claude-threads 1.14.1 → 1.15.1

package/CHANGELOG.md

@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.15.1] - 2026-05-05
+
+### Fixed
+- **Numeric tool args no longer fail at the MCP boundary when the runtime sends them as strings.** Surfaced live during dogfooding of v1.15.0: calling `search_messages` with `max_results: 5` returned `Invalid input: expected number, received string` from the MCP framework, because the Claude MCP runtime sometimes serializes integer tool arguments as JSON strings before they reach the server, and the receiving `z.number().int()` schema rejected them at parse time. Switched the four affected fields to `z.coerce.number().int()` — `read_post.max_messages`, `list_thread.max_messages`, `read_channel_history.max_messages`, `search_messages.max_results` — so either form parses. Downstream `clamp*` helpers already defend against non-finite / non-positive values, so coercion can't widen the contract beyond the documented caps; non-integer strings like `"1.5"` still fail because `.int()` runs after coercion. Schemas exported so a contract test can verify the coercion without spinning up the full MCP transport. (#375)
+
+## [1.15.0] - 2026-05-05
+
+### Added
+- **Claude can DM channel members directly via the new `send_dm` MCP tool.** When the user asks for a private ping ("DM me when this finishes," "send the report to alice as a DM"), Claude can now call `send_dm(recipient, message)` instead of asking the user to forward the result themselves. The recipient is a Mattermost username (`@anne` or `anne`) or a Slack user id (`U…`/`<@U…>`) — the asymmetry exists because Slack bot tokens can't reverse-look usernames cheaply, and paginating `users.list` per call is wasteful. Six gates run in order: shape (recipient and message non-empty, message under 4000-char cap), recipient resolution (platform API turns the input into a user id + canonical username), self-DM guard, channel membership (recipient must be a current member of the bot channel, fetched once and cached for 60s), rate limit (3 DMs per recipient per session, optimistic counter increment with rollback on deny / timeout / send-error), and a per-recipient interactive permission prompt the first time the session DMs each user. ✅ promotes that recipient — and only that recipient — to no-prompt for the rest of the session; the rate limit still applies. An in-flight set blocks parallel `send_dm` calls to the same recipient from posting duplicate prompts when Claude fans out tool_use blocks in a single turn. Every DM is prefixed with an attribution line — `_(automated message via claude-threads, on behalf of @anne from #channel)_` — so recipients can trace it back to the session that sent it; the channel name is fetched lazily via the platform's channel-info endpoint, the session-owner username is plumbed in from `session.startedBy` through a new `SESSION_OWNER_USERNAME` env var that threads `lifecycle.ts` → `restart-options.ts` → `ClaudeCliOptions` → `buildPermissionArgs` → MCP child (covers all five `new ClaudeCli` sites). New optional `McpPlatformApi` methods `getChannelMembers`, `resolveRecipient`, `sendDirectMessage`; `getChannelInfo` gained a `name?` field. RED-GREEN tests on every load-bearing guard — self-DM check, membership, rate limit, attribution prefix, allow-all-is-per-recipient, counter rollback on deny / timeout, in-flight-prompt deduplication. (#374)
+
 ## [1.14.1] - 2026-05-05
 
 ### Fixed

package/dist/index.js

@@ -51826,6 +51826,22 @@ async function addReaction(config, postId, userId, emojiName) {
     emoji_name: emojiName
   });
 }
+async function getUserByUsernameRaw(config, username) {
+  try {
+    return await mattermostApi(config, "GET", `/users/username/${encodeURIComponent(username)}`);
+  } catch (err) {
+    apiLog.debug(`Failed to lookup user @${username}: ${err}`);
+    return null;
+  }
+}
+async function createDirectChannelRaw(config, userIdA, userIdB) {
+  try {
+    return await mattermostApi(config, "POST", "/channels/direct", [userIdA, userIdB]);
+  } catch (err) {
+    apiLog.debug(`Failed to open direct channel ${userIdA}↔${userIdB}: ${err}`);
+    return null;
+  }
+}
 function isUserInAllowList(username, allowList) {
   if (allowList.length === 0)
     return true;
@@ -52033,7 +52049,33 @@ class MattermostMcpPlatformApi {
       return null;
     const channelType = channel.type === "O" ? "public" : "private";
     this.channelTypeCache.set(channelId, channelType);
-    return { id: channel.id, channelType };
+    const name = channel.display_name || channel.name;
+    return { id: channel.id, channelType, name };
+  }
+  async getChannelMembers(channelId) {
+    try {
+      const members = await mattermostApi(this.apiConfig, "GET", `/channels/${channelId}/members?per_page=200`);
+      return members.map((m) => m.user_id);
+    } catch (err) {
+      mcpLogger.debug(`getChannelMembers ${channelId} failed: ${err}`);
+      return null;
+    }
+  }
+  async resolveRecipient(recipient) {
+    const normalized = recipient.replace(/^@/, "");
+    const user = await getUserByUsernameRaw(this.apiConfig, normalized);
+    if (!user)
+      return null;
+    return { id: user.id, username: user.username };
+  }
+  async sendDirectMessage(recipientUserId, message) {
+    const botUserId = await this.getBotUserId();
+    const dmChannel = await createDirectChannelRaw(this.apiConfig, botUserId, recipientUserId);
+    if (!dmChannel) {
+      throw new Error("failed to open direct channel with recipient");
+    }
+    const post = await createPost(this.apiConfig, dmChannel.id, message);
+    return { postId: post.id };
   }
   async searchMessages(query, options) {
     const limit = options?.limit ?? 10;
@@ -52393,13 +52435,62 @@ class SlackMcpPlatformApi {
       const isPrivate = ch.is_private || ch.is_im || ch.is_mpim || false;
       return {
         id: ch.id,
-        channelType: isPrivate ? "private" : "public"
+        channelType: isPrivate ? "private" : "public",
+        name: ch.name
       };
     } catch (err) {
       mcpLogger.debug(`getChannelInfo ${channelId} failed: ${err}`);
       return null;
     }
   }
+  async getChannelMembers(channelId) {
+    const maxPages = 20;
+    const all = [];
+    let cursor = undefined;
+    try {
+      for (let i2 = 0;i2 < maxPages; i2++) {
+        const params = {
+          channel: channelId,
+          limit: 1000
+        };
+        if (cursor)
+          params.cursor = cursor;
+        const response = await slackApi("conversations.members", this.config.botToken, params);
+        all.push(...response.members ?? []);
+        cursor = response.response_metadata?.next_cursor;
+        if (!cursor)
+          return all;
+      }
+      mcpLogger.warn(`getChannelMembers ${channelId} hit page cap of ${maxPages}`);
+      return all;
+    } catch (err) {
+      mcpLogger.debug(`getChannelMembers ${channelId} failed: ${err}`);
+      return null;
+    }
+  }
+  async resolveRecipient(recipient) {
+    const id = recipient.replace(/^<@/, "").replace(/>$/, "");
+    if (!/^[UW][A-Z0-9]{8,}$/.test(id)) {
+      return null;
+    }
+    try {
+      const response = await slackApi("users.info", this.config.botToken, { user: id });
+      return { id: response.user.id, username: response.user.name ?? null };
+    } catch (err) {
+      mcpLogger.debug(`resolveRecipient ${id} failed: ${err}`);
+      return null;
+    }
+  }
+  async sendDirectMessage(recipientUserId, message) {
+    const opened = await slackApi("conversations.open", this.config.botToken, { users: recipientUserId });
+    const dmChannelId = opened.channel.id;
+    const post = await slackApi("chat.postMessage", this.config.botToken, {
+      channel: dmChannelId,
+      text: message,
+      mrkdwn: true
+    });
+    return { postId: post.ts };
+  }
 }
 function slackMessageToMcpPost(message, channelId, username) {
   const createAt = Math.floor(parseFloat(message.ts) * 1000);
@@ -53576,7 +53667,8 @@ function buildPermissionArgs(opts) {
     PLATFORM_THREAD_ID: opts.threadId || "",
     ALLOWED_USERS: opts.platformConfig.allowedUsers.join(","),
     DEBUG: opts.debug ? "1" : "",
-    PERMISSION_TIMEOUT_MS: String(opts.permissionTimeoutMs)
+    PERMISSION_TIMEOUT_MS: String(opts.permissionTimeoutMs),
+    SESSION_OWNER_USERNAME: opts.sessionOwnerUsername || ""
   };
   if (opts.platformConfig.appToken) {
     mcpEnv.PLATFORM_APP_TOKEN = opts.platformConfig.appToken;
@@ -53715,7 +53807,8 @@ class ClaudeCli extends EventEmitter2 {
       debug: this.debug,
       workingDir: this.options.workingDir,
       uploadDir: this.options.uploadDir,
-      outboundFiles: this.options.outboundFiles
+      outboundFiles: this.options.outboundFiles,
+      sessionOwnerUsername: this.options.sessionOwnerUsername
     });
     args.push(...permResult.args);
     this.mcpConfigTempFile = permResult.tempFile;
@@ -55356,7 +55449,8 @@ function buildRestartCliOptions(session, ctx) {
     permissionTimeoutMs: ctx.permissionTimeoutMs,
     account: ctx.account,
     uploadDir: getSessionUploadDir(session.platformId, session.threadId),
-    outboundFiles: platformMcpConfig.outboundFiles
+    outboundFiles: platformMcpConfig.outboundFiles,
+    sessionOwnerUsername: session.startedBy
   };
 }
 
@@ -66579,7 +66673,8 @@ async function startSession(options, username, displayName, replyToPostId, platf
     permissionTimeoutMs: ctx.config.permissionTimeoutMs,
     account: claudeAccount ? { id: claudeAccount.id, home: claudeAccount.home, apiKey: claudeAccount.apiKey } : undefined,
     uploadDir: getSessionUploadDir(platformId, actualThreadId),
-    outboundFiles: platformMcpConfig.outboundFiles
+    outboundFiles: platformMcpConfig.outboundFiles,
+    sessionOwnerUsername: username
   };
   const claude = new ClaudeCli(cliOptions);
   const session = {
@@ -66730,7 +66825,8 @@ Please start a new session.`), { action: "Post resume failure notification" });
     permissionTimeoutMs: ctx.config.permissionTimeoutMs,
     account: claudeAccount ? { id: claudeAccount.id, home: claudeAccount.home, apiKey: claudeAccount.apiKey } : undefined,
     uploadDir: getSessionUploadDir(platformId, state.threadId),
-    outboundFiles: platformMcpConfig.outboundFiles
+    outboundFiles: platformMcpConfig.outboundFiles,
+    sessionOwnerUsername: state.startedBy
   };
   const claude = new ClaudeCli(cliOptions);
   const session = {

package/dist/mcp/mcp-server.js

@@ -54866,7 +54866,8 @@ function buildPermissionArgs(opts) {
     PLATFORM_THREAD_ID: opts.threadId || "",
     ALLOWED_USERS: opts.platformConfig.allowedUsers.join(","),
     DEBUG: opts.debug ? "1" : "",
-    PERMISSION_TIMEOUT_MS: String(opts.permissionTimeoutMs)
+    PERMISSION_TIMEOUT_MS: String(opts.permissionTimeoutMs),
+    SESSION_OWNER_USERNAME: opts.sessionOwnerUsername || ""
   };
   if (opts.platformConfig.appToken) {
     mcpEnv.PLATFORM_APP_TOKEN = opts.platformConfig.appToken;
@@ -55005,7 +55006,8 @@ class ClaudeCli extends EventEmitter2 {
       debug: this.debug,
       workingDir: this.options.workingDir,
       uploadDir: this.options.uploadDir,
-      outboundFiles: this.options.outboundFiles
+      outboundFiles: this.options.outboundFiles,
+      sessionOwnerUsername: this.options.sessionOwnerUsername
     });
     args.push(...permResult.args);
     this.mcpConfigTempFile = permResult.tempFile;
@@ -56129,6 +56131,22 @@ async function addReaction(config3, postId, userId, emojiName) {
     emoji_name: emojiName
   });
 }
+async function getUserByUsernameRaw(config3, username) {
+  try {
+    return await mattermostApi(config3, "GET", `/users/username/${encodeURIComponent(username)}`);
+  } catch (err) {
+    apiLog.debug(`Failed to lookup user @${username}: ${err}`);
+    return null;
+  }
+}
+async function createDirectChannelRaw(config3, userIdA, userIdB) {
+  try {
+    return await mattermostApi(config3, "POST", "/channels/direct", [userIdA, userIdB]);
+  } catch (err) {
+    apiLog.debug(`Failed to open direct channel ${userIdA}↔${userIdB}: ${err}`);
+    return null;
+  }
+}
 function isUserInAllowList(username, allowList) {
   if (allowList.length === 0)
     return true;
@@ -56336,7 +56354,33 @@ class MattermostMcpPlatformApi {
       return null;
     const channelType = channel.type === "O" ? "public" : "private";
     this.channelTypeCache.set(channelId, channelType);
-    return { id: channel.id, channelType };
+    const name = channel.display_name || channel.name;
+    return { id: channel.id, channelType, name };
+  }
+  async getChannelMembers(channelId) {
+    try {
+      const members = await mattermostApi(this.apiConfig, "GET", `/channels/${channelId}/members?per_page=200`);
+      return members.map((m) => m.user_id);
+    } catch (err) {
+      mcpLogger.debug(`getChannelMembers ${channelId} failed: ${err}`);
+      return null;
+    }
+  }
+  async resolveRecipient(recipient) {
+    const normalized = recipient.replace(/^@/, "");
+    const user = await getUserByUsernameRaw(this.apiConfig, normalized);
+    if (!user)
+      return null;
+    return { id: user.id, username: user.username };
+  }
+  async sendDirectMessage(recipientUserId, message) {
+    const botUserId = await this.getBotUserId();
+    const dmChannel = await createDirectChannelRaw(this.apiConfig, botUserId, recipientUserId);
+    if (!dmChannel) {
+      throw new Error("failed to open direct channel with recipient");
+    }
+    const post2 = await createPost(this.apiConfig, dmChannel.id, message);
+    return { postId: post2.id };
   }
   async searchMessages(query, options) {
     const limit = options?.limit ?? 10;
@@ -56838,13 +56882,62 @@ class SlackMcpPlatformApi {
       const isPrivate = ch.is_private || ch.is_im || ch.is_mpim || false;
       return {
         id: ch.id,
-        channelType: isPrivate ? "private" : "public"
+        channelType: isPrivate ? "private" : "public",
+        name: ch.name
       };
     } catch (err) {
       mcpLogger.debug(`getChannelInfo ${channelId} failed: ${err}`);
       return null;
     }
   }
+  async getChannelMembers(channelId) {
+    const maxPages = 20;
+    const all = [];
+    let cursor = undefined;
+    try {
+      for (let i2 = 0;i2 < maxPages; i2++) {
+        const params = {
+          channel: channelId,
+          limit: 1000
+        };
+        if (cursor)
+          params.cursor = cursor;
+        const response = await slackApi("conversations.members", this.config.botToken, params);
+        all.push(...response.members ?? []);
+        cursor = response.response_metadata?.next_cursor;
+        if (!cursor)
+          return all;
+      }
+      mcpLogger.warn(`getChannelMembers ${channelId} hit page cap of ${maxPages}`);
+      return all;
+    } catch (err) {
+      mcpLogger.debug(`getChannelMembers ${channelId} failed: ${err}`);
+      return null;
+    }
+  }
+  async resolveRecipient(recipient) {
+    const id = recipient.replace(/^<@/, "").replace(/>$/, "");
+    if (!/^[UW][A-Z0-9]{8,}$/.test(id)) {
+      return null;
+    }
+    try {
+      const response = await slackApi("users.info", this.config.botToken, { user: id });
+      return { id: response.user.id, username: response.user.name ?? null };
+    } catch (err) {
+      mcpLogger.debug(`resolveRecipient ${id} failed: ${err}`);
+      return null;
+    }
+  }
+  async sendDirectMessage(recipientUserId, message) {
+    const opened = await slackApi("conversations.open", this.config.botToken, { users: recipientUserId });
+    const dmChannelId = opened.channel.id;
+    const post2 = await slackApi("chat.postMessage", this.config.botToken, {
+      channel: dmChannelId,
+      text: message,
+      mrkdwn: true
+    });
+    return { postId: post2.ts };
+  }
 }
 function slackMessageToMcpPost(message, channelId, username) {
   const createAt = Math.floor(parseFloat(message.ts) * 1000);
@@ -57165,6 +57258,7 @@ var PLATFORM_CHANNEL_ID = process.env.PLATFORM_CHANNEL_ID || "";
 var PLATFORM_THREAD_ID = process.env.PLATFORM_THREAD_ID || "";
 var ALLOWED_USERS = (process.env.ALLOWED_USERS || "").split(",").map((u) => u.trim()).filter((u) => u.length > 0);
 var PERMISSION_TIMEOUT_MS = parseInt(process.env.PERMISSION_TIMEOUT_MS || "120000", 10);
+var SESSION_OWNER_USERNAME = process.env.SESSION_OWNER_USERNAME || "";
 var SESSION_WORKING_DIR = process.env[OUTBOUND_ENV.SESSION_WORKING_DIR] || "";
 var SESSION_UPLOAD_DIR = process.env[OUTBOUND_ENV.SESSION_UPLOAD_DIR] || "";
 var OUTBOUND_FILES_ENABLED = (process.env[OUTBOUND_ENV.OUTBOUND_FILES_ENABLED] ?? "1") !== "0";
@@ -57176,14 +57270,16 @@ var UPDATE_OWN_POST_TOOL_NAME = "mcp__claude-threads-mcp__update_own_post";
 var LIST_THREAD_TOOL_NAME = "mcp__claude-threads-mcp__list_thread";
 var READ_CHANNEL_HISTORY_TOOL_NAME = "mcp__claude-threads-mcp__read_channel_history";
 var SEARCH_MESSAGES_TOOL_NAME = "mcp__claude-threads-mcp__search_messages";
-var AUTO_ALLOWED_MCP_TOOLS = new Set([
+var SEND_DM_TOOL_NAME = "mcp__claude-threads-mcp__send_dm";
+var SKIP_STANDARD_PERMISSION_PROMPT = new Set([
   SEND_FILE_TOOL_NAME,
   READ_POST_TOOL_NAME,
   REACT_TO_POST_TOOL_NAME,
   UPDATE_OWN_POST_TOOL_NAME,
   LIST_THREAD_TOOL_NAME,
   READ_CHANNEL_HISTORY_TOOL_NAME,
-  SEARCH_MESSAGES_TOOL_NAME
+  SEARCH_MESSAGES_TOOL_NAME,
+  SEND_DM_TOOL_NAME
 ]);
 var apiConfig = PLATFORM_TYPE === "slack" ? {
   platformType: "slack",
@@ -57210,10 +57306,18 @@ function getApi() {
   return mcpApi;
 }
 var allowAllSession = false;
+var SEND_DM_PER_RECIPIENT_LIMIT = 3;
+var SEND_DM_MEMBER_CACHE_TTL_MS = 60000;
+var SEND_DM_MAX_MESSAGE_CHARS = 4000;
+var sendDmCounts = new Map;
+var sendDmAllowedRecipients = new Set;
+var sendDmInFlightPrompts = new Set;
+var sendDmMemberCache = null;
+var sendDmChannelLabel = null;
 async function handlePermissionWith(toolName, toolInput, cfg) {
   mcpLogger.debug(`handlePermission called for ${toolName}`);
-  if (AUTO_ALLOWED_MCP_TOOLS.has(toolName)) {
-    mcpLogger.debug(`Auto-allowing ${toolName} (handler enforces its own gate)`);
+  if (SKIP_STANDARD_PERMISSION_PROMPT.has(toolName)) {
+    mcpLogger.debug(`Skipping standard prompt for ${toolName} (handler enforces its own gate)`);
     return { behavior: "allow", updatedInput: toolInput };
   }
   if (cfg.getAllowAll()) {
@@ -57312,7 +57416,7 @@ var sendFileInputSchema = {
 var readPostInputSchema = {
   url: exports_external.string().describe("Permalink URL to a post on the chat platform the bot is connected to. Must be on the same host as the bot."),
   include_thread: exports_external.boolean().optional().describe("When true, also fetch surrounding messages in the same thread (oldest first). Defaults to false."),
-  max_messages: exports_external.number().int().optional().describe(`Maximum thread messages to return when include_thread is true. Defaults to ${DEFAULT_THREAD_LIMIT}, capped at ${MAX_THREAD_LIMIT}.`)
+  max_messages: exports_external.coerce.number().int().optional().describe(`Maximum thread messages to return when include_thread is true. Defaults to ${DEFAULT_THREAD_LIMIT}, capped at ${MAX_THREAD_LIMIT}.`)
 };
 var reactToPostInputSchema = {
   url: exports_external.string().describe("Permalink URL to a post the bot can already see (its own channel, or a public channel on the same instance)."),
@@ -57324,15 +57428,19 @@ var updateOwnPostInputSchema = {
 };
 var listThreadInputSchema = {
   url: exports_external.string().optional().describe("Permalink to any post in the target thread. If omitted, the current session thread is read."),
-  max_messages: exports_external.number().int().optional().describe(`Maximum messages to return (oldest first). Defaults to ${DEFAULT_THREAD_LIMIT}, capped at ${MAX_THREAD_LIMIT}.`)
+  max_messages: exports_external.coerce.number().int().optional().describe(`Maximum messages to return (oldest first). Defaults to ${DEFAULT_THREAD_LIMIT}, capped at ${MAX_THREAD_LIMIT}.`)
 };
 var readChannelHistoryInputSchema = {
   channel_id: exports_external.string().describe("Channel identifier. Mattermost: the 26-char channel id. Slack: the channel id (C…/G…). " + "Must be the bot's own channel or a public channel on the same instance."),
-  max_messages: exports_external.number().int().optional().describe("Maximum messages to return (oldest first). Defaults to 20, capped at 100.")
+  max_messages: exports_external.coerce.number().int().optional().describe("Maximum messages to return (oldest first). Defaults to 20, capped at 100.")
 };
 var searchMessagesInputSchema = {
   query: exports_external.string().describe("Search query (platform-specific syntax). Mattermost supports phrase quoting and from:user filters."),
-  max_results: exports_external.number().int().optional().describe("Maximum results to return. Defaults to 10, capped at 25.")
+  max_results: exports_external.coerce.number().int().optional().describe("Maximum results to return. Defaults to 10, capped at 25.")
+};
+var sendDmInputSchema = {
+  recipient: exports_external.string().describe("Recipient identifier. Mattermost: a username (with or without leading @). " + "Slack: a user ID (e.g. 'U0123ABC' or '<@U0123ABC>'). The recipient must be a " + "current member of the bot's channel."),
+  message: exports_external.string().describe("Message body to send as a DM. Bot prepends an attribution prefix.")
 };
 async function handleSendFileWith(args, cfg) {
   if (!cfg.enabled) {
@@ -57743,6 +57851,235 @@ async function handleSearchMessages(args) {
     botChannelId: PLATFORM_CHANNEL_ID
   });
 }
+async function handleSendDmWith(args, cfg) {
+  if (!cfg.api.resolveRecipient || !cfg.api.sendDirectMessage || !cfg.api.getChannelMembers) {
+    return { ok: false, reason: "this platform does not support direct messages" };
+  }
+  if (!cfg.botChannelId) {
+    return { ok: false, reason: "platform channel not configured" };
+  }
+  const recipientArg = (args.recipient ?? "").trim();
+  if (recipientArg.length === 0) {
+    return { ok: false, reason: "recipient must be a non-empty string" };
+  }
+  if (typeof args.message !== "string" || args.message.trim().length === 0) {
+    return { ok: false, reason: "message must be a non-empty string" };
+  }
+  if (args.message.length > cfg.maxMessageChars) {
+    return {
+      ok: false,
+      reason: `message exceeds ${cfg.maxMessageChars}-character cap (${args.message.length} chars supplied)`
+    };
+  }
+  const resolved = await cfg.api.resolveRecipient(recipientArg);
+  if (!resolved) {
+    return { ok: false, reason: `could not resolve recipient '${recipientArg}'` };
+  }
+  let botUserId;
+  try {
+    botUserId = await cfg.api.getBotUserId();
+  } catch (err) {
+    return {
+      ok: false,
+      reason: `could not verify bot identity: ${err instanceof Error ? err.message : String(err)}`
+    };
+  }
+  if (resolved.id === botUserId) {
+    return { ok: false, reason: "cannot send a DM to the bot itself" };
+  }
+  const member = await isRecipientChannelMember(resolved.id, cfg);
+  if (!member.ok)
+    return { ok: false, reason: member.reason };
+  const sentSoFar = cfg.counts.get(resolved.id) ?? 0;
+  if (sentSoFar >= cfg.perRecipientLimit) {
+    return {
+      ok: false,
+      reason: `rate-limited: already sent ${sentSoFar} DM${sentSoFar === 1 ? "" : "s"} to this recipient in this session (limit ${cfg.perRecipientLimit})`
+    };
+  }
+  cfg.counts.set(resolved.id, sentSoFar + 1);
+  const rollbackCounter = () => {
+    const current = cfg.counts.get(resolved.id) ?? 0;
+    if (current > 0)
+      cfg.counts.set(resolved.id, current - 1);
+  };
+  if (!cfg.allowedRecipients.has(resolved.id)) {
+    if (cfg.inFlightPrompts.has(resolved.id)) {
+      rollbackCounter();
+      return {
+        ok: false,
+        reason: "a permission prompt for this recipient is already pending — wait for it to resolve before retrying"
+      };
+    }
+    cfg.inFlightPrompts.add(resolved.id);
+    let decision;
+    try {
+      decision = await promptForDmPermission(resolved.id, resolved.username, cfg);
+    } finally {
+      cfg.inFlightPrompts.delete(resolved.id);
+    }
+    if (decision === "deny") {
+      rollbackCounter();
+      return { ok: false, reason: "user denied this DM" };
+    }
+    if (decision === "timeout") {
+      rollbackCounter();
+      return { ok: false, reason: "permission prompt timed out" };
+    }
+    if (decision === "error") {
+      rollbackCounter();
+      return { ok: false, reason: "permission prompt failed; refusing to send" };
+    }
+    if (decision === "allow-all") {
+      cfg.allowedRecipients.add(resolved.id);
+    }
+  }
+  const channelLabel = await resolveChannelLabel(cfg);
+  const prefix = buildAttributionPrefix(cfg.sessionOwnerUsername, channelLabel);
+  const fullMessage = `${prefix}
+
+${args.message}`;
+  let postId;
+  try {
+    const result = await cfg.api.sendDirectMessage(resolved.id, fullMessage);
+    postId = result.postId;
+  } catch (err) {
+    rollbackCounter();
+    const reason = err instanceof Error ? err.message : String(err);
+    mcpLogger.warn(`send_dm failed: ${reason}`);
+    return { ok: false, reason };
+  }
+  return { ok: true, postId };
+}
+async function isRecipientChannelMember(recipientUserId, cfg) {
+  const now = cfg.now ?? Date.now;
+  const cache = cfg.memberCache.value;
+  if (cache && cache.channelId === cfg.botChannelId && cache.expiresAt > now()) {
+    if (cache.members.has(recipientUserId))
+      return { ok: true };
+    return {
+      ok: false,
+      reason: "recipient is not a member of the bot channel — only channel members can be DMed"
+    };
+  }
+  if (!cfg.api.getChannelMembers) {
+    return { ok: false, reason: "platform does not expose channel members" };
+  }
+  const members = await cfg.api.getChannelMembers(cfg.botChannelId);
+  if (members === null) {
+    return { ok: false, reason: "could not fetch channel members" };
+  }
+  const set4 = new Set(members);
+  cfg.memberCache.value = {
+    channelId: cfg.botChannelId,
+    members: set4,
+    expiresAt: now() + cfg.memberCacheTtlMs
+  };
+  if (set4.has(recipientUserId))
+    return { ok: true };
+  return {
+    ok: false,
+    reason: "recipient is not a member of the bot channel — only channel members can be DMed"
+  };
+}
+async function promptForDmPermission(recipientId, recipientUsername, cfg) {
+  const now = cfg.now ?? Date.now;
+  const formatter = cfg.api.getFormatter();
+  const recipientLabel = recipientUsername ? `@${recipientUsername}` : recipientId;
+  const message = `⚠️ ${formatter.formatBold("Permission requested")}
+
+` + `claude-threads wants to send a DM to ${formatter.formatBold(recipientLabel)}.
+
+` + `\uD83D\uDC4D Allow once | ✅ Allow all DMs to this recipient | \uD83D\uDC4E Deny`;
+  let post2;
+  let botUserId;
+  try {
+    botUserId = await cfg.api.getBotUserId();
+    post2 = await cfg.api.createInteractivePost(message, [APPROVAL_EMOJIS[0], ALLOW_ALL_EMOJIS[0], DENIAL_EMOJIS[0]], cfg.threadId);
+  } catch (err) {
+    mcpLogger.error(`send_dm prompt failed: ${err}`);
+    return "error";
+  }
+  const startTime = now();
+  while (true) {
+    const remainingTime = cfg.promptTimeoutMs - (now() - startTime);
+    if (remainingTime <= 0) {
+      await safeUpdatePost(cfg.api, post2.id, `⏱️ ${formatter.formatBold("Timed out")} — DM to ${recipientLabel} not sent`);
+      return "timeout";
+    }
+    const reaction = await cfg.api.waitForReaction(post2.id, botUserId, remainingTime);
+    if (!reaction) {
+      await safeUpdatePost(cfg.api, post2.id, `⏱️ ${formatter.formatBold("Timed out")} — DM to ${recipientLabel} not sent`);
+      return "timeout";
+    }
+    const username = await cfg.api.getUsername(reaction.userId);
+    if (username && cfg.api.isUserAllowed(username)) {
+      const emoji4 = reaction.emojiName;
+      if (isApprovalEmoji(emoji4)) {
+        await safeUpdatePost(cfg.api, post2.id, `✅ ${formatter.formatBold("Allowed")} by ${formatter.formatUserMention(username)} — sending DM to ${recipientLabel}`);
+        return "allow-once";
+      }
+      if (isAllowAllEmoji(emoji4)) {
+        await safeUpdatePost(cfg.api, post2.id, `✅ ${formatter.formatBold("Allow all")} by ${formatter.formatUserMention(username)} — DMs to ${recipientLabel} won't prompt again this session`);
+        return "allow-all";
+      }
+      await safeUpdatePost(cfg.api, post2.id, `❌ ${formatter.formatBold("Denied")} by ${formatter.formatUserMention(username)}`);
+      return "deny";
+    }
+    mcpLogger.debug(`Ignoring unauthorized DM-permission reaction from ${username || reaction.userId}`);
+  }
+}
+async function safeUpdatePost(api3, postId, message) {
+  try {
+    await api3.updatePost(postId, message);
+  } catch (err) {
+    mcpLogger.warn(`updatePost failed (cosmetic): ${err}`);
+  }
+}
+async function resolveChannelLabel(cfg) {
+  const slot = cfg.channelLabelCache;
+  if (slot.value !== null)
+    return slot.value;
+  if (!cfg.api.getChannelInfo) {
+    slot.value = cfg.botChannelId;
+    return slot.value;
+  }
+  const info = await cfg.api.getChannelInfo(cfg.botChannelId);
+  slot.value = info?.name ? `#${info.name}` : cfg.botChannelId;
+  return slot.value;
+}
+function buildAttributionPrefix(ownerUsername, channelLabel) {
+  if (ownerUsername) {
+    return `_(automated message via claude-threads, on behalf of @${ownerUsername} from ${channelLabel})_`;
+  }
+  return `_(automated message via claude-threads from ${channelLabel})_`;
+}
+async function handleSendDm(args) {
+  return handleSendDmWith(args, {
+    api: getApi(),
+    platformType: PLATFORM_TYPE,
+    botChannelId: PLATFORM_CHANNEL_ID,
+    sessionOwnerUsername: SESSION_OWNER_USERNAME,
+    threadId: PLATFORM_THREAD_ID || undefined,
+    promptTimeoutMs: PERMISSION_TIMEOUT_MS,
+    counts: sendDmCounts,
+    allowedRecipients: sendDmAllowedRecipients,
+    inFlightPrompts: sendDmInFlightPrompts,
+    memberCache: { get value() {
+      return sendDmMemberCache;
+    }, set value(v) {
+      sendDmMemberCache = v;
+    } },
+    channelLabelCache: { get value() {
+      return sendDmChannelLabel;
+    }, set value(v) {
+      sendDmChannelLabel = v;
+    } },
+    perRecipientLimit: SEND_DM_PER_RECIPIENT_LIMIT,
+    memberCacheTtlMs: SEND_DM_MEMBER_CACHE_TTL_MS,
+    maxMessageChars: SEND_DM_MAX_MESSAGE_CHARS
+  });
+}
 async function resolvePostFromUrl(url2, cfg) {
   if (cfg.platformType === "mattermost") {
     if (!cfg.platformUrl) {
@@ -57839,6 +58176,12 @@ async function main() {
       content: [{ type: "text", text: JSON.stringify(result) }]
     };
   });
+  server.tool("send_dm", "Send a direct message to a member of the bot's channel. Use this when the user " + "asks to ping someone in private (a status update, a notification, a result they want as a DM). " + "The recipient must be a current member of the bot channel. The first DM to each recipient " + "in a session triggers a permission prompt in the bot channel; ✅ allow-all promotes that " + "specific recipient to no-prompt for the rest of the session. " + "Hard limit: 3 DMs per recipient per session. The bot prepends an attribution line so " + "recipients can see the DM came from a session and who started it. " + "Returns { ok: true, postId } on success or { ok: false, reason } on failure (denied, " + "rate-limited, recipient not in channel, etc.).", sendDmInputSchema, async ({ recipient, message }) => {
+    const result = await handleSendDm({ recipient, message });
+    return {
+      content: [{ type: "text", text: JSON.stringify(result) }]
+    };
+  });
   const transport = new StdioServerTransport;
   await server.connect(transport);
   mcpLogger.info(`Permission server ready (platform: ${PLATFORM_TYPE})`);
@@ -57848,8 +58191,13 @@ main().catch((err) => {
   process.exit(1);
 });
 export {
+  searchMessagesInputSchema,
+  readPostInputSchema,
+  readChannelHistoryInputSchema,
+  listThreadInputSchema,
   handleUpdateOwnPostWith,
   handleSendFileWith,
+  handleSendDmWith,
   handleSearchMessagesWith,
   handleReadPostWith,
   handleReadChannelHistoryWith,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-threads",
-  "version": "1.14.1",
+  "version": "1.15.1",
   "description": "Share Claude Code sessions live in a Mattermost channel with interactive features",
   "main": "dist/index.js",
   "type": "module",