* fix: eliminate 8 as any in MCP handlers, structured output, and stream events
- Group A: Add : () => AnyObjectSchema type annotations to MCP notification
schema constants (useIdeSelection, useIdeLogging, usePrompts, channelNotification)
- Group B: Add isStructuredOutputAttachmentMessage type guard for structured
output attachment payloads (execAgentHook)
- Group C: Add isMessageDeltaStreamEvent type guard for message_delta
stream event usage extraction (forkedAgent)
These as any casts also exist in the upstream CCB source — this fix provides
real type safety without changing any runtime behavior.
* feat: wire mode persona injection — Claude Soul Document distilled into system prompt
- prompts.ts: add getModePersonaSection() → injects current mode's
systemPrompt as 'mode_persona' dynamic section (first in order,
before operational instructions). Previously modes had systemPrompt
fields but they were never sent to the model.
- modes/personas/claude.ts: 3KB distilled Claude persona from
Anthropic's leaked Claude 4.5 Opus Soul Document (70KB → operational
extract): core traits, 7 honesty principles, helpfulness/caution
balance, collaboration stance, identity stability.
- With custom mode YAML (~/.claude/modes/claude.yaml), 7 modes total
including the new Claude persona — fully operational at /mode claude.
Co-Authored-By: James Feng <47167674+GhostDragon124@users.noreply.github.com>
* fix: import path convention + reword persona source comment
- prompts.ts: use 'src/modes/store.js' alias instead of relative '../modes/store.js'
to match the file's existing import convention
- claude.ts: reword JSDoc to say 'based on publicly available reference document'
instead of 'leaked', addressing CodeRabbit review concern
* docs: update contributors
* docs: update contributors
* feat: add mode system with 6 AI personality presets
Add a /mode command that lets users switch between 6 interaction
modes, each with distinct system prompts, UI themes, permission
defaults, and response verbosity:
- Default (⚡) — balanced, everyday development
- Gentle (🌸) — patient explanations for learning
- Dr. Sharp (🔍) — strict 3-phase code review workflow
- Workhorse (🐴) — auto-execute, minimal confirmations
- Token Saver (💰) — minimal replies to save tokens
- Super AI (🧠) — deep analysis, proactive suggestions
Custom modes can be defined via YAML files in ~/.claude/modes/.
New files:
- src/modes/types.ts — CCBMode interface
- src/modes/defaults.ts — 6 built-in mode presets
- src/modes/store.ts — mode state management with useSyncExternalStore
- src/commands/mode/index.ts — command registration
- src/commands/mode/mode.tsx — mode picker UI
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Node.js v22 undici internal calls performance.markResourceTiming() after
every fetch. The performance shim was missing this method, causing
TypeError crashes in ACP mode when running with Node.js.
searchSkills() called .trim() on query without null-guard. When
DiscoverSkills is invoked through ExecuteExtraTool with missing
description, query is undefined, causing 'Cannot read properties of
undefined (reading trim)'.
Fixed with optional chaining: !query.trim() → !query?.trim()
Co-Authored-By: deepseek-v4-pro <deepseek-ai@claude-code-best.win>
🔒 Security Discovery: Un-gated outbound connection bypasses privacy controls
Summary
-------
preconnectAnthropicApi() unconditionally sends a TCP+TLS handshake to
api.anthropic.com on every ccb startup — even when the user has explicitly
disabled all non-essential traffic via CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1
or DISABLE_TELEMETRY=1.
This is the LAST un-gated outbound connection in the entire startup path.
Every other telemetry sink (Sentry, Langfuse, OpenTelemetry, GrowthBook,
1P Event Logger, Datadog, BigQuery, etc.) already respects the
privacyLevel module's isEssentialTrafficOnly() gate. This one did not.
Impact
------
While the preconnect is a HEAD request with no payload, the connection
itself leaks the client's IP address and session timing to Anthropic's
infrastructure. For privacy-conscious users and enterprise deployments
that have disabled telemetry, this constitutes an unexpected data leak.
Fix
---
Add isEssentialTrafficOnly() check at the function entry, consistent
with every other privacy-gated code path in the codebase. The
privacyLevel module is already imported by init.ts and 12+ other
modules — no new dependencies.
Verification
------------
Reproduced and verified via strace on Linux (aarch64):
# Before fix
$ strace -f -e connect ccb -p <<< 'hello'
connect(16, sin_addr=inet_addr("160.79.104.10"), sin_port=htons(443)) = 0
# ↑ connector to api.anthropic.com despite CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1
# After fix
$ strace -f -e connect ccb -p <<< 'hello'
# ↑ zero remote TCP connections — all traffic to localhost only
Changes: 1 file, +5 lines (import + gate)
OpenAI's prompt_tokens includes cached tokens, but Anthropic's
input_tokens semantic excludes them. The adapter was mapping
prompt_tokens → input_tokens verbatim, causing downstream code
(cache hit rate, cost, autocompact) to double-count.
Real-world impact: DeepSeek returns prompt_tokens=34097 with
cached_tokens=34048, displayed as 50% hit rate instead of 99.86%.
Co-Authored-By: glm-5.1 <zai-org@claude-code-best.win>
