feat(lsp-v2): LSP integration v2 (rebased)

.dockerignore

@@ -0,0 +1,17 @@
+# Keep docker build context small (Windows-friendly).
+.git
+.github
+**/target
+**/.claw-rag
+**/.claw
+**/.claude
+**/.cursor
+**/node_modules
+**/dist
+**/build
+**/*.log
+**/*.tmp
+**/*.sqlite
+**/*.sqlite-wal
+**/*.sqlite-shm
+**/.DS_Store

.github/ISSUE_TEMPLATE/anti_slop_triage.yml

@@ -0,0 +1,54 @@
+name: Anti-slop triage
+about: Classify low-signal, duplicate, generated, or unsafe reports before engineering work starts.
+title: "triage: "
+labels: ["needs-triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this form for issue intake that needs evidence-backed classification before anyone closes, fixes, or escalates it.
+        Do not paste secrets, live tokens, private logs, or non-public customer data.
+  - type: dropdown
+    id: classification
+    attributes:
+      label: Initial classification
+      description: Pick the strongest current classification. Update it if evidence changes.
+      options:
+        - actionable-bug
+        - actionable-docs
+        - actionable-feature
+        - duplicate
+        - spam-or-promotion
+        - generated-slop-or-hallucinated
+        - unsafe-or-security-sensitive
+        - not-reproducible-yet
+        - externally-blocked
+    validations:
+      required: true
+  - type: textarea
+    id: evidence
+    attributes:
+      label: Evidence
+      description: Link the PR, issue, command output, docs page, reproduction, duplicate, or policy that supports the classification.
+      placeholder: "Evidence: ..."
+    validations:
+      required: true
+  - type: textarea
+    id: safe_next_action
+    attributes:
+      label: Safe next action
+      description: State the next non-destructive action. If closure or merge is proposed, name the required owner/gate.
+      placeholder: "Next action: label only / request repro / link duplicate / fix docs / defer with rationale / owner review required"
+    validations:
+      required: true
+  - type: checkboxes
+    id: guardrails
+    attributes:
+      label: Guardrails
+      options:
+        - label: I did not close, merge, or mutate remote state as part of this triage-only report.
+          required: true
+        - label: I checked for duplicates or related PRs/issues before recommending action.
+          required: true
+        - label: If this touches credentials, security, or private data, I avoided public reproduction details and routed to the appropriate private/security path.
+          required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,17 @@
+## Summary
+- TBD
+
+## Anti-slop triage
+- Classification: <!-- actionable-fix | docs-only | duplicate | generated-slop | unsafe | out-of-scope | needs-maintainer-decision -->
+- Evidence: <!-- issue link, repro command, failing test, docs source, or duplicate PR -->
+- Non-destructive review result: <!-- merge candidate | request changes | close/defer with rationale | needs owner gate -->
+
+## Verification
+- [ ] Targeted tests/docs checks ran, or the gap is explicitly recorded.
+- [ ] `git diff --check` passes.
+- [ ] No live secrets, tokens, private logs, or unrelated generated churn are included.
+
+## Resolution gate
+- [ ] If this PR resolves an issue, the issue number and fix evidence are linked.
+- [ ] If this PR should not merge, the rejection/defer rationale is evidence-backed and does not rely on vibes.
+- [ ] I did not merge/close remote PRs or issues from an automation lane without owner approval.

.github/hooks/pre-push

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# Claw Code local pre-push safety gate.
+#
+# Install with:
+#   git config core.hooksPath .github/hooks
+#
+# This intentionally mirrors the CI build gate so stale field/enum references are
+# caught before pushing to main or PR branches.
+set -euo pipefail
+
+repo_root="$(git rev-parse --show-toplevel 2>/dev/null)"
+cd "$repo_root"
+
+if [[ ! -f rust/Cargo.toml ]]; then
+  echo "pre-push: rust/Cargo.toml not found; skipping cargo workspace build" >&2
+  exit 0
+fi
+
+echo "pre-push: cargo build --manifest-path rust/Cargo.toml --workspace" >&2
+cargo build --manifest-path rust/Cargo.toml --workspace

.github/scripts/check_release_readiness.py

@@ -0,0 +1,169 @@
+#!/usr/bin/env python3
+"""Validate release-readiness docs that are easy to regress.
+
+The check is intentionally dependency-free so it can run on developer machines,
+Windows CI, and minimal release jobs. It validates:
+
+* required repository policy files exist;
+* local Markdown links and image targets resolve;
+* local heading anchors referenced from Markdown resolve; and
+* command examples do not present the deprecated `cargo install claw-code`
+  package as an executable install path.
+"""
+
+from __future__ import annotations
+
+from pathlib import Path
+from urllib.parse import unquote, urlparse
+import re
+import sys
+
+ROOT = Path(__file__).resolve().parents[2]
+
+REQUIRED_POLICY_FILES = [
+    "LICENSE",
+    "CONTRIBUTING.md",
+    "SECURITY.md",
+    "SUPPORT.md",
+    "CODE_OF_CONDUCT.md",
+]
+
+MARKDOWN_ROOTS = [
+    ROOT / "README.md",
+    ROOT / "USAGE.md",
+    ROOT / "PARITY.md",
+    ROOT / "PHILOSOPHY.md",
+    ROOT / "ROADMAP.md",
+    ROOT / "CONTRIBUTING.md",
+    ROOT / "SECURITY.md",
+    ROOT / "SUPPORT.md",
+    ROOT / "CODE_OF_CONDUCT.md",
+    ROOT / "docs",
+    ROOT / "rust" / "README.md",
+    ROOT / "rust" / "USAGE.md",
+    ROOT / "rust" / "MOCK_PARITY_HARNESS.md",
+]
+
+LINK_PATTERN = re.compile(r"(?<!!)\[[^\]\n]+\]\(([^)\s]+)(?:\s+\"[^\"]*\")?\)")
+HTML_LINK_PATTERN = re.compile(r"""<(?:a|img)\b[^>]*(?:href|src)=["']([^"']+)["']""", re.I)
+FENCE_PATTERN = re.compile(r"```(?P<lang>[^\n`]*)\n(?P<body>.*?)```", re.S)
+
+
+def iter_markdown_files() -> list[Path]:
+    files: set[Path] = set()
+    for entry in MARKDOWN_ROOTS:
+        if entry.is_file():
+            files.add(entry)
+        elif entry.is_dir():
+            files.update(entry.rglob("*.md"))
+    return sorted(files)
+
+
+def github_anchor(heading: str) -> str:
+    anchor = heading.strip().lower()
+    anchor = re.sub(r"<[^>]+>", "", anchor)
+    anchor = re.sub(r"`([^`]*)`", r"\1", anchor)
+    anchor = re.sub(r"[^a-z0-9 _-]", "", anchor)
+    anchor = anchor.replace(" ", "-")
+    anchor = re.sub(r"-+", "-", anchor)
+    return anchor.strip("-")
+
+
+def anchors_for(path: Path) -> set[str]:
+    anchors: set[str] = set()
+    for line in path.read_text(encoding="utf-8").splitlines():
+        match = re.match(r"^(#{1,6})\s+(.+?)\s*#*\s*$", line)
+        if match:
+            anchors.add(github_anchor(match.group(2)))
+    return anchors
+
+
+def is_external(target: str) -> bool:
+    parsed = urlparse(target)
+    return parsed.scheme in {"http", "https", "mailto"}
+
+
+def validate_policies(errors: list[str]) -> None:
+    for relative in REQUIRED_POLICY_FILES:
+        path = ROOT / relative
+        if not path.is_file():
+            errors.append(f"missing required policy file: {relative}")
+
+
+def validate_markdown_links(errors: list[str]) -> None:
+    anchor_cache: dict[Path, set[str]] = {}
+    for path in iter_markdown_files():
+        text = path.read_text(encoding="utf-8")
+        candidates = [m.group(1) for m in LINK_PATTERN.finditer(text)]
+        candidates.extend(m.group(1) for m in HTML_LINK_PATTERN.finditer(text))
+        for target in candidates:
+            if (
+                not target
+                or is_external(target)
+                or target.startswith(("mailto:", "tel:", "data:"))
+            ):
+                continue
+            link_path, _, raw_anchor = target.partition("#")
+            if not link_path:
+                destination = path
+            else:
+                destination = (path.parent / unquote(link_path)).resolve()
+            try:
+                destination.relative_to(ROOT)
+            except ValueError:
+                errors.append(
+                    f"{path.relative_to(ROOT)}: link escapes repo root: {target}"
+                )
+                continue
+            if not destination.exists():
+                errors.append(
+                    f"{path.relative_to(ROOT)}: missing local link target: {target}"
+                )
+                continue
+            if raw_anchor and destination.suffix.lower() == ".md":
+                anchor = unquote(raw_anchor).lower()
+                anchor_cache.setdefault(destination, anchors_for(destination))
+                if anchor not in anchor_cache[destination]:
+                    errors.append(
+                        f"{path.relative_to(ROOT)}: missing anchor `{raw_anchor}` in "
+                        f"{destination.relative_to(ROOT)}"
+                    )
+
+
+def validate_command_examples(errors: list[str]) -> None:
+    for path in iter_markdown_files():
+        text = path.read_text(encoding="utf-8")
+        for match in FENCE_PATTERN.finditer(text):
+            lang = match.group("lang").strip().lower()
+            if lang not in {"bash", "sh", "shell", "zsh", "powershell", "ps1"}:
+                continue
+            body = match.group("body")
+            for offset, line in enumerate(body.splitlines(), start=1):
+                stripped = line.strip()
+                if not stripped or stripped.startswith(("#", ">")):
+                    continue
+                if re.search(r"\bcargo\s+install\s+claw-code\b", stripped):
+                    line_no = text.count("\n", 0, match.start()) + offset + 1
+                    errors.append(
+                        f"{path.relative_to(ROOT)}:{line_no}: deprecated "
+                        "`cargo install claw-code` appears in an executable "
+                        "command block; use build-from-source docs instead"
+                    )
+
+
+def main() -> int:
+    errors: list[str] = []
+    validate_policies(errors)
+    validate_markdown_links(errors)
+    validate_command_examples(errors)
+    if errors:
+        print("release-readiness check failed:", file=sys.stderr)
+        for error in errors:
+            print(f"  - {error}", file=sys.stderr)
+        return 1
+    print("release-readiness check passed")
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

.github/workflows/release.yml

@@ -32,6 +32,10 @@ jobs:
             os: macos-14
             bin: claw
             artifact_name: claw-macos-arm64
+          - name: windows-x64
+            os: windows-latest
+            bin: claw.exe
+            artifact_name: claw-windows-x64.exe
     defaults:
       run:
         working-directory: rust
@@ -47,22 +51,27 @@ jobs:
       - name: Build release binary
         run: cargo build --release -p rusty-claude-cli
 
-      - name: Package artifact
+      - name: Package artifact and checksum
         shell: bash
         run: |
           mkdir -p dist
           cp "target/release/${{ matrix.bin }}" "dist/${{ matrix.artifact_name }}"
           chmod +x "dist/${{ matrix.artifact_name }}"
+          (cd dist && sha256sum "${{ matrix.artifact_name }}" > "${{ matrix.artifact_name }}.sha256")
 
       - name: Upload workflow artifact
         uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.artifact_name }}
-          path: rust/dist/${{ matrix.artifact_name }}
+          path: |
+            rust/dist/${{ matrix.artifact_name }}
+            rust/dist/${{ matrix.artifact_name }}.sha256
 
       - name: Upload release asset
         if: startsWith(github.ref, 'refs/tags/')
         uses: softprops/action-gh-release@v2
         with:
-          files: rust/dist/${{ matrix.artifact_name }}
+          files: |
+            rust/dist/${{ matrix.artifact_name }}
+            rust/dist/${{ matrix.artifact_name }}.sha256
           fail_on_unmatched_files: true