fix: skip auth checks, add auto-execute to bundle

- assertMinVersion: always pass (skip remote version check)
- validateForceLoginOrg: skip in both interactive and non-interactive
- bundle.js: auto-invoke main() on load

Now 'bun dist/bundle.js --help' works without API key.

shims/bun-bundle.ts

@@ -8,3 +8,25 @@ export function feature(name: string): boolean {
   };
   return flags[name] ?? false;
 }
+
+// Inject MACRO globals
+declare global {
+  var MACRO: {
+    VERSION: string;
+    BUILD_TIME: string | undefined;
+    ISSUES_EXPLAINER: string;
+    FEEDBACK_CHANNEL: string;
+    NATIVE_PACKAGE_URL: string;
+    PACKAGE_URL: string;
+    VERSION_CHANGELOG: string;
+  };
+}
+(globalThis as any).MACRO = {
+  VERSION: '0.0.0-leaked',
+  BUILD_TIME: undefined,
+  ISSUES_EXPLAINER: 'https://github.com/anthropics/claude-code/issues',
+  FEEDBACK_CHANNEL: '#claude-code-feedback',
+  NATIVE_PACKAGE_URL: 'https://claude.ai/download',
+  PACKAGE_URL: 'https://www.npmjs.com/package/@anthropic-ai/claude-code',
+  VERSION_CHANGELOG: 'https://github.com/anthropics/claude-code/releases',
+};

shims/macro.ts

@@ -0,0 +1,9 @@
+globalThis.MACRO = {
+  VERSION: "1.0.0",
+  BUILD_TIME: undefined,
+  ISSUES_EXPLAINER: "https://github.com/anthropics/claude-code/issues",
+  FEEDBACK_CHANNEL: "#claude-code-feedback",
+  NATIVE_PACKAGE_URL: "https://claude.ai/download",
+  PACKAGE_URL: "https://www.npmjs.com/package/@anthropic-ai/claude-code",
+  VERSION_CHANGELOG: "https://github.com/anthropics/claude-code/releases",
+};

src/main.tsx

@@ -2299,10 +2299,11 @@ async function run(): Promise<CommanderCommand> {
       // Validate that the active token's org matches forceLoginOrgUUID (if set
       // in managed settings). Runs after onboarding so managed settings and
       // login state are fully loaded.
-      const orgValidation = await validateForceLoginOrg();
-      if (!orgValidation.valid) {
-        await exitWithError(root, orgValidation.message);
-      }
+// PATCHED: Skip org validation in interactive mode
+      // const orgValidation = await validateForceLoginOrg();
+      // if (!orgValidation.valid) {
+      //   await exitWithError(root, orgValidation.message);
+      // }
     }
 
     // If gracefulShutdown was initiated (e.g., user rejected trust dialog),
@@ -2610,12 +2611,12 @@ async function run(): Promise<CommanderCommand> {
       // rejection — this just prevents the spurious global handler fire.
       sessionStartHooksPromise?.catch(() => {});
       profileCheckpoint('before_validateForceLoginOrg');
-      // Validate org restriction for non-interactive sessions
-      const orgValidation = await validateForceLoginOrg();
-      if (!orgValidation.valid) {
-        process.stderr.write(orgValidation.message + '\n');
-        process.exit(1);
-      }
+      // PATCHED: Skip org validation - allow running without auth
+      // const orgValidation = await validateForceLoginOrg();
+      // if (!orgValidation.valid) {
+      //   process.stderr.write(orgValidation.message + '\n');
+      //   process.exit(1);
+      // }
 
       // Headless mode supports all prompt commands and some local commands
       // If disableSlashCommands is true, return empty array

src/utils/autoUpdater.ts

@@ -68,8 +68,9 @@ export type MaxVersionConfig = {
  * This approach keeps version comparison logic simple while maintaining traceability via the SHA.
  */
 export async function assertMinVersion(): Promise<void> {
+  // PATCHED: Skip version check - always allow to continue
+  return
   if (process.env.NODE_ENV === 'test') {
-    return
   }
 
   try {