Keep roadmap diff check clean

Remove only the trailing EOF blank line so the PR satisfies whitespace validation without touching test-only Rust coverage.

Constraint: PR #2837 review requested preserving the Rust test module.

Rejected: remove Rust test module | OMX review determined it is test-only and acceptable.

Confidence: high

Scope-risk: narrow

Directive: Do not expand this fix beyond ROADMAP.md EOF whitespace.

Tested: git diff --check origin/main...HEAD; scripts/fmt.sh --check; git diff --name-status origin/main...HEAD

ROADMAP.md

@@ -6258,3 +6258,5 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed)
 248. **Non-interactive prompt mode can exceed caller timeouts with no in-band startup/API phase event or partial status artifact** — dogfooded 2026-04-29 from live tmux session `claw-code-issue-247-human-fresh-run` after the owner explicitly asked gaebal-gajae to make a fresh session and use `claw-code` directly. The actual `./rust/target/debug/claw` binary was launched via `clawhip tmux new` on current main. `claw doctor --output-format json` and `claw status --output-format json` both succeeded and reported auth/config/workspace ok, but minimal non-interactive prompt calls (`timeout 120 ./rust/target/debug/claw --output-format json --dangerously-skip-permissions "echo hello"` and `timeout 120 ./rust/target/debug/claw --output-format json prompt "Reply with just the word hello"`) both timed out from the outer harness after roughly 150s with only `Command exceeded timeout` visible. There was no machine-readable `api_request_started`, `waiting_for_first_token`, provider/model/base-url identity, retry count, or partial status file/event that would let clawhip distinguish slow provider, network stall, auth/OAuth drift, stream parser hang, or prompt-mode bug. **Required fix shape:** (a) emit structured non-interactive lifecycle events for `startup_ok`, `api_request_started`, `first_byte/first_token`, retry/backoff, and terminal `timeout_or_stall` states; (b) include provider/model/base URL source and auth source category without leaking secrets; (c) support a CLI/request timeout flag or env override that returns a typed JSON error before the outer orchestrator kills the process; (d) write/emit a final partial status artifact on timeout so lane monitors do not have to infer state from a dead process. **Why this matters:** non-interactive prompt mode is the automation path; if it can hang past the caller's timeout while doctor/status are green, claws lose the ability to tell whether startup, auth, transport, provider latency, or stream consumption failed. Source: live session `claw-code-issue-247-human-fresh-run` on 2026-04-29.
 
 249. **`/issue` advertises GitHub issue creation but never reaches a GitHub/OAuth/auth preflight or creation path, and the non-interactive error suggests unusable resume forms** — dogfooded 2026-04-29 on current main `8e22f757` while chasing the remaining Phase-0 GitHub OAuth blocker. The visible help advertises `/issue [context]` as “Draft or create a GitHub issue from the conversation,” but the actual implementation path only renders a local `Issue` report (`format_issue_report`) and does not invoke `gh`, GitHub API, OAuth, token discovery, browser auth, or even a dry-run/auth-preflight surface. Direct non-interactive use (`./rust/target/debug/claw '/issue dogfood test'`) returns `slash command /issue dogfood test is interactive-only` and suggests `claw --resume SESSION.jsonl /issue ...` / `claw --resume latest /issue ...` “when the command is marked [resume]”, while `/help` does not mark `/issue` as resume-safe and resume dispatch rejects interactive-only commands. That leaves operators with a GitHub-labeled command whose real behavior is neither issue creation nor a clear GitHub OAuth blocker. **Required fix shape:** (a) split the contract explicitly: either rename/copy to “draft issue text” or implement a real `create` path with GitHub auth preflight; (b) surface a machine-readable GitHub auth state (`gh_cli_authenticated`, `github_token_present`, `oauth_required`, `creation_unavailable`) before any issue-create attempt; (c) make the direct-mode error avoid suggesting resume forms for commands not marked resume-safe; (d) add regression coverage proving `/issue` help, direct-mode rejection, resume support flags, and creation/draft behavior agree. **Why this matters:** Phase-0 GitHub OAuth verification cannot complete if the only GitHub issue surface stops at local prose while still advertising creation. Claws need to know whether they are missing GitHub auth, using a draft-only helper, or hitting an unimplemented creation path. Source: gaebal-gajae dogfood cycle in `#clawcode-building-in-public` on 2026-04-29.
+
+322. **Config deprecation warnings are emitted to stderr even under `--output-format json`, making JSON output unparseable from combined stdout+stderr capture** — dogfooded 2026-04-29 by Jobdori on current main (`8e22f75`). Running `cargo run --bin claw -- doctor --output-format json 2>&1 | python3 -c "import sys,json; json.loads(sys.stdin.read())"` fails with `Expecting value: line 1 column 1 (char 0)` because a `warning: /path/settings.json: field "enabledPlugins" is deprecated. Use "plugins.enabled" instead` line is emitted to stderr before the JSON body begins. When a caller captures combined output (the common automation pattern: `2>&1`, subprocess `STDOUT | STDERR`, PTY capture, or tmux pane scrape) the warning prefix breaks JSON parse for every downstream consumer. Root cause: `rust/crates/runtime/src/config.rs` line ~300 calls `eprintln!("warning: {warning}")` unconditionally during `ClawSettings::load_merged()` regardless of active output format. **Required fix shape:** (a) thread the active `CliOutputFormat` through the config loading path and suppress or defer human-readable warning strings when `json` mode is active; (b) instead, collect deprecation diagnostics and inject them into the JSON output as a top-level `"warnings": [...]` array (same field already used by `doctor`); (c) ensure the JSON body is always the first bytes on stdout and all prose warnings stay on stderr or are suppressed in json mode; (d) add regression coverage proving `claw <any-cmd> --output-format json` stdout is valid JSON regardless of config deprecation state. **Why this matters:** `--output-format json` is the automation/claw contract; if config warnings can silently corrupt the JSON stream, every orchestration layer that captures combined output gets broken parse-on-warning with no stable fallback. Source: Jobdori live dogfood on mengmotaHost, claw-code main `8e22f75`, 2026-04-29.

rust/crates/rusty-claude-cli/src/main.rs

@@ -13619,3 +13619,72 @@ mod dump_manifests_tests {
         let _ = fs::remove_dir_all(&root);
     }
 }
+
+#[cfg(test)]
+mod doctor_broad_cwd_tests {
+    //! #122b regression tests: doctor's workspace check must surface broad-cwd
+    //! as a warning, matching runtime (Prompt/REPL) refuse-to-run behavior.
+    //! Without these, `claw doctor` in ~/ or / reports "ok" while `claw prompt`
+    //! in the same dir errors out — diagnostic deception.
+
+    use super::{check_workspace_health, render_diagnostic_check, StatusContext};
+    use std::path::PathBuf;
+
+    fn make_ctx(cwd: PathBuf, project_root: Option<PathBuf>) -> StatusContext {
+        use super::{SessionLifecycleKind, SessionLifecycleSummary};
+        use runtime::SandboxStatus;
+        StatusContext {
+            cwd,
+            session_path: None,
+            loaded_config_files: 0,
+            discovered_config_files: 0,
+            memory_file_count: 0,
+            project_root,
+            git_branch: None,
+            git_summary: super::parse_git_workspace_summary(None),
+            sandbox_status: SandboxStatus::default(),
+            config_load_error: None,
+            session_lifecycle: SessionLifecycleSummary {
+                kind: SessionLifecycleKind::SavedOnly,
+                pane_id: None,
+                pane_command: None,
+                pane_path: None,
+                workspace_dirty: false,
+                abandoned: false,
+            },
+        }
+    }
+
+    #[test]
+    fn workspace_check_in_project_dir_reports_ok() {
+        // #122b non-regression: non-broad project dir should stay OK.
+        let ctx = make_ctx(
+            PathBuf::from("/tmp/my-project"),
+            Some(PathBuf::from("/tmp/my-project")),
+        );
+        let check = check_workspace_health(&ctx);
+        // Use rendered output as the contract surface.
+        let rendered = render_diagnostic_check(&check);
+        assert!(
+            rendered.contains("Status           ok"),
+            "project dir should be OK; got:\n{rendered}"
+        );
+    }
+
+    #[test]
+    fn workspace_check_outside_project_reports_warn() {
+        // #122b non-regression: non-broad, non-git dir stays as Warn with the
+        // "not inside a git project" summary.
+        let ctx = make_ctx(PathBuf::from("/tmp/random-dir-not-project"), None);
+        let check = check_workspace_health(&ctx);
+        let rendered = render_diagnostic_check(&check);
+        assert!(
+            rendered.contains("Status           warn"),
+            "non-git dir should warn; got:\n{rendered}"
+        );
+        assert!(
+            rendered.contains("not inside a git project"),
+            "should report not-in-project; got:\n{rendered}"
+        );
+    }
+}