My Claude Code Hooks Stopped Firing After an Update — the Hyphenated Matcher Exact-Match Change in v2.1.195
In Claude Code v2.1.195, hook matchers containing a hyphen switched from partial match to exact match, silently disabling an existing PreToolUse hook. Here is how I isolated the cause and how to write matchers that won't break.
Trusting a Three-Day-Old Mirror: Stopping Unattended Tasks from Acting on a Stale Working Copy
A persistent clone reused for speed quietly drifts from the remote. Read 'has this article been fixed yet?' from an out-of-sync tree and your unattended task duplicates work or 'succeeds' against an old world. Here is a HEAD-match plus writability preflight, with a self-healing re-clone, in bash.
Failing Loud on Stale Inputs: A Freshness Contract for Unattended Pipelines
How to stop a scheduled, unattended pipeline from silently shipping degraded work when its upstream data is empty or stale. We implement a freshness contract in bash that asserts recency, non-emptiness, and provenance, plus two real pitfalls I hit running Cowork scheduled tasks.
Borrowing the Trusted Devices Idea for a Solo Setup: Pinning Automated Runs to Devices You Approved
The Trusted Devices feature that landed in Claude Code on June 28, 2026 is for Team and Enterprise. You can't use the feature on a solo plan, but you can borrow the idea. Here is how to identify a device in a way that doesn't break, and stop any automated run that starts from a device you never approved — with working code and the traps to avoid.
Did That Post Actually Go Through? Safely Retrying an Interrupted MCP Write Without Double-Executing
When an MCP write tool call is interrupted by a dropped connection, you can't tell whether the server ran it. Here's why naive retries cause double-execution, and a working wrapper that uses idempotency keys and a reconcile read to retry safely — with examples from an unattended pipeline.
Stop Leaving a Static API Key in Your Unattended Jobs — Move to Short-Lived WIF Credentials
Claude Code is moving from static API keys toward short-lived, scoped credentials via WIF (Workload Identity Federation). Here is how to translate that idea to a small unattended pipeline so a leaked key has a much smaller blast radius — with working code and the failure modes to watch.
Will It Stay Light When You Run It Unattended? Observing and Capping Claude Code's Long-Session Memory
How to keep long, unattended Claude Code sessions from slowly getting heavier — with a tiny ps-based RSS sampler, a rolling-baseline watchdog, and session segmentation, shown with working scripts and a before/after comparison.
Logged as success, but it produced nothing — stopping silent failures in Cowork scheduled tasks with end-of-run assertions
A Cowork scheduled task exits 0, yet not a single artifact was produced. Trusting the exit code alone hides this silent failure. Here is how to turn your definition of done into end-of-run assertions that fail loudly with an evidence log.
Stop the Bill Before It Balloons: Designing API Key Blast Radius for Unattended Pipelines
Designing for leaks instead of pretending they won't happen: workspace-scoped keys, zero-downtime rotation, and a usage watchdog that flags spikes with a rolling baseline and median absolute deviation — wired into a scheduled run.
When the Same Model Name Starts Behaving Differently: A Startup Canary for Unattended Pipelines
An in-place Opus upgrade can change your output, and an unattended publishing pipeline will never notice. Here is a lightweight startup canary that fingerprints behavior, catches drift, and halts the batch — with measured cost and latency.
Higher Rate Limits Don't Mean Tighter Schedules — Spend the Headroom on 429 Recovery
When Claude Code's rate limits went up, the instinct was to pack the schedule tighter. Here's why I did the opposite and routed the new headroom into retry budget instead — a pacing note for unattended pipelines.
Your Sandbox Can Run the Code but Shouldn't Read Your Credentials — Shrinking the Secret-Read Surface with sandbox.credentials
Claude Code's sandbox can still read ~/.aws/credentials and token env vars by default. Using sandbox.credentials (v2.1.187+), here is how I tightened the secret-read surface of unattended runs at the OS level, with config and verification you can reuse.