fix(systemPrompts): skip prompts with unresolved placeholders instead of emitting invalid JS

[dividedby]

Problem

Applying customizations against Claude Code 2.1.168 produces a binary that crashes on launch:

ReferenceError: PROMPT_VAR_0 is not defined
      at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:463:41)

The prompt-data identifierMap human-name vocabulary changed between the extractor's 2.1.167 and 2.1.168 outputs (positional PROMPT_VAR_N → semantic names like GLOB_TOOL_NAME, OPTIONAL_TAIL_NOTE), but existing customization markdown still references the old PROMPT_VAR_N names. applyIdentifierMapping (src/systemPromptSync.ts:1438) substitutes by human-name, finds nothing to replace, and leaves the placeholder verbatim. Spliced into a backtick template literal in cli.js, the unresolved ${PLACEHOLDER} is evaluated as an undefined identifier → ReferenceError. There is no post-substitution validation, and the patch is still reported as ✓ applied.

It's not limited to PROMPT_VAR_N or to launch — a renamed semantic placeholder (OPTIONAL_TAIL_NOTE) leaks in a lazy-loaded prompt, so the binary boots but crashes when that path runs:

ReferenceError: OPTIONAL_TAIL_NOTE is not defined
      at <anonymous> (/$bunfs/root/src/entrypoints/cli.js:5156:99)   # e.g. `claude -p ...`

Evidence (vocabulary changed exactly at 2.1.168)

	agent-prompt-explore identifierMap	tool-description-askuserquestion
bundled data/prompts/prompts-2.1.167.json	{0:PROMPT_VAR_0 … 5:PROMPT_VAR_5}	{0:PROMPT_VAR_0, 1:PROMPT_VAR_1}
extracted 2.1.168 prompt data	{0:GLOB_TOOL_NAME … 5:USE_EMBEDDED_TOOLS_FN}	{0:ENTER_PLAN_MODE_TOOL_NAME, 1:EXIT_PLAN_MODE_TOOL_NAME}
customization markdown	${PROMPT_VAR_0..5}	${PROMPT_VAR_0..1}

Fix

Validate before splicing, in src/patches/systemPrompts.ts: once delimiter is known, when delimiter === ''(live template literal), flag anyALL_CAPS_WITH_UNDERSCOREtoken (tweakcc's human-name grammar) that survives **unchanged in both the markdown source and the interpolated output**, andcontinue— skipping the prompt (CC's original blob retained) and recording it as not-applied rather than✓`. This mirrors the existing "incomplete escaping → skip" path.

The two conditions make it precise:

• markdown ∩ output excludes real minified vars (${HL7}), which are substituted in and never present in the markdown source.
• backtick scope excludes inert documentation literals (${VERSION} inside a plain '...'/"..." string), which are never evaluated.

Testing

• pnpm build + pnpm test green (269 passed / 5 skipped), no new failures.
• Against a CC 2.1.168 native install with markdown authored on the pre-rename vocabulary: before, claude --version → ReferenceError: PROMPT_VAR_0; after, the unresolvable prompts are skipped with a clear warning, all resolvable prompts still apply, and both claude --version and claude -p succeed.

Notes / possible follow-up

This heuristic intentionally misses single-word placeholders (REPO, PKG, VERSION-style names without an underscore). A stricter, fully general alternative the maintainer may prefer: validate leaked ${TOKEN} against the union of all identifierMap values across data/prompts/*.json — authoritative (no grammar guessing), catches single-word names too, and never false-positives on real minified vars. Happy to switch to that approach if preferred.

Separately, the ✓ reporting is arguably misleading for any prompt whose output retains unresolved placeholders; this PR makes such prompts report as skipped.

Related

Content-side counterpart: skrabe/lobotomized-claude-code#4 realigns the two launch-blocking overrides (explore, askuserquestion) to the 2.1.168 vocabulary so they apply again. This PR (the apply-side guard) stops the crash regardless; that PR restores the customizations.

🤖 Generated with Claude Code

[skrabe]

Thanks for chasing this down, it's a real gap. Apply shouldn't be able to write a non-booting binary and still report applied.

One change before I merge: the detector regex requires an underscore, so it skips single-word placeholders like ${VERSION} or ${REPO}. Can you swap it for the identifierMap-union check you mentioned, validating each surviving ${TOKEN} against the union of all identifierMap values across data/prompts/*.json? That picks up the single-word names and drops the grammar heuristic. Just the detector, nothing else needs touching.

[dividedby]

@skrabe — done, this implements your pre-merge ask from #4 (comment). Pushed as bc60baa on this branch.

The detector now validates a surviving unescaped ${TOKEN} (in a live backtick template literal) against the union of every identifierMap value across the bundled data/prompts/*.json, and skips the prompt iff TOKEN is a member of that union and it appears unescaped in the override markdown. The ALL_CAPS_WITH_UNDERSCORE grammar regex is gone. Only the detector changed — the skip/retain/report machinery is untouched.

• Catches single-word names like ${VERSION}/${REPO} the underscore heuristic missed.
• Never false-positives on real minified vars (e.g. ${HL7}) — they're never human-names, so never in the union.
• Backslash-escaped \${NAME} and inert string-literal ${…} are still ignored.

Implementation: a cached loadIdentifierMapUnion() in systemPromptSync.ts (mirrors the existing loadShadowSet pattern, reuses findRepoPromptsDir()); returns an empty set when data/ is absent (npm builds strip it via .npmignore), degrading to the pre-guard never-skip behavior. The union spans all bundled versions on purpose: a leaked name is stale precisely because it's absent from the current version's map, so a per-version check would miss it.

pnpm build + full pnpm test (275 passed, including new red→green coverage for the single-word / minified-var / escaped cases) + lint all green locally. Boot-verify against stock CC 2.1.168 is yours to run when convenient. Thanks for the review — let me know if you'd like anything adjusted.