Summary
PR #143 fixes the outage-class behavior where claw-api crash-loops on forward-unknown verbs in principals.json by filtering those verbs at runtime and warning instead.
That intentionally leaves two pieces of the original problem unsolved:
claw up still does not warn when it emits principal verbs that may be unsupported by an older deployed claw-api image.- Operator-facing surfaces do not expose load-time principal normalization clearly enough. If unknown verbs are dropped and a principal becomes inert, the API process stays up and only stderr contains the warning.
Why this needs its own issue
The runtime fail-open behavior is the urgent outage fix. The remaining work is about skew detection and observability, and should be tracked separately so #120 does not overclaim once the runtime fix lands.
Expected behavior
claw up warns when generated principals.json contains verbs newer than the target claw-api image is known to support.claw doctor, claw-api /health, or another explicit operator surface exposes when principal normalization dropped unknown verbs.- If a principal loads with zero recognized verbs, operators can discover that without tailing container stderr.
Constraints
- Do not reintroduce fail-closed startup behavior for forward-unknown verbs.
- Preserve the current compiler-side validation of user-declared verbs in pod parsing.
- Any skew signal should be explicit about uncertainty if exact image capability detection is not available.
Acceptance criteria
- A user running
claw up against an older claw-api image gets a visible warning before or during deployment when new verbs are emitted.
- An operator can detect principal normalization/inert principals through a supported surface without reading raw container logs.
- Regression coverage locks in the chosen warning/surfacing behavior.
Related
Summary
PR #143 fixes the outage-class behavior where
claw-apicrash-loops on forward-unknown verbs inprincipals.jsonby filtering those verbs at runtime and warning instead.That intentionally leaves two pieces of the original problem unsolved:
claw upstill does not warn when it emits principal verbs that may be unsupported by an older deployedclaw-apiimage.Why this needs its own issue
The runtime fail-open behavior is the urgent outage fix. The remaining work is about skew detection and observability, and should be tracked separately so
#120does not overclaim once the runtime fix lands.Expected behavior
claw upwarns when generatedprincipals.jsoncontains verbs newer than the targetclaw-apiimage is known to support.claw doctor,claw-api /health, or another explicit operator surface exposes when principal normalization dropped unknown verbs.Constraints
Acceptance criteria
claw upagainst an olderclaw-apiimage gets a visible warning before or during deployment when new verbs are emitted.Related