Skip to content

clawgod

v1.1.1 Breaking

This release includes 3 breaking changes for platform teams planning a safe upgrade.

Published 1mo AI Coding Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai assistant claude-ai claude-code claw clawcode
+8 more
limit linux macos patch skill vibe-coded vibe-coding windows

Affected surfaces

breaking_upgrade auth

Summary

AI summary

claude update is patched to redirect into clawgod-aware install scripts, removing destructive macOS and Windows behavior.

Full changelog

Highlights

This release neutralizes claude update (which was actively destructive on both macOS and Windows under clawgod), strips three stale install-source paths that were pinning users to old versions, and removes cli.cjs's drift detection — all manifestations of one underlying assumption (that upstream's install/update flow would keep our world up to date) that no longer held.

claude update was breaking installs in two distinct ways

Under the clawgod launcher, upstream's detectInstallType() returns unknown because our wrapper hides cli.cjs from its path heuristics. The "unknown installation" fallback then did very different — and equally broken — things on each platform:

  • macOS: extracted Anthropic's bun runtime from the new native binary and overwrote ~/.bun/bin/bun with it (an Apr-19 mtime stable build). That silently downgraded the user's Bun, and clawgod's launcher hardcodes that path — so the next launch of claude --version blew up with TypeError: Expected CommonJS module to have a function wrapper. If you weren't messing around with Bun's internals, this is a bug in Bun. The error was misleading: nothing was wrong with cli.original.cjs, it just needed Bun ≥ what it was compiled with.
  • Windows: claude update wrote the new binary somewhere outside ~/.local/share/claude/versions/, reported Successfully updated from 2.1.119 to 2.1.121, and then claude --version showed 2.1.119. clawgod's drift detection scanned versions/ (which still had only the initial 2.1.119), found nothing to update, and the upgrade was a complete no-op.

The fix patches claude update itself so it redirects into install.{sh,ps1} — the single source of truth for clawgod-aware upgrades. No more unknown fallback, no more touching ~/.bun/bin/bun. The redirect prints a 3-line banner before continuing, and the third line points at bash ~/.clawgod/install.sh --uninstall for users who'd rather drop clawgod and use vanilla claude update directly.

PowerShell 5.1's quirks needed to be accounted for in the redirect's Windows path:

  • Invoke-WebRequest -UseBasicParsing returns byte[] for .Content on PS 5.1 (returns string on PS 7), so iex (iwr ...).Content throws Cannot convert System.Byte[] to System.String. Switched to Invoke-RestMethod (irm), which returns string in both versions.
  • PS 5.1's iwr reads only the IE proxy settings — not HTTPS_PROXY / HTTP_PROXY env. The redirect now reads env explicitly and passes via -Proxy, working in both versions.
  • The PowerShell payload is shipped via -EncodedCommand (UTF-16LE base64) to bypass CLI argument-quoting hell entirely.

Stale install-source detection removed

Three detection paths were silently keeping users pinned to whatever version they had on the day they first installed clawgod:

  • ~/.local/share/claude/versions/ and %LOCALAPPDATA%\Programs\claude-code — these only ever grow on a vanilla Claude install. With clawgod patching out claude update, they become write-once: pick from them and you're frozen on first-install version forever.
  • claude.orig / claude.orig.exe backups — they're a frozen snapshot from initial install, kept so --uninstall can restore vanilla Claude. Using them as a fresh install source guarantees stale binaries.

Detection now always routes to the chain that actually carries current versions: npm-global → bun-global → npm registry fallback. The npm-registry path was already there as last-resort; it's now the default for users who don't have a recent global install.

cli.cjs's drift detection removed

The wrapper used to scan ~/.local/share/claude/versions/ on every launch and re-patch if it found a newer binary than what was stamped in .source-version. With nothing legitimately writing new versions to that directory under clawgod (Anthropic's claude update is now patched out), drift detection had nothing real to detect — but it could and did retract a fresher version that install.{sh,ps1} had just pulled from npm registry, putting users into an infinite re-patch loop on every launch. Gone.

Install-time Bun sanity check

Anthropic builds Claude with Bun's canary channel (currently 1.3.14), while bun.sh's stable still ships 1.3.13 — so a freshly-downloaded Bun fails on cli.original.cjs out of the box. Rather than letting install.{sh,ps1} complete and leaving a launcher that panics on first invocation, we now load cli.cjs --version once before writing the launcher; if Bun panics with the function-wrapper error, install fails fast with a multi-line message that names the version mismatch, points at bun upgrade --canary (which pulls from GitHub Releases — not visible on bun.sh's download page), and special-cases scoop, where the bun shim refuses self-replace and the user has to scoop uninstall bun before going via bun.sh.

Release workflow

.github/workflows/release.yml gets FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" for parity with compat-daily.yml. Project policy: never run JS-based actions (actions/checkout, etc.) on Node 20 across any of our workflows.

Verified

  • Daily CI run 25044012815 on a fresh ubuntu-latest against v1.1.1's install.sh: 24 patches applied / 0 failed against Anthropic v2.1.121, sanity check passes, claude --version prints 2.1.121 (Claude Code) exit 0.
  • Local macOS arm64: clean re-install, sanity check passes, no drift / re-patch logs, claude --version is a single line.
  • Windows arm64 (user reproduction with pwsh.exe + scoop bun 1.3.13): pre-fix claude update left the user pinned to 2.1.119 with no error; post-fix .\install.ps1 reaches the sanity check and fails fast with the upgrade-bun guidance, exactly as designed.

Install

macOS / Linux:

curl -fsSL https://github.com/0Chencc/clawgod/releases/latest/download/install.sh | bash

Windows (PowerShell):

irm https://github.com/0Chencc/clawgod/releases/latest/download/install.ps1 | iex

Existing v1.1.0 / earlier users: the redirect lives in cli.original.cjs, which is only refreshed on the next clawgod self-install. If you're on v1.1.0 with no redirect installed yet, claude update will still take the broken upstream path one last time. Run the install one-liner above (or bash ~/.clawgod/install.sh from a clone) once — afterwards claude update will redirect into self-update for all subsequent upgrades.

Closes: #51

Full changelog: https://github.com/0Chencc/clawgod/compare/v1.1.0...v1.1.1

Breaking Changes

  • Removes destructive `claude update` behavior on macOS and Windows by redirecting to `install.{sh,ps1}`.
  • Strips three stale install‑source paths (`~/.local/share/claude/versions/`, `%LOCALAPPDATA%\Programs\claude-code`, and `claude.orig` backups) that pinned users to old versions.
  • Removes cli.cjs drift detection which caused infinite re‑patch loops.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track clawgod

Get notified when new releases ship.

Sign up free

About clawgod

All releases →

Related context

Beta — feedback welcome: [email protected]