feat(runtime): add slash command registry core

[yacosta738]

Related Issues

Fixes #539
Related to #527

---

Summary

Adds the core slash command registry abstraction so runtime ingress uses one platform capability for command metadata, name/alias lookup, validation, and dispatch.

• Exposes registry discovery helpers for canonical names, aliases, and metadata iteration.
• Splits prompt-based ingress dispatch from raw parsed dispatch while preserving unknown slash fallthrough for existing ingress behavior.
• Adds targeted registry tests for registration, lookup, alias resolution, duplicate handling, metadata discovery, and central dispatch behavior.

Review path: start with clients/agent-runtime/src/session_commands/registry.rs, then check the small ingress and gateway adaptations. Out of scope: migrating additional command families beyond the existing session command set.

---

Tested Information

• rustfmt --edition 2021 --check src/session_commands/registry.rs src/session_commands/types.rs src/session_commands/mod.rs src/pre_execution/mod.rs src/pre_execution/session_command_adapter.rs src/gateway/mod.rs
• cargo test --lib session_commands::registry
• cargo test session_commands::registry began passing the targeted registry tests across lib/main targets, but the broader filtered run timed out while continuing through unrelated integration targets.
• Pre-push hook initially failed on pre-existing src/security/policy.rs formatting; this branch includes a separate formatting-only commit for that hook blocker.
• Pre-push hook then caught one clippy simplification in dispatch_prompt; this branch includes the fix.

---

Documentation Impact

• Docs updated in:
  • clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md
• I verified the documentation matches the current behavior.

---

Breaking Changes

None.

---

Checklist

• I have checked that there isn’t already a PR solving the same problem.
• I have read the Contributing Guidelines.
• I ensured my code follows the project's style guidelines.
• I have added or updated tests that prove my fix is effective or that my feature works.
• I have updated the documentation, or I explained above why no documentation update is needed.
• I verified the documentation matches the current behavior.
• I have documented any breaking changes in the Breaking Changes section.
• I have linked the related issue (if any).

[cloudflare-workers-and-pages]

Deploying corvus with    Cloudflare Pages

Latest commit:	a3577cc
Status:	✅  Deploy successful!
Preview URL:	https://a48161f1.corvus-42x.pages.dev
Branch Preview URL:	https://feat-slash-command-registry.corvus-42x.pages.dev

View logs

[coderabbitai]

Warning

Rate limit exceeded

@yacosta738 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 37 minutes and 38 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 57252ff4-df08-4388-9305-39d0f12e1fdf

📥 Commits

Reviewing files that changed from the base of the PR and between 50b471a and a3577cc.

📒 Files selected for processing (2)

• clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md
• clients/web/apps/docs/src/content/docs/es/clients/agent-runtime/architecture.md

📝 Walkthrough

Walkthrough

This PR adds explicit handling for unknown slash commands by introducing a new SessionCommandFailureKind::UnknownCommand variant, refactoring the registry dispatch API into dispatch_prompt (returns None for unknowns) and dispatch_raw (returns failure outcome), strengthening registration validation, and wiring pre-execution to use the new dispatch method while mapping unknown command errors throughout the gateway and classification layers.

Changes

Unknown Command Support & Registry Refactoring

Layer / File(s)	Summary
Data Shape clients/agent-runtime/src/session_commands/types.rs	Added SessionCommandFailureKind::UnknownCommand variant after UnsupportedBackend.
Registry Core & Validation clients/agent-runtime/src/session_commands/registry.rs	Split dispatch into dispatch_prompt (returns Option<SessionCommandOutcome>, unknown → None) and dispatch_raw (returns SessionCommandOutcome, unknown → failure with UnknownCommand). Strengthened registration validation with explicit duplicate-alias detection via HashSet and expanded canonical/alias collision checking. Made iter() public and added contains() introspection helper.
Error Mapping & Classification clients/agent-runtime/src/gateway/mod.rs, clients/agent-runtime/src/session_commands/session_command_adapter.rs	Mapped UnknownCommand to stable error code "unknown_command". Classified UnknownCommand as SessionCommandFailureClass::Failed.
Integration & Wiring clients/agent-runtime/src/pre_execution/mod.rs	Updated evaluate_ingress to call dispatch_prompt instead of the removed dispatch, preserving fallback logic on None.
Tests & Documentation clients/agent-runtime/src/session_commands/{registry.rs, mod.rs}, clients/agent-runtime/src/security/policy.rs, clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md	Added comprehensive tests for registry validation (duplicate aliases, canonical/alias collisions), dispatch methods (dispatch_raw unknown-command reporting, dispatch_prompt fallthrough), and public iteration. Added module documentation for slash-commands subsystem. Reformatted policy test assertions (no logic changes).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• dallay/corvus#545: Direct follow-up refactoring the split dispatch behavior and adding prompt/raw dispatch semantics into core registry.
• dallay/corvus#534: Introduced foundational session-commands types, registry, and pre-execution dispatch flow now being extended here.
• dallay/corvus#549: Related modifications to session-command dispatch surface and unknown-command failure handling patterns.

Suggested labels

area:rust, area:docs, risk:high

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 71.88% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title follows Conventional Commits style with a clear imperative form and is well-scoped to the slash command registry core feature.
Description check	✅ Passed	The PR description comprehensively covers all template sections: related issues, summary, testing details, documentation updates, breaking changes, and checklist completion.
Linked Issues check	✅ Passed	All acceptance criteria from #539 are met: registry abstraction implemented, commands discoverable by name/alias, dispatch centralized, extension points documented, and targeted tests added.
Out of Scope Changes check	✅ Passed	Changes align with #539 scope: registry core, metadata support, name/alias resolution, and dispatch. Documentation-only changes and formatting fixes for pre-push hooks are appropriate scope inclusions.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/slash-command-registry-core-539

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md (1)

1-8: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

lastReviewed date is stale — update to reflect this PR's changes.

The frontmatter shows lastReviewed: 2026-03-26, but this PR materially extends the document. Leaving a stale date misleads readers and automated doc-freshness tooling about when the architecture was last verified.

📝 Proposed fix

-lastReviewed: 2026-03-26
+lastReviewed: 2026-05-05

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md`
around lines 1 - 8, Update the frontmatter key lastReviewed in architecture.md
(currently `lastReviewed: 2026-03-26`) to the date representing this PR's review
(e.g., `lastReviewed: 2026-05-05`) so the document's metadata accurately
reflects the new changes; locate the top-matter block and replace the old date
value for the `lastReviewed` field.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md`:
- Around line 205-224: The Spanish documentation is missing the new "### Slash
Commands" section—add a translated section titled (for example) "### Comandos
Slash" to the ES architecture doc, translating the description and the four
bullet points and preserving technical identifiers like `session_commands/`,
`SlashCommandRegistry`, `SlashCommandRegistration`, `SlashCommandDescriptor`,
`SlashCommandHandler`, `SessionCommandParser`, and `SessionCommandService`;
ensure the guidance about adding descriptors/handlers and avoiding per-ingress
match statements is included so EN/ES parity is maintained.

---

Outside diff comments:
In
`@clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md`:
- Around line 1-8: Update the frontmatter key lastReviewed in architecture.md
(currently `lastReviewed: 2026-03-26`) to the date representing this PR's review
(e.g., `lastReviewed: 2026-05-05`) so the document's metadata accurately
reflects the new changes; locate the top-matter block and replace the old date
value for the `lastReviewed` field.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: cb7942ed-e07c-4d0b-a487-5822c1ff2ac4

📥 Commits

Reviewing files that changed from the base of the PR and between ea6dd3a and 50b471a.

📒 Files selected for processing (8)

• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/pre_execution/mod.rs
• clients/agent-runtime/src/pre_execution/session_command_adapter.rs
• clients/agent-runtime/src/security/policy.rs
• clients/agent-runtime/src/session_commands/mod.rs
• clients/agent-runtime/src/session_commands/registry.rs
• clients/agent-runtime/src/session_commands/types.rs
• clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: sonar
• GitHub Check: pr-checks
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: Cloudflare Pages

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{md,mdx}

⚙️ CodeRabbit configuration file

**/*.{md,mdx}: Verify technical accuracy and that docs stay aligned with code changes.
For user-facing docs, check EN/ES parity or explicitly note pending translation gaps.

Files:

• clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md

**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

• clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md
• clients/agent-runtime/src/session_commands/mod.rs
• clients/agent-runtime/src/security/policy.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/session_commands/types.rs
• clients/agent-runtime/src/pre_execution/mod.rs
• clients/agent-runtime/src/pre_execution/session_command_adapter.rs
• clients/agent-runtime/src/session_commands/registry.rs

clients/agent-runtime/src/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

clients/agent-runtime/src/**/*.rs: Never log secrets, tokens, raw credentials, or sensitive payloads in any logging statements
Avoid unnecessary allocations, clones, and blocking operations to maintain performance and efficiency

Files:

• clients/agent-runtime/src/session_commands/mod.rs
• clients/agent-runtime/src/security/policy.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/session_commands/types.rs
• clients/agent-runtime/src/pre_execution/mod.rs
• clients/agent-runtime/src/pre_execution/session_command_adapter.rs
• clients/agent-runtime/src/session_commands/registry.rs

clients/agent-runtime/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Run cargo fmt --all -- --check, cargo clippy --all-targets -- -D warnings, and cargo test for code validation, or document which checks were skipped and why

Files:

• clients/agent-runtime/src/session_commands/mod.rs
• clients/agent-runtime/src/security/policy.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/session_commands/types.rs
• clients/agent-runtime/src/pre_execution/mod.rs
• clients/agent-runtime/src/pre_execution/session_command_adapter.rs
• clients/agent-runtime/src/session_commands/registry.rs

**/*.rs

⚙️ CodeRabbit configuration file

**/*.rs: Focus on Rust idioms, memory safety, and ownership/borrowing correctness.
Flag unnecessary clones, unchecked panics in production paths, and weak error context.
Prioritize unsafe blocks, FFI boundaries, concurrency races, and secret handling.

Files:

• clients/agent-runtime/src/session_commands/mod.rs
• clients/agent-runtime/src/security/policy.rs
• clients/agent-runtime/src/gateway/mod.rs
• clients/agent-runtime/src/session_commands/types.rs
• clients/agent-runtime/src/pre_execution/mod.rs
• clients/agent-runtime/src/pre_execution/session_command_adapter.rs
• clients/agent-runtime/src/session_commands/registry.rs

clients/agent-runtime/src/{security,gateway,tools}/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Treat src/security/, src/gateway/, src/tools/ as high-risk surfaces and never broaden filesystem/network execution scope without explicit policy checks

Files:

• clients/agent-runtime/src/security/policy.rs
• clients/agent-runtime/src/gateway/mod.rs

clients/agent-runtime/src/{security,gateway,tools,config}/**/*.rs

📄 CodeRabbit inference engine (clients/agent-runtime/AGENTS.md)

Do not silently weaken security policy or access constraints; keep default behavior secure-by-default with deny-by-default where applicable

Files:

• clients/agent-runtime/src/security/policy.rs
• clients/agent-runtime/src/gateway/mod.rs

🔇 Additional comments (7)

clients/agent-runtime/src/security/policy.rs (1)

2265-2282: Formatting-only test updates look good.

No behavioral or security-impacting change detected in this hunk; assertions and coverage intent remain intact.

clients/agent-runtime/src/session_commands/registry.rs (1)

153-158: The unknown-command error already preserves the attempted command in the message field.

The command: "/" sentinel is intentional: SessionCommandFailure.command is typed as &'static str, so raw.invoked_name cannot be stored there. The actual invoked command is captured in the message as "unknown slash command: {invoked_name}", and tests (registry.rs:1030–1036) explicitly lock in this behavior. Downstream consumers in gateway/webhook_dispatch.rs, gateway/mod.rs, and channels/mod.rs do not read the command field to identify unknown commands; they rely on kind or message. No contract regression.

clients/agent-runtime/src/gateway/mod.rs (1)

2180-2180: Good addition: explicit stable code for unknown commands

Mapping SessionCommandFailureKind::UnknownCommand to "unknown_command" keeps gateway error contracts deterministic across JSON/SSE surfaces.

clients/agent-runtime/src/pre_execution/mod.rs (2)

249-453: Test coverage for the dispatch_prompt behavioral contract is solid.

The suite covers recognized commands (success/failure), invalid argument shapes, unknown slash-like input falling through to Continue, and all ingress classification combinations. LGTM.

---

57-60: 🏗️ Heavy lift

No action required — default_registry() already uses OnceLock for lazy static initialization.

The function returns &'static SlashCommandRegistry and uses the OnceLock::get_or_init() pattern, ensuring the registry is built only once on first call. Subsequent calls are zero-cost reference returns, not allocations. The code already follows the correct optimization for hot-path usage.

			> Likely an incorrect or invalid review comment.

clients/agent-runtime/src/session_commands/mod.rs (1)

1-7: Module-level docs accurately capture the registry contract and dispatch delegation model. LGTM.

clients/web/apps/docs/src/content/docs/clients/agent-runtime/architecture.md (1)

207-224: Technical accuracy of the new Slash Commands section is verified. LGTM.

The dispatch pipeline description — raw text → SessionCommandParser → registry name/alias resolution → argument-shape validation → SessionCommandService delegation — accurately reflects the split between dispatch_prompt (returns Option) and dispatch_raw introduced in this PR, and matches the re-exported types in session_commands/mod.rs. The extension guidance ("Do not add new per-ingress match statements") is correct and well-placed.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
99.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud