# rust-code

**Repository Path**: cylc1002/rust-code

## Basic Information

- **Project Name**: rust-code
- **Description**: 🦀 Claude Code CLI 的完整 Rust 实现 - 内存安全、异步、生产就绪，并通过 178 项测试
- **Primary Language**: Rust
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 2
- **Created**: 2026-04-08
- **Last Updated**: 2026-04-08

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Claude Code Rust (`claude-code-rs`)

A Rust-first Claude Code style CLI workspace focused on reproducibility, safe tool execution, and incremental product parity.

## What is working today

- Multi-crate Rust workspace that builds cleanly and passes `cargo test --workspace`
- Anthropic-compatible API client with SSE parsing and streaming support
- Conversation runtime with permission policies, MCP bridge, LSP, bash execution, session persistence, plugin loading, and runtime hook execution across tools, slash commands, queries, and sessions
- CLI REPL plus headless prompt mode
- Structured headless output via `--output-format json|stream-json`
- Scenario-driven mock parity harness under `tests/mock_parity_harness/scenarios`
- OAuth product commands: `claude login`, `claude logout`, `claude whoami`
- Remote session commands:
  - `claude remote-control connect|continue|status|disconnect`
  - `claude remote-control bridge-credentials|register-worker`
  - `claude remote-control register-environment|reconnect-environment|serve|archive`
  - `claude remote-control poll-work|ack-work|heartbeat-work|stop-work`
  - `claude remote-control deregister-environment|decode-work-secret|send-permission-response`
- Built-in bridge worker mode so `remote-control serve` can self-host a native worker when `--worker-command` is omitted
- Worker boot registry with trust/prompt-misdelivery detection and optional subprocess-backed worker lifecycle

## What shipped in this pass

- Wired real CLI auth flows on top of `runtime::oauth`
- Added persisted remote target state in `.claude/remote.json`
- Added managed API key cache under `~/.claude/managed_api_key.json` so OAuth login can power normal CLI requests
- Added remote-control monitoring flow over `runtime::remote`
- Added bridge session API support for:
  - `POST /v1/code/sessions/{id}/bridge`
  - `POST /v1/code/sessions/{id}/worker/register`
  - `POST /v1/environments/bridge`
  - `POST /v1/environments/{environment_id}/bridge/reconnect`
  - `GET /v1/environments/{environment_id}/work/poll`
  - `POST /v1/environments/{environment_id}/work/{work_id}/ack`
  - `POST /v1/environments/{environment_id}/work/{work_id}/heartbeat`
  - `POST /v1/environments/{environment_id}/work/{work_id}/stop`
  - `DELETE /v1/environments/bridge/{environment_id}`
  - `POST /v1/sessions/{id}/events`
  - `POST /v1/sessions/{id}/archive`
- Added `claude remote-control serve`, a long-running bridge supervisor that:
  - polls bridge work continuously
  - acknowledges healthchecks and session work leases
  - registers CCR v2 workers when the work secret requests code sessions
  - injects session/work metadata into an external worker command via args and env vars
  - persists live supervisor state to JSON so `remote-control status` can inspect active sessions later
  - can isolate sessions into disposable git worktrees via `--spawn-mode worktree`
  - supports reclaim polling for stale leases via `--reclaim-older-than-ms`
  - can enforce per-session execution timeouts via `--session-timeout-ms`
  - proactively requeues sessions before session-ingress JWT expiry and recycles workers onto fresh leases
  - heartbeats active work until the worker exits
  - retries `stop_work` during cleanup and can optionally archive sessions / deregister the environment
- Added base64url work-secret decoding plus derived SDK / CCR v2 session URL helpers
- Added transcript JSONL logging plus optional local `--approve-tools` handling for remote tool requests
- Added structured `json` / `stream-json` CLI output so headless runs can be consumed by other tooling
- Upgraded the bridge supervisor to capture child-worker stdout/stderr, derive recent activity summaries, and persist pending permission-request signals into supervisor state
- Added a native built-in `remote-control bridge-worker` path:
  - `remote-control serve` now falls back to the current Rust executable when `--worker-command` is not supplied
  - the built-in worker connects directly to session-ingress over WebSocket
  - for session-ingress URLs, the runtime now uses a hybrid transport pattern: WebSocket for reads plus HTTP `.../events` POSTs for writes
  - built-in worker turn output is now posted in batches when the hybrid session-ingress path is active, reducing per-message POST churn
  - retryable hybrid POST failures now back off and retry instead of failing immediately on the first transient transport/server error
  - `Retry-After` on 429 responses is now honored for hybrid event POST retries
  - outbound hybrid event writes now flow through a bounded serialized uploader that coalesces queued requests, splits oversized batches, and drains pending writes during disconnect
  - when bridge work is flagged for CCR v2 / code sessions, the built-in Rust worker now honors `CLAUDE_CODE_CCR_V2_URL` + `CLAUDE_CODE_WORKER_EPOCH` and publishes events to the CCR v2 `.../worker/events` endpoint instead of silently staying on the older session-ingress POST path
  - built-in Rust workers can now also read inbound CCR v2 worker SSE streams, parse `client_event` payloads, and resume reconnects from the last seen sequence number instead of being effectively write-only on code-session work
  - built-in Rust workers now report CCR v2 delivery ACKs (`received`, `processing`, `processed`) to `.../worker/events/delivery`
  - those delivery ACKs now flow through a background uploader that batches queued updates before POSTing instead of blocking the worker loop on every status change
  - built-in Rust workers now report CCR v2 worker state (`idle`, `working`, `requires_action`) to `PUT .../worker`, including task metadata for permission prompts and active work
  - worker state updates now flow through a coalescing background uploader so repeated state/metadata changes collapse to the latest merged patch instead of issuing one blocking PUT per transition
  - built-in Rust workers now also send CCR v2 worker heartbeats to `POST .../worker/heartbeat`
  - built-in Rust workers now push periodic `keep_alive` events over the remote event transport so idle bridge sessions are less likely to be garbage-collected upstream
  - built-in Rust workers can now persist and restore snapshot-style CCR v2 internal events, so runtime state can survive worker restarts with a first-party Rust resume path
  - the built-in worker can now use the session access token as provider auth instead of requiring a local API key
  - inbound `can_use_tool` control requests now get native Rust policy responses instead of unconditional denial, including workspace/file/bash validation before an allow is sent
- Hardened permission-name parity so alias forms like `EditFile`, `FileEditTool`, `PowerShell`, `PowerShellTool`, `ReadMcpResource`, and `ToolSearch` resolve consistently across policy checks
- Added CLI parsing tests for the new remote-control subcommands
- Added subprocess-backed worker boot support with PID/output capture, stdin prompt delivery, restart, and termination
- Added a runnable mock parity harness with 10 scripted scenarios for file, grep, bash, multi-tool, write-policy, and skill flows
- Added `mock_parity_scenarios.json` plus `scripts/run_mock_parity_diff.py` for repeatable parity-checklist reporting on top of the runnable harness
- Fixed tool execution error propagation so tool failures and explicit permission denials surface as real error results instead of false successes
- Upgraded plugin hooks from placeholder bookkeeping into actual runtime execution:
  - plugin-defined `PreToolUse`, `PostToolUse`, and `PostToolUseFailure` hooks now execute real handlers from loaded plugin roots
  - `PreCommand` / `PostCommand` hooks now wrap slash commands, and `QueryStart` / `QueryEnd` / `SessionStart` / `SessionEnd` hooks now run through the interactive and headless CLI lifecycle
  - handlers can emit messages, block execution, or rewrite tool/query/command input via JSON stdout payloads
  - hook handlers can be shell commands or relative `.cmd`/`.bat`, `.ps1`, `.py`, and `.js`/`.cjs`/`.mjs` scripts
  - `/hooks` now shows the loaded hook inventory instead of a placeholder notice
- Replaced inflated status docs with an honest gap/verification set

## Where this still trails `leaked-claude-code`

This repository is stronger on memory safety, testability, and a smaller auditable Rust core, but it still does **not** fully match the leaked product in several hard areas:

- The bridge stack now has a built-in session-ingress/CCR v2 worker fallback with background delivery/state uploaders, worker heartbeats, keep-alives, and snapshot-style internal-event restore, but it is still much shallower than the leaked `sessionRunner`/`RemoteIO`/`CCRClient` stack: full transcript/subagent internal-event compaction, richer resume hydration, and the rest of the leaked transport/runtime depth are still missing
- Trusted-device enrollment and richer auth/session refresh logic
- Full multi-session remote orchestration and richer reconnect/capacity UX are still behind upstream even though the Rust supervisor now has persisted state, timeout guards, and proactive session-token recycling
- Richer feature-flagged product surfaces (buddy, proactive, browser/computer-use, deeper bridge UI)
- Mature coordinator / swarm / marketplace depth, plus broader hook/plugin lifecycle integration like the current `claw-code` / `claw-code-parity` Rust workspaces

See `COMPARISON.md` and `STATUS.md` for the detailed audit.

## Verification commands

```bash
cargo fmt --all --check
cargo clippy --workspace --all-targets --all-features -- -D warnings
cargo test --workspace
python scripts/run_mock_parity_diff.py
```

## Quick start

```bash
cargo run -p claude-cli -- doctor
cargo run -p claude-cli -- --prompt "review the current diff"
cargo run -p claude-cli -- login
cargo run -p claude-cli -- remote-control --help
cargo run -p claude-cli -- remote-control serve --help
```

## Repository map

- `crates/claude-cli` - CLI entrypoint, REPL, auth and remote-control UX
- `crates/api` - Anthropic-compatible client and SSE parsing
- `crates/runtime` - runtime, OAuth, remote transport, permissions, worker boot, MCP bridge
- `crates/tools` - tool registry and tool implementations
- `crates/commands` - slash command registry
- `crates/plugins` - local plugin loading and hook execution
- `crates/telemetry` - telemetry hooks

## Current stance

This is a serious Rust implementation with a growing real feature surface, but it is not yet honest to call it a complete replacement for Anthropic's production Claude Code.

Comparison inputs for this snapshot were refreshed on 2026-04-08 against:

- [anthropics/claude-code](https://github.com/anthropics/claude-code)
- [leaked-claude-code/leaked-claude-code](https://github.com/leaked-claude-code/leaked-claude-code)
- [ultraworkers/claw-code-parity](https://github.com/ultraworkers/claw-code-parity)
- [ultraworkers/claw-code](https://github.com/ultraworkers/claw-code)