Add runtime MCP helpers for name normalization, tool naming, CCR proxy URL unwrapping, config signatures, and stable scope-independent config hashing.
This is the fastest clean parity-unblocking MCP slice because it creates real reusable behavior needed by future client/transport work without forcing a transport boundary prematurely. The helpers mirror key upstream semantics around normalized tool names and dedup/config-change detection.
Constraint: Must land a real MCP foundation without pulling transport management into the same commit
Constraint: Runtime verification must pass with fmt, clippy, and tests
Rejected: Start with transport/client scaffolding first | would need more design surface and more unverified edges
Rejected: Leave normalization/signature logic implicit in later client code | would duplicate behavior and complicate testing
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Reuse these helpers for future MCP tool naming, dedup, and reconnect/change-detection work instead of re-encoding the rules ad hoc
Tested: cargo fmt --all; cargo clippy -p runtime --all-targets -- -D warnings; cargo test -p runtime
Not-tested: live MCP transport connections; plugin reload integration; full connector dedup flows
Expand /status so it reports the current working directory, whether the CLI is operating on a live REPL or resumed session file, how many Claude config files were loaded, and how many instruction memory files were discovered. This makes status feel more like an operator dashboard instead of a bare token counter while still only surfacing metadata we can inspect locally.
Constraint: Status must only report context available from the current filesystem and session state
Rejected: Include guessed project metadata or upstream-only fields | would make the status output look richer than the implementation actually is
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep status additive and local-truthful; avoid inventing context that is not directly discoverable
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual interactive comparison of REPL /status versus resumed-session /status
Normalize Agent subagent aliases to Claude Code style built-in names, expose richer handoff metadata, teach ToolSearch to match canonical tool aliases, and polish NotebookEdit so delete does not require source and insert without a target appends cleanly. These are small parity-oriented behavior fixes confined to the tools crate.\n\nConstraint: Must not touch unrelated dirty api files in this worktree\nConstraint: Keep the change limited to rust/crates/tools\nRejected: Rework Agent into a real scheduler | outside this slice and not a small parity polish\nRejected: Add broad new tool surface area | request calls for small real parity improvements only\nConfidence: high\nScope-risk: narrow\nReversibility: clean\nDirective: Keep Agent built-in type normalization aligned with upstream naming aliases before expanding execution semantics\nTested: cargo test -p tools\nNot-tested: integration against a real upstream Claude Code runtime
Improve top-level help and shared slash-command help so the implemented surface is easier to discover, with explicit resume-safe markings and concrete examples for saved-session workflows. This keeps the command registry authoritative while making the CLI feel less skeletal and more like a real operator-facing tool.
Constraint: Help text must reflect the actual implemented surface without advertising unsupported offline/runtime behavior
Rejected: Separate bespoke help tables for REPL and --resume | would drift from the shared command registry
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Add new slash commands to the shared registry first so help and resume capability stay synchronized
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual UX comparison against upstream Claude Code help output
Extend --resume so operators can run multiple safe slash commands in sequence against a saved session file, including mutating maintenance actions like /compact and /clear plus useful local /init scaffolding. This brings resumed sessions closer to the live REPL command surface without pretending unsupported runtime-bound commands work offline.
Constraint: Resumed sessions only have serialized session state, not a live model client or interactive runtime
Rejected: Support every slash command under --resume | model and permission changes do not affect offline saved-session inspection meaningfully
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep --resume limited to commands that can operate purely from session files or local filesystem context
Tested: cargo fmt --manifest-path ./rust/Cargo.toml --all; cargo clippy --manifest-path ./rust/Cargo.toml --workspace --all-targets -- -D warnings; cargo test --manifest-path ./rust/Cargo.toml --workspace
Not-tested: Manual interactive smoke test of chained --resume commands in a shell session
Extend the Rust tools crate with NotebookEdit, Sleep, and PowerShell support. NotebookEdit now performs real ipynb cell replacement, insertion, and deletion; Sleep provides a non-shell wait primitive; and PowerShell executes commands with timeout/background support through a detected shell. Tests cover notebook mutation, sleep timing, and PowerShell execution via a stub shell while preserving the existing tool slices.\n\nConstraint: Keep the work confined to crates/tools/src/lib.rs and avoid staging unrelated workspace edits\nConstraint: Expose Claude Code-aligned names and close JSON-schema shapes for the new tools\nRejected: Stub-only notebook or sleep registrations | not materially useful beyond discovery\nRejected: PowerShell implemented as bash aliasing only | would not honor the distinct tool contract\nConfidence: medium\nScope-risk: moderate\nReversibility: clean\nDirective: Preserve the NotebookEdit field names and PowerShell output shape so later runtime extraction can move implementation without changing the contract\nTested: cargo fmt; cargo test -p tools\nNot-tested: cargo clippy; full workspace cargo test
Add a genuinely useful /init command that creates a starter CLAUDE.md from the current repository shape without inventing unsupported setup flows. The scaffold pulls in real verification commands and repo-structure notes for this workspace, and it refuses to overwrite an existing CLAUDE.md.
This keeps the command honest and low-risk while moving the CLI closer to Claude Code's practical bootstrap surface.
Constraint: /init must be non-destructive and must not overwrite an existing CLAUDE.md
Constraint: Generated guidance must come from observable repo structure rather than placeholder text
Rejected: Interactive multi-step init workflow | too much unsupported UI/state machinery for this Rust CLI slice
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep generated CLAUDE.md templates concise and repo-derived; do not let /init drift into fake setup promises
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: manual /init invocation in a separate temporary repository without a preexisting CLAUDE.md
Add minimal runtime-side remote session and upstream proxy primitives that model enablement, session identity, token loading, websocket endpoint derivation, and subprocess proxy environment shaping.
This intentionally stops short of implementing the relay or CA download path. The goal is to land real request/env foundations that future remote integration work can build on while preserving the fail-open behavior of the upstream implementation.
Constraint: Must keep the slice minimal and real without pulling in relay networking yet
Constraint: Verification must pass with runtime fmt, clippy, and tests
Rejected: Implement full upstream CONNECT relay now | too large for the current bounded slice
Rejected: Hide proxy state behind untyped env maps only | would make later integration and testing brittle
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep remote bootstrap logic fail-open; do not make proxy setup a hard dependency for normal runtime execution
Tested: cargo fmt --all; cargo clippy -p runtime --all-targets -- -D warnings; cargo test -p runtime
Not-tested: live CCR session behavior; relay startup; CA bundle download and trust installation
Improve resumed-session parity by letting top-level --resume execute shared read-only commands such as /help, /status, /cost, /config, and /memory in addition to /compact. This makes saved sessions meaningfully inspectable without reopening the interactive REPL.
Also add a genuinely useful /memory command that reports the Claude instruction memory already discovered by the runtime from CLAUDE.md-style files in the current directory ancestry. The command stays honest by surfacing file paths, line counts, and a short preview instead of inventing unsupported persistent memory behavior.
Constraint: Resume-path improvements must operate safely on saved sessions without requiring a live model runtime
Constraint: /memory must expose real repository instruction context rather than placeholder state
Rejected: Invent editable or persistent chat memory storage | no such durable feature exists in this repo yet
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Reuse shared slash parsing for resume-path features so saved-session commands and REPL commands stay aligned
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: manual resume against a diverse set of historical session files from real user workflows
Add runtime OAuth primitives for PKCE generation, authorization URL building, token exchange request shaping, and refresh request shaping. Wire the API client to a real auth-source abstraction so future OAuth tokens can flow into Anthropic requests without bespoke header code.
This keeps the slice bounded to foundations: no browser flow, callback listener, or token persistence. The API client still behaves compatibly for current API-key users while gaining explicit bearer-token and combined auth modeling.
Constraint: Must keep the slice minimal and real while preserving current API client behavior
Constraint: Repo verification requires fmt, tests, and clippy to pass cleanly
Rejected: Implement full OAuth browser/listener flow now | too broad for the current parity-unblocking slice
Rejected: Keep auth handling as ad hoc env reads only | blocks reuse by future OAuth integration paths
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Extend OAuth behavior by composing these request/auth primitives before adding session or storage orchestration
Tested: cargo fmt --all; cargo clippy -p runtime -p api --all-targets -- -D warnings; cargo test -p runtime; cargo test -p api --tests
Not-tested: live OAuth token exchange; callback listener flow; workspace-wide tests outside runtime/api
Add in-REPL session restoration and read-only config inspection so the CLI can recover saved conversations and expose Claude settings without leaving interactive mode. /resume now reloads a session file into the live runtime, and /config shows discovered settings files plus the merged effective JSON.
The new commands stay on the shared slash-command surface and rebuild runtime state using the current model, system prompt, and permission mode so existing REPL behavior remains stable.
Constraint: /resume must update the live REPL session rather than only supporting top-level --resume
Constraint: /config should inspect existing settings without mutating user files
Rejected: Add editable /config writes in this slice | read-only inspection is safer and sufficient for immediate parity work
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep resume/config behavior on the shared slash command surface so non-REPL entrypoints can reuse it later
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: manual interactive restore against real saved session files outside automated fixtures
Extend the Rust tools crate with concrete Agent and ToolSearch implementations. Agent now persists agent-handoff metadata and prompt payloads to a local store with Claude Code-style fields, while ToolSearch supports exact selection and keyword search over the deferred tool surface. Tests cover agent persistence and tool lookup behavior alongside the existing web, todo, and skill coverage.\n\nConstraint: Keep the implementation tools-only without relying on full agent orchestration runtime\nConstraint: Preserve exposed tool names and close schema parity with Claude Code\nRejected: No-op Agent stubs | would not provide material handoff value\nRejected: ToolSearch limited to exact matches only | too weak for discovery workflows\nConfidence: medium\nScope-risk: narrow\nReversibility: clean\nDirective: Keep Agent output contract stable so later execution wiring can reuse persisted metadata without renaming fields\nTested: cargo fmt; cargo test -p tools\nNot-tested: cargo clippy; full workspace cargo test
This replaces the single default pricing assumption with a small model-aware pricing table for Sonnet, Opus, and Haiku so CLI usage output better matches the selected model. Unknown models still fall back cleanly with explicit labeling.
The change keeps pricing lightweight and local while improving the usefulness of usage/cost reporting for resumed sessions and live turns.
Constraint: Keep pricing local and dependency-free
Constraint: Preserve graceful fallback behavior for unknown model IDs
Rejected: Add a remote pricing source now | unnecessary coupling and risk for this slice
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If pricing tables expand later, prefer explicit model-family matching and keep fallback labeling visible
Tested: cargo fmt; cargo clippy --all-targets --all-features -- -D warnings; cargo test -q
Not-tested: Validation against live provider billing exports
This adds a dedicated session inspect command to the Rust CLI so users can inspect a saved session's path, timestamps, size, token totals, preview text, and latest user/assistant context without opening the underlying file by hand.
It builds directly on the new session list/resume flows and keeps the UX lightweight and script-friendly.
Constraint: Keep session inspection CLI-native and read-only
Constraint: Reuse the existing saved-session format instead of introducing a secondary index format
Rejected: Add an interactive session browser now | more overhead than needed for this inspect slice
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep session inspection output stable and grep-friendly so it remains useful in scripts
Tested: cargo fmt; cargo clippy --all-targets --all-features -- -D warnings; cargo test -q
Not-tested: Manual inspection against a large corpus of real saved sessions
This upgrades Rust session compaction so summaries carry more than a flat timeline. The compacted state now calls out recent user requests, pending work signals, key files, and the current work focus so resumed sessions retain stronger execution continuity.
The change stays deterministic and local while moving the compact output closer to session-memory style handoff value.
Constraint: Keep compaction local and deterministic rather than introducing API-side summarization
Constraint: Preserve the existing resumable system-summary mechanism and compact command flow
Rejected: Add a full session-memory background extractor now | larger runtime change than needed for this incremental parity pass
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep future compaction enrichments biased toward actionable state transfer, not just verbose recap
Tested: cargo fmt; cargo clippy --all-targets --all-features -- -D warnings; cargo test -q
Not-tested: Long real-world sessions with deeply nested tool/result payloads
This improves Rust prompt-building by deduplicating repeated CLAUDE instruction content, surfacing clearer project-context metadata, and truncating oversized instruction payloads so local rules stay useful without overwhelming the runtime prompt.
The change preserves ancestor-chain discovery while making the rendered context more stable, compact, and readable for downstream compaction and CLI flows.
Constraint: Keep existing CLAUDE.md discovery semantics while reducing prompt bloat
Constraint: Avoid adding a new parser or changing user-authored instruction file formats
Rejected: Introduce a structured CLAUDE schema now | too large a shift for this parity slice
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: If richer instruction precedence is added later, keep duplicate suppression conservative so distinct local rules are not silently lost
Tested: cargo fmt; cargo clippy --all-targets --all-features -- -D warnings; cargo test -q
Not-tested: Live end-to-end behavior with very large real-world CLAUDE.md trees
This adds a prompt-mode permission flow for the Rust CLI, surfaces permission policy details in the REPL, and improves tool output rendering with concise human-readable summaries before the raw JSON payload.
The goal is to make tool execution feel safer and more legible without changing the underlying runtime loop or adding a heavyweight UI layer.
Constraint: Keep the permission UX terminal-native and incremental
Constraint: Preserve existing allow and read-only behavior while adding prompt mode
Rejected: Build a full-screen interactive approval UI now | unnecessary complexity for this parity slice
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep raw tool JSON available even when adding richer summaries so debugging fidelity remains intact
Tested: cargo fmt; cargo clippy --all-targets --all-features -- -D warnings; cargo test -q
Not-tested: Manual prompt-mode approvals against live API-driven tool calls
Expand the shared slash registry and REPL dispatcher with real session-management commands so the CLI feels closer to Claude Code during interactive use. /permissions now reports or switches the active permission mode, /clear rebuilds a fresh local session without restarting the process, and /cost reports cumulative token usage honestly from the runtime tracker.
The implementation keeps command parsing centralized in the commands crate and preserves the existing prompt-mode path while rebuilding runtime state safely when commands change session configuration.
Constraint: Commands must be genuinely useful local behavior rather than placeholders
Constraint: Preserve REPL continuity when changing permissions or clearing session state
Rejected: Store permission-mode changes only in environment variables | would not update the live runtime for the current session
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep future stateful slash commands rebuilding from current session + system prompt instead of mutating hidden runtime internals
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: manual live API session exercising permission changes mid-conversation
Centralize slash command parsing in the commands crate so the REPL can share help metadata and grow toward Claude Code parity without duplicating handlers. This adds shared /help and /model parsing, routes REPL dispatch through the shared parser, and upgrades /status to report model and token totals.
To satisfy the required verification gate, this also fixes existing workspace clippy and test blockers in runtime, tools, api, and compat-harness that were unrelated to the new command behavior but prevented fmt/clippy/test from passing cleanly.
Constraint: Preserve existing prompt-mode and REPL behavior while adding real slash commands
Constraint: cargo fmt, clippy, and workspace tests must pass before shipping command-surface work
Rejected: Keep command handling only in main.rs | would deepen duplication with commands crate and resume path
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Extend new slash commands through the shared commands crate first so REPL and resume entrypoints stay consistent
Tested: cargo fmt; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: live Anthropic network execution beyond existing mocked/integration coverage
This adds a lightweight session home for the Rust CLI, auto-persists REPL state, and exposes list, search, show, and named resume flows so users no longer need to remember raw JSON paths.
The change keeps the old --resume SESSION.json path working while adding friendlier session discovery. It also makes API env-based tests hermetic so workspace verification remains stable regardless of shell environment.
Constraint: Keep session UX incremental and CLI-native without introducing a new database or TUI layer
Constraint: Preserve backward compatibility for the existing --resume SESSION.json workflow
Rejected: Build a richer interactive picker now | higher implementation cost than needed for this parity slice
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep human-friendly session lookup additive; do not remove explicit path-based resume support
Tested: cargo fmt; cargo clippy --all-targets --all-features -- -D warnings; cargo test -q
Not-tested: Manual multi-session interactive REPL behavior across multiple terminals
This adds token and estimated cost reporting to runtime usage tracking and surfaces it in the CLI status and turn output. It also upgrades compaction summaries so users see a clearer resumable summary and token savings after /compact.
The verification path required cleaning existing workspace clippy and test friction in adjacent crates so cargo fmt, cargo clippy -D warnings, and cargo test succeed from the Rust workspace root in this repo state.
Constraint: Keep the change incremental and user-visible without a large CLI rewrite
Constraint: Verification must pass with cargo fmt, cargo clippy --all-targets --all-features -- -D warnings, and cargo test
Rejected: Implement a full model-pricing table now | would add more surface area than needed for this first UX slice
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: If pricing becomes model-specific later, keep the current estimate labeling explicit rather than implying exact billing
Tested: cargo fmt; cargo clippy --all-targets --all-features -- -D warnings; cargo test -q
Not-tested: Live Anthropic API interaction and real streaming terminal sessions
Extend the Rust tools crate with concrete TodoWrite and Skill implementations. TodoWrite now validates and persists structured session todos with Claude Code-aligned item shapes, while Skill resolves local skill definitions and returns their prompt payload for execution handoff. Tests cover persistence and local skill loading without disturbing the previously added web tools.\n\nConstraint: Stay within tools-only scope and avoid depending on broader agent/runtime rewrites\nConstraint: Keep exposed tool names and schemas close to Claude Code contracts\nRejected: In-memory-only TodoWrite state | would not survive across tool calls\nRejected: Stub Skill metadata without loading prompt content | not materially useful to callers\nConfidence: medium\nScope-risk: narrow\nReversibility: clean\nDirective: Preserve TodoWrite item-field parity and keep Skill focused on local skill discovery until agent execution wiring lands\nTested: cargo fmt; cargo test -p tools\nNot-tested: cargo clippy; full workspace cargo test
Add typed runtime-facing MCP and OAuth configuration models on top of the existing merged settings loader so later parity work can consume validated structures instead of ad hoc JSON traversal.
This keeps the first slice bounded to parsing, precedence, exports, and tests. While validating the slice under the repo's required clippy gate, I also fixed a handful of pre-existing clippy failures in runtime file operations so the requested verification command can pass for this commit.
Constraint: Must keep scope to parity-unblocking primitives, not full MCP or OAuth flow execution
Constraint: cargo clippy --all-targets is a required verification gate for this repo
Rejected: Add a new integrations crate first | too much boundary churn for the first landing slice
Rejected: Leave existing clippy failures untouched | would block the required verification command for this commit
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: Keep future MCP/OAuth additions layered on these typed config surfaces before introducing transport orchestration
Tested: cargo fmt --all; cargo test -p runtime; cargo clippy -p runtime --all-targets -- -D warnings
Not-tested: workspace-wide clippy/test beyond the runtime crate; live MCP or OAuth network flows
Implement the first web-oriented Claude Code parity slice in the Rust tools crate. This adds concrete WebFetch and WebSearch tool specs, execution paths, lightweight HTML/search-result extraction, domain filtering, and local HTTP-backed tests while leaving the existing core file and shell tools intact.\n\nConstraint: Keep the change scoped to tools-only Rust workspace code\nConstraint: Match Claude Code tool names and JSON schemas closely enough for parity work\nRejected: Stub-only tool registrations | would not materially expand beyond MVP\nRejected: Full browser/search service integration | too large for this first logical slice\nConfidence: medium\nScope-risk: moderate\nReversibility: clean\nDirective: Treat these web helpers as a parity foundation; refine result quality without renaming the exposed tool contracts\nTested: cargo fmt; cargo test -p tools\nNot-tested: cargo clippy; full workspace cargo test
Trace the local Claude Code TS request path and align the Rust client with its
non-OAuth direct-request behavior. The Rust client now resolves the message base
URL from ANTHROPIC_BASE_URL, uses ANTHROPIC_API_KEY for x-api-key, and sends
ANTHROPIC_AUTH_TOKEN as a Bearer Authorization header when present.
Constraint: Must match the local Claude Code source request/auth split, not inferred behavior
Rejected: Treat ANTHROPIC_AUTH_TOKEN as the x-api-key source | diverges from local TS client path
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep direct /v1/messages auth handling aligned with src/services/api/client.ts and src/utils/auth.ts when changing env precedence
Tested: cargo test -p api; cargo run -p rusty-claude-cli -- prompt "say hello"
Not-tested: Non-default proxy transport features beyond ANTHROPIC_BASE_URL override
Wire the CLI to the Anthropic client, runtime conversation loop, and MVP in-tree tool executor so prompt mode and the default REPL both execute real turns instead of scaffold-only commands.
Constraint: Proxy auth uses ANTHROPIC_AUTH_TOKEN as the primary x-api-key source and may stream extra usage fields
Constraint: Must preserve existing scaffold commands while enabling real prompt and REPL flows
Rejected: Keep prompt mode on the old scaffold path | does not satisfy end-to-end CLI requirement
Rejected: Depend solely on raw SSE message_stop from proxy | proxy/event differences required tolerant parsing plus fallback handling
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: Keep prompt mode tool-free unless the one-shot path is explicitly expanded and reverified against the proxy
Tested: cargo test -p api; cargo test -p tools; cargo test -p runtime; cargo test -p rusty-claude-cli; cargo build; cargo run -p rusty-claude-cli -- prompt "say hello"; printf '/quit\n' | cargo run -p rusty-claude-cli --
Not-tested: Full interactive tool_use roundtrip against the proxy in REPL mode
