Skip to content

Fix Claude probe session pollution#2263

Merged
steipete merged 1 commit into
mainfrom
codex/issue-2251-probe-sessions
Jul 17, 2026
Merged

Fix Claude probe session pollution#2263
steipete merged 1 commit into
mainfrom
codex/issue-2251-probe-sessions

Conversation

@steipete

Copy link
Copy Markdown
Owner

Summary

  • persist one installation-local Claude probe UUID in the existing ClaudeProbe working directory
  • pass that UUID through --session-id for both direct and watchdog-backed Claude CLI launches
  • remove stale probe-owned transcripts before launch and keep the identifier file permission-restricted

Root cause

The CLI usage source starts an interactive Claude session so it can invoke /usage and /status. It previously launched without a session identity, causing every cold probe launch to register another empty account-side session.

Claude CLI 2.1.212 still has no non-interactive quota command. Its --no-session-persistence flag is print-mode-only, so it cannot drive the interactive /usage panel. Reusing an explicit session ID preserves every field the existing probe collects without creating a new identity per refresh.

Background delegated refresh is already policy-gated after #2191, so this currently affects user-initiated CLI refreshes rather than scheduled background probes. Repeated refreshes and cold launches still polluted the account session list.

Verification

  • swift test --filter ClaudeCLISessionTests — 3 passed
  • swift test --filter ClaudeDirectUsageFallbackTests — 3 passed
  • swift test --filter ClaudeProbeWorkingDirectoryTests — 6 passed
  • make check — SwiftFormat clean; SwiftLint 0 violations; repository checks passed
  • autoreview — clean, no accepted/actionable findings

Live account-side counting was unavailable: the working local Claude CLI 2.1.206 is logged out, while the global 2.1.212 wrapper is missing its native optional dependency. No credentialed probe was attempted.

Closes #2251

@clawsweeper clawsweeper Bot added rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. P2 Normal priority bug or improvement with limited blast radius. labels Jul 17, 2026
@clawsweeper

clawsweeper Bot commented Jul 17, 2026

Copy link
Copy Markdown

Codex review: needs maintainer review before merge. Reviewed July 17, 2026, 2:20 PM ET / 18:20 UTC.

Summary
The PR persists an installation-local Claude probe UUID, passes it as --session-id through direct and watchdog-backed Claude CLI launches, cleans stale probe transcripts, and adds session-ID persistence tests.

Reproducibility: yes. in source terms: the report identifies the Claude CLI usage probe launch path that previously lacked a stable --session-id, and the branch adds tests around the replacement behavior. A high-confidence live authenticated reproduction was not available because no credentialed Claude CLI probe was run.

Review metrics: 2 noteworthy metrics.

  • Patch scope: 2 files affected; 116 added, 3 removed. The implementation is tightly limited to the Claude launch path and its focused regression suite.
  • Focused coverage: 3 named test filters reported; 12 focused tests. The PR reports coverage for session reuse, direct fallback behavior, and probe working-directory handling.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🌊 off-meta tidepool
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Let the pending build and macOS test checks complete.
  • [P2] When an authenticated Claude CLI environment is available, add a redacted before/after verification that repeated probes reuse one account-side session.

Risk before merge

  • [P1] Focused tests validate local UUID persistence and argument construction, but the PR body does not include a redacted authenticated Claude account-side observation confirming that repeated real probes create no additional session entries.

Maintainer options:

  1. Decide the mitigation before merge
    Land the stable probe-session identity after normal maintainer review and completed checks, then obtain a redacted live verification when a working authenticated Claude CLI environment is available.
  2. Pause or close
    Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

  • [P2] Repository policy requires explicit human handling for an owner-authored PR; no narrow automated repair is indicated.

Maintainer decision needed

  • Question: Should this owner-authored Claude CLI behavior change be approved after the pending repository checks complete, with live account-side confirmation treated as follow-up evidence rather than a merge gate?
  • Rationale: Repository policy keeps owner-authored pull requests open for explicit maintainer judgment; the remaining uncertainty is production-account behavior that unit tests cannot observe.
  • Likely owner: steipete — Repository-owner authorship and the directly affected Claude probe implementation make this the clearest available decision route.
  • Options:
    • Approve after checks (recommended): Merge the narrow tested fix once required checks pass, and collect redacted authenticated probe evidence when an environment is available.
    • Require live confirmation first: Wait for a redacted account-side before/after count showing repeated probes reuse one Claude session before approval.

Security
Cleared: The patch only adds local UUID persistence, restricted file permissions, cleanup of probe-owned artifacts, and CLI argument forwarding; no dependency, workflow, permission, or secret-handling expansion is indicated.

Review details

Best possible solution:

Land the stable probe-session identity after normal maintainer review and completed checks, then obtain a redacted live verification when a working authenticated Claude CLI environment is available.

Do we have a high-confidence way to reproduce the issue?

Yes in source terms: the report identifies the Claude CLI usage probe launch path that previously lacked a stable --session-id, and the branch adds tests around the replacement behavior. A high-confidence live authenticated reproduction was not available because no credentialed Claude CLI probe was run.

Is this the best way to solve the issue?

Yes, provisionally: reusing one private installation-local session identifier preserves the existing interactive usage probe while avoiding a fresh account-side session per cold launch. A future non-interactive Claude quota interface could be preferable if the CLI provides one, but the PR body says none is currently available for this workflow.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 7ea74d4ccf12.

Label changes

Label changes:

  • add P2: This fixes recurring provider-specific account session pollution with a bounded user-impact scope.
  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🌊 off-meta tidepool and patch quality is 🐚 platinum hermit.
  • add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: This is a maintainer-authored PR, so external-contributor real-behavior proof is not a merge gate; its reported evidence is focused tests and checks, while live authenticated account-side confirmation remains unavailable.

Label justifications:

  • P2: This fixes recurring provider-specific account session pollution with a bounded user-impact scope.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🌊 off-meta tidepool and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: This is a maintainer-authored PR, so external-contributor real-behavior proof is not a merge gate; its reported evidence is focused tests and checks, while live authenticated account-side confirmation remains unavailable.
Evidence reviewed

What I checked:

  • Probe launch implementation: The branch prepares the probe working directory, removes stale probe-owned session artifacts, loads or creates a stable UUID, and supplies that UUID in the Claude launch arguments for both direct and watchdog-backed launches. (Sources/CodexBarCore/Providers/Claude/ClaudeCLISession.swift:299, 2d60bbb82665)
  • Focused regression coverage: The added test suite verifies persisted UUID reuse, exact --session-id launch arguments, restricted identifier-file permissions, invalid-ID replacement, and fallback behavior. (Tests/CodexBarTests/ClaudeCLISessionTests.swift:1, 2d60bbb82665)
  • Reported root cause and candidate fix: The linked report documents one account-side empty session per Claude usage probe; this PR explicitly closes that report with stable session reuse rather than changing the interactive /usage and /status probe workflow. (2d60bbb82665)
  • Current review baseline: The PR is a cleanly mergeable two-file change against current main, with 116 additions and 3 deletions; remaining CI jobs were still in progress or queued at review time. (7ea74d4ccf12)

Likely related people:

  • steipete: The PR is authored by the repository owner and changes the Claude CLI probe implementation under active maintenance. (role: repository owner and current area decision owner; confidence: high; commits: 2d60bbb82665; files: Sources/CodexBarCore/Providers/Claude/ClaudeCLISession.swift, Tests/CodexBarTests/ClaudeCLISessionTests.swift)
  • Yuxin-Qiao: Merged work on the immediately adjacent Claude background-probe policy established the surrounding launch and refresh boundary relevant to this change. (role: adjacent Claude probe contributor; confidence: medium; commits: 5f136af0899f; files: Sources/CodexBarCore/Providers/Claude/ClaudeCLISession.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@steipete
steipete merged commit cfb7b80 into main Jul 17, 2026
8 checks passed
@steipete

Copy link
Copy Markdown
Owner Author

Merged as cfb7b8036087cc1186b963ada7bec2ce9efa71e2 from exact head 2d60bbb8266505652f5d9bb2542e8f910070140d.

Verification:

  • swift test --filter ClaudeCLISessionTests: 3 tests passed.
  • swift test --filter ClaudeDirectUsageFallbackTests: 3 tests passed.
  • swift test --filter ClaudeProbeWorkingDirectoryTests: 6 tests passed.
  • make check: passed; SwiftFormat 0/1535 files need formatting, SwiftLint 0 violations across 1534 files, and all repository checks passed.
  • git diff --check: clean.
  • Autoreview: clean; no accepted/actionable findings.
  • CI on exact head: changes, lint, Linux x64, Linux arm64, macOS shards 0/2 and 1/2, aggregate lint-build-test, and GitGuardian all passed. macOS shards completed in 36m42s and 30m06s.
  • Merge state before merge: CLEAN and MERGEABLE. No approval was required by repository policy.

Live claude.ai session-list counting could not be run from this worktree: the usable installed Claude CLI reports loggedIn: false, while the newer global wrapper is missing its native optional package. This limitation was documented before merge. Source inspection and tests verify every direct/watchdog probe launch now receives the same persisted UUID through --session-id, with a stable process-local fallback when persistence is unavailable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

P2 Normal priority bug or improvement with limited blast radius. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Claude CLI usage probe mints a new empty account session per probe, polluting the claude.ai session list (dozens of <host>-<word>-<word> entries)

1 participant