From c80914b03695b6b41865222b360db337ef2ca574 Mon Sep 17 00:00:00 2001 From: Yifan Yang Date: Mon, 8 Jun 2026 14:31:51 +0000 Subject: [PATCH] fix(sleep): disable global skills in claude calls (--bare --disable-slash-commands) The clean-cwd + --disallowedTools isolation was NOT enough: the user's GLOBAL skills (~/.claude/skills) are injected regardless of cwd, so reflect/attempt still sometimes replied with a list of installed skills instead of JSON edits (advisor reflect returned 21KB of skill descriptions, n_edits=0 -> gate reject). Add --bare (skip hooks/LSP/plugins) and --disable-slash-commands (disable all skills). Verified: the optimizer now returns clean JSON. Re-validating all seeds with the truly-isolated backend; prior Claude numbers are being recomputed honestly (some earlier "successes" were partly leak-assisted). Co-Authored-By: Claude Opus 4 --- skillopt/sleep/backend.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/skillopt/sleep/backend.py b/skillopt/sleep/backend.py index bdde261..a37dffc 100644 --- a/skillopt/sleep/backend.py +++ b/skillopt/sleep/backend.py @@ -410,14 +410,21 @@ class ClaudeCliBackend(CliBackend): self.claude_path = claude_path def _call(self, prompt: str, *, max_tokens: int = 1024) -> str: - # Run ISOLATED: a clean temp cwd so the ambient project's CLAUDE.md / - # skills / tools do not leak into the optimizer/target call, no tools, - # and per-machine dynamic system-prompt sections excluded. Without this, - # `claude -p` answers with full Claude Code context and ignores our - # prompt (e.g. it lists the user's installed skills). + # Run ISOLATED so the ambient Claude Code environment does not leak into + # the optimizer/target call. Critically, the user's GLOBAL skills + # (~/.claude/skills) are injected regardless of cwd, so we must disable + # them explicitly — without this, reflect/attempt sometimes reply with a + # list of the user's installed skills instead of doing the task. + # --bare skip hooks, LSP, plugins (minimal mode) + # --disable-slash-commands disable all skills + # --disallowedTools '*' no tool use + # --exclude-dynamic-... drop per-machine cwd/env/memory/git sections + # cwd= no project CLAUDE.md import tempfile cmd = [ self.claude_path, "-p", "--output-format", "text", + "--bare", + "--disable-slash-commands", "--disallowedTools", "*", "--exclude-dynamic-system-prompt-sections", ]