You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Follow-up from the architect integration re-review of #929 / PR #1059 (codex CMAP finding). #929 made getArchitectHarness/getBuilderHarnessoverride-aware, so a recognized non-claude override command (TOWER_ARCHITECT_CMD=gemini, --architect-cmd codex, --builder-cmd gemini) now resolves its own harness instead of claude — closing the <cmd> --resume <claude-uuid> crash-loop for codex/gemini/opencode.
Residual edge
resolveHarness() (packages/codev/src/agent-farm/utils/harness.ts:~330-340) auto-detects the harness from the command basename and, when nothing matches and there is no explicit shell.architectHarness / shell.builderHarness, falls back to CLAUDE_HARNESS — which implements buildResume.
So an unrecognized override command (e.g. TOWER_ARCHITECT_CMD=bash, or a wrapper script my-cli.sh) with no matching harness config still resolves the claude harness. With a stale Claude .jsonl for that cwd, launchInstance then builds <unknown-cmd> --resume <claude-uuid> — the same crash-loop class #929 set out to kill, shifted from gemini/codex to "unknown command."
Severity / scope
Not a regression. Pre-Support codex as an architect #929 the architect resume path read the claude session store unconditionally, so this unrecognized-command path was already vulnerable; Support codex as an architect #929 strictly improved things (fixed recognized CLIs) without worsening this sliver.
Pre-existing, broad behavior. "Unknown command → default to CLAUDE_HARNESS" governs all harness capabilities (role injection via --append-system-prompt too), not just resume — so a proper fix is a design decision about unknown-command harness semantics, separable from Support codex as an architect #929.
Narrow exposure. Requires an unrecognized override command + no explicit *Harness config + a stale Claude jsonl for the cwd. The recommended .codev/config.json-driven path is unaffected.
Proposed fix (for discussion)
When resolveHarness is given an explicit-but-unrecognized command (command provided, detectHarnessFromCommand returns null, no explicit harness name), resolve to a harness that does not implement buildResume (e.g. a minimal/no-capability default, or a claude harness variant with resume disabled) rather than full CLAUDE_HARNESS. Add a regression test (TOWER_ARCHITECT_CMD=bash + stale jsonl → no --resume).
Acceptance
Unrecognized override command + stale Claude jsonl does not produce <cmd> --resume <uuid>.
Decision documented for what role-injection an unknown command should receive.
Context
Follow-up from the architect integration re-review of #929 / PR #1059 (codex CMAP finding). #929 made
getArchitectHarness/getBuilderHarnessoverride-aware, so a recognized non-claude override command (TOWER_ARCHITECT_CMD=gemini,--architect-cmd codex,--builder-cmd gemini) now resolves its own harness instead of claude — closing the<cmd> --resume <claude-uuid>crash-loop for codex/gemini/opencode.Residual edge
resolveHarness()(packages/codev/src/agent-farm/utils/harness.ts:~330-340) auto-detects the harness from the command basename and, when nothing matches and there is no explicitshell.architectHarness/shell.builderHarness, falls back toCLAUDE_HARNESS— which implementsbuildResume.So an unrecognized override command (e.g.
TOWER_ARCHITECT_CMD=bash, or a wrapper scriptmy-cli.sh) with no matching harness config still resolves the claude harness. With a stale Claude.jsonlfor that cwd,launchInstancethen builds<unknown-cmd> --resume <claude-uuid>— the same crash-loop class #929 set out to kill, shifted from gemini/codex to "unknown command."Severity / scope
codexas an architect #929 the architect resume path read the claude session store unconditionally, so this unrecognized-command path was already vulnerable; Supportcodexas an architect #929 strictly improved things (fixed recognized CLIs) without worsening this sliver.CLAUDE_HARNESS" governs all harness capabilities (role injection via--append-system-prompttoo), not just resume — so a proper fix is a design decision about unknown-command harness semantics, separable from Supportcodexas an architect #929.*Harnessconfig + a stale Claude jsonl for the cwd. The recommended.codev/config.json-driven path is unaffected.Proposed fix (for discussion)
When
resolveHarnessis given an explicit-but-unrecognized command (command provided,detectHarnessFromCommandreturns null, no explicit harness name), resolve to a harness that does not implementbuildResume(e.g. a minimal/no-capability default, or a claude harness variant with resume disabled) rather than fullCLAUDE_HARNESS. Add a regression test (TOWER_ARCHITECT_CMD=bash+ stale jsonl → no--resume).Acceptance
<cmd> --resume <uuid>.