guidance. `model` is now a local bounded surface (#807). let root = unique_temp_dir("slash-verbs-770"); fs::create_dir_all(&root).expect("temp dir should exist"); @@ -2328,7 +3753,6 @@ fn slash_only_verbs_with_args_return_interactive_only_not_credentials_770() { &["clear", "--force"], &["memory", "reset"], &["ultraplan", "bogus"], - &["model", "opus", "extra"], ]; for args in cases { @@ -2448,6 +3872,38 @@ fn agents_plugins_mcp_unknown_subcommand_have_hint_774() { } } +#[test] +fn mcp_show_missing_server_name_returns_missing_argument_830() { + let root = unique_temp_dir("mcp-show-missing-830"); + fs::create_dir_all(&root).expect("temp dir"); + + let output = run_claw(&root, &["--output-format", "json", "mcp", "show"], &[]); + assert!( + !output.status.success(), + "mcp show without server must fail" + ); + assert_eq!(output.status.code(), Some(1), "exit code must be 1 (#830)"); + assert!( + output.stderr.is_empty(), + "JSON mcp show missing-argument error must keep stderr empty (#830), got: {}", + String::from_utf8_lossy(&output.stderr) + ); + let parsed: serde_json::Value = serde_json::from_slice(&output.stdout) + .expect("mcp show missing server should emit valid JSON on stdout"); + assert_eq!(parsed["kind"], "mcp"); + assert_eq!(parsed["action"], "show"); + assert_eq!(parsed["status"], "error"); + assert_eq!(parsed["error_kind"], "missing_argument"); + assert!( + parsed["hint"] + .as_str() + .unwrap_or_default() + .contains("mcp show "), + "hint should contain usage example, got: {}", + parsed["hint"] + ); +} + #[test] fn interactive_only_guard_batch_769_to_771() { // #769-#771: a sweep of slash-only verbs with args that previously fell to @@ -2471,13 +3927,35 @@ fn interactive_only_guard_batch_769_to_771() { &["clear", "--force"], &["memory", "reset"], &["ultraplan", "bogus"], - &["model", "opus", "extra"], // #771: usage/stats/fork &["usage", "extra"], &["stats", "extra"], &["fork", "newbranch"], ]; + let model_output = run_claw( + &root, + &["--output-format", "json", "model", "opus", "extra"], + &[], + ); + assert!( + !model_output.status.success(), + "claw model opus extra should exit non-zero" + ); + let model_stdout = String::from_utf8_lossy(&model_output.stdout); + let model_json: serde_json::Value = serde_json::from_str(model_stdout.trim()) + .unwrap_or_else(|_| panic!("claw model opus extra should emit JSON, got: {model_stdout}")); + assert_eq!( + model_json["error_kind"], "unexpected_extra_args", + "claw model opus extra should now stay local and typed (#807), not missing_credentials: {model_json}" + ); + assert!( + model_json["hint"] + .as_str() + .is_some_and(|hint| !hint.is_empty()), + "claw model opus extra should include a usage hint: {model_json}" + ); + for args in cases { let full_args: Vec<&str> = std::iter::once("--output-format") .chain(std::iter::once("json")) @@ -2719,6 +4197,41 @@ fn init_json_envelope_has_hint_and_already_initialized_783() { hint.contains("CLAUDE.md") || hint.contains("doctor"), "fresh-init hint should mention CLAUDE.md or doctor, got: {hint:?}" ); + assert_eq!( + parsed["created"], + json!([ + ".claw/", + ".claw/settings.json", + ".claw.json", + ".gitignore", + "CLAUDE.md" + ]), + "fresh init should materialize .claw/settings.json and safe .claw.json" + ); + assert_eq!( + parsed["deferred"], + json!([".claw/sessions/"]), + "session storage should be reported as deferred until first save" + ); + assert_eq!(parsed["partial"], json!([])); + let claw_json = fs::read_to_string(root.join(".claw.json")).expect("read .claw.json"); + assert!( + claw_json.contains("\"defaultMode\": \"acceptEdits\""), + "init must not scaffold dontAsk in .claw.json: {claw_json}" + ); + assert!( + !claw_json.contains("dontAsk"), + "init must not scaffold unsafe dontAsk permission mode: {claw_json}" + ); + let settings_json = root.join(".claw").join("settings.json"); + assert!( + settings_json.is_file(), + "init should template .claw/settings.json" + ); + assert!( + !root.join(".claw").join("sessions").exists(), + "sessions directory should remain deferred until first save" + ); // Idempotent re-init — already_initialized should be true let output2 = run_claw(&root, &["--output-format", "json", "init"], &[]); @@ -2745,6 +4258,43 @@ fn init_json_envelope_has_hint_and_already_initialized_783() { hint2.contains("already") || hint2.contains("doctor"), "re-init hint should acknowledge workspace exists, got: {hint2:?}" ); + + let existing_claw_root = unique_temp_dir("init-existing-claw-436"); + fs::create_dir_all(existing_claw_root.join(".claw")).expect("existing .claw dir"); + let partial_output = run_claw( + &existing_claw_root, + &["--output-format", "json", "init"], + &[], + ); + assert!( + partial_output.status.success(), + "init with existing .claw should succeed" + ); + let partial_stdout = String::from_utf8_lossy(&partial_output.stdout); + let partial: serde_json::Value = + serde_json::from_str(partial_stdout.trim()).expect("partial init should emit valid JSON"); + assert_eq!( + partial["partial"], + json!([".claw/"]), + "existing .claw with newly-created settings should report partial .claw/" + ); + assert_eq!( + partial["created"], + json!([ + ".claw/settings.json", + ".claw.json", + ".gitignore", + "CLAUDE.md" + ]), + "init should still create missing sub-files when .claw already exists" + ); + assert!( + existing_claw_root + .join(".claw") + .join("settings.json") + .is_file(), + "existing .claw must receive missing settings template" + ); } #[test] @@ -3522,86 +5072,254 @@ fn plugins_install_not_found_path_returns_typed_kind_794() { } #[test] -fn skills_install_not_found_and_unsupported_action_have_hints_795() { - // #795: `claw skills install /nonexistent` returned skill_not_found + hint:null, and - // `claw skills uninstall x` returned unsupported_skills_action + hint:null. Both error - // kinds were missing from fallback_hint_for_error_kind table. Fix: added both entries. - let root = unique_temp_dir("skills-install-795"); - fs::create_dir_all(&root).expect("temp dir"); +fn skills_lifecycle_errors_have_typed_local_json_795_431() { + // #431: skills install/uninstall lifecycle paths are local JSON surfaces and must not + // fall through to provider credential checks. #795: every error envelope needs a hint. + let root = unique_temp_dir("skills-lifecycle-431"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(&config_home).expect("config home"); + fs::create_dir_all(&home).expect("home"); std::process::Command::new("git") .args(["init", "-q"]) .current_dir(&root) .output() .ok(); + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ("ANTHROPIC_API_KEY", ""), + ("ANTHROPIC_AUTH_TOKEN", ""), + ("OPENAI_API_KEY", ""), + ]; - // skills install with nonexistent local path - let out1 = run_claw( + let missing_arg = run_claw( &root, - &[ - "--output-format", - "json", - "skills", - "install", - "/nonexistent-xyz-795", - ], - &[], + &["skills", "install", "--output-format", "json"], + &envs, ); + assert_eq!(missing_arg.status.code(), Some(1)); assert!( - !out1.status.success(), - "skills install not-found must exit non-zero (#795)" + missing_arg.stderr.is_empty(), + "stderr: {}", + String::from_utf8_lossy(&missing_arg.stderr) ); - let stderr1 = String::from_utf8_lossy(&out1.stderr); - let stdout1 = String::from_utf8_lossy(&out1.stdout); - let j1: serde_json::Value = stdout1 - .lines() - .find(|l| l.trim_start().starts_with('{')) - .and_then(|l| serde_json::from_str(l).ok()) - .expect("skills install not-found should emit JSON error"); - assert_eq!( - j1["error_kind"], "skill_not_found", - "skills install not-found should be skill_not_found, got {:?}", - j1["error_kind"] - ); - let h1 = j1["hint"] + let missing_arg_json = parse_json_stdout(&missing_arg, "skills install missing source"); + assert_eq!(missing_arg_json["kind"], "skills"); + assert_eq!(missing_arg_json["action"], "install"); + assert_eq!(missing_arg_json["error_kind"], "missing_argument"); + assert_eq!(missing_arg_json["argument"], "install_source"); + assert!(missing_arg_json["hint"] .as_str() - .expect("skill_not_found must have non-null hint (#795)"); - assert!( - h1.contains("skills list") || h1.contains("skills install"), - "hint should reference skills commands, got: {h1:?}" - ); + .is_some_and(|hint| !hint.is_empty())); - // skills uninstall (unsupported action) - let out2 = run_claw( + let invalid_source = run_claw( + &root, + &["skills", "install", "bogus-name", "--output-format", "json"], + &envs, + ); + assert_eq!(invalid_source.status.code(), Some(1)); + assert!( + invalid_source.stderr.is_empty(), + "stderr: {}", + String::from_utf8_lossy(&invalid_source.stderr) + ); + let invalid_source_json = parse_json_stdout(&invalid_source, "skills install invalid source"); + assert_eq!(invalid_source_json["kind"], "skills"); + assert_eq!(invalid_source_json["action"], "install"); + assert_eq!(invalid_source_json["error_kind"], "invalid_install_source"); + assert_eq!(invalid_source_json["source"], "bogus-name"); + assert_eq!(invalid_source_json["source_kind"], "name"); + assert_eq!(invalid_source_json["reason"], "not_found"); + assert!(invalid_source_json["hint"] + .as_str() + .is_some_and(|hint| { hint.contains("local path") || hint.contains("SKILL.md") })); + + let missing_uninstall = run_claw( &root, &[ - "--output-format", - "json", "skills", "uninstall", - "some-skill", + "nonexistent-skill-xyz", + "--output-format", + "json", ], - &[], + &envs, + ); + assert_eq!(missing_uninstall.status.code(), Some(1)); + assert!( + missing_uninstall.stderr.is_empty(), + "stderr: {}", + String::from_utf8_lossy(&missing_uninstall.stderr) + ); + let missing_uninstall_json = + parse_json_stdout(&missing_uninstall, "skills uninstall missing skill"); + assert_eq!(missing_uninstall_json["kind"], "skills"); + assert_eq!(missing_uninstall_json["action"], "uninstall"); + assert_eq!(missing_uninstall_json["error_kind"], "skill_not_found"); + assert_eq!(missing_uninstall_json["requested"], "nonexistent-skill-xyz"); + assert_eq!( + missing_uninstall_json["skills_dir"], + config_home.join("skills").display().to_string() + ); + assert_eq!( + missing_uninstall_json["available_names"] + .as_array() + .expect("available_names") + .len(), + 0 + ); + assert!(missing_uninstall_json["hint"] + .as_str() + .is_some_and(|hint| !hint.is_empty())); +} + +#[test] +fn skills_install_uninstall_roundtrip_stays_local_431() { + let root = unique_temp_dir("skills-roundtrip-431"); + let config_home = root.join("config-home"); + let home = root.join("home"); + let source_root = root.join("fixtures"); + fs::create_dir_all(&config_home).expect("config home"); + fs::create_dir_all(&home).expect("home"); + write_skill(&source_root, "roundtrip", "Roundtrip skill"); + let skill_source = source_root.join("roundtrip"); + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ("ANTHROPIC_API_KEY", ""), + ("ANTHROPIC_AUTH_TOKEN", ""), + ("OPENAI_API_KEY", ""), + ]; + + let install = run_claw( + &root, + &[ + "skills", + "install", + skill_source.to_str().expect("utf8 skill source"), + "--output-format", + "json", + ], + &envs, ); assert!( - !out2.status.success(), - "skills uninstall must exit non-zero (#795)" + install.status.success(), + "stdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&install.stdout), + String::from_utf8_lossy(&install.stderr) ); - let stderr2 = String::from_utf8_lossy(&out2.stderr); - let stdout2 = String::from_utf8_lossy(&out2.stdout); - let j2: serde_json::Value = stdout2 - .lines() - .find(|l| l.trim_start().starts_with('{')) - .and_then(|l| serde_json::from_str(l).ok()) - .expect("skills uninstall should emit JSON error"); + let install_json = parse_json_stdout(&install, "skills install roundtrip"); + assert_eq!(install_json["kind"], "skills"); + assert_eq!(install_json["action"], "install"); + assert_eq!(install_json["status"], "ok"); + assert_eq!(install_json["invocation_name"], "roundtrip"); + let installed_path = config_home.join("skills").join("roundtrip"); assert_eq!( - j2["error_kind"], "unsupported_skills_action", - "skills uninstall should be unsupported_skills_action, got {:?}", - j2["error_kind"] + install_json["installed_path"], + installed_path.display().to_string() ); - let h2 = j2["hint"] - .as_str() - .expect("unsupported_skills_action must have non-null hint (#795)"); - assert!(!h2.is_empty(), "hint must be non-empty"); + assert!(installed_path.join("SKILL.md").is_file()); + + let uninstall = run_claw( + &root, + &[ + "skills", + "uninstall", + "roundtrip", + "--output-format", + "json", + ], + &envs, + ); + assert!( + uninstall.status.success(), + "stdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&uninstall.stdout), + String::from_utf8_lossy(&uninstall.stderr) + ); + let uninstall_json = parse_json_stdout(&uninstall, "skills uninstall roundtrip"); + assert_eq!(uninstall_json["kind"], "skills"); + assert_eq!(uninstall_json["action"], "uninstall"); + assert_eq!(uninstall_json["status"], "ok"); + assert_eq!(uninstall_json["removed"], "roundtrip"); + assert_eq!( + uninstall_json["removed_path"], + installed_path.display().to_string() + ); + assert!( + !installed_path.exists(), + "uninstall should remove installed skill files" + ); +} + +#[test] +fn agents_create_scaffolds_toml_and_lists_locally_431() { + let root = unique_temp_dir("agents-create-431"); + let config_home = root.join("config-home"); + let home = root.join("home"); + fs::create_dir_all(&config_home).expect("config home"); + fs::create_dir_all(&home).expect("home"); + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ("ANTHROPIC_API_KEY", ""), + ("ANTHROPIC_AUTH_TOKEN", ""), + ("OPENAI_API_KEY", ""), + ]; + + let create = run_claw( + &root, + &["agents", "create", "my-agent", "--output-format", "json"], + &envs, + ); + assert!( + create.status.success(), + "stdout:\n{}\n\nstderr:\n{}", + String::from_utf8_lossy(&create.stdout), + String::from_utf8_lossy(&create.stderr) + ); + let create_json = parse_json_stdout(&create, "agents create my-agent"); + let agent_path = root.join(".claw").join("agents").join("my-agent.toml"); + let reported_agent_path = PathBuf::from( + create_json["path"] + .as_str() + .expect("agents create should report path"), + ); + assert_eq!(create_json["kind"], "agents"); + assert_eq!(create_json["action"], "create"); + assert_eq!(create_json["status"], "ok"); + assert_eq!(create_json["format"], "toml"); + assert_eq!( + reported_agent_path, + fs::canonicalize(&agent_path).expect("canonical agent path") + ); + assert!(agent_path.is_file()); + let agent_contents = fs::read_to_string(&agent_path).expect("agent scaffold should read"); + assert!(agent_contents.contains("name = \"my-agent\"")); + + let list = + assert_json_command_with_env(&root, &["--output-format", "json", "agents", "list"], &envs); + assert_eq!(list["kind"], "agents"); + assert_eq!(list["action"], "list"); + assert!(list["agents"] + .as_array() + .expect("agents array") + .iter() + .any(|agent| { + agent["name"] == "my-agent" + && PathBuf::from(agent["path"].as_str().expect("listed agent path")) + == fs::canonicalize(&agent_path).expect("canonical listed agent path") + })); } #[test] @@ -3867,6 +5585,86 @@ fn diff_non_git_dir_has_error_kind_and_hint_801() { ); } +fn assert_local_json_without_missing_credentials( + output: &std::process::Output, + expected_kind: &str, +) -> serde_json::Value { + assert_eq!( + output.status.code(), + Some(0), + "local JSON command should exit 0" + ); + let stdout = String::from_utf8_lossy(&output.stdout); + let stderr = String::from_utf8_lossy(&output.stderr); + assert!( + !stdout.trim().is_empty(), + "local JSON command must emit stdout JSON" + ); + assert!( + stderr.is_empty(), + "local JSON command must keep stderr empty, got: {stderr:?}" + ); + assert!( + !stdout.contains("missing_credentials"), + "local JSON command must not hit provider credential startup: {stdout}" + ); + let j: serde_json::Value = serde_json::from_str(stdout.trim()) + .unwrap_or_else(|_| panic!("stdout must be parseable JSON, got: {stdout:?}")); + assert_eq!(j["status"], "ok", "local JSON status: {j}"); + assert_eq!(j["kind"], expected_kind, "local JSON kind: {j}"); + j +} + +// #807: model/model(s) JSON/help surfaces must stay bounded and local. +#[test] +fn models_json_and_model_help_json_are_local_807() { + let root = unique_temp_dir("models-local-json-807"); + std::fs::create_dir_all(&root).expect("create temp dir"); + + let models = run_claw(&root, &["models", "--output-format", "json"], &[]); + let models_json = assert_local_json_without_missing_credentials(&models, "models"); + assert_eq!( + models_json["action"], "list", + "models action: {models_json}" + ); + assert_eq!( + models_json["requires_provider_request"], false, + "models must be local: {models_json}" + ); + + let help = run_claw(&root, &["model", "help", "--output-format", "json"], &[]); + let help_json = assert_local_json_without_missing_credentials(&help, "help"); + assert_eq!( + help_json["command"], "models", + "model help command: {help_json}" + ); +} + +// #808: settings JSON/help surfaces must stay bounded and local. +#[test] +fn settings_json_and_help_json_are_local_808() { + let root = unique_temp_dir("settings-local-json-808"); + std::fs::create_dir_all(&root).expect("create temp dir"); + + let settings = run_claw(&root, &["settings", "--output-format", "json"], &[]); + let settings_json = assert_local_json_without_missing_credentials(&settings, "config"); + assert_eq!( + settings_json["action"], "show", + "settings action: {settings_json}" + ); + assert_eq!( + settings_json["section"], "settings", + "settings section: {settings_json}" + ); + + let help = run_claw(&root, &["settings", "help", "--output-format", "json"], &[]); + let help_json = assert_local_json_without_missing_credentials(&help, "help"); + assert_eq!( + help_json["command"], "settings", + "settings help command: {help_json}" + ); +} + // #825: unknown single-word subcommand must return command_not_found, not // fall through to missing_credentials after provider startup. #[test] @@ -3940,31 +5738,78 @@ fn unknown_subcommand_typo_with_suggestions_json_emits_command_not_found() { assert!(stderr.is_empty(), "typo JSON must have empty stderr (#825)"); } -// #826: multi-word unknown subcommand is a known gap — falls through to -// CliAction::Prompt (natural language prompt passthrough like `claw explain this`). -// Single-word typos (#825) are caught; multi-word is documented as backlog. -// This test documents the current behaviour (not the desired fix). +// #826: JSON-mode multi-word unknown subcommands must not fall through to +// CliAction::Prompt and hit the provider credential gate. #[test] -fn multi_word_unknown_subcommand_falls_through_to_prompt_826() { - let root = unique_temp_dir("multi-word-gap-826"); +fn multi_word_unknown_subcommand_json_emits_command_not_found_826() { + let root = unique_temp_dir("multi-word-command-not-found-826"); std::fs::create_dir_all(&root).expect("create temp dir"); - // "foobar baz" has no fuzzy suggestion → falls through to Prompt path - // (hits missing_credentials since no API key is set, rc=1) let output = run_claw(&root, &["--output-format", "json", "foobar", "baz"], &[]); assert_eq!(output.status.code(), Some(1)); let stdout = String::from_utf8_lossy(&output.stdout); let stderr = String::from_utf8_lossy(&output.stderr); - // Currently emits missing_credentials (fallthrough gap documented in #826) let j: serde_json::Value = - serde_json::from_str(stdout.trim()).expect("multi-word fallthrough must emit JSON"); + serde_json::from_str(stdout.trim()).expect("multi-word unknown subcommand must emit JSON"); assert_eq!( - j["status"], "error", - "multi-word fallthrough must be an error: {j}" + j["error_kind"], "command_not_found", + "multi-word unknown subcommand must emit command_not_found, not missing_credentials (#826): {j}" + ); + let hint = j["hint"].as_str().unwrap_or_default(); + assert!( + hint.contains("claw prompt") || hint.contains("--help"), + "hint should explain prompt/command recovery, got: {hint:?}" ); - // stderr must be empty regardless (JSON mode) assert!( stderr.is_empty(), - "multi-word fallthrough JSON must have empty stderr: {stderr:?}" + "multi-word command_not_found JSON must have empty stderr: {stderr:?}" + ); +} + +#[test] +fn compact_flag_missing_argument_and_shorthand_prompt_contract_435() { + let root = unique_temp_dir("compact-flag-435"); + let config_home = root.join("config-home"); + let home = root.join("home"); + std::fs::create_dir_all(&root).expect("create temp dir"); + std::fs::create_dir_all(&config_home).expect("create config home"); + std::fs::create_dir_all(&home).expect("create home"); + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("config home utf8"), + ), + ("HOME", home.to_str().expect("home utf8")), + ("ANTHROPIC_API_KEY", ""), + ("ANTHROPIC_AUTH_TOKEN", ""), + ("OPENAI_API_KEY", ""), + ]; + + let missing = run_claw(&root, &["--output-format", "json", "--compact"], &envs); + assert_eq!(missing.status.code(), Some(1)); + assert!( + missing.stderr.is_empty(), + "compact missing-argument JSON should keep stderr empty: {}", + String::from_utf8_lossy(&missing.stderr) + ); + let missing_json = parse_json_stdout(&missing, "compact missing argument"); + assert_eq!(missing_json["error_kind"], "missing_argument"); + assert_eq!(missing_json["argument"], "prompt or subcommand"); + + let prompt = run_claw( + &root, + &["--output-format", "json", "--compact", "hello"], + &envs, + ); + assert_eq!(prompt.status.code(), Some(1)); + assert!( + prompt.stderr.is_empty(), + "compact prompt JSON should keep stderr empty: {}", + String::from_utf8_lossy(&prompt.stderr) + ); + let prompt_json = parse_json_stdout(&prompt, "compact shorthand prompt"); + assert_eq!( + prompt_json["error_kind"], "missing_credentials", + "--compact hello should stay on the prompt/provider path, not command_not_found: {prompt_json}" ); } @@ -3994,6 +5839,42 @@ fn direct_unknown_slash_command_emits_typed_error_kind() { ); } +#[test] +fn resume_unknown_slash_command_emits_typed_error_kind_827() { + let root = unique_temp_dir("resume-unknown-slash-827"); + std::fs::create_dir_all(&root).expect("create temp dir"); + let session_path = write_session_fixture(&root, "resume-unknown-slash-827", Some("hello")); + + let output = run_claw( + &root, + &[ + "--resume", + session_path.to_str().expect("session path utf8"), + "--output-format", + "json", + "/boguscommand", + ], + &[], + ); + assert_eq!( + output.status.code(), + Some(2), + "resume unknown slash should exit 2" + ); + let stdout = String::from_utf8_lossy(&output.stdout); + let stderr = String::from_utf8_lossy(&output.stderr); + let j: serde_json::Value = serde_json::from_str(stdout.trim()) + .unwrap_or_else(|_| panic!("resume unknown slash must emit JSON (#827), got: {stdout:?}")); + assert_eq!( + j["error_kind"], "unknown_slash_command", + "resume unknown slash must emit unknown_slash_command (#827): {j}" + ); + assert!( + stderr.is_empty(), + "resume unknown slash JSON must have empty stderr (#827): {stderr:?}" + ); +} + // #828: /approve and /deny outside REPL must emit interactive_only, not unknown_slash_command #[test] fn approve_deny_outside_repl_emits_interactive_only() { @@ -4044,13 +5925,13 @@ fn non_resume_safe_interactive_only_hint_omits_resume_suggestion() { fn resume_safe_interactive_only_hint_includes_resume_suggestion() { let root = unique_temp_dir("resume-hint-829"); std::fs::create_dir_all(&root).expect("create temp dir"); - let output = run_claw(&root, &["--output-format", "json", "/diff"], &[]); + let output = run_claw(&root, &["--output-format", "json", "/compact"], &[]); let stdout = String::from_utf8_lossy(&output.stdout); let j: serde_json::Value = serde_json::from_str(stdout.trim()) - .unwrap_or_else(|_| panic!("/diff must emit JSON (#829), got: {stdout:?}")); + .unwrap_or_else(|_| panic!("/compact must emit JSON (#829), got: {stdout:?}")); let hint = j["hint"].as_str().unwrap_or(""); assert!( hint.contains("--resume"), - "/diff hint must suggest --resume (it is resume-safe) (#829): hint={hint:?}" + "/compact hint must suggest --resume (it is resume-safe and not a local direct action) (#829): hint={hint:?}" ); } diff --git a/rust/crates/rusty-claude-cli/tests/resume_slash_commands.rs b/rust/crates/rusty-claude-cli/tests/resume_slash_commands.rs index f62410c6..dd5ae8e5 100644 --- a/rust/crates/rusty-claude-cli/tests/resume_slash_commands.rs +++ b/rust/crates/rusty-claude-cli/tests/resume_slash_commands.rs @@ -222,6 +222,73 @@ fn resume_latest_restores_the_most_recent_managed_session() { assert!(stdout.contains(newer_path.to_str().expect("utf8 path"))); } +#[test] +fn resume_latest_missing_session_fails_without_creating_session_dirs_435() { + // given + let temp_dir = unique_temp_dir("resume-latest-missing-435"); + let project_dir = temp_dir.join("project"); + let config_home = temp_dir.join("config-home"); + let home = temp_dir.join("home"); + fs::create_dir_all(&project_dir).expect("project dir should exist"); + fs::create_dir_all(&config_home).expect("config home should exist"); + fs::create_dir_all(&home).expect("home should exist"); + let envs = [ + ( + "CLAW_CONFIG_HOME", + config_home.to_str().expect("utf8 config home"), + ), + ("HOME", home.to_str().expect("utf8 home")), + ("ANTHROPIC_API_KEY", ""), + ("ANTHROPIC_AUTH_TOKEN", ""), + ("OPENAI_API_KEY", ""), + ]; + + // when — both text and JSON resume failures should be non-zero and read-only. + let text = run_claw_with_env(&project_dir, &["--resume", "latest"], &envs); + let json = run_claw_with_env( + &project_dir, + &["--output-format", "json", "--resume", "latest"], + &envs, + ); + + // then + assert_eq!( + text.status.code(), + Some(1), + "text resume failure must be non-zero" + ); + assert!( + text.stdout.is_empty(), + "text resume failure should not claim success on stdout: {}", + String::from_utf8_lossy(&text.stdout) + ); + let text_stderr = String::from_utf8_lossy(&text.stderr); + assert!( + text_stderr.contains("no managed sessions found"), + "text failure should explain missing sessions: {text_stderr}" + ); + + assert_eq!( + json.status.code(), + Some(1), + "JSON resume failure must be non-zero" + ); + assert!( + json.stderr.is_empty(), + "JSON resume failure should keep stderr empty: {}", + String::from_utf8_lossy(&json.stderr) + ); + let parsed: Value = serde_json::from_slice(&json.stdout) + .expect("JSON resume failure should emit JSON to stdout"); + assert_eq!(parsed["status"], "error"); + assert_eq!(parsed["action"], "restore"); + assert_eq!(parsed["error_kind"], "no_managed_sessions"); + assert!( + !project_dir.join(".claw").exists(), + "failed resume must not create .claw/session directories" + ); +} + #[test] fn resumed_status_command_emits_structured_json_when_requested() { // given @@ -268,7 +335,7 @@ fn resumed_status_command_emits_structured_json_when_requested() { assert_eq!(parsed["kind"], "status"); // model is null in resume mode (not known without --model flag) assert!(parsed["model"].is_null()); - assert_eq!(parsed["permission_mode"], "danger-full-access"); + assert_eq!(parsed["permission_mode"], "workspace-write"); assert_eq!(parsed["usage"]["messages"], 1); assert!(parsed["usage"]["turns"].is_number()); assert!(parsed["workspace"]["cwd"].as_str().is_some()); @@ -396,6 +463,9 @@ fn resumed_version_command_emits_structured_json() { assert!(parsed["version"].as_str().is_some()); assert!(parsed["git_sha"].as_str().is_some()); assert!(parsed["target"].as_str().is_some()); + assert!(parsed["git_sha_short"].as_str().is_some()); + assert!(parsed.get("message").is_none()); + assert!(parsed["human_readable"].as_str().is_some()); } #[test] diff --git a/rust/crates/tools/src/lib.rs b/rust/crates/tools/src/lib.rs index a42bdcb3..15dff721 100644 --- a/rust/crates/tools/src/lib.rs +++ b/rust/crates/tools/src/lib.rs @@ -201,30 +201,20 @@ impl GlobalToolRegistry { return Ok(None); } - let builtin_specs = mvp_tool_specs(); - let canonical_names = builtin_specs - .iter() - .map(|spec| spec.name.to_string()) - .chain( - self.plugin_tools - .iter() - .map(|tool| tool.definition().name.clone()), - ) - .chain(self.runtime_tools.iter().map(|tool| tool.name.clone())) - .collect::>(); - let mut name_map = canonical_names - .iter() - .map(|name| (normalize_tool_name(name), name.clone())) - .collect::>(); + let actual_names = self.actual_tool_names(); + let canonical_names = self.canonical_allowed_tool_names(); + let canonical_name_set = canonical_names.iter().cloned().collect::>(); + let mut name_map = BTreeMap::new(); + for actual in &actual_names { + let canonical = canonical_allowed_tool_name(actual); + name_map.insert(allowed_tool_lookup_key(actual), canonical.clone()); + name_map.insert(allowed_tool_lookup_key(&canonical), canonical); + } - for (alias, canonical) in [ - ("read", "read_file"), - ("write", "write_file"), - ("edit", "edit_file"), - ("glob", "glob_search"), - ("grep", "grep_search"), - ] { - name_map.insert(alias.to_string(), canonical.to_string()); + for (alias, canonical) in self.allowed_tool_aliases() { + if canonical_name_set.contains(&canonical) { + name_map.insert(allowed_tool_lookup_key(&alias), canonical); + } } let mut allowed = BTreeSet::new(); @@ -233,11 +223,11 @@ impl GlobalToolRegistry { .split(|ch: char| ch == ',' || ch.is_whitespace()) .filter(|token| !token.is_empty()) { - let normalized = normalize_tool_name(token); - let canonical = name_map.get(&normalized).ok_or_else(|| { + let canonical = name_map.get(&allowed_tool_lookup_key(token)).ok_or_else(|| { format!( - "unsupported tool in --allowedTools: {token} (expected one of: {})", - canonical_names.join(", ") + "invalid_tool_name: unsupported tool in --allowedTools: {token}\nAvailable: {}\nAliases: {}\nHint: Use canonical snake_case tool names from Available or aliases from Aliases.", + canonical_names.join(", "), + format_allowed_tool_aliases(&self.allowed_tool_aliases()) ) })?; allowed.insert(canonical.clone()); @@ -258,7 +248,10 @@ impl GlobalToolRegistry { pub fn definitions(&self, allowed_tools: Option<&BTreeSet>) -> Vec { let builtin = mvp_tool_specs() .into_iter() - .filter(|spec| allowed_tools.is_none_or(|allowed| allowed.contains(spec.name))) + .filter(|spec| { + allowed_tools + .is_none_or(|allowed| allowed.contains(&canonical_allowed_tool_name(spec.name))) + }) .map(|spec| ToolDefinition { name: spec.name.to_string(), description: Some(spec.description.to_string()), @@ -267,7 +260,11 @@ impl GlobalToolRegistry { let runtime = self .runtime_tools .iter() - .filter(|tool| allowed_tools.is_none_or(|allowed| allowed.contains(tool.name.as_str()))) + .filter(|tool| { + allowed_tools.is_none_or(|allowed| { + allowed.contains(&canonical_allowed_tool_name(&tool.name)) + }) + }) .map(|tool| ToolDefinition { name: tool.name.clone(), description: tool.description.clone(), @@ -277,8 +274,11 @@ impl GlobalToolRegistry { .plugin_tools .iter() .filter(|tool| { - allowed_tools - .is_none_or(|allowed| allowed.contains(tool.definition().name.as_str())) + allowed_tools.is_none_or(|allowed| { + allowed.contains(&canonical_allowed_tool_name( + tool.definition().name.as_str(), + )) + }) }) .map(|tool| ToolDefinition { name: tool.definition().name.clone(), @@ -294,19 +294,29 @@ impl GlobalToolRegistry { ) -> Result, String> { let builtin = mvp_tool_specs() .into_iter() - .filter(|spec| allowed_tools.is_none_or(|allowed| allowed.contains(spec.name))) + .filter(|spec| { + allowed_tools + .is_none_or(|allowed| allowed.contains(&canonical_allowed_tool_name(spec.name))) + }) .map(|spec| (spec.name.to_string(), spec.required_permission)); let runtime = self .runtime_tools .iter() - .filter(|tool| allowed_tools.is_none_or(|allowed| allowed.contains(tool.name.as_str()))) + .filter(|tool| { + allowed_tools.is_none_or(|allowed| { + allowed.contains(&canonical_allowed_tool_name(&tool.name)) + }) + }) .map(|tool| (tool.name.clone(), tool.required_permission)); let plugin = self .plugin_tools .iter() .filter(|tool| { - allowed_tools - .is_none_or(|allowed| allowed.contains(tool.definition().name.as_str())) + allowed_tools.is_none_or(|allowed| { + allowed.contains(&canonical_allowed_tool_name( + tool.definition().name.as_str(), + )) + }) }) .map(|tool| { permission_mode_from_plugin(tool.required_permission()) @@ -316,6 +326,52 @@ impl GlobalToolRegistry { Ok(builtin.chain(runtime).chain(plugin).collect()) } + #[must_use] + pub fn actual_tool_names(&self) -> Vec { + mvp_tool_specs() + .iter() + .map(|spec| spec.name.to_string()) + .chain( + self.plugin_tools + .iter() + .map(|tool| tool.definition().name.clone()), + ) + .chain(self.runtime_tools.iter().map(|tool| tool.name.clone())) + .collect() + } + + #[must_use] + pub fn canonical_allowed_tool_names(&self) -> Vec { + self.actual_tool_names() + .into_iter() + .map(|name| canonical_allowed_tool_name(&name)) + .collect::>() + .into_iter() + .collect() + } + + #[must_use] + pub fn allowed_tool_aliases(&self) -> BTreeMap { + let mut aliases = BTreeMap::from([ + ("read".to_string(), "read_file".to_string()), + ("Read".to_string(), "read_file".to_string()), + ("write".to_string(), "write_file".to_string()), + ("Write".to_string(), "write_file".to_string()), + ("edit".to_string(), "edit_file".to_string()), + ("Edit".to_string(), "edit_file".to_string()), + ("glob".to_string(), "glob_search".to_string()), + ("Glob".to_string(), "glob_search".to_string()), + ("grep".to_string(), "grep_search".to_string()), + ("Grep".to_string(), "grep_search".to_string()), + ]); + for actual in self.actual_tool_names() { + let canonical = canonical_allowed_tool_name(&actual); + if actual != canonical { + aliases.insert(actual, canonical); + } + } + aliases + } #[must_use] pub fn has_runtime_tool(&self, name: &str) -> bool { self.runtime_tools.iter().any(|tool| tool.name == name) @@ -378,8 +434,40 @@ impl GlobalToolRegistry { } } -fn normalize_tool_name(value: &str) -> String { - value.trim().replace('-', "_").to_ascii_lowercase() +pub fn canonical_allowed_tool_name(value: &str) -> String { + let trimmed = value.trim().replace('-', "_"); + let mut output = String::new(); + let chars = trimmed.chars().collect::>(); + for (index, ch) in chars.iter().copied().enumerate() { + if ch == '_' || ch.is_whitespace() { + output.push('_'); + continue; + } + let previous = index.checked_sub(1).and_then(|i| chars.get(i)).copied(); + let next = chars.get(index + 1).copied(); + if ch.is_ascii_uppercase() + && index > 0 + && !output.ends_with('_') + && (previous.is_some_and(|p| p.is_ascii_lowercase() || p.is_ascii_digit()) + || next.is_some_and(|n| n.is_ascii_lowercase())) + { + output.push('_'); + } + output.push(ch.to_ascii_lowercase()); + } + output.trim_matches('_').to_string() +} + +fn allowed_tool_lookup_key(value: &str) -> String { + canonical_allowed_tool_name(value).replace('_', "") +} + +fn format_allowed_tool_aliases(aliases: &BTreeMap) -> String { + aliases + .iter() + .map(|(alias, canonical)| format!("{alias}={canonical}")) + .collect::>() + .join(", ") } fn permission_mode_from_plugin(value: &str) -> Result { @@ -514,7 +602,7 @@ pub fn mvp_tool_specs() -> Vec { "required": ["url", "prompt"], "additionalProperties": false }), - required_permission: PermissionMode::ReadOnly, + required_permission: PermissionMode::DangerFullAccess, }, ToolSpec { name: "WebSearch", @@ -535,7 +623,7 @@ pub fn mvp_tool_specs() -> Vec { "required": ["query"], "additionalProperties": false }), - required_permission: PermissionMode::ReadOnly, + required_permission: PermissionMode::DangerFullAccess, }, ToolSpec { name: "TodoWrite", @@ -1225,13 +1313,14 @@ pub fn mvp_tool_specs() -> Vec { }, ToolSpec { name: "GitShow", - description: "Show a commit, tag, or tree object with its diff. Supports showing a specific file at a commit (commit:path) and stat-only mode. Use this instead of running git show via bash to get structured output.", + description: "Show a commit, tag, or tree object. Use format to control output: patch (default) shows the full diff, stat shows a diffstat summary, and metadata shows commit info without the diff. Supports showing a specific file at a commit (commit:path) for patch/stat output. Use this instead of running git show via bash to get structured output.", input_schema: json!({ "type": "object", "properties": { "commit": { "type": "string" }, "path": { "type": "string" }, - "stat": { "type": "boolean" } + "stat": { "type": "boolean" }, + "format": { "type": "string", "enum": ["patch", "stat", "metadata"] }, }, "required": ["commit"], "additionalProperties": false @@ -1320,8 +1409,26 @@ fn execute_tool_with_enforcer( maybe_enforce_permission_check_with_mode(enforcer, name, input, required_mode)?; run_grep_search(grep_input) } - "WebFetch" => from_value::(input).and_then(run_web_fetch), - "WebSearch" => from_value::(input).and_then(run_web_search), + "WebFetch" => { + let web_input = from_value::(input)?; + maybe_enforce_permission_check_with_mode( + enforcer, + name, + input, + PermissionMode::DangerFullAccess, + )?; + run_web_fetch(web_input) + } + "WebSearch" => { + let web_input = from_value::(input)?; + maybe_enforce_permission_check_with_mode( + enforcer, + name, + input, + PermissionMode::DangerFullAccess, + )?; + run_web_search(web_input) + } "TodoWrite" => from_value::(input).and_then(run_todo_write), "Skill" => from_value::(input).and_then(run_skill), "Agent" => from_value::(input).and_then(run_agent), @@ -2008,14 +2115,37 @@ fn run_git_log(input: GitLogInput) -> Result { } } -#[allow(clippy::needless_pass_by_value)] /// Execute `git show` for a given commit, optionally with --stat or a file path. /// Uses the `commit:path` syntax when a path is specified. fn run_git_show(input: GitShowInput) -> Result { let mut args: Vec = vec!["show".to_string()]; - if input.stat.unwrap_or(false) { - args.push("--stat".to_string()); + + match input.format.as_deref() { + Some("metadata") if input.path.is_some() => { + return Err( + "GitShow format \"metadata\" cannot be combined with path; metadata describes a commit, not a blob. Use format \"patch\" or \"stat\" with path, or omit path." + .to_string(), + ); + } + Some("metadata") => { + args.push("--format=medium".to_string()); + args.push("--no-patch".to_string()); + } + Some("stat") => { + args.push("--stat".to_string()); + } + Some("patch") | None => { + if input.format.is_none() && input.stat.unwrap_or(false) { + args.push("--stat".to_string()); + } + } + Some(other) => { + return Err(format!( + "unknown GitShow format: \"{other}\". Supported values: \"patch\" (default), \"stat\", \"metadata\"." + )); + } } + if let Some(ref path) = input.path { args.push(format!("{}:{}", input.commit, path)); } else { @@ -2964,6 +3094,9 @@ struct GitShowInput { #[serde(default)] /// If true, show diffstat summary instead of full diff. stat: Option, + #[serde(default)] + /// Output format: "patch" (default) shows the full diff, "stat" shows a diffstat summary, and "metadata" shows commit info without the diff. When set, takes priority over `stat`. + format: Option, } /// Input for the GitBlame tool: shows per-line author/revision info for a file. @@ -4165,7 +4298,7 @@ fn allowed_tools_for_subagent(subagent_type: &str) -> BTreeSet { "PowerShell", ], }; - tools.into_iter().map(str::to_string).collect() + tools.into_iter().map(canonical_allowed_tool_name).collect() } fn agent_permission_policy() -> PermissionPolicy { @@ -5193,7 +5326,10 @@ impl SubagentToolExecutor { impl ToolExecutor for SubagentToolExecutor { fn execute(&mut self, tool_name: &str, input: &str) -> Result { - if !self.allowed_tools.contains(tool_name) { + if !self + .allowed_tools + .contains(&canonical_allowed_tool_name(tool_name)) + { return Err(ToolError::new(format!( "tool `{tool_name}` is not enabled for this sub-agent" ))); @@ -5208,7 +5344,10 @@ impl ToolExecutor for SubagentToolExecutor { fn tool_specs_for_allowed_tools(allowed_tools: Option<&BTreeSet>) -> Vec { mvp_tool_specs() .into_iter() - .filter(|spec| allowed_tools.is_none_or(|allowed| allowed.contains(spec.name))) + .filter(|spec| { + allowed_tools + .is_none_or(|allowed| allowed.contains(&canonical_allowed_tool_name(spec.name))) + }) .collect() } @@ -6779,6 +6918,87 @@ mod tests { assert!(names.contains(&"WorkerSendPrompt")); } + #[test] + fn git_show_schema_exposes_format_enum() { + let spec = mvp_tool_specs() + .into_iter() + .find(|spec| spec.name == "GitShow") + .expect("GitShow spec"); + assert_eq!( + spec.input_schema["properties"]["format"]["enum"], + json!(["patch", "stat", "metadata"]) + ); + } + + #[test] + fn git_show_supports_patch_stat_metadata_and_rejects_metadata_path() { + let _guard = env_guard(); + let root = temp_path("git-show-format"); + init_git_repo(&root); + commit_file(&root, "README.md", "initial\nupdated\n", "update readme"); + let previous = std::env::current_dir().expect("cwd"); + std::env::set_current_dir(&root).expect("set cwd"); + + let patch = execute_tool("GitShow", &json!({"commit": "HEAD", "format": "patch"})) + .expect("patch git show"); + let patch: serde_json::Value = serde_json::from_str(&patch).expect("patch json"); + assert!(patch["output"] + .as_str() + .expect("patch output") + .contains("diff --git")); + + let stat = execute_tool("GitShow", &json!({"commit": "HEAD", "format": "stat"})) + .expect("stat git show"); + let stat: serde_json::Value = serde_json::from_str(&stat).expect("stat json"); + assert!(stat["output"] + .as_str() + .expect("stat output") + .contains("README.md")); + + let legacy_stat = execute_tool("GitShow", &json!({"commit": "HEAD", "stat": true})) + .expect("legacy stat git show"); + let legacy_stat: serde_json::Value = + serde_json::from_str(&legacy_stat).expect("legacy stat json"); + assert!(legacy_stat["output"] + .as_str() + .expect("legacy stat output") + .contains("README.md")); + + let metadata = execute_tool("GitShow", &json!({"commit": "HEAD", "format": "metadata"})) + .expect("metadata git show"); + let metadata: serde_json::Value = serde_json::from_str(&metadata).expect("metadata json"); + let metadata_output = metadata["output"].as_str().expect("metadata output"); + assert!(metadata_output.contains("commit ")); + assert!(metadata_output.contains("update readme")); + assert!(!metadata_output.contains("diff --git")); + + let file_patch = execute_tool( + "GitShow", + &json!({"commit": "HEAD", "path": "README.md", "format": "patch"}), + ) + .expect("file patch git show"); + let file_patch: serde_json::Value = + serde_json::from_str(&file_patch).expect("file patch json"); + assert_eq!( + file_patch["output"].as_str().expect("file patch output"), + "initial\nupdated" + ); + + let metadata_path = execute_tool( + "GitShow", + &json!({"commit": "HEAD", "path": "README.md", "format": "metadata"}), + ) + .expect_err("metadata with path should be rejected"); + assert!(metadata_path.contains("cannot be combined with path")); + + let invalid = execute_tool("GitShow", &json!({"commit": "HEAD", "format": "bogus"})) + .expect_err("invalid format should be rejected"); + assert!(invalid.contains("unknown GitShow format")); + + std::env::set_current_dir(&previous).expect("restore cwd"); + let _ = fs::remove_dir_all(root); + } + #[test] fn rejects_unknown_tool_names() { let error = execute_tool("nope", &json!({})).expect_err("tool should be rejected"); @@ -7477,6 +7697,29 @@ mod tests { } } + #[test] + fn allowed_tools_normalize_to_canonical_snake_case_and_aliases_432() { + let registry = GlobalToolRegistry::builtin(); + let allowed = registry + .normalize_allowed_tools(&["Read,WebFetch,MCP".to_string()]) + .expect("aliases and legacy names should normalize") + .expect("allow-list should be populated"); + assert!(allowed.contains("read_file")); + assert!(allowed.contains("web_fetch")); + assert!(allowed.contains("mcp")); + assert!(!allowed.contains("Read")); + assert!(!allowed.contains("WebFetch")); + + let canonical = registry.canonical_allowed_tool_names(); + assert!(canonical.contains(&"web_fetch".to_string())); + assert!(canonical.contains(&"todo_write".to_string())); + assert!(!canonical.contains(&"WebFetch".to_string())); + assert_eq!( + registry.allowed_tool_aliases().get("WebFetch"), + Some(&"web_fetch".to_string()) + ); + } + #[test] fn runtime_tools_extend_registry_definitions_permissions_and_search() { let registry = GlobalToolRegistry::builtin() @@ -8458,7 +8701,7 @@ mod tests { .expect("spawn job should be captured"); assert_eq!(captured_job.prompt, "Check tests and outstanding work."); assert!(captured_job.allowed_tools.contains("read_file")); - assert!(!captured_job.allowed_tools.contains("Agent")); + assert!(!captured_job.allowed_tools.contains("agent")); let normalized = execute_tool( "Agent", @@ -9058,7 +9301,7 @@ mod tests { let general = allowed_tools_for_subagent("general-purpose"); assert!(general.contains("bash")); assert!(general.contains("write_file")); - assert!(!general.contains("Agent")); + assert!(!general.contains("agent")); let explore = allowed_tools_for_subagent("Explore"); assert!(explore.contains("read_file")); @@ -9066,13 +9309,13 @@ mod tests { assert!(!explore.contains("bash")); let plan = allowed_tools_for_subagent("Plan"); - assert!(plan.contains("TodoWrite")); - assert!(plan.contains("StructuredOutput")); - assert!(!plan.contains("Agent")); + assert!(plan.contains("todo_write")); + assert!(plan.contains("structured_output")); + assert!(!plan.contains("agent")); let verification = allowed_tools_for_subagent("Verification"); assert!(verification.contains("bash")); - assert!(verification.contains("PowerShell")); + assert!(verification.contains("power_shell")); assert!(!verification.contains("write_file")); } @@ -10156,6 +10399,26 @@ printf 'pwsh:%s' "$1" ); } + #[test] + fn given_workspace_write_enforcer_when_web_tools_then_denied() { + let registry = workspace_write_registry(); + for (tool, input) in [ + ( + "WebFetch", + json!({"url":"https://example.com", "prompt":"summarize"}), + ), + ("WebSearch", json!({"query":"rust language"})), + ] { + let err = registry + .execute(tool, &input) + .expect_err("network tools should require explicit full access"); + assert!( + err.contains("requires 'danger-full-access'"), + "{tool} should require elevated mode: {err}" + ); + } + } + #[test] fn given_workspace_write_enforcer_when_bash_uses_shell_expansion_then_denied() { let registry = workspace_write_registry(); diff --git a/scripts/dogfood-probe.py b/scripts/dogfood-probe.py new file mode 100644 index 00000000..ee390665 --- /dev/null +++ b/scripts/dogfood-probe.py @@ -0,0 +1,145 @@ +#!/usr/bin/env python3 +from __future__ import annotations + +import argparse +import json +import subprocess +import sys +from dataclasses import dataclass +from pathlib import Path +from typing import Sequence + + +@dataclass(frozen=True) +class ProbeResult: + kind: str + argv: list[str] + returncode: int | None + stdout: bytes + stderr: bytes + message: str | None = None + + @property + def stdout_text(self) -> str: + return self.stdout.decode('utf-8', errors='replace') + + @property + def stderr_text(self) -> str: + return self.stderr.decode('utf-8', errors='replace') + + def to_json_dict(self) -> dict[str, object]: + return { + 'kind': self.kind, + 'argv': self.argv, + 'returncode': self.returncode, + 'stdout': self.stdout_text, + 'stderr': self.stderr_text, + 'message': self.message, + } + + +def run_probe(argv: Sequence[str], *, timeout: float = 10.0, require_stdout_json_byte0: bool = False) -> ProbeResult: + explicit_argv = [str(arg) for arg in argv] + if not explicit_argv: + return ProbeResult( + kind='probe_error', + argv=[], + returncode=None, + stdout=b'', + stderr=b'', + message='argv must contain at least the executable path', + ) + + try: + completed = subprocess.run( + explicit_argv, + capture_output=True, + check=False, + timeout=timeout, + ) + except subprocess.TimeoutExpired as exc: + return ProbeResult( + kind='timeout', + argv=explicit_argv, + returncode=None, + stdout=exc.stdout or b'', + stderr=exc.stderr or b'', + message=f'probe timed out after {timeout:g}s', + ) + except (OSError, ValueError) as exc: + return ProbeResult( + kind='probe_error', + argv=explicit_argv, + returncode=None, + stdout=b'', + stderr=b'', + message=str(exc), + ) + + if require_stdout_json_byte0: + if not completed.stdout: + return ProbeResult( + kind='product_error', + argv=explicit_argv, + returncode=completed.returncode, + stdout=completed.stdout, + stderr=completed.stderr, + message='stdout is empty; expected JSON at byte 0', + ) + if completed.stdout[:1] not in (b'{', b'['): + return ProbeResult( + kind='product_error', + argv=explicit_argv, + returncode=completed.returncode, + stdout=completed.stdout, + stderr=completed.stderr, + message='stdout JSON does not start at byte 0', + ) + try: + json.loads(completed.stdout.decode('utf-8')) + except (UnicodeDecodeError, json.JSONDecodeError) as exc: + return ProbeResult( + kind='product_error', + argv=explicit_argv, + returncode=completed.returncode, + stdout=completed.stdout, + stderr=completed.stderr, + message=f'stdout is not parseable JSON: {exc}', + ) + + if completed.returncode != 0: + return ProbeResult( + kind='product_error', + argv=explicit_argv, + returncode=completed.returncode, + stdout=completed.stdout, + stderr=completed.stderr, + message=f'process exited with code {completed.returncode}', + ) + + return ProbeResult( + kind='ok', + argv=explicit_argv, + returncode=completed.returncode, + stdout=completed.stdout, + stderr=completed.stderr, + ) + + +def main(argv: Sequence[str] | None = None) -> int: + parser = argparse.ArgumentParser(description='Run an argv-safe dogfood probe and emit separated channels as JSON.') + parser.add_argument('--timeout', type=float, default=10.0) + parser.add_argument('--stdout-json-byte0', action='store_true', help='Require stdout to be parseable JSON starting at byte 0.') + parser.add_argument('command', nargs=argparse.REMAINDER, help='Executable and arguments to run. Use -- before the target argv.') + args = parser.parse_args(argv) + command = args.command + if command and command[0] == '--': + command = command[1:] + + result = run_probe(command, timeout=args.timeout, require_stdout_json_byte0=args.stdout_json_byte0) + print(json.dumps(result.to_json_dict(), sort_keys=True)) + return 0 if result.kind == 'ok' else 1 + + +if __name__ == '__main__': + raise SystemExit(main()) diff --git a/tests/__init__.py b/tests/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tests/test_roadmap_helpers.py b/tests/test_roadmap_helpers.py index 0169f88c..3c875198 100644 --- a/tests/test_roadmap_helpers.py +++ b/tests/test_roadmap_helpers.py @@ -9,6 +9,9 @@ from pathlib import Path REPO_ROOT = Path(__file__).resolve().parents[1] NEXT_ID = REPO_ROOT / 'scripts' / 'roadmap-next-id.sh' +DOGFOOD_PROBE = REPO_ROOT / 'scripts' / 'dogfood-probe.py' + + def run_next_id(roadmap: Path, script: Path = NEXT_ID) -> subprocess.CompletedProcess[str]: @@ -21,6 +24,16 @@ def run_next_id(roadmap: Path, script: Path = NEXT_ID) -> subprocess.CompletedPr ) +def run_dogfood_probe(args: list[str]) -> subprocess.CompletedProcess[str]: + return subprocess.run( + ['python3', str(DOGFOOD_PROBE), *args], + cwd=REPO_ROOT, + capture_output=True, + text=True, + check=False, + ) + + class RoadmapHelperTests(unittest.TestCase): def test_roadmap_next_id_prints_only_next_id_after_duplicate_check(self) -> None: with tempfile.TemporaryDirectory() as temp_dir: @@ -46,6 +59,17 @@ class RoadmapHelperTests(unittest.TestCase): self.assertIn('999', result.stderr) self.assertNotIn('1000', result.stdout) + def test_roadmap_next_id_fails_when_explicit_roadmap_path_is_missing(self) -> None: + with tempfile.TemporaryDirectory() as temp_dir: + roadmap = Path(temp_dir) / 'missing-ROADMAP.md' + + result = run_next_id(roadmap) + + self.assertNotEqual(0, result.returncode) + self.assertEqual('', result.stdout) + self.assertIn('ROADMAP not found', result.stderr) + self.assertIn(str(roadmap), result.stderr) + def test_roadmap_next_id_fails_closed_when_checker_is_unavailable(self) -> None: with tempfile.TemporaryDirectory() as temp_dir: script_dir = Path(temp_dir) / 'scripts' @@ -62,6 +86,78 @@ class RoadmapHelperTests(unittest.TestCase): self.assertIn('required ROADMAP id checker not found or not readable', result.stderr) self.assertIn('refusing to print a next id', result.stderr) + def test_dogfood_probe_runs_explicit_argv_and_separates_channels(self) -> None: + with tempfile.TemporaryDirectory() as temp_dir: + fixture = Path(temp_dir) / 'fixture.py' + fixture.write_text( + 'from __future__ import annotations\n' + 'import json\n' + 'import sys\n' + 'print(json.dumps({"argv": sys.argv[1:]}))\n' + 'print("diagnostic", file=sys.stderr)\n' + ) + + result = run_dogfood_probe([ + '--stdout-json-byte0', + '--', + 'python3', + str(fixture), + '--output-format', + 'json', + 'doctor', + '--help', + ]) + + self.assertEqual(0, result.returncode) + payload = __import__('json').loads(result.stdout) + self.assertEqual('ok', payload['kind']) + self.assertEqual([ + 'python3', + str(fixture), + '--output-format', + 'json', + 'doctor', + '--help', + ], payload['argv']) + self.assertEqual(0, payload['returncode']) + self.assertEqual('{"argv": ["--output-format", "json", "doctor", "--help"]}\n', payload['stdout']) + self.assertEqual('diagnostic\n', payload['stderr']) + + def test_dogfood_probe_labels_timeout_separately_from_product_error(self) -> None: + with tempfile.TemporaryDirectory() as temp_dir: + fixture = Path(temp_dir) / 'sleep.py' + fixture.write_text('import time\ntime.sleep(2)\n') + + result = run_dogfood_probe(['--timeout', '0.1', '--', 'python3', str(fixture)]) + + self.assertEqual(1, result.returncode) + payload = __import__('json').loads(result.stdout) + self.assertEqual('timeout', payload['kind']) + self.assertIsNone(payload['returncode']) + self.assertIn('timed out', payload['message']) + + def test_dogfood_probe_labels_probe_construction_failure(self) -> None: + result = run_dogfood_probe([]) + + self.assertEqual(1, result.returncode) + payload = __import__('json').loads(result.stdout) + self.assertEqual('probe_error', payload['kind']) + self.assertEqual([], payload['argv']) + self.assertIsNone(payload['returncode']) + self.assertIn('argv must contain', payload['message']) + + def test_dogfood_probe_labels_stdout_json_prefix_failure_as_product_error(self) -> None: + with tempfile.TemporaryDirectory() as temp_dir: + fixture = Path(temp_dir) / 'prefixed.py' + fixture.write_text('print("warning before json")\nprint("{}")\n') + + result = run_dogfood_probe(['--stdout-json-byte0', '--', 'python3', str(fixture)]) + + self.assertEqual(1, result.returncode) + payload = __import__('json').loads(result.stdout) + self.assertEqual('product_error', payload['kind']) + self.assertEqual(0, payload['returncode']) + self.assertIn('byte 0', payload['message']) if __name__ == '__main__': unittest.main()