claude-threads 0.12.0

package/dist/mattermost/emoji.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Emoji constants and helpers for Mattermost reactions
+ *
+ * Centralized place for all emoji-related logic to avoid duplication
+ * across session.ts and permission-server.ts
+ */
+/** Emoji names that indicate approval */
+export declare const APPROVAL_EMOJIS: readonly ["+1", "thumbsup"];
+/** Emoji names that indicate denial */
+export declare const DENIAL_EMOJIS: readonly ["-1", "thumbsdown"];
+/** Emoji names that indicate "allow all" / invite / session-wide approval */
+export declare const ALLOW_ALL_EMOJIS: readonly ["white_check_mark", "heavy_check_mark"];
+/** Number emojis for multi-choice questions (1-4) */
+export declare const NUMBER_EMOJIS: readonly ["one", "two", "three", "four"];
+/** Emojis for canceling/killing a session */
+export declare const CANCEL_EMOJIS: readonly ["x", "octagonal_sign", "stop_sign"];
+/** Emojis for escaping/pausing a session */
+export declare const ESCAPE_EMOJIS: readonly ["double_vertical_bar", "pause_button"];
+/**
+ * Check if the emoji indicates approval (thumbs up)
+ */
+export declare function isApprovalEmoji(emoji: string): boolean;
+/**
+ * Check if the emoji indicates denial (thumbs down)
+ */
+export declare function isDenialEmoji(emoji: string): boolean;
+/**
+ * Check if the emoji indicates "allow all" or invitation
+ */
+export declare function isAllowAllEmoji(emoji: string): boolean;
+/**
+ * Check if the emoji indicates session cancellation
+ */
+export declare function isCancelEmoji(emoji: string): boolean;
+/**
+ * Check if the emoji indicates escape/pause
+ */
+export declare function isEscapeEmoji(emoji: string): boolean;
+/**
+ * Get the index (0-based) for a number emoji, or -1 if not a number emoji
+ * Handles both text names ('one', 'two') and unicode variants ('1️⃣', '2️⃣')
+ */
+export declare function getNumberEmojiIndex(emoji: string): number;

package/dist/mattermost/emoji.js

@@ -0,0 +1,65 @@
+/**
+ * Emoji constants and helpers for Mattermost reactions
+ *
+ * Centralized place for all emoji-related logic to avoid duplication
+ * across session.ts and permission-server.ts
+ */
+/** Emoji names that indicate approval */
+export const APPROVAL_EMOJIS = ['+1', 'thumbsup'];
+/** Emoji names that indicate denial */
+export const DENIAL_EMOJIS = ['-1', 'thumbsdown'];
+/** Emoji names that indicate "allow all" / invite / session-wide approval */
+export const ALLOW_ALL_EMOJIS = ['white_check_mark', 'heavy_check_mark'];
+/** Number emojis for multi-choice questions (1-4) */
+export const NUMBER_EMOJIS = ['one', 'two', 'three', 'four'];
+/** Emojis for canceling/killing a session */
+export const CANCEL_EMOJIS = ['x', 'octagonal_sign', 'stop_sign'];
+/** Emojis for escaping/pausing a session */
+export const ESCAPE_EMOJIS = ['double_vertical_bar', 'pause_button'];
+/**
+ * Check if the emoji indicates approval (thumbs up)
+ */
+export function isApprovalEmoji(emoji) {
+    return APPROVAL_EMOJIS.includes(emoji);
+}
+/**
+ * Check if the emoji indicates denial (thumbs down)
+ */
+export function isDenialEmoji(emoji) {
+    return DENIAL_EMOJIS.includes(emoji);
+}
+/**
+ * Check if the emoji indicates "allow all" or invitation
+ */
+export function isAllowAllEmoji(emoji) {
+    return ALLOW_ALL_EMOJIS.includes(emoji);
+}
+/**
+ * Check if the emoji indicates session cancellation
+ */
+export function isCancelEmoji(emoji) {
+    return CANCEL_EMOJIS.includes(emoji);
+}
+/**
+ * Check if the emoji indicates escape/pause
+ */
+export function isEscapeEmoji(emoji) {
+    return ESCAPE_EMOJIS.includes(emoji);
+}
+/** Unicode number emoji variants that also map to indices */
+const UNICODE_NUMBER_EMOJIS = {
+    '1️⃣': 0,
+    '2️⃣': 1,
+    '3️⃣': 2,
+    '4️⃣': 3,
+};
+/**
+ * Get the index (0-based) for a number emoji, or -1 if not a number emoji
+ * Handles both text names ('one', 'two') and unicode variants ('1️⃣', '2️⃣')
+ */
+export function getNumberEmojiIndex(emoji) {
+    const textIndex = NUMBER_EMOJIS.indexOf(emoji);
+    if (textIndex >= 0)
+        return textIndex;
+    return UNICODE_NUMBER_EMOJIS[emoji] ?? -1;
+}

package/dist/mattermost/emoji.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/mattermost/emoji.test.js

@@ -0,0 +1,131 @@
+import { describe, it, expect } from 'vitest';
+import { isApprovalEmoji, isDenialEmoji, isAllowAllEmoji, isCancelEmoji, isEscapeEmoji, getNumberEmojiIndex, APPROVAL_EMOJIS, DENIAL_EMOJIS, ALLOW_ALL_EMOJIS, NUMBER_EMOJIS, CANCEL_EMOJIS, ESCAPE_EMOJIS, } from './emoji.js';
+describe('emoji helpers', () => {
+    describe('isApprovalEmoji', () => {
+        it('returns true for +1', () => {
+            expect(isApprovalEmoji('+1')).toBe(true);
+        });
+        it('returns true for thumbsup', () => {
+            expect(isApprovalEmoji('thumbsup')).toBe(true);
+        });
+        it('returns false for other emojis', () => {
+            expect(isApprovalEmoji('heart')).toBe(false);
+            expect(isApprovalEmoji('-1')).toBe(false);
+            expect(isApprovalEmoji('x')).toBe(false);
+        });
+        it('matches all APPROVAL_EMOJIS', () => {
+            for (const emoji of APPROVAL_EMOJIS) {
+                expect(isApprovalEmoji(emoji)).toBe(true);
+            }
+        });
+    });
+    describe('isDenialEmoji', () => {
+        it('returns true for -1', () => {
+            expect(isDenialEmoji('-1')).toBe(true);
+        });
+        it('returns true for thumbsdown', () => {
+            expect(isDenialEmoji('thumbsdown')).toBe(true);
+        });
+        it('returns false for other emojis', () => {
+            expect(isDenialEmoji('heart')).toBe(false);
+            expect(isDenialEmoji('+1')).toBe(false);
+            expect(isDenialEmoji('thumbsup')).toBe(false);
+        });
+        it('matches all DENIAL_EMOJIS', () => {
+            for (const emoji of DENIAL_EMOJIS) {
+                expect(isDenialEmoji(emoji)).toBe(true);
+            }
+        });
+    });
+    describe('isAllowAllEmoji', () => {
+        it('returns true for white_check_mark', () => {
+            expect(isAllowAllEmoji('white_check_mark')).toBe(true);
+        });
+        it('returns true for heavy_check_mark', () => {
+            expect(isAllowAllEmoji('heavy_check_mark')).toBe(true);
+        });
+        it('returns false for other emojis', () => {
+            expect(isAllowAllEmoji('heart')).toBe(false);
+            expect(isAllowAllEmoji('+1')).toBe(false);
+            expect(isAllowAllEmoji('thumbsup')).toBe(false);
+        });
+        it('matches all ALLOW_ALL_EMOJIS', () => {
+            for (const emoji of ALLOW_ALL_EMOJIS) {
+                expect(isAllowAllEmoji(emoji)).toBe(true);
+            }
+        });
+    });
+    describe('isCancelEmoji', () => {
+        it('returns true for x', () => {
+            expect(isCancelEmoji('x')).toBe(true);
+        });
+        it('returns true for octagonal_sign', () => {
+            expect(isCancelEmoji('octagonal_sign')).toBe(true);
+        });
+        it('returns true for stop_sign', () => {
+            expect(isCancelEmoji('stop_sign')).toBe(true);
+        });
+        it('returns false for other emojis', () => {
+            expect(isCancelEmoji('heart')).toBe(false);
+            expect(isCancelEmoji('-1')).toBe(false);
+        });
+        it('matches all CANCEL_EMOJIS', () => {
+            for (const emoji of CANCEL_EMOJIS) {
+                expect(isCancelEmoji(emoji)).toBe(true);
+            }
+        });
+    });
+    describe('isEscapeEmoji', () => {
+        it('returns true for double_vertical_bar', () => {
+            expect(isEscapeEmoji('double_vertical_bar')).toBe(true);
+        });
+        it('returns true for pause_button', () => {
+            expect(isEscapeEmoji('pause_button')).toBe(true);
+        });
+        it('returns false for other emojis', () => {
+            expect(isEscapeEmoji('heart')).toBe(false);
+            expect(isEscapeEmoji('x')).toBe(false);
+        });
+        it('matches all ESCAPE_EMOJIS', () => {
+            for (const emoji of ESCAPE_EMOJIS) {
+                expect(isEscapeEmoji(emoji)).toBe(true);
+            }
+        });
+    });
+    describe('getNumberEmojiIndex', () => {
+        it('returns 0 for "one"', () => {
+            expect(getNumberEmojiIndex('one')).toBe(0);
+        });
+        it('returns 1 for "two"', () => {
+            expect(getNumberEmojiIndex('two')).toBe(1);
+        });
+        it('returns 2 for "three"', () => {
+            expect(getNumberEmojiIndex('three')).toBe(2);
+        });
+        it('returns 3 for "four"', () => {
+            expect(getNumberEmojiIndex('four')).toBe(3);
+        });
+        it('returns 0 for "1️⃣" (unicode)', () => {
+            expect(getNumberEmojiIndex('1️⃣')).toBe(0);
+        });
+        it('returns 1 for "2️⃣" (unicode)', () => {
+            expect(getNumberEmojiIndex('2️⃣')).toBe(1);
+        });
+        it('returns 2 for "3️⃣" (unicode)', () => {
+            expect(getNumberEmojiIndex('3️⃣')).toBe(2);
+        });
+        it('returns 3 for "4️⃣" (unicode)', () => {
+            expect(getNumberEmojiIndex('4️⃣')).toBe(3);
+        });
+        it('returns -1 for non-number emojis', () => {
+            expect(getNumberEmojiIndex('heart')).toBe(-1);
+            expect(getNumberEmojiIndex('five')).toBe(-1);
+            expect(getNumberEmojiIndex('+1')).toBe(-1);
+        });
+        it('returns correct index for all NUMBER_EMOJIS', () => {
+            for (let i = 0; i < NUMBER_EMOJIS.length; i++) {
+                expect(getNumberEmojiIndex(NUMBER_EMOJIS[i])).toBe(i);
+            }
+        });
+    });
+});

package/dist/mattermost/types.d.ts

@@ -0,0 +1,71 @@
+export interface MattermostWebSocketEvent {
+    event: string;
+    data: Record<string, unknown>;
+    broadcast: {
+        channel_id?: string;
+        user_id?: string;
+        team_id?: string;
+    };
+    seq: number;
+}
+export interface MattermostFile {
+    id: string;
+    name: string;
+    size: number;
+    mime_type: string;
+    extension: string;
+    width?: number;
+    height?: number;
+}
+export interface MattermostPost {
+    id: string;
+    create_at: number;
+    update_at: number;
+    delete_at: number;
+    user_id: string;
+    channel_id: string;
+    root_id: string;
+    message: string;
+    type: string;
+    props: Record<string, unknown>;
+    metadata?: {
+        embeds?: unknown[];
+        files?: MattermostFile[];
+    };
+}
+export interface MattermostUser {
+    id: string;
+    username: string;
+    email: string;
+    first_name: string;
+    last_name: string;
+    nickname: string;
+}
+export interface PostedEventData {
+    channel_display_name: string;
+    channel_name: string;
+    channel_type: string;
+    post: string;
+    sender_name: string;
+    team_id: string;
+}
+export interface ReactionAddedEventData {
+    reaction: string;
+}
+export interface MattermostReaction {
+    user_id: string;
+    post_id: string;
+    emoji_name: string;
+    create_at: number;
+}
+export interface CreatePostRequest {
+    channel_id: string;
+    message: string;
+    root_id?: string;
+    props?: Record<string, unknown>;
+}
+export interface UpdatePostRequest {
+    id: string;
+    message: string;
+    props?: Record<string, unknown>;
+}

package/dist/mattermost/types.js

@@ -0,0 +1 @@
+export {};

package/dist/mcp/permission-server.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/mcp/permission-server.js

@@ -0,0 +1,201 @@
+#!/usr/bin/env node
+/**
+ * MCP Permission Server for Mattermost
+ *
+ * This server handles Claude Code's permission prompts by forwarding them to
+ * Mattermost for user approval via emoji reactions.
+ *
+ * It is spawned by Claude Code when using --permission-prompt-tool and
+ * communicates via stdio (MCP protocol).
+ *
+ * Approval options:
+ *   - 👍 (+1) Allow this tool use
+ *   - ✅ (white_check_mark) Allow all future tool uses in this session
+ *   - 👎 (-1) Deny this tool use
+ *
+ * Environment variables (passed by claude-threads):
+ *   - MATTERMOST_URL: Mattermost server URL
+ *   - MATTERMOST_TOKEN: Bot access token
+ *   - MATTERMOST_CHANNEL_ID: Channel to post permission requests
+ *   - MM_THREAD_ID: Thread ID for the current session
+ *   - ALLOWED_USERS: Comma-separated list of authorized usernames
+ *   - DEBUG: Set to '1' for debug logging
+ */
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { z } from 'zod';
+import WebSocket from 'ws';
+import { isApprovalEmoji, isAllowAllEmoji, APPROVAL_EMOJIS, ALLOW_ALL_EMOJIS, DENIAL_EMOJIS } from '../mattermost/emoji.js';
+import { formatToolForPermission } from '../utils/tool-formatter.js';
+import { mcpLogger } from '../utils/logger.js';
+import { getMe, getUser, createInteractivePost, updatePost, isUserAllowed, } from '../mattermost/api.js';
+// =============================================================================
+// Configuration
+// =============================================================================
+const MM_URL = process.env.MATTERMOST_URL || '';
+const MM_TOKEN = process.env.MATTERMOST_TOKEN || '';
+const MM_CHANNEL_ID = process.env.MATTERMOST_CHANNEL_ID || '';
+const MM_THREAD_ID = process.env.MM_THREAD_ID || '';
+const ALLOWED_USERS = (process.env.ALLOWED_USERS || '')
+    .split(',')
+    .map(u => u.trim())
+    .filter(u => u.length > 0);
+const PERMISSION_TIMEOUT_MS = 120000; // 2 minutes
+// API configuration (created from environment variables)
+const apiConfig = {
+    url: MM_URL,
+    token: MM_TOKEN,
+};
+// Session state
+let allowAllSession = false;
+let botUserId = null;
+// =============================================================================
+// Mattermost API Helpers (using shared API layer)
+// =============================================================================
+async function getBotUserId() {
+    if (botUserId)
+        return botUserId;
+    const me = await getMe(apiConfig);
+    botUserId = me.id;
+    return botUserId;
+}
+async function getUserById(userId) {
+    const user = await getUser(apiConfig, userId);
+    return user?.username || null;
+}
+function checkUserAllowed(username) {
+    return isUserAllowed(username, ALLOWED_USERS);
+}
+// =============================================================================
+// Reaction Handling
+// =============================================================================
+function waitForReaction(postId) {
+    return new Promise((resolve, reject) => {
+        const wsUrl = MM_URL.replace(/^http/, 'ws') + '/api/v4/websocket';
+        mcpLogger.debug(`Connecting to WebSocket: ${wsUrl}`);
+        const ws = new WebSocket(wsUrl);
+        const timeout = setTimeout(() => {
+            mcpLogger.debug(`Timeout waiting for reaction on ${postId}`);
+            ws.close();
+            reject(new Error('Permission request timed out'));
+        }, PERMISSION_TIMEOUT_MS);
+        ws.on('open', () => {
+            mcpLogger.debug(`WebSocket connected, authenticating...`);
+            ws.send(JSON.stringify({
+                seq: 1,
+                action: 'authentication_challenge',
+                data: { token: MM_TOKEN },
+            }));
+        });
+        ws.on('message', async (data) => {
+            try {
+                const event = JSON.parse(data.toString());
+                mcpLogger.debug(`WS event: ${event.event || event.status || 'unknown'}`);
+                if (event.event === 'reaction_added') {
+                    const reactionData = event.data;
+                    // Mattermost sends reaction as JSON string
+                    const reaction = typeof reactionData.reaction === 'string'
+                        ? JSON.parse(reactionData.reaction)
+                        : reactionData.reaction;
+                    mcpLogger.debug(`Reaction on post ${reaction?.post_id}, looking for ${postId}`);
+                    if (reaction?.post_id === postId) {
+                        const userId = reaction.user_id;
+                        mcpLogger.debug(`Reaction from user ${userId}, emoji: ${reaction.emoji_name}`);
+                        // Ignore bot's own reactions (from adding reaction options)
+                        const myId = await getBotUserId();
+                        if (userId === myId) {
+                            mcpLogger.debug(`Ignoring bot's own reaction`);
+                            return;
+                        }
+                        // Check if user is authorized
+                        const username = await getUserById(userId);
+                        mcpLogger.debug(`Username: ${username}, allowed: ${ALLOWED_USERS.join(',') || '(all)'}`);
+                        if (!username || !checkUserAllowed(username)) {
+                            mcpLogger.debug(`Ignoring unauthorized user: ${username || userId}`);
+                            return;
+                        }
+                        mcpLogger.debug(`Accepting reaction ${reaction.emoji_name} from ${username}`);
+                        clearTimeout(timeout);
+                        ws.close();
+                        resolve({ emoji: reaction.emoji_name, username });
+                    }
+                }
+            }
+            catch (e) {
+                mcpLogger.debug(`Parse error: ${e}`);
+            }
+        });
+        ws.on('error', (err) => {
+            mcpLogger.debug(`WebSocket error: ${err}`);
+            clearTimeout(timeout);
+            reject(err);
+        });
+    });
+}
+async function handlePermission(toolName, toolInput) {
+    mcpLogger.debug(`handlePermission called for ${toolName}`);
+    // Auto-approve if "allow all" was selected earlier
+    if (allowAllSession) {
+        mcpLogger.debug(`Auto-allowing ${toolName} (allow all active)`);
+        return { behavior: 'allow', updatedInput: toolInput };
+    }
+    if (!MM_URL || !MM_TOKEN || !MM_CHANNEL_ID) {
+        mcpLogger.error('Missing Mattermost config');
+        return { behavior: 'deny', message: 'Permission service not configured' };
+    }
+    try {
+        // Post permission request to Mattermost with reaction options
+        const toolInfo = formatToolForPermission(toolName, toolInput);
+        const message = `⚠️ **Permission requested**\n\n${toolInfo}\n\n` +
+            `👍 Allow | ✅ Allow all | 👎 Deny`;
+        const userId = await getBotUserId();
+        const post = await createInteractivePost(apiConfig, MM_CHANNEL_ID, message, [APPROVAL_EMOJIS[0], ALLOW_ALL_EMOJIS[0], DENIAL_EMOJIS[0]], MM_THREAD_ID || undefined, userId);
+        // Wait for user's reaction
+        const { emoji, username } = await waitForReaction(post.id);
+        if (isApprovalEmoji(emoji)) {
+            await updatePost(apiConfig, post.id, `✅ **Allowed** by @${username}\n\n${toolInfo}`);
+            mcpLogger.info(`Allowed: ${toolName}`);
+            return { behavior: 'allow', updatedInput: toolInput };
+        }
+        else if (isAllowAllEmoji(emoji)) {
+            allowAllSession = true;
+            await updatePost(apiConfig, post.id, `✅ **Allowed all** by @${username}\n\n${toolInfo}`);
+            mcpLogger.info(`Allowed all: ${toolName}`);
+            return { behavior: 'allow', updatedInput: toolInput };
+        }
+        else {
+            await updatePost(apiConfig, post.id, `❌ **Denied** by @${username}\n\n${toolInfo}`);
+            mcpLogger.info(`Denied: ${toolName}`);
+            return { behavior: 'deny', message: 'User denied permission' };
+        }
+    }
+    catch (error) {
+        mcpLogger.error(`Permission error: ${error}`);
+        return { behavior: 'deny', message: String(error) };
+    }
+}
+// =============================================================================
+// MCP Server Setup
+// =============================================================================
+async function main() {
+    const server = new McpServer({
+        name: 'claude-threads-permissions',
+        version: '1.0.0',
+    });
+    server.tool('permission_prompt', 'Handle permission requests via Mattermost reactions', {
+        tool_name: z.string().describe('Name of the tool requesting permission'),
+        input: z.record(z.string(), z.unknown()).describe('Tool input parameters'),
+    }, async ({ tool_name, input }) => {
+        const result = await handlePermission(tool_name, input);
+        return {
+            content: [{ type: 'text', text: JSON.stringify(result) }],
+        };
+    });
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    mcpLogger.info('Permission server ready');
+}
+main().catch((err) => {
+    mcpLogger.error(`Fatal: ${err}`);
+    process.exit(1);
+});

package/dist/onboarding.d.ts

@@ -0,0 +1 @@
+export declare function runOnboarding(): Promise<void>;

package/dist/onboarding.js

@@ -0,0 +1,116 @@
+import prompts from 'prompts';
+import { writeFileSync, mkdirSync } from 'fs';
+import { homedir } from 'os';
+import { resolve } from 'path';
+const bold = (s) => `\x1b[1m${s}\x1b[0m`;
+const dim = (s) => `\x1b[2m${s}\x1b[0m`;
+const green = (s) => `\x1b[32m${s}\x1b[0m`;
+export async function runOnboarding() {
+    console.log('');
+    console.log(bold('  Welcome to claude-threads!'));
+    console.log(dim('  ─────────────────────────────────'));
+    console.log('');
+    console.log('  No configuration found. Let\'s set things up.');
+    console.log('');
+    console.log(dim('  You\'ll need:'));
+    console.log(dim('  • A Mattermost bot account with a token'));
+    console.log(dim('  • A channel ID where the bot will listen'));
+    console.log('');
+    // Handle Ctrl+C gracefully
+    prompts.override({});
+    const onCancel = () => {
+        console.log('');
+        console.log(dim('  Setup cancelled.'));
+        process.exit(0);
+    };
+    const response = await prompts([
+        {
+            type: 'text',
+            name: 'url',
+            message: 'Mattermost URL',
+            initial: 'https://your-mattermost-server.com',
+            validate: (v) => v.startsWith('http') ? true : 'URL must start with http:// or https://',
+        },
+        {
+            type: 'password',
+            name: 'token',
+            message: 'Bot token',
+            hint: 'Create at: Integrations > Bot Accounts > Add Bot Account',
+            validate: (v) => v.length > 0 ? true : 'Token is required',
+        },
+        {
+            type: 'text',
+            name: 'channelId',
+            message: 'Channel ID',
+            hint: 'Click channel name > View Info > copy ID from URL',
+            validate: (v) => v.length > 0 ? true : 'Channel ID is required',
+        },
+        {
+            type: 'text',
+            name: 'botName',
+            message: 'Bot mention name',
+            initial: 'claude-code',
+            hint: 'Users will @mention this name',
+        },
+        {
+            type: 'text',
+            name: 'allowedUsers',
+            message: 'Allowed usernames',
+            initial: '',
+            hint: 'Comma-separated, or empty for all users',
+        },
+        {
+            type: 'confirm',
+            name: 'skipPermissions',
+            message: 'Skip permission prompts?',
+            initial: true,
+            hint: 'If no, you\'ll approve each action via emoji reactions',
+        },
+    ], { onCancel });
+    // Check if user cancelled
+    if (!response.url || !response.token || !response.channelId) {
+        console.log('');
+        console.log(dim('  Setup incomplete. Run claude-threads again to retry.'));
+        process.exit(1);
+    }
+    // Build .env content
+    const envContent = `# claude-threads configuration
+# Generated by claude-threads onboarding
+
+# Mattermost server URL
+MATTERMOST_URL=${response.url}
+
+# Bot token (from Integrations > Bot Accounts)
+MATTERMOST_TOKEN=${response.token}
+
+# Channel ID where the bot listens
+MATTERMOST_CHANNEL_ID=${response.channelId}
+
+# Bot mention name (users @mention this)
+MATTERMOST_BOT_NAME=${response.botName || 'claude-code'}
+
+# Allowed usernames (comma-separated, empty = all users)
+ALLOWED_USERS=${response.allowedUsers || ''}
+
+# Skip permission prompts (true = auto-approve, false = require emoji approval)
+SKIP_PERMISSIONS=${response.skipPermissions ? 'true' : 'false'}
+`;
+    // Save to ~/.config/claude-threads/.env
+    const configDir = resolve(homedir(), '.config', 'claude-threads');
+    const envPath = resolve(configDir, '.env');
+    try {
+        mkdirSync(configDir, { recursive: true });
+        writeFileSync(envPath, envContent, { mode: 0o600 }); // Secure permissions
+    }
+    catch (err) {
+        console.error('');
+        console.error(`  Failed to save config: ${err}`);
+        process.exit(1);
+    }
+    console.log('');
+    console.log(green('  ✓ Configuration saved!'));
+    console.log(dim(`    ${envPath}`));
+    console.log('');
+    console.log(dim('  Starting claude-threads...'));
+    console.log('');
+}