diff --git a/.env.example b/.env.example index 41a4406..01d98ef 100644 --- a/.env.example +++ b/.env.example @@ -55,3 +55,9 @@ BASE_RPC_URL= # [SECRET] on-chain RPC endpoint # ── Tuning ──────────────────────────────────────────────────────────────── CLAUDE_TIMEOUT=7200 # [CONFIG] max seconds per Claude invocation +# ── Factory safety ──────────────────────────────────────────────────────── +# Disables Claude Code auto-updater, telemetry, error reporting, and bug +# command. Factory sessions are production processes — they must never phone +# home or auto-update mid-session. Added after #725 (crash during red-team run). +CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1 # [CONFIG] suppress all non-essential traffic + diff --git a/bin/disinto b/bin/disinto index 8c804c0..8291f9d 100755 --- a/bin/disinto +++ b/bin/disinto @@ -1416,6 +1416,12 @@ p.write_text(text) echo "Config: WOODPECKER_AGENT_SECRET generated and saved to .env" fi + # Ensure Claude Code never auto-updates, phones home, or sends telemetry (#725) + if ! grep -q '^CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=' "$env_file" 2>/dev/null; then + printf 'CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1\n' >> "$env_file" + echo "Config: CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1 saved to .env" + fi + # Create labels on remote create_labels "$forge_repo" "$forge_url" diff --git a/lib/env.sh b/lib/env.sh index 221438e..b53979a 100755 --- a/lib/env.sh +++ b/lib/env.sh @@ -81,6 +81,10 @@ export WOODPECKER_REPO_ID="${WOODPECKER_REPO_ID:-}" export WOODPECKER_SERVER="${WOODPECKER_SERVER:-http://localhost:8000}" export CLAUDE_TIMEOUT="${CLAUDE_TIMEOUT:-7200}" +# Disable Claude Code auto-updater, telemetry, error reporting in factory sessions. +# Factory processes must never phone home or auto-update mid-session (#725). +export CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1 + # Matrix homeserver: inside compose Dendrite is at http://dendrite:8008, # on bare metal it defaults to http://localhost:8008. if [ -z "${MATRIX_HOMESERVER:-}" ]; then