patrickjaja/claude-desktop-bin v1.13576.1-2

Claude Desktop 1.13576.1 (patch release 2)

on GitHub

Claude Desktop 1.13576.1 (patch release 2)

This release provides Claude Desktop version 1.13576.1 pre-patched for Linux.

Installation Options

Arch Linux (AUR)

yay -S claude-desktop-bin

Debian/Ubuntu (APT Repository — recommended)

curl -fsSL https://patrickjaja.github.io/claude-desktop-bin/install.sh | sudo bash
sudo apt install claude-desktop-bin

Debian/Ubuntu (manual .deb)

# x86_64
sudo apt install ./claude-desktop-bin_1.13576.1-2_amd64.deb
# ARM64
sudo apt install ./claude-desktop-bin_1.13576.1-2_arm64.deb

Fedora/RHEL (RPM Repository — recommended)

curl -fsSL https://patrickjaja.github.io/claude-desktop-bin/install-rpm.sh | sudo bash
sudo dnf install claude-desktop-bin

Fedora/RHEL (manual .rpm)

# x86_64
sudo dnf install ./claude-desktop-bin-1.13576.1-2.x86_64.rpm
# ARM64
sudo dnf install ./claude-desktop-bin-1.13576.1-2.aarch64.rpm

NixOS / Nix

nix run github:patrickjaja/claude-desktop-bin

AppImage (Any Distro)

# x86_64
chmod +x Claude_Desktop-1.13576.1-x86_64.AppImage
./Claude_Desktop-1.13576.1-x86_64.AppImage
# ARM64
chmod +x Claude_Desktop-1.13576.1-aarch64.AppImage
./Claude_Desktop-1.13576.1-aarch64.AppImage

Update existing AppImage (delta download — only changed blocks):

appimageupdatetool Claude_Desktop-*-x86_64.AppImage
# Or from within the AppImage:
./Claude_Desktop-*-x86_64.AppImage --appimage-update

Checksums

Changes since last release

Cowork startup-error visibility (re: #142)

• fix_cowork_error_message gained Patch C: replay the stored Cowork startup error once the mainView is ready. When the Cowork VM startup fails before the web view exists (e.g. claude-cowork-service is not running on Linux), the upstream dispatcher stored the error in a module var but only logged Cannot dispatch startup error (no mainView): <err> and never replayed it - so the helpful "install claude-cowork-service" message (Patch A/B) never reached the UI, and the uncaught throw crash-looped the app (or bounced the renderer back to the start screen on chat-open). Confirmed in cowork_vm_node.log ([VM:start] VM boot failed: ... + Cannot dispatch startup error (no mainView): ...). Patch C rewrites the no-mainView branch to install a one-shot poller (Linux only, ~30s budget, globalThis.__cdbStartupErrReplay guard) that waits for the view's webContents to finish loading, then re-dispatches the stored error through the same dispatcher. Anchored on the unique Cannot dispatch startup error (no mainView): literal; all minified identifiers captured from the match. EXPECTED_PATCHES 2 -> 3.

Enterprise config visibility

• fix_enterprise_config_linux now promotes the upstream "Enterprise config loaded" log from debug to info so a successful, non-empty managed-config load is visible in main.log at the default log level (previously the only signal was a debug line below the default threshold, plus upstream's own managedMcpServers entry N dropped - <reason> validation warnings). Only the loaded variant is promoted (second arg is a redact-fn call); the empty/"none" case stays at debug so launches without /etc/claude-desktop/enterprise.json don't spam info. Applied to both index.js and index.pre.js; idempotent. The Linux reader injection itself is unchanged.
• Clarified the enterprise.json schema for users (re: #140): the top-level key the v1.13576 build reads is managedMcpServers - an array of objects each requiring name (unique), transport ("http"/"sse"/"stdio"), and url/command. A top-level object-keyed mcpServers map (or per-entry type instead of transport) is silently ignored by the schema parser - no entries reach the per-entry validator, so no "dropped" warning is emitted. Managed servers apply unconditionally (no allowManagedMcpServers enable-gate; allowManagedMcpServersOnly only restricts the allowlist to managed-only).

Upstream (v1.13576.1) - build bump, no patch work

• Version bump v1.13576.0 -> v1.13576.1 (patch-level rebuild of the same major build 13576). Upstream .latest reports 1.13576.1 (hash 772d01ffc175c3795a49154acdecf043d634b5d1). Bundle re-minified but functionally identical: unpatched index.js 15.12 MB, vendored @anthropic-ai/claude-agent-sdk copies unchanged at 0.3.174 / 0.3.177 (still two copies). Unpatched platform-conditional counts: darwin 77, win32 137, linux 10 - consistent with v1.13576.0.
• All 50 patches apply unchanged; 51/51 validate (validate-patches.sh), node --check passes on both index.js and index.pre.js. No regex updates needed.
• Documented fragile anchors re-verified, all match v1.13576.0: enterprise wrapper function Mei(){const A=Rei();...} (readPlistValue refs still 1), Cowork yukonSilver:Zce(), tray-icon switch(...){case"ico":...} (build-time const renamed G1r->GJr, absorbed by the flexible pattern), feature-flag fn present.
• No baseline-doc changes: feature flags, built-in MCP servers (1 registerInternalMcpServer), ion-dist patterns, and platform gates all unchanged. .electron-version stays 42.0.0 (shasums verified OK). Package built as claude-desktop-bin-1.13576.1-1-x86_64.pkg.tar.zst.

CI

• version-check.yml now tracks handled versions via a committed .upstream-version file (mirrors claude-cowork-service) instead of the highest GitHub release tag. Bump + commit .upstream-version once a version is handled - even a trivial build bump with no public release - to silence the "new version detected" issue and turn the badge green. Seeded the file at 1.13576.1.

Upstream (v1.13576.0)

• Version bump v1.12603.1 -> v1.13576.0 (~970 builds, full re-minify). Bundle 15.03 -> 15.12 MB (+0.6%). Vendored @anthropic-ai/claude-agent-sdk copies bumped 0.3.170/0.3.167 -> 0.3.174/0.3.177 (still two copies - the duplicated-SDK match-site hazard still applies). Package built as claude-desktop-bin-1.13576.0-1-x86_64.pkg.tar.zst; node --check passes on the patched bundle.
• 8 patches failed on first build; the failures were upstream refactors, not just renames. 7 fixed, 1 removed -> 50 -> 49 patches, all apply.
• Several macOS/Windows-only platform gates were DROPPED upstream (Linux now covered natively):
  • Dispatch platform label: the switch(process.platform){...default:return"Unsupported Platform"} label fn became a ternary process.platform==="darwin"?"macOS":process.platform==="win32"?"Windows":"Linux" - Linux is now labelled correctly upstream.
  • Dispatch telemetry gate: the cn=darwin,zo=win32,cAA=cn||zo triple + if(!cAA)return; early-returns are gone; telemetry now runs unconditionally (gated only on disableNonessentialTelemetry), so Linux gets dispatch telemetry without a patch.
  • Office-addin connected-file detection: (darwin||win32)&&await FN(e.app,e.document) lost its platform gate (now if(await FN(e.app,e.document))) - the feature is gated only on the louderPenguinEnabled flag (which enable_local_agent_mode already forces). The whole fix_office_addin_linux.nim patch is now obsolete and removed.
  • setTitleBarOverlay theme-update gate: the win32-only zo&&...getAllWindows().forEach(...) guard was removed; the call is unconditional, so the integrated titlebar already receives theme updates on Linux.
• Enterprise managed-config loader collapsed: the process.platform==="darwin"?macReader():process.platform==="win32"?winReader():{} ternary became a single wrapper function Mei(){const A=Rei();return Object.keys(A).length>0?A:void 0} that unconditionally calls the win32 registry reader (mac plist reader removed; readPlistValue refs 3 -> 1). fix_enterprise_config_linux rebased to inject the Linux /etc/claude-desktop/enterprise.json branch into that wrapper (both index.js and index.pre.js).
• Cowork (yukonSilver) support gate refactored: static registry now wires yukonSilver:Zce(), where Zce() delegates to Q3i()/C3i() and C3i() hardcodes const A="win32" for the VM-bundle arch lookup (fo.files["win32"][arch]) - the explicit process.platform!=="darwin"&&!=="win32" Cowork gate is gone. enable_local_agent_mode Patch 1b rebased to inject the Linux early-return into Zce(); fix_cowork_linux Patch A (VM client loader) and Patch C2 (bundle lookup alias) rebased (see below).
• Tray icon selection refactored: the win32 isWin?e=...:e="TrayIconTemplate.png" ternary became switch(G1r){case"ico":...case"template-image":...case"png":...} keyed on a build-time icon-type constant (G1r="ico" on Windows builds). fix_tray_icon_theme now injects a Linux override after the switch (process.platform==="linux"&&(e="TrayIconTemplate-Dark.png")).
• Sensitive-dirs array gained two new intervening arrays (["Scheduled","Artifacts"], scheduled-tasks/agents/...) between the win32 block and the old .zshrc anchor; fix_sensitive_dirs_linux re-anchored on the stable "PowerShell")]:[] win32 close.

Patches fixed (7) + removed (1)

• fix_tray_icon_theme - rewrote for the new switch(G1r) icon selector; injects a post-switch Linux override (forces TrayIconTemplate-Dark.png, since the win32 .ico files the "ico" build-type picks don't ship on Linux). Note: trailing ; on the injected expression is required - it's followed immediately by const t=... with no line terminator (ASI does not apply in minified code).
• fix_sensitive_dirs_linux - re-anchored on "PowerShell")]:[] (win32-array close) instead of the now-displaced .zshrc next-var.
• fix_enterprise_config_linux - rebased onto the new Mei()/Rei() wrapper (captures the registry-reader fn from its SOFTWARE\Policies body); applies to index.js and index.pre.js.
• fix_native_frame - Patch 2 (setTitleBarOverlay gate) now detects the upstreamed unconditional call and skips without failing; Patches 1 + 3 unchanged.
• fix_dispatch_linux - Patch C (platform label) and Patch D (telemetry gate) detect their upstreamed forms (ternary returning "Linux"; telemetry no longer platform-gated) and skip without failing; A/B/E unchanged.
• enable_local_agent_mode - Patch 1b (yukonSilver) rebased to inject the Linux early-return into the new Zce() delegate-chain (const A=Q3i();...const e=C3i();if(e.status!=="supported")return AW(e)), keeping the historical process.platform forms as fallbacks. All 25 sub-patches apply.
• fix_cowork_linux - Patch A (VM client loader) rebased: the old win32 ternary zo?IM={vm:X}:IM=(await import("@ant/claude-swift")) became function d_t(){return tu()?...{vm:qti}...:null} gated on tu() (MSIX/appPath install detection); we widen the gate to (tu()||process.platform==="linux"). Patch C2 (bundle lookup alias) detects that the platform-indexed Io.files[process.platform] lookup is gone - the only remaining lookup hardcodes "win32" (C3i), which already gives Linux the win32 bundle, so the linux->win32 alias is now upstream's default; it skips without failing. All 10 sub-patches apply.
• fix_office_addin_linux - REMOVED (obsolete; the connected-file-detection platform gate it widened was dropped upstream - the feature now runs on all platforms gated only on louderPenguinEnabled).

Audits (re-validated against the new bundle)

• Feature flags: static registry 37 -> 39 (added iosSimulatorH264, quickEntryGlobalShortcut; removed none) + 5 async-only (louderPenguin/coworkKappa/coworkArtifacts/markTaskComplete/epitaxyMcpApps). Function renames: registry aD()->sR(), async merger fSA->c0A, prod dev-gate vR()->rM(), GrowthBook bool reader dt()->Ct(); electron var lA unchanged. GrowthBook delta vs v1.12603.0: +3 (1703762832 onModelRefusalFallback retry [already present in v1.12603.1], 1985784543 an isEnabled gate, 3646818354 shouldKillOnIdlePause), 0 removed. enable_local_agent_mode 12-flag override list unchanged - none of the new flags is darwin/win32-gated.
• Built-in MCP servers: internal roster unchanged; registerInternalMcpServer present. Bundled Microsoft 365 server (resources/office365-mcp/) still ships.
• Platform gates: darwin 79 -> 77 / win32 141 -> 137 / linux 9 -> 10. The net drop is the upstreamed gates above (dispatch label/telemetry, office-addin, setTitleBarOverlay) collapsing explicit process.platform checks. No new PORTABLE (Linux-compat) opportunity.
• ion-dist SPA: 94 -> 95 MB, 730 JS (unchanged), config chunk c71860c77-upcFhKtF.js -> c71860c77-DXc_sfB9.js; both fix_ion_dist_linux.nim sub-patterns still match (mountPath still mac/win-only, platform ternary _===M.Win32?...win:...mac). New 3P config keys: Vertex inferenceVertexProjectId/inferenceVertexRegion/inferenceVertexWorkforceOidc/inferenceVertexWorkforceUserProject, Gateway inferenceGatewayBaseUrl/inferenceGatewayHeaders.

New patch (1)

• fix_builtin_mcp_browser_env - built-in MCP connectors couldn't open a browser for OAuth on Linux (#139). The Microsoft 365 connector's local sign-in failed with local_auth_browser_open_failed / spawnErrorCode: exit_3 and no browser appeared. Root cause: the built-in MCP host is forked via utilityProcess.fork with a filtered env allowlist (vre()), which on Linux forwards only ["HOME","LOGNAME","PATH","SHELL","TERM","USER"] - stripping DISPLAY, WAYLAND_DISPLAY, XDG_CURRENT_DESKTOP, DBUS_SESSION_BUS_ADDRESS, BROWSER, XDG_DATA_DIRS, etc. The bundled office365-mcp.mjs opens the auth URL with spawn("xdg-open",[url]) and passes no env, so it inherits the stripped environment; xdg-open's has_display() is then false, it skips the x-scheme-handler/https default-browser resolution, falls through to the text-only browser list, finds none, and exits 3 (exit_failure_operation_impossible). The patch widens the Linux allowlist to forward the standard freedesktop / X11 / Wayland session vars, so xdg-open inside the MCP process launches the user's default browser exactly as it does from a terminal. Distro- and session-agnostic (only standard env vars; vre() forwards each only when set). The win32 branch of the allowlist is untouched. vre() is the base env for all stdio MCP server forks (the built-in host plus user-configured stdio servers via jMt/StdioClientTransport), so the wider session env reaches every one of them - strictly more correct, since it only adds standard vars a terminal-launched process already has. The other utilityProcess.fork sites (which pass {...process.env}) are unaffected.

Runtime fix

• getSystemInfo crash on Linux: v1.13576.0 dropped the win32-only guard around the getWindowsElevationType() call in getSystemInfo (and the desktop_windows_elevation_detected telemetry), so it's now invoked on every platform. Our Linux @ant/claude-native stub lacked the method -> TypeError: i.getWindowsElevationType is not a function, spamming on every Settings/feedback system-info request. Added getWindowsElevationType: () => "default" to the stub (patches/claude-native.js) - "default" is the non-elevated state, matching both call sites' ?? null / ?? "default" fallbacks (can_elevate_to_admin -> false on Linux). Other native methods that lost guards this release (cuGetOwnBundleId, getActiveWindowHandle) are still safe (darwin-only path / wrapped in try-catch).
• Remote MCP servers fail with ERR_MODULE_NOT_FOUND (issue #140): connecting a direct/remote MCP server (e.g. atlassian via enterprise.json) crashed the custom3p-mcp host utility process immediately - it tried to load directMcpHost.js from resources/locales/app.asar/.vite/build/mcp-runtime/directMcpHost.js, which does not exist. Root cause: two sidecar loaders build their path as join(process.resourcesPath,"app.asar",...), and fix_locale_paths blanket-rewrites every process.resourcesPath to dirname(getAppPath())+"/locales" - injecting a spurious locales/ segment before app.asar. fix_0_node_host already collapsed the same isPackaged ternary for nodeHost.js and shellPathWorker.js to app.getAppPath(); extended it to also cover the directMcpHost loader (ohi()) and the generic worker loader (l7i(), used for transcript-search-worker, which had the same latent bug). All four sub-patches now use [\w$]+ wildcards, capture-group backreferences, and idempotency markers (fix_0_node_host is now fully re-run-safe). On Linux the package is always "packaged" and getAppPath() already resolves to the real app.asar, so the packaged and non-packaged branches are equivalent.

Build tooling

• build-local.sh rebuild checksum fix: the local claude-desktop-*.tar.gz is a build artifact regenerated every run (bytes/sha change each build), but makepkg cached it in cache/ under its download name and re-validated the stale cached copy against the freshly-generated sha256sums -> One or more files did not pass the validity check. The script now purges any cached claude-desktop-*-linux.tar.gz before makepkg so it re-copies the fresh artifact; the upstream electron zip stays cached (checksummed, reused across builds). Removed the dead cp that copied the tarball under a basename makepkg never looked up.
• CI test-pkgbuild Electron-verify fix: the job sourced scripts/verify-electron.sh (added with the shasum checks) but had no actions/checkout step, so the script and .electron-shasums were absent at runtime -> scripts/verify-electron.sh: No such file or directory. Added a checkout step to the job; artifact downloads and the makepkg step are unaffected.

Docs updated

• CHANGELOG.md (this entry), baseline/CLAUDE_FEATURE_FLAGS.md, baseline/CLAUDE_BUILT_IN_MCP.md, baseline/ION.md, baseline/PLATFORM_GATE_BASELINE.md refreshed to v1.13576.0. README.md patch table - removed fix_office_addin_linux row, added fix_builtin_mcp_browser_env row, count 50 (50 -> 49 -> 50).

Security (community audit #137)

• Electron zip now SHA-256 verified everywhere (was SKIP). Added .electron-shasums (per-arch official digests from Electron's SHASUMS256.txt, pinned to .electron-version), a scripts/update-electron-shasums.sh generator/--checker, and a sourceable scripts/verify-electron.sh (verify_electron_zip). Wired into build-deb.sh, build-rpm.sh, build-appimage.sh, the test-pkgbuild cache step, and the PKGBUILD (PKGBUILD.template + generate-pkgbuild.sh now emit real digests so makepkg verifies natively). lint-scripts fails the build if .electron-shasums drifts from the pinned version. Nix is unaffected (uses nixpkgs Electron). Verified: makepkg reports electron-...zip ... Passed on a good build and FAILED on a wrong digest.
• GPG repo signing-key fingerprint published in README.md (825A 7D15 D78B ABE4 5646 D5DF 3824 09F5 9790 8867, RSA 4096) so users can verify the APT/DNF key out-of-band.
• packaging/apt/install.sh GPG key hardening: download the key to a temp file and validate it parses (gpg --show-keys) before writing the system keyring, instead of piping curl straight into gpg --dearmor (guards against a truncated/corrupt download leaving a broken keyring).
• Documented as non-issues (in the issue thread): msix integrity rests on TLS - the .latest endpoint hash is an opaque release ID, not a content digest (no upstream signature to verify); the ydotool 0666 socket lives in user-private /run/user/$UID (0700); the Computer-Use TCC/sandbox-ref patches don't weaken a real boundary (macOS-only TCC; Linux genuinely has no VM); the manual CI download_url is admin-gated.

Links

• AUR Package
• Full Changelog