You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On macOS 26.3.1, every entire subcommand (including entire --version) can hang indefinitely if the system's syspolicyd is in a bad state. This silently blocks Claude Code's SessionStart hook, which in turn blocks Claude Code from starting in any repo where entire hooks claude-code session-start is wired in.
Mechanically this is a macOS bug, not a CLI bug — but the impact for entire users is severe (Claude Code becomes unusable across every enabled repo), and the workaround documented in #380 (xattr -d com.apple.provenance) no longer works on macOS 14+ because that attribute is now SIP-protected.
Environment
macOS 26.3.1 (25D2128), arm64
entire 0.5.6 (c9fedb4), installed via brew install --cask entire
Standard SessionStart hook calling entire hooks claude-code session-start
Symptom
Claude Code hangs silently at session start
entire --version from any shell hangs indefinitely
Stale entire processes accumulate (in my case, 8 of them, oldest 18+ hours old, all in state S with 0% CPU)
sample <pid> shows every one stuck in _dyld_start — the binary never reaches main()
Root cause
syspolicyd was wedged. PID had been alive for 42 days, 4 hours.
Kernel:
kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: <pid>, /opt/homebrew/Caskroom/entire/0.5.6/entire
syspolicyd looping:
syspolicyd: [com.apple.syspolicy.exec:default] Unable to initialize qtn_proc: 3syspolicyd: [com.apple.syspolicy.exec:default] dispatch_mig_server returned 268435459
When syspolicyd can't init the quarantine subsystem, dyld stalls every new process that triggers a policy check.
Fix
sudo kill<syspolicyd-pid># launchd respawns it within ~1s
launchctl kickstart -k system/com.apple.security.syspolicy does not work — SIP blocks it (150: Operation not permitted while System Integrity Protection is engaged). kill does work because SIP doesn't restrict signaling root processes.
Suggested CLI improvements
Self-imposed timeout in hook entry points.entire hooks claude-code session-start should bound itself to ~5s. A wedged syspolicyd currently cascades into permanently broken Claude Code sessions; a timeout + stderr would degrade gracefully.
Update troubleshooting docs. The xattr -d com.apple.provenance advice from entire enable fails due to malware check #380 doesn't work on current macOS. Include the syspolicyd diagnostic (kernel log signature + kill <pid>).
entire doctor health probe. Attempt a self-launch with a short timeout; if it hangs, surface the kernel log signature so users can diagnose this in minutes instead of hours.
Summary
On macOS 26.3.1, every
entiresubcommand (includingentire --version) can hang indefinitely if the system'ssyspolicydis in a bad state. This silently blocks Claude Code'sSessionStarthook, which in turn blocks Claude Code from starting in any repo whereentire hooks claude-code session-startis wired in.Mechanically this is a macOS bug, not a CLI bug — but the impact for
entireusers is severe (Claude Code becomes unusable across every enabled repo), and the workaround documented in #380 (xattr -d com.apple.provenance) no longer works on macOS 14+ because that attribute is now SIP-protected.Environment
brew install --cask entireSessionStarthook callingentire hooks claude-code session-startSymptom
entire --versionfrom any shell hangs indefinitelyentireprocesses accumulate (in my case, 8 of them, oldest 18+ hours old, all in stateSwith 0% CPU)sample <pid>shows every one stuck in_dyld_start— the binary never reachesmain()Root cause
syspolicydwas wedged. PID had been alive for 42 days, 4 hours.Kernel:
syspolicydlooping:When
syspolicydcan't init the quarantine subsystem, dyld stalls every new process that triggers a policy check.Fix
launchctl kickstart -k system/com.apple.security.syspolicydoes not work — SIP blocks it (150: Operation not permitted while System Integrity Protection is engaged).killdoes work because SIP doesn't restrict signaling root processes.Suggested CLI improvements
entire hooks claude-code session-startshould bound itself to ~5s. A wedgedsyspolicydcurrently cascades into permanently broken Claude Code sessions; a timeout + stderr would degrade gracefully.xattr -d com.apple.provenanceadvice fromentire enablefails due to malware check #380 doesn't work on current macOS. Include thesyspolicyddiagnostic (kernel log signature +kill <pid>).entire doctorhealth probe. Attempt a self-launch with a short timeout; if it hangs, surface the kernel log signature so users can diagnose this in minutes instead of hours.