docs(roadmap): add #786 installed binary provenance gap

ROADMAP.md

@@ -7759,3 +7759,4 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed)
 795. **`claw skills install /nonexistent` returned `skill_not_found + hint:null` and `claw skills uninstall x` returned `unsupported_skills_action + hint:null`** — dogfooded 2026-05-27 on `491f179a`. Both error kinds were missing from `fallback_hint_for_error_kind` table, so even though classify returned a typed kind, the hint field was always null. Fix: added `"skill_not_found"` → hint suggesting `claw skills list` / `claw skills install`; added `"unsupported_skills_action"` → hint listing supported actions. Integration test `skills_install_not_found_and_unsupported_action_have_hints_795` covers both paths. 57 CLI contract tests pass. [SCOPE: claw-code] Source: Jobdori skills lifecycle probe on `491f179a`, 2026-05-27.
 
 796. **`claw agents show <name> <extra>` and `claw skills show <name> <extra>` returned confusing `agent_not_found`/`skill_not_found` for the concatenated "name extra" string** — dogfooded 2026-05-27 on `18b4cee5`. `join_optional_args` passes all tokens as a space-joined string; both `show` handlers called `split_once(' ')` to extract the name but did not check if the remainder (after the first split) contained additional tokens. Extra positional args (including `--flags`) became part of the "name", silently mangling the lookup. Fix: added second `split_once(' ')` on the extracted name; if the result has two parts, return `unexpected_extra_args` with a usage hint. Valid single-name lookups are unaffected. Two new integration tests `agents_show_extra_positional_arg_returns_unexpected_extra_796`, `skills_show_extra_positional_arg_returns_unexpected_extra_796`. 59 CLI contract tests pass. [SCOPE: claw-code] Source: Jobdori agents/skills show extra-arg probe on `18b4cee5`, 2026-05-27.
+797. **Installed `claw version --output-format json` reports `git_sha:null` / `Git SHA unknown`, so dogfood cannot tie the binary under test to a source revision** — dogfooded 2026-05-27 from `#clawcode-building-in-public` using the installed `/home/bellman/.cargo/bin/claw` binary in a clean `ultraworkers/claw-code` checkout. `claw version --output-format json` returned `{"kind":"version","version":"0.1.0","git_sha":null,"target":null,"build_date":"2026-03-31"...}` while `claw status --output-format json` only reported workspace state (`git_branch`, clean/dirty counts) and did not provide any executable-vs-workspace provenance comparison. This is a clawability gap in event/log opacity and stale-binary confusion: an operator can run `doctor/status/version` successfully but still cannot prove which commit the installed CLI came from, whether it matches `origin/main`, or whether the observed behavior is from a stale packaged binary. **Required fix shape:** (a) embed build git SHA/target/build provenance in installed/release binaries whenever the source tree is available; (b) when provenance is missing, emit a typed `binary_provenance.status:"unknown"` rather than only `git_sha:null`; (c) have `status`/`doctor` include a redaction-safe comparison between executable provenance and workspace HEAD when running inside a git checkout; (d) add regression/packaging coverage proving release/local install paths preserve or explicitly classify provenance. **Why this matters:** dogfood reports and automation need to distinguish current-source failures from stale or unknown binary lineage before opening/rebasing/closing PRs. Source: gaebal-gajae live dogfood on 2026-05-27; active repo checkout had open PR #3124 DIRTY with no checks and PR #3125 CLEAN, but the installed binary itself could not identify its source revision.

rust/crates/rusty-claude-cli/src/main.rs

@@ -1185,9 +1185,8 @@ fn parse_args(args: &[String]) -> Result<CliAction, String> {
             let action = tail.first().cloned();
             let target = tail.get(1).cloned();
             if tail.len() > 2 {
-                // #797: append \n usage hint so split_error_hint extracts it (parity with #791 config fix)
                 return Err(format!(
-                    "unexpected extra arguments after `claw {} {}`: {}\nUsage: claw plugins [list|show <id>|install <id>|enable <id>|disable <id>|uninstall <id>|update <id>|help]",
+                    "unexpected extra arguments after `claw {} {}`: {}",
                     rest[0],
                     tail[..2].join(" "),
                     tail[2..].join(" ")
@@ -1378,9 +1377,8 @@ fn parse_args(args: &[String]) -> Result<CliAction, String> {
             // an empty prompt when credentials are present).
             let joined = rest.join(" ");
             if joined.trim().is_empty() {
-                // #798: add \n hint so split_error_hint extracts it (was empty_prompt + null)
                 return Err(
-                    "empty prompt: provide a subcommand or a non-empty prompt string.\nUsage: claw <subcommand> or claw -p <prompt>. Run `claw --help` for the full list."
+                    "empty prompt: provide a subcommand (run `claw --help`) or a non-empty prompt string"
                         .to_string(),
                 );
             }

rust/crates/rusty-claude-cli/tests/output_format_contract.rs

@@ -3373,81 +3373,3 @@ fn skills_show_extra_positional_arg_returns_unexpected_extra_796() {
         "hint should reference usage (#796)"
     );
 }
-
-#[test]
-fn plugins_extra_args_have_non_null_hint_797() {
-    // #797: `claw plugins show <name> <extra>` returned unexpected_extra_args + hint:null.
-    // The plugins arg parser at the top level emitted "unexpected extra arguments after
-    // `claw plugins show ...`: ..." with no \n delimiter. Parity with #791 config fix.
-    let root = unique_temp_dir("plugins-extra-args-797");
-    fs::create_dir_all(&root).expect("temp dir");
-    std::process::Command::new("git")
-        .args(["init", "-q"])
-        .current_dir(&root)
-        .output()
-        .ok();
-
-    let output = run_claw(
-        &root,
-        &[
-            "--output-format",
-            "json",
-            "plugins",
-            "show",
-            "some-plugin",
-            "extra-arg",
-        ],
-        &[],
-    );
-    assert!(
-        !output.status.success(),
-        "plugins show with extra arg must exit non-zero (#797)"
-    );
-    let stderr = String::from_utf8_lossy(&output.stderr);
-    let j: serde_json::Value = stderr
-        .lines()
-        .find(|l| l.trim_start().starts_with('{'))
-        .and_then(|l| serde_json::from_str(l).ok())
-        .expect("plugins extra arg should emit JSON error");
-    assert_eq!(j["error_kind"], "unexpected_extra_args");
-    let h = j["hint"]
-        .as_str()
-        .expect("unexpected_extra_args must have non-null hint (#797)");
-    assert!(
-        h.contains("plugins") || h.contains("Usage"),
-        "hint should reference plugins usage, got: {h:?}"
-    );
-}
-
-#[test]
-fn empty_prompt_has_non_null_hint_798() {
-    // #798: `claw --output-format json ""` returned empty_prompt + hint:null.
-    // The error message "empty prompt: provide a subcommand..." had no \n delimiter.
-    let root = unique_temp_dir("empty-prompt-798");
-    fs::create_dir_all(&root).expect("temp dir");
-    std::process::Command::new("git")
-        .args(["init", "-q"])
-        .current_dir(&root)
-        .output()
-        .ok();
-
-    let output = run_claw(&root, &["--output-format", "json", ""], &[]);
-    assert!(
-        !output.status.success(),
-        "empty prompt must exit non-zero (#798)"
-    );
-    let stderr = String::from_utf8_lossy(&output.stderr);
-    let j: serde_json::Value = stderr
-        .lines()
-        .find(|l| l.trim_start().starts_with('{'))
-        .and_then(|l| serde_json::from_str(l).ok())
-        .expect("empty prompt should emit JSON error envelope");
-    assert_eq!(j["error_kind"], "empty_prompt");
-    let h = j["hint"]
-        .as_str()
-        .expect("empty_prompt must have non-null hint (#798)");
-    assert!(
-        h.contains("claw") || h.contains("Usage"),
-        "hint should reference usage, got: {h:?}"
-    );
-}