claw-code-go

module
v0.0.0-...-23898a9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2026 License: MIT

README

claw-code-go

claw-code-go

Experimental fork — ingesting features from claw-code (Rust) into claw-code-go (Go)

Warning: This is an ongoing experiment and is not tested. Use at your own risk.

Recent changes

Highlights since the goai → claw-code-go migration landed in iterion:

  • Real ask_user and remote_trigger tools (previously stubs). ask_user exposes a pluggable Asker interface (StdinAsker, ProgrammaticAsker, TUIAsker) and the schema accepts structured options plus allow_free_text. remote_trigger is a real http.Client wrapper with per-request timeout, response-body cap (with truncated flag), input header blocklist (Cookie / Proxy-Authorization), output header allowlist (Set-Cookie filtered out), and a CRLF guard. Public façade in pkg/api/tools (internal/tools/{ask_user,remote_trigger}.go).
  • New claw-code-go timeline --session <id> subcommand renders a saved session's chronological events through the TUI markdown renderer. Flags: --store <dir>, --format pretty|json|md, --limit n. Example: claw-code-go timeline --session demo --format md (internal/compat/timeline.go).
  • Typed api.APIError with StatusCode / Retryable so callers drive retry classification via errors.As instead of string parsing (internal/api/errors.go).
  • OpenAI provider now routes reasoning_effort + tools through /v1/responses (was rejected by /v1/chat/completions); internal/api/providers/openai/responses.go.
  • Real Bedrock, Vertex, and Foundry providers — no longer stubs (pkg/api/providers/{bedrock,vertex,foundry}/provider.go).
  • Permission modes extended from 5 → 7: ModeDontAsk (strict allow-list) and ModeAuto with a pluggable Classifier (internal/permissions/{mode.go,classifier.go}).
  • In-process lifecycle hooks Runner (Pre/PostToolUse, UserPromptSubmit, Pre/PostCompact, Stop) integrated into runtime/conversation.go (internal/hooks/runner.go).
  • Shared internal/api/{httputil,sseutil} + providers/openaiwire packages, fixing args-before-id buffering and silent tool-conversion drops; tree-wide gofmt.

See CHANGELOG.md for the full list and docs/parity.md for the current Claude Code parity matrix.

What is this?

This repo is a fork of daolmedo/claw-code-go, a Go reimplementation of Claude Code — Anthropic's agentic coding assistant.

On top of the upstream codebase, this fork ingests features from ultraworkers/claw-code — a Rust port of Claude Code that emerged after the source leak. The goal is to bring the more complete Rust implementation's capabilities into the Go codebase: hooks, plugins, MCP lifecycle, sandbox, permissions engine, runtime session management, apikit with multi-provider routing, prompt caching, and much more.

This is an experiment, not a product. The ported code has not been manually tested or validated beyond automated build checks.

How was this done?

The Rust-to-Go feature porting was orchestrated by Iterion — a workflow engine for complex multi-agent LLM pipelines, using Claude Code, Codex, and other backends.

This repo serves as the real-world example that drove Iterion's development. The full workflow configuration and writeup are available:

Run stats
Metric Value
Refinement runs 4 (workflow iterated alongside the engine)
Outer loop iterations 25+ batches across all runs
Commits added 48 (47 by Iterion, 1 by Claude Code)
Go code generated 37,995 lines across 173 files + 96 test files
New Go packages 30+ (hooks, plugin, apikit, worker, lane, policy, recovery, sandbox, lsp, task, team...)
Feature parity 100% (37/37 features)
Final run 100% parity in 41 min, single batch, zero fix loops, zero interventions
Longest autonomous stretch 2h25m without human intervention
Dual-judge verdicts 30+ across all runs (Claude + Codex)
How the workflow operates

The workflow breaks the porting into dependency-ordered batches. Each batch goes through: plan → implement → simplify → commit → test → parity scan → dual-judge review → fix loop. Session continuity (fork/inherit) preserves KV cache across related phases. A human gate pauses for high-risk batches and auto-approves routine ones.

See the full writeup for details on convergence strategies, stagnation detection, and model allocation.

Providers

Five providers are wired through pkg/api/providers/:

Provider Status Path
Anthropic validated end-to-end pkg/api/providers/anthropic
OpenAI validated end-to-end (/v1/chat/completions and /v1/responses) pkg/api/providers/openai
Bedrock available — built on aws-sdk-go-v2, untested in production pkg/api/providers/bedrock
Vertex AI available — Google ADC + canonical MapModelID, untested in production pkg/api/providers/vertex
Azure Foundry available — OpenAI-wire compatible, untested in production pkg/api/providers/foundry

Models are addressed as <provider>/<model-id>, e.g. openai/gpt-5.4-mini, anthropic/claude-sonnet-4-6, bedrock/anthropic.claude-sonnet-4-6, vertex/claude-sonnet-4-6.

Running live provider tests

Each cloud provider ships a smoke test gated by the live Go build tag. The tests skip cleanly when the relevant credentials are not set, so the default go test ./... is unaffected. To run them you must opt in by passing -tags live and the documented env vars:

# AWS Bedrock — uses the standard AWS SDK credentials chain.
AWS_REGION=us-east-1 \
AWS_ACCESS_KEY_ID=... AWS_SECRET_ACCESS_KEY=... \
BEDROCK_MODEL=anthropic.claude-3-5-sonnet-20241022-v2:0 \
go test -tags live -run TestLiveStreamSmokeBedrock -v ./internal/api/providers/bedrock/...

# Google Vertex AI — uses Application Default Credentials.
GOOGLE_CLOUD_PROJECT=my-project \
GOOGLE_CLOUD_REGION=us-east5 \
GOOGLE_APPLICATION_CREDENTIALS=/path/to/sa.json \
VERTEX_MODEL=claude-sonnet-4-20250514 \
go test -tags live -run TestLiveStreamSmokeVertex -v ./internal/api/providers/vertex/...

# Azure AI Foundry — api-key auth, or DefaultAzureCredential when key is unset.
AZURE_OPENAI_ENDPOINT=https://my-resource.openai.azure.com \
AZURE_OPENAI_API_KEY=... \
FOUNDRY_MODEL=my-deployment \
go test -tags live -run TestLiveStreamSmokeFoundry -v ./internal/api/providers/foundry/...

Each test asserts only that the stream produced at least one text delta and a message_stop event; it does not check the exact wording of the reply. That is enough to confirm authentication, request shape, and SSE decoding all work end-to-end. Test files: internal/api/providers/{bedrock,vertex,foundry}/provider_live_test.go.

Built-in tools

The pkg/api/tools package re-exports the built-in tools as a stable public API. Each tool is a pair of XxxTool() api.Tool (schema) + ExecuteXxx(ctx, input) (runtime).

import (
    "context"
    "github.com/SocialGouv/claw-code-go/pkg/api"
    "github.com/SocialGouv/claw-code-go/pkg/api/tools"
)

defs := []api.Tool{
    tools.ReadFileTool(),
    tools.WriteFileTool(),
    tools.GlobTool(),
    tools.GrepTool(),
    tools.FileEditTool(),
    tools.WebFetchTool(),
    tools.BashTool(),
    tools.ReadImageTool(),
    tools.ComputerUseTool(),
}

// Dispatch a tool call from the model:
out, err := tools.ExecuteReadFile(ctx, map[string]any{"path": "README.md"})

ExecuteBash additionally takes a workspace string for command validation (pass "" to skip). The wrapper pins permissions to ModeAllow; gate invocations upstream (e.g. an iterion workflow's allowed_tools list).

ComputerUseTool exposes the Anthropic computer-use action surface (screenshot, left_click, right_click, middle_click, double_click, type, key, mouse_move, cursor_position, left_click_drag) backed by xdotool and ImageMagick import on Linux/X11. Install both binaries on the host (Debian/Ubuntu: apt install xdotool imagemagick); when they are missing or no display is reachable, ExecuteComputerUse returns tools.ErrComputerUseUnavailable (use errors.Is). No cgo, no extra Go dependencies.

Permission modes

Defined in internal/permissions/mode.go, re-exported from pkg/permissions:

Mode Behavior
ModeAllow Permits all operations without prompting.
ModePrompt Consults the ruleset; asks the prompter when no rule matches.
ModeReadOnly Allows read-only operations only; denies writes/exec.
ModeWorkspaceWrite Allows writes within the workspace directory; denies outside.
ModeDangerFullAccess Allows arbitrary command execution and system access.
ModeDontAsk Strict allow-list: denies anything not explicitly listed by WithToolRequirement or an allow rule. Never prompts.
ModeAuto Delegates to a Classifier (default safe-list permits read-only ops, prompts on writes); custom classifiers via WithClassifier.

CLI aliases (default, accept-edits, bypass, plan) resolve to the modes above — see ParsePermissionMode.

Lifecycle hooks (in-process)

internal/hooks/runner.go provides a programmatic Runner for PreToolUse, PostToolUse, PostToolUseFailure, UserPromptSubmit, PreCompact, PostCompact, and Stop. First non-Continue decision wins; panics and errors are logged and treated as Continue.

runner := hooks.NewRunner()
runner.Register(hooks.PreToolUse, func(ctx context.Context, hctx hooks.Context) (hooks.Decision, error) {
    if hctx.ToolName == "bash" { return hooks.Decision{Action: hooks.ActionBlock, Reason: "no shell"}, nil }
    return hooks.Decision{Action: hooks.ActionContinue}, nil
})
decision, _ := runner.Fire(ctx, hooks.Context{Event: hooks.PreToolUse, ToolName: "bash"})

The Runner is wired into internal/runtime/conversation.go; nil runners are a no-op.

Status

Experimental. The code compiles and passes go vet, but has not been manually tested. The latest commit (Anthropic prompt caching with cache_control breakpoints) was done directly with Claude Code outside the Iterion workflow.

Contributions, testing, and feedback are welcome.

Credits

License

MIT

Directories

Path Synopsis
cmd
claw-code-go command
claw-store-init command
Command claw-store-init scaffolds a local plugin marketplace directory the user can serve via static HTTP for team-internal plugin distribution without a public registry.
 Command claw-store-init scaffolds a local plugin marketplace directory the user can serve via static HTTP for team-internal plugin distribution without a public registry.
internal
api
api/httputil
Package httputil holds tiny formatting helpers shared by every HTTP-based provider (openai, foundry, vertex, bedrock-on-HTTP, ...).
 Package httputil holds tiny formatting helpers shared by every HTTP-based provider (openai, foundry, vertex, bedrock-on-HTTP, ...).
api/providers/anthropic
Package anthropic implements the Anthropic direct API provider.
 Package anthropic implements the Anthropic direct API provider.
api/providers/bedrock
Package bedrock implements the AWS Bedrock provider using the Anthropic "Messages" payload shape via InvokeModelWithResponseStream.
 Package bedrock implements the AWS Bedrock provider using the Anthropic "Messages" payload shape via InvokeModelWithResponseStream.
api/providers/foundry
Package foundry implements the Microsoft Azure AI Foundry / Azure OpenAI Service provider.
 Package foundry implements the Microsoft Azure AI Foundry / Azure OpenAI Service provider.
api/providers/openai
Package openai implements the api.Provider and api.APIClient interfaces for OpenAI's chat completions API with streaming support.
 Package openai implements the api.Provider and api.APIClient interfaces for OpenAI's chat completions API with streaming support.
api/providers/openaiwire
Package openaiwire holds the wire-level JSON types shared by every provider that speaks the OpenAI Chat Completions protocol.
 Package openaiwire holds the wire-level JSON types shared by every provider that speaks the OpenAI Chat Completions protocol.
api/providers/vertex
Package vertex implements the Google Cloud Vertex AI provider for Anthropic models.
 Package vertex implements the Google Cloud Vertex AI provider for Anthropic models.
api/sseutil
Package sseutil holds tiny helpers shared between providers that translate OpenAI-style SSE tool_call streams into the Anthropic-shaped api.StreamEvent vocabulary.
 Package sseutil holds tiny helpers shared between providers that translate OpenAI-style SSE tool_call streams into the Anthropic-shaped api.StreamEvent vocabulary.
apikit
Package apikit provides API transport infrastructure: telemetry, error classification, retry logic, context-window preflight checks, proxy support, and prompt caching.
 Package apikit provides API transport infrastructure: telemetry, error classification, retry logic, context-window preflight checks, proxy support, and prompt caching.
apikit/telemetry/otlp
Package otlp implements an OTLP/HTTP exporter for apikit.TelemetryEvent using the JSON wire format.
 Package otlp implements an OTLP/HTTP exporter for apikit.TelemetryEvent using the JSON wire format.
apikit/telemetry/otlpgrpc
Package otlpgrpc implements an OTLP/gRPC exporter for apikit.TelemetryEvent using the official OpenTelemetry SDK (sdk/log + otlploggrpc).
 Package otlpgrpc implements an OTLP/gRPC exporter for apikit.TelemetryEvent using the official OpenTelemetry SDK (sdk/log + otlploggrpc).
auth
Package auth — multi-provider credential storage.
 Package auth — multi-provider credential storage.
commands
compat
config
context
hooks
Package hooks provides an in-process programmatic hook system for the claw-code-go runtime.
 Package hooks provides an in-process programmatic hook system for the claw-code-go runtime.
hooks/hookstesting
Package hookstesting provides test helpers for the hooks package.
 Package hookstesting provides test helpers for the hooks package.
lsp
mcp
mcp/oauth
Package oauth implements an OAuth 2.0 Authorization Code + PKCE broker for authenticated remote MCP servers, with an on-disk token cache.
 Package oauth implements an OAuth 2.0 Authorization Code + PKCE broker for authenticated remote MCP servers, with an on-disk token cache.
permissions
plugins
Package plugins implements the plugin lifecycle: discovery via a remote marketplace, fetch + checksum verification, install/uninstall state on disk, and the slash commands that drive it.
 Package plugins implements the plugin lifecycle: discovery via a remote marketplace, fetch + checksum verification, install/uninstall state on disk, and the slash commands that drive it.
runtime
runtime/lane
Package lane implements lane-level event tracking, commit provenance, branch locking, and freshness analysis for multi-lane orchestration.
 Package lane implements lane-level event tracking, commit provenance, branch locking, and freshness analysis for multi-lane orchestration.
runtime/policy
Package policy implements a declarative rule engine for lane-level runtime policy evaluation.
 Package policy implements a declarative rule engine for lane-level runtime policy evaluation.
runtime/recovery
runtime/remote
runtime/sandbox
Package sandbox implements Linux namespace-based sandboxing with container detection and fallback degradation for non-Linux platforms.
 Package sandbox implements Linux namespace-based sandboxing with container detection and fallback degradation for non-Linux platforms.
runtime/task
runtime/team
runtime/trust
Package trust implements centralized trust-prompt detection and resolution.
 Package trust implements centralized trust-prompt detection and resolution.
runtime/worker
strutil
Package strutil provides small string helpers shared across packages.
 Package strutil provides small string helpers shared across packages.
testutil
tools
Ported from rust/crates/runtime/src/bash_validation.rs — pipeline and security gate extensions.
 Ported from rust/crates/runtime/src/bash_validation.rs — pipeline and security gate extensions.
tui
usage
Package usage provides token usage tracking and best-effort cost estimation.
 Package usage provides token usage tracking and best-effort cost estimation.
pkg
api
Package api re-exports the internal/api surface via type aliases.
 Package api re-exports the internal/api surface via type aliases.
api/hooks
Package hooks is the public façade over the internal lifecycle hooks runner.
 Package hooks is the public façade over the internal lifecycle hooks runner.
api/lsp
Package lsp is the public façade over the internal LSP subsystem that backs the `lsp` tool.
 Package lsp is the public façade over the internal LSP subsystem that backs the `lsp` tool.
api/mcp
Package mcp is the public façade over the internal MCP subsystem that backs the list_mcp_resources / read_mcp_resource / mcp_auth tools and the SSE/HTTP transports.
 Package mcp is the public façade over the internal MCP subsystem that backs the list_mcp_resources / read_mcp_resource / mcp_auth tools and the SSE/HTTP transports.
api/mcp/oauth
Package oauth is the public façade over the internal MCP OAuth broker.
 Package oauth is the public façade over the internal MCP OAuth broker.
api/providers/anthropic
Package anthropic re-exports the internal Anthropic provider via type alias.
 Package anthropic re-exports the internal Anthropic provider via type alias.
api/providers/bedrock
Package bedrock re-exports the internal Bedrock provider via type alias.
 Package bedrock re-exports the internal Bedrock provider via type alias.
api/providers/foundry
Package foundry re-exports the internal Azure AI Foundry provider via type alias.
 Package foundry re-exports the internal Azure AI Foundry provider via type alias.
api/providers/openai
Package openai re-exports the internal OpenAI provider via type alias.
 Package openai re-exports the internal OpenAI provider via type alias.
api/providers/vertex
Package vertex re-exports the internal Vertex AI provider via type alias.
 Package vertex re-exports the internal Vertex AI provider via type alias.
api/task
Package task is the public façade over the internal task subsystem that backs the task_* tools.
 Package task is the public façade over the internal task subsystem that backs the task_* tools.
api/team
Package team is the public façade over the internal team subsystem that backs the team_* and cron_* tools.
 Package team is the public façade over the internal team subsystem that backs the team_* and cron_* tools.
api/tools
Package tools exposes a stable public-API surface over the built-in tool implementations that ship with claw-code-go.
 Package tools exposes a stable public-API surface over the built-in tool implementations that ship with claw-code-go.
api/worker
Package worker is the public façade over the internal worker subsystem that backs the worker_* tools.
 Package worker is the public façade over the internal worker subsystem that backs the worker_* tools.
apikit
Package apikit re-exports selected symbols from internal/apikit via type aliases.
 Package apikit re-exports selected symbols from internal/apikit via type aliases.
apikit/telemetry/otlpgrpc
Package otlpgrpc is the public façade over the OTLP/gRPC log exporter implemented in internal/apikit/telemetry/otlpgrpc.
 Package otlpgrpc is the public façade over the OTLP/gRPC log exporter implemented in internal/apikit/telemetry/otlpgrpc.
permissions
Package permissions re-exports the internal permissions package via type aliases so external consumers (e.g.
 Package permissions re-exports the internal permissions package via type aliases so external consumers (e.g.
runtime
Package runtime re-exports selected provider factory functions from claw-code-go's internal runtime.
 Package runtime re-exports selected provider factory functions from claw-code-go's internal runtime.
Package plugin: remote marketplace fetch + verify.
 Package plugin: remote marketplace fetch + verify.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.