mirror of
https://github.com/instructkr/claude-code.git
synced 2026-05-26 15:36:46 +00:00
Compare commits
1 Commits
docs/roadm
...
docs/roadm
| Author | SHA1 | Date | |
|---|---|---|---|
|
536295d0e4 |
69
ROADMAP.md
69
ROADMAP.md
@@ -6429,33 +6429,62 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed)
|
||||
|
||||
450. **`prompt` emits `kind:"missing_credentials"` JSON on STDERR (not stdout), leaving stdout at 0 bytes — automation pattern `output=$(claw prompt hello --output-format json)` captures nothing on auth-absent failure; `doctor` correctly surfaces `auth.status:"warn"` with `api_key_present:false` but exposes no `prompt_ready:false` field that automation can check before invoking `prompt`** — dogfooded 2026-05-16 by Jobdori on `a35ee9a0` in response to Clawhip pinpoint nudge at `1505208225321062521`. Exact reproduction (isolated env, no creds, fresh git repo, HEAD `a35ee9a0`): `timeout 5 env -i HOME=$ISOLATED_HOME PATH=$PATH CLAW_CONFIG_HOME=$PROBE/.claw-cfg claw prompt hello --output-format json > stdout.txt 2> stderr.txt` → stdout = **0 bytes**, stderr = 195 bytes containing `{"error":"missing Anthropic credentials…","exit_code":1,"hint":null,"kind":"missing_credentials","type":"error"}`, exit code 1. Confirms Gaebal's `1505208553793781792` pinpoint that `prompt` timeout + zero bytes was the prior state — HEAD `a35ee9a0` now correctly exits 1 with `kind:"missing_credentials"` **but the envelope is still routed to stderr** (issue #447 class, same class as prior entries #422, #435). **Contrast with `doctor`:** `claw doctor --output-format json 2>/dev/null` succeeds to stdout with `checks[auth].status:"warn"`, `api_key_present:false`, `auth_token_present:false` — but the auth check has no `prompt_ready:false` field. Automation that gates on `doctor` before invoking `prompt` must re-derive readiness from `api_key_present && auth_token_present` — there is no single canonical boolean. **Three compound problems:** (a) **stdout-empty on `--output-format json` failure**: same class as #447; `prompt`'s error envelope goes to stderr, not stdout. The canonical automation idiom `if ! result=$(claw prompt "q" --output-format json); then echo "$result" | jq .kind; fi` sees `$result=""` on failure — the jq call gets nothing. All `--output-format json` error paths must route JSON to stdout per #447 contract; (b) **`doctor` missing `prompt_ready` field**: `doctor --output-format json` already knows auth is absent (`api_key_present:false`) but surfaces no derived `prompt_ready:bool` or `prompt_blocked_reason:string` field. Automation must infer readiness from `api_key_present || auth_token_present || legacy_*_present` — a 5-field OR across legacy fields that is fragile as auth mechanisms evolve. A single `prompt_ready:false` (with `prompt_blocked_reason:"auth_missing"`) inside the `auth` check would give downstream a stable contract; (c) **`claw prompt` with no auth does no preflight and fires straight at the API**: the preflight check that `doctor` runs (auth discovery) is not reused by `prompt` to emit a fast typed error before attempting the network call. Both Gaebal's pinpoint (prompt hanging silently on older HEAD) and the current behavior (prompt hitting auth gate after a brief API attempt) stem from the same root: prompt does not short-circuit at the point where `doctor` already knows auth is absent. If `doctor` can emit `kind:"doctor"` with `auth.status:"warn"` in ~20ms without a network call, `prompt` should emit `kind:"missing_credentials"` in the same window and output it to stdout. **Required fix shape:** (a) `prompt --output-format json` must write the `kind:"missing_credentials"` JSON envelope to **stdout**, not stderr — same fix as #447 for all error envelopes; (b) add `prompt_ready:bool` and `prompt_blocked_reason:string|null` to the `auth` check in `doctor --output-format json`; derive it as `api_key_present || auth_token_present || legacy_saved_oauth_present`; (c) `prompt` must run the credential preflight check (same codepath as doctor's auth check) before attempting any API call and emit `{"kind":"missing_credentials","prompt_blocked_reason":"auth_missing"}` on **stdout** with exit 1 if the check fails; (d) `--output-format json` stdout routing fix must cover: `prompt`, `session list` (cross-ref #449), `skills uninstall` (cross-ref #431), `resume` (cross-ref #435), `acp serve` (cross-ref #443) — the full `kind:"missing_credentials"` class; (e) regression test: `claw prompt hello --output-format json` with no creds writes JSON to stdout (0 bytes stderr), exits 1, `kind:"missing_credentials"`, in under 200ms (no network attempt). **Why this matters:** `prompt` is the primary consumer entry point. Auth-absent failure routing to stderr breaks every automation wrapper that captures `$(claw prompt ... --output-format json)`. The `doctor` preflight metadata gap means auth-readiness checks require parsing 5 legacy fields instead of reading one boolean. Cross-references #447 (all JSON error envelopes on stderr), #449 (session list hits auth gate), #431 (skills uninstall hits auth gate), #357 (auth gate on local ops cluster), #422 (exit-code parity). Source: Jobdori live dogfood, `a35ee9a0`, 2026-05-16.
|
||||
|
||||
683. **Top-level `sandbox --help --output-format json` exits successfully but emits plain text help instead of JSON, so automation cannot discover sandbox isolation semantics without scraping prose** — dogfooded 2026-05-24 for the 21:00 Clawhip nudge at message `1508213026480849056`, reproduced on local `./rust/target/debug/claw` `git_sha 003b739d` (origin/main `f8e1bb72`) in a clean isolated env. This continues the command-help JSON parity audit while avoiding already-filed #356 (`status --help --output-format json`) and #357 (`doctor --help --output-format json`).
|
||||
|
||||
Reproduction:
|
||||
463. **Removed subcommands (`claw login`, `claw logout`) emit a hard-coded error sentinel that `classify_error_kind` then mis-buckets as `kind: "unknown"` instead of a typed `removed_subcommand` (or equivalent) kind, AND the `hint` field is `null` while the actual hint (`Set ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN instead`) is jammed into the same single-line `error` string — so a CI claw that branches on `kind` cannot distinguish "you typed a removed command" from "we have no idea what happened," and a claw that reads `hint` to suggest remediation gets `null` even though the remediation text exists verbatim in the same envelope** — dogfooded 2026-05-24 for the 13:30 Clawhip pinpoint nudge at message `1508099780230906027`, reproduced on local `./rust/target/debug/claw` `git_sha 003b739d` (origin/main `f8e1bb72`). Live envelope from clean isolated env (`HOME=/tmp/iso19/home`, fresh `/tmp/iso19/proj` git init):
|
||||
|
||||
```bash
|
||||
$ env -i HOME=/tmp/iso34/home PATH=/usr/bin:/bin TERM=dumb \
|
||||
claw sandbox --help --output-format json
|
||||
Sandbox
|
||||
Usage claw sandbox [--output-format <format>]
|
||||
Purpose inspect the resolved sandbox and isolation state for the current directory
|
||||
Output namespace, network, filesystem, and fallback details
|
||||
Formats text (default), json
|
||||
Related /sandbox · claw status
|
||||
# exit 0, stderr empty, stdout is not JSON
|
||||
$ env -i HOME=/tmp/iso19/home PATH=/usr/bin:/bin TERM=dumb claw login --output-format json
|
||||
{"error":"`claw login` has been removed. Set ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN instead.","hint":null,"kind":"unknown","type":"error"}
|
||||
|
||||
$ env -i HOME=/tmp/iso19/home PATH=/usr/bin:/bin TERM=dumb claw logout --output-format json
|
||||
{"error":"`claw logout` has been removed. Set ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN instead.","hint":null,"kind":"unknown","type":"error"}
|
||||
```
|
||||
|
||||
In the same clean environment, the normal command is machine-readable:
|
||||
Cross-input comparison (the classifier triple-inconsistency):
|
||||
|
||||
```bash
|
||||
claw sandbox --output-format json
|
||||
# => {"kind":"sandbox", ...}
|
||||
| Input | exit | `kind` | `hint` | What actually happened |
|
||||
|---|---|---|---|---|
|
||||
| `xyznotreal` (truly unknown) | 1 | `missing_credentials` | null | **Fell through to LLM-prompt path, billed-token risk** (covered by #108) |
|
||||
| `totally-fake-cmd` | 1 | `missing_credentials` | null | Same fallthrough as above |
|
||||
| `login` (removed) | 1 | **`unknown`** | **null** | Intercepted (good), wrong-kinded + hint discarded (this pinpoint) |
|
||||
| `logout` (removed) | 1 | **`unknown`** | **null** | Same as login |
|
||||
| `plugins` (formerly #78) | 0 | (works now) | — | Pre-grep confirmed #78 has been wired |
|
||||
|
||||
**Root cause traced:** `rust/crates/rusty-claude-cli/src/main.rs:951` returns the sentinel string from `removed_auth_surface_error()`:
|
||||
|
||||
```rust
|
||||
"login" | "logout" => Err(removed_auth_surface_error(rest[0].as_str())),
|
||||
```
|
||||
|
||||
And global flag order is not the issue: corrected argv probes confirm both `claw sandbox --output-format json` and `claw --output-format json sandbox` work. The failure is specifically the help path accepting `--output-format json` while rendering text.
|
||||
Where `removed_auth_surface_error` at `main.rs:1150-1154` is:
|
||||
|
||||
**Why distinct from existing items:** #356 covers `status --help --output-format json` returning plain text. #357 covers `doctor --help --output-format json` returning plain text. #325 covers top-level `help --output-format json` being prose wrapped in JSON. #683 is the sandbox command's own help path: it returns no JSON envelope at all even though `sandbox` is a core preflight/isolation control-plane surface and its non-help JSON command already exists. It is also distinct from #381/cache and #358/#380 cost/tokens hangs: sandbox help returns promptly, but ignores the requested machine format.
|
||||
```rust
|
||||
fn removed_auth_surface_error(command_name: &str) -> String {
|
||||
format!(
|
||||
"`claw {command_name}` has been removed. Set ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN instead."
|
||||
)
|
||||
}
|
||||
```
|
||||
|
||||
**Why this matters:** (1) Sandbox state gates whether a claw can safely run filesystem/network actions; the help surface is where automation learns the fields and related slash command. (2) Returning plain text with exit 0 after `--output-format json` forces claws to parse human alignment columns or special-case sandbox help. (3) This weakens the preflight contract: `sandbox` itself is machine-readable, but the discovery path for its schema/options is not. (4) The bug likely shares the same help-rendering branch as status/doctor, but sandbox needs its own regression because the command-specific help body and accepted options differ.
|
||||
The single-line string then flows through `classify_error_kind` at `main.rs:253-286`:
|
||||
|
||||
**Required fix shape:** (a) Make `sandbox --help --output-format json` emit valid stdout JSON such as `{kind:"help", command:"sandbox", action:"help", usage:"claw sandbox [--output-format <format>]", purpose:"...", output_fields:[...], formats:["text","json"], related:["/sandbox","claw status"]}`. (b) Preserve the current aligned text only for text/default mode. (c) Add a `format:"json"` or schema/version field so callers can assert the help contract without parsing prose. (d) Add regression coverage proving sandbox help with JSON format parses as JSON and that normal `sandbox --output-format json` remains unchanged. (e) Consider sharing the fix with status/doctor (#356/#357), but keep sandbox covered explicitly to prevent partial help parity. **Acceptance check:** `claw sandbox --help --output-format json | jq -e '.kind == "help" and .command == "sandbox" and (.formats | index("json"))'` should pass; currently `jq` fails immediately because stdout begins with `Sandbox`. Source: gaebal-gajae dogfood for the 2026-05-24 21:00 Clawhip nudge. Coordination note: avoided Jobdori #680/session-sort, #681/#682 help-success mutation cluster, and existing help JSON items #325/#356/#357/#358/#380/#381; filed a fresh sandbox-specific preflight help parity gap.
|
||||
```rust
|
||||
fn classify_error_kind(message: &str) -> &'static str {
|
||||
if message.contains("missing Anthropic credentials") { "missing_credentials" }
|
||||
else if message.contains("Manifest source files are missing") { "missing_manifests" }
|
||||
// ... 11 more specific patterns ...
|
||||
else { "unknown" }
|
||||
}
|
||||
```
|
||||
|
||||
The classifier has 13 explicit kinds; `has been removed` matches none → falls to `"unknown"`. And `split_error_hint` at `main.rs:290-295` splits on `\n` only — since the sentinel is one line, `hint` is always `None` even though everything after the first sentence IS the hint.
|
||||
|
||||
**Verification grep:** `grep -nE 'removed_subcommand|"removed"' rust/crates/rusty-claude-cli/src/main.rs` returns zero hits. The only test coverage for the removed subcommands is `main.rs:11793-11794`:
|
||||
|
||||
```rust
|
||||
assert!(!help.contains("claw login"));
|
||||
assert!(!help.contains("claw logout"));
|
||||
```
|
||||
|
||||
Both assertions test `--help` text negative-presence only. No test asserts the error-envelope shape on actual `claw login` / `claw logout` invocation.
|
||||
|
||||
**Why distinct from existing items:** ROADMAP **#37** (DONE) covered the removal POLICY (Claude-subscription login flow taken out, OAuth fallback ignored, slash commands removed, docs updated). #37 explicitly does NOT discuss the *error envelope shape* of the sentinel — only that the surface is removed. ROADMAP **#108** covers truly-unknown subcommand typos falling through to LLM-prompt dispatch with `kind:missing_credentials` — different code path (`_other => CliAction::Prompt`), different misclassification, different fix. ROADMAP **#109** covers config-loader warnings flattened to stderr prose (loader-side prose-vs-structure gap). ROADMAP **#77** introduced `classify_error_kind` and `split_error_hint` (the very functions this entry pinpoints) — and added 13 specific kinds for THEN-existing error sentinels, but the `removed_auth_surface_error` sentinel added under #37 was never registered with the classifier #77 built. **None** of these existing entries address the specific "removed subcommand sentinel + classifier inconsistency + hint field discarded" triple. **Why this matters:** (1) **CI fingerprinting breakage.** A claw that runs `if claw $cmd --output-format json | jq -e '.kind == "unknown"'` to decide "unrecoverable, escalate to human" treats `claw login` typos identically to genuine internal errors — bad escalation triage. A claw that branches on `kind == "removed_subcommand"` for a graceful migration prompt has no way to distinguish today. (2) **Hint field discarded** is the same anti-pattern as `build_date` (#462), `memory_files[]` (#459), `missing_credentials.hint` (#455), `init.artifacts[]` (#79), `status.panes[]` (#326), `version.build_date` (#462). The structured field exists, the data exists, the wiring is one line, the envelope drops it. (3) **Classifier completeness debt.** The `classify_error_kind` function is the authoritative `kind` taxonomy. Every new error sentinel added anywhere in the codebase must register here or fall to `"unknown"`. There is no compile-time check enforcing this. A grep against new `Err(format!(...))` and `Err("...".into())` sites would surface the gap. **#37 + #77 is the first known instance of the orphan-sentinel pattern;** the same drift likely affects newer sentinels too (e.g., ACP unsupported invocation, MCP unsupported config-key, etc. — none verified yet, but worth a sweep). (4) **Asymmetric remediation guidance.** The error string DOES contain the remediation. A human reading prose sees it. A machine reading the dedicated `hint` field gets `null`. The information exists; the envelope just discards it. **Required fix shape:** (a) **Introduce structured sentinel emission for removed subcommands.** Replace `Err(removed_auth_surface_error(...))` at `main.rs:951` with a typed error variant carrying `kind: RemovedSubcommand { name, replacement_env_vars: Vec<&str> }` so the JSON layer can serialize a structured `{"kind": "removed_subcommand", "subcommand": "login", "replacement": "Set ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN instead.", "hint": "Set ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN instead.", ...}` envelope without relying on string-contains classification. (b) **Add `"removed_subcommand"` to `classify_error_kind` taxonomy** as a defensive fallback for any other code path that may surface the sentinel as a String; key on `"has been removed"` substring. (c) **Make `removed_auth_surface_error` emit a two-line string** with the actionable advice on line 2 so `split_error_hint` populates `hint` non-null even on the string-only path. (d) **Add envelope-shape regression tests:** `output_format_contract.rs` should assert `claw login --output-format json` produces `{"kind": "removed_subcommand", "hint": <non-null string>, ...}` and `claw logout --output-format json` mirrors it; current asserts only test `--help` text. (e) **Sweep for other orphan sentinels.** Run `grep -rnE 'Err\(format!|Err\("' rust/crates/rusty-claude-cli/src/` and cross-check every match against `classify_error_kind` — file follow-up entries for any sentinel that lands in `"unknown"`. **Acceptance check (one-liner):** `claw login --output-format json 2>&1 | jq -e '.kind == "removed_subcommand" and (.hint | type == "string")'` should print `true` (currently `.kind == "unknown"` and `.hint == null` → exit 1). Source: gaebal-gajae dogfood for the 2026-05-24 13:30 Clawhip pinpoint nudge at message `1508099780230906027`. Pre-grep gate filtered 9 hypotheses down to 3 fresh (E=login/logout envelope, F=CLAW_CONFIG_HOME validation, G=skills empty envelope); F deferred to a later tick because it spans 5 distinct silent-failure modes that warrant their own consolidated entry; G confirmed working correctly (no pinpoint). E selected as the tightest single-function fix with the most concrete CI-impact angle.
|
||||
|
||||
Reference in New Issue
Block a user