elias/claw-code
1
0
Fork 0
mirror of https://github.com/ultraworkers/claw-code.git synced 2026-04-27 23:28:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

roadmap: #259 filed

Browse Source
This commit is contained in:
Yeachan-Heo 2026-04-26 03:01:13 +00:00 committed by YeonGyu-Kim
parent 1c50d946e4
commit fe10cb39c1
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ROADMAP.md
View File

@ -16843,3 +16843,11 @@ Required fix shape: (a) in `normalize_allowed_tools` (`rusty-claude-cli/src/main
Security relevance: the inverse failure mode (empty `--disallowedTools` or empty deny-list silently permitting all tools) is the exact shape upstream PR claw-code#2806 attempted to address (empty-config permission fallback safety, opened+closed within 3min on 2026-04-26). #258 catalogues the symmetric allow-list side at the CLI flag layer rather than the config layer, complementing the upstream PR's config-layer focus. Security relevance: the inverse failure mode (empty `--disallowedTools` or empty deny-list silently permitting all tools) is the exact shape upstream PR claw-code#2806 attempted to address (empty-config permission fallback safety, opened+closed within 3min on 2026-04-26). #258 catalogues the symmetric allow-list side at the CLI flag layer rather than the config layer, complementing the upstream PR's config-layer focus.
**Status:** Open. No source code changed. Filed 2026-04-26 11:32 KST. Branch: feat/jobdori-168c-emission-routing. HEAD: `a3f5a83` (post-#257 fast-forward verification). Cluster delta: silent-fallback-family extension (no new cluster founded, per #253 context-budget discipline). Smaller-scope by design (matches #253/#254/#257's discipline). Sibling: #201/#202/#203/#206/#207/#208/#213 (silent-fallback-family) at the provider boundary; #258 extends the family to the CLI parse boundary as the first member where the silent-coercion happens before any wire dispatch. Linked to upstream PR claw-code#2806 (empty-config permission fallback safety) as the symmetric config-layer half of the same anti-pattern. **Status:** Open. No source code changed. Filed 2026-04-26 11:32 KST. Branch: feat/jobdori-168c-emission-routing. HEAD: `a3f5a83` (post-#257 fast-forward verification). Cluster delta: silent-fallback-family extension (no new cluster founded, per #253 context-budget discipline). Smaller-scope by design (matches #253/#254/#257's discipline). Sibling: #201/#202/#203/#206/#207/#208/#213 (silent-fallback-family) at the provider boundary; #258 extends the family to the CLI parse boundary as the first member where the silent-coercion happens before any wire dispatch. Linked to upstream PR claw-code#2806 (empty-config permission fallback safety) as the symmetric config-layer half of the same anti-pattern.
## Pinpoint #259 — Dogfood status reports can publish stale branch/phase facts without provenance or freshness checks
Dogfooded 2026-04-26 12:00 KST after cycle #396: a dogfood status report posted minutes after commits #254-#258 had landed, but claimed the branch was only four commits ahead of `dev`, last commit `94f9540`, no new commits since 2026-04-23, no active session today, and no new pinpoints filed on 2026-04-26. The live branch at the same time already contained `70058a0` #254, `62adbf4` #255, `56f7f2e` #256 real code fix, `a3f5a83` #257, and `a07c0b7` #258. The report looked authoritative but was generated from stale memory rather than a fresh git/ROADMAP read.
Concrete failure mode: multi-agent dogfood coordination can regress to outdated phase summaries even while the branch is actively moving. Operators then have to manually cross-check `git log`, ROADMAP markers, and chat history to decide whether the report is actionable. This is distinct from #253 compact state-vector budgeting: #253 bounds context size; #259 requires freshness/provenance assertions before publishing a compact status.
Required fix shape: every dogfood status report should include machine-checked provenance fields (`generated_at`, `repo`, `branch`, `head`, `head_timestamp`, `roadmap_last_pinpoint`, `git_fetch_time`, `source=git+ROADMAP`, `staleness_seconds`) and refuse/label reports when the source snapshot is older than a small threshold. `claw dogfood status --compact` should fetch, parse latest ROADMAP pinpoint id, compare against local chat-memory claims, and emit `STALE_STATUS_SOURCE` if they disagree. Acceptance: a report cannot claim “no new commits/new pinpoints” while `origin/feat/jobdori-168c-emission-routing` contains newer commits/pinpoints than its own provenance head. **Status:** Open. Filed as ROADMAP-only dogfood pinpoint from the 2026-04-26 03:00 UTC nudge; live branch was verified before filing and pushed on top of #258.