feat(scripts): add dogfood-build.sh — build from checkout and verify provenance

Builds claw from the current HEAD, then checks that the binary's git_sha matches git rev-parse --short HEAD. Exits non-zero if the binary is stale or provenance is opaque (git_sha: null). Usage: CLAW=$(bash scripts/dogfood-build.sh) # fail-fast if stale $CLAW version --output-format json # provenance confirmed Addresses ROADMAP #69: dogfooders using a stale installed binary cannot attribute behavior to specific commits. This script makes dogfood round zero unambiguous. Also documents the safe workaround for contributors who have a stale system-installed binary.
fix(mcp): exit 1 when JSON envelope contains ok:false
2026-05-13 17:36:44 +00:00 · 2026-05-05 06:06:54 +09:00 · 2026-05-05 06:05:28 +09:00 · 2026-05-05 05:35:50 +09:00 · 2026-05-05 05:16:00 +09:00 · 2026-05-05 05:13:07 +09:00
5 changed files with 403 additions and 12 deletions
--- a/rust/crates/commands/src/lib.rs
+++ b/rust/crates/commands/src/lib.rs
@@ -2371,6 +2371,40 @@ pub fn handle_skills_slash_command(args: Option<&str>, cwd: &Path) -> std::io::R
            let skills = load_skills_from_roots(&roots)?;
            Ok(render_skills_report(&skills))
        }
+        Some(args) if args.starts_with("list ") => {
+            let filter = args["list ".len()..].trim().to_lowercase();
+            let roots = discover_skill_roots(cwd);
+            let skills = load_skills_from_roots(&roots)?;
+            let filtered: Vec<_> = skills
+                .into_iter()
+                .filter(|s| s.name.to_lowercase().contains(&filter))
+                .collect();
+            Ok(render_skills_report(&filtered))
+        }
+        Some("show" | "info" | "describe") => {
+            let roots = discover_skill_roots(cwd);
+            let skills = load_skills_from_roots(&roots)?;
+            Ok(render_skills_report(&skills))
+        }
+        Some(args)
+            if args.starts_with("show ")
+                || args.starts_with("info ")
+                || args.starts_with("describe ") =>
+        {
+            let name = args
+                .splitn(2, ' ')
+                .nth(1)
+                .unwrap_or_default()
+                .trim()
+                .to_lowercase();
+            let roots = discover_skill_roots(cwd);
+            let skills = load_skills_from_roots(&roots)?;
+            let matched: Vec<_> = skills
+                .into_iter()
+                .filter(|s| s.name.to_lowercase() == name)
+                .collect();
+            Ok(render_skills_report(&matched))
+        }
        Some("install") => Ok(render_skills_usage(Some("install"))),
        Some(args) if args.starts_with("install ") => {
            let target = args["install ".len()..].trim();
@@ -2402,6 +2436,40 @@ pub fn handle_skills_slash_command_json(args: Option<&str>, cwd: &Path) -> std::
            let skills = load_skills_from_roots(&roots)?;
            Ok(render_skills_report_json(&skills))
        }
+        Some(args) if args.starts_with("list ") => {
+            let filter = args["list ".len()..].trim().to_lowercase();
+            let roots = discover_skill_roots(cwd);
+            let skills = load_skills_from_roots(&roots)?;
+            let filtered: Vec<_> = skills
+                .into_iter()
+                .filter(|s| s.name.to_lowercase().contains(&filter))
+                .collect();
+            Ok(render_skills_report_json(&filtered))
+        }
+        Some("show" | "info" | "describe") => {
+            let roots = discover_skill_roots(cwd);
+            let skills = load_skills_from_roots(&roots)?;
+            Ok(render_skills_report_json(&skills))
+        }
+        Some(args)
+            if args.starts_with("show ")
+                || args.starts_with("info ")
+                || args.starts_with("describe ") =>
+        {
+            let name = args
+                .splitn(2, ' ')
+                .nth(1)
+                .unwrap_or_default()
+                .trim()
+                .to_lowercase();
+            let roots = discover_skill_roots(cwd);
+            let skills = load_skills_from_roots(&roots)?;
+            let matched: Vec<_> = skills
+                .into_iter()
+                .filter(|s| s.name.to_lowercase() == name)
+                .collect();
+            Ok(render_skills_report_json(&matched))
+        }
        Some("install") => Ok(render_skills_usage_json(Some("install"))),
        Some(args) if args.starts_with("install ") => {
            let target = args["install ".len()..].trim();
@@ -2419,10 +2487,20 @@ pub fn handle_skills_slash_command_json(args: Option<&str>, cwd: &Path) -> std::
 #[must_use]
 pub fn classify_skills_slash_command(args: Option<&str>) -> SkillSlashDispatch {
    match normalize_optional_args(args) {
-        None | Some("list" | "help" | "-h" | "--help") => SkillSlashDispatch::Local,
+        None | Some("list" | "help" | "-h" | "--help" | "show" | "info" | "describe") => {
+            SkillSlashDispatch::Local
+        }
        Some(args) if args == "install" || args.starts_with("install ") => {
            SkillSlashDispatch::Local
        }
+        Some(args)
+            if args.starts_with("list ")
+                || args.starts_with("show ")
+                || args.starts_with("info ")
+                || args.starts_with("describe ") =>
+        {
+            SkillSlashDispatch::Local
+        }
        Some(args) => SkillSlashDispatch::Invoke(format!("${}", args.trim_start_matches('/'))),
    }
 }
@@ -2596,10 +2674,44 @@ fn render_mcp_report_for(
                )),
            }
        }
+        Some(args) if args.split_whitespace().next() == Some("list") && args.contains(' ') => {
+            // `mcp list <filter>` — list does not accept arguments; treat as unsupported action.
+            Ok(render_mcp_unsupported_action_text(
+                args,
+                "list accepts no filter argument; use `claw mcp list`",
+            ))
+        }
+        Some(args) if matches!(args.split_whitespace().next(), Some("info" | "describe")) => {
+            Ok(render_mcp_unsupported_action_text(
+                args,
+                "use `claw mcp show <server>` to inspect a server",
+            ))
+        }
        Some(args) => Ok(render_mcp_usage(Some(args))),
    }
 }

+fn render_mcp_unsupported_action_text(action: &str, hint: &str) -> String {
+    format!(
+        "MCP\n  Error            unsupported action '{action}'\n  Hint             {hint}\n  Usage            /mcp [list|show <server>|help]"
+    )
+}
+
+fn render_mcp_unsupported_action_json(action: &str, hint: &str) -> Value {
+    json!({
+        "kind": "mcp",
+        "action": "error",
+        "ok": false,
+        "error_kind": "unsupported_action",
+        "requested_action": action,
+        "hint": hint,
+        "usage": {
+            "slash_command": "/mcp [list|show <server>|help]",
+            "direct_cli": "claw mcp [list|show <server>|help]",
+        },
+    })
+}
+
 fn render_mcp_report_json_for(
    loader: &ConfigLoader,
    cwd: &Path,
@@ -2680,6 +2792,18 @@ fn render_mcp_report_json_for(
                })),
            }
        }
+        Some(args) if args.split_whitespace().next() == Some("list") && args.contains(' ') => {
+            Ok(render_mcp_unsupported_action_json(
+                args,
+                "list accepts no filter argument; use `claw mcp list`",
+            ))
+        }
+        Some(args) if matches!(args.split_whitespace().next(), Some("info" | "describe")) => {
+            Ok(render_mcp_unsupported_action_json(
+                args,
+                "use `claw mcp show <server>` to inspect a server",
+            ))
+        }
        Some(args) => Ok(render_mcp_usage_json(Some(args))),
    }
 }
@@ -4619,6 +4743,32 @@ mod tests {
        assert!(agents_error.contains("  Usage            /agents [list|help]"));
    }

+    #[test]
+    fn skills_show_and_list_filter_do_not_invoke_model() {
+        // `show`, `info`, `list <filter>` must route to Local, not Invoke.
+        // Regression for: `claw skills show plan` unexpectedly spawned a model session.
+        for token in &["show", "info", "describe"] {
+            assert_eq!(
+                classify_skills_slash_command(Some(token)),
+                SkillSlashDispatch::Local,
+                "`skills {token}` alone must be Local"
+            );
+        }
+        for prefix in &["show ", "info ", "list ", "describe "] {
+            let arg = format!("{prefix}plan");
+            assert_eq!(
+                classify_skills_slash_command(Some(&arg)),
+                SkillSlashDispatch::Local,
+                "`skills {arg}` must be Local, not Invoke"
+            );
+        }
+        // Bare invocable tokens still dispatch to Invoke.
+        assert_eq!(
+            classify_skills_slash_command(Some("plan")),
+            SkillSlashDispatch::Invoke("$plan".to_string()),
+        );
+    }
+
    #[test]
    fn accepts_skills_invocation_arguments_for_prompt_dispatch() {
        assert_eq!(
@@ -4641,6 +4791,38 @@ mod tests {
        );
    }

+    #[test]
+    fn mcp_unsupported_actions_return_typed_error_not_generic_help() {
+        // `mcp info <name>` and `mcp list <filter>` must return typed errors, not raw help.
+        // Regression for #504: these previously fell through to render_mcp_usage with
+        // unexpected=arg, giving no machine-readable error_kind.
+        use crate::handle_mcp_slash_command_json;
+        use std::path::PathBuf;
+        let cwd = PathBuf::from("/tmp");
+
+        let info_json = handle_mcp_slash_command_json(Some("info nonexistent"), &cwd)
+            .expect("info nonexistent should not error at IO level");
+        assert_eq!(info_json["kind"], "mcp");
+        assert_eq!(info_json["ok"], false);
+        assert_eq!(info_json["error_kind"], "unsupported_action");
+        assert!(info_json["hint"]
+            .as_str()
+            .unwrap_or_default()
+            .contains("show"));
+
+        let list_filter_json = handle_mcp_slash_command_json(Some("list nonexistent"), &cwd)
+            .expect("list nonexistent should not error at IO level");
+        assert_eq!(list_filter_json["kind"], "mcp");
+        assert_eq!(list_filter_json["ok"], false);
+        assert_eq!(list_filter_json["error_kind"], "unsupported_action");
+
+        let describe_json = handle_mcp_slash_command_json(Some("describe myserver"), &cwd)
+            .expect("describe myserver should not error at IO level");
+        assert_eq!(describe_json["kind"], "mcp");
+        assert_eq!(describe_json["ok"], false);
+        assert_eq!(describe_json["error_kind"], "unsupported_action");
+    }
+
    #[test]
    fn rejects_invalid_mcp_arguments() {
        let show_error = parse_error_message("/mcp show alpha beta");
--- a/rust/crates/rusty-claude-cli/src/main.rs
+++ b/rust/crates/rusty-claude-cli/src/main.rs
@@ -877,13 +877,17 @@ fn parse_args(args: &[String]) -> Result<CliAction, String> {
        // `missing Anthropic credentials` even though the command is purely
        // local introspection. Mirror `agents`/`mcp`/`skills`: action is the
        // first positional arg, target is the second.
-        "plugins" => {
+        // `plugin` (singular) and `marketplace` are aliases for `plugins`.
+        // All three must route to the same local handler so that no form
+        // falls through to the LLM/prompt path.
+        "plugins" | "plugin" | "marketplace" => {
            let tail = &rest[1..];
            let action = tail.first().cloned();
            let target = tail.get(1).cloned();
            if tail.len() > 2 {
                return Err(format!(
-                    "unexpected extra arguments after `claw plugins {}`: {}",
+                    "unexpected extra arguments after `claw {} {}`: {}",
+                    rest[0],
                    tail[..2].join(" "),
                    tail[2..].join(" ")
                ));
@@ -926,6 +930,14 @@ fn parse_args(args: &[String]) -> Result<CliAction, String> {
            }
            Ok(CliAction::Diff { output_format })
        }
+        // `claw permissions <mode>` falls through to the LLM when called
+        // with a subcommand argument because parse_single_word_command_alias
+        // only intercepts the bare single-word form. Catch all multi-word
+        // forms here and return a structured guidance error so no network
+        // call or session is created.
+        "permissions" => Err(format!(
+            "`claw permissions` is a slash command. Start `claw` and run `/permissions` inside the REPL.\n  Usage  /permissions [read-only|workspace-write|danger-full-access]"
+        )),
        "skills" => {
            let args = join_optional_args(&rest[1..]);
            match classify_skills_slash_command(args.as_deref()) {
@@ -2627,12 +2639,15 @@ fn print_version(output_format: CliOutputFormat) -> Result<(), Box<dyn std::erro
 }

 fn version_json_value() -> serde_json::Value {
+    let executable_path = env::current_exe().ok().map(|p| p.display().to_string());
    json!({
        "kind": "version",
        "message": render_version_report(),
        "version": VERSION,
        "git_sha": GIT_SHA,
        "target": BUILD_TARGET,
+        "build_date": DEFAULT_DATE,
+        "executable_path": executable_path,
    })
 }

@@ -3542,6 +3557,37 @@ fn run_resume_command(
                json: Some(handle_skills_slash_command_json(args.as_deref(), &cwd)?),
            })
        }
+        SlashCommand::Plugins { action, target } => {
+            // Only list is supported in resume mode (no runtime to reload)
+            match action.as_deref() {
+                Some("install") | Some("uninstall") | Some("enable") | Some("disable")
+                | Some("update") => {
+                    return Err(
+                        "resumed /plugins mutations are interactive-only; start `claw` and run `/plugins` in the REPL".into(),
+                    );
+                }
+                _ => {}
+            }
+            let cwd = env::current_dir()?;
+            let loader = ConfigLoader::default_for(&cwd);
+            let runtime_config = loader.load()?;
+            let mut manager = build_plugin_manager(&cwd, &loader, &runtime_config);
+            let result =
+                handle_plugins_slash_command(action.as_deref(), target.as_deref(), &mut manager)?;
+            let action_str = action.as_deref().unwrap_or("list");
+            let json = serde_json::json!({
+                "kind": "plugin",
+                "action": action_str,
+                "target": target,
+                "message": &result.message,
+                "reload_runtime": result.reload_runtime,
+            });
+            Ok(ResumeCommandOutcome {
+                session: session.clone(),
+                message: Some(result.message),
+                json: Some(json),
+            })
+        }
        SlashCommand::Doctor => {
            let report = render_doctor_report()?;
            Ok(ResumeCommandOutcome {
@@ -3628,7 +3674,6 @@ fn run_resume_command(
        | SlashCommand::Model { .. }
        | SlashCommand::Permissions { .. }
        | SlashCommand::Session { .. }
-        | SlashCommand::Plugins { .. }
        | SlashCommand::Login
        | SlashCommand::Logout
        | SlashCommand::Vim
@@ -5062,10 +5107,17 @@ impl LiveCli {
        let cwd = env::current_dir()?;
        match output_format {
            CliOutputFormat::Text => println!("{}", handle_mcp_slash_command(args, &cwd)?),
-            CliOutputFormat::Json => println!(
-                "{}",
-                serde_json::to_string_pretty(&handle_mcp_slash_command_json(args, &cwd)?)?
-            ),
+            CliOutputFormat::Json => {
+                let value = handle_mcp_slash_command_json(args, &cwd)?;
+                // Propagate ok:false → non-zero exit so automation callers
+                // can rely on exit code instead of inspecting the envelope.
+                // (#68: mcp error envelopes previously always exited 0.)
+                let is_error = value.get("ok").and_then(|v| v.as_bool()) == Some(false);
+                println!("{}", serde_json::to_string_pretty(&value)?);
+                if is_error {
+                    std::process::exit(1);
+                }
+            }
        }
        Ok(())
    }
@@ -6207,7 +6259,7 @@ fn render_config_report(section: Option<&str>) -> Result<String, Box<dyn std::er
 }

 fn render_config_json(
-    _section: Option<&str>,
+    section: Option<&str>,
 ) -> Result<serde_json::Value, Box<dyn std::error::Error>> {
    let cwd = env::current_dir()?;
    let loader = ConfigLoader::default_for(&cwd);
@@ -6240,13 +6292,52 @@ fn render_config_json(
        })
        .collect();

-    Ok(serde_json::json!({
+    let base = serde_json::json!({
        "kind": "config",
        "cwd": cwd.display().to_string(),
        "loaded_files": loaded_paths.len(),
        "merged_keys": runtime_config.merged().len(),
        "files": files,
-    }))
+    });
+
+    if let Some(section) = section {
+        let section_rendered: Option<String> = match section {
+            "env" => runtime_config.get("env").map(|v| v.render()),
+            "hooks" => runtime_config.get("hooks").map(|v| v.render()),
+            "model" => runtime_config.get("model").map(|v| v.render()),
+            "plugins" => runtime_config
+                .get("plugins")
+                .or_else(|| runtime_config.get("enabledPlugins"))
+                .map(|v| v.render()),
+            other => {
+                return Ok(serde_json::json!({
+                    "kind": "config",
+                    "section": other,
+                    "ok": false,
+                    "error": format!("Unsupported config section '{other}'. Use env, hooks, model, or plugins."),
+                    "cwd": cwd.display().to_string(),
+                    "loaded_files": loaded_paths.len(),
+                    "files": files,
+                }));
+            }
+        };
+        // Parse the rendered JSON string back into serde_json::Value so that
+        // section_value is a real JSON object/array in the envelope, not a quoted string.
+        let section_value: serde_json::Value = section_rendered
+            .as_deref()
+            .and_then(|s| serde_json::from_str(s).ok())
+            .unwrap_or(serde_json::Value::Null);
+        let mut obj = base;
+        let map = obj.as_object_mut().expect("base is object");
+        map.insert(
+            "section".to_string(),
+            serde_json::Value::String(section.to_string()),
+        );
+        map.insert("section_value".to_string(), section_value);
+        return Ok(obj);
+    }
+
+    Ok(base)
 }

 fn render_memory_report() -> Result<String, Box<dyn std::error::Error>> {
--- a/rust/crates/rusty-claude-cli/tests/output_format_contract.rs
+++ b/rust/crates/rusty-claude-cli/tests/output_format_contract.rs
@@ -30,6 +30,15 @@ fn version_emits_json_when_requested() {
    let parsed = assert_json_command(&root, &["--output-format", "json", "version"]);
    assert_eq!(parsed["kind"], "version");
    assert_eq!(parsed["version"], env!("CARGO_PKG_VERSION"));
+    // Provenance fields must be present for binary identification (#507).
+    assert!(
+        parsed["build_date"].is_string(),
+        "build_date must be a string in version JSON"
+    );
+    assert!(
+        parsed["executable_path"].is_string(),
+        "executable_path must be a string in version JSON so callers can identify which binary is running"
+    );
 }

 #[test]
@@ -388,6 +397,34 @@ fn resumed_inventory_commands_emit_structured_json_when_requested() {
        agents["count"].is_number(),
        "count must be a number, not a text render"
    );
+
+    let plugins = assert_json_command_with_env(
+        &root,
+        &[
+            "--output-format",
+            "json",
+            "--resume",
+            session_path.to_str().expect("utf8 session path"),
+            "/plugins",
+        ],
+        &[
+            (
+                "CLAW_CONFIG_HOME",
+                config_home.to_str().expect("utf8 config home"),
+            ),
+            ("HOME", home.to_str().expect("utf8 home")),
+        ],
+    );
+    assert_eq!(plugins["kind"], "plugin");
+    assert_eq!(plugins["action"], "list");
+    assert!(
+        plugins["reload_runtime"].is_boolean(),
+        "plugins reload_runtime should be a boolean"
+    );
+    assert!(
+        plugins["target"].is_null(),
+        "plugins target should be null when no plugin is targeted"
+    );
 }

 #[test]
@@ -424,6 +461,44 @@ fn resumed_version_and_init_emit_structured_json_when_requested() {
    assert!(root.join("CLAUDE.md").exists());
 }

+#[test]
+fn config_section_json_emits_section_and_value() {
+    let root = unique_temp_dir("config-section-json");
+    fs::create_dir_all(&root).expect("temp dir should exist");
+
+    // Without a section: should return base envelope (no section field).
+    let base = assert_json_command(&root, &["--output-format", "json", "config"]);
+    assert_eq!(base["kind"], "config");
+    assert!(base["loaded_files"].is_number());
+    assert!(base["merged_keys"].is_number());
+    assert!(
+        base.get("section").is_none(),
+        "no section field without section arg"
+    );
+
+    // With a known section: should add section + section_value fields.
+    for section in &["model", "env", "hooks", "plugins"] {
+        let result = assert_json_command(&root, &["--output-format", "json", "config", section]);
+        assert_eq!(result["kind"], "config", "section={section}");
+        assert_eq!(
+            result["section"].as_str(),
+            Some(*section),
+            "section field must match requested section, got {result:?}"
+        );
+        assert!(
+            result.get("section_value").is_some(),
+            "section_value field must be present for section={section}"
+        );
+    }
+
+    // With an unsupported section: should return ok:false + error field.
+    let bad = assert_json_command(&root, &["--output-format", "json", "config", "unknown"]);
+    assert_eq!(bad["kind"], "config");
+    assert_eq!(bad["ok"], false);
+    assert!(bad["error"].as_str().is_some());
+    assert!(bad["section"].as_str().is_some());
+}
+
 fn assert_json_command(current_dir: &Path, args: &[&str]) -> Value {
    assert_json_command_with_env(current_dir, args, &[])
 }
--- a/rust/crates/rusty-claude-cli/tests/resume_slash_commands.rs
+++ b/rust/crates/rusty-claude-cli/tests/resume_slash_commands.rs
@@ -227,6 +227,8 @@ fn resumed_status_command_emits_structured_json_when_requested() {
    // given
    let temp_dir = unique_temp_dir("resume-status-json");
    fs::create_dir_all(&temp_dir).expect("temp dir should exist");
+    let config_home = temp_dir.join("config-home");
+    fs::create_dir_all(&config_home).expect("isolated config home should exist");
    let session_path = temp_dir.join("session.jsonl");

    let mut session = workspace_session(&temp_dir);
@@ -238,7 +240,9 @@ fn resumed_status_command_emits_structured_json_when_requested() {
        .expect("session should persist");

    // when
-    let output = run_claw(
+    // Use an isolated CLAW_CONFIG_HOME so ~/.claw/settings.json is not loaded,
+    // which would cause loaded_config_files to be non-zero (#65).
+    let output = run_claw_with_env(
        &temp_dir,
        &[
            "--output-format",
@@ -247,6 +251,7 @@ fn resumed_status_command_emits_structured_json_when_requested() {
            session_path.to_str().expect("utf8 path"),
            "/status",
        ],
+        &[("CLAW_CONFIG_HOME", config_home.to_str().expect("utf8 path"))],
    );

    // then
--- a/scripts/dogfood-build.sh
+++ b/scripts/dogfood-build.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+# dogfood-build.sh — Build claw from current checkout and verify provenance.
+# Usage: bash scripts/dogfood-build.sh
+# On success: prints the verified binary path. Use as:
+#   CLAW=$(bash scripts/dogfood-build.sh) && $CLAW version --output-format json
+set -euo pipefail
+
+REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+RUST_DIR="$REPO_ROOT/rust"
+BINARY="$RUST_DIR/target/debug/claw"
+EXPECTED_SHA="$(git -C "$REPO_ROOT" rev-parse --short HEAD)"
+
+echo "▶ Building claw from $REPO_ROOT ($(git -C "$REPO_ROOT" log --oneline -1))..." >&2
+cargo build --manifest-path "$RUST_DIR/Cargo.toml" -p rusty-claude-cli -q
+
+if [[ ! -x "$BINARY" ]]; then
+    echo "✗ Build succeeded but binary not found at $BINARY" >&2
+    exit 1
+fi
+
+BINARY_SHA=$("$BINARY" version --output-format json 2>/dev/null \
+    | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('git_sha','null'))" 2>/dev/null || echo "null")
+
+if [[ "$BINARY_SHA" == "null" || -z "$BINARY_SHA" ]]; then
+    echo "✗ Provenance check failed: binary reports git_sha: null" >&2
+    echo "  Binary: $BINARY" >&2
+    exit 1
+fi
+
+if [[ "$BINARY_SHA" != "$EXPECTED_SHA" ]]; then
+    echo "✗ Provenance mismatch: binary=$BINARY_SHA, HEAD=$EXPECTED_SHA" >&2
+    echo "  Rerun after 'git pull' or check for uncommitted changes." >&2
+    exit 1
+fi
+
+echo "✓ Binary verified: $BINARY_SHA == HEAD ($EXPECTED_SHA)" >&2
+echo "  To dogfood: export CLAW=$BINARY" >&2
+echo "$BINARY"
Author	SHA1	Message	Date
YeonGyu-Kim	eee6f43ebf	feat(scripts): add dogfood-build.sh — build from checkout and verify provenance Builds claw from the current HEAD, then checks that the binary's git_sha matches git rev-parse --short HEAD. Exits non-zero if the binary is stale or provenance is opaque (git_sha: null). Usage: CLAW=$(bash scripts/dogfood-build.sh) # fail-fast if stale $CLAW version --output-format json # provenance confirmed Addresses ROADMAP #69: dogfooders using a stale installed binary cannot attribute behavior to specific commits. This script makes dogfood round zero unambiguous. Also documents the safe workaround for contributors who have a stale system-installed binary.	2026-05-05 06:06:54 +09:00
YeonGyu-Kim	64f92b1560	fix(mcp): exit 1 when JSON envelope contains ok:false mcp info, mcp describe, and mcp list-filter all return {"action":"error","ok":false,...} but previously exited 0, requiring automation callers to inspect the envelope field. After this fix: print_mcp detects ok:false in the rendered JSON value and calls process::exit(1) after printing, so the exit code reflects the semantic error in the envelope. Unaffected: mcp list, mcp show, mcp help all have no ok field and continue to exit 0 (they are not error paths). Closes ROADMAP #68 (partial — agents bogus/mcp show nonexistent found:false remain exit:0 as they use different envelope shapes).	2026-05-05 06:05:28 +09:00
YeonGyu-Kim	caeac828b5	fix(permissions): return guidance for multi-word forms instead of falling through to LLM (#2994 ) claw permissions list / claw permissions allow <tool> / claw permissions deny <tool> all fell through to the prompt/LLM path because parse_subcommand had no arm for "permissions". The single-word bare form was already intercepted by bare_slash_command_guidance, but any form with rest.len() > 1 bypassed the single-word guard and landed in the _other => CliAction::Prompt branch. Fix: add a "permissions" arm in parse_subcommand that returns a structured guidance Err so all multi-word forms get the same exit:1 + JSON error as the bare single-word form, without any LLM call or session creation. Verified: all invocation forms (bare, list, read-only, workspace-write, allow/deny <tool>) exit 1 with kind:unknown guidance JSON. Zero sessions.	2026-05-05 05:35:50 +09:00
YeonGyu-Kim	85435ad4b5	fix(plugins): route plugin and marketplace aliases through local handler (#2993 ) claw plugin list / claw marketplace / claw marketplace list all fell through to the prompt/LLM path because parse_subcommand only matched "plugins" (the primary name) while the canonical spec aliases "plugin" and "marketplace" were unhandled. This manifested as auth errors and session creation on direct invocation — dogfood confirmed Gaebal's binary created one session via plugin prompt fallback. Fix: extend the plugins arm in parse_subcommand to also match "plugin" \| "marketplace" so all three forms route to the same CliAction::Plugins without network calls or session creation. Verified: all six forms (bare + list subcommand for each name) return kind:plugin JSON, exit 0, and create zero sessions. Closes ROADMAP #55 partial (plugins/marketplace bypass complete).	2026-05-05 05:16:00 +09:00
YeonGyu-Kim	5eb4b8a944	fix(mcp): return typed error JSON for unsupported actions (info/describe/list-filter) (#2989 ) `claw mcp info nonexistent --output-format json` and `claw mcp list nonexistent --output-format json` fell through to the generic help renderer, returning an opaque envelope with only `unexpected` set — no machine-readable error_kind. Fix: - Add typed guards in render_mcp_report_for/_json_for for: - `list <filter>`: list accepts no filter argument - `info <name>` / `describe <name>`: suggest `mcp show` - New render_mcp_unsupported_action_text/json helpers emit `ok:false`, `error_kind:"unsupported_action"`, `hint`, `requested_action` - `mcp show`, `mcp list`, `mcp help` existing paths unchanged Test: mcp_unsupported_actions_return_typed_error_not_generic_help asserts kind=="mcp", ok==false, error_kind=="unsupported_action" for info/list-filter/describe paths. Pinpoint: ROADMAP #504	2026-05-05 05:13:07 +09:00
YeonGyu-Kim	65aa559733	fix: support /plugins slash command in resume mode (#2973 ) * fix: support /plugins slash command in resume mode Move SlashCommand::Plugins out of the 'unsupported resumed slash command' catch-all and add a handler arm in run_resume_command that calls handle_plugins_slash_command for list/help actions. Mutation actions (install/uninstall/enable/disable) are rejected with a clear error since there is no runtime to reload in resume mode. Add /plugins coverage to resumed_inventory_commands test in output_format_contract.rs: kind, action, reload_runtime, target. Before: claw --resume session.jsonl /plugins --output-format json -> {error: 'unsupported resumed slash command', type: 'error'}, exit 1 After: claw --resume session.jsonl /plugins --output-format json -> {kind: 'plugin', action: 'list', ...}, exit 0 * style: cargo fmt line wrap in run_resume_command plugins handler * fix: block /plugins update in resume mode, fix comment Address REQUEST_CHANGES from OMX review: 1. Add 'update' to the blocked mutation actions in resume mode (previously only install/uninstall/enable/disable were blocked) 2. Fix comment: 'Only list is supported' instead of 'Only list/help' since /plugins help doesn't actually parse as a valid action * style: cargo fmt after conflict resolution	2026-05-05 04:55:39 +09:00
YeonGyu-Kim	ac8a24b30b	fix(config): emit section and section_value in JSON output for config subcommands (#2990 ) `claw config model --output-format json` and all other section subcommands (`env`, `hooks`, `plugins`) returned identical output with no section field — the section arg was parsed but discarded (_section parameter). Fix: render_config_json now: - Passes section through to handler - Looks up the section value via runtime_config.get(), converting the internal JsonValue to serde_json::Value via render()+parse - Emits `section` (string) and `section_value` (JSON value or null) in the response envelope - Returns ok:false + error for unsupported section tokens Test: config_section_json_emits_section_and_value asserts: - No section field when no section arg - section + section_value fields present for all known sections - ok:false + error for unknown section Pinpoint: ROADMAP #126	2026-05-05 04:50:33 +09:00
YeonGyu-Kim	94b80a05d3	fix(skills): route show/info/list-filter to local, not model invoke (#2988 ) `claw skills show <name>`, `claw skills info <name>`, and `claw skills list <filter>` were all falling through to SkillSlashDispatch::Invoke, which spawned a real model session, consumed tokens, and created session files. Root cause: classify_skills_slash_command had no guards for these discovery prefixes; every non-reserved arg became Invoke. Fix: - Add "show", "info" as Local-only bare tokens - Add starts_with guards for "show ", "info ", "list " args - handle_skills_slash_command: filter skill list by name/substring for show/info/list-filter paths (no model call, no session) - handle_skills_slash_command_json: same structured filtering Test: skills_show_and_list_filter_do_not_invoke_model asserts classify_skills_slash_command returns Local for all discovery patterns and still returns Invoke for bare skill names. Pinpoint: ROADMAP #502	2026-05-05 04:50:30 +09:00
YeonGyu-Kim	9b97c4d832	fix(tests): isolate CLAW_CONFIG_HOME in resumed_status JSON test (#2992 ) resumed_status_command_emits_structured_json_when_requested was reading the real ~/.claw/settings.json, causing loaded_config_files to be 1 instead of the expected 0 on machines with user config present. Root cause: unlike other tests (e.g. resumed_config_command_loads_settings_files), this test did not pass an isolated CLAW_CONFIG_HOME env var to run_claw, so claw fell back to the real HOME and loaded the developer's settings file. Fix: create a temp config-home dir and pass it as CLAW_CONFIG_HOME via run_claw_with_env. This gives the assertion a clean 0-file baseline. Unblocks PRs #2973, #2988, #2990 which all failed this same test on main. Ref: ROADMAP #65	2026-05-05 04:49:46 +09:00
YeonGyu-Kim	1206f4131d	fix(resume): emit structured JSON for /agents --output-format json (#2987 ) Resumed /agents --output-format json was returning a human-readable text render wrapped in a JSON envelope field instead of the actual structured agent list. The run_resume_command handler was calling handle_agents_slash_command (text) for the json field instead of handle_agents_slash_command_json. Fix: use handle_agents_slash_command_json for the json outcome field, matching the pattern already used by /skills and /plugins. Test: extended resumed_inventory_commands_emit_structured_json_when_requested to cover /agents, asserting kind=="agents", action=="list", agents is an array, and count is a number (not a text render).	2026-05-05 04:20:52 +09:00
YeonGyu-Kim	c99330372c	fix(version): add build_date and executable_path to version JSON output `claw version --output-format json` was missing build_date and executable_path, making it impossible to identify which binary is running or correlate it with a specific build/commit. Fix: version_json_value() now includes: - build_date: compile-time BUILD_DATE env (already in text output) - executable_path: std::env::current_exe() at runtime Test: version_emits_json_when_requested extended to assert both fields are strings in the JSON envelope. Pinpoint: ROADMAP #507	2026-05-05 04:20:12 +09:00