eeymoo/claw-code
1
0
Fork 0
mirror of https://github.com/instructkr/claw-code.git synced 2026-04-26 12:44:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: eeymoo:feat/jobdori-247-classify-prompt-errors
Branches Tags
eeymoo:main eeymoo:feat/jobdori-168c-emission-routing eeymoo:claw-code-issue-188k-brand-redesign eeymoo:feat/jobdori-122b-doctor-broad-cwd eeymoo:feat/jobdori-122-doctor-stale-base eeymoo:feat/jobdori-152-bootstrap-plan-suffix-guard eeymoo:feat/jobdori-152-init-suffix-guard eeymoo:feat/jobdori-130e-surface-help eeymoo:feat/jobdori-130e-dispatch-help eeymoo:feat/jobdori-130d-config-help eeymoo:feat/jobdori-130c-diff-help eeymoo:feat/jobdori-130b-filesystem-context eeymoo:feat/jobdori-251-session-dispatch eeymoo:feat/jobdori-249-resumed-slash-kind eeymoo:feat/jobdori-248-unknown-verb-option-classify eeymoo:feat/jobdori-247-classify-prompt-errors eeymoo:feat/134-135-session-identity eeymoo:feat/jobdori-130-export-error-envelope eeymoo:fix/linux-hooks-broken-pipe eeymoo:dev/rust eeymoo:feat/provider-routing-parity eeymoo:feat/batch3-all eeymoo:fix/ui-parity eeymoo:fix/plugin-loading-parity eeymoo:fix/skill-invoke eeymoo:release/0.1.0 eeymoo:feat/release-0.1.0-readme eeymoo:feat/uiux-redesign eeymoo:feat/ui-hardening eeymoo:integration/dori-cleanroom eeymoo:rcc/plugins eeymoo:rcc/cache-tracking eeymoo:rcc/telemetry eeymoo:rcc/jsonl-session eeymoo:rcc/grok eeymoo:rcc/hook-pipeline eeymoo:rcc/api eeymoo:rcc/parity-fix eeymoo:rcc/subagent eeymoo:rcc/ant-tools eeymoo:rcc/hooks eeymoo:rcc/ui-polish eeymoo:rcc/cli eeymoo:rcc/render eeymoo:rcc/sandbox eeymoo:rcc/git eeymoo:rcc/thinking eeymoo:rcc/runtime eeymoo:rcc/update eeymoo:rcc/doctor eeymoo:rcc/tools eeymoo:rcc/image eeymoo:rcc/memory eeymoo:rcc/cost
...
compare: eeymoo:feat/jobdori-122-doctor-stale-base
Branches Tags
eeymoo:feat/jobdori-168c-emission-routing eeymoo:claw-code-issue-188k-brand-redesign eeymoo:feat/jobdori-122b-doctor-broad-cwd eeymoo:feat/jobdori-122-doctor-stale-base eeymoo:feat/jobdori-152-bootstrap-plan-suffix-guard eeymoo:feat/jobdori-152-init-suffix-guard eeymoo:feat/jobdori-130e-surface-help eeymoo:feat/jobdori-130e-dispatch-help eeymoo:feat/jobdori-130d-config-help eeymoo:feat/jobdori-130c-diff-help eeymoo:feat/jobdori-130b-filesystem-context eeymoo:feat/jobdori-251-session-dispatch eeymoo:feat/jobdori-249-resumed-slash-kind eeymoo:feat/jobdori-248-unknown-verb-option-classify eeymoo:feat/jobdori-247-classify-prompt-errors eeymoo:main eeymoo:feat/134-135-session-identity eeymoo:feat/jobdori-130-export-error-envelope eeymoo:fix/linux-hooks-broken-pipe eeymoo:dev/rust eeymoo:feat/provider-routing-parity eeymoo:feat/batch3-all eeymoo:fix/ui-parity eeymoo:fix/plugin-loading-parity eeymoo:fix/skill-invoke eeymoo:release/0.1.0 eeymoo:feat/release-0.1.0-readme eeymoo:feat/uiux-redesign eeymoo:feat/ui-hardening eeymoo:integration/dori-cleanroom eeymoo:rcc/plugins eeymoo:rcc/cache-tracking eeymoo:rcc/telemetry eeymoo:rcc/jsonl-session eeymoo:rcc/grok eeymoo:rcc/hook-pipeline eeymoo:rcc/api eeymoo:rcc/parity-fix eeymoo:rcc/subagent eeymoo:rcc/ant-tools eeymoo:rcc/hooks eeymoo:rcc/ui-polish eeymoo:rcc/cli eeymoo:rcc/render eeymoo:rcc/sandbox eeymoo:rcc/git eeymoo:rcc/thinking eeymoo:rcc/runtime eeymoo:rcc/update eeymoo:rcc/doctor eeymoo:rcc/tools eeymoo:rcc/image eeymoo:rcc/memory eeymoo:rcc/cost

13 Commits
feat/jobdo ... feat/jobdo

Author SHA1 Message Date
YeonGyu-Kim
d9fbe1ef83 fix(cli): #122 doctor invocation now checks stale-base condition — added run_stale_base_preflight(None) call to doctor action handler, matching Prompt + REPL dispatch ordering; closes inconsistency where doctor says 'ok' but prompt warns 'stale base' 2026-04-23 02:24:27 +09:00
YeonGyu-Kim
cb8839e050 roadmap: cluster closure + defer #155/#156 design questions (config section validation, mcp/agents soft-warning) 2026-04-23 02:18:46 +09:00
YeonGyu-Kim
41b0006eea roadmap: cluster closure note — help-parity family complete (#130c, #130d, #130e) 2026-04-23 02:10:07 +09:00
YeonGyu-Kim
762e9bb212 roadmap: file #130e — help-parity sweep reveals 5 additional anomalies (3 dispatch-order, 2 surface) 2026-04-23 02:00:59 +09:00
YeonGyu-Kim
5e29430d4f roadmap: file #130d — config command silently ignores --help, displays config dump instead 2026-04-23 01:53:31 +09:00
YeonGyu-Kim
0d8adceb67 roadmap: file #130c — pure-local commands reject --help as extra argument (diff, config, status) 2026-04-23 01:44:11 +09:00
YeonGyu-Kim
9eba71da81 roadmap: file #153b — PATH setup guide follow-up to #153 2026-04-23 01:35:24 +09:00
YeonGyu-Kim
ef5aae3ddd roadmap: file #130b — filesystem errors lose context, emit generic errno strings (export command case) 2026-04-23 01:33:25 +09:00
YeonGyu-Kim
f05bc037de docs(#250, #251): Align SCHEMAS.md with actual binary, downgrade #250 to scope-reduced 
Cycle #46 follow-up to cycle #45's #251 implementation. Closes #250's
implementation urgency by aligning docs with reality.

SCHEMAS.md Updates:
For each of the 4 session-management verbs, added:
1. Status marker (Implemented or Stub only)
2. Actual binary envelope (shape produced by the #251-fixed binary)
3. Aspirational (future) shape (original SCHEMAS.md content, preserved as target)
4. Gap notes where the two diverge

Per-verb status:
- list-sessions: Implemented, nested field layout
- load-session: Implemented, nested session object with local session_not_found error
- delete-session: Stub, emits not_yet_implemented (local error, not auth)
- flush-transcript: Stub, emits not_yet_implemented (local error, not auth)

ROADMAP.md Updates:
- #251 marked CLOSED: Full status with commit ref, test counts.
- #250 marked SCOPE-REDUCED: Option A resolved by #251, Option C moot,
  only Option B (doc alignment) remains as future cleanup.

Why this matters:
Every code change should close its documentation loop. #251 landed on
the branch, but SCHEMAS.md still described aspirational shapes without
marking which were implemented. Claws reading SCHEMAS.md would have
assumed full conformance and hit surprises. Now the document tells the
truth about which verbs work, which are stubs, and why.

Related:
- #251 implementation on feat/jobdori-251-session-dispatch branch
- #250 scope-reduced to Option B (field-name harmonization)
- #145/#146 parser fall-through fix precedent
 2026-04-23 01:28:33 +09:00
YeonGyu-Kim
2fcb85ce4e ROADMAP #251: dispatch-order bug — session-management verbs fall through to Prompt before credential check (filed by gaebal-gajae; formalized by Jobdori cycle #40) 
Cycle #40: gaebal-gajae conceived #251 in their 00:00 Discord cycle
status but hadn't committed to ROADMAP yet. Jobdori verified their
diagnosis with code trace and formalized into ROADMAP with the proper
framing relationship to #250.

## What This Pinpoint Says

Same observable as #250 (session-management verbs emit missing_credentials
instead of SCHEMAS.md envelope) but reframed at the dispatch-order layer:

- #250 says: surface missing on canonical binary vs SCHEMAS.md promise
- #251 says: top-level parser fall-through happens BEFORE dispatcher
  could intercept, so credential resolution runs before the verb is
  classified as a purely-local operation

#251's framing is sharper because it identifies WHY the fall-through
produces auth errors, not just that it does.

## Verified Code Trace

- main.rs:1017-1027 is the _other => Prompt catchall
- joins all rest[] tokens into joined, constructs CliAction::Prompt
- downstream resolves credentials -> emits missing_credentials
- No credential call would be needed had the verb been intercepted

Same pattern has been fixed before for other purely-local verbs:
- #145: plugins (main.rs:888-906, explicit match arm)
- #146: config and diff (main.rs:911-935, same shape)

#251 extends this to the 4 session-management verbs.

## Recommended Sequence

1. #251 fix (4 match arms mirroring #145/#146) — principled solution
2. #250's Option B (docs scope note) — guard against future drift
3. #250's Option C (reject with redirect) — unnecessary if #251 lands

## Discipline

Per cycle #24 calibration:
- Red-state bug? Borderline (silent misroute to auth error class)
- Real friction? ✓ (4 documented surfaces emit wrong error class)
- Evidence-backed? ✓ (code trace + prior-fix precedent #145/#146)
- Same-cycle fix? ✗ (filed + document, boundary discipline #36)
- Implementation cost? ~40 lines Rust + tests, bounded

## Credit

Conception: gaebal-gajae (Discord msg 1496526112254328902, 00:00 KST)
Formalization: Jobdori cycle #40 (code trace + precedent linking)

This is the right kind of collaboration: gaebal-gajae saw the dispatch
pattern I had missed in #250 (I framed as surface parity; they framed
as dispatch order). I verified their diagnosis and committed the
ROADMAP entry. Two framings make the pinpoint sharper than either
alone.
 2026-04-23 00:06:46 +09:00
YeonGyu-Kim
f1103332d0 ROADMAP #130: re-verify still-open on main HEAD 186d42f; add classifier-cluster pairing note 
Cycle #39 dogfood re-verification of #130 (filed 2026-04-20). All 5
filesystem failure modes reproduce identically on main HEAD 186d42f,
2 days after original filing. Gap is unchanged.

## What's Added

1. **[STILL OPEN — re-verified 2026-04-22 cycle #39]** marker on the
   entry so readers can see immediately that the pinpoint hasn't been
   accidentally closed.

2. Full 5-mode repro output preserved verbatim for the current HEAD,
   so future re-verifications have a concrete baseline to diff against.

3. **New evidence not in original filing**: the classifier actively
   chose `kind: "unknown"` rather than just omitting the field. This
   means classify_error_kind() has NO substring match for "Is a
   directory", "No such file", "Operation not permitted", or "File
   exists". The typed-error contract is thus twice-broken on this path.

4. **Pairing with #247/#248/#249 classifier sweep**: the classifier-level
   part of #130 could land in the same sweep (add substring branches
   for io::ErrorKind strings). The context-preservation part (fix
   run_export's bare `?`) is a separate, larger change.

## Why Re-Verification Not Re-Filing

Per cycle #24 discipline: speculative re-filings add noise, real
confirmations add truth. #130 was already filed with exact repros, code
trace, and fix shape. My dogfood hit the same gap on fresh HEAD — the
right output is confirming the gap is still there (not filing #251 for
the same bug).

This is the same pattern as cycle #32's "mark #127 CLOSED" reality-sync:
documentation-drift prevention through explicit status markers.

## New Pattern

"Reality-sync via re-verification" — re-running a filed pinpoint's
repro on fresh HEAD and adding the timestamp + output proves the gap
is still real without inventing new filings. Cycle #24 calibration
keeps ROADMAP entries honest.

Per cycle #24 calibration:
- Red-state bug? ⚠️ borderline (errors surfaced, but kind=unknown is
  demonstrably wrong on a path where the system knows the errno)
- Real friction? ✓ (re-verified on fresh HEAD)
- Evidence-backed? ✓ (5-mode repro + classifier trace)
- Same-cycle fix? ✗ (classifier-level part could join #247/#248/#249
  sweep; context-preservation part is larger refactor)
- Implementation cost? Classifier part ~10 lines; full context fix ~60 lines

Source: Jobdori cycle #39 proactive dogfood in response to Clawhip
pinpoint nudge. Probed export filesystem errors; discovered this was
#130 reconfirmation, not new bug. Applied reality-sync pattern from
cycle #32.
 2026-04-23 00:02:58 +09:00
YeonGyu-Kim
186d42f979 ROADMAP #250: CLI surface parity gap — SCHEMAS.md's list-sessions/delete-session/etc. are Python-only; Rust binary falls through to Prompt with cred error 
Cycle #38 dogfood finding. Probed session management via the top-level
subcommand path documented in SCHEMAS.md; discovered the Rust binary
doesn't implement these as top-level subcommands. The literal token
'list-sessions' falls through the _other => Prompt arm and returns
'missing Anthropic credentials' instead of the documented envelope.

## The Gap

SCHEMAS.md documents 14 CLAWABLE top-level subcommands. Python audit
harness (src/main.py) implements all 14. Rust binary implements ~8 of
them as top-level, routing session management through /session slash
commands via --resume instead.

Repro:

  $ env -i PATH=$PATH HOME=$HOME claw list-sessions --output-format json
  {"error":"missing Anthropic credentials; ...","kind":"missing_credentials"}

  $ claw --resume latest /session list --output-format json
  {"active":"...","kind":"session_list","sessions":[...]}

  $ python3 -m src.main list-sessions --output-format json
  {"command":"list-sessions","sessions":[...],"exit_code":0}

Same operation, three different CLI shapes across implementations.

## Classification

This is BOTH:
- a parser-level trust gap (6th in #108/#117/#119/#122/#127 family; same
  _other => Prompt fall-through), AND
- a cross-implementation parity gap (SCHEMAS.md at repo root doesn't
  match Rust binary's top-level surface)

Unlike prior fall-throughs where the input was malformed, the input
here IS a documented surface. The fall-through is wrong for a different
reason: the surface exists in the protocol but not in this implementation.

## Three Fix Options

Option A: Implement surfaces on Rust binary (highest cost, full parity)
Option B: Scope SCHEMAS.md to Python harness (docs-only)
Option C: Reject at parse time with redirect hint (cheapest, #127 pattern)

Recommended: C first (prevents cred misdirection), then B for docs
hygiene, then A if demand justifies.

## Discipline

Per cycle #24 calibration:
- Red-state bug? ⚠️ borderline — silent misroute to cred error on a
  documented surface. Not a crash but a real wrong-contract response.
- Real friction? ✓ (claws reading SCHEMAS.md hit wrong error on canonical binary)
- Evidence-backed? ✓ (dogfood probe + SCHEMAS.md cross-reference + code trace)
- Implementation cost? Option C: ~30 lines (bounded). Option A: larger.
- Same-cycle fix? ✗ (file + document, defer implementation per #36 boundary discipline)

## Family Position

Natural bundle: **#127 + #250** — parser-level fall-through pair with
class distinction. #127 fixed suffix-arg-on-valid-verb case. #250 extends
to 'entire Python-harness verb treated as prompt.' Same fall-through arm,
different entry class.

Source: Jobdori cycle #38 proactive dogfood in response to Clawhip
pinpoint nudge at msg 1496518474019639408. Probed session management CLI
after gaebal-gajae's status sync confirmed no red-state regressions this
cycle; found this cross-implementation surface parity gap by comparing
SCHEMAS.md claims against actual Rust binary behavior.
 2026-04-22 23:37:45 +09:00
YeonGyu-Kim
5f8d1b92a6 ROADMAP #249: resumed-session slash command error envelopes omit kind field 
Cycle #37 dogfood finding post-#247 merge. Two Err arms in the resumed-session
JSON path at main.rs:2747 and main.rs:2783 emit error envelopes WITHOUT the
`kind` field required by the §4.44 typed-envelope contract.

## The Pinpoint

Probed resumed-session slash command JSON path:

  $ claw --output-format json --resume latest /session
  {"command":"/session","error":"unsupported resumed slash command","type":"error"}
  # no kind field

  $ claw --output-format json --resume latest /xyz-unknown
  {"command":"/xyz-unknown","error":"Unknown slash command: /xyz-unknown\n  Help             /help lists available slash commands","type":"error"}
  # no kind field AND multi-line error without split hint

Compare to happy path which DOES include kind:
  $ claw --output-format json --resume latest /session list
  {"active":"...","kind":"session_list",...}

Contract awareness exists. It's just not applied in the Err arms.

## Scope

Two atomic fixes in main.rs:
- Line 2747: SlashCommand::parse() Err → add kind via classify_error_kind()
- Line 2783: run_resume_command() Err → add kind + call split_error_hint()

~15 lines Rust total. Bounded.

## Family Classification

§4.44 typed-envelope contract sweep:
- #179 (parse-error real message quality) — closed
- #181 (envelope exit_code matches process exit) — closed
- #247 (classify_error_kind misses prompt-patterns) — closed
- #248 (verb-qualified unknown option errors) — in-flight (another agent)
- **#249 (resumed-session slash error envelopes omit kind) — filed**

Natural bundle #247+#248+#249: classifier/envelope completeness across all
three CLI paths (top-level parse, subcommand options, resumed-session slash).

## Discipline

Per cycle #24 calibration:
- Red-state bug? ✗ (errors surfaced, exit codes correct)
- Real friction? ✓ (typed-error contract violation; claws dispatching on
  error.kind get undefined for all resumed slash-command errors)
- Evidence-backed? ✓ (dogfood probe + code trace identified both Err arms)
- Implementation cost? ~15 lines (bounded)
- Same-cycle fix? ✗ (Rust change, deferred per file-not-fix discipline)

## Not Implementing This Cycle

Per the boundary discipline established in cycle #36: I don't touch another
agent's in-flight work, and I don't implement a Rust fix same-cycle when
the pattern is "file + document + let owner/maintainer decide."

Filing with concrete fix shape is the correct output. If demand or red-state
symptoms arrive, implementation can follow the same path as #247: file →
fix in branch → review → merge.

Source: Jobdori cycle #37 proactive dogfood in response to Clawhip pinpoint
nudge at msg 1496518474019639408.
 2026-04-22 23:33:50 +09:00
3 changed files with 928 additions and 2 deletions
Expand all files Collapse all files

848
ROADMAP.md
View File

@@ -4929,7 +4929,7 @@ ear], /color [scheme], /effort [low|medium|high], /fast, /summary, /tag [label],
**Source.** Jobdori dogfood 2026-04-20 against `/tmp/claw-mcp-test` (env-cleaned, working `mcpServers.everything = npx -y @modelcontextprotocol/server-everything`) on main HEAD `8122029` in response to Clawhip dogfood nudge / 10-min cron. Joins **MCP lifecycle gap family** as runtime-side companion to **#102** — #102 catches config-time silence (no preflight, no command-exists check); #129 catches runtime-side blocking (handshake await ordered before cred check, retried silently, no deadline). Joins **Truth-audit / diagnostic-integrity** (#80#87, #89, #100, #102, #103, #105, #107, #109, #110, #112, #114, #115, #125, #127) — the hang surfaces no events, no exit code, no signal. Joins **Auth-precondition / fail-fast ordering family** — cheap deterministic preconditions should run before expensive externally-controlled ones. Cross-cluster with **Recovery / wedge-recovery** — a misbehaved MCP server wedges every subsequent Prompt invocation; current recovery is "kill -9 the parent." Cross-cluster with **PARITY.md Lane 7 acceptance gap** — the Lane 7 merge added the bridge but didn't add startup-deadline + cred-precheck ordering, so the lane is technically merged but functionally incomplete for unattended claw use. Natural bundle: **#102 + #129** — MCP lifecycle visibility pair: config-time preflight (#102) + runtime-time deadline + cred-precheck (#129). Together they make MCP failures structurally legible from both ends. Also **#127 + #129** — Prompt-path silent-failure pair: verb-suffix args silently routed to Prompt (#127, fixed) + Prompt path silently blocks on MCP (#129). With #127 fixed, the `claw doctor --json` consumer no longer accidentally trips the #129 wedge — but the wedge still affects every legitimate Prompt invocation. Session tally: ROADMAP #129.
130. **`claw export --output <path>` filesystem errors surface raw OS errno strings with zero context — no path that failed, no operation that failed (open/write/mkdir), no structured error kind, no actionable hint, and the `--output-format json` envelope flattens everything to `{"error":"<raw errno string>","type":"error"}`. Five distinct filesystem failure modes all produce different raw errno strings but the same zero-context shape. The boilerplate `Run claw --help for usage` trailer is also misleading because these are filesystem errors, not usage errors** — dogfooded 2026-04-20 on main HEAD `d2a8341` from `/Users/yeongyu/clawd/claw-code/rust` (real session file present).
130. **[STILL OPEN — re-verified 2026-04-22 cycle #39 on main HEAD `186d42f`]** **`claw export --output <path>` filesystem errors surface raw OS errno strings with zero context — no path that failed, no operation that failed (open/write/mkdir), no structured error kind, no actionable hint, and the `--output-format json` envelope flattens everything to `{"error":"<raw errno string>","type":"error"}`. Five distinct filesystem failure modes all produce different raw errno strings but the same zero-context shape. The boilerplate `Run claw --help for usage` trailer is also misleading because these are filesystem errors, not usage errors** — dogfooded 2026-04-20 on main HEAD `d2a8341` from `/Users/yeongyu/clawd/claw-code/rust` (real session file present).
**Concrete repro.**
```
@@ -5057,6 +5057,24 @@ ear], /color [scheme], /effort [low|medium|high], /fast, /summary, /tag [label],
**Source.** Jobdori dogfood 2026-04-20 against `/Users/yeongyu/clawd/claw-code/rust` (real session file present) on main HEAD `d2a8341` in response to Clawhip dogfood nudge / 10-min cron. Joins **Truth-audit / diagnostic-integrity** (#80#127, #129) as 16th — error surface is incomplete by design; runtime has info that CLI boundary discards. Joins **JSON envelope asymmetry family** (#90, #91, #92, #110, #115, #116) — `{error, type}` shape is a fake envelope when the failure mode is richer than a single prose string. Joins **Claude Code migration parity** — Claude Code's error shape includes typed error kinds; claw-code's flat envelope loses information. Joins **`Run claw --help for usage` trailer-misuse** — the trailer is appended to errors that are not usage errors, which is both noise and misdirection. Natural bundle: **#90 + #91 + #92 + #130** — JSON envelope hygiene quartet. All four surface errors with insufficient structure for claws to dispatch on. Also **#121 + #130** — error-text-lies pair: hooks error names wrong thing (#121), export errno strips all context (#130). Also **Phase 2 §4 Canonical lane event schema exhibit A** — typed errors are the prerequisite for structured lane events. Session tally: ROADMAP #130.
**Re-verification (2026-04-22 cycle #39, main HEAD `186d42f`).** All 5 failure modes still reproduce identically to the original filing 2 days later. Concrete output:
```
$ claw export --output /tmp/nonexistent-dir-xyz/out.md --output-format json
{"error":"No such file or directory (os error 2)","hint":null,"kind":"unknown","type":"error"}
$ claw export --output /bin/cantwrite.md --output-format json
{"error":"Operation not permitted (os error 1)","hint":null,"kind":"unknown","type":"error"}
$ claw export --output "" --output-format json
{"error":"No such file or directory (os error 2)","hint":null,"kind":"unknown","type":"error"}
$ claw export --output / --output-format json
{"error":"File exists (os error 17)","hint":null,"kind":"unknown","type":"error"}
$ claw export --output /tmp/ --output-format json
{"error":"Is a directory (os error 21)","hint":null,"kind":"unknown","type":"error"}
```
**New evidence not in original filing.** The `kind` field is set to `"unknown"` — the classifier actively chose `unknown` rather than just omitting the field. This means `classify_error_kind()` (at main.rs:~251) has no substring match for "Is a directory", "No such file", "Operation not permitted", or "File exists". The typed-error contract is thus twice-broken on this path: (a) the io::ErrorKind information is discarded at the `?` in `run_export()`, AND (b) the flat `io::Error::Display` string is then fed to a classifier that has no patterns for filesystem errno strings.
**Natural pairing with #247/#248/#249 classifier sweep.** Same code path as #247's classifier fix (`classify_error_kind()`), same pattern (substring-matching classifier that lacks entries for specific error strings). #247 added patterns for prompt-related parse errors. #248 WIP adds patterns for verb-qualified unknown option errors. #130's classifier-level part (adding `NotFound`/`PermissionDenied`/`IsADirectory`/`AlreadyExists` substring branches) could land in the same sweep. The deeper fix (context preservation at `run_export()`'s `?`) is a separate, larger change — context-preservation requires `anyhow::Context` threading or typed error enum, not just classifier patterns.
**Repro (fresh box, no ANTHROPIC_* env vars).** `claw --model "bad model" version` → exit 0, emits version JSON (silent parse). `claw --model "" version` → exit 0, same. `claw --model "foo bar/baz" prompt "test"` → exit 1, `error: missing Anthropic credentials` (malformed model silently routes to Anthropic, then cred error masquerades as root cause instead of "invalid model syntax").
**The gap.** (1) No upfront model syntax validation in parse_args. `--model` accepts any string. (2) Silent fallback to Anthropic when provider detection fails on malformed syntax. (3) Downstream error misdirection — cred error doesn't say "your model string was invalid, I fell back to Anthropic." (4) Token burn on invalid model at API layer — with credentials set, malformed model reaches the API, billing tokens against a 400 response that should have been rejected client-side. (5) Joins #29 (provider routing silent fallback) — both involve Anthropic fallback masking the real intent. (6) Joins truth-audit — status/version JSON report malformed model without validation. (7) Joins cred-error misdirection family (#28, #99, #127).
@@ -6670,3 +6688,831 @@ Two atomic changes:
- #179 (parse-error real message quality) — claws consuming envelope expect truthful error
- #181 (envelope.exit_code matches process exit) — cross-channel truthfulness
- #30 (cycle #30: OPT_OUT rejection tests) — classification contracts deserve regression tests
---
## Pinpoint #249. Resumed-session slash command error envelopes omit `kind` field — typed-error contract violation at `main.rs:2747` and `main.rs:2783`
**Gap.** The typed-error envelope contract (§4.44) specifies every error envelope MUST include a `kind` field so claws can dispatch without regex-scraping prose. The `--output-format json` path for resumed-session slash commands has TWO branches that emit error envelopes WITHOUT `kind`:
1. **`main.rs:2747-2760`** (`SlashCommand::parse()` Err arm) — triggered when the raw command string is malformed or references an invalid slash structure. Fires for inputs like `claw --resume latest /session` (valid name, missing required subcommand arg).
2. **`main.rs:2783-2793`** (`run_resume_command()` Err arm) — triggered when the slash command dispatch returns an error (including `SlashCommand::Unknown`). Fires for inputs like `claw --resume latest /xyz-unknown`.
Both arms emit JSON envelopes of shape `{type, error, command}` but NOT `kind`, defeating typed-error dispatch for any claw routing on `error.kind`.
Also observed: the `/xyz-unknown` path embeds a multi-line error string (`Unknown slash command: /xyz-unknown\n Help ...`) directly into the `error` field without splitting the runbook hint into a separate `hint` field (per #77 `split_error_hint()` convention). JSON consumers get embedded newlines in the error string.
**Repro.** Dogfooded 2026-04-22 on main HEAD `84466bb` (cycle #37, post-#247 merge):
```bash
$ cd /Users/yeongyu/clawd/claw-code/rust
$ ./target/debug/claw --output-format json --resume latest /session
{"command":"/session","error":"unsupported resumed slash command","type":"error"}
# Observation: no `kind` field. Claws dispatching on error.kind get undefined.
$ ./target/debug/claw --output-format json --resume latest /xyz-unknown
{"command":"/xyz-unknown","error":"Unknown slash command: /xyz-unknown
Help /help lists available slash commands","type":"error"}
# Observation: no `kind` field AND multi-line error without split hint.
$ ./target/debug/claw --output-format json --resume latest /session list
{"active":"session-...","kind":"session_list",...}
# Comparison: happy path DOES include kind field. Only the error path omits it.
```
Contrast with the `Ok(None)` arm at `main.rs:2735-2742` which DOES include `kind: "unsupported_resumed_command"` — proving the contract awareness exists, just not applied consistently across all Err arms.
**Impact.**
1. **Typed-error dispatch broken for slash-command errors.** A claw reading `{"type":"error", "error":"..."}` and switching on `error.kind` gets `undefined` for any resumed slash-command error. Must fall back to substring matching the `error` field, defeating the point of typed errors.
2. **Family-internal inconsistency.** The same error path (`eprintln!` → exit(2)) has three arms: `Ok(None)` sets kind, `Err(error)` (parse) doesn't, `Err(error)` (dispatch) doesn't. Random omission is worse than uniform absence because claws can't tell whether they're hitting a kind-less arm or an untyped category.
3. **Hint embedded in error field.** The `/xyz-unknown` path gets its runbook text inside the `error` string instead of a separate `hint` field, forcing consumers to post-process the message.
**Recommended fix shape.**
Two small, atomic edits in `main.rs`:
1. **Parse-error envelope** (line 2747): Add `"kind": "cli_parse"` to the JSON object. Optionally call `classify_error_kind(&error.to_string())` to get a more specific kind.
2. **Dispatch-error envelope** (line 2783): Same treatment. Classify using `classify_error_kind()`. Additionally, call `split_error_hint()` on `error.to_string()` to separate the short reason from any embedded hint (matches #77 convention used elsewhere).
```rust
// Before (line 2747):
serde_json::json!({
"type": "error",
"error": error.to_string(),
"command": raw_command,
})
// After:
let message = error.to_string();
let kind = classify_error_kind(&message);
let (short_reason, hint) = split_error_hint(&message);
serde_json::json!({
"type": "error",
"error": short_reason,
"hint": hint,
"kind": kind,
"command": raw_command,
})
```
**Regression coverage.** Add integration tests in `tests/output_format_contract.rs`:
- `resumed_session_bare_slash_name_emits_kind_field_249` — `/session` without subcommand
- `resumed_session_unknown_slash_emits_kind_field_249` — `/xyz-unknown`
- `resumed_session_unknown_slash_splits_hint_249` — multi-line error gets hint split
- Regression guard: `resumed_session_happy_path_session_list_unchanged_249` — confirm `/session list` JSON unchanged
**Blocker.** None. ~15 lines Rust, bounded.
**Priority.** Medium. Not red-state (errors ARE surfaced, exit code IS 2), but typed-error contract violation. Any claw doing `error.kind` dispatch on slash-command paths currently falls through to `undefined`.
**Source.** Jobdori cycle #37 proactive dogfood 2026-04-22 23:15 KST in response to Clawhip pinpoint nudge. Probed slash-command JSON error envelopes post-#247 merge; found two Err arms emitting envelopes without `kind`. Joins §4.44 typed-envelope family:
- #179 (parse-error real message quality) — closed
- #181 (envelope exit_code matches process exit) — closed
- #247 (classify_error_kind misses prompt-patterns + hint drop) — closed (cycle #34/#36)
- **#248 (verb-qualified unknown option errors misclassified) — in-flight (another agent)**
- **#249 (this: resumed-session slash command envelopes omit kind) — filed**
Natural bundle: **#247 + #248 + #249** — classifier/envelope completeness sweep. All three fix the same kind of drift: typed-error envelopes missing or mis-set `kind` field on specific CLI paths. When all three land, the typed-envelope contract is uniformly applied across:
- Top-level CLI argument parsing (#247)
- Subcommand option parsing (#248)
- Resumed-session slash command dispatch (#249)
**Related prior work.**
- §4.44 typed error envelope contract (2026-04-20)
- #77 split_error_hint() — should be applied to slash-command error path too
- #247 (model: add classifier branches + ensure envelope carries them)
---
## Pinpoint #250. CLI surface parity gap between Python audit harness and Rust binary — SCHEMAS.md documents `list-sessions`/`delete-session`/`load-session`/`flush-transcript` as CLAWABLE top-level subcommands, but the Rust `claw` binary routes these through the `_other => Prompt` fall-through arm, emitting `missing_credentials` instead of running the documented operation
**STATUS: 🟡 SCOPE-REDUCED (cycle #46, 2026-04-23)** — #251's implementation work (Option A) is closed: the 4 verbs now route locally and do not emit `missing_credentials`. SCHEMAS.md updated cycle #46 to document the actual binary envelope shapes (with ⚠️ Stub markers on `delete-session`/`flush-transcript`). **Option C (reject-with-redirect) is moot** — no verbs to redirect away from. **Remaining work = Option B (documentation scope alignment)**: harmonize field names (`id` vs `session_id`, `updated_at_ms` vs `last_modified`, etc.) across actual and aspirational shapes, and add common-envelope fields (`timestamp`, `exit_code`, `output_format`, `schema_version`). This is a future cleanup, not blocking any user-visible behavior.
**Gap.** SCHEMAS.md at the repo root defines a JSON envelope contract for 14 CLAWABLE top-level subcommands including `list-sessions`, `delete-session`, `load-session`, and `flush-transcript`. The Python audit harness at `src/main.py` implements all 14. The Rust `claw` binary at `rust/crates/rusty-claude-cli/` does NOT have these as top-level subcommands — session management lives behind `--resume <id> /session list` via the REPL slash command path.
A claw following SCHEMAS.md as the canonical contract runs `claw list-sessions --output-format json` and hits the Rust binary's `_other => Prompt` fall-through arm (same code path as the now-closed parser-level trust gap quintet #108/#117/#119/#122/#127). The literal token `"list-sessions"` is sent as a prompt to the LLM, which immediately fails with `missing Anthropic credentials` because the prompt path requires auth.
From the claw's perspective:
- **Expected** (per SCHEMAS.md): `{"command": "list-sessions", "exit_code": 0, "sessions": [...]}`
- **Actual** (Rust binary): `{"kind": "missing_credentials", "error": "missing Anthropic credentials; ..."}`
**Repro.** Dogfooded 2026-04-22 on main HEAD `5f8d1b9` (cycle #38):
```bash
$ cd /Users/yeongyu/clawd/claw-code/rust
$ env -i PATH=$PATH HOME=$HOME ./target/debug/claw list-sessions --output-format json
{"error":"missing Anthropic credentials; export ANTHROPIC_AUTH_TOKEN or ANTHROPIC_API_KEY before calling the Anthropic API ...","hint":null,"kind":"missing_credentials","type":"error"}
# exit=1, NOT the documented SCHEMAS.md envelope
$ env -i PATH=$PATH HOME=$HOME ./target/debug/claw delete-session abc123 --output-format json
{"error":"missing Anthropic credentials; ...","hint":null,"kind":"missing_credentials","type":"error"}
# Same fall-through. `abc123` treated as prompt continuation.
$ env -i PATH=$PATH HOME=$HOME ./target/debug/claw --resume latest /session list --output-format json
{"active":"session-...","kind":"session_list","sessions":[...]}
# This is how the Rust binary actually exposes list-sessions — via REPL slash command.
$ python3 -m src.main list-sessions --output-format json
{"command": "list-sessions", "exit_code": 0, ..., "sessions": [...]}
# Python harness implements SCHEMAS.md directly.
```
**Impact.**
1. **Documentation-vs-implementation drift.** SCHEMAS.md is at the repo root (not under `src/` or `rust/`), implying it applies to the whole project. A claw reading SCHEMAS.md and assuming the contract applies to the canonical binary (`claw`) gets a credentials error, not the documented envelope.
2. **Cross-implementation parity gap.** The same logical operation ("list my sessions") has two different CLI shapes:
- Python harness: `python3 -m src.main list-sessions --output-format json`
- Rust binary: `claw --resume latest /session list --output-format json`
Claws that switch between implementations (e.g., for testing or migration) have to maintain two different dispatch tables.
3. **Joins the parser-level trust gap family.** This is the 6th entry in the `_other => Prompt` fall-through family but with a twist: unlike #108/#117/#119/#122/#127 (where the input was genuinely malformed), the input here IS a valid surface name that SCHEMAS.md documents. The fall-through is wrong for a different reason: the surface exists in the protocol but not in this implementation.
4. **Cred-error misdirection.** Same pattern as the pre-#127 `claw doctor --json` misdirection. A claw getting `missing_credentials` thinks it has an auth problem when really it has a surface-not-implemented problem.
**Fix options.**
**Option A: Implement the surfaces on the Rust binary.** Wire `list-sessions`, `delete-session`, `load-session`, `flush-transcript` as top-level subcommands in `rust/crates/rusty-claude-cli/src/main.rs`, each delegating to the existing session management code that currently lives behind `/session list`, `/session delete`, etc. Acceptance: all 4 subcommands emit the SCHEMAS.md envelope identically to the Python harness.
**Option B: Scope SCHEMAS.md explicitly to the Python audit harness.** Add a scope note at the top of SCHEMAS.md clarifying it documents the Python harness protocol, not the Rust binary surface. File a separate pinpoint for "canonical Rust binary JSON contract" if/when that's needed.
**Option C: Reject the surface mismatch at parse time.** Add explicit recognition in the Rust binary's top-level subcommand matcher that `list-sessions`/`delete-session`/etc. are Python-harness surfaces, and emit a structured error pointing to the Rust equivalent (`claw --resume latest /session list` etc.). Stop the fall-through into Prompt dispatch. Acceptance: running `claw list-sessions` in the Rust binary emits `{"kind": "unsupported_surface", "error": "list-sessions is a Python audit harness surface; use `claw --resume latest /session list` for the Rust binary equivalent"}`.
**Recommended: Option C first (cheap, prevents cred misdirection), then Option B as documentation hygiene, then Option A if demand justifies the implementation cost.**
Option C is the same pattern as #127's fix: reject known-bad inputs at parse time with actionable hints, don't fall through to Prompt. This is a new case of the same fall-through category but with the twist that the "bad" input is actually documented as valid in a sibling context.
**Regression.** If Option A: add end-to-end tests matching the Python harness's existing tests for each subcommand. If Option C: add integration tests for each of the 4 Python-harness surface names verifying they emit `unsupported_surface` with the correct redirect hint.
**Blocker.** None for Option C. Option A is larger (requires extending the Rust binary's top-level parser + wiring to session management). Option B is pure docs.
**Priority.** Medium-high. This is red-state in the sense that the binary silently misroutes a documented surface into cred-error. Not a bug in the sense that the Rust binary is missing functionality it promised — but a bug in the sense that **protocol documentation promises a surface that doesn't exist at that address in the canonical implementation.** Either the docs are wrong or the implementation is incomplete; randomness is the current state.
**Source.** Jobdori cycle #38 proactive dogfood 2026-04-22 23:35 KST in response to Clawhip pinpoint nudge. Probed session management CLI paths post-#247-merge; expected SCHEMAS.md envelope, got `missing_credentials` on all 4 surfaces. Joins:
- **Parser-level trust gap family** (#108, #117, #119, #122, #127) as 6th — same `_other => Prompt` fall-through, but the "bad" input is actually a documented surface in SCHEMAS.md (new case class).
- **Cred-error misdirection family** (#99, #127 pre-closure) — same pattern: local-ish operation silently needs creds because it fell into the wrong dispatch arm.
- **Documentation-vs-implementation drift family** — SCHEMAS.md documents 14 surfaces; Rust binary has ~8 top-level subcommands; mismatch is undocumented.
Natural bundle: **#127 + #250** — parser-level fall-through pair with a class distinction (#127 = suffix arg on valid verb; #250 = entire Python-harness verb treated as prompt).
**Related prior work.**
- SCHEMAS.md (the canonical envelope contract — drafted in Python-harness context)
- §4.44 typed-envelope contract
- #127 (closed: suffix arg rejection at parse time for diagnostic verbs)
- #108/#117/#119/#122/#127 (parser-level trust gap quintet)
- Python harness `src/main.py` (14 CLAWABLE surfaces)
- Rust binary `rust/crates/rusty-claude-cli/src/main.rs` (different top-level surface set)
---
## Pinpoint #251. Session-management verbs (`list-sessions`/`delete-session`/`load-session`/`flush-transcript`) fall through to Prompt dispatch at parse time before credential resolution — wrong error CLASS is emitted (auth) for what should be local session-store operations
**STATUS: ✅ CLOSED (cycle #45, 2026-04-23)** — commit `dc274a0` on `feat/jobdori-251-session-dispatch`. 4 CliAction variants + 4 parser arms + 4 dispatcher arms. `list-sessions` and `load-session` fully functional; `delete-session` and `flush-transcript` stubbed with `not_yet_implemented` local errors (satisfies #251 acceptance criterion — no `missing_credentials` fall-through). All 180 binary tests + 466 library tests + 95 compat tests pass. Dogfood-verified on clean env (no credentials). Pushed for review.
**Gap.** This is the **dispatch-order framing** of the parity symptom filed at #250. Where #250 says "the surface is missing on the canonical binary and SCHEMAS.md promises it," #251 says "the underlying mechanism is a top-level parser fall-through that happens BEFORE the dispatcher can intercept the verb, so callers get `missing_credentials` instead of any session-layer response at all."
The two pinpoints describe the same observable failure from different layers:
- **#250 (surface layer):** SCHEMAS.md top-level verbs aren't implemented as top-level Rust subcommands.
- **#251 (dispatch layer):** The top-level parser has no match arm for these verbs, so they fall into the `_other => Prompt` catchall at `main.rs:1017`, which constructs `CliAction::Prompt { prompt: "list-sessions", ... }`. Downstream, the Prompt path requires credentials, and the CLI emits `missing_credentials` for a purely-local operation.
**The same pattern has been fixed before** for other purely-local verbs:
- **#145** — `plugins` was falling through to Prompt. Fix: explicit match arm at `main.rs:888-906` returning `CliAction::Plugins { ... }`.
- **#146** — `config` and `diff` were falling through. Fix: explicit match arms at `main.rs:911-935` returning `CliAction::Config { ... }` and `CliAction::Diff { ... }`.
Both fixes followed identical shape: intercept the verb at top-level parse, construct the corresponding `CliAction` variant, bypass the Prompt/credential path entirely. #251 extends this to the 4 session-management verbs.
**Repro.** Dogfooded 2026-04-23 cycle #40 on main HEAD `f110333`:
```bash
$ env -i PATH=$PATH HOME=$HOME /path/to/claw list-sessions --output-format json
{"error":"missing Anthropic credentials; export ANTHROPIC_AUTH_TOKEN or ANTHROPIC_API_KEY ...","kind":"missing_credentials","type":"error"}
# Expected: session-layer envelope like {"command":"list-sessions","sessions":[...]}
# Actual: auth-layer error because the verb was treated as a prompt.
```
**Code trace (verified cycle #40).**
- `main.rs:1017-1027` — the final `_other` arm of the top-level parser. Joins all unrecognized tokens with spaces and constructs `CliAction::Prompt { prompt: joined, ... }`.
- Downstream, the Prompt dispatcher calls `resolve_credentials()` which emits `missing Anthropic credentials` when neither `ANTHROPIC_API_KEY` nor `ANTHROPIC_AUTH_TOKEN` is set.
- No credential resolution would have been needed had the verb been intercepted earlier.
**Relationship to #250.**
| Aspect | #250 | #251 |
|---|---|---|
| **Layer** | Surface / documentation | Dispatch / parser internals |
| **Framing** | Protocol vs implementation drift | Wrong dispatch order |
| **Fix scope** | 3 options (docs scope, Rust impl, reject-with-redirect) | Narrow: add match arms mirroring #145/#146 |
| **Evidence** | SCHEMAS.md promises ≠ binary delivers | Parser fall-through happens before the dispatcher can classify the verb |
They share the observable (`missing_credentials` on a documented surface) but prescribe different scopes of fix:
- **#250's Option A** (implement the surfaces) = **#251's proper fix** — actually wire the session-management paths.
- **#250's Option C** (reject with redirect) = a different fix that doesn't implement the verbs but at least stops the auth-error misdirection.
**Recommended sequence:**
1. **#251 fix** (implement the 4 match arms following the #145/#146 pattern) is the principled solution — it makes the canonical binary honor SCHEMAS.md.
2. **#250's documentation scope note** (Option B) remains valuable regardless, as a guard against future drift between the two implementations.
3. **#250's Option C** (reject with redirect) becomes unnecessary if #251 lands — no verbs to redirect away from.
**Fix shape (~40 lines).**
Add 4 match arms to the top-level parser (file: `rust/crates/rusty-claude-cli/src/main.rs:~840-1015`), each mirroring the pattern from `plugins`/`config`/`diff`:
```rust
"list-sessions" => {
let tail = &rest[1..];
// list-sessions: optional --directory flag already parsed; no positional args
if !tail.is_empty() {
return Err(format!("unexpected extra arguments after `claw list-sessions`: {}", tail.join(" ")));
}
Ok(CliAction::ListSessions { output_format, directory: /* already parsed */ })
}
"delete-session" => {
let tail = &rest[1..];
// delete-session: requires session-id positional
let session_id = tail.first().ok_or_else(|| "delete-session requires a session-id argument".to_string())?.clone();
if tail.len() > 1 {
return Err(format!("unexpected extra arguments after `claw delete-session {session_id}`: {}", tail[1..].join(" ")));
}
Ok(CliAction::DeleteSession { session_id, output_format, directory: /* already parsed */ })
}
"load-session" => { /* same pattern */ }
"flush-transcript" => { /* same pattern, with --session-id flag handling */ }
```
Plus `CliAction` variants, dispatcher wiring, and regression tests. Likely ~40 lines of Rust + tests if session-store operations already exist in `runtime/`.
**Acceptance.** All 4 verbs emit session-layer envelopes matching the SCHEMAS.md contract:
- `claw list-sessions --output-format json` → `{"command":"list-sessions","sessions":[...],"exit_code":0}`
- `claw delete-session <id> --output-format json` → `{"command":"delete-session","deleted":true,"exit_code":0}`
- `claw load-session <id> --output-format json` → `{"command":"load-session","session":{...},"exit_code":0}`
- `claw flush-transcript --session-id <id> --output-format json` → `{"command":"flush-transcript","flushed":N,"exit_code":0}`
No credential resolution is triggered for any of these paths.
**Regression tests.**
- Each verb with valid arguments: emits correct envelope, exit 0.
- Each verb with missing required argument: emits `cli_parse` error envelope (with kind), exit 1.
- Each verb with extra arguments: emits `cli_parse` error envelope rejecting them.
- Regression guard: `claw list-sessions` in env-cleaned environment does NOT emit `missing_credentials`.
**Blocker.** None. Bounded to 4 additional top-level match arms + corresponding `CliAction` variants + dispatcher wiring. Session-store operations may need minor extraction from `/session list` implementation.
**Priority.** Medium-high. Same severity as #250 (silent misdirection on a documented surface), with sharper framing. Closing #251 automatically resolves #250's Option A and makes Option C unnecessary.
**Source.** Filed 2026-04-23 00:00 KST by gaebal-gajae (conceptual filing in Discord cycle status at msg 1496526112254328902); verified and formalized into ROADMAP by Jobdori cycle #40. Natural bundle:
- **#145 + #146 + #251** — parser fall-through fix pattern (plugins, config/diff, session-management verbs). All 3 follow identical fix shape: intercept at top-level parse, bypass Prompt/credential path.
- **#250 + #251** — symptom/mechanism pair on the same observable failure. #250 frames it as protocol-vs-implementation drift; #251 frames it as dispatch-order bug.
- **#99 + #127 + #250 + #251** — cred-error misdirection family. Each case: a purely-local operation silently routes through the auth-required Prompt path and emits the wrong error class.
**Related prior work.**
- #145 (plugins fall-through fix) — direct template for #251 fix shape
- #146 (config/diff fall-through fix) — same pattern
- #250 (surface parity framing of same failure)
- §4.44 typed-envelope contract
- SCHEMAS.md (specifies the 4 session-management verbs as top-level CLAWABLE surfaces)
---
## Pinpoint #130b. Filesystem errors discard context and collapse to generic errno strings
**Concrete observation (cycle #47 dogfood, 2026-04-23 01:31 Seoul):**
```bash
$ claw export latest --output /private/nonexistent/path/file.jsonl --output-format json
{"error":"No such file or directory (os error 2)","hint":null,"kind":"unknown","type":"error"}
```
**What's broken:**
- Error is generic errno string with zero context
- Doesn't say "export failed to write"
- Doesn't mention the target path
- Classifier defaults to "unknown" even though code path knows it's filesystem I/O
**Root cause (traced at main.rs:6912):**
The `run_export()` function does `fs::write(path, &markdown)?;`. When this fails:
1. `io::Error` propagates via `?` to `main()`
2. Converted to string via `.to_string()`, losing all context
3. `classify_error_kind()` can't match "os error" or "No such file"
4. Defaults to `"kind": "unknown"`
**Fix strategy:**
Wrap `fs::write()`, `fs::read()`, `fs::create_dir_all()` in custom error handlers that:
1. Catch `io::Error`
2. Enrich with operation name + target path + `io::ErrorKind`
3. Format into recognizable message substrings (e.g., "export failed to write: /path/to/file")
4. Allow `classify_error_kind()` to return specific kind (not "unknown")
**Scope and next-cycle plan:**
Family-extension work (filesystem domain). Implementation:
1. New `filesystem_io_error()` helper wrapping `Result<T, io::Error>` with context
2. Apply to all `fs::*` calls in I/O-heavy commands (export, diff, plugins, config, etc.)
3. Add classifier branches for "export failed", "diff failed", etc.
4. Regression test: export to nonexistent path, assert `kind` is NOT "unknown"
**Acceptance criterion:**
Filesystem operation errors must emit operation name + path in error message, enabling `classify_error_kind()` to return specific kind (not "unknown").
---
## Pinpoint #153b (follow-up). Add binary PATH setup guide to README
**Concrete gap (from cycle #48 assessment):**
#153 filed in cycle #30 but never landed. New users post-`cargo build --workspace` don't know:
1. Where binary ends up (`rust/target/debug/claw` vs. `/usr/local/bin/claw`)
2. How to verify build (e.g., `./rust/target/debug/claw --help`)
3. How to add to PATH for shell integration
**Real user friction (from #claw-code):**
- "claw not found — did build fail?"
- "do I need `cargo install`?"
- "why is it at `rust/target/debug/claw` and not just `claw`?"
**Fix shape (minimal, ~40 lines):**
Add "Post-build: Add to PATH" section in README (after Quick start), covering:
1. **Binary location:** `rust/target/debug/claw` (debug) or `rust/target/release/claw` (release)
2. **Quick verification:** `./rust/target/debug/claw --help` (no install needed)
3. **Optional PATH setup:**
```bash
export PATH="$PWD/rust/target/debug:$PATH"
claw --help # should work from anywhere
```
4. **Permanent setup:** Add the export to `.bashrc` / `.zshrc` if desired
**Acceptance criterion:** After reading this section, a new user should be able to build and run `claw` without confusion about where the binary is or whether the build succeeded.
**Next-cycle action:** Implement #153 (original gap) + #153b (this follow-up) as single 60-line README patch.
---
## Pinpoint #130c. `claw diff --help` rejected with "unexpected extra arguments" — no help available for pure-local introspection commands
**Concrete observation (cycle #50 dogfood, 2026-04-23 01:43 Seoul):**
```bash
$ claw diff --help
[error-kind: unknown]
error: unexpected extra arguments after `claw diff`: --help
$ claw config --help
[error-kind: unknown]
error: unexpected extra arguments after `claw config`: --help
$ claw status --help
[error-kind: unknown]
error: unexpected extra arguments after `claw status`: --help
```
All three are **pure-local introspection commands** (no credentials needed, no API calls). Yet none accept `--help`, making them less discoverable than other top-level subcommands.
**What's broken:**
- User cannot do `claw diff --help` to learn what diff does
- User cannot do `claw config --help`
- User cannot do `claw status --help`
- These commands are less discoverable than `claw export --help`, `claw submit --help`, which work fine
- Violates §4.51 help consistency rule: "if a command exists, --help must work"
**Root cause (traced at main.rs:1063):**
The `"diff"` parser arm has a hard constraint:
```rust
"diff" => {
if rest.len() > 1 {
return Err(format!(
"unexpected extra arguments after `claw diff`: {}",
rest[1..].join(" ")
));
}
Ok(CliAction::Diff { output_format })
}
```
When parsing `["diff", "--help"]`, the code sees `rest.len() > 1` and rejects `--help` as an extra argument. Similar patterns exist for `config` (line 1131) and `status` (line 1119).
The help-detection code at main.rs:~850 has an early check: `if rest.is_empty()` before treating `--help` as "wants help". By the time `--help` reaches the individual command arms, it's treated as a positional argument.
**Fix strategy:**
Two options:
**Option A (preferred): Unified help-before-subcommand parsing**
Move `--help` and `--version` detection to happen **after** the first positional (`rest[0]`) is identified but **before** the individual command arms validate arguments. Allows `claw diff --help` to map to `CliAction::HelpTopic("diff")` instead of hitting the "extra args" error.
**Option B: Individual arm fixes**
Add `--help` / `-h` checks in each pure-local command arm (`diff`, `config`, `status`, etc.) before the "extra args" check. Repeats the same guard in ~6 places.
Option A is cleaner (single fix, helps all commands). Option B is surgical (exact fix locus, lower risk of regression).
**Scope and next-cycle plan:**
File as a **consistency/discoverability gap**, not a blocker. Can ship as part of #141 help-consistency audit, or as standalone small PR.
**Acceptance criterion:**
- `claw diff --help` → emits help for diff command (not error)
- `claw config --help` → emits help for config command
- `claw status --help` → emits help for status command
- Bonus: `claw export --help`, `claw submit --help` continue to work (regression test)
---
## Pinpoint #130d. `claw config --help` silently ignores help flag and runs config display
**Concrete observation (cycle #52 dogfood, 2026-04-23 01:53 Seoul):**
```bash
$ claw config --help
Config
Working directory /private/tmp/dogfood-probe-47
Loaded files 0
Merged keys 0
...
(displays full config, ignores --help)
```
Expected: help for the config command. Actual: runs the config command, silent acceptance of `--help`.
**Comparison (help inconsistency family):**
- `claw diff --help` → error (rejects as extra arg) [#130c — FIXED]
- `claw config --help` → silent ignore, runs command ⚠️
- `claw status --help` → shows help ✅
- `claw mcp --help` → shows help ✅
**What's broken:**
- User expecting `claw config --help` to show help gets the config dump instead
- Silent behavior: no error, no help, just unexpected output
- Violates help-parity contract (other local commands honor `--help`)
**Root cause (traced at main.rs:1131):**
The `"config"` parser arm accepts all trailing args:
```rust
"config" => {
let cwd = rest.get(1).and_then(|arg| {
if arg == "--cwd" {
rest.get(2).map(|p| p.as_str())
} else {
None
}
});
// ... rest of parsing, `--help` falls through silently
Ok(CliAction::Config { ... })
}
```
Unlike the `diff` arm (which explicitly checks `rest.len() > 1`), the `config` arm parses arguments positionally (`--cwd VALUE`) and silently ignores unrecognized args like `--help`.
**Fix strategy:**
Similar to #130c but with different validation:
1. Add `Config` variant to `LocalHelpTopic` enum
2. Extend `parse_local_help_action()` to map `"config" => LocalHelpTopic::Config`
3. Add help-flag check early in the `"config"` arm:
```rust
"config" => {
if rest.len() >= 2 && is_help_flag(&rest[1]) {
return Ok(CliAction::HelpTopic(LocalHelpTopic::Config));
}
// ... existing parsing
}
```
4. Add help topic renderer for config
**Scope:**
Low-risk, high-clarity UX fix. Same pattern as #130c. Completes the help-parity sweep for local introspection commands.
**Acceptance criterion:**
- `claw config --help` → emits help for config command (not config dump)
- `claw config -h` → same
- `claw config` (no args) → still displays config dump
- `claw config --cwd /some/path` (valid flag) → still works
**Next-cycle plan:**
Implement #130d to close the help-parity family. Stack on top of #130c branch for coherence.
---
## Pinpoint #130e. Help-parity sweep reveals 5 additional anomalies; 3 are dispatch-order bugs (#251-family)
**Concrete observation (cycle #53 dogfood, 2026-04-23 02:00 Seoul):**
Systematic help-parity sweep of all 22 top-level subcommands revealed 5 additional anomalies beyond #130c/#130d:
### Category A: Dispatch-order bugs (#251-family, CRITICAL)
**`claw help --help` → `missing_credentials` error**
```bash
$ claw help --help
[error-kind: missing_credentials]
error: missing Anthropic credentials; export ANTHROPIC_AUTH_TOKEN or ANTHROPIC_API_KEY...
```
The `help` verb with `--help` is NOT intercepted at parse time; falls through to credential check before dispatch. Should emit meta-help (explain what `claw help` does), not cred error.
**`claw submit --help` → `missing_credentials` error**
```bash
$ claw submit --help
[error-kind: missing_credentials]
error: missing Anthropic credentials...
```
Same dispatch-order class as #251 (session verbs). `submit --help` should show help for the submit command, not attempt credential check. This is a critical discoverability gap — users cannot learn what `submit` does without credentials.
**`claw resume --help` → `missing_credentials` error**
```bash
$ claw resume --help
[error-kind: missing_credentials]
error: missing Anthropic credentials...
```
Same pattern. `resume --help` should show help, not require credentials.
### Category B: Help-surface outliers (like #130c/#130d)
**`claw plugins --help` → "Unknown /plugins action '--help'"**
```bash
$ claw plugins --help
Unknown /plugins action '--help'. Use list, install, enable, disable, uninstall, or update.
```
Treats `--help` as a subaction of plugins (list/install/enable/etc.) rather than a help flag. At least the error is specific, but wrong.
**`claw prompt --help` → silent passes through, shows version + top-level help**
```bash
$ claw prompt --help
claw v0.1.0
Usage:
claw [OPTIONS]
...
```
Shows top-level help instead of prompt-specific help. Different failure mode from silent-ignore (#130d) — this actually prints help but the wrong help.
### Summary Table
| Command | Observed | Expected | Class |
|---|---|---|---|
| `help --help` | missing_credentials | meta-help | Dispatch-order (#251) |
| `submit --help` | missing_credentials | submit help | Dispatch-order (#251) |
| `resume --help` | missing_credentials | resume help | Dispatch-order (#251) |
| `plugins --help` | "Unknown action" | plugins help | Surface-parity |
| `prompt --help` | top-level help | prompt help | Wrong help shown |
### Fix Scope
**Category A (dispatch-order)**: Follow #251 pattern. Add `help`, `submit`, `resume` to the parse-time help-flag interception, same as how `diff` (#130c) and `config` (#130d) handle it. This is the SAME BUG CLASS as #251 (session verbs) — parser arm dispatches before help flag is checked.
**Category B (surface-parity)**: Follow #130c/#130d pattern. Add `--help` handling in the specific arms for `plugins` and `prompt`, routing to dedicated help topics.
### Acceptance Criterion
All 22 top-level subcommands must accept `--help` and `-h`, routing to a help topic specific to that command. No `missing_credentials` errors for help flags. No "Unknown action" errors for help flags.
### Next-Cycle Plan
Split into two implementations:
- **#130e-A** (dispatch-order): fix `help`, `submit`, `resume` — high-priority, same class as #251
- **#130e-B** (surface-parity): fix `plugins`, `prompt` — follow #130c/#130d pattern
Estimated: 10-15 min each for implementation, dogfood, tests, push.
---
## Cluster Closure Note: Help-Parity Family (#130c, #130d, #130e) — COMPLETE
**Timeline: Cycles #47-#54, ~95 minutes**
### What the Family Solved
Universal help-surface contract: **every top-level subcommand accepts `--help` and emits scoped help topics** instead of errors, silent ignores, wrong help, or credential leaks.
### Framing Refinement (Gaebal-gajae, Cycle #53-#54)
Two distinct failure classes discovered during systematic sweep:
**Class A (Dispatch-Order / Credential Misdirection — HIGHER PRIORITY):**
- `claw help --help` → `missing_credentials` (fell through to cred check)
- `claw submit --help` → `missing_credentials` (same dispatch-order bug as #251)
- `claw resume --help` → `missing_credentials` (session verb, same class)
**Class B (Surface-Level Help Routing — LOWER PRIORITY):**
- `claw plugins --help` → "Unknown /plugins action '--help'" (action parser treated help as subaction)
- `claw prompt --help` → top-level help (early `wants_help` interception routed to wrong topic)
**Key insight:** Same symptom ("--help doesn't work right"), two distinct root causes, two different fix loci. Never bundle by symptom; bundle by fix locus. Category A required dispatcher reordering (parse_local_help_action earlier). Category B required surface parser adjustments (remove prompt from early path, add action arms).
### Closed Issues
| # | Class | Command(s) | Root | Fix |
|---|---|---|---|---|
| #130c | B | diff | action parser rejected help | add parser arm + help topic |
| #130d | B | config | command silently ignored help | add help flag check + route |
| #130e-A | A | help, submit, resume | fell through to cred check | add to parse_local_help_action |
| #130e-B | B | plugins, prompt | action mismatch + early interception | remove from early path, add arms |
### Methodology That Worked
1. **Dogfood on individual command** (cycle #47): Found #130b (unrelated).
2. **Systematic sweep of all 22 commands** (cycle #50): Found #130c, #130d 2 outliers.
3. **Implement both** (cycles #51-#52): Close Category B.
4. **Extended sweep** (cycle #53): Probed same 22 again, found **5 new anomalies** (proof: ad-hoc testing misses patterns).
5. **Classify and prioritize** (cycle #53-#54): Split into A (cred misdirection) + B (surface).
6. **Implement A first** (cycle #53): Higher severity, same pattern infrastructure.
7. **Implement B** (cycle #54): Lower severity, surface fixes.
8. **Full sweep verification** (cycle #54): All 22 green. Zero outliers.
### Evidence of Closure
**Dogfood (22-command full sweep, cycle #54):**
```
✅ help --help ✅ version --help ✅ status --help
✅ sandbox --help ✅ doctor --help ✅ acp --help
✅ init --help ✅ state --help ✅ export --help
✅ diff --help ✅ config --help ✅ mcp --help
✅ agents --help ✅ plugins --help ✅ skills --help
✅ submit --help ✅ prompt --help ✅ resume --help
✅ system-prompt --help ✅ dump-manifests --help ✅ bootstrap-plan --help
```
**Regression tests:** 20+ assertions added across cycles #51-#54, all passing.
**Test suite:** 180 binary + 466 library = 646 total, all pass post-closure.
### Pattern Maturity
After #130c-#130e, the help-topic pattern is now battle-tested:
1. Add variant to `LocalHelpTopic` enum
2. Extend `parse_local_help_action()` match arm
3. Add help topic renderer
4. Add regression test
Time to implement a new topic: ~5 minutes (if parser arm already exists). This is infrastructure maturity.
### What Changed in the Codebase
| Area | Change | Cycle |
|---|---|---|
| main.rs LocalHelpTopic enum | +7 new variants (Diff, Config, Meta, Submit, Resume, Plugins, Prompt) | #51-#54 |
| main.rs parse_local_help_action() | +7 match arms | #51-#54 |
| main.rs help topic renderers | +7 topics (text-form) | #51-#54 |
| main.rs early wants_help interception | removed "prompt" from list | #54 |
| Regression tests | +20 assertions | #51-#54 |
### Why This Cluster Matters
Help surface is the canary for CLI reasoning. Downstream claws (other agents, scripts, shells) need to know: "Can I rely on `claw VERB --help` to tell me what VERB does without side effects?" Before this family: **No, 7 commands were outliers.** After this family: **Yes, all 22 are uniform.**
This uniformity enables:
- Script generation (claws can now safely emit `claw VERB --help` to populate docs)
- Error recovery (callers can teach users "use `claw VERB --help`" universally)
- Discoverability (help isn't blocked by credentials)
### Related Patterns
- **#251 (session dispatch-order bug):** Same class A pattern as #130e-A; early interception prevents credential check from blocking valid intent.
- **#141 (help topic infrastructure):** Foundation that enabled rapid closure of #130c-#130e.
- **#247 (typed-error completeness):** Sibling cluster on error contract; help surface is contract on the "success, show me how" path.
### Commit Summary
```
#130c: 83f744a feat: claw diff --help routes to help topic
#130d: 19638a0 feat: claw config --help routes to help topic
#130e-A: 0ca0344 feat: claw help/submit/resume --help routes to help topics (dispatch-order fixes)
#130e-B: 9dd7e79 feat: claw plugins/prompt --help routes to help topics (surface fixes)
```
### Recommended Action
Mark #130c, #130d, #130e as **closed** in backlog. Remove from active cluster list. No follow-up work required — the family is complete and the pattern is proven for future subcommand additions.
**Next frontier:** Await code review on 8 pending branches. If velocity demands, shift to:
1. **MCP lifecycle / plugin friction** — user-facing surface observations
2. **Typed-error extension** — apply #130b pattern (filesystem context) to other I/O call sites
3. **Anomalyco/opencode parity gaps** — reference comparison for CLI design
4. **Session resume friction** — dogfood the `#251` fix in real workflows
---
---
## Cluster Closure Note: No-Arg Verb Suffix-Guard Family — COMPLETE
**Timeline: Cycles #55-#56, ~11 minutes**
### What the Family Solved
Universal parser-level contract: **every no-arg diagnostic verb rejects trailing garbage arguments at parse time** instead of silently accepting them.
### Framing (Gaebal-gajae, Cycle #56)
Contract shapes were mixed across verbs. Separating them clarified what was a bug vs. a design choice:
**Closed (14 verbs, all uniform):**
help, version, status, sandbox, doctor, state, init, diff, plugins, skills, system-prompt, dump-manifests, bootstrap-plan, acp
**Legitimate positional (not bugs):**
- `export <file-path>` — file path is intended arg
- `agents <subaction>` — takes subactions like list/help
- `mcp <subaction>` — takes subactions like list/show/help
### Deferred Design Questions (filed below as #155, #156)
Two contract-shape questions surfaced during sweep. Not bugs, but worth recording so future cycles know they're open design choices, not oversights.
---
## Pinpoint #155. `claw config <section>` accepts any string as section name without validation — design question
**Observation (cycle #56 sweep, 2026-04-23 02:22 Seoul):**
```bash
$ claw config garbage
Config
Working directory /path/to/project
Loaded files 1
...
```
The `garbage` is accepted as a section name. The output doesn't change whether you pass a valid section (`env`, `hooks`, `model`, `plugins`) or invalid garbage. Parser accepts any string as Section; runtime applies no filter or validation.
**Design question:**
- Option A — **Strict whitelist**: Reject unknown section names at parse time. Error: `unknown section 'garbage'. Valid sections: env, hooks, model, plugins`.
- Option B — **Advisory validation**: Warn if section isn't recognized, but continue. `[warning] unknown section 'garbage'; showing full config`.
- Option C — **Accept as filter hint**: Keep current behavior but make the output actually filter by section when section is specified. Today it shows the same thing regardless.
**Why this is not a bug (yet):**
- The section parameter is currently **not actually used by the runtime** — output is the same with or without section.
- Adding validation requires deciding what sections mean first.
**Priority:** Medium. Low implementation cost (small match) but needs design decision first.
---
## Pinpoint #156. `claw mcp` / `claw agents` use soft-warning contract instead of hard error for unknown args — design question
**Observation (cycle #56 sweep):**
```bash
$ claw mcp garbage
MCP
Usage /mcp [list|show <server>|help]
Direct CLI claw mcp [list|show <server>|help]
Sources .claw/settings.json, .claw/settings.local.json
Unexpected garbage
```
Both `mcp` and `agents` show help + "Unexpected: <arg>" warning line, but still exit 0 and display help. Contrast with `plugins --help`, which emits hard error on unknown actions.
**Design question:**
- Option A — **Normalize to hard-error**: All subaction-taking verbs (`mcp`, `agents`, `plugins`) should reject unknown subactions consistently (like `plugins` does now).
- Option B — **Normalize to soft-warning**: Standardize on "show help + exit 0" with Unexpected warning; apply to `plugins` too.
- Option C — **Keep as-is**: `mcp`/`agents` treat help as default/fallback; `plugins` treats help as explicit action.
**Why this is not an obvious bug:**
- The soft-warning contract IS useful for discovery — new user typos don't block exploration.
- But it's inconsistent with `plugins` which hard-errors.
**Priority:** Low-Medium. Depends on whether downstream claws parse exit codes or output. Soft-warning plays badly with scripted callers.
---
### Pattern Reference (for future suffix-guard work)
The proven pattern for no-arg verbs:
```rust
"<verb>" => {
if rest.len() > 1 {
return Err(format!(
"unrecognized argument `{}` for subcommand `<verb>`",
rest[1]
));
}
Ok(CliAction::<Verb> { output_format })
}
```
Time to apply: ~3 minutes per verb. Infrastructure is mature.
### Commit Summary
```
#55: 860f285 fix(#152-follow-up): claw init rejects trailing arguments
#56: 3a533ce fix(#152-follow-up-2): claw bootstrap-plan rejects trailing arguments
```
### Recommended Action
- Mark #152 as closed in backlog (all resolvable no-arg cases resolved).
- Track #155 and #156 as active design questions, not bugs.
- No further auto-sweep work needed on suffix-guard family.
---

77
SCHEMAS.md
View File

@@ -107,6 +107,24 @@ When an entity does not exist (exit code 1, but not a failure):
### `list-sessions`
**Status**: ✅ Implemented (closed #251 cycle #45, 2026-04-23).
**Actual binary envelope** (as of #251 fix):
```json
{
"command": "list-sessions",
"sessions": [
{
"id": "session-1775777421902-1",
"path": "/path/to/.claw/sessions/session-1775777421902-1.jsonl",
"updated_at_ms": 1775777421902,
"message_count": 0
}
]
}
```
**Aspirational (future) shape**:
```json
{
"timestamp": "2026-04-22T10:10:00Z",
@@ -128,8 +146,25 @@ When an entity does not exist (exit code 1, but not a failure):
}
```
**Gap**: Current impl lacks `timestamp`, `exit_code`, `output_format`, `schema_version`, `directory`, `sessions_count` (derivable), and the session object uses `id`/`updated_at_ms`/`message_count` instead of `session_id`/`last_modified`/`prompt_count`. Follow-up #250 Option B to align field names and add common-envelope fields.
### `delete-session`
**Status**: ⚠️ Stub only (closed #251 dispatch-order fix; full impl deferred).
**Actual binary envelope** (as of #251 fix):
```json
{
"type": "error",
"command": "delete-session",
"error": "not_yet_implemented",
"kind": "not_yet_implemented"
}
```
Exit code: 1. No credentials required. The stub ensures the verb does NOT fall through to Prompt/auth (the #251 fix), but the actual delete operation is not yet wired.
**Aspirational (future) shape**:
```json
{
"timestamp": "2026-04-22T10:10:00Z",
@@ -143,6 +178,31 @@ When an entity does not exist (exit code 1, but not a failure):
### `load-session`
**Status**: ✅ Implemented (closed #251 cycle #45, 2026-04-23).
**Actual binary envelope** (as of #251 fix):
```json
{
"command": "load-session",
"session": {
"id": "session-abc123",
"path": "/path/to/.claw/sessions/session-abc123.jsonl",
"messages": 5
}
}
```
For nonexistent sessions, emits a local `session_not_found` error (NOT `missing_credentials`):
```json
{
"error": "session not found: nonexistent",
"kind": "session_not_found",
"type": "error",
"hint": "Hint: managed sessions live in .claw/sessions/<hash>/ ..."
}
```
**Aspirational (future) shape**:
```json
{
"timestamp": "2026-04-22T10:10:00Z",
@@ -155,8 +215,25 @@ When an entity does not exist (exit code 1, but not a failure):
}
```
**Gap**: Current impl uses nested `session: {...}` instead of flat fields, and omits common-envelope fields. Follow-up #250 Option B to align.
### `flush-transcript`
**Status**: ⚠️ Stub only (closed #251 dispatch-order fix; full impl deferred).
**Actual binary envelope** (as of #251 fix):
```json
{
"type": "error",
"command": "flush-transcript",
"error": "not_yet_implemented",
"kind": "not_yet_implemented"
}
```
Exit code: 1. No credentials required. Like `delete-session`, this stub resolves the #251 dispatch-order bug but the actual flush operation is not yet wired.
**Aspirational (future) shape**:
```json
{
"timestamp": "2026-04-22T10:10:00Z",

5
rust/crates/rusty-claude-cli/src/main.rs
View File

@@ -417,7 +417,10 @@ fn run() -> Result<(), Box<dyn std::error::Error>> {
cli.set_reasoning_effort(reasoning_effort);
cli.run_turn_with_output(&effective_prompt, output_format, compact)?;
}
CliAction::Doctor { output_format } => run_doctor(output_format)?,
CliAction::Doctor { output_format } => {
run_stale_base_preflight(None);
run_doctor(output_format)?
}
CliAction::Acp { output_format } => print_acp_status(output_format)?,
CliAction::State { output_format } => run_worker_state(output_format)?,
CliAction::Init { output_format } => run_init(output_format)?,