claude-threads 1.7.0 → 1.8.0

package/CHANGELOG.md

@@ -5,6 +5,24 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.8.0] - 2026-04-21
+
+### Added
+- **Pass `MCP_CONNECTION_NONBLOCKING=true` to the Claude child** — caps `--mcp-config` connects at 5s so a slow MCP server never delays session startup. Requires Claude CLI 2.1.89+. Set it explicitly in the bot's own env to override.
+- **Pass `ENABLE_PROMPT_CACHING_1H=true` to the Claude child** — opts into the 1-hour prompt cache TTL, meaningfully reducing re-caching cost on long-lived threads that idle past the default 5-minute window. Requires Claude CLI 2.1.108+. Set it explicitly in the bot's own env to override.
+- **Documented `CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1`** as an opt-in hardening flag. When set on the bot's env it passes through to Claude, which strips the specific credential env vars `ANTHROPIC_API_KEY`, `ANTHROPIC_AUTH_TOKEN`, `CLAUDE_CODE_OAUTH_TOKEN`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`, `AWS_BEARER_TOKEN_BEDROCK`, and `GOOGLE_APPLICATION_CREDENTIALS` from any Bash, hook, or stdio MCP subprocess it spawns (empirically verified on CLI 2.1.116). Bot-specific vars like `PLATFORM_TOKEN` / `MATTERMOST_TOKEN` / `SLACK_BOT_TOKEN` pass through untouched. **Side effect:** the flag also forces Claude's permission mode to `default` and rejects `--dangerously-skip-permissions`; the bot now warns at startup if the flag is set alongside any platform configured with `skipPermissions: true`. Requires Claude CLI 2.1.83+.
+
+### Fixed
+- **Stale Claude CLI version range in `CLAUDE.md`** — the docs said `>=2.0.74 <=2.0.76`, but the actual pin in `version-check.ts` has been `>=2.0.74 <2.2.0` since v1.x. Also bumped the "install a compatible version" hint in the runtime error from `@2.1.1` to `@2.1.116`.
+
+## [1.7.1] - 2026-04-21
+
+### Fixed
+- **`maxSessions` cap could be exceeded under concurrent session starts** — `startSession()` passed the cap check synchronously but then awaited `createPost()` before committing the session to the map, so concurrent starts all read the same stale count and over-admitted. The integration test `"should reject new session when at capacity"` flaked at ~40% for weeks because of this. Pending starts are now tracked alongside committed sessions in the cap check. (#331)
+- **Reject Claude accounts with both `home` and `apiKey` set** — the two are documented as mutually exclusive, but `AccountPool` silently preferred `home` when both were configured. Now the account is dropped with a warning so misconfiguration surfaces. (#330, thanks @shaders)
+- **Tighten `reset_at` epoch regex in rate-limit detection** — the old pattern matched `"preset": N` and (more importantly) `reset_after=N`, a *relative* retry-after hint that would have been misread as an absolute epoch and pushed cooldown decades into the future. Added word-boundary anchors and regression tests. (#330)
+- **Rate-limit emit guard now allows deadline extensions** — the boolean latch in `ClaudeCli` fired at most once per process, so a second rate-limit hit with a longer reset time couldn't widen `AccountPool.markCooling`'s extend-only window. Replaced with a numeric last-deadline tracker: repeat hits at the same severity still dedupe, but a later deadline re-emits. (#330)
+
 ## [1.7.0] - 2026-04-21
 
 ### Added

package/README.md

@@ -34,6 +34,7 @@
 - **Git worktrees** - Isolate changes in separate branches
 - **File attachments** - Attach images, PDFs, and files for Claude to analyze
 - **Chrome automation** - Control Chrome browser for web tasks
+- **Multi-account Claude (opt-in)** - Round-robin sessions across multiple Claude subscriptions or API keys with automatic rate-limit cooldown — see [Configuration](docs/CONFIGURATION.md#claude-accounts-optional-multi-account-mode)
 
 ## Quick Start
 

package/dist/index.js

@@ -50038,7 +50038,7 @@ function validateClaudeCli() {
       version: result.version,
       compatible: false,
       message: `Claude CLI version ${result.version} is not compatible. Required: ${CLAUDE_CLI_VERSION_RANGE}
-` + `Install a compatible version: npm install -g @anthropic-ai/claude-code@2.1.1`,
+` + `Install a compatible version: npm install -g @anthropic-ai/claude-code@2.1.116`,
       rawOutput: result.rawOutput ?? undefined
     };
   }
@@ -53561,8 +53561,13 @@ class AccountPool {
       const hasAuth = !!acc.home || !!acc.apiKey;
       if (!hasAuth) {
         log6.warn(`Claude account ${acc.id} has neither home nor apiKey — ignoring`);
+        return false;
+      }
+      if (acc.home && acc.apiKey) {
+        log6.warn(`Claude account ${acc.id} has both home and apiKey set — must choose one; ignoring`);
+        return false;
       }
-      return hasAuth;
+      return true;
     });
     this.byId = new Map(this.accounts.map((acc) => [acc.id, acc]));
     for (const acc of this.accounts) {
@@ -54215,7 +54220,7 @@ function extractResetAt(text, now) {
     };
     return now + value * unitMs[unit];
   }
-  const unix = text.match(/["']?reset(?:_at)?["']?\s*[:=]\s*(\d{10,13})/);
+  const unix = text.match(/\breset(?:_at)?\b\s*["']?\s*[:=]\s*(\d{10,13})/);
   if (unix) {
     const raw = parseInt(unix[1], 10);
     return unix[1].length === 13 ? raw : raw * 1000;
@@ -54255,6 +54260,25 @@ function cleanupBrowserBridgeSockets() {
     log10.debug(`Browser bridge cleanup failed: ${err}`);
   }
 }
+function buildClaudeChildEnv(parentEnv, account) {
+  const env = { ...parentEnv };
+  if (env.MCP_CONNECTION_NONBLOCKING === undefined) {
+    env.MCP_CONNECTION_NONBLOCKING = "true";
+  }
+  if (env.ENABLE_PROMPT_CACHING_1H === undefined) {
+    env.ENABLE_PROMPT_CACHING_1H = "true";
+  }
+  if (account?.home) {
+    env.HOME = account.home;
+    env.USERPROFILE = account.home;
+    delete env.ANTHROPIC_API_KEY;
+    delete env.CLAUDE_CODE_OAUTH_TOKEN;
+  } else if (account?.apiKey) {
+    env.ANTHROPIC_API_KEY = account.apiKey;
+    delete env.CLAUDE_CODE_OAUTH_TOKEN;
+  }
+  return env;
+}
 function isErrorResultEvent(event) {
   const ev = event;
   if (typeof ev.subtype === "string" && ev.subtype.startsWith("error"))
@@ -54272,7 +54296,7 @@ class ClaudeCli extends EventEmitter2 {
   statusFilePath = null;
   lastStatusData = null;
   stderrBuffer = "";
-  rateLimitEmitted = false;
+  lastEmittedRateLimitDeadline = 0;
   log;
   constructor(options2) {
     super();
@@ -54324,7 +54348,7 @@ class ClaudeCli extends EventEmitter2 {
     if (this.process)
       throw new Error("Already running");
     this.stderrBuffer = "";
-    this.rateLimitEmitted = false;
+    this.lastEmittedRateLimitDeadline = 0;
     cleanupBrowserBridgeSockets();
     const claudePath = getClaudePath();
     const args = [
@@ -54479,9 +54503,11 @@ class ClaudeCli extends EventEmitter2 {
     const hit = detectRateLimit(text);
     if (!hit.detected)
       return;
-    if (this.rateLimitEmitted)
+    const newDeadline = cooldownDeadline(hit);
+    const MIN_ADVANCE_MS = 60000;
+    if (newDeadline - this.lastEmittedRateLimitDeadline < MIN_ADVANCE_MS)
       return;
-    this.rateLimitEmitted = true;
+    this.lastEmittedRateLimitDeadline = newDeadline;
     this.log.warn(`Rate limit detected: ${hit.matched ?? "(no match text)"}`);
     this.emit("rate-limit", hit);
   }
@@ -54554,20 +54580,7 @@ class ClaudeCli extends EventEmitter2 {
     return true;
   }
   buildChildEnv() {
-    const account = this.options.account;
-    if (!account)
-      return process.env;
-    const env = { ...process.env };
-    if (account.home) {
-      env.HOME = account.home;
-      env.USERPROFILE = account.home;
-      delete env.ANTHROPIC_API_KEY;
-      delete env.CLAUDE_CODE_OAUTH_TOKEN;
-    } else if (account.apiKey) {
-      env.ANTHROPIC_API_KEY = account.apiKey;
-      delete env.CLAUDE_CODE_OAUTH_TOKEN;
-    }
-    return env;
+    return buildClaudeChildEnv(process.env, this.options.account);
   }
   getMcpServerPath() {
     const __filename2 = fileURLToPath3(import.meta.url);
@@ -67216,6 +67229,11 @@ var sessionLog6 = createSessionLog(log26);
 function mutableSessions(ctx) {
   return ctx.state.sessions;
 }
+var pendingStartsCount = 0;
+function releasePendingStart() {
+  if (pendingStartsCount > 0)
+    pendingStartsCount--;
+}
 function mutablePostIndex(ctx) {
   return ctx.state.postIndex;
 }
@@ -67548,20 +67566,24 @@ async function startSession(options2, username, displayName, replyToPostId, plat
   if (!platform) {
     throw new Error(`Platform '${platformId}' not found. Call addPlatform() first.`);
   }
-  if (ctx.state.sessions.size >= ctx.config.maxSessions) {
+  const activeOrPending = ctx.state.sessions.size + pendingStartsCount;
+  if (activeOrPending >= ctx.config.maxSessions) {
     const formatter2 = platform.getFormatter();
     const tempSession = {
       platform,
       threadId: replyToPostId || "",
       sessionId: "temp"
     };
-    await post(tempSession, "warning", `${formatter2.formatBold("Too busy")} - ${ctx.state.sessions.size} sessions active. Please try again later.`);
+    await post(tempSession, "warning", `${formatter2.formatBold("Too busy")} - ${activeOrPending} sessions active. Please try again later.`);
     return;
   }
+  pendingStartsCount++;
   const startFormatter = platform.getFormatter();
   const startPost = await withErrorHandling(() => platform.createPost(startFormatter.formatItalic("Claude Threads session starting..."), replyToPostId), { action: "Create session post" });
-  if (!startPost)
+  if (!startPost) {
+    releasePendingStart();
     return;
+  }
   const actualThreadId = replyToPostId || startPost.id;
   const sessionId = ctx.ops.getSessionId(platformId, actualThreadId);
   platform.sendTyping(actualThreadId);
@@ -67576,11 +67598,13 @@ async function startSession(options2, username, displayName, replyToPostId, plat
     const resolvedDir = resolve6(requestedDir);
     if (!existsSync11(resolvedDir)) {
       await platform.updatePost(startPost.id, `❌ Directory does not exist: ${formatter.formatCode(initialOptions.workingDir)}`);
+      releasePendingStart();
       return;
     }
     const { statSync: statSync4 } = await import("fs");
     if (!statSync4(resolvedDir).isDirectory()) {
       await platform.updatePost(startPost.id, `❌ Not a directory: ${formatter.formatCode(initialOptions.workingDir)}`);
+      releasePendingStart();
       return;
     }
     workingDir = resolvedDir;
@@ -67649,6 +67673,7 @@ ${CHAT_PLATFORM_PROMPT}`;
     workingDir: ctx.config.workingDir
   });
   mutableSessions(ctx).set(sessionId, session);
+  releasePendingStart();
   ctx.ops.registerPost(startPost.id, actualThreadId);
   ctx.ops.emitSessionAdd(session);
   sessionLog6(session).info(`▶ Session started by @${username}`);
@@ -79986,6 +80011,15 @@ async function startWithoutDaemon() {
     console.error("");
     process.exit(1);
   }
+  if (process.env.CLAUDE_CODE_SUBPROCESS_ENV_SCRUB === "1") {
+    const hasSkipPermissionPlatform = config.platforms.some((p) => p.skipPermissions === true);
+    if (hasSkipPermissionPlatform) {
+      console.error(red("  ⚠️  CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 is set but a platform has skipPermissions: true."));
+      console.error(dim("     Claude CLI will force permissionMode: default and reject --dangerously-skip-permissions."));
+      console.error(dim("     Either unset the env var or set skipPermissions: false on all platforms."));
+      console.error("");
+    }
+  }
   let triggerShutdown = null;
   const updateState = loadUpdateState();
   const restoredSettings = updateState.justUpdated ? updateState.runtimeSettings : undefined;

package/dist/mcp/permission-server.js

@@ -53526,6 +53526,11 @@ function detectRateLimit(text, now = Date.now()) {
   const resetAtEpochMs = extractResetAt(text, now);
   return { detected: true, matched, resetAtEpochMs };
 }
+function cooldownDeadline(hit, now = Date.now()) {
+  if (!hit.detected)
+    return now;
+  return hit.resetAtEpochMs ?? now + DEFAULT_COOLDOWN_MS;
+}
 function extractResetAt(text, now) {
   const relative = text.match(/(?:retry[_\s-]?after|resets?\s+in)\s+(\d+)\s*(second|minute|hour|day)s?/i);
   if (relative) {
@@ -53539,7 +53544,7 @@ function extractResetAt(text, now) {
     };
     return now + value * unitMs[unit];
   }
-  const unix = text.match(/["']?reset(?:_at)?["']?\s*[:=]\s*(\d{10,13})/);
+  const unix = text.match(/\breset(?:_at)?\b\s*["']?\s*[:=]\s*(\d{10,13})/);
   if (unix) {
     const raw = parseInt(unix[1], 10);
     return unix[1].length === 13 ? raw : raw * 1000;
@@ -53579,6 +53584,25 @@ function cleanupBrowserBridgeSockets() {
     log7.debug(`Browser bridge cleanup failed: ${err}`);
   }
 }
+function buildClaudeChildEnv(parentEnv, account) {
+  const env = { ...parentEnv };
+  if (env.MCP_CONNECTION_NONBLOCKING === undefined) {
+    env.MCP_CONNECTION_NONBLOCKING = "true";
+  }
+  if (env.ENABLE_PROMPT_CACHING_1H === undefined) {
+    env.ENABLE_PROMPT_CACHING_1H = "true";
+  }
+  if (account?.home) {
+    env.HOME = account.home;
+    env.USERPROFILE = account.home;
+    delete env.ANTHROPIC_API_KEY;
+    delete env.CLAUDE_CODE_OAUTH_TOKEN;
+  } else if (account?.apiKey) {
+    env.ANTHROPIC_API_KEY = account.apiKey;
+    delete env.CLAUDE_CODE_OAUTH_TOKEN;
+  }
+  return env;
+}
 function isErrorResultEvent(event) {
   const ev = event;
   if (typeof ev.subtype === "string" && ev.subtype.startsWith("error"))
@@ -53596,7 +53620,7 @@ class ClaudeCli extends EventEmitter2 {
   statusFilePath = null;
   lastStatusData = null;
   stderrBuffer = "";
-  rateLimitEmitted = false;
+  lastEmittedRateLimitDeadline = 0;
   log;
   constructor(options2) {
     super();
@@ -53648,7 +53672,7 @@ class ClaudeCli extends EventEmitter2 {
     if (this.process)
       throw new Error("Already running");
     this.stderrBuffer = "";
-    this.rateLimitEmitted = false;
+    this.lastEmittedRateLimitDeadline = 0;
     cleanupBrowserBridgeSockets();
     const claudePath = getClaudePath();
     const args = [
@@ -53803,9 +53827,11 @@ class ClaudeCli extends EventEmitter2 {
     const hit = detectRateLimit(text);
     if (!hit.detected)
       return;
-    if (this.rateLimitEmitted)
+    const newDeadline = cooldownDeadline(hit);
+    const MIN_ADVANCE_MS = 60000;
+    if (newDeadline - this.lastEmittedRateLimitDeadline < MIN_ADVANCE_MS)
       return;
-    this.rateLimitEmitted = true;
+    this.lastEmittedRateLimitDeadline = newDeadline;
     this.log.warn(`Rate limit detected: ${hit.matched ?? "(no match text)"}`);
     this.emit("rate-limit", hit);
   }
@@ -53878,20 +53904,7 @@ class ClaudeCli extends EventEmitter2 {
     return true;
   }
   buildChildEnv() {
-    const account = this.options.account;
-    if (!account)
-      return process.env;
-    const env = { ...process.env };
-    if (account.home) {
-      env.HOME = account.home;
-      env.USERPROFILE = account.home;
-      delete env.ANTHROPIC_API_KEY;
-      delete env.CLAUDE_CODE_OAUTH_TOKEN;
-    } else if (account.apiKey) {
-      env.ANTHROPIC_API_KEY = account.apiKey;
-      delete env.CLAUDE_CODE_OAUTH_TOKEN;
-    }
-    return env;
+    return buildClaudeChildEnv(process.env, this.options.account);
   }
   getMcpServerPath() {
     const __filename2 = fileURLToPath3(import.meta.url);

package/docs/CONFIGURATION.md

@@ -72,6 +72,33 @@ platforms:
 | `allowedUsers` | No | List of Slack usernames |
 | `skipPermissions` | No | Auto-approve actions (default: `false`) |
 
+## Claude Accounts (optional, multi-account mode)
+
+By default every session spawns `claude` with the bot's own `process.env`, so they all share one subscription's token budget. Add a `claudeAccounts` block to spread load across multiple accounts — the bot round-robins new sessions across the pool and automatically skips accounts in rate-limit cooldown. Omit the block entirely to stay in single-account mode (unchanged behavior).
+
+```yaml
+claudeAccounts:
+  # OAuth accounts — prepare each HOME first with `HOME=<path> claude login`
+  - id: primary
+    home: /home/bot/.claude-accounts/primary
+  - id: backup
+    displayName: Backup (Pro)
+    home: /home/bot/.claude-accounts/backup
+
+  # API-key billed
+  - id: shared-api
+    apiKey: sk-ant-api03-xxxxxxxx...
+```
+
+| Setting | Required | Description |
+|---------|----------|-------------|
+| `id` | Yes | Stable identifier used in logs, UI, and persisted session state |
+| `home` | One of | Alternate `$HOME` containing `.claude/.credentials.json` from a prior `HOME=<path> claude login`. For OAuth Pro/Max subscriptions. Session history also lives here, so resumed sessions pick the same account. |
+| `apiKey` | One of | Anthropic API key. Billed against that key; session history stays under the bot's default `HOME`. |
+| `displayName` | No | Human-readable label in UI (defaults to `id`) |
+
+Exactly one of `home` or `apiKey` should be set per account. Persisted sessions record which account they ran under and resume on the same one.
+
 ## Environment Variables
 
 | Variable | Description | Default |
@@ -80,6 +107,19 @@ platforms:
 | `SESSION_TIMEOUT_MS` | Idle timeout in milliseconds | `1800000` (30 min) |
 | `NO_UPDATE_NOTIFIER` | Disable update checks | - |
 | `DEBUG` | Enable verbose logging | - |
+| `CLAUDE_CODE_SUBPROCESS_ENV_SCRUB` | Strip `ANTHROPIC_*` / `AWS_*_TOKEN` / `CLAUDE_CODE_OAUTH_TOKEN` / `GOOGLE_APPLICATION_CREDENTIALS` etc. from Bash, hook, and stdio-MCP subprocesses Claude spawns. Bot-specific vars like `PLATFORM_TOKEN` pass through. **Also forces permission mode to `default`** — `--dangerously-skip-permissions` will be rejected. Requires Claude CLI 2.1.83+. | - |
+
+### Forwarded to Claude CLI automatically
+
+The bot sets two tuning flags on the Claude child process when they aren't
+already present in the bot's environment:
+
+| Variable | Effect | Requires |
+|----------|--------|----------|
+| `MCP_CONNECTION_NONBLOCKING=true` | Caps `--mcp-config` connects at 5s so a slow MCP server never delays startup | Claude CLI 2.1.89+ |
+| `ENABLE_PROMPT_CACHING_1H=true` | Opts into 1-hour prompt cache TTL, cutting re-caching cost on long-lived threads | Claude CLI 2.1.108+ |
+
+Export either with a different value in the bot's own env to disable.
 
 ## CLI Options
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-threads",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "Share Claude Code sessions live in a Mattermost channel with interactive features",
   "main": "dist/index.js",
   "type": "module",