Conversation
…skip ci] Auto-generated by .github/workflows/build.yml from tag v1.7196.1-dev.20260516.05b5e3f. Asset: https://github.com/stslex/claude-desktop-linux/releases/download/v1.7196.1-dev.20260516.05b5e3f/claude-desktop-1.7196.1.dev.20260516.05b5e3f-repack-0-x86_64-nix.tar.gz SHA256: e7848efa96d663fd029849f52e4e5d8ad27e35f0e337744bd80a7d873e5156ec
touched. Summary of findings Phase 1 — what it does. stubs/platform-headers.js installs three header-injection layers (electron.net.request wrap, Node http(s).request/get wrap, session.webRequest.onBeforeSendHeaders). Each filters to hosts ending in anthropic.com / claude.ai and sets Anthropic-Client-OS-Platform: darwin + Anthropic-Client-OS-Version: 14.0. No User-Agent change. Idempotent via a global Symbol. Phase 2 — ON_BY_DEFAULT. Copied at scripts/patch-cowork.sh:560-564, prepended via require at :586, validated at :631, summarized at :698. No ENABLE_EXPERIMENTAL_PATCHES guard anywhere in its chain — unlike the cowork-socket / dispatch / TCC patches at lines 692-694 which explicitly gate themselves on that flag. Phase 3 — no invariant is actually violated, but the claimed one doesn't exist. The brief described a "No platform spoofing in network headers" invariant in CLAUDE.MD and a "No HTTP header / User-Agent spoofing" non-goal in ARCHITECTURE.MD. Neither phrasing exists. The verbatim Invariants block (CLAUDE.MD:83-101) is silent on header injection. The behavior is disclosed at CLAUDE.MD:264-275, :517-522, and ARCHITECTURE.MD:446-455 — accurately, with scope and motivation — but the disclosure lives far from the Invariants section. The audit row docs/audit-gemini.md:62 is a factual description, not an allegation. Phase 4 — UNVERIFIABLE FROM SOURCE. The in-asar gate patch (apply-platform-gate.mjs + platform-override.js) operates client-side; platform-headers.js operates against the server. Internal documentation asserts the server-side dependency, but source alone cannot prove what api.anthropic.com does when the headers are absent. Memo describes the minimal runtime test (disable headers in the deployed bundle, observe Cowork availability + binary-bundle URL behaviour).
Changes made:
- Added INVARIANTS.md with the extracted protected sections and
DISPUTED markers for Dispatch and platform-header wording.
- Replaced the original protected sections in CLAUDE.MD:83 and
ARCHITECTURE.MD:446 with the requested one-line pointer.
- Added .github/workflows/invariant-guard.yml, including fail-closed
diff computation and anti-tamper behavior.
- Added docs/invariant-guard-backfill.md, covering all historical
commits found by the retroactive guard pass.
- Appended ## Guard Installed to docs/platform-headers-decision.md.
- Appended ## Guard Installed to docs/platform-headers-decision.md.
…skip ci] Auto-generated by .github/workflows/build.yml from tag v1.7196.1-dev.20260516.e9a8e98. Asset: https://github.com/stslex/claude-desktop-linux/releases/download/v1.7196.1-dev.20260516.e9a8e98/claude-desktop-1.7196.1.dev.20260516.e9a8e98-repack-0-x86_64-nix.tar.gz SHA256: f5cf4ce58a7eb55f14d794d0aff5b084e71885a7c66c5cc92b271950e1bfe35e
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 552254c388
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| exit 1 | ||
| fi | ||
|
|
||
| changed_files="$(git diff --name-only "$DIFF_BASE" "$HEAD_SHA" --)" || { |
There was a problem hiding this comment.
Compute-time detection is based on git diff --name-only "$DIFF_BASE" "$HEAD_SHA", which only reports net file changes between the two snapshots. If a PR touches INVARIANTS.md (or the guard workflow) in an intermediate commit and later reverts that file, it disappears from changed_files, so the guard passes even though protected and behavior-changing paths were modified in the same event range. This creates a straightforward bypass of the anti-tamper rule the workflow is intended to enforce.
Useful? React with 👍 / 👎.
…skip ci] Auto-generated by .github/workflows/build.yml from tag v1.7196.1-dev.20260516.7fc5169. Asset: https://github.com/stslex/claude-desktop-linux/releases/download/v1.7196.1-dev.20260516.7fc5169/claude-desktop-1.7196.1.dev.20260516.7fc5169-repack-0-x86_64-nix.tar.gz SHA256: 635ecb37aa3b78dde040a6b694622d8c58d1570dbd907a4da68eab9df2c38ba9
id/class:s/platform-headers-decision.md.
2. packaging/AppDir/claude-desktop.desktop
3. flake.nix — executable production (NixOS path, electronBin != null,
4. Icon install paths (scripts/build-nix.sh:119–160, baked into the
tarball that flake.nix untars into $out)
5. Summary lines:
- RESOLVED BINARY NAME the user executes: claude-desktop (at
$out/bin/claude-desktop; it execs nixpkgs electron — so the actual
process name visible to the kernel/compositor is electron)
- DESKTOP FILE BASENAME (no extension): claude-desktop
- Icon= VALUE: claude-desktop
- Any app_id / --class currently passed to Electron: NONE
…skip ci] Auto-generated by .github/workflows/build.yml from tag v1.7196.1-dev.20260516.dd20bf1. Asset: https://github.com/stslex/claude-desktop-linux/releases/download/v1.7196.1-dev.20260516.dd20bf1/claude-desktop-1.7196.1.dev.20260516.dd20bf1-repack-0-x86_64-nix.tar.gz SHA256: d884be06f94d56a5c5c362a64945f4ebd53c13307d98de992cf730572dac5e03
…skip ci] Auto-generated by .github/workflows/build.yml from tag v1.7196.1-dev.20260516.0b45d55. Asset: https://github.com/stslex/claude-desktop-linux/releases/download/v1.7196.1-dev.20260516.0b45d55/claude-desktop-1.7196.1.dev.20260516.0b45d55-repack-0-x86_64-nix.tar.gz SHA256: c43607810374031e8d007f38ee866d3c0256331de188715337349b0e81074928
…skip ci] Auto-generated by .github/workflows/build.yml from tag v1.7196.1-dev.20260516.009b5cf. Asset: https://github.com/stslex/claude-desktop-linux/releases/download/v1.7196.1-dev.20260516.009b5cf/claude-desktop-1.7196.1.dev.20260516.009b5cf-repack-0-x86_64-nix.tar.gz SHA256: 6f20d2bb7835efa7ae59fff06b715acaf9ac2561b2495aa65fc515c0acc61bf0
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.