claw-code/TODO at develop · ByteB4rb1e/claw-code · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
--ISSUE
Content-Type: application/sprints
Sprints:
        - Name: Sprint 1
          Range: 2026-03-15..2026-03-28

--ISSUE
Content-Type: application/modules
Modules:
        - Name: claw-code

--ISSUE
Content-Type: application/bugzilla
URL: https://bugs.code.tiararodney.com/rest
Mappings:
        - Module: claw-code
          Product: LLM
          Component: claw-code

--ISSUE
Content-Type: application/issue
ID: 1
Type: feature
Title: Docker setup for HTTP proxy traffic observation
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: Add Dockerfile, entrypoint script, and docker-compose config to run
             the claw runtime in a container with mitmproxy as a sidecar for
             observing all network traffic. Entrypoint configures proxy env
             vars, combines CA bundles, and overrides NO_PROXY to allow
             Anthropic API interception.

--ISSUE
Content-Type: application/issue
ID: 2
Type: feature
Title: Patch NO_PROXY_HOSTS for full subprocess proxy interception
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: The hardcoded NO_PROXY_HOSTS list in runtime/src/remote.rs includes
             anthropic.com, github.com, and other domains. When the runtime
             spawns subprocesses via subprocess_env(), it injects its own
             computed NO_PROXY that bypasses these hosts. Add a mechanism (env
             var or config flag) to override or clear the hardcoded bypass list
             so that a proxy container can intercept all traffic including
             subprocesses.

--ISSUE
Content-Type: application/issue
ID: 3
Type: feature
Title: WebSocket-aware proxy support for MCP transport
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: The MCP client uses a WebSocket transport
             (McpClientTransport::WebSocket) and the upstream proxy connects via
             WSS. HTTP-only proxies cannot intercept these connections. Add
             support for routing WebSocket connections through CONNECT-capable
             proxies or provide a configuration option to force HTTP transport
             for debugging scenarios.

--ISSUE
Content-Type: application/issue
ID: 4
Type: feature
Title: Docker proxy service with external traffic capture support
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: Split mitmproxy into its own docker-compose service so it can run
             independently of the claw container. Expose a raw TCP/TLS listener
             or mirror port that external tools like Wireshark, tcpdump, or
             tshark can tap into. Add a dedicated Docker network with
             configurable bridge so host-side packet capture works out of the
             box. Provide a pcap volume mount option for persistent capture
             files.

--ISSUE
Content-Type: application/issue
ID: 5
Type: feature
Title: LiteLLM proxy service in Docker compose stack
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: Add a LiteLLM service to docker-compose that sits between claw and
             upstream LLM providers. Support configurable backends (Anthropic,
             OpenAI, xAI, GitHub Models, Ollama) via a litellm-config.yaml
             volume mount. Route through mitmproxy for observability. Update
             OBSERVABILITY.md and entrypoint to support OPENAI_BASE_URL pointing
             at the LiteLLM service.

--ISSUE
Content-Type: application/issue
ID: 6
Type: feature
Title: Structured logging for proxy traffic in mitmproxy service
Status: open
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: Add configurable logging to the mitmproxy service: flow-level JSON
             logs for programmatic consumption, configurable verbosity levels,
             request/response body capture toggles, and log rotation for
             long-running sessions. Integrate with the claw entrypoint to
             surface proxy connection status.

--ISSUE
Content-Type: application/issue
ID: 7
Type: feature
Title: Configure Ollama reverse proxy endpoint for LiteLLM
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: Update litellm-config.yaml to use the hosted Ollama endpoint at
             chat-completion.inference.code.tiararodney.com with Bearer auth.
             Add OLLAMA_API_KEY to docker-compose environment.

--ISSUE
Content-Type: application/issue
ID: 8
Type: bugfix
Title: Docker compose iteration: model passthrough and volume-mounted entrypoint
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: Pass CLAW_MODEL env var to claw entrypoint so the correct provider
             is selected. Mount entrypoint.sh as a volume for rapid iteration
             without image rebuilds. Hardcode default model to qwen2.5:32b.

--ISSUE
Content-Type: application/issue
ID: 9
Type: feature
Title: Refactor CLI to use ProviderClient for multi-provider support
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: DefaultRuntimeClient in claw-cli/src/main.rs hardcodes
             ClawApiClient, requiring Anthropic credentials even when using
             OpenAI-compatible backends via --model. Refactor to use
             ProviderClient::from_model() which dispatches to the correct
             provider based on model name and available env vars. This unblocks
             LiteLLM and local Ollama usage.

--ISSUE
Content-Type: application/issue
ID: 10
Type: bugfix
Title: Disable unshare sandbox inside container environments
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: The bash tool sandbox wraps commands in unshare with --user
             --map-root-user which fails inside Docker containers because
             setgroups is denied in nested user namespaces. When a container
             environment is detected, skip namespace isolation since the
             container itself provides sandboxing.

--ISSUE
Content-Type: application/issue
ID: 11
Type: bugfix
Title: Switch mitmproxy to mitmweb for web UI support
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: mitmdump does not serve the web UI on port 8081. Switch to mitmweb
             with --web-port and --web-host flags.

--ISSUE
Content-Type: application/issue
ID: 12
Type: feature
Title: Docker stack hardening: PostgreSQL, security opts, litellm readiness
Status: done
Priority: medium
Created: 2026-04-01
Module: claw-code
Relationships:
Description: Add PostgreSQL service for LiteLLM database requirement. Add
             SYS_ADMIN capability and apparmor/seccomp unconfined for claw
             container to support unshare. Add curl/git to claw Dockerfile. Add
             litellm readiness poll in entrypoint. Fix litellm api_base path.