feat: add OPENCLAUDE_DISABLE_TOOL_REMINDERS env var to suppress hidden tool-output reminders (#837)

Gates three injection sites behind OPENCLAUDE_DISABLE_TOOL_REMINDERS: - FileReadTool cyber-risk mitigation reminder (appended to every Read result when the model is not in MITIGATION_EXEMPT_MODELS) - todo_reminder attachment for TodoWrite usage - task_reminder attachment for TaskCreate/TaskUpdate usage All three reminders are model-only side-channel instructions the user cannot see today. Users who want full transparency over what the model receives can now opt out without patching dist/cli.mjs on every upgrade. Default behavior is unchanged when the flag is unset. Closes #809
2026-04-22 23:07:02 +05:30
parent 23e8cfbd5b
commit 28de94df5d
3 changed files with 15 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -272,6 +272,11 @@ ANTHROPIC_API_KEY=sk-ant-your-key-here
 # trigger "Extra required key ... supplied" errors from OpenAI-compatible endpoints
 # OPENCLAUDE_DISABLE_STRICT_TOOLS=1

+# Disable hidden <system-reminder> messages injected into tool output
+# Suppresses the file-read cyber-risk reminder and the todo/task tool nudges
+# Useful for users who want full transparency over what the model sees
+# OPENCLAUDE_DISABLE_TOOL_REMINDERS=1
+
 # Custom timeout for API requests in milliseconds (default: varies)
 # API_TIMEOUT_MS=60000