Resilient Claude Agent

- Fix false-positive task abandonment: pane classifier was matching broad patterns (continue?, (y/n)) anywhere in the last 30 lines of output, killing healthy tasks whose output happened to contain those phrases. Now matches only actual prompt shapes at end-of-line within the last 5 lines, and requires persistence across 2 consecutive polls before abandoning. - Fix manifest data loss under concurrent writes: wrapper and monitor both update the manifest; previously they wrote to the same .tmp path and could clobber each other. Now uses mkdir-based locking and per-call mktemp paths. - Fix retry-budget escape for flapping tasks: RETRY_COUNT was reset on fresh output, so a crash-resume-work-crash loop never hit MONITOR_MAX_RETRIES. Added a separate TOTAL_RETRY_COUNT that never resets and drives the cap. - Fix resume dispatch on paths with spaces: tmux send-keys was passing bash $WRAPPER_PATH unquoted; any skill install path containing whitespace (common on macOS) broke the resume path. Now shell-quotes via printf '%q'.

Version 1.0.16 - Added a new script: scripts/local-smoke-test.sh for running local smoke tests. - No other changes to core functionality.

1. wrapper: touch done → kill -TERM $monitor_pid 2. monitor: TERM trap fires immediately (trap is installed before monitor.pid exists, so no race) 3. handle_term function: checks done file → exists → logs "Completion signal received" → exit 0 4. EXIT trap (cleanup): updates manifest if needed, kills tmux session, removes monitor.pid 5. Monitor process is gone within milliseconds of wrapper finishing

- Monitor writes its PID to monitor.pid at startup and installs trap ':' USR1. The no-op handler is the key trick — bash interrupts sleep whenever a trapped signal arrives, so the monitor wakes from its polling sleep and immediately re-runs the loop iteration, sees done, and exits cleanly through the EXIT trap. - Wrapper sends kill -USR1 <monitor_pid> right after touch done. Best-effort: if monitor.pid doesn't exist or the signal fails, the monitor still catches completion on its next scheduled poll. - Cleanup removes monitor.pid on exit.

- Launch command (nohup ... & with log redirect): prevents SIGHUP from killing the monitor when the Brain's shell context exits. Output goes to $TMPDIR/monitor.log for post-mortem inspection. - Signal traps (TERM/HUP/INT): log the signal and exit cleanly, firing the EXIT trap for manifest cleanup. SIGKILL still can't be trapped — nohup is the real fix — but softer signals now get graceful handling.

No user-visible changes in this release. - Version bump to 1.0.12 with no changes to files or documentation content.

Version 1.0.11 of resilient-claude-agent - No code or documentation changes detected in this version. - No new features, bugfixes, or updates specified.

**Added a comprehensive "Trust Model" section clarifying runtime permissions and security expectations.** - Documents all security-relevant capabilities and mitigations, including `--dangerously-skip-permissions` and tmux behaviors. - Outlines required trust assumptions and recommendations for deployment. - No code or behavioral changes; documentation update only. - No file changes detected in this release.

No user-visible changes; documentation updated only. - Updated skill documentation (SKILL.md) instructions for launching Claude Code sessions. - Clarified that the wrapper now invokes Claude Code with the --dangerously-skip-permissions flag to ensure non-interactive operation inside tmux. - No changes to code or runtime behavior.

- No changes to source files in this release. - Documentation only: SKILL.md updated for clarity and formatting; no behavioral or functional changes.

resilient-claude-agent v1.0.7 - Update documentation to clarify that the model field in the manifest now accepts both short aliases (e.g., opus, sonnet) and full model names (e.g., claude-opus-4-6, claude-sonnet-4-6). - No code changes; documentation only.

No changes detected. - Version 1.0.6 contains no file modifications compared to the previous release. - Behavior, features, and documentation remain the same as the prior version.

Version 1.0.5 of resilient-claude-agent - No code or documentation changes detected in this release. - Version increment only; functionality and usage remain unchanged. - Fix permission errors on ClawHub install: monitor and wrapper now invoked with bash prefix so execute bits aren't required

### Version 1.0.4 - Added `scripts/lib.sh` as a new file to the repository. - Simplified required binaries in metadata (removed `jq` and `bash`). - Changed the task state manifest format from JSON (`manifest.json`) to plain key=value (`manifest`) files. - Updated all related documentation and examples to reflect the new manifest format and requirements.

- Added perl and openclaw as required binaries in the skill metadata. - No functional or behavioral changes; documentation updated to accurately reflect system requirements.

No file changes detected; documentation update only. - The SKILL.md was updated to clarify prompt handling for additional safety. - In the "Prompt safety" section, replaced subshell command substitution with explicit stdin redirection in the wrapper (`claude -p --model "$MODEL" - < "$TASK_TMPDIR/prompt"`), emphasizing that prompts never appear in arguments or shell expansions. - All instructions and safety notes were reviewed for accuracy; no logic or behavioral changes were made.

- Skill renamed from **resilient-coding-agent** to **resilient-claude-agent** - Added `jq` and `bash` as required dependencies in metadata - Usage guidance updated: Orchestrator now explicitly decides when to delegate; self-invocation removed - Clarified description and usage to focus on orchestrator-driven delegation and improved conciseness

Initial release. Fire-and-forget Claude Code execution in tmux with three-layer health monitoring, automatic crash recovery, hang detection, model routing, and structured task state.