claude-code - 💡(How to fix) Fix [BUG] Tool-result references are not project/session isolated (cross-project content leakage)
ON THIS PAGE
Recommended Tools
×6Utilities matched from this issue’s tags and category — try them while you read without losing context.
GitHub issue graph ai analysis
Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.
The report is written in English Markdown for sharing and archival.
Helpful · Quick feedback
Error Message
Error Messages/Logs
No error was raised — the failure is silent (wrong content returned as success). Forensic data:
Root Cause
This is cross-project data leakage. The leaked content was also persisted into Project A's own session transcript (because it was rendered as A's output).
Code Example
No error was raised — the failure is silent (wrong content returned as success). Forensic data:
Re-running the identical command with stdout/stderr redirected to files: clean correct JSON (676 bytes), empty stderr. sys.modules has no module from the other project; ps shows no related process.
Source: <home>/.claude/projects/<Project B>/<session-B>/tool-results/bs4pgt1ey.txt (86 KB)
Not a collision: 23 files, 23 unique ids; bs4pgt1ey exists in one place only.
Flat id namespace: b1plcujfu, b2vmqiu13, b6o8ofgjy, b6rlypd6m, bdshnv4bi …RAW_BUFFERClick to expand / collapse
Preflight Checklist
- I have searched existing issues and this hasn't been reported yet
- This is a single bug report (please file separate reports for different bugs)
- I am using the latest version of Claude Code
What's Wrong?
In a session rooted in Project A, a Bash tool call (a Python CLI that only prints JSON) rendered, as its result, an unrelated ~86 KB block of Xcode project.pbxproj debug output belonging to a DIFFERENT project (Project B). The same foreign block appeared in two positions of one combined command's output, byte-for-byte identical.
This is cross-project data leakage. The leaked content was also persisted into Project A's own session transcript (because it was rendered as A's output).
Root cause (hypothesis): Claude Code stores large tool results on disk under a three-level path <project>/<session-id>/tool-results/<id>.txt, but the reference/lookup layer addresses them by a single, globally-flat 9-character id with NO project or session component. The isolation boundary exists in storage but is bypassed by addressing. Under --resume, a persisted id resolves via a global lookup and can land on another project's file. Storage isolation ≠ reference isolation.
What Should Happen?
A tool result rendered in Project A's session must resolve ONLY to that session's own tool-result files. Content from another project or session must never surface.
Suggested fix:
Address tool results by a composite key (project, session, id) (or the full three-segment path) through every lookup. Or scope the id namespace to the session (encode session into the id). Add a resolution-time guard: reject a tool-result file whose on-disk (project, session) does not match the resolving session.
Error Messages/Logs
No error was raised — the failure is silent (wrong content returned as success). Forensic data:
Re-running the identical command with stdout/stderr redirected to files: clean correct JSON (676 bytes), empty stderr. sys.modules has no module from the other project; ps shows no related process.
Source: <home>/.claude/projects/<Project B>/<session-B>/tool-results/bs4pgt1ey.txt (86 KB)
Not a collision: 23 files, 23 unique ids; bs4pgt1ey exists in one place only.
Flat id namespace: b1plcujfu, b2vmqiu13, b6o8ofgjy, b6rlypd6m, bdshnv4bi …Steps to Reproduce
Not deterministically reproducible (intermittent, under --resume). Trigger conditions + forensic verification:
Trigger conditions:
Use Claude Code across multiple projects so several tool-results/<id>.txt accumulate. Resume a session (--resume <session> --replay-user-messages). Run a command whose output is large enough to spill to a tool-results file. Intermittently, the result shows another project's tool-result content. Forensic verification (deterministic):
Redirect the command's stdout/stderr to files => current process output is clean. grep the foreign text across ~/.claude/projects/ => found in another project's tool-results/<id>.txt. List all tool-results/*.txt ids => globally unique, no project/session component. Environment: Claude Code 2.1.161 (desktop, macOS); model claude-opus-4-8; --resume <session-A> --replay-user-messages.
Note: inverse of #65456 (that asks for intentional cross-project handoff; this is unintended leakage).
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
No response
Claude Code Version
2.1.161
Platform
Other
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
Platform: Claude Code desktop app (macOS), not a direct API integration. The Platform field above does not have a "Claude Code" option so "Other" was selected.
Vote matrix · Quick signals
Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Still need to ship something?
×6Another batch ranked right after the header list — different links, same matching logic.
TRENDING
- [Feature]: openclaw will create a skill.md automaticly when handle complex task, so can anybody show an example than openclaw can not do?
- [Bug] Long conversation content loops after switching sessions, latest response unreachable
- [Feature]: Sandbox HOME bridge initialization — subprocess tools can't find Keychain/SSH/Git/Python resources
- [Bug]: Transient APIConnectionError on custom — rebuilt client, waiting 6s before one last primary attempt.
- [Bug]: Gateway failed after I close and open My laptop and change my Wifi.
- Feishu: MEDIA attachments sent via topic/thread reply land in main conversation instead of thread
- installer: SSH/HTTPS clone both fail on restricted networks; ZIP fallback should be first-class
- [Setup]: Hermes agent desktop installation stuck in cloning repository. Using vpn global setting all the time, can't get through though.
- [Bug]: v0.15.1 96cd37e Hermes Desktop Windows cutted off chinese prompt in chat window
- Desktop app crashes on macOS: findSystemPython() picks Python 3.9 from /usr/bin, fails on str | None syntax
- [Bug]: Desktop composer drops or fails to send CJK IME text on Enter
- hermes doctor crashes with PermissionError when gh is unavailable (e.g. WSL pointing to gh.exe)
- Bug: `hermes update` aborts with `ValueError: too many values to unpack (expected 2)` in `_build_web_ui`; leaves installation in half-updated state with no way to retry
- [Bug]: Compression token savings ignored when message count is unchanged, causing false context exhaustion
- HTTP/StreamableHTTP OAuth MCP servers connect via `hermes mcp test` but register 0 tools in the agent (stdio works)
- Desktop sidebar can horizontally overflow while session is running
- [Feature]: Desktop Remote - working directory and terminal show server file/process
- feat: Unified Agent Status API — real-time state detection, notifications, and status bar integration
- Desktop: intermediate assistant text (emitted before a tool call) disappears from the rendered thread when the turn completes
- [Bug]: Desktop: trailing characters lost when sending message without punctuation
- [Bug]: The native Windows app crashes on launch
- [Localization] Hermes Agent Desktop Chinese (简体中文) Localization
- Discord thread sessions appear to mix context between threads
- [Feature]: Add Profile switching in the Desktop application
- Docker on Windows: API server off by default, missing port mapping, undocumented env vars, and fragile dashboard/workspace recreation
- auxiliary vision: explicit base_url routes through generic "custom" branch, leaking main model name + OPENAI_API_KEY to the configured backend (Gemini)
- from session history are re-delivered as media files
- [Bug]: Tasks created with --initial-status blocked auto-promote to ready ~1s later with no actor — human approval gate bypassed
- [Bug]: Chinese Character Send Button Disappear Bug
- [Bug]: The docker-extra_args configuration is invalid in config. yml and cannot be read.
- Feature Request: On-Demand Memory Loading (Lazy Loading Mode)
- Japanese IME composition does not work correctly in Hermes Desktop composer on Windows
- Hermes Desktop Text Sending Bug
- Desktop] Enter key doesn't send message — must add trailing space
- Dashboard fails to start on v0.15.2: ModuleNotFoundError: No module named 'hermes_cli.dashboard_auth'
- Vietnamese Telex IME drops characters & tone marks in Hermes Desktop composer (macOS)
- Windows Gateway update/restart path relaunches console python.exe and shows conhost window
- Desktop composer Enter key does not send message on Windows
- [Bug]: IME composition causes send button to show as voice button + text truncation on submit
- Hardening: extend secret redaction to state.db persistence + add Google OAuth (ya29./1//) prefixes
- Hardening: verify a signed tag / pinned hash before hermes update builds & installs the pulled tree
- Hardening: optional OS-keystore (DPAPI/Keychain/libsecret) at-rest backing for auth.json
- [Bug]: Desktop app image preview tab overlaps with top-right UI buttons
- [Bug]: Desktop: editing a message containing an image fails with 'Edit failed session busy'
- bug: ModuleNotFoundError 'hermes_cli.dashboard_auth' when running (PyPI install)
- [Bug]: Some profiles render tool and skill categories in dim/grey color while others render normally
- vision_analyze native fast path sends multimodal tool results to xiaomi API — 400 'text is not set', session poisoned
- feat(compression): integrate headroom-ai for tool output compression
- Telegram clarify prompts show busy-session controls and must keep accepting replies
- 微信(WeChat)会话消息未显示在 Web 聊天页面
- WeChat (Weixin) conversations not showing in Web chat UI
- [Feature]: use Lucide/Phosphor icons in terminal UI
- Cron jobs create a new session on every run - add session_reuse option
- Bug: Session Hygiene compression overwrites original messages when _session_db is None
- [Feature] Add i18n / Chinese language support for the Desktop app
- hermes update crashes with `ValueError: too many values to unpack (expected 2)` during post-pull dependency install
- Bug: hermes update installs deps into hardcoded venv/ while active env is .venv (duplicate orphan virtualenv)
- Long user prompts pinned via sticky top-0 consume the whole viewport, hiding the assistant response
- fix: pre_tool_call hook missing session_id in three call sites
- Bug: session search/browse can hide recently submitted prompt as zero-message session
- [Bug]: Compression model context length does not respect custom provider context length
- kanban_create tool: missing notifier_profile in auto-subscribe causes notification from wrong gateway bot
- Feature request: Улучшить автоматическую очистку файлов в audio_cache
- Feature request: Add automatic cleanup for audio_cache files
- kanban_complete artifacts silently lost on scratch workspaces — file deleted before gateway notifier delivers
- [Bug]: Azure Foundry vision with api_mode: responses can route through chat/custom path and fail with 401
- config priority: OpenRouter catalog overrides explicit custom provider
- Feature: Show prompt cache hit rate in CLI status bar
- [Bug]: Bug Report: Hermes Desktop — HTTP 307 on DeepSeek API Calls
- [Feature]: Streamlining of review threads
- hermes version shows '860 commits behind' after checking out latest tag v2026.5.29.2
- Dashboard session deletion broken + CLI/gateway data source desync
- [Bug]: Chinese input gets truncated (last 1-2 characters are swallowed) in the input field
- [Bug]: Hermes ignores SOUL.md's instruction to not use web_search and web_extract
- TUI bundled entry.js fails on Node.js v18: Cannot use import statement outside a module
- [Bug]: External LaunchAgents on port 9120/9119 cause Hermes Desktop backend SIGTERM loop
- Telegram: non-command messages can trigger awkward 'not a command' handling
- [Feature]: Desktop. Hermes.app should include Calendar privacy usage description
- [Bug]: Bedrock Converse rejects whitespace-only placeholder ('text content blocks must contain non-whitespace text'); breaks resuming assistant-first history
- [Windows] MSYS2 path mangling creates phantom C:\c directory — breaks logging, cron, and sessions
- [Feature]: Curator should support smart reactivation of archived skills
- [Bug] Mattermost cron job delivery fails with "Timeout context manager should be used inside a task"
- [Bug]: notification_sources config is documented but never read by gateway code
- [Feature]: Multi-User Team Mode — Centralized Agent Management
- Email adapter: _send_imap_id() breaks IMAP connection on servers without RFC 2971 support (e.g. Purelymail)
- [Bug]: Desktop update fails on macOS with "Backend updated, but the desktop rebuild failed" (EAGAIN in npm ci postinstall)
- Async feedback loop for tmux workers
- Desktop composer can submit stale/empty/truncated hand-typed text on immediate Enter
- Feature Request: i18n / Chinese language support for TUI and CLI interface
- [Feature]: Don't strip model names on desktop app
- pytest-timeout SIGALRM crashes entire suite on Windows
- feat(hooks): add transcript_path to pre_tool_call / post_tool_call hook payload
- [Feature]: Nix: Drop system.activationScripts
- cron scheduler: profile-job context bleeds into concurrent non-profile job (script not found)
- [Feature]: ZDR header support for privacy/data retention compliance
- [Bug]: Profile color picker flickers and closes immediately on right-click → Color… (ContextMenu + Popover nesting conflict)
- Web UI build fails after update: @nous-research/[email protected] breaks ButtonProps (ghost, size, outlined, destructive removed)
- [Bug]: TUI/CLI startup banner shows MCP servers as "failed" while async connection is still in progress
- [Feature]: Add observe_unmentioned_group_messages to IRC platform
- Bug Report: Local `file://` Images Not Rendering in Hermes Desktop App
- Bug: Cannot send messages with pure Chinese characters in Desktop — requires punctuation to trigger send
- Proposal: Agent self-maintenance ritual — diary + reflection + review for identity persistence
- QQ Bot: WebSocket reconnect causes approval deadlock (session mismatch)
- AION Kanban 总控失效修复 / AION Kanban control-issue guardrail
- Bug: Desktop on Windows silently truncates end of user input messages
- Feature: live meeting voice bridge via Vexa /speak
- Add `openrouter/free` to the OpenRouter `/model` picker
- Testing Issue
- [Bug]: Operouter/free plan is getting Error 400 since Noon UTC
- [Bug]: Desktop App Build Failure: Type error in use-slash-completions.ts
- [Feature]: Clean basic UI for dashboard
- Feature Requeat: Curator Dashboard + Profile Delegation Engine
- FileSyncManager: a failed sync() advances the rate-limit clock, suppressing the documented retry
- [Bug]: Kanban dashboard crashes - plugin SDK missing authedFetch/buildWsUrl after commit a6e47314f
- [Bug]: Desktop becomes unresponsive after suspend in no-network — composer and sessions panel frozen
- [Bug]: Desktop chat switching/new session pins last sent message at top of viewport
- [Bug]: Desktop lightning toggle re-enables itself and lacks clear labeling
- [Bug]: Desktop dragged images become unsupported binary files and disappear after chat switch
- Bug: supports_vision override ignores stripped named custom provider key
- [Bug]: write_file tool rejects a complete call when content is sent as file_content (or path as file_path)
- [Bug] Mid-thought tool execution splits reasoning into separate "Thinking" blocks
- Windows gateway /restart can leave gateway stopped when helper inherits _HERMES_GATEWAY
- [Desktop App] Profile 列表頁缺少「切換/啟用」功能,按下無反應
- OpenViking memory provider doesn't auto-start — you have to run `openviking-server` by hand
- [Bug]: background-review fork advertises the full tool schema to LOCAL endpoints, making weak local models thrash the deny-wall
- [Feature]: Support stopping a running webhook
- Bundled red-team skill descriptions are sent to every fallback provider. OpenAI Cyber Abuse warning triggered.
- [Bug]: Image base64 inserted to HindSight with multimodal llm (Minimax M3)
- [Bug]: background-review fork can't read an external file — model calls skill_manage(action="read_file") and gets "Unknown action"
- [Bug]: Hindsight plugin doesn't bypass SOCK5 proxy even if the config.json directs to localhost/127.0.0.1
- [Feature]: Stop TTS output while pressing PTT button in TUI?
- Claude Code OAuth (Max/Pro plan) still hits pay-per-token API endpoint — drains 'extra usage' credits instead of using subscription quota
- Optionally update the remote backend when updating the desktop app
- System prompt 'Model:' / 'Provider:' header is stale after mid-session model switches
- [Bug]: hermes update attempts to stop other users’ hermes-dashboard services on multi-user hosts
- Custom OpenAI-compatible provider can fail when upstream blocks OpenAI Python SDK default headers
- Model picker canonical ordering buries the active custom provider
- [Desktop] Tools & Keys → GitHub shows 'Internal server error' when saving/removing classic PAT (ghp_*)
- bug(agent): Agent lacks awareness of terminal-tool hardline command blocklist
- bug: OpenRouter model ID accounts/fireworks/models/deepseek-v4-pro invalidated — Hermes loops on 400 instead of fast-fallback
- Desktop (remote gateway, OAuth mode): saving settings fails with net::ERR_INVALID_ARGUMENT — manual Content-Length on Electron net.request
- Desktop app crashes on NVIDIA 580+ drivers (Ubuntu 24.04)
- Desktop: Electron renderer crash loop on remote gateway connection (v0.15.1)
- Kanban workers crash (protocol violation) when display.interface: tui — headless worker launches TUI, exits rc=0
- mnemosyne-hermes Plugin: NOT installed despite correct entry point registration (Python 3.11 / Hermes venv)
- [Bug]: sanitize_title removes the ESC anchor before the sequence is stripped — escape body survives in session titles
- [Hardening] session_search surfaces stored content to the model without ANSI stripping
- /clear should work in the gateway (on Telegram, etc.) not just the CLI
- [Feature]: Could Hermes Agent support a "minimum release age" option similar to PNPM?
- CLI resume can crash when printing restored cwd due to invalid Rich markup
- Terminal wrapper injects Windows paths when running in WSL
- File tools prepend Windows drive letters to Linux paths
- Secret redaction modifies actual command execution and output instead of only masking display
- Hermes Desktop creates separate HERMES_HOME instead of connecting to existing WSL installation
- # Bug Report: Hermes Agent 桌面端输入截断
- [Bug]: Bug Report: Hermes Agent 桌面端输入截断
- Desktop app: Send button doesn't switch from voice button when typing Chinese (IME composition)
- [Bug]: Desktop app freezes when pasting large multi-line text into composer
- [Bug]: Desktop: pasting a file from clipboard shows giant Finder preview but does not attach the file on send
- Feature request: session profile flags (-p finance) for lightweight context loading
- [Bug]: fix(whatsapp): DM pairing fails — self-chat default, allowlist conflict, missing dm_policy bridge
- Desktop chat can get stuck busy after idle WebSocket prompt timeout
- [Desktop app]: add font size / zoom control
- [Bug]: # Hermes Agent ” Customer-Facing Honcho Recall Leak
- feat(telegram): channel_profiles — route Telegram chats to Hermes profiles in one gateway
- Pinned Python deps carry known CVEs (urllib3 2.6.3, python-multipart 0.0.26, PyJWT 2.12.1, idna 3.13) — bump to patched releases
- Desktop installer ignores existing CLI ~/.hermes/ with sessions, creates fresh DB in LOCALAPPDATA
- Gateway config-bridging skips plugin platforms not in the Platform enum (channel_prompts silently no-op for LINE)
- [Bug]: (documentation err) skill curator can modify bundled skills
- [Bug]: hermes update / hermes desktop fails to compile desktop app in macOS
- Feature Request: Add delegated_role field to delegated sessions
- Bug: Firecrawl web provider ignores Hermes config env values
- Feature Request: Add official ByteDance / BytePlus ModelArk provider
- Add CLI/TUI session lineage tree viewer for parent/child sessions
- Gateway status should expose platform health and recover stale adapters
- [Bug] Post-compression final synthesis can fabricate source-backed findings without re-grounding
- [Desktop]: error invoking remote method 'hermes:api': Error: net::ERR_INVALID_ARGUMENT
- [Feature]: Add Japanese language support (i18n / localization)
- fix(feishu): card approval buttons use _allow_group_message instead of _is_interactive_operator_authorized, rejecting all users in DM
- Desktop app: Chinese IME input breaks composer - text not synced, Enter doesn't send
- Issue: Hindsight 插件与 hindsight_embed 包 API 不兼容
- Schema sanitizer should strip/rename property keys with invalid characters for strict backends
- [Feature]: Add Portuguese (pt-BR) language support to the desktop app (i18n / localization)
- [Bug]: Terminal escape sequences leaking into response output, causing first 1-3 characters to be cut
- ❤️ 一个中国用户的感谢信:Hermes 的 skill/memory 系统让我看到了 AI Agent 真正的可成长性
- Filtering apps by creators does not work.
- Collaborate with Teammates have a bug, sometimes it will lost changes or Overwriting others' changes
- Summary helper duplicates each line when merging text for summarization
- Saved CHAT prompt history leaks tool_calls onto the message after an assistant tool call
- Support image extract from excel document in dataset
- Update frontend CODEOWNERS scopes
- [Bug] Changing AI avatar/icon in backend does not update in embedded iframe chat (v1.14.2, self-hosted)
- Attachment-only hybrid retrieval is reranked as TEXT_QUERY instead of IMAGE_QUERY
- Feature Request: Lock Canvas / Lock Node Positions
- Workflow Tool optional file-list input fails when parent workflow passes an unset variable
- Unable to use gemini-3.5-flash via VertexAI after v0.45.1
- https://www.facebook.com/share/18qk7y7qGX/
- Duplicate agent name warning when running Gemini CLI from the user's home directory
- regression in v0.45.1 - doesn't work at all
- Gemini is making change and run command but don't mention it
- aj agents full free in web ide
- GeminiCLI.com Feedback: Extension meets listing requirements but is missing from gallery
- Интеграция Алисы с API Яндекса
- Bug in DB retry logic, connection not re-established indefinitely
- Manual login with a wrong password returns the "log in with SSO" error
- API key scopes select-all control is difficult to reach with NVDA
- Bug: MCP get_workflow_details returns empty workflow.tags for tagged workflows
- Webhook trigger firing multiple times
- Bug Report: update_workflow MCP tool requires undocumented 'operations' field
- Bug: Selfhosted Docker version of n8n says it is 1 version behind despite being on the latest version
- Credentials not working for duplicate
- Duplicate workflow credentials error
- Page hangs when connecting Google Drive OAuth, cannot connect.
- AI Agent with nested AgentToolV3 + Redis Memory sends invalid OpenAI tool messages in n8n 2.25.1
- [Bug] Anthropic API Error: Request blocked by cyber-related safeguards policy
- [VS Code] open?session= URI does not focus an already-open session - opens a fresh conversation (busy) or a duplicate view (idle)
- [Bug] Security-guidance plugin bypasses subscription billing and uses expensive model without warning
- [BUG] [Windows] Cowork crashes: HostLoop forces CLAUDE_CODE_GIT_BASH_PATH=%COMSPEC% (cmd.exe), overriding env/PATH/settings
- Selected model (Sonnet) not applied to session — /context shows Opus 1M, causing 200k overflow errors
- [Bug] Plugin disable/uninstall fails with scope mismatch for astronomer-data
- [Bug] Claude Code CLI performance degradation - slow response times
- [VSCode Extension] Markdown links to files with non-ASCII (e.g. Japanese) filenames fail silently to open
- [Feature Request] Allow read-only access to Code tab conversation history after subscription expires
- [BUG] Claude Desktop 1.11187.1 (Windows MSIX) crashes ~18s after launch — main process rss reaches ~2.7GB then dies
- [Bug] Anthropic API Error: Rate limiting despite normal usage patterns
- Notion MCP token invalidated after context compaction, requires re-authorization every session
- `/desktop` session transfer drops the EnterWorktree working directory — Desktop resumes in the main checkout (wrong branch), no mismatch warning
- [BUG] tool call markup corruption with "court" prefix
- [Bug] Excessive token consumption from single operation
- [Feature Request] Include task ID in task list output
- [BUG] 2.1.163: agents list stops dispatching keyboard events after ← detach — paste/mouse still work, fresh instance works concurrently (Windows Terminal + cmd, intermittent)
- [Bug] Anthropic API Error: Server Rate Limited - Requests Being Temporarily Throttled
- ALLOW ACCESS TO FOLDER WITH ADDITIONAL INFO/COMMENTS
- [BUG] Claude is logging out automatically on close - Mac OS
- [BUG] Slack MCP slack_read_file fails with invalid_union content validation error (content[1]) for binary files
- Claude deleted production database record without user permission
- macOS: Every version update creates a new TCC pasteboard permission entry, prompting user repeatedly
- Feature request: persist/default thinking blocks to expanded state
- [FEATURE] Right-click to Copy Image does not paste into Claude Code chat input (Linux)
- [BUG] Built-in Workflow tool description (~4k tokens) is injected as conversation content every turn, with no way to disable it
- Official marketplace fails schema validation on CLI 2.1.163 (git-subdir source type)
- `/loop` skill loads in web sessions but its backing tools (`CronCreate` / `ScheduleWakeup`) are not loadable
- Bug: crash on startup when developer_settings.json is empty or corrupt
- [Bug] Update mechanism fails to fetch latest version
- Claude Code does not advertise 'elicitation' MCP capability despite Elicitation hook being configured in settings.json
- [BUG] Unable to install claude desktop app on windows 11
- [Bug] False positive cyber safeguard blocks agentic workflow, causing token loss without recovery path
- [BUG] Edit staleness check fires after own git commit when pre-commit formatter touches unrelated lines
- [BUG] CronCreate: recurring ticks queue during busy REPL turns, then flush as duplicates on idle
- Claude desktop local-agent VM (claudevm.bundle/rootfs.img) grows unboundedly and is never reclaimed — silently fills disk, causes out-of-space failures
- Option to hide or collapse file diff output when editing files
- [BUG] Windows: ${CLAUDE_PLUGIN_ROOT} left unexpanded in Claude Desktop (Cowork), PreToolUse Bash hook fully blocked
- [Bug] Agent context fills unexpectedly when calling `/claude-api` endpoint
- Opus 4.8 in Claude Code: deflects bugs to external systems, band-aids instead of root-causing, over-steers the user, ignores stored rules
- [BUG] WSL2 text paste regression: Ctrl+V / right-click / Shift+Insert all fail in TUI input, worked in earlier version
- [Bug] Task auto-completion displays unexpected output tokens in message
- [Bug] Ultra Code Review crashes on Anthropic API rate limit without refunding credits
- Auto-compact stopped working for third-party API providers since v2.1.161
- Feature request: programmatic model switch for a running session (control-plane API, not keystroke injection)
- claude agents: resuming a despawned (idle-timed-out) session kills menu keyboard input on Windows
- You've hit your session limit · resets 12:50pm (Asia/Dubai)
- Allow renaming session titles
- [FEATURE] Session Teams (Make structured sessions and sessions can comunicate each others interactively)
- AUP false positive on medical imaging project (intracranial hemorrhage detection)
- Agents view: navigating into an agent and back (←) leaves stale/garbled frame until terminal resize
- [Bug] /config: After toggling "Dynamic workflows" to false, item disappears and cursor jumps to "Verbose output"
- Feature request: Assign colors to projects (shown in the sidebar)
- [Bug] Anthropic API Error: False positive cyber content block on legitimate local security review
- [BUG] IDE connection lost after /clear and /ide cannot reconnect (same as #55408, #28830)
- feat: support effort level in agent definition frontmatter
- [FEATURE] Setting to change claude code header design (unreadable)
- Message exchange during active task missing from subsequent conversation context
- Personal GitHub repo never appears in claude.ai/code repo picker despite GitHub App installed (+ mobile can't send images)
- [FEATURE] Slash-command autocomplete dropdown in claude.ai/code web UI (parity with the desktop app)
- [Bug] Text blocks between consecutive thinking blocks and tool calls silently dropped from TUI and session persistence
- [BUG] The unminimizable update/install popup is user-hostile garbage — fix it or give us a workaround
- [BUG] Cowork tab shows "Virtualization not enabled" false positive warning — Cowork works fully despite the error
- RFC: MCP Bidirectional Session Channels
- Claude code web: 400 "Invalid high surrogate" on every message, persists across new sessions, repo is clean.
- "Allow once" on the Workflow usage warning persists skipWorkflowUsageWarning, silently disabling it
- API Error: 400 We've updated our Consumer Terms and Privacy...
- Claude Desktop 1.11187.1 (macOS): claude:// deep link navigates in the background without foregrounding the window
- Stats heatmap counts a day active only if a session STARTED that day — days spent entirely in resumed sessions show 0 and break the streak
- [BUG] Tool-result references are not project/session isolated (cross-project content leakage)
- [Bug] Claude regressing on file change detection and autonomous file inspection
- [MODEL] ALL MODELS
- [FEATURE] Add archive/delete conversation feature
- [BUG] bgIsolation worktree tries shared checkout edit before entering worktree
- [FEATURE] Pre-fill the model on claude.ai/code via URL parameter
- C:/Program Files/Git/stickers returns 403 Forbidden in Japan
- Assistant text blocks not persisted to transcript JSONL when followed by interleaved thinking (regression ~2.1.159–2.1.162)
- [Feature Request] Add process timeout and termination for stuck commands
- [Bug] Task execution hangs across multiple sessions
- [Bug] Skills loaded but not visible in Claude Code interface
- Desktop app crash loop on macOS Tahoe 26.5.1 arm64: CCD bundle truncated to 172MB, errno -88; renderer v8-oom on /epitaxy route
- [Bug] Team memories feature not functioning correctly
- Windows: 杀毒软件的"PowerShell 脚本执行检测"导致 Claude Code Shell 全部 EPERM
- macOS app: file context menu 'Open in → Finder' does nothing (silent, no error)
- [BUG] `/permissions` reports success when adding new Allow rules and writeable workspace dirs that managed policy forbids (misleading UI, not enforced; no privilege escalation)
- MCP OAuth workspace binding can be ambiguous in multi-client workflows
- [Bug] Session unexpectedly terminated mid-conversation
- [BUG] Inline KaTeX math (`$...$`) no longer renders in chat output — only block `$$...$$` works (regression)
- False-positive Usage Policy block in long technical session
- [FEATURE] Feature Request: Japanese (i18n) support for slash command descriptions in the UI
- Tool calls rendered as raw text and fail to parse with claude-opus-4-8 in VS Code extension
- [BUG] Oversized-image 400 error triggers a retry loop that invalidates prompt cache and inflates cost ~35×
- [BUG] AddPackage failed: HRESULT 0x80073CF6
- Usage Policy refusal cascades into OAuth session invalidation — 5 forced re-logins/day during defensive coding on own codebase
- [Bug] Model refuses to execute git add command despite enabled tool permissions
- Add setting to disable auto-attaching IDE selection/active file by default (VS Code extension)
- [BUG] Claude Desktop (Windows): MCP tool calls hard-terminated and bridge wedge after repeated timeouts
- Spawned child process (versioned binary) grew to 12.3 GB RSS and was OOM-killed
- [BUG] Workflow-tool agent worktrees are never cleaned up — neither WorktreeRemove hook nor default removal fires on teardown
- [BUG] WorktreeCreate hook stdin payload doesn't match documentation — Workflow runtime sends 'name', docs say 'worktree_name' + 'base_path' + 'source_ref'
- I don't have a bug report to analyze. Please provide the actual error message, logs, or description of the problem you're experiencing with your Claude instance, and I'll generate an appropriate GitHub issue title for it.
- [BUG] Re-opening 37919
- Cowork (macOS): VM SDK 2.1.163 fails download_and_sdk_prepare ("Download failed") though artifact is reachable; no fallback to working 2.1.161
- [BUG] effortLevel "max" in settings.json ignored at session start (downgrades to high) — v2.1.162, regression of #43322
- [BUG] Shift+click required for text selection — regression from ~2 weeks ago
- MCP tool-result widgets render as empty boxes (Claude Code Desktop)
- [BUG] Claude CoWork 1M context error on a Max plan
- Desktop app (Windows): @ file mention has no autocomplete and folder picker cannot navigate folders
- [BUG] Vercel MCP OAuth token not persisted — empty accessToken after every auth
- [BUG] attribution.commit setting in settings.json is ignored — system prompt Co-Authored-By trailer always wins
- Permission prompts for desktop automation are slower than doing the task manually
- [Feature Request] Support drag-and-drop image input with file path output
- Allow sending Element Screenshot context to claude.ai web chat
- API error Usage credits required / Prompt too long in VSCode Claude Code plugin
- Assistant text before an AskUserQuestion dialog in the same turn is not displayed
- [Feature Request] Enhanced Claude personality/interaction modes for extended sessions
- [BUG] Can't create a routine
- [BUG] /stats activity heatmap: date labels off by one day (recent); day-of-week shift in pre-~April 25 history
- JetBrains plugin: ability to label/name individual sessions
- Can't collapse tool output blocks anymore since the latest desktop update (1.11187.1)
- [BUG] Session folders/groups reset after app update
- Cowork → Customise → Connect hangs after OAuth completes —...
- [BUG] OAuth login & `claude auth logout` crash with "null is not an object (evaluating 'T.history')" on macOS
- Status line: expose monthly usage/limit data
- [Bug] Anthropic API Error: 5xx Server Errors
- Session sync between Desktop app and VS Code/Cursor extension
- [Bug] Chat fails to execute simple git command, incorrectly reported as completed
- [Bug] Claude Code process frozen unresponsive to user input
- [BUG] Claude Desktop (macOS): file-attachment chip from agent file-delivery is not clickable (click is a no-op)
- [BUG] Max 20x Weekly Limit Still Depletes in 2–2.5 Days After June 1 "Fix" — Forced to Cancel $200/mo Subscription
- [Desktop] Respect statusLine setting (run statusline.sh) in the desktop app
- [Bug] Anthropic API returns fabricated quantitative estimates presented as grounded analysis to support pre-selected conclusions
- [BUG] Cowork archive uploads (zip etc.) fail to persist to VM — docx and other regular files work fine
- Claude in Chrome: CLI never connects when Claude Desktop is installed — extension binds only to Desktop's native host
- [Feature Request] Prevent auto-adding Claude as commit coauthor
- Subagent ignores tool-call denials and keeps fetching instead of summarizing existing context
- [MODEL] Model persistently assumes female gender for gender-neutral names (e.g. Dana), ignoring corrections
- Feature Request: Share project context between Claude.ai Chat and Claude Code
- [BUG] Unexpected token usage spike and continued consumption while Claude Code is inactive
- [FEATURE] Page Up and Page Down buttons don't work in Cowork unlike in Code - Claude Desktop Windows
- [BUG] HRESULT 0x80073CFF fix: install Git for Windows instead of PowerShell 7
- [BUG] Windows: claude agents spawn visible reg.exe console windows during background session startup
- Model quality feedback: Sonnet 4.6 misinterprets task instructions and gives nonsensical responses
- [BUG] Skill name conflict persists after full local cleanup — registry appears server-side
- [MODEL] session token utilization causing me to open new sessions every 2 hours and I'm on the max plan, happening for the last week
- [BUG] "Reset Application Data" dialog understates destructiveness — permanently deletes all Cowork sessions, outputs, and local skills without warning
- [Feature Request] Add automatic context usage monitoring - Agent has zero introspection into its own context-budget — and human-facing surfaces (/context, statusline) don't close the gap
- [FEATURE] Official Claude Desktop build for Linux (Ubuntu LTS / Debian)
- [BUG] MCP stdio server notifications/tools/list_changed does not refresh the tool catalog mid-session
- [Bug] Anthropic API Error: False-positive Usage Policy block on biomedical research with Opus 4.8
- /schedule skill consistently fails to connect to remote scheduling service (Pro account)
- Quickstart "Essential commands" table mixes shell and session commands without distinction
- [Bug] Claude Code native binary launch failure: disclaimer helper not executable
- Delete session button has no confirmation and sits 1px from edit button in VS Code session list
- Claude Code VS Code : ~181k token system prompt on new chats causes immediate "Prompt is too long"
- Tool call serialized as text (court<invoke>) with stop_reason=end_turn — model emits no executable tool_use, turn silently stalls (claude-opus-4-8)
- [Bug] Fully ignored rules, instructions and output-styles (any model), bloated and confusing interface and very poor quality overall
- Render statusline before MCP/plugin initialization completes
- [Bug] NameError in orchestrator error handler crashes Bug Hunter review on agent failure
- [BUG] Commits authored by [email protected] are attributed to unrelated GitHub user
- [BUG] IDE diagnostics (mcp__ide__getDiagnostics) unavailable in the VS Code embedded-panel runtime
- Native binary approach breaks Claude Code on QNX and BSD platforms
- Proposal: Behavior-memory budget advisor (Loop Pilot) as pre-loop hook
- [BUG] Canceling ExitPlanMode leaves terminal output broken
- VS Code extension: keyboard shortcut to toggle the active-file context chip
- VS Code extension: managing multiple chats is unreliable — no conversation list indicators, no archiving
- [BUG] Claude Desktop Code: Auto-Reconnects to Last SSH Host on Startup
- [Bug] Claude generating hallucinated fixes for non-existent issues
- [FEATURE] Wire `sandbox.allowPty` from settings.json into the macOS Seatbelt profile (sandbox-runtime already supports it)
- VS Code extension: terminal-mode Claude not respawned after window reload (panel returns empty)
- False-positive Usage Policy blocks on legitimate academic sessions: safety classifier fires mid-session on accumulated biomedical vocabulary
- [Bug] AWK variable syntax ($2) stripped from skill definitions
- [FEATURE] visibility: "team" for routine-created sessions (config-level + /fire override)
- [BUG] "claude auth status" says logged in but "claude" wants to login again
- [Bug] Anthropic API Error: Tool Result Block Missing Corresponding Tool Use Block
- [Bug] Anthropic API Error: Usage Policy Violation Without Clear Cause
- [BUG] Claude Code output ALWAYS cut-off in new "scrolling window" feature
- [Feature Request] Add ability to resume/continue stalled deep-research workflow runs
- [BUG] Failed to install plugin" i Cowork på macOS
- [BUG] /deep-research — default workflow frequently hits "API Error: Server is temporarily limiting requests"
- [Feature] Model-initiated dynamic effort allocation for multi-step operations
- [FEATURE] Add prompt_id to PostToolUse and PreToolUse hook payloads
- [BUG] Claude Max 5x: 1M context window auto-triggered in Cowork session, deducting usage credits without user request
- [FEATURE] Generic bindable action to send literal text / run a command from a keypress
- [Bug] Rating prompt triggers in fork subagents and deadlocks them
- [BUG] Persistent MCP server diagnostic alert after removing configuration
- [BUG] False-positive stop_reason=refusal block legitimate research in claude code 2.1.165
- [BUG] says "Server is temporarily limiting requests"
- [MODEL] Opus 4.6 - I told it to skip other data and it still imported other data.
- [Bug Report: Unable to determine issue from empty submission]
- [Feature Request] Tab autocomplete should complete to longest common prefix, not full-accept first match
- [Bug] Feedback prompts appearing unexpectedly during tool responses
- Agent teams mode: touch scroll broken over RDP (works in regular mode, same terminal)
- Auto-compact circuit breaker prevents compaction on Haiku (v2.1.65+)
- Plugin MCP reconnect fails: ${CLAUDE_PLUGIN_ROOT} not substituted after /model or session reconnect
- [MODEL] opus 4.8
- [Bug] Anthropic API Error: Security Policy Violation on Legitimate Code Project
- [Bug] Anthropic API Error: Usage Policy violation on legitimate code audit request
- [BUG] Model calls AskUserQuestion with no preceding text block — explanation stays in thinking and never reaches the user
- Hosted Notion MCP (DCR): client re-registers per session → repeated full re-auth (orphaned refresh tokens)
- [Bug] Wakeup command injects fake "USER INPUT" leading to hallucination spirals
- [BUG] Claude Cowork blocked by "Usage credits required for 1M context" — usage credits enabled, /model workaround non-functional, triggers at 7% session usage during compaction
- Image/screenshot attachments not delivered to the model (Claude Code on claude.ai)
- [BUG] `claude.workspaceRoot` changes context but not session list scope
- Stale OAuth refresh token causes persistent 401 "Invalid authentication credentials" that `/login` does not recover from (manual deletion of ~/.claude/.credentials.json required)
- [BUG] Claude for Office (PowerPoint/Excel), Mac Broken
- [BUG] MCP client drops a trailing Optional[str] tool argument from tools/call (present in schema, lost on the wire)
- [FEATURE] Feature Request: Optional sync between Claude Chat Projects and Claude Code memory/instructions
- [Bug] Auto-update Failed Error
- Sycophantic drift under correction causes loss of precision when user is frustrated
- UI diff/file view stays pinned to original harness worktree; doesn't follow EnterWorktree branch switch
- Plugin subagents can't resolve ${CLAUDE_PLUGIN_ROOT}/${CLAUDE_PROJECT_DIR} — no way to read plugin-bundled files from a subagent
- [BUG] Conector Figma deshabilitado en Cowork — flujo OAuth no funciona
- Docs: plugin MCP tool namespacing + allowed-tools vs subagent tools: enforcement are under-documented
- [BUG] Frequent session freezes / connection drops on Claude Code (VS Code extension) under
- [Bug] Approval prompt fails to render intermittently, causing session to hang
- [BUG] VS Code Extension Not Connecting to Claude
- Stats dashboard counts multi-day sessions only on their start date (Active days / streaks / peak hour undercounted)
- [FEATURE] VSCode extension: session titles truncated in Ctrl+Tab switcher despite available screen space
- [BUG] Inline $...$ LaTeX does not render in Claude Code desktop tab (macOS/Windows) — display $$...$$ works
- cli unexpected status 401 Unauthorized
- Codex Mobile setup: Allow button is a no-op because app-server rejects `remoteControl/enable`
- Windows desktop upgrade leaves openai-bundled marketplace partial, causing Browser/Computer Use unavailable
- [Feature request] Add a “hold queued tasks” control for human-in-the-loop review
- When i paste a long json , the app will get stuck forever
- Codex Desktop: resume conversation and model settings fail when cloud config bundle times out
- [CLI] Windows: Intermittent infinite scroll animation loop when resuming long conversations after heavy usage
- Mac desktop app freezes on launch (blank screen, high CPU) — corrupted ~/.codex session; fixed by moving the folder aside
- Fullscreen triggers abnormal transparent background on Codex App
- PendingMigrationError again in latest codex plugin in vscode.
- full screen error windows11
- Pro 5x: weekly limit dropped from ~ to ~ after June 1; quota drains passively even when not using Codex
- Editing latest side chat message fails with "failed to edit message"
- Codex TUI thread rename fails over VS Code SSH with thread/name/set failed
- Codex Desktop injects UTC current date despite America/Los_Angeles timezone
- New Pro sub purchased but doesn't seem to apply
- Computer Use native pipe unavailable on Windows despite codex-computer-use pipe existing
- Background automation cannot consistently resolve or reach external hosts while interactive shell and Postman can
- Windows Codex Desktop regenerates node_repl MCP config that crashes with UAC ERROR_ELEVATION_REQUIRED when Computer Use is enabled
- Codex Desktop Windows: terminal/code font setting is hidden and missing Geist Mono causes unreadable spacing
- Codex app-server stdout EOF while process remains alive for specific provider-visible context payloads
- Add a web-based Codex plugin marketplace and let Codex submit feedback with user approval
- Codex mobile cannot reconnect after desktop-side paired phone is deleted; iOS keeps stale offline Windows host
- Windows Codex app: Computer Use shows "Computer Use plugins unavailable" despite current docs saying Windows is supported
- Add a pause work button in app
- Service Tier selector is hidden when refresh token is expired but access token is still valid
- Codex App cannot find Connections in Settings
- VS Code Codex extension burns sustained CPU while waiting for a workspace to become a Git repository
- VS Code extension: support VS Code notifications
- Add General User Mode and Claim Gates for non-programmer Codex users
- Integrated terminal scrollback is truncated after switching projects
- Codex mobile stays offline with red dot after repeated re-pairing; Reconnect does nothing
- Remote Control: target node_repl launches with controller CODEX_HOME env despite correct target config
- computer use tool is missed
- Computer Use plugin is unavailable in Codex Desktop on Windows
- Codex CLI npm self-update hangs on NFS because old running binary remains as `.nfs*`
- Codex doesn't work properly after resuming from being sent to suspend
- Codex Desktop terminal view renders with excessive character spacing and sparse layout
- Codex Desktop imagegen repeatedly fails with TooManyRequests and no clear recovery path
- Make Codex CLI pricing banner plan-aware for Plus users
- TUI: final agent message silently dropped from terminal when `terminal_resize_reflow` feature is enabled
- VS Code extension crashes when trying to paste string
- Built-in image_gen returns unrelated infographic outputs in Codex CLI session
- Context compaction on remote connection failing due to invalid value: `context_compaction`
- Queued /clear drops later queued prompts
- codex upload ~/.codex/rules/default.rules even when sandbox_mode = "danger-full-access"
- Codex Desktop five-hour usage-limit percentage sometimes increases during active window
- Codex Desktop pet overlay can leave the main composer without focus on macOS
- Windows Desktop update relaunch does not restore maximized window state
- /model persists current selection to config.toml; clarify or make session-scoped
- Feature request: official Shopee connector/plugin for Codex ecommerce workflows
- Codex sandbox appears to hang after multi-file Black runs complete.
- Codex CLI TUI remains sluggish after compaction because visible transcript replay is not compact-aware
- Disable the shit sidebar from the app completely
- Codex App settings shows Chrome extension disconnected while the extension backend is usable from another Chrome profile
- MCP OAuth workspace binding can silently diverge from CLI profiles in multi-client workflows
- Windows Computer Use unavailable: native pipe missing in Codex Desktop 26.602.30954
- Codex Desktop cron automation appears to be scheduled in both local time and UTC
- codex's gpt image doesn't accept editing mask
- 左侧栏和顶部无法显示
- Codex App on macOS repeatedly prompts to reinstall bundled computer-use plugin after every restart
- JSON Schema: `permissions` does not allow "<name>" key
- Computer Use not enabled - Windows - Egypt -Plus account
- codex imagegen bug 无法生图
- Windows Codex app missing “Control this PC” tab in Settings > Connections
- Codex usage quota decreases slowly even when I am not actively using Codex