fix(#130b): enrich filesystem I/O errors with operation + path context

## What Was Broken (ROADMAP #130b, filed cycle #47)

In a fresh workspace, running:

    claw export latest --output /private/nonexistent/path/file.jsonl --output-format json

produced:

    {"error":"No such file or directory (os error 2)","hint":null,"kind":"unknown","type":"error"}

This violates the typed-error contract:
- Error message is a raw errno string with zero context
- Does not mention the operation that failed (export)
- Does not mention the target path
- Classifier defaults to "unknown" even though the code path knows
  this is a filesystem I/O error

## Root Cause (Traced)

run_export() at main.rs:~6915 does:

    fs::write(path, &markdown)?;

When this fails:
1. io::Error propagates via ? to main()
2. Converted to string via .to_string() in error handler
3. classify_error_kind() cannot match "os error" or "No such file"
4. Defaults to "kind": "unknown"

The information is there at the source (operation name, target path,
io::ErrorKind) but lost at the propagation boundary.

## What This Fix Does

Three changes:

1. **New helper: contextualize_io_error()** (main.rs:~260)
   Wraps an io::Error with operation name + target path into a
   recognizable message format:

       "{operation} failed: {target} ({error})"

2. **Classifier branch added** (classify_error_kind at main.rs:~270)
   Recognizes the new format and classifies as "filesystem_io_error":

       else if message.contains("export failed:") ||
               message.contains("diff failed:") ||
               message.contains("config failed:") {
           "filesystem_io_error"
       }

3. **run_export() wired** (main.rs:~6915)
   fs::write() call now uses .map_err() to enrich io::Error:

       fs::write(path, &markdown).map_err(|e| -> Box<dyn std::error::Error> {
           contextualize_io_error("export", &path.display().to_string(), e).into()
       })?;

## Dogfood Verification

Before fix:

    {"error":"No such file or directory (os error 2)","kind":"unknown","type":"error"}

After fix:

    {"error":"export failed: /private/nonexistent/path/file.jsonl (No such file or directory (os error 2))","kind":"filesystem_io_error","type":"error"}

The envelope now tells downstream claws:
- WHAT operation failed (export)
- WHERE it failed (the path)
- WHAT KIND of failure (filesystem_io_error)
- The original errno detail preserved for diagnosis

## Non-Regression Verification

- Successful export still works (emits "kind": "export" envelope as before)
- Session not found error still emits "session_not_found" (not filesystem)
- missing_credentials still works correctly
- cli_parse still works correctly
- All 180 binary tests pass
- All 466 library tests pass
- All 95 compat-harness tests pass

## Regression Tests Added

Inside the main CliAction test function:

- "export failed:" pattern classifies as "filesystem_io_error" (not "unknown")
- "diff failed:" pattern classifies as "filesystem_io_error"
- "config failed:" pattern classifies as "filesystem_io_error"
- contextualize_io_error() produces a message containing operation name
- contextualize_io_error() produces a message containing target path
- Messages produced by contextualize_io_error() are classifier-recognizable

## Scope

This is the minimum viable fix: enrich export's fs::write with context.
Future work (filed as part of #130b scope): apply same pattern to
other filesystem operations (diff, plugins, config fs reads, session
store writes, etc.). Each application is a copy-paste of the same
helper pattern.

## Pattern

Follows #145 (plugins parser interception), #248-249 (arm-level leak
templates). Helper + classifier + call site wiring. Minimal diff,
maximum observability gain.

## Related

- Closes #130b (filesystem error context preservation)
- Stacks on top of #251 (dispatch-order fix) — same worktree branch
- Ground truth for future #130 broader sweep (other io::Error sites)

rust/crates/rusty-claude-cli/src/main.rs

@@ -257,10 +257,18 @@ Run `claw --help` for usage."
 /// Returns a snake_case token that downstream consumers can switch on instead
 /// of regex-scraping the prose. The classification is best-effort prefix/keyword
 /// matching against the error messages produced throughout the CLI surface.
+/// #130b: Wrap io::Error with operation context so classifier can recognize filesystem failures.
+fn contextualize_io_error(operation: &str, target: &str, error: std::io::Error) -> String {
+    format!("{} failed: {} ({})", operation, target, error)
+}
+
 fn classify_error_kind(message: &str) -> &'static str {
     // Check specific patterns first (more specific before generic)
     if message.contains("missing Anthropic credentials") {
         "missing_credentials"
+    } else if message.contains("export failed:") || message.contains("diff failed:") || message.contains("config failed:") {
+        // #130b: Filesystem operation errors enriched with operation+path context.
+        "filesystem_io_error"
     } else if message.contains("Manifest source files are missing") {
         "missing_manifests"
     } else if message.contains("no worker state file found") {
@@ -452,6 +460,113 @@ fn run() -> Result<(), Box<dyn std::error::Error>> {
                 );
             }
         },
+        // #251: session-management verbs (list-sessions, load-session,
+        // delete-session, flush-transcript) are pure-local operations.
+        // They are intercepted at the parser level and dispatched directly
+        // to session-control operations without requiring credentials.
+        CliAction::ListSessions { output_format } => {
+            use runtime::session_control::list_managed_sessions_for;
+            let base_dir = env::current_dir()?;
+            let sessions = list_managed_sessions_for(base_dir)?;
+            match output_format {
+                CliOutputFormat::Text => {
+                    if sessions.is_empty() {
+                        println!("No sessions found.");
+                    } else {
+                        for session in sessions {
+                            println!("{} ({})", session.id, session.path.display());
+                        }
+                    }
+                }
+                CliOutputFormat::Json => {
+                    // #251: ManagedSessionSummary doesn't impl Serialize;
+                    // construct JSON manually with the public fields.
+                    let sessions_json: Vec<serde_json::Value> = sessions
+                        .iter()
+                        .map(|s| {
+                            serde_json::json!({
+                                "id": s.id,
+                                "path": s.path.display().to_string(),
+                                "updated_at_ms": s.updated_at_ms,
+                                "message_count": s.message_count,
+                            })
+                        })
+                        .collect();
+                    let result = serde_json::json!({
+                        "command": "list-sessions",
+                        "sessions": sessions_json,
+                    });
+                    println!("{}", serde_json::to_string_pretty(&result)?);
+                }
+            }
+        }
+        CliAction::LoadSession {
+            session_reference,
+            output_format,
+        } => {
+            use runtime::session_control::load_managed_session_for;
+            let base_dir = env::current_dir()?;
+            let loaded = load_managed_session_for(base_dir, &session_reference)?;
+            match output_format {
+                CliOutputFormat::Text => {
+                    println!(
+                        "Session {} loaded\n  File       {}\n  Messages   {}",
+                        loaded.session.session_id,
+                        loaded.handle.path.display(),
+                        loaded.session.messages.len()
+                    );
+                }
+                CliOutputFormat::Json => {
+                    let result = serde_json::json!({
+                        "command": "load-session",
+                        "session": {
+                            "id": loaded.session.session_id,
+                            "path": loaded.handle.path.display().to_string(),
+                            "messages": loaded.session.messages.len(),
+                        },
+                    });
+                    println!("{}", serde_json::to_string_pretty(&result)?);
+                }
+            }
+        }
+        CliAction::DeleteSession {
+            session_id: _,
+            output_format,
+        } => {
+            // #251: delete-session implementation deferred
+            eprintln!("delete-session is not yet implemented.");
+            if matches!(output_format, CliOutputFormat::Json) {
+                eprintln!(
+                    "{}",
+                    serde_json::json!({
+                        "type": "error",
+                        "error": "not_yet_implemented",
+                        "command": "delete-session",
+                        "kind": "not_yet_implemented",
+                    })
+                );
+            }
+            std::process::exit(1);
+        }
+        CliAction::FlushTranscript {
+            session_id: _,
+            output_format,
+        } => {
+            // #251: flush-transcript implementation deferred
+            eprintln!("flush-transcript is not yet implemented.");
+            if matches!(output_format, CliOutputFormat::Json) {
+                eprintln!(
+                    "{}",
+                    serde_json::json!({
+                        "type": "error",
+                        "error": "not_yet_implemented",
+                        "command": "flush-transcript",
+                        "kind": "not_yet_implemented",
+                    })
+                );
+            }
+            std::process::exit(1);
+        }
         CliAction::Export {
             session_reference,
             output_path,
@@ -579,6 +694,26 @@ enum CliAction {
     Help {
         output_format: CliOutputFormat,
     },
+    // #251: session-management verbs are pure-local reads/mutations on the
+    // session store. They do not require credentials or a model connection.
+    // Previously these fell through to the `_other => Prompt` catchall and
+    // emitted `missing_credentials` errors. Now they are intercepted at the
+    // top-level parser and dispatched to session-control operations.
+    ListSessions {
+        output_format: CliOutputFormat,
+    },
+    LoadSession {
+        session_reference: String,
+        output_format: CliOutputFormat,
+    },
+    DeleteSession {
+        session_id: String,
+        output_format: CliOutputFormat,
+    },
+    FlushTranscript {
+        session_id: String,
+        output_format: CliOutputFormat,
+    },
 }
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -934,6 +1069,81 @@ fn parse_args(args: &[String]) -> Result<CliAction, String> {
             }
             Ok(CliAction::Diff { output_format })
         }
+        // #251: session-management verbs are pure-local operations on the
+        // session store. They require no credentials or model connection.
+        // Previously they fell through to `_other => Prompt` and emitted
+        // `missing_credentials`. Now they are intercepted at parse time and
+        // routed to session-control operations.
+        "list-sessions" => {
+            let tail = &rest[1..];
+            // list-sessions takes no positional arguments; flags are already parsed
+            if !tail.is_empty() {
+                return Err(format!(
+                    "unexpected extra arguments after `claw list-sessions`: {}",
+                    tail.join(" ")
+                ));
+            }
+            Ok(CliAction::ListSessions { output_format })
+        }
+        "load-session" => {
+            let tail = &rest[1..];
+            // load-session requires a session-id (positional) argument
+            let session_ref = tail.first().ok_or_else(|| {
+                "load-session requires a session-id argument (e.g., `claw load-session SESSION.jsonl`)"
+                    .to_string()
+            })?.clone();
+            if tail.len() > 1 {
+                return Err(format!(
+                    "unexpected extra arguments after `claw load-session {session_ref}`: {}",
+                    tail[1..].join(" ")
+                ));
+            }
+            Ok(CliAction::LoadSession {
+                session_reference: session_ref,
+                output_format,
+            })
+        }
+        "delete-session" => {
+            let tail = &rest[1..];
+            // delete-session requires a session-id (positional) argument
+            let session_id = tail.first().ok_or_else(|| {
+                "delete-session requires a session-id argument (e.g., `claw delete-session SESSION_ID`)"
+                    .to_string()
+            })?.clone();
+            if tail.len() > 1 {
+                return Err(format!(
+                    "unexpected extra arguments after `claw delete-session {session_id}`: {}",
+                    tail[1..].join(" ")
+                ));
+            }
+            Ok(CliAction::DeleteSession {
+                session_id,
+                output_format,
+            })
+        }
+        "flush-transcript" => {
+            let tail = &rest[1..];
+            // flush-transcript: optional --session-id flag (parsed above) or as positional
+            let session_id = if tail.is_empty() {
+                // --session-id flag must have been provided
+                return Err(
+                    "flush-transcript requires either --session-id flag or positional argument"
+                        .to_string(),
+                );
+            } else {
+                tail[0].clone()
+            };
+            if tail.len() > 1 {
+                return Err(format!(
+                    "unexpected extra arguments after `claw flush-transcript {session_id}`: {}",
+                    tail[1..].join(" ")
+                ));
+            }
+            Ok(CliAction::FlushTranscript {
+                session_id,
+                output_format,
+            })
+        }
         "skills" => {
             let args = join_optional_args(&rest[1..]);
             match classify_skills_slash_command(args.as_deref()) {
@@ -6706,7 +6916,10 @@ fn run_export(
     let markdown = render_session_markdown(&session, &handle.id, &handle.path);
 
     if let Some(path) = output_path {
-        fs::write(path, &markdown)?;
+        // #130b: Wrap io::Error with operation context so classifier recognizes filesystem failures.
+        fs::write(path, &markdown).map_err(|e| -> Box<dyn std::error::Error> {
+            contextualize_io_error("export", &path.display().to_string(), e).into()
+        })?;
         let report = format!(
             "Export\n  Result           wrote markdown transcript\n  File             {}\n  Session          {}\n  Messages         {}",
             path.display(),
@@ -10017,6 +10230,128 @@ mod tests {
                 output_format: CliOutputFormat::Json,
             }
         );
+        // #251: session-management verbs (list-sessions, load-session,
+        // delete-session, flush-transcript) must be intercepted at top-level
+        // parse and returned as CliAction variants. Previously they fell
+        // through to `_other => Prompt` and emitted `missing_credentials`
+        // for purely-local operations.
+        assert_eq!(
+            parse_args(&["list-sessions".to_string()])
+                .expect("list-sessions should parse"),
+            CliAction::ListSessions {
+                output_format: CliOutputFormat::Text,
+            },
+            "list-sessions must dispatch to ListSessions, not fall through to Prompt"
+        );
+        assert_eq!(
+            parse_args(&[
+                "list-sessions".to_string(),
+                "--output-format".to_string(),
+                "json".to_string(),
+            ])
+            .expect("list-sessions --output-format json should parse"),
+            CliAction::ListSessions {
+                output_format: CliOutputFormat::Json,
+            }
+        );
+        assert_eq!(
+            parse_args(&[
+                "load-session".to_string(),
+                "my-session-id".to_string(),
+            ])
+            .expect("load-session <id> should parse"),
+            CliAction::LoadSession {
+                session_reference: "my-session-id".to_string(),
+                output_format: CliOutputFormat::Text,
+            },
+            "load-session must dispatch to LoadSession, not fall through to Prompt"
+        );
+        assert_eq!(
+            parse_args(&[
+                "delete-session".to_string(),
+                "my-session-id".to_string(),
+            ])
+            .expect("delete-session <id> should parse"),
+            CliAction::DeleteSession {
+                session_id: "my-session-id".to_string(),
+                output_format: CliOutputFormat::Text,
+            },
+            "delete-session must dispatch to DeleteSession, not fall through to Prompt"
+        );
+        assert_eq!(
+            parse_args(&[
+                "flush-transcript".to_string(),
+                "my-session-id".to_string(),
+            ])
+            .expect("flush-transcript <id> should parse"),
+            CliAction::FlushTranscript {
+                session_id: "my-session-id".to_string(),
+                output_format: CliOutputFormat::Text,
+            },
+            "flush-transcript must dispatch to FlushTranscript, not fall through to Prompt"
+        );
+        // #251: required positional arguments for session verbs
+        let load_err = parse_args(&["load-session".to_string()])
+            .expect_err("load-session without id should be rejected");
+        assert!(
+            load_err.contains("load-session requires a session-id"),
+            "missing session-id error should be specific, got: {load_err}"
+        );
+        let delete_err = parse_args(&["delete-session".to_string()])
+            .expect_err("delete-session without id should be rejected");
+        assert!(
+            delete_err.contains("delete-session requires a session-id"),
+            "missing session-id error should be specific, got: {delete_err}"
+        );
+        // #251: extra arguments must be rejected
+        let extra_err = parse_args(&[
+            "list-sessions".to_string(),
+            "unexpected".to_string(),
+        ])
+        .expect_err("list-sessions with extra args should be rejected");
+        assert!(
+            extra_err.contains("unexpected extra arguments"),
+            "extra-args error should be specific, got: {extra_err}"
+        );
+        // #130b: classify_error_kind must recognize filesystem operation errors.
+        // Messages produced by contextualize_io_error() must route to
+        // "filesystem_io_error" kind, not default "unknown". This closes the
+        // context-loss chain (run_export -> fs::write -> ? -> to_string ->
+        // classify miss -> unknown) that #130b identified.
+        let export_err_msg = "export failed: /tmp/bad/path (No such file or directory (os error 2))";
+        assert_eq!(
+            classify_error_kind(export_err_msg),
+            "filesystem_io_error",
+            "#130b: export fs::write errors must classify as filesystem_io_error, not unknown"
+        );
+        let diff_err_msg = "diff failed: /tmp/nowhere (Permission denied (os error 13))";
+        assert_eq!(
+            classify_error_kind(diff_err_msg),
+            "filesystem_io_error",
+            "#130b: diff fs errors must classify as filesystem_io_error"
+        );
+        let config_err_msg = "config failed: /tmp/x (Is a directory (os error 21))";
+        assert_eq!(
+            classify_error_kind(config_err_msg),
+            "filesystem_io_error",
+            "#130b: config fs errors must classify as filesystem_io_error"
+        );
+        // #130b: contextualize_io_error must produce messages that the classifier recognizes.
+        let io_err = std::io::Error::new(std::io::ErrorKind::NotFound, "No such file or directory");
+        let enriched = super::contextualize_io_error("export", "/tmp/bad/path", io_err);
+        assert!(
+            enriched.contains("export failed:"),
+            "#130b: contextualize_io_error must include operation name, got: {enriched}"
+        );
+        assert!(
+            enriched.contains("/tmp/bad/path"),
+            "#130b: contextualize_io_error must include target path, got: {enriched}"
+        );
+        assert_eq!(
+            classify_error_kind(&enriched),
+            "filesystem_io_error",
+            "#130b: enriched messages must be classifier-recognizable"
+        );
         // #147: empty / whitespace-only positional args must be rejected
         // with a specific error instead of falling through to the prompt
         // path (where they surface a misleading "missing Anthropic