Adds dir_name field to SkillSummary to enable detection of skills where
the SKILL.md frontmatter name differs from the parent directory name.
Also adds SkillMetadataDrift struct for tracking mismatches (used by
skills JSON output in follow-up).
Generated with https://github.com/Yeachan-Heo/gajae-code
Co-authored-by: Gajae Code <dev@gajae-code.com>
claw --resume now enforces the same broad-cwd safety policy as claw prompt
and the interactive REPL. Running from /, $HOME, or other broad directories
blocks execution unless --allow-broad-cwd is passed.
Generated with https://github.com/Yeachan-Heo/gajae-code
Co-authored-by: Gajae Code <dev@gajae-code.com>
claw acp serve now exits 2 (not implemented) instead of 0, so automation
pipelines can detect the no-op via exit code gating.
Key changes:
- acp serve exits 2 instead of 0
- Removed discoverability_tracking, tracking, recommended_workflows from JSON
- Removed phase, exit_code, serve_alias_only fields from JSON
- Status changed from unsupported/discoverability_only to not_implemented
- Error kind for unsupported ACP invocations uses typed prefix
- Updated tests to match new exit code and JSON structure
Generated with https://github.com/Yeachan-Heo/gajae-code
Co-authored-by: Gajae Code <dev@gajae-code.com>
Agent discovery now loads .md files with YAML frontmatter alongside .toml
files, matching the Claude Code agent definition convention. Markdown
agent files must have ----delimited YAML frontmatter with at least name
or description fields.
Key changes:
- parse_agent_frontmatter extracts name, description, model, model_reasoning_effort
- load_agents_from_roots_with_invalids collects both valid and invalid agents
- InvalidAgentConfig tracks rejected .md files with reason
- AgentCollection groups valid agents with invalid entries
- agents JSON output includes valid_count, invalid_count, invalid_agents
- Status is degraded when invalid agents exist
Generated with https://github.com/Yeachan-Heo/gajae-code
Co-authored-by: Gajae Code <dev@gajae-code.com>
Hook config now supports the Claude Code structured hook format with
partial validation. Invalid hook entries are recorded in invalid_hooks
while valid siblings are retained, following the same pattern as MCP
partial validation (#440).
Key changes:
- RuntimeInvalidHookConfig now includes typed kind field (invalid_hooks_config
or unknown_hook_event) for machine-readable error classification
- Hook parsing collects all invalid entries instead of halting at first error
- Unknown hook event names recorded as invalid without rejecting valid hooks
- Legacy bare-string hooks still load with deprecation warnings
- Claude Code documented format loads without error (matcher + nested hooks)
- config/status/doctor JSON surfaces hook_validation metadata
- classify_error_kind maps hook errors to invalid_hooks_config
Generated with https://github.com/Yeachan-Heo/gajae-code
Co-authored-by: Gajae Code <dev@gajae-code.com>
- Fix latest_session_alias_resolves_most_recent_managed_session test:
the test created sessions with 0 messages, which are now filtered out
by the message_count > 0 check in latest_session_excluding(). Updated
the test to call push_user_text() before saving so sessions have
at least one message and are findable by /resume latest.
- Add distinct error message when all sessions are empty (0 messages).
Previously, the same "no managed sessions found" message was returned
whether there were zero sessions or all sessions had 0 messages. Now:
- No sessions at all → "no managed sessions found in {path}. Start
claw to create a session..."
- Sessions exist but all empty → "all sessions are empty (0 messages)
in {path}. This usually means a fresh claw session is running but
no messages have been sent yet. Wait for a response in your other
session, then try --resume latest again."
- Add test for the all-sessions-empty error path.
Addresses reviewer feedback on #3216.
- Add missing retry_after: None field to ApiError::Api construction
in main.rs test. This field was introduced by the Retry-After
header support but was not added to the test's error initializer,
causing a compile error under CI's strict mode.
- Remove duplicate #[must_use] attribute on retry_after() method
in error.rs (lines 134+138 both had it; kept the outer one
above the doc comment per convention).
- Cargo fmt --all run.
- Reviewer question "Are defaults preserved?" — answered yes:
ApiTimeoutConfig defaults to 30s connect / 300s request / 8 retries.
with_retry_policy() is opt-in. No behavior change without explicit
configuration.
Three improvements to the /resume command:
1. /resume latest now skips the current empty session
When a new session is created on startup (with 0 messages), /resume
latest previously returned that empty session. Now it skips sessions
with message_count == 0 and excludes the current session ID via the
new exclude_id parameter, so it finds the previous session with
actual conversation history.
2. Unified load_session_excluding() replaces load_session_loose()
The previous load_session_loose() only handled cross-workspace
resume for aliases. The new load_session_excluding() combines the
loose workspace validation logic with the exclude_id parameter,
simplifying the call chain and ensuring all resume paths skip the
current empty session when appropriate.
3. All existing session scanning paths (global root + project-local
.claw/sessions/) are already in place from prior commits, and now
the exclude_id filter is applied consistently across both local
and global session scans.
Changes:
- session_control.rs: Add resolve_reference_excluding() that delegates
from resolve_reference(), adding optional exclude_id filtering for
alias references.
- session_control.rs: Add latest_session_excluding() that delegates
from latest_session(), filtering out excluded session IDs and
sessions with 0 messages in both local and global scan paths.
- session_control.rs: Add load_session_excluding() that replaces
load_session_loose(), combining cross-workspace alias handling with
the exclude_id parameter.
- main.rs: Add load_session_reference_excluding() that delegates from
load_session_reference(), using the new store method.
- main.rs: Wire LiveCli::resume_session() to pass the current session
ID as the exclude_id so /resume latest skips the current empty
session.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Cherry-picked from PR #2816 onto current upstream/main, resolving
conflicts from PR #3015's merge (which added retry_after to ApiError
but some construction sites were missing it).
Commits preserved:
- ade85398: API timeout config, Retry-After header, configurable retry
- TimeoutConfig in HTTP client builder (connect 30s, request 5min)
- CLAW_API_CONNECT_TIMEOUT and CLAW_API_REQUEST_TIMEOUT env vars
- Retry-After header parsing on 429 responses
- ApiTimeoutConfig in runtime config (settings.json)
- 8a883430: retry 400 responses with transient gateway error bodies
- Detects known gateway phrases in 400 response bodies
- Marks them as retryable instead of hard-failing
- ed91a61e: add 'no parseable body' to CONTEXT_WINDOW_ERROR_MARKERS
- Some providers return 400 with 'no parseable body' for oversized
requests instead of a proper context_length_exceeded error
Commits skipped (already in upstream via PR #3015):
- 453ab642: optional id field (already merged)
- baa8d1ba: HTML detection in streaming (already merged)
- 33d2f789: JSON error detection in streaming (already merged)
8 files changed, 299 insertions, 80 deletions
Some OpenAI-compat backends (e.g. glm-5.1-fast) return 400 with
"no parseable body" when the request payload is too large to parse,
rather than a proper context_length_exceeded error. Without this marker,
is_context_window_error() returns false and the auto-compact retry
loop never triggers — the user just sees an opaque 400 error.
💘 Generated with Crush
Assisted-by: GLM 5.1 FP8 via Crush <crush@charm.land>
Some providers/proxies return HTTP 400 with bodies like "no parseable
body" or "connection reset" during transient network blips. These are
not real bad requests — they're gateway errors wearing a 400 mask.
Detect known gateway error phrases in 400 response bodies and mark
them as retryable so the existing exponential backoff handles them.
- Add TimeoutConfig to HTTP client builder with connect_timeout (30s)
and request_timeout (5min) defaults, configurable via
CLAW_API_CONNECT_TIMEOUT and CLAW_API_REQUEST_TIMEOUT env vars
- Add with_timeout() builder to both AnthropicClient and
OpenAiCompatClient for per-client timeout configuration
- Parse Retry-After header on 429 responses and use it to override
exponential backoff delay when present
- Add ApiTimeoutConfig to runtime config with apiTimeout settings
in ~/.claw/settings.json (connectTimeout, requestTimeout, maxRetries)
- Add retry_after field to ApiError::Api for propagating rate limit
backoff hints through the retry pipeline
Close two ways the permission system could be bypassed:
- Workspace path traversal: normalize `.`/`..` lexically before the
boundary prefix comparison so paths like `/workspace/../../etc` can no
longer escape the sandbox. Fixed in both the runtime enforcer and the
duplicate check in the tools PowerShell path classifier.
- read-only mode no longer trusts the leading token alone: reject shell
metacharacters (chaining/substitution/redirect/pipe/subshell), drop
interpreters and build drivers (python/node/ruby/cargo/rustc) from the
allow-list, gate `git` to non-mutating subcommands, and reject `find`
actions that execute or delete.
Adds regression tests for both holes. The pre-existing, unrelated
worker_boot git-metadata test failure is not affected by this change.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
