@link-assistant/hive-mind 1.73.4 → 1.73.6

package/CHANGELOG.md

@@ -1,5 +1,65 @@
 # @link-assistant/hive-mind
 
+## 1.73.6
+
+### Patch Changes
+
+- defa8c4: fix(claude): repair corrupted thinking-block transcripts so resume preserves context (#1834)
+
+  Follow-up to the Issue #1834 recovery ("can we do even better?"). The previous
+  recovery (PR #1835) was reactive: a plain resume of a transcript poisoned by a
+  corrupted extended-thinking block (`{ "type": "thinking", "thinking": "" }` with a
+  kept signature) just repeats the `400 ... thinking blocks ... cannot be modified`
+  error, so recovery almost always fell through to a **fresh restart that discards
+  dozens of turns** of accumulated context (50 turns / $3.84 in the second
+  reproduction log).
+
+  Recovery Phase 1 now **proactively repairs the on-disk session transcript** before
+  resuming: `repairCorruptedThinkingBlocks` (new
+  `src/claude.session-transcript-repair.lib.mjs`) strips the empty-text
+  `thinking`/`redacted_thinking` blocks from the session JSONL — a workaround proven
+  upstream (the Anthropic API permits _omitting_ earlier thinking, just not
+  _modifying_ it). When repair succeeds the resume keeps all accumulated context;
+  when it can't help, recovery still falls back to a fresh restart, so there is no
+  regression.
+
+  The repair is conservative: it never throws, only removes empty-text blocks (valid
+  signed thinking is untouched), never empties an assistant message, and writes a
+  one-time `<session>.jsonl.pre-repair-backup` before rewriting. The case study under
+  `docs/case-studies/issue-1834` is updated with a second reproduction log and the
+  new repair-then-resume design.
+
+## 1.73.5
+
+### Patch Changes
+
+- 7cb9b7e: fix(claude): recover from corrupted extended-thinking blocks instead of looping (#1834)
+
+  A long Claude (Opus) agentic run with extended thinking + tool use can leave a
+  thinking block in the session transcript corrupted (text emptied while the
+  original signature is kept). The Anthropic API then rejects every following turn
+  with `400 ... `thinking`or`redacted_thinking` blocks in the latest assistant
+message cannot be modified`, permanently poisoning the on-disk session — so any
+  `--resume` retry fails forever. This is an upstream Claude Code bug
+  (anthropics/claude-code#63147).
+
+  Hive Mind now detects this terminal error (`classifyRetryableError` →
+  `requiresFreshSession`) and recovers with a two-phase escalation: it **tries to
+  resume the existing session first** (capped by
+  `HIVE_MIND_MAX_THINKING_BLOCK_RESUMES`, default 1) and only when resume is not
+  possible does it **discard the un-resumable session and restart fresh** (capped
+  by `HIVE_MIND_MAX_THINKING_BLOCK_RESTARTS`, default 2) — rather than retrying the
+  dead session or failing outright.
+
+  Additionally, on **all** critical errors Hive Mind now auto-commits (and
+  best-effort pushes) any uncommitted changes by default before recovery resets
+  the session, so partial work is preserved in the PR branch history. This is
+  on by default and can be toggled with `HIVE_MIND_AUTO_COMMIT_ON_CRITICAL_ERROR`.
+
+  Verbose logging records the `request_id` and `messages.N.content.N` path for
+  diagnostics. A deep case study with the full reproduction log is added under
+  `docs/case-studies/issue-1834`.
+
 ## 1.73.4
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-assistant/hive-mind",
-  "version": "1.73.4",
+  "version": "1.73.6",
   "description": "AI-powered issue solver and hive mind for collaborative problem solving",
   "main": "src/hive.mjs",
   "type": "module",

package/src/claude.budget-stats.lib.mjs

@@ -2,7 +2,8 @@
 // Token budget statistics display module
 // Extracted from claude.lib.mjs to maintain file line limits
 
-import { formatNumber } from './claude.lib.mjs';
+import { formatNumber, calculateSessionTokens } from './claude.lib.mjs';
+import { reportError } from './sentry.lib.mjs';
 import Decimal from 'decimal.js-light';
 import { getCacheReadTokenCount, getCacheWriteTokenCount, getCumulativeContextInputTokens, getDisplayContextInputTokens, getExplicitContextFillInputTokens, getInputTokenCount, getOutputTokenCount, getRestoredContextInputTokens } from './context-fill.lib.mjs';
 
@@ -306,6 +307,81 @@ export const displayBudgetStats = async (usage, tokenUsage, log) => {
   await dumpBudgetTrace(usage, tokenUsage, log);
 };
 
+/**
+ * Calculate and display the total token-usage summary for a finished Claude session.
+ * Extracted from claude.lib.mjs to keep that file under the 1500-line limit (Issue #1834).
+ * Reads the session JSONL, logs the per-model breakdown, cost comparison and (optionally)
+ * budget stats. Failures are reported but never thrown — token reporting is best-effort.
+ * @param {Object} params
+ * @param {string} params.sessionId - Claude session id (skips when falsy)
+ * @param {string} params.tempDir - Working directory containing the session JSONL (skips when falsy)
+ * @param {Object|null} params.resultModelUsage - Authoritative per-model usage from the result JSON event
+ * @param {number} params.anthropicTotalCostUSD - Anthropic's official total cost (for the comparison line)
+ * @param {Object} params.argv - Parsed CLI args (reads argv.tokensBudgetStats)
+ * @param {Function} params.log - Logger
+ */
+export const displaySessionTokenUsage = async ({ sessionId, tempDir, resultModelUsage, anthropicTotalCostUSD, argv, log }) => {
+  if (!sessionId || !tempDir) return;
+  try {
+    const tokenUsage = await calculateSessionTokens(sessionId, tempDir, resultModelUsage);
+    if (!tokenUsage) return;
+    // Issue #1501: Log deduplication stats in verbose mode
+    if (tokenUsage.duplicateEntriesSkipped > 0) {
+      await log(`\n⚠️  JSONL deduplication: skipped ${tokenUsage.duplicateEntriesSkipped} duplicate entries (upstream: anthropics/claude-code#6805)`, { verbose: true });
+    }
+    if (tokenUsage.peakContextUsage > 0) {
+      await log(`📊 Peak restored-context input: ${formatNumber(tokenUsage.peakContextUsage)} tokens`, { verbose: true });
+    }
+    await log('\n💰 Token Usage Summary:');
+    // Display per-model breakdown
+    if (tokenUsage.modelUsage) {
+      const modelIds = Object.keys(tokenUsage.modelUsage);
+      const modelsFromResult = modelIds.filter(id => tokenUsage.modelUsage[id]._sourceResultJson);
+      if (modelsFromResult.length > 0) {
+        await log(`📊 Token data supplemented from result JSON for: ${modelsFromResult.join(', ')}`, { verbose: true });
+      }
+      for (const modelId of modelIds) {
+        const usage = tokenUsage.modelUsage[modelId];
+        const sourceNote = usage._sourceResultJson ? ' (from result JSON)' : '';
+        await log(`\n   📊 ${usage.modelName || modelId}:${sourceNote}`);
+        await displayModelUsage(usage, log);
+        // Display budget stats if flag is enabled
+        if (argv.tokensBudgetStats && usage.modelInfo?.limit) {
+          await displayBudgetStats(usage, tokenUsage, log);
+        }
+      }
+      // Show totals if multiple models were used
+      if (modelIds.length > 1) {
+        await log('\n   📈 Total across all models:');
+      }
+      // Show cost comparison (for both single and multiple models)
+      await displayCostComparison(tokenUsage.totalCostUSD, anthropicTotalCostUSD, log);
+      // Show total tokens for single model only
+      if (modelIds.length === 1) {
+        await log(`      Total tokens: ${formatNumber(tokenUsage.totalTokens)}`);
+      }
+    } else {
+      // Fallback to old format if modelUsage is not available
+      await log(`   Input tokens: ${formatNumber(tokenUsage.inputTokens)}`);
+      if (tokenUsage.cacheCreationTokens > 0) {
+        await log(`   Cache creation tokens: ${formatNumber(tokenUsage.cacheCreationTokens)}`);
+      }
+      if (tokenUsage.cacheReadTokens > 0) {
+        await log(`   Cache read tokens: ${formatNumber(tokenUsage.cacheReadTokens)}`);
+      }
+      await log(`   Output tokens: ${formatNumber(tokenUsage.outputTokens)}`);
+      await log(`   Total tokens: ${formatNumber(tokenUsage.totalTokens)}`);
+    }
+  } catch (tokenError) {
+    reportError(tokenError, {
+      context: 'calculate_session_tokens',
+      sessionId,
+      operation: 'read_session_jsonl',
+    });
+    await log(`   ⚠️ Could not calculate token usage: ${tokenError.message}`, { verbose: true });
+  }
+};
+
 /**
  * Merge resultModelUsage from Claude Code result JSON into JSONL-based modelUsage map.
  * Issue #1508: The JSONL file may miss sub-agent model entries (e.g., Haiku used internally),

package/src/claude.lib.mjs

@@ -15,7 +15,7 @@ import { setupBidirectionalHandler, finalizeBidirectionalHandler, validateBidire
 import { initProgressMonitoring } from './solve.progress-monitoring.lib.mjs';
 import { sanitizeObjectStrings } from './unicode-sanitization.lib.mjs';
 import Decimal from 'decimal.js-light';
-import { displayBudgetStats, createEmptySubSessionUsage, accumulateModelUsage, displayModelUsage, displayCostComparison, mergeResultModelUsage, createSubAgentCallEntry, accumulateSubAgentUsage, getRawRequestInputTokens } from './claude.budget-stats.lib.mjs';
+import { createEmptySubSessionUsage, accumulateModelUsage, mergeResultModelUsage, createSubAgentCallEntry, accumulateSubAgentUsage, getRawRequestInputTokens, displaySessionTokenUsage } from './claude.budget-stats.lib.mjs';
 import { buildClaudeResumeCommand, buildClaudeAutonomousResumeCommand } from './claude.command-builder.lib.mjs';
 import { buildSolveResumeCommand } from './solve.resume-command.lib.mjs'; // Issue #942
 import { SESSION_FORCE_KILLED_MARKER, postTrackedComment } from './tool-comments.lib.mjs'; // Issue #1625
@@ -25,9 +25,10 @@ import { buildMcpConfigWithoutPlaywright } from './playwright-mcp.lib.mjs';
 import { resolveClaudeSessionToolFlags } from './useless-tools.lib.mjs';
 import { ensureClaudeQuietConfig } from './claude-quiet-config.lib.mjs';
 import { fetchModelInfo } from './model-info.lib.mjs';
-import { classifyRetryableError, maybeSwitchToFallbackModel } from './tool-retry.lib.mjs';
+import { classifyRetryableError, maybeSwitchToFallbackModel, waitWithCountdown } from './tool-retry.lib.mjs';
 import { resolveSubSessionSize } from './sub-session-size.lib.mjs'; // Issue #1706
 import { withAgentsMdAsClaudeMd } from './agents-md-claude-support.lib.mjs';
+import { createThinkingBlockRecovery } from './claude.thinking-block-recovery.lib.mjs'; // Issue #1834 (PR #1835 feedback)
 export { availableModels, fetchModelInfo }; // Re-export for backward compatibility
 const showResumeCommand = async (sessionId, tempDir, claudePath, model, log, argv = null) => {
   if (!sessionId || !tempDir) return;
@@ -607,20 +608,12 @@ export const executeClaudeCommand = async params => {
   // Issue #1331: Unified retry configuration for all transient API errors
   // (Overloaded, 503 Network Error, Internal Server Error) - same params, all with session preservation
   let retryCount = 0;
-  // Helper: wait with per-minute countdown for delays >1 minute (Issue #1331)
-  const waitWithCountdown = async (delayMs, log) => {
-    if (delayMs <= 60000) {
-      await new Promise(resolve => setTimeout(resolve, delayMs));
-      return;
-    }
-    let remaining = delayMs;
-    const timer = setInterval(async () => {
-      remaining -= 60000;
-      if (remaining > 0) await log(`⏳ ${Math.round(remaining / 60000)} min remaining...`);
-    }, 60000);
-    await new Promise(resolve => setTimeout(resolve, delayMs));
-    clearInterval(timer);
-  };
+  // Issue #1834 (PR #1835 feedback): corrupted-thinking-block recovery — resume the session first,
+  // then escalate to a fresh restart, auto-committing uncommitted work before each attempt. Created
+  // once so its resume/restart caps persist across recursive retry calls.
+  const tryThinkingBlockRecovery = createThinkingBlockRecovery({ argv, tempDir, branchName, $, log });
+  // Helper `waitWithCountdown` (per-minute countdown for delays >1 minute, Issue #1331) is shared
+  // from tool-retry.lib.mjs so claude/codex/gemini/qwen/opencode all use one implementation.
   // Function to execute with retry logic
   const executeWithRetry = async () => {
     // Execute claude command from the cloned repository directory
@@ -981,6 +974,12 @@ export const executeClaudeCommand = async params => {
                     isRequestTimeout = true;
                     await log('⏱️ Detected request timeout from Claude CLI (will retry with --resume)', { verbose: true });
                   }
+                  // Issue #1834: Detect corrupted extended-thinking-block 400 (un-resumable session).
+                  // Capture diagnostics (request id, content path) to aid debugging and upstream reports.
+                  if ((lastMessage.includes('thinking') || lastMessage.includes('redacted_thinking')) && lastMessage.includes('cannot be modified')) {
+                    const contentPath = (lastMessage.match(/messages\.\d+\.content\.\d+/) || [])[0] || 'unknown';
+                    await log(`🧠 Detected corrupted thinking-block error (un-resumable session). request_id=${data.request_id || 'unknown'}, at=${contentPath}. Will discard the session and restart fresh (Issue #1834, upstream anthropics/claude-code#63147).`, { verbose: true });
+                  }
                 }
               }
               if (data.type === 'text' && data.text) lastMessage = data.text;
@@ -1160,6 +1159,13 @@ export const executeClaudeCommand = async params => {
       // Issue #817: Stop bidirectional mode monitoring and collect queued feedback
       queuedFeedback = await finalizeBidirectionalHandler(bidirectionalHandler, log);
       const retryableLastError = classifyRetryableError(lastMessage);
+      // Issue #1834: Corrupted extended-thinking blocks → try to resume the session first, then fall
+      // back to a fresh restart (PR #1835 feedback). When both caps are reached, tryThinkingBlockRecovery
+      // logs the failure and returns false; we fall through to the normal commandFailed return below
+      // (the 400 is not a transient pattern, so it is not retried).
+      if (commandFailed && retryableLastError.requiresFreshSession && (await tryThinkingBlockRecovery({ classified: retryableLastError, source: 'result', sessionId }))) {
+        return await executeWithRetry();
+      }
       // Issues #1331, #1353, #1472/#1475: Unified transient error retry (exponential backoff, session preservation)
       const isTransientError = isStartupTimeout || isActivityTimeout || isOverloadError || isInternalServerError || is503Error || isRequestTimeout || retryableLastError.isRetryable || (lastMessage.includes('API Error: 500') && (lastMessage.includes('Overloaded') || lastMessage.includes('Internal server error'))) || (lastMessage.includes('API Error: 529') && (lastMessage.includes('overloaded_error') || lastMessage.includes('Overloaded'))) || (lastMessage.includes('api_error') && lastMessage.includes('Overloaded')) || (lastMessage.includes('overloaded_error') && lastMessage.includes('Overloaded')) || lastMessage.includes('API Error: 503') || (lastMessage.includes('503') && (lastMessage.includes('upstream connect error') || lastMessage.includes('remote connection failure'))) || lastMessage === 'Request timed out' || lastMessage.includes('Request timed out');
       if ((commandFailed || isTransientError) && isTransientError) {
@@ -1300,68 +1306,9 @@ export const executeClaudeCommand = async params => {
         await log('\n\n✅ Claude command completed');
       }
       await log(`📊 Total messages: ${messageCount}, Tool uses: ${toolUseCount}`);
-      // Calculate and display total token usage from session JSONL file
-      if (sessionId && tempDir) {
-        try {
-          const tokenUsage = await calculateSessionTokens(sessionId, tempDir, resultModelUsage);
-          if (tokenUsage) {
-            // Issue #1501: Log deduplication stats in verbose mode
-            if (tokenUsage.duplicateEntriesSkipped > 0) {
-              await log(`\n⚠️  JSONL deduplication: skipped ${tokenUsage.duplicateEntriesSkipped} duplicate entries (upstream: anthropics/claude-code#6805)`, { verbose: true });
-            }
-            if (tokenUsage.peakContextUsage > 0) {
-              await log(`📊 Peak restored-context input: ${formatNumber(tokenUsage.peakContextUsage)} tokens`, { verbose: true });
-            }
-            await log('\n💰 Token Usage Summary:');
-            // Display per-model breakdown
-            if (tokenUsage.modelUsage) {
-              const modelIds = Object.keys(tokenUsage.modelUsage);
-              const modelsFromResult = modelIds.filter(id => tokenUsage.modelUsage[id]._sourceResultJson);
-              if (modelsFromResult.length > 0) {
-                await log(`📊 Token data supplemented from result JSON for: ${modelsFromResult.join(', ')}`, { verbose: true });
-              }
-              for (const modelId of modelIds) {
-                const usage = tokenUsage.modelUsage[modelId];
-                const sourceNote = usage._sourceResultJson ? ' (from result JSON)' : '';
-                await log(`\n   📊 ${usage.modelName || modelId}:${sourceNote}`);
-                await displayModelUsage(usage, log);
-                // Display budget stats if flag is enabled
-                if (argv.tokensBudgetStats && usage.modelInfo?.limit) {
-                  await displayBudgetStats(usage, tokenUsage, log);
-                }
-              }
-              // Show totals if multiple models were used
-              if (modelIds.length > 1) {
-                await log('\n   📈 Total across all models:');
-              }
-              // Show cost comparison (for both single and multiple models)
-              await displayCostComparison(tokenUsage.totalCostUSD, anthropicTotalCostUSD, log);
-              // Show total tokens for single model only
-              if (modelIds.length === 1) {
-                await log(`      Total tokens: ${formatNumber(tokenUsage.totalTokens)}`);
-              }
-            } else {
-              // Fallback to old format if modelUsage is not available
-              await log(`   Input tokens: ${formatNumber(tokenUsage.inputTokens)}`);
-              if (tokenUsage.cacheCreationTokens > 0) {
-                await log(`   Cache creation tokens: ${formatNumber(tokenUsage.cacheCreationTokens)}`);
-              }
-              if (tokenUsage.cacheReadTokens > 0) {
-                await log(`   Cache read tokens: ${formatNumber(tokenUsage.cacheReadTokens)}`);
-              }
-              await log(`   Output tokens: ${formatNumber(tokenUsage.outputTokens)}`);
-              await log(`   Total tokens: ${formatNumber(tokenUsage.totalTokens)}`);
-            }
-          }
-        } catch (tokenError) {
-          reportError(tokenError, {
-            context: 'calculate_session_tokens',
-            sessionId,
-            operation: 'read_session_jsonl',
-          });
-          await log(`   ⚠️ Could not calculate token usage: ${tokenError.message}`, { verbose: true });
-        }
-      }
+      // Calculate and display total token usage from session JSONL file.
+      // Extracted to claude.budget-stats.lib.mjs to keep this file under the line limit (Issue #1834).
+      await displaySessionTokenUsage({ sessionId, tempDir, resultModelUsage, anthropicTotalCostUSD, argv, log });
       await showResumeCommand(sessionId, tempDir, claudePath, argv.model, log, argv);
       return {
         success: true,
@@ -1388,6 +1335,12 @@ export const executeClaudeCommand = async params => {
       });
       const errorStr = error.message || error.toString();
       const retryableException = classifyRetryableError(errorStr);
+      // Issue #1834: Corrupted extended-thinking blocks surfaced as a thrown exception. Same recovery
+      // as the streamed-result path: resume the session first, then fall back to a fresh restart.
+      if (retryableException.requiresFreshSession && (await tryThinkingBlockRecovery({ classified: retryableException, source: 'exception', sessionId }))) {
+        retryCount++;
+        return await executeWithRetry();
+      }
       // Issue #1331: Unified handler for all transient API errors in exception block
       // Issue #1353: Also handle "Request timed out" in exception block
       // (Overloaded, 503, Internal Server Error, Request timed out) - all with session preservation

package/src/claude.session-transcript-repair.lib.mjs

@@ -0,0 +1,150 @@
+#!/usr/bin/env node
+
+// Issue #1834 (PR #1836): repair a Claude Code session transcript that was poisoned by a
+// corrupted extended-thinking block, so the session can be RESUMED (context preserved) instead
+// of being discarded entirely.
+//
+// Root cause (upstream anthropics/claude-code#63147, #46843, #24662, #41992): when extended
+// thinking is combined with tool use, Claude Code can persist a thinking block to the on-disk
+// session JSONL with its `thinking` text emptied to "" while keeping the original `signature`:
+//
+//   { "type": "thinking", "thinking": "", "signature": "Eyc…" }
+//
+// On resume/continue the API replays that block and validates the signature against the now-empty
+// text, rejecting every following turn with a 400:
+//   `thinking` or `redacted_thinking` blocks in the latest assistant message cannot be modified.
+//
+// The proven community workaround (anthropics/claude-code#46843, miteshashar/claude-code-thinking-
+// blocks-fix) is to STRIP the corrupted (empty-text) thinking blocks from the transcript — the API
+// permits omitting earlier-turn thinking, so once the offending blocks are gone the session resumes
+// cleanly with all of its text/tool-use history intact. This is strictly better than throwing the
+// whole session away: when the repair succeeds we keep the accumulated context (worth many dollars
+// and dozens of turns); when it can't help we still fall back to a fresh restart.
+
+import { promises as fs } from 'fs';
+import os from 'os';
+import path from 'path';
+
+/**
+ * Resolve the on-disk session transcript path for a Claude Code session. Claude Code stores each
+ * session as `~/.claude/projects/<cwd-with-slashes-as-dashes>/<sessionId>.jsonl` (mirrors the
+ * path logic already used by getModelUsageFromSession in claude.lib.mjs).
+ *
+ * @param {string} tempDir - the working directory the Claude session ran in.
+ * @param {string} sessionId - the Claude Code session id.
+ * @param {string} [homeDir] - override home dir (tests).
+ * @returns {string} absolute path to the session JSONL file.
+ */
+export const resolveSessionTranscriptPath = (tempDir, sessionId, homeDir = os.homedir()) => {
+  const projectDirName = String(tempDir).replace(/\//g, '-');
+  return path.join(homeDir, '.claude', 'projects', projectDirName, `${sessionId}.jsonl`);
+};
+
+/**
+ * True when a content block is a corrupted thinking block: an extended-thinking block whose text
+ * was emptied (the upstream corruption) — `{ type: 'thinking', thinking: '' }` (optionally with a
+ * stale `signature`) or the redacted variant `{ type: 'redacted_thinking', data: '' }`.
+ */
+const isCorruptedThinkingBlock = block => {
+  if (!block || typeof block !== 'object') return false;
+  if (block.type === 'thinking') return !block.thinking; // '' / undefined / null
+  if (block.type === 'redacted_thinking') return !block.data;
+  return false;
+};
+
+/**
+ * Strip corrupted (empty-text) thinking blocks from a Claude Code session transcript so the session
+ * can be resumed. Conservative and side-effect-safe:
+ *   - never throws (returns a result object describing what happened);
+ *   - only removes blocks whose thinking text is empty (legitimate signed thinking is untouched);
+ *   - never empties an assistant message (if removing the blocks would leave a message with no
+ *     content, that message is left exactly as-is);
+ *   - writes a one-time backup (`<file>.pre-repair-backup`) before modifying the transcript.
+ *
+ * @param {object} opts
+ * @param {string} opts.tempDir - working directory the session ran in.
+ * @param {string} opts.sessionId - Claude Code session id.
+ * @param {string} [opts.homeDir] - override home dir (tests).
+ * @param {Function} [opts.log] - async logger.
+ * @returns {Promise<{ repaired: boolean, removedBlocks: number, scannedLines: number, sessionFile: string|null, reason?: string }>}
+ */
+export const repairCorruptedThinkingBlocks = async ({ tempDir, sessionId, homeDir, log = async () => {} } = {}) => {
+  const result = { repaired: false, removedBlocks: 0, scannedLines: 0, sessionFile: null };
+  if (!tempDir || !sessionId) {
+    return { ...result, reason: 'missing tempDir or sessionId' };
+  }
+  const sessionFile = resolveSessionTranscriptPath(tempDir, sessionId, homeDir);
+  result.sessionFile = sessionFile;
+  let fileContent;
+  try {
+    fileContent = await fs.readFile(sessionFile, 'utf8');
+  } catch {
+    // No transcript on disk (e.g. fresh run never persisted, or path mismatch) — nothing to repair.
+    return { ...result, reason: 'session transcript not found' };
+  }
+
+  try {
+    const lines = fileContent.split('\n');
+    const out = [];
+    let removedBlocks = 0;
+    let scannedLines = 0;
+    for (const line of lines) {
+      if (!line.trim()) {
+        out.push(line);
+        continue;
+      }
+      scannedLines++;
+      let entry;
+      try {
+        entry = JSON.parse(line);
+      } catch {
+        out.push(line); // preserve anything we can't parse verbatim
+        continue;
+      }
+      const content = entry?.message?.content;
+      if (Array.isArray(content)) {
+        const corrupted = content.filter(isCorruptedThinkingBlock).length;
+        if (corrupted > 0) {
+          const cleaned = content.filter(b => !isCorruptedThinkingBlock(b));
+          // Never leave an assistant message with an empty content array (invalid for the API).
+          if (cleaned.length > 0) {
+            entry.message.content = cleaned;
+            removedBlocks += corrupted;
+            out.push(JSON.stringify(entry));
+            continue;
+          }
+        }
+      }
+      out.push(line);
+    }
+
+    result.scannedLines = scannedLines;
+    if (removedBlocks === 0) {
+      return { ...result, reason: 'no corrupted thinking blocks found' };
+    }
+
+    // Back up the original transcript exactly once before rewriting it.
+    const backupFile = `${sessionFile}.pre-repair-backup`;
+    try {
+      await fs.access(backupFile);
+    } catch {
+      try {
+        await fs.copyFile(sessionFile, backupFile);
+      } catch {
+        // Best effort — a missing backup must not block the repair.
+      }
+    }
+
+    await fs.writeFile(sessionFile, out.join('\n'), 'utf8');
+    result.repaired = true;
+    result.removedBlocks = removedBlocks;
+    await log(`🩹 Repaired session transcript: stripped ${removedBlocks} corrupted thinking block(s) from ${scannedLines} message line(s) (Issue #1834). Backup: ${backupFile}`, { verbose: true });
+    return result;
+  } catch (error) {
+    // Defensive: any unexpected failure degrades gracefully to "no repair" so the caller can fall
+    // back to a fresh restart.
+    return { ...result, reason: `repair failed: ${error?.message || error}` };
+  }
+};
+
+export default { repairCorruptedThinkingBlocks, resolveSessionTranscriptPath };

package/src/claude.thinking-block-recovery.lib.mjs

@@ -0,0 +1,96 @@
+#!/usr/bin/env node
+
+// Issue #1834: recovery for corrupted extended-thinking blocks.
+//
+// When extended thinking is combined with tool use, Claude Code can persist a thinking block to the
+// on-disk session transcript with the `thinking` text emptied to "" while keeping the original
+// `signature`. On resume/continue the API validates the signature against the now-empty text and
+// rejects the turn with a 400:
+//   API Error: 400 ... `thinking` or `redacted_thinking` blocks in the latest assistant message
+//   cannot be modified. These blocks must remain as they were in the original response.
+// Upstream: https://github.com/anthropics/claude-code/issues/63147
+//
+// PR #1835 feedback: "in case of this specific error we should try resume first, and if not possible
+// try to restart." Recovery is therefore a two-phase escalation:
+//   Phase 1 — REPAIR the on-disk transcript (strip the corrupted empty-text thinking blocks) and
+//             resume the existing session (context-preserving). Plain resume of a poisoned
+//             transcript is futile — the 400 just repeats — so we first remove the offending blocks,
+//             which the API permits omitting. When repair succeeds the resume keeps all accumulated
+//             text/tool-use history (Issue #1834 "can we do even better?").
+//   Phase 2 — repair/resume unavailable or already failed → discard the session and start fresh.
+// On every attempt we first auto-commit any uncommitted work (Issue #1834 / PR #1835 feedback:
+// "on all critical errors we auto commit uncommitted changes by default") so nothing is lost when
+// the session context resets.
+
+import { retryLimits, criticalErrorRecovery } from './config.lib.mjs';
+import { waitWithCountdown } from './tool-retry.lib.mjs';
+import { commitUncommittedChangesOnCriticalError } from './critical-error-commit.lib.mjs';
+import { repairCorruptedThinkingBlocks } from './claude.session-transcript-repair.lib.mjs';
+
+/**
+ * Create a stateful corrupted-thinking-block recovery handler. The returned function persists its
+ * resume/restart counters across calls (so the caps survive recursive retries) and mutates
+ * `argv.resume` to drive the next session: setting it to the session id resumes, clearing it forces
+ * a fresh session.
+ *
+ * @param {object} ctx
+ * @param {object} ctx.argv - parsed CLI args (argv.resume is mutated to choose resume vs fresh).
+ * @param {string} ctx.tempDir - working tree for auto-committing uncommitted work.
+ * @param {string} [ctx.branchName] - branch to push preserved work to.
+ * @param {Function} ctx.$ - command-stream executor.
+ * @param {Function} ctx.log - async logger.
+ * @param {number} [ctx.waitMs=5000] - settle delay before re-running (overridable for tests).
+ * @param {Function} [ctx.repair=repairCorruptedThinkingBlocks] - transcript repair (injectable for tests).
+ * @param {string} [ctx.homeDir] - override home dir for transcript lookup (tests).
+ * @returns {(opts: {classified: object, source: string, sessionId: string|null}) => Promise<boolean>}
+ *          Resolves true when a recovery attempt was initiated (caller should re-run); false when
+ *          both caps are exhausted (caller should fail).
+ */
+export const createThinkingBlockRecovery = ({ argv, tempDir, branchName, $, log, waitMs = 5000, repair = repairCorruptedThinkingBlocks, homeDir }) => {
+  let resumeCount = 0;
+  let restartCount = 0;
+  return async ({ classified, source, sessionId }) => {
+    const preserveWork = async () => {
+      if (criticalErrorRecovery.autoCommitUncommittedChanges) {
+        await commitUncommittedChangesOnCriticalError({ tempDir, branchName, $, log, reason: `${classified.label} (${source})` });
+      }
+    };
+    // Phase 1 — repair the on-disk transcript, then resume (keeps accumulated context).
+    if (sessionId && resumeCount < retryLimits.maxThinkingBlockResumes) {
+      resumeCount++;
+      await preserveWork();
+      await log(`\n⚠️ ${classified.label} (${source}). Resume attempt ${resumeCount}/${retryLimits.maxThinkingBlockResumes} — repairing the corrupted transcript then resuming the existing session before discarding it (Issue #1834)...`, { level: 'warning' });
+      // Strip the corrupted (empty-text) thinking blocks so resume isn't doomed to repeat the 400.
+      try {
+        const repairResult = await repair({ tempDir, sessionId, homeDir, log });
+        if (repairResult?.repaired) {
+          await log(`   🩹 Stripped ${repairResult.removedBlocks} corrupted thinking block(s) from the transcript — resume will preserve context (Issue #1834).`, { verbose: true });
+        } else {
+          await log(`   ℹ️ Transcript repair made no change (${repairResult?.reason || 'unknown'}) — resuming as-is (Issue #1834).`, { verbose: true });
+        }
+      } catch {
+        // Repair must never block recovery — fall through to a plain resume attempt.
+      }
+      argv.resume = sessionId;
+      await waitWithCountdown(waitMs, log);
+      await log('\n🔄 Resuming the session now...');
+      return true;
+    }
+    // Phase 2 — resume not possible / already failed → discard the session and start fresh.
+    if (restartCount < retryLimits.maxThinkingBlockRestarts) {
+      restartCount++;
+      await preserveWork();
+      await log(`\n⚠️ ${classified.label} (${source}). Resume not possible — restart ${restartCount}/${retryLimits.maxThinkingBlockRestarts} with a fresh session (Issue #1834)...`, { level: 'warning' });
+      await log(`   Discarding session ${argv.resume || sessionId || '(none)'} and starting fresh — the corrupted thinking blocks can never be replayed (upstream anthropics/claude-code#63147).`, { verbose: true });
+      // Force a fresh session — do NOT resume the corrupted one, otherwise the 400 repeats forever.
+      argv.resume = undefined;
+      await waitWithCountdown(waitMs, log);
+      await log('\n🔄 Restarting with a fresh session now...');
+      return true;
+    }
+    await log(`\n\n❌ Corrupted thinking blocks persisted after ${resumeCount} resume + ${restartCount} fresh-session attempt(s) (Issue #1834).\n   This is an upstream Claude Code bug (anthropics/claude-code#63147). Failing to avoid an endless recovery loop.`, { level: 'error' });
+    return false;
+  };
+};
+
+export default { createThinkingBlockRecovery };

package/src/config.lib.mjs

@@ -137,6 +137,27 @@ export const retryLimits = {
   // Default: 5 — retry generously even when API signals not retryable, since the signal can be wrong
   // for transient backend glitches (e.g. overloaded errors observed as non-retryable 500s).
   maxNotRetryableAttempts: parseIntWithDefault('HIVE_MIND_MAX_NOT_RETRYABLE_ATTEMPTS', 5),
+  // Corrupted extended-thinking-block recovery (Issue #1834)
+  // When Claude Code returns a 400 "`thinking` or `redacted_thinking` blocks ... cannot be modified",
+  // the on-disk session is permanently un-resumable (upstream anthropics/claude-code#63147: the
+  // transcript stores thinking text as "" but keeps the original signature, so every resumed turn
+  // fails signature validation). The only recovery is to discard the session and start a fresh one
+  // (equivalent to `/clear`). Cap fresh restarts to avoid expensive re-run loops.
+  maxThinkingBlockRestarts: parseIntWithDefault('HIVE_MIND_MAX_THINKING_BLOCK_RESTARTS', 2),
+  // PR #1835 feedback: "in case of this specific error we should try resume first, and if not
+  // possible try to restart." Before discarding the session we first attempt to resume it this many
+  // times (context-preserving). Only after these resume attempts also fail do we fall back to a
+  // fresh restart. Default: 1 — one cheap resume attempt, then escalate to a fresh session.
+  maxThinkingBlockResumes: parseIntWithDefault('HIVE_MIND_MAX_THINKING_BLOCK_RESUMES', 1),
+};
+
+// Critical-error recovery behaviour (Issue #1834, PR #1835 feedback)
+// "On all critical errors we auto commit uncommitted changes by default." When a critical error
+// forces the tool to discard/restart a session, any uncommitted work on disk would be lost when the
+// session context resets. Auto-committing (and pushing) preserves it in the PR branch. On by default;
+// set HIVE_MIND_AUTO_COMMIT_ON_CRITICAL_ERROR=false to disable.
+export const criticalErrorRecovery = {
+  autoCommitUncommittedChanges: getenv('HIVE_MIND_AUTO_COMMIT_ON_CRITICAL_ERROR', 'true').toLowerCase() === 'true',
 };
 
 // Claude Code CLI configurations

package/src/critical-error-commit.lib.mjs

@@ -0,0 +1,70 @@
+#!/usr/bin/env node
+
+// Issue #1834 (PR #1835 feedback): "On all critical errors we auto commit uncommitted changes by
+// default." When the tool hits a critical error and has to discard/restart a session (e.g. the
+// corrupted extended-thinking-block 400, anthropics/claude-code#63147), any work the agent already
+// made on disk would otherwise be silently lost when the session context is reset. This helper
+// commits — and best-effort pushes — those uncommitted changes so the partial work is preserved in
+// the PR branch history before recovery proceeds.
+//
+// It is intentionally dependency-light (receives `$` and `log`) and NEVER throws: a failure to
+// commit must not mask the original critical error or break the recovery flow.
+
+import { reportError } from './sentry.lib.mjs';
+
+/**
+ * Commit (and optionally push) any uncommitted changes in a working tree before critical-error
+ * recovery resets the session.
+ *
+ * @param {object} params
+ * @param {string} params.tempDir - Working tree (git clone) to inspect.
+ * @param {string} [params.branchName] - Branch to push to (push skipped when absent).
+ * @param {Function} params.$ - command-stream tagged-template executor.
+ * @param {Function} params.log - async logger.
+ * @param {string} [params.reason] - Short human-readable reason, recorded in the commit message.
+ * @param {boolean} [params.push=true] - Whether to push after committing.
+ * @returns {Promise<{committed: boolean, pushed: boolean}>}
+ */
+export const commitUncommittedChangesOnCriticalError = async ({ tempDir, branchName, $, log, reason = 'critical error', push = true }) => {
+  if (!tempDir || typeof $ !== 'function') {
+    return { committed: false, pushed: false };
+  }
+  try {
+    const statusResult = await $({ cwd: tempDir })`git status --porcelain 2>&1`;
+    const statusOutput = statusResult.stdout?.toString().trim() || '';
+    if (!statusOutput) {
+      await log('   ℹ️ No uncommitted changes to preserve before recovery.', { verbose: true });
+      return { committed: false, pushed: false };
+    }
+    await log(`💾 Critical error (${reason}) — auto-committing uncommitted changes to preserve work before recovery...`);
+    for (const line of statusOutput.split('\n')) await log(`   ${line}`, { verbose: true });
+    const addResult = await $({ cwd: tempDir })`git add -A`;
+    if (addResult.code !== 0) {
+      await log(`⚠️ Could not stage changes before recovery: ${addResult.stderr?.toString().trim()}`, { level: 'warning' });
+      return { committed: false, pushed: false };
+    }
+    const commitMessage = `🛟 Auto-commit before critical-error recovery (${reason})`;
+    const commitResult = await $({ cwd: tempDir })`git commit -m ${commitMessage}`;
+    if (commitResult.code !== 0) {
+      await log(`⚠️ Could not commit changes before recovery: ${commitResult.stderr?.toString().trim() || commitResult.stdout?.toString().trim()}`, { level: 'warning' });
+      return { committed: false, pushed: false };
+    }
+    await log('✅ Uncommitted changes committed before recovery.');
+    if (!push || !branchName) {
+      return { committed: true, pushed: false };
+    }
+    const pushResult = await $({ cwd: tempDir })`git push origin ${branchName} 2>&1`;
+    if (pushResult.code === 0) {
+      await log('✅ Preserved work pushed to remote.');
+      return { committed: true, pushed: true };
+    }
+    await log(`⚠️ Committed locally but could not push preserved work: ${pushResult.stderr?.toString().trim() || pushResult.stdout?.toString().trim()}`, { level: 'warning' });
+    return { committed: true, pushed: false };
+  } catch (error) {
+    reportError(error, { context: 'commit_uncommitted_on_critical_error', tempDir, operation: 'auto_commit_recovery' });
+    await log(`⚠️ Error while auto-committing before recovery (continuing anyway): ${error.message}`, { level: 'warning' });
+    return { committed: false, pushed: false };
+  }
+};
+
+export default { commitUncommittedChangesOnCriticalError };

package/src/solve.mjs

@@ -1136,6 +1136,20 @@ try {
       }
     }
 
+    // Issue #1834 (PR #1835 feedback): "on all critical errors we auto commit uncommitted changes
+    // by default." A failed session is a critical error and exits here before the normal
+    // auto-commit chokepoint below, so preserve (commit + push) any work the agent left on disk
+    // first. On by default; disable via HIVE_MIND_AUTO_COMMIT_ON_CRITICAL_ERROR=false. Never throws.
+    try {
+      const { criticalErrorRecovery } = await import('./config.lib.mjs');
+      if (criticalErrorRecovery.autoCommitUncommittedChanges) {
+        const { commitUncommittedChangesOnCriticalError } = await import('./critical-error-commit.lib.mjs');
+        await commitUncommittedChangesOnCriticalError({ tempDir, branchName, $, log, reason: `${argv.tool || 'claude'} execution failed` });
+      }
+    } catch (preserveError) {
+      await log(`  ⚠️  Could not auto-commit before failure exit: ${preserveError.message}`, { verbose: true });
+    }
+
     await safeExit(1, `${argv.tool.toUpperCase()} execution failed`);
   }
 
@@ -1159,8 +1173,13 @@ try {
     await log('ℹ️  Playwright MCP auto-cleanup disabled via --no-playwright-mcp-auto-cleanup', { verbose: true });
   }
 
-  // When limit is reached, force auto-commit of any uncommitted changes to preserve work
-  const shouldAutoCommit = argv['auto-commit-uncommitted-changes'] || limitReached;
+  // When limit is reached, force auto-commit of any uncommitted changes to preserve work.
+  // Issue #1834 (PR #1835 feedback): "on all critical errors we auto commit uncommitted changes by
+  // default." A failed/errored session is a critical error, so auto-commit (and push) to preserve any
+  // work the agent left on disk. On by default; disable via HIVE_MIND_AUTO_COMMIT_ON_CRITICAL_ERROR=false.
+  const { criticalErrorRecovery } = await import('./config.lib.mjs');
+  const criticalError = success === false || errorDuringExecution === true;
+  const shouldAutoCommit = argv['auto-commit-uncommitted-changes'] || limitReached || (criticalError && criticalErrorRecovery.autoCommitUncommittedChanges);
   const autoRestartEnabled = argv['autoRestartOnUncommittedChanges'] !== false;
   const shouldRestart = await checkForUncommittedChanges(tempDir, owner, repo, branchName, $, log, shouldAutoCommit, autoRestartEnabled);
 

package/src/tool-retry.lib.mjs

@@ -43,6 +43,21 @@ export const classifyRetryableError = value => {
     return { message, isRetryable: true, isCapacity: false, label: 'Stream disconnected before completion' };
   }
 
+  // Issue #1834: Corrupted extended-thinking blocks. When extended thinking is combined with tool
+  // use, Claude Code can persist a thinking block to the session transcript with the `thinking`
+  // text emptied to "" while retaining the original `signature`. On resume/continue the block is
+  // replayed as `{ type: 'thinking', thinking: '', signature: <original> }`; the API validates the
+  // signature against the (now empty) text and rejects every subsequent turn with:
+  //   400 ... `thinking` or `redacted_thinking` blocks in the latest assistant message cannot be
+  //   modified. These blocks must remain as they were in the original response.
+  // The session is therefore permanently un-resumable — retrying with --resume always fails. The
+  // only recovery is to discard the session and start fresh (equivalent to `/clear`), so this is
+  // flagged with `requiresFreshSession` rather than the plain `isRetryable` retry-with-resume path.
+  // Upstream: https://github.com/anthropics/claude-code/issues/63147
+  if ((lower.includes('thinking') || lower.includes('redacted_thinking')) && lower.includes('cannot be modified')) {
+    return { message, isRetryable: false, isCapacity: false, requiresFreshSession: true, label: 'Corrupted thinking blocks (un-resumable session)' };
+  }
+
   if (lower.includes('api error: 503') || (lower.includes('503') && (lower.includes('upstream connect error') || lower.includes('remote connection failure')))) {
     return { message, isRetryable: true, isCapacity: false, label: '503 network error' };
   }