Improve gh.sh wrapper: stricter validation and better error messages

- Use allowlist for issue view (numeric issue numbers only)
- Enforce zero positional args for issue list / label list
- Pin GH_HOST and GH_REPO explicitly to avoid ambient state
- Add descriptive error messages with usage examples

.claude/commands/oncall-triage.md

@@ -1,40 +0,0 @@
----
-allowed-tools: Bash(gh issue list:*), Bash(gh issue view:*), Bash(gh issue edit:*), TodoWrite
-description: Triage GitHub issues and label critical ones for oncall
----
-
-You're an oncall triage assistant for GitHub issues. Your task is to identify critical issues that require immediate oncall attention and apply the "oncall" label.
-
-Repository: anthropics/claude-code
-
-Task overview:
-
-1. First, get all open bugs updated in the last 3 days with at least 50 engagements:
-   ```bash
-   gh issue list --repo anthropics/claude-code --state open --label bug --limit 1000 --json number,title,updatedAt,comments,reactions | jq -r '.[] | select((.updatedAt >= (now - 259200 | strftime("%Y-%m-%dT%H:%M:%SZ"))) and ((.comments | length) + ([.reactions[].content] | length) >= 50)) | "\(.number)"'
-   ```
-
-2. Save the list of issue numbers and create a TODO list with ALL of them. This ensures you process every single one.
-
-3. For each issue in your TODO list:
-   - Use `gh issue view <number> --repo anthropics/claude-code --json title,body,labels,comments` to get full details
-   - Read and understand the full issue content and comments to determine actual user impact
-   - Evaluate: Is this truly blocking users from using Claude Code?
-     - Consider: "crash", "stuck", "frozen", "hang", "unresponsive", "cannot use", "blocked", "broken"
-     - Does it prevent core functionality? Can users work around it?
-   - Be conservative - only flag issues that truly prevent users from getting work done
-
-4. For issues that are truly blocking and don't already have the "oncall" label:
-   - Use `gh issue edit <number> --repo anthropics/claude-code --add-label "oncall"`
-   - Mark the issue as complete in your TODO list
-
-5. After processing all issues, provide a summary:
-   - List each issue number that received the "oncall" label
-   - Include the issue title and brief reason why it qualified
-   - If no issues qualified, state that clearly
-
-Important:
-- Process ALL issues in your TODO list systematically
-- Don't post any comments to issues
-- Only add the "oncall" label, never remove it
-- Use individual `gh issue view` commands instead of bash for loops to avoid approval prompts

.github/workflows/claude-dedupe-issues.yml

@@ -17,7 +17,6 @@ jobs:
     permissions:
       contents: read
       issues: write
-      id-token: write
 
     steps:
       - name: Checkout repository

.github/workflows/claude-issue-triage.yml

@@ -18,7 +18,6 @@ jobs:
     permissions:
       contents: read
       issues: write
-      id-token: write
 
     steps:
       - name: Checkout repository

.github/workflows/oncall-triage.yml

@@ -1,118 +0,0 @@
-name: Oncall Issue Triage
-description: Automatically identify and label critical blocking issues requiring oncall attention
-on:
-  push:
-    branches:
-      - add-oncall-triage-workflow  # Temporary: for testing only
-  schedule:
-    # Run every 6 hours
-    - cron: '0 */6 * * *'
-  workflow_dispatch: # Allow manual trigger
-
-jobs:
-  oncall-triage:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      issues: write
-      id-token: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup GitHub MCP Server
-        run: |
-          mkdir -p /tmp/mcp-config
-          cat > /tmp/mcp-config/mcp-servers.json << 'EOF'
-          {
-            "mcpServers": {
-              "github": {
-                "command": "docker",
-                "args": [
-                  "run",
-                  "-i",
-                  "--rm",
-                  "-e",
-                  "GITHUB_PERSONAL_ACCESS_TOKEN",
-                  "ghcr.io/github/github-mcp-server:sha-7aced2b"
-                ],
-                "env": {
-                  "GITHUB_PERSONAL_ACCESS_TOKEN": "${{ secrets.GITHUB_TOKEN }}"
-                }
-              }
-            }
-          }
-          EOF
-
-      - name: Run Claude Code for Oncall Triage
-        timeout-minutes: 10
-        uses: anthropics/claude-code-action@v1
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          allowed_non_write_users: "*"
-          prompt: |
-            You're an oncall triage assistant for GitHub issues. Your task is to identify critical issues that require immediate oncall attention.
-
-            Important: Don't post any comments or messages to the issues. Your only action should be to apply the "oncall" label to qualifying issues.
-
-            Repository: ${{ github.repository }}
-
-            Task overview:
-            1. Fetch all open issues updated in the last 3 days:
-               - Use mcp__github__list_issues with:
-                 - state="open"
-                 - first=5 (fetch only 5 issues per page)
-                 - orderBy="UPDATED_AT"
-                 - direction="DESC"
-               - This will give you the most recently updated issues first
-               - For each page of results, check the updatedAt timestamp of each issue
-               - Add issues updated within the last 3 days (72 hours) to your TODO list as you go
-               - Keep paginating using the 'after' parameter until you encounter issues older than 3 days
-               - Once you hit issues older than 3 days, you can stop fetching (no need to fetch all open issues)
-
-            2. Build your TODO list incrementally as you fetch:
-               - As you fetch each page, immediately add qualifying issues to your TODO list
-               - One TODO item per issue number (e.g., "Evaluate issue #123")
-               - This allows you to start processing while still fetching more pages
-
-            3. For each issue in your TODO list:
-               - Use mcp__github__get_issue to read the issue details (title, body, labels)
-               - Use mcp__github__get_issue_comments to read all comments
-               - Evaluate whether this issue needs the oncall label:
-                 a) Is it a bug? (has "bug" label or describes bug behavior)
-                 b) Does it have at least 50 engagements? (count comments + reactions)
-                 c) Is it truly blocking? Read and understand the full content to determine:
-                    - Does this prevent core functionality from working?
-                    - Can users work around it?
-                    - Consider severity indicators: "crash", "stuck", "frozen", "hang", "unresponsive", "cannot use", "blocked", "broken"
-                    - Be conservative - only flag issues that truly prevent users from getting work done
-
-            4. For issues that meet all criteria and do not already have the "oncall" label:
-               - Use mcp__github__update_issue to add the "oncall" label
-               - Do not post any comments
-               - Do not remove any existing labels
-               - Do not remove the "oncall" label from issues that already have it
-
-            Important guidelines:
-            - Use the TODO list to track your progress through ALL candidate issues
-            - Process issues efficiently - don't read every single issue upfront, work through your TODO list systematically
-            - Be conservative in your assessment - only flag truly critical blocking issues
-            - Do not post any comments to issues
-            - Your only action should be to add the "oncall" label using mcp__github__update_issue
-            - Mark each issue as complete in your TODO list as you process it
-
-            7. After processing all issues in your TODO list, provide a summary of your actions:
-               - Total number of issues processed (candidate issues evaluated)
-               - Number of issues that received the "oncall" label
-               - For each issue that got the label: list issue number, title, and brief reason why it qualified
-               - Close calls: List any issues that almost qualified but didn't quite meet the criteria (e.g., borderline blocking, had workarounds)
-               - If no issues qualified, state that clearly
-               - Format the summary clearly for easy reading
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-          claude_args: |
-            --mcp-config /tmp/mcp-config/mcp-servers.json
-            --allowedTools "mcp__github__list_issues,mcp__github__get_issue,mcp__github__get_issue_comments,mcp__github__update_issue"

CHANGELOG.md

@@ -1,5 +1,57 @@
 # Changelog
 
+## 2.1.63
+
+- Added `/simplify` and `/batch` bundled slash commands
+- Fixed local slash command output like /cost appearing as user-sent messages instead of system messages in the UI
+- Project configs & auto memory now shared across git worktrees of the same repository
+- Added `ENABLE_CLAUDEAI_MCP_SERVERS=false` env var to opt out from making claude.ai MCP servers available
+- Improved `/model` command to show the currently active model in the slash command menu
+- Added HTTP hooks, which can POST JSON to a URL and receive JSON instead of running a shell command
+- Fixed listener leak in bridge polling loop
+- Fixed listener leak in MCP OAuth flow cleanup
+- Added manual URL paste fallback during MCP OAuth authentication. If the automatic localhost redirect doesn't work, you can paste the callback URL to complete authentication.
+- Fixed memory leak when navigating hooks configuration menu
+- Fixed listener leak in interactive permission handler during auto-approvals
+- Fixed file count cache ignoring glob ignore patterns
+- Fixed memory leak in bash command prefix cache
+- Fixed MCP tool/resource cache leak on server reconnect
+- Fixed IDE host IP detection cache incorrectly sharing results across ports
+- Fixed WebSocket listener leak on transport reconnect
+- Fixed memory leak in git root detection cache that could cause unbounded growth in long-running sessions
+- Fixed memory leak in JSON parsing cache that grew unbounded over long sessions
+- VSCode: Fixed remote sessions not appearing in conversation history
+- Fixed a race condition in the REPL bridge where new messages could arrive at the server interleaved with historical messages during the initial connection flush, causing message ordering issues.
+- Fixed memory leak where long-running teammates retained all messages in AppState even after conversation compaction
+- Fixed a memory leak where MCP server fetch caches were not cleared on disconnect, causing growing memory usage with servers that reconnect frequently
+- Improved memory usage in long sessions with subagents by stripping heavy progress message payloads during context compaction
+- Added "Always copy full response" option to the `/copy` picker. When selected, future `/copy` commands will skip the code block picker and copy the full response directly.
+- VSCode: Added session rename and remove actions to the sessions list
+- Fixed `/clear` not resetting cached skills, which could cause stale skill content to persist in the new conversation
+
+## 2.1.62
+
+- Fixed prompt suggestion cache regression that reduced cache hit rates
+
+## 2.1.61
+
+- Fixed concurrent writes corrupting config file on Windows
+
+## 2.1.59
+
+- Claude automatically saves useful context to auto-memory. Manage with /memory
+- Added `/copy` command to show an interactive picker when code blocks are present, allowing selection of individual code blocks or the full response.
+- Improved "always allow" prefix suggestions for compound bash commands (e.g. `cd /tmp && git fetch && git push`) to compute smarter per-subcommand prefixes instead of treating the whole command as one
+- Improved ordering of short task lists
+- Improved memory usage in multi-agent sessions by releasing completed subagent task state
+- Fixed MCP OAuth token refresh race condition when running multiple Claude Code instances simultaneously
+- Fixed shell commands not showing a clear error message when the working directory has been deleted
+- Fixed config file corruption that could wipe authentication when multiple Claude Code instances ran simultaneously
+
+## 2.1.58
+
+- Expand Remote Control to more users
+
 ## 2.1.56
 
 - VS Code: Fixed another cause of "command 'claude-vscode.editor.openLast' not found" crashes

scripts/gh.sh

@@ -11,6 +11,15 @@ set -euo pipefail
 #   ./scripts/gh.sh search issues "search query" --limit 10
 #   ./scripts/gh.sh label list --limit 100
 
+export GH_HOST=github.com
+
+REPO="${GH_REPO:-${GITHUB_REPOSITORY:-}}"
+if [[ -z "$REPO" || "$REPO" == */*/* || "$REPO" != */* ]]; then
+  echo "Error: GH_REPO or GITHUB_REPOSITORY must be set to owner/repo format (e.g., GITHUB_REPOSITORY=anthropics/claude-code)" >&2
+  exit 1
+fi
+export GH_REPO="$REPO"
+
 ALLOWED_FLAGS=(--comments --state --limit --label)
 FLAGS_WITH_VALUES=(--state --limit --label)
 
@@ -21,6 +30,7 @@ case "$CMD" in
   "issue view"|"issue list"|"search issues"|"label list")
     ;;
   *)
+    echo "Error: only 'issue view', 'issue list', 'search issues', 'label list' are allowed (e.g., ./scripts/gh.sh issue view 123)" >&2
     exit 1
     ;;
 esac
@@ -45,6 +55,7 @@ for arg in "$@"; do
       fi
     done
     if [[ "$matched" == false ]]; then
+      echo "Error: only --comments, --state, --limit, --label flags are allowed (e.g., ./scripts/gh.sh issue list --state open --limit 20)" >&2
       exit 1
     fi
     FLAGS+=("$arg")
@@ -62,24 +73,24 @@ for arg in "$@"; do
   fi
 done
 
-REPO="${GH_REPO:-${GITHUB_REPOSITORY:-}}"
-
 if [[ "$CMD" == "search issues" ]]; then
-  if [[ -z "$REPO" ]]; then
-    exit 1
-  fi
   QUERY="${POSITIONAL[0]:-}"
   QUERY_LOWER=$(echo "$QUERY" | tr '[:upper:]' '[:lower:]')
   if [[ "$QUERY_LOWER" == *"repo:"* || "$QUERY_LOWER" == *"org:"* || "$QUERY_LOWER" == *"user:"* ]]; then
+    echo "Error: search query must not contain repo:, org:, or user: qualifiers (e.g., ./scripts/gh.sh search issues \"bug report\" --limit 10)" >&2
     exit 1
   fi
   gh "$SUB1" "$SUB2" "$QUERY" --repo "$REPO" "${FLAGS[@]}"
+elif [[ "$CMD" == "issue view" ]]; then
+  if [[ ${#POSITIONAL[@]} -ne 1 ]] || ! [[ "${POSITIONAL[0]}" =~ ^[0-9]+$ ]]; then
+    echo "Error: issue view requires exactly one numeric issue number (e.g., ./scripts/gh.sh issue view 123)" >&2
+    exit 1
+  fi
+  gh "$SUB1" "$SUB2" "${POSITIONAL[0]}" "${FLAGS[@]}"
 else
-  # Reject URLs in positional args to prevent cross-repo access
-  for pos in "${POSITIONAL[@]}"; do
-    if [[ "$pos" == http://* || "$pos" == https://* ]]; then
-      exit 1
-    fi
-  done
-  gh "$SUB1" "$SUB2" "${POSITIONAL[@]}" "${FLAGS[@]}"
+  if [[ ${#POSITIONAL[@]} -ne 0 ]]; then
+    echo "Error: issue list and label list do not accept positional arguments (e.g., ./scripts/gh.sh issue list --state open, ./scripts/gh.sh label list --limit 100)" >&2
+    exit 1
+  fi
+  gh "$SUB1" "$SUB2" "${FLAGS[@]}"
 fi