fix(scripts): suppress cargo noise and document CLAW_CONFIG_HOME isolation

Two gaps from Gaebal's 21:30 dogfood round: 1. cargo compile noise leaked to stderr during dogfood probes 2. real user config (~/.claw/settings.json) bled in via deprecation warnings ("enabledPlugins") even for purely local introspection Changes: - Redirect cargo build stderr to /dev/null (-q flag + 2>/dev/null) with a fallback re-run on failure so errors remain visible - Document CLAW_CONFIG_HOME isolation pattern in script output: CLAW_ISOLATED=$(mktemp -d) CLAW_CONFIG_HOME=$CLAW_ISOLATED $CLAW <cmd> --output-format json rm -rf $CLAW_ISOLATED - With isolation: zero stderr lines for plugins list probe, pure JSON stdout, no config warnings Verified: exit 0, kind:plugin, 0 stderr lines, 0 sessions created.
fix(scripts): inject GIT_SHA in dogfood-build.sh so provenance check passes
2026-05-13 17:36:44 +00:00 · 2026-05-05 06:35:56 +09:00 · 2026-05-05 06:34:29 +09:00 · 2026-05-05 06:09:11 +09:00 · 2026-05-05 05:35:50 +09:00 · 2026-05-05 05:16:00 +09:00
3 changed files with 163 additions and 6 deletions
--- a/rust/crates/commands/src/lib.rs
+++ b/rust/crates/commands/src/lib.rs
@@ -2674,10 +2674,44 @@ fn render_mcp_report_for(
                )),
            }
        }
+        Some(args) if args.split_whitespace().next() == Some("list") && args.contains(' ') => {
+            // `mcp list <filter>` — list does not accept arguments; treat as unsupported action.
+            Ok(render_mcp_unsupported_action_text(
+                args,
+                "list accepts no filter argument; use `claw mcp list`",
+            ))
+        }
+        Some(args) if matches!(args.split_whitespace().next(), Some("info" | "describe")) => {
+            Ok(render_mcp_unsupported_action_text(
+                args,
+                "use `claw mcp show <server>` to inspect a server",
+            ))
+        }
        Some(args) => Ok(render_mcp_usage(Some(args))),
    }
 }

+fn render_mcp_unsupported_action_text(action: &str, hint: &str) -> String {
+    format!(
+        "MCP\n  Error            unsupported action '{action}'\n  Hint             {hint}\n  Usage            /mcp [list|show <server>|help]"
+    )
+}
+
+fn render_mcp_unsupported_action_json(action: &str, hint: &str) -> Value {
+    json!({
+        "kind": "mcp",
+        "action": "error",
+        "ok": false,
+        "error_kind": "unsupported_action",
+        "requested_action": action,
+        "hint": hint,
+        "usage": {
+            "slash_command": "/mcp [list|show <server>|help]",
+            "direct_cli": "claw mcp [list|show <server>|help]",
+        },
+    })
+}
+
 fn render_mcp_report_json_for(
    loader: &ConfigLoader,
    cwd: &Path,
@@ -2758,6 +2792,18 @@ fn render_mcp_report_json_for(
                })),
            }
        }
+        Some(args) if args.split_whitespace().next() == Some("list") && args.contains(' ') => {
+            Ok(render_mcp_unsupported_action_json(
+                args,
+                "list accepts no filter argument; use `claw mcp list`",
+            ))
+        }
+        Some(args) if matches!(args.split_whitespace().next(), Some("info" | "describe")) => {
+            Ok(render_mcp_unsupported_action_json(
+                args,
+                "use `claw mcp show <server>` to inspect a server",
+            ))
+        }
        Some(args) => Ok(render_mcp_usage_json(Some(args))),
    }
 }
@@ -4745,6 +4791,38 @@ mod tests {
        );
    }

+    #[test]
+    fn mcp_unsupported_actions_return_typed_error_not_generic_help() {
+        // `mcp info <name>` and `mcp list <filter>` must return typed errors, not raw help.
+        // Regression for #504: these previously fell through to render_mcp_usage with
+        // unexpected=arg, giving no machine-readable error_kind.
+        use crate::handle_mcp_slash_command_json;
+        use std::path::PathBuf;
+        let cwd = PathBuf::from("/tmp");
+
+        let info_json = handle_mcp_slash_command_json(Some("info nonexistent"), &cwd)
+            .expect("info nonexistent should not error at IO level");
+        assert_eq!(info_json["kind"], "mcp");
+        assert_eq!(info_json["ok"], false);
+        assert_eq!(info_json["error_kind"], "unsupported_action");
+        assert!(info_json["hint"]
+            .as_str()
+            .unwrap_or_default()
+            .contains("show"));
+
+        let list_filter_json = handle_mcp_slash_command_json(Some("list nonexistent"), &cwd)
+            .expect("list nonexistent should not error at IO level");
+        assert_eq!(list_filter_json["kind"], "mcp");
+        assert_eq!(list_filter_json["ok"], false);
+        assert_eq!(list_filter_json["error_kind"], "unsupported_action");
+
+        let describe_json = handle_mcp_slash_command_json(Some("describe myserver"), &cwd)
+            .expect("describe myserver should not error at IO level");
+        assert_eq!(describe_json["kind"], "mcp");
+        assert_eq!(describe_json["ok"], false);
+        assert_eq!(describe_json["error_kind"], "unsupported_action");
+    }
+
    #[test]
    fn rejects_invalid_mcp_arguments() {
        let show_error = parse_error_message("/mcp show alpha beta");
--- a/rust/crates/rusty-claude-cli/src/main.rs
+++ b/rust/crates/rusty-claude-cli/src/main.rs
@@ -877,13 +877,17 @@ fn parse_args(args: &[String]) -> Result<CliAction, String> {
        // `missing Anthropic credentials` even though the command is purely
        // local introspection. Mirror `agents`/`mcp`/`skills`: action is the
        // first positional arg, target is the second.
-        "plugins" => {
+        // `plugin` (singular) and `marketplace` are aliases for `plugins`.
+        // All three must route to the same local handler so that no form
+        // falls through to the LLM/prompt path.
+        "plugins" | "plugin" | "marketplace" => {
            let tail = &rest[1..];
            let action = tail.first().cloned();
            let target = tail.get(1).cloned();
            if tail.len() > 2 {
                return Err(format!(
-                    "unexpected extra arguments after `claw plugins {}`: {}",
+                    "unexpected extra arguments after `claw {} {}`: {}",
+                    rest[0],
                    tail[..2].join(" "),
                    tail[2..].join(" ")
                ));
@@ -5103,10 +5107,17 @@ impl LiveCli {
        let cwd = env::current_dir()?;
        match output_format {
            CliOutputFormat::Text => println!("{}", handle_mcp_slash_command(args, &cwd)?),
-            CliOutputFormat::Json => println!(
-                "{}",
-                serde_json::to_string_pretty(&handle_mcp_slash_command_json(args, &cwd)?)?
-            ),
+            CliOutputFormat::Json => {
+                let value = handle_mcp_slash_command_json(args, &cwd)?;
+                // Propagate ok:false → non-zero exit so automation callers
+                // can rely on exit code instead of inspecting the envelope.
+                // (#68: mcp error envelopes previously always exited 0.)
+                let is_error = value.get("ok").and_then(|v| v.as_bool()) == Some(false);
+                println!("{}", serde_json::to_string_pretty(&value)?);
+                if is_error {
+                    std::process::exit(1);
+                }
+            }
        }
        Ok(())
    }
--- a/scripts/dogfood-build.sh
+++ b/scripts/dogfood-build.sh
@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+# dogfood-build.sh — Build claw from current checkout and verify provenance.
+#
+# Injects GIT_SHA at build time so version JSON is non-null.
+# Suppresses Cargo compile noise on stderr.
+# Prints the verified binary path on success. Use as:
+#
+#   CLAW=$(bash scripts/dogfood-build.sh)
+#
+# Then dogfood with config isolation (avoids real user config bleeding in):
+#
+#   CLAW_CONFIG_HOME=$(mktemp -d) $CLAW plugins list --output-format json
+#
+set -euo pipefail
+
+REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+RUST_DIR="$REPO_ROOT/rust"
+BINARY="$RUST_DIR/target/debug/claw"
+EXPECTED_SHA="$(git -C "$REPO_ROOT" rev-parse --short HEAD)"
+
+echo "▶ Building claw from $REPO_ROOT" >&2
+echo "  Commit: $(git -C "$REPO_ROOT" log --oneline -1)" >&2
+
+# Inject GIT_SHA so version JSON returns a non-null sha.
+# Redirect cargo stderr to /dev/null to suppress compile noise;
+# on build failure cargo exits non-zero and set -e aborts.
+if ! GIT_SHA="$EXPECTED_SHA" cargo build \
+        --manifest-path "$RUST_DIR/Cargo.toml" \
+        -p rusty-claude-cli -q 2>/dev/null; then
+    # Re-run with visible output so the user sees the error
+    echo "✗ Build failed — rerunning with output:" >&2
+    GIT_SHA="$EXPECTED_SHA" cargo build \
+        --manifest-path "$RUST_DIR/Cargo.toml" \
+        -p rusty-claude-cli 2>&1 | sed 's/^/  /' >&2
+    exit 1
+fi
+
+if [[ ! -x "$BINARY" ]]; then
+    echo "✗ Binary not found at $BINARY" >&2
+    exit 1
+fi
+
+BINARY_SHA=$("$BINARY" version --output-format json 2>/dev/null \
+    | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('git_sha') or 'null')" 2>/dev/null \
+    || echo "null")
+
+if [[ "$BINARY_SHA" == "null" || -z "$BINARY_SHA" ]]; then
+    echo "✗ Provenance check failed: binary reports git_sha: null" >&2
+    exit 1
+fi
+
+if [[ "$BINARY_SHA" != "$EXPECTED_SHA" ]]; then
+    echo "✗ Provenance mismatch: binary=$BINARY_SHA, HEAD=$EXPECTED_SHA" >&2
+    exit 1
+fi
+
+echo "✓ Binary verified: $BINARY_SHA == HEAD" >&2
+echo "" >&2
+echo "  export CLAW=$BINARY" >&2
+echo "" >&2
+echo "  Dogfood with isolated config (no real user config on stderr):" >&2
+echo "    CLAW_ISOLATED=\$(mktemp -d)" >&2
+echo "    CLAW_CONFIG_HOME=\$CLAW_ISOLATED \$CLAW plugins list --output-format json" >&2
+echo "    rm -rf \$CLAW_ISOLATED" >&2
+echo "" >&2
+echo "  cargo run overhead: ~1s/invocation vs 7ms for pre-built binary." >&2
+echo "  Prefer pre-built binary (\$CLAW) for dogfood loops." >&2
+echo "$BINARY"
Author	SHA1	Message	Date
YeonGyu-Kim	72cdab877f	fix(scripts): suppress cargo noise and document CLAW_CONFIG_HOME isolation Two gaps from Gaebal's 21:30 dogfood round: 1. cargo compile noise leaked to stderr during dogfood probes 2. real user config (~/.claw/settings.json) bled in via deprecation warnings ("enabledPlugins") even for purely local introspection Changes: - Redirect cargo build stderr to /dev/null (-q flag + 2>/dev/null) with a fallback re-run on failure so errors remain visible - Document CLAW_CONFIG_HOME isolation pattern in script output: CLAW_ISOLATED=$(mktemp -d) CLAW_CONFIG_HOME=$CLAW_ISOLATED $CLAW <cmd> --output-format json rm -rf $CLAW_ISOLATED - With isolation: zero stderr lines for plugins list probe, pure JSON stdout, no config warnings Verified: exit 0, kind:plugin, 0 stderr lines, 0 sessions created.	2026-05-05 06:35:56 +09:00
YeonGyu-Kim	dbb1423164	fix(scripts): inject GIT_SHA in dogfood-build.sh so provenance check passes cargo build without GIT_SHA env var → option_env!("GIT_SHA") = None → version JSON returns git_sha:null → dogfood-build.sh fails its own provenance check every time. Fix: pass GIT_SHA=$(git rev-parse --short HEAD) to cargo build. The script now: 1. Sets GIT_SHA to current HEAD before cargo build 2. Reads git_sha from the built binary 3. Compares against HEAD — fails if still null or mismatched Also adds latency note: cargo run = ~1s overhead/invocation vs 7ms for pre-built binary; pre-built is recommended for dogfood loops. Closes the broken provenance check introduced in the initial dogfood-build.sh commit.	2026-05-05 06:34:29 +09:00
YeonGyu-Kim	d074d1c046	fix(mcp): exit 1 when JSON envelope contains ok:false (#2995 ) * fix(mcp): exit 1 when JSON envelope contains ok:false mcp info, mcp describe, and mcp list-filter all return {"action":"error","ok":false,...} but previously exited 0, requiring automation callers to inspect the envelope field. After this fix: print_mcp detects ok:false in the rendered JSON value and calls process::exit(1) after printing, so the exit code reflects the semantic error in the envelope. Unaffected: mcp list, mcp show, mcp help all have no ok field and continue to exit 0 (they are not error paths). Closes ROADMAP #68 (partial — agents bogus/mcp show nonexistent found:false remain exit:0 as they use different envelope shapes). * feat(scripts): add dogfood-build.sh — build from checkout and verify provenance Builds claw from the current HEAD, then checks that the binary's git_sha matches git rev-parse --short HEAD. Exits non-zero if the binary is stale or provenance is opaque (git_sha: null). Usage: CLAW=$(bash scripts/dogfood-build.sh) # fail-fast if stale $CLAW version --output-format json # provenance confirmed Addresses ROADMAP #69: dogfooders using a stale installed binary cannot attribute behavior to specific commits. This script makes dogfood round zero unambiguous. Also documents the safe workaround for contributors who have a stale system-installed binary.	2026-05-05 06:09:11 +09:00
YeonGyu-Kim	caeac828b5	fix(permissions): return guidance for multi-word forms instead of falling through to LLM (#2994 ) claw permissions list / claw permissions allow <tool> / claw permissions deny <tool> all fell through to the prompt/LLM path because parse_subcommand had no arm for "permissions". The single-word bare form was already intercepted by bare_slash_command_guidance, but any form with rest.len() > 1 bypassed the single-word guard and landed in the _other => CliAction::Prompt branch. Fix: add a "permissions" arm in parse_subcommand that returns a structured guidance Err so all multi-word forms get the same exit:1 + JSON error as the bare single-word form, without any LLM call or session creation. Verified: all invocation forms (bare, list, read-only, workspace-write, allow/deny <tool>) exit 1 with kind:unknown guidance JSON. Zero sessions.	2026-05-05 05:35:50 +09:00
YeonGyu-Kim	85435ad4b5	fix(plugins): route plugin and marketplace aliases through local handler (#2993 ) claw plugin list / claw marketplace / claw marketplace list all fell through to the prompt/LLM path because parse_subcommand only matched "plugins" (the primary name) while the canonical spec aliases "plugin" and "marketplace" were unhandled. This manifested as auth errors and session creation on direct invocation — dogfood confirmed Gaebal's binary created one session via plugin prompt fallback. Fix: extend the plugins arm in parse_subcommand to also match "plugin" \| "marketplace" so all three forms route to the same CliAction::Plugins without network calls or session creation. Verified: all six forms (bare + list subcommand for each name) return kind:plugin JSON, exit 0, and create zero sessions. Closes ROADMAP #55 partial (plugins/marketplace bypass complete).	2026-05-05 05:16:00 +09:00
YeonGyu-Kim	5eb4b8a944	fix(mcp): return typed error JSON for unsupported actions (info/describe/list-filter) (#2989 ) `claw mcp info nonexistent --output-format json` and `claw mcp list nonexistent --output-format json` fell through to the generic help renderer, returning an opaque envelope with only `unexpected` set — no machine-readable error_kind. Fix: - Add typed guards in render_mcp_report_for/_json_for for: - `list <filter>`: list accepts no filter argument - `info <name>` / `describe <name>`: suggest `mcp show` - New render_mcp_unsupported_action_text/json helpers emit `ok:false`, `error_kind:"unsupported_action"`, `hint`, `requested_action` - `mcp show`, `mcp list`, `mcp help` existing paths unchanged Test: mcp_unsupported_actions_return_typed_error_not_generic_help asserts kind=="mcp", ok==false, error_kind=="unsupported_action" for info/list-filter/describe paths. Pinpoint: ROADMAP #504	2026-05-05 05:13:07 +09:00