feat(autodev): cwd guard — .clawtool/autodev.toml as project opt-in marker

[bahadirarda]

Summary

Smallest-valid first commit from the autodev hook redesign (ADR-037). Adds a cwd guard at the top of runAutodevHook that exits 0 silently when the working directory does not resolve upward to a project containing .clawtool/autodev.toml.

The marker file is the canonical per-project opt-in for the autodev Stop-hook self-trigger loop, replacing the previous behavior where a globally-armed flag fired in every Claude Code session on the host.

What this fixes

The 2026-05-03 incident: a clawtool autodev start had been written to ~/.claude/settings.json (user-global). The Stop hook then fired in every Claude Code session on the operator's host (~100 projects), with a clawtool-flavored prompt that was nonsensical outside the clawtool project. Hot-fix at the time was to manually strip the entry from settings.json. This commit makes the legacy install a permanent no-op outside the clawtool repo: the hook still loads, but exits 0 silently when the cwd guard fails.

Resolution order in findAutodevTOML

1. $CLAWTOOL_AUTODEV_REPO if set is authoritative — returns the marker at <envRoot>/.clawtool/autodev.toml when present, !ok when absent. A stale env var does NOT fall through to the cwd walk; falling through would silently pin a different project's marker, which is exactly the cross-project leakage the cwd guard is built to prevent.
2. Otherwise the function walks upward from $PWD until either the marker is found or the filesystem root is reached. Symlinks are not followed.

Files

• internal/cli/autodev.go (+60 lines) — findAutodevTOML helper, doc updates, cwd guard at the top of runAutodevHook
• internal/cli/autodev_hook_cwd_test.go (+221 lines) — five new tests:
  • TestRunAutodevHook_NoProjectMarker_ExitsZero — proves the active-bleeding fix: legacy flag + counter present, no marker, hook exits 0 without emitting decision:block, counter does NOT increment
  • TestRunAutodevHook_ProjectMarkerPresent_FlagRespected — proves the legitimate path still works: marker + flag together fire as before
  • TestFindAutodevTOML_WalksUpward — deep subdirectory finds upward marker
  • TestFindAutodevTOML_NotFound — graceful !ok when no marker exists upward
  • TestFindAutodevTOML_EnvOverride — authoritative env var, no fall-through on stale value
• .clawtool/autodev.toml (+26 lines) — project-opt-in marker for the clawtool repo itself, so this repo's autodev session keeps firing after the cwd guard lands

Verification

gofmt -l internal/cli/autodev.go internal/cli/autodev_hook_cwd_test.go
# (clean)

go vet ./internal/cli/
# (clean)

go test -race -count=1 -timeout=60s -run "TestRunAutodevHook_NoProjectMarker|TestRunAutodevHook_ProjectMarkerPresent|TestFindAutodevTOML" ./internal/cli/ -v
# 5/5 PASS

go test -race -count=1 -timeout=120s ./internal/cli/
# ok  github.com/cogitave/clawtool/internal/cli  13.939s

Forward compatibility

The .clawtool/autodev.toml schema is forward-looking — fields (name, enabled, cap_per_session, [loop] steps, stop_command) are documented and ready for the v1 reader (Phase 5 of the autodev redesign), but today only the file's presence is checked. Existing operators upgrading to this binary need to either:

1. Run clawtool autodev init once in each project where they want the loop (forthcoming subcommand from Phase 4), or
2. Drop .clawtool/autodev.toml manually (template above).

This deliberate friction is the design — implicit per-project opt-in via the marker file is the whole point of the redesign.

Wiki context

ADR-037 (wiki/decisions/037-autodev-hook-redesign.md, gitignored local knowledge base) documents the full four-axis redesign. This PR ships axis 1's smallest valid subset; axes 2-4 (autodev.toml schema reader, prompt parameterization, firing-decision pipeline with quiet-state gate + substrate probe + lock format) land in follow-up PRs.

Hygiene note

Commit ran via mcp__clawtool__Commit (Conventional Commits + pre_commit rules.toml gate). gofmt-clean and race-clean rules trigger on this changeset (Go files touched) — both verified clean above. No internal-doc-id leakage in user-facing surfaces.