elias/claw-code
1
0
Fork 0
mirror of https://github.com/ultraworkers/claw-code.git synced 2026-04-24 21:28:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(#251): intercept session-management verbs at top-level parser to bypass credential check

Browse Source 
## What Was Broken (ROADMAP #251)

Session-management verbs (list-sessions, load-session, delete-session,
flush-transcript) were falling through to the parser's `_other => Prompt`
catchall at main.rs:~1017. This construed them as `CliAction::Prompt {
prompt: "list-sessions", ... }` which then required credentials via the
Anthropic API path. The result: purely-local session operations emitted
`missing_credentials` errors instead of session-layer envelopes.

## Acceptance Criterion

The fix's essential requirement (stated by gaebal-gajae):
**"These 4 verbs stop falling through to Prompt and emitting `missing_credentials`."**
Not "all 4 are fully implemented to spec" — stubs are acceptable for
delete-session and flush-transcript as long as they route LOCALLY.

## What This Fix Does

Follows the exact pattern from #145 (plugins) and #146 (config/diff):

1. **CliAction enum** (main.rs:~700): Added 4 new variants.
2. **Parser** (main.rs:~945): Added 4 match arms before the `_other => Prompt`
   catchall. Each arm validates the verb's positional args (e.g., load-session
   requires a session-id) and rejects extra arguments.
3. **Dispatcher** (main.rs:~455):
   - list-sessions → dispatches to `runtime::session_control::list_managed_sessions_for()`
   - load-session → dispatches to `runtime::session_control::load_managed_session_for()`
   - delete-session → emits `not_yet_implemented` error (local, not auth)
   - flush-transcript → emits `not_yet_implemented` error (local, not auth)

## Dogfood Verification

Run on clean environment (no credentials):

```bash
$ env -i PATH=$PATH HOME=$HOME claw list-sessions --output-format json
{
  "command": "list-sessions",
  "sessions": [
    {"id": "session-1775777421902-1", ...},
    ...
  ]
}
# ✓ Session-layer envelope, not auth error

$ env -i PATH=$PATH HOME=$HOME claw load-session nonexistent --output-format json
{"error":"session not found: nonexistent", "kind":"session_not_found", ...}
# ✓ Local session_not_found error, not missing_credentials

$ env -i PATH=$PATH HOME=$HOME claw delete-session test-id --output-format json
{"command":"delete-session","error":"not_yet_implemented","kind":"not_yet_implemented","type":"error"}
# ✓ Local not_yet_implemented, not auth error

$ env -i PATH=$PATH HOME=$HOME claw flush-transcript test-id --output-format json
{"command":"flush-transcript","error":"not_yet_implemented","kind":"not_yet_implemented","type":"error"}
# ✓ Local not_yet_implemented, not auth error
```

Regression sanity:

```bash
$ claw plugins --output-format json  # #145 still works
$ claw prompt "hello" --output-format json  # still requires credentials correctly
$ claw list-sessions extra arg --output-format json  # rejects extra args with cli_parse
```

## Regression Tests Added

Inside `removed_login_and_logout_subcommands_error_helpfully` test function:

- `list-sessions` → CliAction::ListSessions (both text and JSON output)
- `load-session <id>` → CliAction::LoadSession with session_reference
- `delete-session <id>` → CliAction::DeleteSession with session_id
- `flush-transcript <id>` → CliAction::FlushTranscript with session_id
- Missing required arg errors (load-session and delete-session without ID)
- Extra args rejection (list-sessions with extra positional args)

All 180 binary tests pass. 466 library tests pass.

## Fix Scope vs. Full Implementation

This fix addresses #251 (dispatch-order bug) and #250's Option A (implement
the surfaces). list-sessions and load-session are fully functional via
existing runtime::session_control helpers. delete-session and flush-transcript
are stubbed with local "not yet implemented" errors to satisfy #251's
acceptance criterion without requiring additional session-store mutations
that can ship independently in a follow-up.

## Template

Exact same pattern as #145 (plugins) and #146 (config/diff): top-level
verb interception → CliAction variant → dispatcher with local operation.

## Related

Closes #251. Addresses #250 Option A for 4 verbs. Does not block #250
Option B (documentation scope guards) which remains valuable.
This commit is contained in:
YeonGyu-Kim 2026-04-23 01:25:32 +09:00
parent 2fcb85ce4e
commit dc274a0f96
1 changed files with 285 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

285
rust/crates/rusty-claude-cli/src/main.rs
View File

@ -452,6 +452,113 @@ fn run() -> Result<(), Box<dyn std::error::Error>> {
); );
} }
}, },
// #251: session-management verbs (list-sessions, load-session,
// delete-session, flush-transcript) are pure-local operations.
// They are intercepted at the parser level and dispatched directly
// to session-control operations without requiring credentials.
CliAction::ListSessions { output_format } => {
use runtime::session_control::list_managed_sessions_for;
let base_dir = env::current_dir()?;
let sessions = list_managed_sessions_for(base_dir)?;
match output_format {
CliOutputFormat::Text => {
if sessions.is_empty() {
println!("No sessions found.");
} else {
for session in sessions {
println!("{} ({})", session.id, session.path.display());
}
}
}
CliOutputFormat::Json => {
// #251: ManagedSessionSummary doesn't impl Serialize;
// construct JSON manually with the public fields.
let sessions_json: Vec<serde_json::Value> = sessions
.iter()
.map(|s| {
serde_json::json!({
"id": s.id,
"path": s.path.display().to_string(),
"updated_at_ms": s.updated_at_ms,
"message_count": s.message_count,
})
})
.collect();
let result = serde_json::json!({
"command": "list-sessions",
"sessions": sessions_json,
});
println!("{}", serde_json::to_string_pretty(&result)?);
}
}
}
CliAction::LoadSession {
session_reference,
output_format,
} => {
use runtime::session_control::load_managed_session_for;
let base_dir = env::current_dir()?;
let loaded = load_managed_session_for(base_dir, &session_reference)?;
match output_format {
CliOutputFormat::Text => {
println!(
"Session {} loaded\n File {}\n Messages {}",
loaded.session.session_id,
loaded.handle.path.display(),
loaded.session.messages.len()
);
}
CliOutputFormat::Json => {
let result = serde_json::json!({
"command": "load-session",
"session": {
"id": loaded.session.session_id,
"path": loaded.handle.path.display().to_string(),
"messages": loaded.session.messages.len(),
},
});
println!("{}", serde_json::to_string_pretty(&result)?);
}
}
}
CliAction::DeleteSession {
session_id: _,
output_format,
} => {
// #251: delete-session implementation deferred
eprintln!("delete-session is not yet implemented.");
if matches!(output_format, CliOutputFormat::Json) {
eprintln!(
"{}",
serde_json::json!({
"type": "error",
"error": "not_yet_implemented",
"command": "delete-session",
"kind": "not_yet_implemented",
})
);
}
std::process::exit(1);
}
CliAction::FlushTranscript {
session_id: _,
output_format,
} => {
// #251: flush-transcript implementation deferred
eprintln!("flush-transcript is not yet implemented.");
if matches!(output_format, CliOutputFormat::Json) {
eprintln!(
"{}",
serde_json::json!({
"type": "error",
"error": "not_yet_implemented",
"command": "flush-transcript",
"kind": "not_yet_implemented",
})
);
}
std::process::exit(1);
}
CliAction::Export { CliAction::Export {
session_reference, session_reference,
output_path, output_path,
@ -579,6 +686,26 @@ enum CliAction {
Help { Help {
output_format: CliOutputFormat, output_format: CliOutputFormat,
}, },
// #251: session-management verbs are pure-local reads/mutations on the
// session store. They do not require credentials or a model connection.
// Previously these fell through to the `_other => Prompt` catchall and
// emitted `missing_credentials` errors. Now they are intercepted at the
// top-level parser and dispatched to session-control operations.
ListSessions {
output_format: CliOutputFormat,
},
LoadSession {
session_reference: String,
output_format: CliOutputFormat,
},
DeleteSession {
session_id: String,
output_format: CliOutputFormat,
},
FlushTranscript {
session_id: String,
output_format: CliOutputFormat,
},
} }
#[derive(Debug, Clone, Copy, PartialEq, Eq)] #[derive(Debug, Clone, Copy, PartialEq, Eq)]
@ -934,6 +1061,81 @@ fn parse_args(args: &[String]) -> Result<CliAction, String> {
} }
Ok(CliAction::Diff { output_format }) Ok(CliAction::Diff { output_format })
} }
// #251: session-management verbs are pure-local operations on the
// session store. They require no credentials or model connection.
// Previously they fell through to `_other => Prompt` and emitted
// `missing_credentials`. Now they are intercepted at parse time and
// routed to session-control operations.
"list-sessions" => {
let tail = &rest[1..];
// list-sessions takes no positional arguments; flags are already parsed
if !tail.is_empty() {
return Err(format!(
"unexpected extra arguments after `claw list-sessions`: {}",
tail.join(" ")
));
}
Ok(CliAction::ListSessions { output_format })
}
"load-session" => {
let tail = &rest[1..];
// load-session requires a session-id (positional) argument
let session_ref = tail.first().ok_or_else(|| {
"load-session requires a session-id argument (e.g., `claw load-session SESSION.jsonl`)"
.to_string()
})?.clone();
if tail.len() > 1 {
return Err(format!(
"unexpected extra arguments after `claw load-session {session_ref}`: {}",
tail[1..].join(" ")
));
}
Ok(CliAction::LoadSession {
session_reference: session_ref,
output_format,
})
}
"delete-session" => {
let tail = &rest[1..];
// delete-session requires a session-id (positional) argument
let session_id = tail.first().ok_or_else(|| {
"delete-session requires a session-id argument (e.g., `claw delete-session SESSION_ID`)"
.to_string()
})?.clone();
if tail.len() > 1 {
return Err(format!(
"unexpected extra arguments after `claw delete-session {session_id}`: {}",
tail[1..].join(" ")
));
}
Ok(CliAction::DeleteSession {
session_id,
output_format,
})
}
"flush-transcript" => {
let tail = &rest[1..];
// flush-transcript: optional --session-id flag (parsed above) or as positional
let session_id = if tail.is_empty() {
// --session-id flag must have been provided
return Err(
"flush-transcript requires either --session-id flag or positional argument"
.to_string(),
);
} else {
tail[0].clone()
};
if tail.len() > 1 {
return Err(format!(
"unexpected extra arguments after `claw flush-transcript {session_id}`: {}",
tail[1..].join(" ")
));
}
Ok(CliAction::FlushTranscript {
session_id,
output_format,
})
}
"skills" => { "skills" => {
let args = join_optional_args(&rest[1..]); let args = join_optional_args(&rest[1..]);
match classify_skills_slash_command(args.as_deref()) { match classify_skills_slash_command(args.as_deref()) {
@ -10017,6 +10219,89 @@ mod tests {
output_format: CliOutputFormat::Json, output_format: CliOutputFormat::Json,
} }
); );
// #251: session-management verbs (list-sessions, load-session,
// delete-session, flush-transcript) must be intercepted at top-level
// parse and returned as CliAction variants. Previously they fell
// through to `_other => Prompt` and emitted `missing_credentials`
// for purely-local operations.
assert_eq!(
parse_args(&["list-sessions".to_string()])
.expect("list-sessions should parse"),
CliAction::ListSessions {
output_format: CliOutputFormat::Text,
},
"list-sessions must dispatch to ListSessions, not fall through to Prompt"
);
assert_eq!(
parse_args(&[
"list-sessions".to_string(),
"--output-format".to_string(),
"json".to_string(),
])
.expect("list-sessions --output-format json should parse"),
CliAction::ListSessions {
output_format: CliOutputFormat::Json,
}
);
assert_eq!(
parse_args(&[
"load-session".to_string(),
"my-session-id".to_string(),
])
.expect("load-session <id> should parse"),
CliAction::LoadSession {
session_reference: "my-session-id".to_string(),
output_format: CliOutputFormat::Text,
},
"load-session must dispatch to LoadSession, not fall through to Prompt"
);
assert_eq!(
parse_args(&[
"delete-session".to_string(),
"my-session-id".to_string(),
])
.expect("delete-session <id> should parse"),
CliAction::DeleteSession {
session_id: "my-session-id".to_string(),
output_format: CliOutputFormat::Text,
},
"delete-session must dispatch to DeleteSession, not fall through to Prompt"
);
assert_eq!(
parse_args(&[
"flush-transcript".to_string(),
"my-session-id".to_string(),
])
.expect("flush-transcript <id> should parse"),
CliAction::FlushTranscript {
session_id: "my-session-id".to_string(),
output_format: CliOutputFormat::Text,
},
"flush-transcript must dispatch to FlushTranscript, not fall through to Prompt"
);
// #251: required positional arguments for session verbs
let load_err = parse_args(&["load-session".to_string()])
.expect_err("load-session without id should be rejected");
assert!(
load_err.contains("load-session requires a session-id"),
"missing session-id error should be specific, got: {load_err}"
);
let delete_err = parse_args(&["delete-session".to_string()])
.expect_err("delete-session without id should be rejected");
assert!(
delete_err.contains("delete-session requires a session-id"),
"missing session-id error should be specific, got: {delete_err}"
);
// #251: extra arguments must be rejected
let extra_err = parse_args(&[
"list-sessions".to_string(),
"unexpected".to_string(),
])
.expect_err("list-sessions with extra args should be rejected");
assert!(
extra_err.contains("unexpected extra arguments"),
"extra-args error should be specific, got: {extra_err}"
);
// #147: empty / whitespace-only positional args must be rejected // #147: empty / whitespace-only positional args must be rejected
// with a specific error instead of falling through to the prompt // with a specific error instead of falling through to the prompt
// path (where they surface a misleading "missing Anthropic // path (where they surface a misleading "missing Anthropic