The Rust CLI previously hid init behind the REPL slash-command surface and only
created a starter CLAUDE.md. This change adds a direct `init` subcommand and
moves bootstrap behavior into a shared helper so `/init` and `init` create the
same project scaffolding: `.claude/`, `.claude.json`, starter `CLAUDE.md`, and
local-only `.gitignore` entries. The generated guidance now adapts to a small,
explicit set of repository markers so new projects get language/framework-aware
starting instructions without overwriting existing files.
Constraint: Runtime config precedence already treats `.claude.json`, `.claude/settings.json`, and `.claude/settings.local.json` as separate scopes
Constraint: `.claude/sessions/` is used for local session persistence and should not be committed by default
Rejected: Keep init as REPL-only `/init` behavior | would not satisfy the requested direct init command and keeps bootstrap discoverability low
Rejected: Ignore all of `.claude/` | would hide shared project config that the runtime can intentionally load
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep direct `init` and `/init` on the same helper path and keep detection heuristics bounded to explicit repository markers
Tested: cargo fmt --all; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: interactive manual run of `rusty-claude-cli init` against a non-test repository
Startup auth was split between the CLI and API crates, which made saved OAuth refresh behavior eager and easy to drift. This change adds a startup-specific resolver in the API layer, keeps env-only auth semantics intact, preserves saved refresh tokens when refresh responses omit them, and lets the CLI reuse the shared resolver while keeping --version on a purely local path.
Constraint: Saved OAuth credentials live in ~/.claude/credentials.json and must remain compatible with existing runtime helpers
Constraint: --version must not require config loading or any API/auth client initialization
Rejected: Keep refresh orchestration only in rusty-claude-cli | would preserve split auth policy and lazy-load bugs
Rejected: Change AnthropicClient::from_env to load config | would broaden configless API semantics for non-CLI callers
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep startup-only OAuth refresh separate from AuthSource::from_env() / AnthropicClient::from_env() unless all non-CLI callers are re-evaluated
Tested: cargo fmt --all; cargo build; cargo clippy --workspace --all-targets -- -D warnings; cargo test; cargo run -p rusty-claude-cli -- --version
Not-tested: Live OAuth refresh against a real auth server
The custom crossterm editor now supports prompt history, slash-command tab
completion, multiline editing, and Ctrl-C semantics that clear partial input
without always terminating the session. The live REPL loop now distinguishes
buffer cancellation from clean exit, persists session state on meaningful
boundaries, and renders tool activity in a more structured way for terminal
use.
Constraint: Keep the active REPL on the existing crossterm path without adding a line-editor dependency
Rejected: Swap to rustyline or reedline | broader integration risk than this polish pass justifies
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: Keep editor state logic generic in input.rs and leave REPL policy decisions in main.rs
Tested: cargo fmt --manifest-path rust/Cargo.toml --all; cargo clippy --manifest-path rust/Cargo.toml --all-targets --all-features -- -D warnings; cargo test --manifest-path rust/Cargo.toml
Not-tested: Interactive manual terminal smoke test for arrow keys/tab/Ctrl-C in a live TTY
The Rust CLI/runtime now models permissions as ordered access levels, derives tool requirements from the shared tool specs, and prompts REPL users before one-off danger-full-access escalations from workspace-write sessions. This also wires explicit --permission-mode parsing and makes /permissions operate on the live session state instead of an implicit env-derived default.
Constraint: Must preserve the existing three user-facing modes read-only, workspace-write, and danger-full-access
Constraint: Must avoid new dependencies and keep enforcement inside the existing runtime/tool plumbing
Rejected: Keep the old Allow/Deny/Prompt policy model | could not represent ordered tool requirements across the CLI surface
Rejected: Continue sourcing live session mode solely from RUSTY_CLAUDE_PERMISSION_MODE | /permissions would not reliably reflect the current session state
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Add required_permission entries for new tools before exposing them to the runtime
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test -q
Not-tested: Manual interactive REPL approval flow in a live Anthropic session
The branch already carries the new local slash commands and flag behavior,
so this follow-up captures how to use them from the Rust README. That keeps
the documented REPL and resume workflows aligned with the verified binary
surface after the implementation and green verification pass.
Constraint: Keep scope narrow and avoid touching ignored .omx planning artifacts
Constraint: Documentation must reflect the active handwritten parser in main.rs
Rejected: Re-open parser refactors in args.rs | outside the requested bounded change
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep README command examples aligned with main.rs help output when CLI flags or slash commands change
Tested: cargo run -p rusty-claude-cli -- --version; cargo run -p rusty-claude-cli -- --help; cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test
Not-tested: Interactive REPL manual slash-command session in a live API-backed conversation
The remaining slash commands already existed in the REPL path, so this change
focuses on wiring the active CLI parser and runtime to expose them safely.
`--version` now exits through a local reporting path, and `--allowedTools`
constrains both advertised and executable tools without changing the underlying
command surface.
Constraint: The active CLI parser lives in main.rs, so a full parser unification would be broader than requested
Constraint: --version must not require API credentials or construct the API client
Rejected: Migrate the binary to the clap parser in args.rs | too large for a parity patch
Rejected: Enforce allowed tools only at request construction time | execution-time mismatch risk
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep local-only flags like --version on pre-runtime codepaths and mirror tool allowlists in both definition and execution paths
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test; cargo run -q -p rusty-claude-cli -- --version; cargo run -q -p rusty-claude-cli -- --help
Not-tested: Interactive live API conversation with restricted tool allowlists
This adds an end-to-end OAuth PKCE login/logout path to the Rust CLI,
persists OAuth credentials under the Claude config home, and teaches the
API client to use persisted bearer credentials with refresh support when
env-based API credentials are absent.
Constraint: Reuse existing runtime OAuth primitives and keep browser/callback orchestration in the CLI
Constraint: Preserve auth precedence as API key, then auth-token env, then persisted OAuth credentials
Rejected: Put browser launch and token exchange entirely in runtime | caused boundary creep across shared crates
Rejected: Duplicate credential parsing in CLI and api | increased drift and refresh inconsistency
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: Keep logout non-destructive to unrelated credentials.json fields and do not silently fall back to stale expired tokens
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test
Not-tested: Manual live Anthropic OAuth browser flow against real authorize/token endpoints
The tools crate already covered several higher-level commands, but the
public dispatch surface still lacked direct tests for shell and file
operations plus several error-path behaviors. This change expands the
existing lib.rs unit suite to cover the requested tools through
`execute_tool`, adds deterministic temp-path helpers, and hardens
assertions around invalid inputs and tricky offset/background behavior.
Constraint: No new dependencies; coverage had to stay within the existing crate test structure
Rejected: Split coverage into new integration tests under tests/ | would require broader visibility churn for little gain
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep future tool-coverage additions on the public dispatch surface unless a lower-level helper contract specifically needs direct testing
Tested: cargo fmt --all; cargo clippy -p tools --all-targets --all-features -- -D warnings; cargo test -p tools
Not-tested: Cross-platform shell/runtime differences beyond the current Linux-like CI environment
The runtime crate already had typed MCP config parsing, bootstrap metadata,
and stdio JSON-RPC transport primitives, but it lacked the stateful layer
that owns configured subprocesses and routes discovered tools back to the
right server. This change adds a thin lazy McpServerManager in mcp_stdio,
keeps unsupported transports explicit, and locks the behavior with
subprocess-backed discovery, routing, reuse, shutdown, and error tests.
Constraint: Keep the change narrow to the runtime crate and stdio transport only
Constraint: Reuse existing MCP config/bootstrap/process helpers instead of adding new dependencies
Rejected: Eagerly spawn all configured servers at construction | unnecessary startup cost and failure coupling
Rejected: Spawn a fresh process per request | defeats lifecycle management and tool routing cache
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep higher-level runtime/session integration separate until a caller needs this manager surface
Tested: cargo fmt --all; cargo clippy -p runtime --all-targets -- -D warnings; cargo test -p runtime
Not-tested: Integration into conversation/runtime flows outside direct manager APIs
Implement the remaining long-tail tool surfaces needed for Claude Code parity in the Rust tools crate: SendUserMessage/Brief, Config, StructuredOutput, and REPL, plus tests that lock down their current schemas and basic behavior. A small runtime clippy cleanup in file_ops was required so the requested verification lane could pass without suppressing workspace warnings.
Constraint: Match Claude Code tool names and input schemas closely enough for parity-oriented callers
Constraint: No new dependencies for schema validation or REPL orchestration
Rejected: Split runtime clippy fixes into a separate commit | would block the required cargo clippy verification step for this delivery
Rejected: Implement a stateful persistent REPL session manager | unnecessary for current parity scope and would widen risk substantially
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: If upstream Claude Code exposes a concrete REPL tool schema later, reconcile this implementation against that source before expanding behavior
Tested: cargo fmt --all; cargo clippy -p tools --all-targets --all-features -- -D warnings; cargo test -p tools
Not-tested: End-to-end integration with non-Rust consumers; schema-level validation against upstream generated tool payloads
This adds the remaining user-facing slash commands, enables non-interactive model and JSON prompt output, and tightens the help and startup copy so the Rust CLI feels coherent as a standalone interface.
The implementation keeps the scope narrow by reusing the existing session JSON format and local runtime machinery instead of introducing new storage layers or dependencies.
Constraint: No new dependencies allowed for this polish pass
Constraint: Do not commit OMX runtime state
Rejected: Add a separate session database | unnecessary complexity for local CLI persistence
Rejected: Rework argument parsing with clap | too broad for the current delivery window
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: Managed sessions currently live under .claude/sessions; keep compatibility in mind before changing that path or file shape
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test
Not-tested: Live Anthropic prompt execution and interactive manual UX smoke test
The runtime already framed JSON-RPC initialize traffic over stdio, so this extends the same transport with typed helpers for tools/list, tools/call, resources/list, and resources/read plus fake-server tests that exercise real request/response roundtrips.
Constraint: Must build on the existing stdio JSON-RPC framing rather than introducing a separate MCP client layer
Rejected: Leave method payloads as untyped serde_json::Value blobs | weakens call sites and test assertions
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep new MCP stdio methods aligned with upstream MCP camelCase field names when adding more request/response types
Tested: cargo fmt --manifest-path rust/Cargo.toml --all; cargo clippy --manifest-path rust/Cargo.toml -p runtime --all-targets -- -D warnings; cargo test --manifest-path rust/Cargo.toml -p runtime
Not-tested: Live integration against external MCP servers
Polish the integrated Rust CLI so the branch ships like a usable deliverable instead of a scaffold. This adds explicit version handling, expands the built-in help surface with environment and workflow guidance, and replaces the placeholder rust README with practical build, test, prompt, REPL, and resume instructions. It also ignores OMX and agent scratch directories so local orchestration state stays out of the shipped branch.\n\nConstraint: Must keep the existing workspace shape and avoid adding new dependencies\nConstraint: Must not commit .omx or other local orchestration artifacts\nRejected: Introduce clap-based top-level parsing for the main binary | larger refactor than needed for release-readiness\nRejected: Leave help and version behavior implicit | too rough for a clone-and-use deliverable\nConfidence: high\nScope-risk: narrow\nReversibility: clean\nDirective: Keep README examples and --help output aligned whenever CLI commands or env vars change\nTested: cargo fmt --all; cargo build --release -p rusty-claude-cli; cargo test --workspace --exclude compat-harness; cargo run -p rusty-claude-cli -- --help; cargo run -p rusty-claude-cli -- --version\nNot-tested: Live Anthropic API prompt/REPL execution without credentials in this session
Tighten the /permissions report into the same operator-console style used by
other slash commands, and make permission mode changes read like a structured
CLI confirmation instead of a raw field swap.
Constraint: Must keep the real permission surface limited to read-only, workspace-write, and danger-full-access
Rejected: Add synthetic shortcuts or approval-state variants | would misrepresent actual supported modes
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep /permissions output aligned with other structured slash command reports as new mode metadata is added
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace; manual REPL smoke test for /permissions and /permissions read-only
Not-tested: Interactive approval prompting flows beyond mode report formatting
The runtime already knew how to spawn stdio MCP processes, but it still
needed transport primitives for framed JSON-RPC exchange. This change adds
minimal request/response types, line and frame helpers on the stdio wrapper,
and an initialize roundtrip helper so later MCP client slices can build on a
real transport foundation instead of raw byte plumbing.
Constraint: Keep the slice small and limited to stdio transport foundations
Constraint: Must verify framed request write and typed response parsing with a fake MCP process
Rejected: Introduce a broader MCP session layer now | would expand the slice beyond transport framing
Rejected: Leave JSON-RPC as untyped serde_json::Value only | weakens initialize roundtrip guarantees
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Preserve the camelCase MCP initialize field mapping when layering richer protocol support on top
Tested: cargo fmt --all --manifest-path rust/Cargo.toml
Tested: cargo clippy -p runtime --all-targets --manifest-path rust/Cargo.toml -- -D warnings
Tested: cargo test -p runtime --manifest-path rust/Cargo.toml
Not-tested: Integration against a real external MCP server process
The dirty stdio slice had two real regressions in its new JSON-RPC test coverage: the embedded Python helper was written with broken string literals, and direct execution of the freshly written helper could fail with ETXTBSY on Linux. The repair keeps scope inside mcp_stdio.rs by fixing the helper strings and invoking the JSON-RPC helper through python3 while leaving the existing stdio process behavior unchanged.
Constraint: Keep the repair limited to rust/crates/runtime/src/mcp_stdio.rs
Constraint: Must satisfy fmt, clippy -D warnings, and runtime tests before shipping
Rejected: Revert the entire JSON-RPC stdio coverage addition | unnecessary once the helper/test defects were isolated
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep ephemeral stdio test helpers portable and avoid directly execing freshly written scripts when an interpreter invocation is sufficient
Tested: cargo fmt --all; cargo clippy -p runtime --all-targets -- -D warnings; cargo test -p runtime
Not-tested: Cross-platform behavior outside the current Linux runtime
Reformat /compact output for both live and resumed sessions so compaction results are reported in the same structured console style as the rest of the CLI surface. This keeps the behavior unchanged while making skipped and successful compaction runs easier to read.
Constraint: Compact output must stay faithful to the real compaction result and not imply summarization details beyond removed/kept message counts
Rejected: Expose the generated summary body directly in /compact output | too noisy for a lightweight command-response surface
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep lifecycle and maintenance command output stylistically consistent as more slash commands reach parity
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual terminal UX review of compact output on very large sessions
Reformat /init results into the same structured operator-console style used by the other polished commands so create and skip outcomes are easier to scan. This keeps the command behavior unchanged while making repo bootstrapping feedback feel more intentional.
Constraint: /init must stay non-destructive and continue refusing to overwrite an existing CLAUDE.md
Rejected: Expand /init to write more files in the same slice | broader scaffolding would be riskier than a focused UX polish commit
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep /init output explicit about whether the file was created or skipped so users can trust the command in existing repos
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual /init run in a repo that already has a heavily customized CLAUDE.md
Extend /config so operators can inspect specific merged sections like env, hooks, and model while keeping the command read-only and grounded in the actual loaded config. This improves Claude Code-style inspectability without inventing an unsafe config editing surface.
Constraint: Config handling must remain read-only and reflect only the merged runtime config that already exists
Rejected: Add /config set mutation commands | persistence semantics and edit safety are not mature enough for a small honest slice
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep config subviews aligned with real merged keys and avoid advertising writable behavior until persistence is designed
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual inspection of richer hooks/env config payloads in a customized user setup
Reformat /memory into the same structured console style as the other polished commands and enumerate discovered instruction files in ancestry order with line counts and previews. This makes repo instruction memory easier to inspect without changing the underlying discovery behavior.
Constraint: Memory reporting must reflect only the instruction files discovered from current directory ancestry
Rejected: Add memory editing commands in the same slice | presentation polish was a cleaner, lower-risk improvement to ship first
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep instruction-file ordering stable so ancestry-based memory debugging stays predictable
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual inspection of repos with many nested CLAUDE files
Extend /status with project root and git branch details derived from the local repository so the report feels closer to a real Claude Code session dashboard. This adds high-value workspace context without inventing any persisted metadata the runtime does not actually have.
Constraint: Status metadata must be computed from the current working tree at runtime and tolerate non-git directories
Rejected: Persist branch/root into session files first | a local runtime derivation is smaller and immediately useful without changing session format
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep status context opportunistic and degrade cleanly to unknown when git metadata is unavailable
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual non-git-directory /status run
Add a minimal runtime stdio MCP launcher that spawns configured server processes with piped stdin/stdout, applies transport env, and exposes async write/read/terminate/wait helpers for future JSON-RPC integration.
The wrapper stays intentionally small: it does not yet implement protocol framing or connection lifecycle management, but it is real process orchestration rather than placeholder scaffolding. Tests use a temporary executable script to prove env propagation and bidirectional stdio round-tripping.
Constraint: Keep the slice minimal and testable while using the real tokio process surface
Constraint: Runtime verification must pass cleanly under fmt, clippy, and tests
Rejected: Add full JSON-RPC framing and session orchestration in the same commit | too much scope for a clean launcher slice
Rejected: Fake the process wrapper behind mocks only | would not validate spawning, env injection, or stdio wiring
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Layer future MCP protocol framing on top of McpStdioProcess rather than bypassing it with ad hoc process management
Tested: cargo fmt --all; cargo clippy -p runtime --all-targets -- -D warnings; cargo test -p runtime
Not-tested: live third-party MCP servers; long-running process supervision; stderr capture policy
Update in-REPL /resume success output to the same structured console style used elsewhere so session lifecycle commands feel consistent with status, model, permissions, config, and cost. This preserves the same behavior while improving operator readability.
Constraint: Resume output must stay grounded in real restored session metadata already available after load
Rejected: Add more restored-session details like cwd snapshot | that data is not yet persisted in session files
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep lifecycle command outputs stylistically aligned as the CLI surface grows
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual interactive comparison of /resume output before and after multiple restores
Refresh shared slash help and REPL help wording so the command surface reads more like an integrated console, and make successful /clear output match the newer structured reporting style. This keeps discoverability consistent now that status, model, permissions, config, and cost all use richer operator-oriented copy.
Constraint: Help text must stay synchronized with the actual implemented command surface and resume behavior
Rejected: Larger README/doc pass in the same commit | keeping the slice limited to runtime help/output makes it easier to review and revert
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Prefer shared help-copy changes in commands crate first, then layer REPL-specific additions in the CLI binary
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual comparison of help wording against upstream Claude Code terminal screenshots
Reformat /cost for both live and resumed sessions so token accounting is presented in the same sectioned operator-console style as status, model, permissions, and config. This improves consistency across the command surface while preserving the same underlying usage metrics.
Constraint: Cost output must continue to reflect cumulative tracked usage only, without claiming real billing or currency totals
Rejected: Add dollar estimates | there is no authoritative pricing source wired into this CLI surface
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep /cost focused on raw token accounting until pricing metadata exists in the runtime layer
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual terminal UX review for very large cumulative token counts
Rework /permissions output into the same operator-console format used by status, config, and model so the command feels intentional and self-explanatory. Switching modes now reports previous and current state, while inspection shows the available modes and their meaning without adding fake policy logic.
Constraint: Permission output must stay aligned with the real three-mode runtime policy already implemented
Rejected: Add richer permission-policy previews per tool | would require more UI surface and risks overstating current policy fidelity
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep permission-mode docs in the CLI consistent with normalize_permission_mode and permission_policy behavior
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual operator UX review of /permissions flows in a live REPL
Move the default Agent artifact store out of rust/crates/tools so repeated Agent runs stop generating noisy crate-local files, normalize explicit Agent names through the existing slug path, and ignore any crate-local .clawd-agents residue defensively. Keep the slice limited to the tools crate and preserve the existing manifest-writing behavior.
Constraint: Must not touch unrelated dirty api files in this worktree
Constraint: Keep the change limited to rust/crates/tools
Rejected: Add a broader agent runtime or execution model | outside the final cleanup slice
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep Agent persistence defaults outside package directories so generated artifacts do not pollute crate working trees
Tested: cargo test -p tools
Not-tested: concurrent multi-process Agent writes to the default fallback store
Replace terse /model strings with sectioned model reports that show the active model and preserved session context, and use a structured switch report when the model changes. This keeps the behavior honest while making model management feel more intentional and Claude-like.
Constraint: Model switching must preserve the current session and avoid adding any fake model catalog or validation layer
Rejected: Add a hardcoded model list or aliases | would create drift with actual backend-supported model names
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep /model output informational and backend-agnostic unless the runtime gains authoritative model discovery
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual interactive switching across multiple real Anthropic model names
Require an explicit /clear --confirm flag before wiping live or resumed session state. This keeps the command genuinely useful while adding the minimal safety check needed for a destructive command in a chatty terminal workflow.
Constraint: /clear must remain a real functional command without introducing interactive prompt machinery that would complicate REPL input handling
Rejected: Add y/n interactive confirmation prompt | extra stateful prompting would be slower to ship and more fragile inside the line editor loop
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep destructive slash commands opt-in via explicit flags unless the CLI gains a dedicated confirmation subsystem
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual keyboard-driven UX pass for accidental /clear entry in interactive REPL
Add a minimal runtime MCP client bootstrap layer that turns typed MCP configs into concrete transport targets with normalized names, tool prefixes, signatures, and auth requirements.
This is intentionally scaffolding rather than a live connection manager: it creates the real data model the runtime will need to launch stdio, remote, websocket, sdk, and claude.ai proxy clients without prematurely coupling the code to any specific async transport implementation.
Constraint: Keep the slice real and minimal without adding connection lifecycle complexity yet
Constraint: Runtime verification must stay green under fmt, clippy, and tests
Rejected: Implement live connection/session orchestration in the same commit | too much surface area for a clean foundational slice
Rejected: Leave bootstrap shaping implicit in future transport code | would duplicate transport mapping and weaken testability
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Build future MCP launch/execution code by consuming McpClientBootstrap/McpClientTransport rather than re-parsing config enums ad hoc
Tested: cargo fmt --all; cargo clippy -p runtime --all-targets -- -D warnings; cargo test -p runtime
Not-tested: live MCP server processes; remote stream handshakes; tool/resource enumeration against real servers
