claude-threads 1.16.0 → 1.16.2

package/CHANGELOG.md

@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.16.2] - 2026-05-31
+
+### Fixed
+- **Sturdier retry budget for the Mattermost post-save race.** Under load Mattermost can return a burst of 500s on `POST /posts` (the threads write race: duplicate key on `threads_pkey` / `app.post.save.app_error`) when several posts stream to the same thread. The retry budget was 3 attempts with plain exponential backoff; a heavy burst exhausted it and dropped a post, which surfaced as flaky task-list / sticky / context-prompt behavior. The budget is now 6 attempts with a capped (2s), equal-jittered backoff. The cap keeps the total wait bounded so a long retry chain can't itself stall things, and the jitter decorrelates concurrent posts that would otherwise re-collide on the same row lock every round. (#394)
+- **Two remaining memory leaks after #351.** First, `MessageManager.dispose()` cleared the post tracker but never called `this.events.removeAllListeners()` on the per-session emitter. Each session attaches a handful of listeners (`question:complete`, `task:update`, `approval:complete`, and the rest), and their closures kept session state reachable after the session ended, so the heap grew with every session. `dispose()` now removes the listeners before resetting. Second, React 19 enables user timing when both `console.timeStamp` and `performance.measure` exist (the case on Node.js 25+), so every component re-render calls `performance.measure()` with a structured-clone'd prop-diff detail that Node buffers indefinitely (~50-205 KB per entry, ~2 GB after a long uptime). Nothing in the bot reads those entries, so a guarded `setInterval` clears them every 60 seconds with `.unref()` so it never blocks a clean exit. (#394)
+
+## [1.16.1] - 2026-05-22
+
+### Security
+- **Fail-closed authorization on the user-driven paths that invoke Claude.** A confirmed bypass let an unauthorized Slack user (not in `allowedUsers`, non-empty allowlist) reach Claude: the bot posted both the "not authorized" warning and a real answer in the same thread. Rather than chase the one leaking caller, authorization is now deny-by-default at the functions that spawn or message Claude on a user's behalf: `startSession`, `sendFollowUp`, and `resumePausedSession`, plus the resume-from-reaction path. A single helper, `isAuthorizedForSession`, encodes every tier (global allowlist, empty-allowlist allow-all, per-session owner and invited users) and refuses a missing, empty, or `unknown` username. Every user-facing path now routes through that one helper instead of duplicating the check. The biggest gap was message-driven resume, which ran purely from persisted state with no identity check; it now takes a `username` and verifies it against the persisted session allowlist before resuming. The two system-triggered resume paths (bulk restore after a bot restart) stay ungated by design, since they carry no user identity. Legitimate username-less follow-ups (passthrough slash commands like `/context`, already authorized upstream) pass an explicit `system` flag so they are not caught. The mid-session approval flow is untouched: it still adds approved users to the session allowlist, so the check passes once approval is granted. (#388)
+- **hono 4.12.18 → 4.12.21** picks up four upstream security fixes: GHSA-2gcr-mfcq-wcc3 (`app.mount()` stripped the mount prefix from the raw, undecoded pathname, so percent-encoded paths could be cut at the wrong offset and reach a sub-app with the wrong path), GHSA-xrhx-7g5j-rcj5 (`hono/ip-restriction` compared IPs by string equality, so non-canonical IPv6 forms such as compressed or hex IPv4-mapped addresses slipped past static deny rules), GHSA-3hrh-pfw6-9m5x (the cookie helper didn't sanitize `sameSite`/`priority`, allowing Set-Cookie injection via `;`, `\r`, `\n`), and GHSA-f577-qrjj-4474 (`hono/jwt` accepted any two-part Authorization header regardless of scheme, not just `Bearer`). claude-threads reaches hono through `@hono/node-server` on the inbound webhook surface, so the mount-prefix and Set-Cookie fixes are the relevant ones. (#386)
+
+### Changed
+- **Production deps** bumped: `@hono/node-server` 2.0.2 → 2.0.3 (preserves headers mutated after raw Response construction), `express-rate-limit` 8.5.1 → 8.5.2 (simplified IPv6 key generation). Lockfile-only. (#386)
+- **Dev deps** bumped: `@types/bun` 1.3.13 → 1.3.14, `@types/node` 25.7.0 → 25.9.1, `@types/react` 19.2.14 → 19.2.15, `eslint` 10.3.0 → 10.4.0 (adds `includeIgnoreFile()` and a `for-direction` sequence-expression check, both additive), `lint-staged` 17.0.4 → 17.0.5, `typescript-eslint` 8.59.3 → 8.59.4 (fixes a `no-floating-promises` stack overflow on recursive types). Lockfile-only. (#385)
+
+### Fixed
+- **Multiple pasted screenshots no longer silently vanish.** When you paste several clipboard images into one chat message, the platforms hand them all the same filename (`image.png`). The save path wrote each one with the `wx` (`O_EXCL`) flag, so the second and later files hit `EEXIST`, got caught, and were reported as a download failure, so they never reached Claude. Saves now dedupe filenames within a single message, inserting a numeric suffix before the extension (`image.png`, `image_1.png`, `image_2.png`); files without an extension get `report`, `report_1`, and so on. The unique name is resolved before the write, so the `wx` flag still does its job against symlink races. (#387)
+- **Inbound attachments are no longer capped at 100 MB.** A hard 100 MB ceiling on incoming files meant anything larger was skipped with a "too large" warning, which surprised people sharing big assets. The cap is gone; an attachment of any reported size is downloaded and written to disk. One tradeoff worth knowing: `downloadFile` still buffers the whole file in memory via `arrayBuffer()`, so a very large attachment is held in RAM while it's written. Streaming that download is a separate change. (#387)
+
 ## [1.16.0] - 2026-05-14
 
 ### Added

package/dist/index.js

@@ -50355,6 +50355,24 @@ function sanitizeFilename(name) {
   }
   return cleaned;
 }
+function dedupeFilename(name, used) {
+  if (!used.has(name)) {
+    used.add(name);
+    return name;
+  }
+  const lastDot = name.lastIndexOf(".");
+  const hasExt = lastDot > 0;
+  const stem = hasExt ? name.slice(0, lastDot) : name;
+  const ext = hasExt ? name.slice(lastDot) : "";
+  let counter = 1;
+  let candidate = `${stem}_${counter}${ext}`;
+  while (used.has(candidate)) {
+    counter += 1;
+    candidate = `${stem}_${counter}${ext}`;
+  }
+  used.add(candidate);
+  return candidate;
+}
 function formatBytes(bytes) {
   if (bytes < 1024)
     return `${bytes} B`;
@@ -50589,8 +50607,9 @@ class MattermostClient extends BasePlatformClient {
       this.emit("channel_post", normalizedPost, user);
     }
   }
-  MAX_RETRIES = 3;
+  MAX_RETRIES = 6;
   RETRY_DELAY_MS = 500;
+  RETRY_DELAY_CAP_MS = 2000;
   async api(method, path, body, retryCount = 0, options) {
     const url = `${this.url}/api/v4${path}`;
     log3.debug(`API ${method} ${path}`);
@@ -50605,7 +50624,7 @@ class MattermostClient extends BasePlatformClient {
     if (!response.ok) {
       const text = await response.text();
       if (response.status === 500 && retryCount < this.MAX_RETRIES) {
-        const delay = this.RETRY_DELAY_MS * Math.pow(2, retryCount);
+        const delay = this.retryDelayMs(retryCount);
         log3.warn(`API ${method} ${path} failed with 500, retrying in ${delay}ms (attempt ${retryCount + 1}/${this.MAX_RETRIES})`);
         await new Promise((resolve3) => setTimeout(resolve3, delay));
         return this.api(method, path, body, retryCount + 1, options);
@@ -50621,6 +50640,11 @@ class MattermostClient extends BasePlatformClient {
     log3.debug(`API ${method} ${path} → ${response.status}`);
     return response.json();
   }
+  retryDelayMs(retryCount) {
+    const ceil = Math.min(this.RETRY_DELAY_MS * Math.pow(2, retryCount), this.RETRY_DELAY_CAP_MS);
+    const half = ceil / 2;
+    return Math.floor(half + Math.random() * half);
+  }
   async getBotUser() {
     const user = await this.api("GET", "/users/me");
     this.botUserId = user.id;
@@ -53585,6 +53609,18 @@ function getSessionStatus(session) {
   return "idle";
 }
 
+// src/session/authorization.ts
+function isAuthorizedForSession(check) {
+  const { username, platform, sessionAllowedUsers } = check;
+  if (!username || username === "unknown") {
+    return false;
+  }
+  if (platform.isUserAllowed(username)) {
+    return true;
+  }
+  return sessionAllowedUsers?.has(username) ?? false;
+}
+
 // src/claude/cli.ts
 init_spawn();
 init_logger();
@@ -54818,7 +54854,7 @@ function createPassthroughHandler(slashCommand) {
       return { handled: false };
     }
     if (ctx.isAllowed) {
-      await ctx.sessionManager.sendFollowUp(ctx.threadId, `/${slashCommand}`);
+      await ctx.sessionManager.sendFollowUp(ctx.threadId, `/${slashCommand}`, undefined, undefined, undefined, { system: true });
     }
     return { handled: true };
   };
@@ -54866,7 +54902,7 @@ async function handleDynamicSlashCommand(command, args, ctx) {
   }
   if (ctx.isAllowed) {
     const fullCommand = args ? `/${command} ${args}` : `/${command}`;
-    await ctx.sessionManager.sendFollowUp(ctx.threadId, fullCommand);
+    await ctx.sessionManager.sendFollowUp(ctx.threadId, fullCommand, undefined, undefined, undefined, { system: true });
   }
   return { handled: true };
 }
@@ -55387,7 +55423,6 @@ import { lstat, mkdir as mkdir2, mkdtemp, rm as rm2, writeFile as writeFile2 } f
 import { tmpdir as tmpdir2 } from "os";
 import { join as join9 } from "path";
 var log18 = createLogger("streaming");
-var MAX_UPLOAD_SIZE = 100 * 1024 * 1024;
 var UPLOAD_ROOT_DIR = "claude-threads-uploads";
 function safeIdSegment(id) {
   return id.replace(/[^A-Za-z0-9._-]/g, "_");
@@ -55427,18 +55462,11 @@ async function saveFilesToUploadDir(platform, uploadDir, files, debug = false) {
     return { saved, skipped };
   }
   const messageDir = await mkdtemp(join9(uploadDir, `${Date.now().toString(36)}-`));
+  const usedNames = new Set;
   for (const file of files) {
-    if (file.size > MAX_UPLOAD_SIZE) {
-      skipped.push({
-        name: file.name,
-        reason: `File too large (${formatBytes(file.size)} > ${formatBytes(MAX_UPLOAD_SIZE)} limit)`,
-        suggestion: "Split the file or share it via an external link"
-      });
-      continue;
-    }
     try {
       const buffer = await platform.downloadFile(file.id);
-      const safeName = sanitizeFilename(file.name);
+      const safeName = dedupeFilename(sanitizeFilename(file.name), usedNames);
       const absolutePath = join9(messageDir, safeName);
       await writeFile2(absolutePath, buffer, { mode: 384, flag: "wx" });
       saved.push({
@@ -63774,6 +63802,7 @@ class MessageManager {
   dispose() {
     this.cancelScheduledFlush();
     this.postTracker.clearSession(this.sessionId);
+    this.events.removeAllListeners();
     this.reset();
   }
 }
@@ -66728,6 +66757,10 @@ async function startSession(options, username, displayName, replyToPostId, platf
   if (!platform) {
     throw new Error(`Platform '${platformId}' not found. Call addPlatform() first.`);
   }
+  if (!isAuthorizedForSession({ username, platform, sessionAllowedUsers: undefined })) {
+    log30.warn(`auth.denied.startSession: @${username || "unknown"} not authorized to start session in ${threadId.substring(0, 8)}...`);
+    return;
+  }
   const activeOrPending = ctx.state.sessions.size + pendingStartsCount;
   if (activeOrPending >= ctx.config.maxSessions) {
     const formatter2 = platform.getFormatter();
@@ -67095,9 +67128,15 @@ ${failFormatter.formatItalic("Your previous conversation context is preserved, b
     await ctx.ops.updateStickyMessage();
   }
 }
-async function sendFollowUp(session, message, files, ctx, username, displayName) {
+async function sendFollowUp(session, message, files, ctx, username, displayName, options) {
   if (!session.claude.isRunning())
     return;
+  if (!options?.system) {
+    if (!isAuthorizedForSession({ username, platform: session.platform, sessionAllowedUsers: session.sessionAllowedUsers })) {
+      sessionLog6(session).warn(`auth.denied.sendFollowUp: @${username || "unknown"} not authorized`);
+      return;
+    }
+  }
   if (session.needsContextPromptOnNextMessage) {
     session.needsContextPromptOnNextMessage = false;
     await session.messageManager?.prepareForUserMessage();
@@ -67120,7 +67159,7 @@ async function sendFollowUp(session, message, files, ctx, username, displayName)
   session.messageCount++;
   await session.messageManager.handleUserMessage(messageToSend, files, username, displayName);
 }
-async function resumePausedSession(threadId, message, files, ctx) {
+async function resumePausedSession(threadId, message, files, ctx, username) {
   const persisted = ctx.state.sessionStore.load();
   const state = findPersistedByThreadId(persisted, threadId);
   if (!state) {
@@ -67128,6 +67167,16 @@ async function resumePausedSession(threadId, message, files, ctx) {
     return;
   }
   const shortId = threadId.substring(0, 8);
+  const platform = ctx.state.platforms.get(state.platformId);
+  if (!platform) {
+    log30.warn(`auth.denied.resume: platform '${state.platformId}' not found for ${shortId}...`);
+    return;
+  }
+  const sessionAllowedUsers = new Set(state.sessionAllowedUsers || [state.startedBy].filter(Boolean));
+  if (!isAuthorizedForSession({ username, platform, sessionAllowedUsers })) {
+    log30.warn(`auth.denied.resume: @${username || "unknown"} not authorized to resume ${shortId}...`);
+    return;
+  }
   log30.info(`\uD83D\uDD04 Resuming paused session ${shortId}... for new message`);
   await resumeSession(state, ctx);
   const session = ctx.ops.findSessionByThreadId(threadId);
@@ -67645,9 +67694,9 @@ async function tryResumeFromReaction(deps, platformId, postId, username) {
   const sessionId = `${platformId}:${persistedSession.threadId}`;
   if (deps.registry.hasById(sessionId))
     return false;
-  const allowedUsers = new Set(persistedSession.sessionAllowedUsers);
   const platform = deps.platforms.get(platformId);
-  if (!allowedUsers.has(username) && !platform?.isUserAllowed(username)) {
+  const sessionAllowedUsers = new Set(persistedSession.sessionAllowedUsers || [persistedSession.startedBy].filter(Boolean));
+  if (!platform || !isAuthorizedForSession({ username, platform, sessionAllowedUsers })) {
     if (platform) {
       await platform.createPost(`⚠️ @${username} is not authorized to resume this session`, persistedSession.threadId);
     }
@@ -68233,11 +68282,11 @@ class SessionManager extends EventEmitter4 {
     }
     return;
   }
-  async sendFollowUp(threadId, message, files, username, displayName) {
+  async sendFollowUp(threadId, message, files, username, displayName, options) {
     const session = this.findSessionByThreadId(threadId);
     if (!session || !session.claude.isRunning())
       return;
-    await sendFollowUp(session, message, files, this.getContext(), username, displayName);
+    await sendFollowUp(session, message, files, this.getContext(), username, displayName, options);
   }
   isSessionActive() {
     return this.registry.size > 0;
@@ -68251,8 +68300,8 @@ class SessionManager extends EventEmitter4 {
       return false;
     return this.registry.getPersistedByThreadId(threadId) !== undefined;
   }
-  async resumePausedSession(threadId, message, files) {
-    await resumePausedSession(threadId, message, files, this.getContext());
+  async resumePausedSession(threadId, message, files, username) {
+    await resumePausedSession(threadId, message, files, this.getContext(), username);
   }
   getPersistedSession(threadId) {
     return this.registry.getPersistedByThreadId(threadId);
@@ -68691,6 +68740,17 @@ Mention me to start a session in this worktree.`, threadId);
     this.registry.clear();
   }
 }
+// src/utils/perf-cleanup.ts
+function startReactMeasureCleanup(intervalMs = 60000) {
+  if (typeof performance === "undefined" || typeof performance.clearMeasures !== "function") {
+    return null;
+  }
+  const timer = setInterval(() => {
+    performance.clearMeasures();
+  }, intervalMs);
+  timer.unref?.();
+  return timer;
+}
 // src/ui/providers/ink-provider.ts
 var import_react62 = __toESM(require_react(), 1);
 
@@ -78305,7 +78365,7 @@ async function handleMessage(client, session, post2, user, options) {
       }
       const files2 = post2.metadata?.files;
       if (content || files2?.length) {
-        await session.resumePausedSession(threadRoot, content, files2);
+        await session.resumePausedSession(threadRoot, content, files2, username);
       }
       return;
     }
@@ -79483,6 +79543,7 @@ async function startWithoutDaemon() {
     }
   }
   let triggerShutdown = null;
+  startReactMeasureCleanup();
   const updateState = loadUpdateState();
   const restoredSettings = updateState.justUpdated ? updateState.runtimeSettings : undefined;
   if (restoredSettings) {

package/dist/mcp/mcp-server.js

@@ -51043,7 +51043,6 @@ function formatBytes(bytes) {
 
 // src/operations/streaming/handler.ts
 var log2 = createLogger("streaming");
-var MAX_UPLOAD_SIZE = 100 * 1024 * 1024;
 async function postSkippedFilesFeedback(platform, threadId, skipped) {
   if (skipped.length === 0)
     return;
@@ -51554,6 +51553,7 @@ class MessageManager {
   dispose() {
     this.cancelScheduledFlush();
     this.postTracker.clearSession(this.sessionId);
+    this.events.removeAllListeners();
     this.reset();
   }
 }
@@ -55810,7 +55810,7 @@ function createPassthroughHandler(slashCommand) {
       return { handled: false };
     }
     if (ctx.isAllowed) {
-      await ctx.sessionManager.sendFollowUp(ctx.threadId, `/${slashCommand}`);
+      await ctx.sessionManager.sendFollowUp(ctx.threadId, `/${slashCommand}`, undefined, undefined, undefined, { system: true });
     }
     return { handled: true };
   };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-threads",
-  "version": "1.16.0",
+  "version": "1.16.2",
   "description": "Share Claude Code sessions live in a Mattermost channel with interactive features",
   "main": "dist/index.js",
   "type": "module",