mattermost-claude-code 0.3.4 → 0.5.0

package/dist/claude/session.d.ts

@@ -19,6 +19,14 @@ interface PendingApproval {
     postId: string;
     type: 'plan' | 'action';
 }
+/**
+ * Pending message from unauthorized user awaiting approval
+ */
+interface PendingMessageApproval {
+    postId: string;
+    originalMessage: string;
+    fromUser: string;
+}
 /**
  * Represents a single Claude Code session tied to a Mattermost thread.
  * Each session has its own Claude CLI process and state.
@@ -28,12 +36,16 @@ interface Session {
     startedBy: string;
     startedAt: Date;
     lastActivityAt: Date;
+    sessionNumber: number;
     claude: ClaudeCli;
     currentPostId: string | null;
     pendingContent: string;
     pendingApproval: PendingApproval | null;
     pendingQuestionSet: PendingQuestionSet | null;
+    pendingMessageApproval: PendingMessageApproval | null;
     planApproved: boolean;
+    sessionAllowedUsers: Set<string>;
+    sessionStartPostId: string | null;
     tasksPostId: string | null;
     activeSubagents: Map<string, string>;
     updateTimer: ReturnType<typeof setTimeout> | null;
@@ -58,6 +70,11 @@ export declare class SessionManager {
     private registerPost;
     /** Find session by post ID (for reaction routing) */
     private getSessionByPost;
+    /**
+     * Check if a user is allowed in a specific session.
+     * Checks global allowlist first, then session-specific allowlist.
+     */
+    isUserAllowedInSession(threadId: string, username: string): boolean;
     startSession(options: {
         prompt: string;
     }, username: string, replyToPostId?: string): Promise<void>;
@@ -71,6 +88,7 @@ export declare class SessionManager {
     private handleReaction;
     private handleQuestionReaction;
     private handleApprovalReaction;
+    private handleMessageApprovalReaction;
     private formatEvent;
     private formatToolUse;
     private appendContent;
@@ -89,6 +107,14 @@ export declare class SessionManager {
     killSession(threadId: string): void;
     /** Cancel a session with user feedback */
     cancelSession(threadId: string, username: string): Promise<void>;
+    /** Invite a user to participate in a specific session */
+    inviteUser(threadId: string, invitedUser: string, invitedBy: string): Promise<void>;
+    /** Kick a user from a specific session */
+    kickUser(threadId: string, kickedUser: string, kickedBy: string): Promise<void>;
+    /** Update the session header post with current participants */
+    private updateSessionHeader;
+    /** Request approval for a message from an unauthorized user */
+    requestMessageApproval(threadId: string, username: string, message: string): Promise<void>;
     /** Kill all active sessions (for graceful shutdown) */
     killAllSessions(): void;
     /** Cleanup idle sessions that have exceeded timeout */

package/dist/claude/session.js

@@ -65,6 +65,20 @@ export class SessionManager {
         const threadId = this.postIndex.get(postId);
         return threadId ? this.sessions.get(threadId) : undefined;
     }
+    /**
+     * Check if a user is allowed in a specific session.
+     * Checks global allowlist first, then session-specific allowlist.
+     */
+    isUserAllowedInSession(threadId, username) {
+        // Check global allowlist first
+        if (this.mattermost.isUserAllowed(username))
+            return true;
+        // Check session-specific allowlist
+        const session = this.sessions.get(threadId);
+        if (session?.sessionAllowedUsers.has(username))
+            return true;
+        return false;
+    }
     // ---------------------------------------------------------------------------
     // Session Lifecycle
     // ---------------------------------------------------------------------------
@@ -82,26 +96,8 @@ export class SessionManager {
             await this.mattermost.createPost(`⚠️ **Too busy** - ${this.sessions.size} sessions active. Please try again later.`, replyToPostId);
             return;
         }
-        // Post session start message
-        const shortDir = this.workingDir.replace(process.env.HOME || '', '~');
-        const sessionNum = this.sessions.size + 1;
-        const permMode = this.skipPermissions ? '⚡ Auto' : '🔐 Interactive';
-        const promptPreview = options.prompt.length > 60
-            ? options.prompt.substring(0, 60) + '…'
-            : options.prompt;
-        const msg = [
-            `### 🤖 mm-claude \`v${pkg.version}\``,
-            ``,
-            `| | |`,
-            `|:--|:--|`,
-            `| 📂 **Directory** | \`${shortDir}\` |`,
-            `| 👤 **Started by** | @${username} |`,
-            `| 🔢 **Session** | #${sessionNum} of ${MAX_SESSIONS} max |`,
-            `| ${permMode.split(' ')[0]} **Permissions** | ${permMode.split(' ')[1]} |`,
-            ``,
-            `> ${promptPreview}`,
-        ].join('\n');
-        const post = await this.mattermost.createPost(msg, replyToPostId);
+        // Post initial session message (will be updated by updateSessionHeader)
+        const post = await this.mattermost.createPost(`### 🤖 mm-claude \`v${pkg.version}\`\n\n*Starting session...*`, replyToPostId);
         const actualThreadId = replyToPostId || post.id;
         // Create Claude CLI with options
         const cliOptions = {
@@ -116,12 +112,16 @@ export class SessionManager {
             startedBy: username,
             startedAt: new Date(),
             lastActivityAt: new Date(),
+            sessionNumber: this.sessions.size + 1,
             claude,
             currentPostId: null,
             pendingContent: '',
             pendingApproval: null,
             pendingQuestionSet: null,
+            pendingMessageApproval: null,
             planApproved: false,
+            sessionAllowedUsers: new Set([username]), // Owner is always allowed
+            sessionStartPostId: post.id, // Track for updating participants
             tasksPostId: null,
             activeSubagents: new Map(),
             updateTimer: null,
@@ -132,6 +132,8 @@ export class SessionManager {
         this.registerPost(post.id, actualThreadId); // For cancel reactions on session start post
         const shortId = actualThreadId.substring(0, 8);
         console.log(`  ▶ Session #${this.sessions.size} started (${shortId}…) by @${username}`);
+        // Update the header with full session info
+        await this.updateSessionHeader(session);
         // Start typing indicator immediately so user sees activity
         this.startTyping(session);
         // Bind event handlers with closure over threadId
@@ -404,6 +406,11 @@ export class SessionManager {
             await this.handleQuestionReaction(session, postId, emojiName, username);
             return;
         }
+        // Handle message approval reactions
+        if (session.pendingMessageApproval && session.pendingMessageApproval.postId === postId) {
+            await this.handleMessageApprovalReaction(session, emojiName, username);
+            return;
+        }
     }
     async handleQuestionReaction(session, postId, emojiName, username) {
         if (!session.pendingQuestionSet)
@@ -479,6 +486,44 @@ export class SessionManager {
             this.startTyping(session);
         }
     }
+    async handleMessageApprovalReaction(session, emoji, approver) {
+        const pending = session.pendingMessageApproval;
+        if (!pending)
+            return;
+        // Only session owner or globally allowed users can approve
+        if (session.startedBy !== approver && !this.mattermost.isUserAllowed(approver)) {
+            return;
+        }
+        const isAllow = emoji === '+1' || emoji === 'thumbsup';
+        const isInvite = emoji === 'white_check_mark' || emoji === 'heavy_check_mark';
+        const isDeny = emoji === '-1' || emoji === 'thumbsdown';
+        if (!isAllow && !isInvite && !isDeny)
+            return;
+        if (isAllow) {
+            // Allow this single message
+            await this.mattermost.updatePost(pending.postId, `✅ Message from @${pending.fromUser} approved by @${approver}`);
+            session.claude.sendMessage(pending.originalMessage);
+            session.lastActivityAt = new Date();
+            this.startTyping(session);
+            console.log(`  ✅ Message from @${pending.fromUser} approved by @${approver}`);
+        }
+        else if (isInvite) {
+            // Invite user to session
+            session.sessionAllowedUsers.add(pending.fromUser);
+            await this.mattermost.updatePost(pending.postId, `✅ @${pending.fromUser} invited to session by @${approver}`);
+            await this.updateSessionHeader(session);
+            session.claude.sendMessage(pending.originalMessage);
+            session.lastActivityAt = new Date();
+            this.startTyping(session);
+            console.log(`  👋 @${pending.fromUser} invited to session by @${approver}`);
+        }
+        else if (isDeny) {
+            // Deny
+            await this.mattermost.updatePost(pending.postId, `❌ Message from @${pending.fromUser} denied by @${approver}`);
+            console.log(`  ❌ Message from @${pending.fromUser} denied by @${approver}`);
+        }
+        session.pendingMessageApproval = null;
+    }
     formatEvent(session, e) {
         switch (e.type) {
             case 'assistant': {
@@ -724,6 +769,112 @@ export class SessionManager {
         await this.mattermost.createPost(`🛑 **Session cancelled** by @${username}`, threadId);
         this.killSession(threadId);
     }
+    /** Invite a user to participate in a specific session */
+    async inviteUser(threadId, invitedUser, invitedBy) {
+        const session = this.sessions.get(threadId);
+        if (!session)
+            return;
+        // Only session owner or globally allowed users can invite
+        if (session.startedBy !== invitedBy && !this.mattermost.isUserAllowed(invitedBy)) {
+            await this.mattermost.createPost(`⚠️ Only @${session.startedBy} or allowed users can invite others`, threadId);
+            return;
+        }
+        session.sessionAllowedUsers.add(invitedUser);
+        await this.mattermost.createPost(`✅ @${invitedUser} can now participate in this session (invited by @${invitedBy})`, threadId);
+        console.log(`  👋 @${invitedUser} invited to session by @${invitedBy}`);
+        await this.updateSessionHeader(session);
+    }
+    /** Kick a user from a specific session */
+    async kickUser(threadId, kickedUser, kickedBy) {
+        const session = this.sessions.get(threadId);
+        if (!session)
+            return;
+        // Only session owner or globally allowed users can kick
+        if (session.startedBy !== kickedBy && !this.mattermost.isUserAllowed(kickedBy)) {
+            await this.mattermost.createPost(`⚠️ Only @${session.startedBy} or allowed users can kick others`, threadId);
+            return;
+        }
+        // Can't kick session owner
+        if (kickedUser === session.startedBy) {
+            await this.mattermost.createPost(`⚠️ Cannot kick session owner @${session.startedBy}`, threadId);
+            return;
+        }
+        // Can't kick globally allowed users (they'll still have access)
+        if (this.mattermost.isUserAllowed(kickedUser)) {
+            await this.mattermost.createPost(`⚠️ @${kickedUser} is globally allowed and cannot be kicked from individual sessions`, threadId);
+            return;
+        }
+        if (session.sessionAllowedUsers.delete(kickedUser)) {
+            await this.mattermost.createPost(`🚫 @${kickedUser} removed from this session by @${kickedBy}`, threadId);
+            console.log(`  🚫 @${kickedUser} kicked from session by @${kickedBy}`);
+            await this.updateSessionHeader(session);
+        }
+        else {
+            await this.mattermost.createPost(`⚠️ @${kickedUser} was not in this session`, threadId);
+        }
+    }
+    /** Update the session header post with current participants */
+    async updateSessionHeader(session) {
+        if (!session.sessionStartPostId)
+            return;
+        const shortDir = this.workingDir.replace(process.env.HOME || '', '~');
+        const permMode = this.skipPermissions ? '⚡ Auto' : '🔐 Interactive';
+        // Build participants list (excluding owner who is shown in "Started by")
+        const otherParticipants = [...session.sessionAllowedUsers]
+            .filter(u => u !== session.startedBy)
+            .map(u => `@${u}`)
+            .join(', ');
+        const rows = [
+            `| 📂 **Directory** | \`${shortDir}\` |`,
+            `| 👤 **Started by** | @${session.startedBy} |`,
+        ];
+        if (otherParticipants) {
+            rows.push(`| 👥 **Participants** | ${otherParticipants} |`);
+        }
+        rows.push(`| 🔢 **Session** | #${session.sessionNumber} of ${MAX_SESSIONS} max |`);
+        rows.push(`| ${permMode.split(' ')[0]} **Permissions** | ${permMode.split(' ')[1]} |`);
+        const msg = [
+            `### 🤖 mm-claude \`v${pkg.version}\``,
+            ``,
+            `| | |`,
+            `|:--|:--|`,
+            ...rows,
+        ].join('\n');
+        try {
+            await this.mattermost.updatePost(session.sessionStartPostId, msg);
+        }
+        catch (err) {
+            console.error('[Session] Failed to update session header:', err);
+        }
+    }
+    /** Request approval for a message from an unauthorized user */
+    async requestMessageApproval(threadId, username, message) {
+        const session = this.sessions.get(threadId);
+        if (!session)
+            return;
+        // If there's already a pending message approval, ignore
+        if (session.pendingMessageApproval) {
+            return;
+        }
+        const preview = message.length > 100 ? message.substring(0, 100) + '…' : message;
+        const post = await this.mattermost.createPost(`🔒 **@${username}** wants to send a message:\n> ${preview}\n\n` +
+            `React 👍 to allow this message, ✅ to invite them to the session, 👎 to deny`, threadId);
+        session.pendingMessageApproval = {
+            postId: post.id,
+            originalMessage: message,
+            fromUser: username,
+        };
+        this.registerPost(post.id, threadId);
+        // Add reaction options
+        try {
+            await this.mattermost.addReaction(post.id, '+1');
+            await this.mattermost.addReaction(post.id, 'white_check_mark');
+            await this.mattermost.addReaction(post.id, '-1');
+        }
+        catch (err) {
+            console.error('[Session] Failed to add message approval reactions:', err);
+        }
+    }
     /** Kill all active sessions (for graceful shutdown) */
     killAllSessions() {
         const count = this.sessions.size;

package/dist/config.d.ts

@@ -1,3 +1,14 @@
+/** Check if any .env config file exists */
+export declare function configExists(): boolean;
+/** CLI arguments that can override config */
+export interface CliArgs {
+    url?: string;
+    token?: string;
+    channel?: string;
+    botName?: string;
+    allowedUsers?: string;
+    skipPermissions?: boolean;
+}
 export interface Config {
     mattermost: {
         url: string;
@@ -8,4 +19,4 @@ export interface Config {
     allowedUsers: string[];
     skipPermissions: boolean;
 }
-export declare function loadConfig(): Config;
+export declare function loadConfig(cliArgs?: CliArgs): Config;

package/dist/config.js

@@ -3,17 +3,17 @@ import { resolve } from 'path';
 import { existsSync } from 'fs';
 import { homedir } from 'os';
 let envLoaded = false;
+// Paths to search for .env files (in order of priority)
+const ENV_PATHS = [
+    resolve(process.cwd(), '.env'), // Current directory
+    resolve(homedir(), '.config', 'mm-claude', '.env'), // ~/.config/mm-claude/.env
+    resolve(homedir(), '.mm-claude.env'), // ~/.mm-claude.env
+];
 function loadEnv() {
     if (envLoaded)
         return;
     envLoaded = true;
-    // Load .env file from multiple locations (in order of priority)
-    const envPaths = [
-        resolve(process.cwd(), '.env'), // Current directory
-        resolve(homedir(), '.config', 'mm-claude', '.env'), // ~/.config/mm-claude/.env
-        resolve(homedir(), '.mm-claude.env'), // ~/.mm-claude.env
-    ];
-    for (const envPath of envPaths) {
+    for (const envPath of ENV_PATHS) {
         if (existsSync(envPath)) {
             if (process.env.DEBUG === '1' || process.argv.includes('--debug')) {
                 console.log(`  [config] Loading from: ${envPath}`);
@@ -23,28 +23,41 @@ function loadEnv() {
         }
     }
 }
-function requireEnv(name) {
-    const value = process.env[name];
+/** Check if any .env config file exists */
+export function configExists() {
+    return ENV_PATHS.some(p => existsSync(p));
+}
+function getRequired(cliValue, envName, name) {
+    const value = cliValue || process.env[envName];
     if (!value) {
-        throw new Error(`Missing required environment variable: ${name}`);
+        throw new Error(`Missing required config: ${name}. Set ${envName} in .env or use --${name.toLowerCase().replace(/ /g, '-')} flag.`);
     }
     return value;
 }
-export function loadConfig() {
+export function loadConfig(cliArgs) {
     loadEnv();
+    // CLI args take priority over env vars
+    const url = getRequired(cliArgs?.url, 'MATTERMOST_URL', 'url');
+    const token = getRequired(cliArgs?.token, 'MATTERMOST_TOKEN', 'token');
+    const channelId = getRequired(cliArgs?.channel, 'MATTERMOST_CHANNEL_ID', 'channel');
+    const botName = cliArgs?.botName || process.env.MATTERMOST_BOT_NAME || 'claude-code';
+    const allowedUsersStr = cliArgs?.allowedUsers || process.env.ALLOWED_USERS || '';
+    const allowedUsers = allowedUsersStr
+        .split(',')
+        .map(u => u.trim())
+        .filter(u => u.length > 0);
+    // CLI --skip-permissions, env SKIP_PERMISSIONS=true, or legacy flag
+    const skipPermissions = cliArgs?.skipPermissions ||
+        process.env.SKIP_PERMISSIONS === 'true' ||
+        process.argv.includes('--dangerously-skip-permissions');
     return {
         mattermost: {
-            url: requireEnv('MATTERMOST_URL').replace(/\/$/, ''), // Remove trailing slash
-            token: requireEnv('MATTERMOST_TOKEN'),
-            channelId: requireEnv('MATTERMOST_CHANNEL_ID'),
-            botName: process.env.MATTERMOST_BOT_NAME || 'claude-code',
+            url: url.replace(/\/$/, ''), // Remove trailing slash
+            token,
+            channelId,
+            botName,
         },
-        allowedUsers: (process.env.ALLOWED_USERS || '')
-            .split(',')
-            .map(u => u.trim())
-            .filter(u => u.length > 0),
-        // SKIP_PERMISSIONS=true or --dangerously-skip-permissions flag
-        skipPermissions: process.env.SKIP_PERMISSIONS === 'true' ||
-            process.argv.includes('--dangerously-skip-permissions'),
+        allowedUsers,
+        skipPermissions,
     };
 }

package/dist/index.js

@@ -1,5 +1,7 @@
 #!/usr/bin/env node
-import { loadConfig } from './config.js';
+import { program } from 'commander';
+import { loadConfig, configExists } from './config.js';
+import { runOnboarding } from './onboarding.js';
 import { MattermostClient } from './mattermost/client.js';
 import { SessionManager } from './claude/session.js';
 import { readFileSync } from 'fs';
@@ -10,19 +12,44 @@ const pkg = JSON.parse(readFileSync(resolve(__dirname, '..', 'package.json'), 'u
 const dim = (s) => `\x1b[2m${s}\x1b[0m`;
 const bold = (s) => `\x1b[1m${s}\x1b[0m`;
 const cyan = (s) => `\x1b[36m${s}\x1b[0m`;
+// Define CLI options
+program
+    .name('mm-claude')
+    .version(pkg.version)
+    .description('Share Claude Code sessions in Mattermost')
+    .option('--url <url>', 'Mattermost server URL')
+    .option('--token <token>', 'Mattermost bot token')
+    .option('--channel <id>', 'Mattermost channel ID')
+    .option('--bot-name <name>', 'Bot mention name (default: claude-code)')
+    .option('--allowed-users <users>', 'Comma-separated allowed usernames')
+    .option('--skip-permissions', 'Skip interactive permission prompts')
+    .option('--debug', 'Enable debug logging')
+    .parse();
+const opts = program.opts();
+// Check if required args are provided via CLI
+function hasRequiredCliArgs(args) {
+    return !!(args.url && args.token && args.channel);
+}
 async function main() {
-    if (process.argv.includes('--version') || process.argv.includes('-v')) {
-        console.log(pkg.version);
-        process.exit(0);
+    // Set debug mode from CLI flag
+    if (opts.debug) {
+        process.env.DEBUG = '1';
     }
-    if (process.argv.includes('--help') || process.argv.includes('-h')) {
-        console.log(`mm-claude v${pkg.version} - Share Claude Code sessions in Mattermost
-
-Usage: cd /your/project && mm-claude`);
-        process.exit(0);
+    // Build CLI args object
+    const cliArgs = {
+        url: opts.url,
+        token: opts.token,
+        channel: opts.channel,
+        botName: opts.botName,
+        allowedUsers: opts.allowedUsers,
+        skipPermissions: opts.skipPermissions,
+    };
+    // Check if we need onboarding
+    if (!configExists() && !hasRequiredCliArgs(opts)) {
+        await runOnboarding();
     }
     const workingDir = process.cwd();
-    const config = loadConfig();
+    const config = loadConfig(cliArgs);
     // Nice startup banner
     console.log('');
     console.log(bold(`  🤖 mm-claude v${pkg.version}`));
@@ -45,16 +72,40 @@ Usage: cd /your/project && mm-claude`);
         const threadRoot = post.root_id || post.id;
         // Follow-up in active thread
         if (session.isInSessionThread(threadRoot)) {
-            if (!mattermost.isUserAllowed(username))
-                return;
+            // If message starts with @mention to someone else, ignore it (side conversation)
+            const mentionMatch = message.trim().match(/^@(\w+)/);
+            if (mentionMatch && mentionMatch[1].toLowerCase() !== mattermost.getBotName().toLowerCase()) {
+                return; // Side conversation, don't interrupt
+            }
             const content = mattermost.isBotMentioned(message)
                 ? mattermost.extractPrompt(message)
                 : message.trim();
-            // Check for stop/cancel commands
             const lowerContent = content.toLowerCase();
+            // Check for stop/cancel commands (only from allowed users)
             if (lowerContent === '/stop' || lowerContent === 'stop' ||
                 lowerContent === '/cancel' || lowerContent === 'cancel') {
-                await session.cancelSession(threadRoot, username);
+                if (session.isUserAllowedInSession(threadRoot, username)) {
+                    await session.cancelSession(threadRoot, username);
+                }
+                return;
+            }
+            // Check for /invite command
+            const inviteMatch = content.match(/^\/invite\s+@?(\w+)/i);
+            if (inviteMatch) {
+                await session.inviteUser(threadRoot, inviteMatch[1], username);
+                return;
+            }
+            // Check for /kick command
+            const kickMatch = content.match(/^\/kick\s+@?(\w+)/i);
+            if (kickMatch) {
+                await session.kickUser(threadRoot, kickMatch[1], username);
+                return;
+            }
+            // Check if user is allowed in this session
+            if (!session.isUserAllowedInSession(threadRoot, username)) {
+                // Request approval for their message
+                if (content)
+                    await session.requestMessageApproval(threadRoot, username, content);
                 return;
             }
             if (content)

package/dist/onboarding.d.ts

@@ -0,0 +1 @@
+export declare function runOnboarding(): Promise<void>;

package/dist/onboarding.js

@@ -0,0 +1,117 @@
+import prompts from 'prompts';
+import { writeFileSync, mkdirSync } from 'fs';
+import { homedir } from 'os';
+import { resolve } from 'path';
+const bold = (s) => `\x1b[1m${s}\x1b[0m`;
+const dim = (s) => `\x1b[2m${s}\x1b[0m`;
+const cyan = (s) => `\x1b[36m${s}\x1b[0m`;
+const green = (s) => `\x1b[32m${s}\x1b[0m`;
+export async function runOnboarding() {
+    console.log('');
+    console.log(bold('  Welcome to mm-claude!'));
+    console.log(dim('  ─────────────────────────────────'));
+    console.log('');
+    console.log('  No configuration found. Let\'s set things up.');
+    console.log('');
+    console.log(dim('  You\'ll need:'));
+    console.log(dim('  • A Mattermost bot account with a token'));
+    console.log(dim('  • A channel ID where the bot will listen'));
+    console.log('');
+    // Handle Ctrl+C gracefully
+    prompts.override({});
+    const onCancel = () => {
+        console.log('');
+        console.log(dim('  Setup cancelled.'));
+        process.exit(0);
+    };
+    const response = await prompts([
+        {
+            type: 'text',
+            name: 'url',
+            message: 'Mattermost URL',
+            initial: 'https://your-mattermost-server.com',
+            validate: (v) => v.startsWith('http') ? true : 'URL must start with http:// or https://',
+        },
+        {
+            type: 'password',
+            name: 'token',
+            message: 'Bot token',
+            hint: 'Create at: Integrations > Bot Accounts > Add Bot Account',
+            validate: (v) => v.length > 0 ? true : 'Token is required',
+        },
+        {
+            type: 'text',
+            name: 'channelId',
+            message: 'Channel ID',
+            hint: 'Click channel name > View Info > copy ID from URL',
+            validate: (v) => v.length > 0 ? true : 'Channel ID is required',
+        },
+        {
+            type: 'text',
+            name: 'botName',
+            message: 'Bot mention name',
+            initial: 'claude-code',
+            hint: 'Users will @mention this name',
+        },
+        {
+            type: 'text',
+            name: 'allowedUsers',
+            message: 'Allowed usernames',
+            initial: '',
+            hint: 'Comma-separated, or empty for all users',
+        },
+        {
+            type: 'confirm',
+            name: 'skipPermissions',
+            message: 'Skip permission prompts?',
+            initial: true,
+            hint: 'If no, you\'ll approve each action via emoji reactions',
+        },
+    ], { onCancel });
+    // Check if user cancelled
+    if (!response.url || !response.token || !response.channelId) {
+        console.log('');
+        console.log(dim('  Setup incomplete. Run mm-claude again to retry.'));
+        process.exit(1);
+    }
+    // Build .env content
+    const envContent = `# mm-claude configuration
+# Generated by mm-claude onboarding
+
+# Mattermost server URL
+MATTERMOST_URL=${response.url}
+
+# Bot token (from Integrations > Bot Accounts)
+MATTERMOST_TOKEN=${response.token}
+
+# Channel ID where the bot listens
+MATTERMOST_CHANNEL_ID=${response.channelId}
+
+# Bot mention name (users @mention this)
+MATTERMOST_BOT_NAME=${response.botName || 'claude-code'}
+
+# Allowed usernames (comma-separated, empty = all users)
+ALLOWED_USERS=${response.allowedUsers || ''}
+
+# Skip permission prompts (true = auto-approve, false = require emoji approval)
+SKIP_PERMISSIONS=${response.skipPermissions ? 'true' : 'false'}
+`;
+    // Save to ~/.config/mm-claude/.env
+    const configDir = resolve(homedir(), '.config', 'mm-claude');
+    const envPath = resolve(configDir, '.env');
+    try {
+        mkdirSync(configDir, { recursive: true });
+        writeFileSync(envPath, envContent, { mode: 0o600 }); // Secure permissions
+    }
+    catch (err) {
+        console.error('');
+        console.error(`  Failed to save config: ${err}`);
+        process.exit(1);
+    }
+    console.log('');
+    console.log(green('  ✓ Configuration saved!'));
+    console.log(dim(`    ${envPath}`));
+    console.log('');
+    console.log(dim('  Starting mm-claude...'));
+    console.log('');
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mattermost-claude-code",
-  "version": "0.3.4",
+  "version": "0.5.0",
   "description": "Share Claude Code sessions live in a Mattermost channel with interactive features",
   "main": "dist/index.js",
   "type": "module",
@@ -41,12 +41,15 @@
   ],
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.25.1",
+    "commander": "^14.0.2",
     "dotenv": "^16.4.7",
+    "prompts": "^2.4.2",
     "ws": "^8.18.0",
     "zod": "^4.2.1"
   },
   "devDependencies": {
     "@types/node": "^22.10.2",
+    "@types/prompts": "^2.4.9",
     "@types/ws": "^8.5.13",
     "tsx": "^4.19.2",
     "typescript": "^5.7.2"