feat(lsp-v2): LSP integration v2 (rebased)#5
Closed
TheArchitectit wants to merge 406 commits into
Closed
Conversation
Constraint: Task 5 is reporting/map ownership only; worker-1 owns implementation changes and shared security/path tests.\nRejected: Editing runtime enforcement failures from this lane | shared implementation/test ownership belongs to other workers unless re-scoped.\nConfidence: high\nScope-risk: narrow\nDirective: Keep this artifact synchronized with exact verification output before leader aggregation.\nTested: python3 scripts/validate_cc2_board.py --board .omx/cc2/board.json; python3 .omx/cc2/validate_issue_parity_intake.py .omx/cc2/issue-parity-intake.json; scripts/fmt.sh --check; cargo check --workspace; targeted runtime permission/path tests; mock parity harness.\nNot-tested: Full clippy and cargo test --workspace are not green due pre-existing/shared runtime/CLI failures documented in the artifact.
The G002 security gate caught that PowerShell path classification still treated Windows absolute paths as workspace-relative on POSIX, so workspace scope now rejects those tokens before permission downgrades. Constraint: G002-alpha-security requires workspace/path scope across Windows path cases as well as direct paths, symlinks, globbing, shell expansion, and worktrees. Rejected: Relying on PathBuf::is_absolute for Windows syntax on POSIX | it treats C:\ and UNC-like tokens as relative and weakens permission classification. Confidence: high Scope-risk: narrow Directive: Keep bash and PowerShell path classifiers aligned whenever new shell syntax is admitted. Tested: cargo test --manifest-path rust/Cargo.toml -p tools path_scope -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p tools --test path_scope_enforcement -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime workspace_ -- --nocapture; python3 -m pytest tests/test_security_scope.py -q; cargo check --manifest-path rust/Cargo.toml --workspace. Not-tested: Full cargo test --workspace still has existing unrelated rusty-claude-cli session lifecycle failure reported by workers. Co-authored-by: OmX <omx@oh-my-codex.dev>
File and shell tool dispatch now resolves path-sensitive operations through workspace-scoped wrappers so direct paths, globs, symlinks, shell expansion, and Windows absolute path probes fail before execution when they leave the workspace. Constraint: G002-alpha-security requires alpha-blocking workspace/path scope enforcement without mutating .omx/ultragoal Rejected: string-prefix only checks | they miss canonical symlink and glob expansion escapes Confidence: high Scope-risk: moderate Directive: keep new file/shell tool entrypoints wired through workspace-aware wrappers before dispatch Tested: python3 -m unittest discover -s tests -v; python3 -m compileall -q src tests; cargo test -p runtime workspace --manifest-path rust/Cargo.toml --quiet; cargo test -p tools workspace --manifest-path rust/Cargo.toml --quiet; cargo test -p tools given_workspace_write_enforcer_when_bash --manifest-path rust/Cargo.toml --quiet; cargo test -p tools file_tools_reject --manifest-path rust/Cargo.toml --quiet; cargo fmt --all --manifest-path rust/Cargo.toml -- --check; cargo check --manifest-path rust/Cargo.toml --workspace Not-tested: full unfiltered cargo test workspace due task-time constraints; targeted runtime/tools workspace security tests and full cargo check passed Co-authored-by: OmX <omx@oh-my-codex.dev>
Constraint: G002-alpha-security requires direct file-tool escapes to fail before reads while accepting the canonical runtime error text. Rejected: weakening the test to accept successful reads | the verified behavior denies the escape and only the assertion vocabulary was stale. Confidence: high Scope-risk: narrow Directive: Keep path-scope tests asserting denial semantics, not a single legacy wording. Tested: cargo fmt --manifest-path rust/Cargo.toml --all -- --check; cargo test --manifest-path rust/Cargo.toml -p tools path_scope -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p tools --test path_scope_enforcement -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime workspace_ -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract -- --nocapture; python3 -m pytest tests/test_security_scope.py -q; cargo check --manifest-path rust/Cargo.toml --workspace; git diff --check Not-tested: full cargo test --workspace due known unrelated session_lifecycle_prefers_running_process_over_idle_shell failure. Co-authored-by: OmX <omx@oh-my-codex.dev>
Worker-3's path-scope regression showed outside read_file paths were blocked by the workspace wrapper after dispatch instead of by the permission enforcer. File, glob, and grep tools now classify path scope before dispatch and require danger-full-access for paths that resolve outside the current workspace. Constraint: G002-alpha-security requires permission-mode event/status visibility for blocked file and shell paths Rejected: relying only on runtime wrapper errors | it hides the active permission-mode denial contract from callers Confidence: high Scope-risk: narrow Directive: keep path-sensitive tool permission classification aligned with workspace wrapper resolution Tested: cargo test -p tools --test path_scope_enforcement --manifest-path rust/Cargo.toml --quiet; cargo test -p tools given_workspace_write_enforcer_when_bash --manifest-path rust/Cargo.toml --quiet; cargo check --manifest-path rust/Cargo.toml --workspace; cargo fmt --all --manifest-path rust/Cargo.toml -- --check Not-tested: full workspace test suite after this small permission-classification follow-up Co-authored-by: OmX <omx@oh-my-codex.dev>
Constraint: User explicitly requested all roadmap PRs be merged when correct and mapped into the Ultragoal backlog when not immediately mergeable. Rejected: leaving the PR inventory as ignored OMX-only state | roadmap merge obligations need a tracked handoff for later G011/G012 gates. Confidence: high Scope-risk: narrow Directive: Refresh this intake after each roadmap PR merge batch and regenerate the CC2 board if ROADMAP.md changes. Tested: gh pr list --state open --search roadmap in:title --json number,title,author,mergeable,isDraft,statusCheckRollup,headRefName,baseRefName,updatedAt,url --limit 200 Not-tested: individual PR mergeability was not forced in this intake commit. Co-authored-by: OmX <omx@oh-my-codex.dev>
Constraint: G003 worker outputs added config and startup evidence fields that must compile under focused runtime validation before leader push. Rejected: pushing auto-checkpoints without leader validation | integrated tests initially failed to compile due missing imports and stale StartupEvidenceBundle fixtures. Confidence: high Scope-risk: narrow Directive: When extending StartupEvidenceBundle, update all in-crate fixtures in the same change. Tested: git diff --check; cargo fmt --manifest-path rust/Cargo.toml --all -- --check; cargo test --manifest-path rust/Cargo.toml -p runtime trusted_roots -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime startup -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime worker_boot -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p tools path_scope -- --nocapture; cargo check --manifest-path rust/Cargo.toml --workspace Not-tested: full cargo test --workspace remains deferred during active G003 team work. Co-authored-by: OmX <omx@oh-my-codex.dev>
Canonicalize absolute shell path operands before comparing them with the workspace root so symlink-expanded reads cannot be downgraded under workspace-write enforcement. Also resolves local clippy findings in the touched tools crate so targeted linting can run cleanly.\n\nConstraint: Task 1 scope is workspace/path scope enforcement only; do not mutate .omx/ultragoal.\nRejected: Editing shared path-scope regression tests | worker-3 owns that test coverage and the current tests already prove the contract.\nConfidence: high\nScope-risk: narrow\nDirective: Keep shell/file permission classification canonical-path based before permitting workspace-write execution.\nTested: ../scripts/fmt.sh --check; cargo test -p tools --test path_scope_enforcement -- --nocapture; cargo test -p tools given_workspace_write_enforcer_when_bash -- --nocapture; cargo check -p tools; cargo clippy -p tools --all-targets --no-deps -- -D warnings\nNot-tested: Full workspace clippy still has known unrelated runtime crate warnings outside this task scope.
Document the current G003 worker boot, trust, session-control, and preflight verification surfaces so leader integration can sequence worker-owned patches without mutating Ultragoal state.\n\nConstraint: Task 2 is audit-only/coordination; no .omx/ultragoal mutation and no shared implementation/test edits.\nRejected: Fixing clippy warnings in runtime integration tests | outside audit-only scope and owned by integration cleanup.\nConfidence: high\nScope-risk: narrow\nDirective: Keep this map updated when G003 worker splits or verification commands change.\nTested: ../scripts/fmt.sh --check; cargo test -p runtime worker_boot -- --nocapture; cargo test -p tools worker_ -- --nocapture; cargo check -p runtime -p tools -p commands\nNot-tested: cargo clippy -p runtime -p tools -p commands --all-targets --no-deps -- -D warnings fails on pre-existing runtime integration_tests duration_suboptimal_units warnings.
Lock the startup-no-evidence contract so prompt timestamps remain the original send time while lifecycle and pane timestamps prove timeout ordering. Constraint: task 4 scope limited changes to runtime worker boot/session/startup modules and tests; .omx/ultragoal not mutated. Rejected: CLI-surface changes | runtime evidence contract already exposes the typed worker.startup_no_evidence payload. Confidence: high Scope-risk: narrow Directive: Keep startup timeout evidence timestamps stable across later lifecycle observations. Tested: cargo test -p runtime worker_boot -- --nocapture; cargo check --workspace Not-tested: cargo clippy -p runtime --tests -- -D warnings is blocked by pre-existing runtime warnings in compact.rs, file_ops.rs, policy_engine.rs, and sandbox.rs.
Constraint: G003 boot/session work adds a structured doctor boot-preflight check that must be visible in JSON output. Rejected: reducing the doctor check count back to six | boot preflight is an explicit G003 acceptance surface. Confidence: high Scope-risk: narrow Directive: Keep doctor/status JSON contract tests aligned with boot_preflight schema fields when extending preflight diagnostics. Tested: git diff --check; cargo fmt --manifest-path rust/Cargo.toml --all -- --check; cargo test --manifest-path rust/Cargo.toml -p runtime trusted_roots -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime startup -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p runtime worker_boot -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p tools path_scope -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract -- --nocapture; cargo check --manifest-path rust/Cargo.toml --workspace Not-tested: full cargo test --workspace remains deferred during active G003 team reconciliation. Co-authored-by: OmX <omx@oh-my-codex.dev>
Task 5 needed machine-readable status/doctor evidence for reliable worker boot checks. This keeps the contract local to CLI diagnostics and validates relative trustedRoots handling for preflight allowlist decisions. Constraint: G003 worker task forbids .omx/ultragoal mutation and scopes changes to session/preflight/doctor JSON surfaces. Rejected: broad runtime worker boot refactor | other workers own worker_boot.rs and trust resolver implementation lanes. Confidence: high Scope-risk: narrow Directive: Keep boot_preflight JSON fields stable for downstream automation; add fields rather than renaming existing keys. Tested: cargo fmt --manifest-path rust/Cargo.toml --package rusty-claude-cli; cargo check --manifest-path rust/Cargo.toml -p rusty-claude-cli; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli boot_preflight_snapshot_reports_machine_readable_contract_fields -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli branch_freshness_parses_ahead_behind_status_header -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli status_json_surfaces_session_lifecycle_for_clawhip -- --nocapture; cargo test --manifest-path rust/Cargo.toml -p rusty-claude-cli --test output_format_contract -- --nocapture Not-tested: cargo clippy --manifest-path rust/Cargo.toml -p rusty-claude-cli --all-targets -- -D warnings fails on pre-existing runtime clippy warnings in compact.rs, file_ops.rs, policy_engine.rs, sandbox.rs before reaching changed CLI checks.
… (list_sessions, delete_session, session_exists) Adds session_store_lifecycle_regression_160 test that verifies the full SessionStore CRUD lifecycle. Also fixes pre-existing non-exhaustive match errors in trident.rs for the ContentBlock::Thinking variant.
…typed error, exit 1 - Add unsupported skills action guard in parse_args for remove/add/uninstall/delete - Add unsupported_skills_action to classify_error_kind for structured JSON errors - Fix pre-existing compile errors (stale retry_after field, missing Team variant) - Add regression test unsupported_skills_actions_return_typed_error_683
…help_action ? operator
…n-store-lifecycle fix(ultraworkers#160): add regression test for SessionStore lifecycle
…orted-skills-action fix(ultraworkers#683): claw skills remove/add/uninstall/delete emits typed error, exit 1
Add Qwen model token limits for DashScope compatibility
…24-resume-stats-zero docs(roadmap): add ultraworkers#330 — resume mode stats/cost always zero
…e mode with no TTY guard
…and no prompt piped; fix anthropic/ prefix detection in metadata_for_model
…sing plugin; agents unknown subcommand exit 0
…rror; plugins remove aliases uninstall and errors on not-found
…unknown subcommand; exit 1 propagates correctly
… add tempfile dev-dep to runtime crate (fixes pre-existing test compile error)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a comprehensive set of updates to the Claw Code ecosystem, including the addition of the claw-analog minimal agent harness and the claw-rag-service for workspace RAG. It significantly expands the project's documentation, repository policies, and infrastructure while enhancing the Rust workspace with improved provider diagnostics, session hygiene, and security enforcement. Feedback identifies several improvement opportunities, specifically regarding the relaxation of clippy linting strictness in the workspace configuration, the discouragement of crate-level allow(dead_code) attributes, and the presence of unreachable logic within the OpenAI-compatible provider implementation.
| [workspace.lints.clippy] | ||
| all = { level = "warn", priority = -1 } | ||
| pedantic = { level = "warn", priority = -1 } | ||
| pedantic = { level = "allow", priority = -1 } |
There was a problem hiding this comment.
The clippy pedantic lint level has been changed from warn to allow. This significantly reduces the static analysis strictness for the workspace. It is recommended to keep pedantic as warn and explicitly allow specific noisy lints if necessary, rather than disabling the entire category.
Suggested change
| pedantic = { level = "allow", priority = -1 } | |
| pedantic = { level = "warn", priority = -1 } |
| @@ -1,4 +1,5 @@ | |||
| #![allow(clippy::cast_possible_truncation)] | |||
| #![allow(dead_code)] | |||
There was a problem hiding this comment.
Adding #![allow(dead_code)] at the crate level is generally discouraged as it hides unused code that should either be implemented, tested, or removed. It is better to apply this attribute to specific items if they are intentionally kept for future use, or to remove the unused code entirely to maintain a clean codebase.
Comment on lines
+949
to
+954
| if matches!( | ||
| lowered_prefix.as_str(), | ||
| "xai" | "grok" | "kimi" | "gemini" | "gemma" | ||
| ) { | ||
| return Cow::Borrowed(&model[pos + 1..]); | ||
| } |
There was a problem hiding this comment.
This block is unreachable because it is nested inside an if lowered_prefix == "openai" check, but the matches! macro checks if lowered_prefix is one of several other strings (xai, grok, etc.). This logic appears to be redundant with the prefix handling at line 964.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Rebased version of PR ultraworkers#3016 (LSP integration) onto current main after resolving merge conflicts.
Changes
Notes
This is a rebase of the original PR which had merge conflicts. All conflicts have been resolved.
🤖 Generated with Claude Code