docs(roadmap): add #460 — bare_slash_command_guidance lookup misses spec.aliases; claw yes/no/cwd/marketplace burn billable tokens with provider keys; claw skill/y/n give nonsense did-you-mean

2026-05-24 14:36:44 +00:00 · 2026-05-24 10:34:45 +00:00
1 changed files with 36 additions and 0 deletions
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -6428,3 +6428,39 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed)


 450. **`prompt` emits `kind:"missing_credentials"` JSON on STDERR (not stdout), leaving stdout at 0 bytes — automation pattern `output=$(claw prompt hello --output-format json)` captures nothing on auth-absent failure; `doctor` correctly surfaces `auth.status:"warn"` with `api_key_present:false` but exposes no `prompt_ready:false` field that automation can check before invoking `prompt`** — dogfooded 2026-05-16 by Jobdori on `a35ee9a0` in response to Clawhip pinpoint nudge at `1505208225321062521`. Exact reproduction (isolated env, no creds, fresh git repo, HEAD `a35ee9a0`): `timeout 5 env -i HOME=$ISOLATED_HOME PATH=$PATH CLAW_CONFIG_HOME=$PROBE/.claw-cfg claw prompt hello --output-format json > stdout.txt 2> stderr.txt` → stdout = **0 bytes**, stderr = 195 bytes containing `{"error":"missing Anthropic credentials…","exit_code":1,"hint":null,"kind":"missing_credentials","type":"error"}`, exit code 1. Confirms Gaebal's `1505208553793781792` pinpoint that `prompt` timeout + zero bytes was the prior state — HEAD `a35ee9a0` now correctly exits 1 with `kind:"missing_credentials"` **but the envelope is still routed to stderr** (issue #447 class, same class as prior entries #422, #435). **Contrast with `doctor`:** `claw doctor --output-format json 2>/dev/null` succeeds to stdout with `checks[auth].status:"warn"`, `api_key_present:false`, `auth_token_present:false` — but the auth check has no `prompt_ready:false` field. Automation that gates on `doctor` before invoking `prompt` must re-derive readiness from `api_key_present && auth_token_present` — there is no single canonical boolean. **Three compound problems:** (a) **stdout-empty on `--output-format json` failure**: same class as #447; `prompt`'s error envelope goes to stderr, not stdout. The canonical automation idiom `if ! result=$(claw prompt "q" --output-format json); then echo "$result" | jq .kind; fi` sees `$result=""` on failure — the jq call gets nothing. All `--output-format json` error paths must route JSON to stdout per #447 contract; (b) **`doctor` missing `prompt_ready` field**: `doctor --output-format json` already knows auth is absent (`api_key_present:false`) but surfaces no derived `prompt_ready:bool` or `prompt_blocked_reason:string` field. Automation must infer readiness from `api_key_present || auth_token_present || legacy_*_present` — a 5-field OR across legacy fields that is fragile as auth mechanisms evolve. A single `prompt_ready:false` (with `prompt_blocked_reason:"auth_missing"`) inside the `auth` check would give downstream a stable contract; (c) **`claw prompt` with no auth does no preflight and fires straight at the API**: the preflight check that `doctor` runs (auth discovery) is not reused by `prompt` to emit a fast typed error before attempting the network call. Both Gaebal's pinpoint (prompt hanging silently on older HEAD) and the current behavior (prompt hitting auth gate after a brief API attempt) stem from the same root: prompt does not short-circuit at the point where `doctor` already knows auth is absent. If `doctor` can emit `kind:"doctor"` with `auth.status:"warn"` in ~20ms without a network call, `prompt` should emit `kind:"missing_credentials"` in the same window and output it to stdout. **Required fix shape:** (a) `prompt --output-format json` must write the `kind:"missing_credentials"` JSON envelope to **stdout**, not stderr — same fix as #447 for all error envelopes; (b) add `prompt_ready:bool` and `prompt_blocked_reason:string|null` to the `auth` check in `doctor --output-format json`; derive it as `api_key_present || auth_token_present || legacy_saved_oauth_present`; (c) `prompt` must run the credential preflight check (same codepath as doctor's auth check) before attempting any API call and emit `{"kind":"missing_credentials","prompt_blocked_reason":"auth_missing"}` on **stdout** with exit 1 if the check fails; (d) `--output-format json` stdout routing fix must cover: `prompt`, `session list` (cross-ref #449), `skills uninstall` (cross-ref #431), `resume` (cross-ref #435), `acp serve` (cross-ref #443) — the full `kind:"missing_credentials"` class; (e) regression test: `claw prompt hello --output-format json` with no creds writes JSON to stdout (0 bytes stderr), exits 1, `kind:"missing_credentials"`, in under 200ms (no network attempt). **Why this matters:** `prompt` is the primary consumer entry point. Auth-absent failure routing to stderr breaks every automation wrapper that captures `$(claw prompt ... --output-format json)`. The `doctor` preflight metadata gap means auth-readiness checks require parsing 5 legacy fields instead of reading one boolean. Cross-references #447 (all JSON error envelopes on stderr), #449 (session list hits auth gate), #431 (skills uninstall hits auth gate), #357 (auth gate on local ops cluster), #422 (exit-code parity). Source: Jobdori live dogfood, `a35ee9a0`, 2026-05-16.
+
+460. **`bare_slash_command_guidance` looks up the bare-verb argument against `slash_command_specs().iter().find(|spec| spec.name == command_name)` but never checks `spec.aliases`, so every documented slash-command alias — `skill` (alias of `/skills`), `marketplace` (alias of `/plugin`), `yes`/`y` (aliases of `/approve`), `no`/`n` (aliases of `/deny`), `cwd` (alias of `/workspace`), `plugins` (alias of `/plugin`) — fails the alias lookup and falls into either (a) the "Did you mean" typo path with nonsensical adjacent-prefix suggestions, or (b) the silent fallthrough to LLM Prompt dispatch that demands credentials and burns billable tokens. The canonical names (`skills`, `plugin`, `approve`, `deny`, `workspace`) correctly emit `"\`claw <verb>\` is a slash command. … run \`/<verb>\` inside the REPL."` guidance** — dogfooded 2026-05-24 for the 10:30 Clawhip pinpoint nudge at message `1508054486134947951`, reproduced on local `./rust/target/debug/claw` `git_sha 003b739d` (origin/main `f8e1bb72`). Triage matrix in clean isolated env (`HOME=/tmp/iso11/home`, fresh `/tmp/iso11/proj` git-init, `claw <verb> --output-format json </dev/null`):
+
+    | Verb | Spec relationship | Expected | Actual | Bug class |
+    |---|---|---|---|---|
+    | `skills` | spec name | `is a slash command. /skills` | ✅ correct | — |
+    | `skill` | alias of `/skills` | `is a slash command. /skills` | ❌ `unknown subcommand. Did you mean skills` | wrong guidance class |
+    | `plugin` | spec name | `is a slash command. /plugin` | ✅ correct | — |
+    | `plugins` | alias of `/plugin` | `is a slash command. /plugin` | ✅ correct (CliAction::Status returned — `plugins` matches a DIFFERENT command branch first) | masked by other dispatch |
+    | `marketplace` | alias of `/plugin` | `is a slash command. /plugin` | ❌ **`missing_credentials`** — billable token burn | silent LLM fallthrough |
+    | `approve` | spec name | `is a slash command. /approve` | ✅ correct | — |
+    | `yes` | alias of `/approve` | `is a slash command. /approve` | ❌ **`missing_credentials`** — billable token burn | silent LLM fallthrough |
+    | `y` | alias of `/approve` | `is a slash command. /approve` | ❌ `unknown subcommand. Did you mean system-prompt` | nonsense suggestion |
+    | `deny` | spec name | `is a slash command. /deny` | ✅ correct | — |
+    | `no` | alias of `/deny` | `is a slash command. /deny` | ❌ **`missing_credentials`** — billable token burn | silent LLM fallthrough |
+    | `n` | alias of `/deny` | `is a slash command. /deny` | ❌ `unknown subcommand. Did you mean init, agents, sandbox` | nonsense suggestion |
+    | `workspace` | spec name | `is a slash command. /workspace` | ✅ correct | — |
+    | `cwd` | alias of `/workspace` | `is a slash command. /workspace` | ❌ **`missing_credentials`** — billable token burn | silent LLM fallthrough |
+
+    **Root cause (traced):** `rust/crates/rusty-claude-cli/src/main.rs:1135-1137` (the entire alias-blind lookup):
+
+    ```rust
+    fn bare_slash_command_guidance(command_name: &str) -> Option<String> {
+        if matches!(command_name, "dump-manifests" | "bootstrap-plan" | "agents" | "mcp"
+                                 | "skills" | "system-prompt" | "init" | "prompt" | "export") {
+            return None;
+        }
+        let slash_command = slash_command_specs()
+            .iter()
+            .find(|spec| spec.name == command_name)?;  // ← only checks spec.name
+        let guidance = if slash_command.resume_supported { … } else { … };
+        Some(guidance)
+    }
+    ```
+
+    Five-line fix: change `spec.name == command_name` to `spec.name == command_name || spec.aliases.contains(&command_name)`, and use `spec.name` (not `command_name`) when formatting the guidance string so the suggestion always points at the canonical command. Source spec data already exists in `rust/crates/commands/src/lib.rs` — line 248 (`SlashCommandSpec { name: "skills", aliases: &["skill"], … }`), line 232 (`name: "plugin", aliases: &["plugins", "marketplace"]`), line 535 (`name: "approve", aliases: &["yes", "y"]`), line 542 (`name: "deny", aliases: &["no", "n"]`), line 689 (`name: "workspace", aliases: &["cwd"]`). The data is correct; only the lookup helper is wrong. **Why distinct from #119, #127, #117, #108:** #119 covers `claw hooks --help` (bare verb + extra-arg → billable) — `rest.len() != 1` gating. #127 covers `claw <verb> <ANY-EXTRA-ARG>` falling through to Prompt for diagnostic verbs (`doctor`, `status`, `sandbox`) — also extra-arg corruption. #117 covers `-p` greedy positional swallow. #108 covers subcommand typos falling through (`claw doctorr`). **None of these cover slash-command ALIAS lookup failing the canonical-name comparison.** The bug here is even worse than #108: in #108 the unknown verb is genuinely unknown to the system; in #460 the verb IS known (it's a documented alias listed in `--help` as `aliases: /yes, /y` for `/approve`) but the lookup helper for the bare-verb-on-CLI path doesn't consult the alias field. So **the system silently disagrees with itself**: `--help` advertises `/yes` as a valid approval slash command, but `claw yes` (the obvious "use that command from CLI" attempt) burns LLM tokens with no warning. **Why this matters:** (1) **`claw yes`, `claw no`, `claw cwd`, `claw marketplace` burn billable tokens with provider keys configured.** Same silent-token-burn pathology as #108 and #117, but specifically for documented slash-command aliases. (2) **`/help` output explicitly advertises these aliases:** `/skills [list|install <path>|help|<skill> [args]]  List, install, or invoke available skills (aliases: /skill)` — and `/approve  Approve a pending tool execution (aliases: /yes, /y)` and `/deny  Deny a pending tool execution (aliases: /no, /n)`. A user reads `--help`, sees `/yes` exists, types `claw yes` to try the CLI invocation, and gets a credentials error or token burn. **Documentation contract violated.** (3) **The "did you mean" suggestions for the alias-fallthrough cases (`y`/`n`) are nonsense.** `claw y` suggests `system-prompt` (no relationship). `claw n` suggests `init, agents, sandbox` (no relationship). The levenshtein-style ranker is matching prefix/substring with no understanding that `y` is an `/approve` alias. (4) **System self-inconsistency:** REPL slash dispatch correctly resolves `/skill → /skills` via the alias field at `commands/src/lib.rs:248`. Tab-completion (`slash_command_completion_candidates_with_sessions` at `main.rs:8256-8267`) correctly enumerates aliases. Only the **CLI bare-verb-to-slash-guidance helper** misses the alias field — the singular violator in a system that otherwise honors aliases consistently. (5) **`marketplace` is the worst case:** it's neither a typo of any subcommand nor a common shell word — it's specifically a documented `/plugin` alias, and `claw marketplace` is exactly what someone exploring "is there a marketplace command?" would type. Silent token burn with provider keys. **Required fix shape:** (a) **At `main.rs:1135`, extend the lookup:** `slash_command_specs().iter().find(|spec| spec.name == command_name || spec.aliases.contains(&command_name))`. (b) **When formatting the guidance string**, use `spec.name` for the `/<canonical>` suggestion (not the alias), so users are pointed at the canonical form: `"\`claw yes\` is a slash command. Start \`claw\` and run \`/approve\` inside the REPL."`. (c) **Optionally include the alias in the message** for clarity: `"\`claw yes\` is the \`/approve\` slash command alias. Start \`claw\` and run \`/approve\` inside the REPL."`. (d) **Add a `claw doctor` self-check** that enumerates `slash_command_specs()`, walks every `aliases[]` entry, and asserts that `bare_slash_command_guidance(alias)` returns `Some(_)` for each. This is a one-loop regression catch that prevents future alias additions from silently regressing. (e) **Regression coverage**: matrix table above as a parameterized test — for each row marked ❌, assert the actual response includes `"is a slash command"` and references the canonical command name. **Acceptance check (one-liner):** `for v in skill marketplace yes y no n cwd; do out=$(claw $v --output-format json </dev/null 2>&1 | head -1); echo "$out" | grep -q 'is a slash command' || echo "MISS: $v → $out"; done` should print no MISS lines. Source: gaebal-gajae dogfood follow-up for the 2026-05-24 10:30 Clawhip pinpoint nudge at message `1508054486134947951`.