feat(cli): add shell tab completion with install/uninstall

[reidliu41]

Summary

• Problem: ZeroClaw has no shell tab completion, forcing users to type full command names and flags from memory —
  significant friction for a CLI with 15+ top-level commands, nested subcommands, and typed flags.
• Why it matters: Shell completion is a baseline UX expectation for serious CLI tools. It lowers onboarding
  friction, reduces typos, and makes the full command surface discoverable without reaching for --help.
• What changed: Added zeroclaw completion install [--shell bash|zsh|fish] and zeroclaw completion uninstall.
  Install auto-detects the shell via $SHELL, writes a static completion script to
  ~/.local/share/zeroclaw/completions/, and appends a guarded source line to the rc file. Fish uses its native
  completions directory with no rc modification. Uninstall cleanly removes the script and rc line via a stable marker (# zeroclaw completion).
• What did not change: No existing commands, config schema, security policy, or runtime behavior touched. Pure
  additive UX layer. New module src/completion.rs is fully self-contained with no cross-module coupling.

Dependency Impact

Net new transitive dependencies: zero.

clap_complete is the official completion companion maintained by the clap team. Its entire dependency tree
(clap_builder, clap_lex, anstream, etc.) is already present in the project via the existing clap dependency.
cargo tree -p clap_complete confirms no new crates are introduced.

Label Snapshot (required)

• Risk label (risk: low|medium|high):
• Size label (size: XS|S|M|L|XL, auto-managed/read-only):
• Scope labels (core|agent|channel|config|cron|daemon|doctor|gateway|health|heartbeat|integration|memory|observability|onboard|provider|runtime|security|service|skillforge|skills|tool|tunnel|docs|dependencies|ci|tests|scripts|dev, comma-separated):
  <<<<<<< chore/labeler-spacing-trusted-tier
• Module labels (<module>: <component>, for example channel: telegram, provider: kimi, tool: shell):
  =======
• Module labels (<module>:<component>, for example channel:telegram, provider:kimi, tool:shell):

main

• Contributor tier label (trusted contributor|experienced contributor|principal contributor|distinguished contributor, auto-managed/read-only; author merged PRs >=5/10/20/50):
• If any auto-label is incorrect, note requested correction:

Change Metadata

• Change type (bug|feature|refactor|docs|security|chore):
• Primary scope (runtime|provider|channel|memory|security|ci|docs|multi):

Linked Issue

• Closes #
• Related #
• Depends on # (if stacked)
• Supersedes # (if replacing older PR)

Supersede Attribution (required when Supersedes # is used)

• Superseded PRs + authors (#<pr> by @<author>, one per line):
• Integrated scope by source PR (what was materially carried forward):
• Co-authored-by trailers added for materially incorporated contributors? (Yes/No)
• If No, explain why (for example: inspiration-only, no direct code/design carry-over):
• Trailer format check (separate lines, no escaped \n): (Pass/Fail)

Validation Evidence (required)

Commands and result summary:

cargo fmt --all -- --check
cargo clippy --all-targets -- -D warnings
cargo test

• Evidence provided (test/log/trace/screenshot/perf):
• If any command is intentionally skipped, explain why:

Security Impact (required)

• New permissions/capabilities? (Yes/No)
• New external network calls? (Yes/No)
• Secrets/tokens handling changed? (Yes/No)
• File system access scope changed? (Yes/No)
• If any Yes, describe risk and mitigation:

Privacy and Data Hygiene (required)

• Data-hygiene status (pass|needs-follow-up):
• Redaction/anonymization notes:
• Neutral wording confirmation (use ZeroClaw/project-native labels if identity-like wording is needed):

Compatibility / Migration

• Backward compatible? (Yes/No)
• Config/env changes? (Yes/No)
• Migration needed? (Yes/No)
• If yes, exact upgrade steps:

Human Verification (required)

What was personally validated beyond CI:

• Verified scenarios:
• Edge cases checked:
• What was not verified:

Side Effects / Blast Radius (required)

• Affected subsystems/workflows:
• Potential unintended effects:
• Guardrails/monitoring for early detection:

Agent Collaboration Notes (recommended)

• Agent tools used (if any):
• Workflow/plan summary (if any):
• Verification focus:
• Confirmation: naming + architecture boundaries followed (AGENTS.md + CONTRIBUTING.md):

Rollback Plan (required)

• Fast rollback command/path:
• Feature flags or config toggles (if any):
• Observable failure symptoms:

Risks and Mitigations

List real risks in this PR (or write None).

• Risk:
  • Mitigation:

[github-actions]

PR intake checks found warnings (non-blocking)

Fast safe checks found advisory issues. CI lint/test/build gates still enforce merge quality.

• Incomplete required PR template fields: summary problem, summary why it matters, summary what changed, security risk/mitigation

Action items:

1. Complete required PR template sections/fields.
2. Remove tabs, trailing whitespace, and merge conflict markers from added lines.
3. Re-run local checks before pushing:
   • ./scripts/ci/rust_quality_gate.sh
   • ./scripts/ci/rust_strict_delta_gate.sh
   • ./scripts/ci/docs_quality_gate.sh

Run logs: https://github.com/zeroclaw-labs/zeroclaw/actions/runs/22188837783

Detected blocking line issues (sample):

• none

Detected advisory line issues (sample):

• none

[github-actions]

Hi @reidliu41, friendly automation nudge from PR hygiene.

This PR has had no new commits for 36h and still needs an update before merge:

• Latest CI Required Gate result is failure.

Recommended next steps

1. Rebase your branch on main.
2. Push the updated branch and re-run checks (or use Re-run failed jobs).
3. Post fresh validation output in this PR thread.

Maintainers: apply no-stale to opt out for accepted-but-blocked work.
Head SHA: 9c0f9a6be656

[reidliu41]

@chumyin can you help to take a look this? thanks

[reidliu41]

since #1082 updated, may close this