What's Changed
Local Claude Code Session Tracking
- Auto-discovers and tracks local Claude Code sessions by scanning
~/.claude/projects/ - Extracts token usage, model info, message counts, cost estimates, and active status from JSONL transcripts
- Background scanner runs every 60s via the scheduler
GET /api/claude/sessionswith filtering (?active=1,?project=slug), pagination, and aggregate statsPOST /api/claude/sessionsto trigger manual scans- Configure with
MC_CLAUDE_HOMEenv var (defaults to~/.claude)
Webhook Retry System
- Exponential backoff with circuit breaker for failed webhook deliveries
POST /api/webhooks/retryfor manual retry of failed deliveriesGET /api/webhooks/verify-docsfor signature verification documentation- Automatic retry processing via background scheduler
Security Hardening
- Fixed timing-safe comparison bugs in webhook signature verification and auth token validation
- Hardened rate limiter IP extraction — uses rightmost untrusted IP from X-Forwarded-For chain
- Added
MC_TRUSTED_PROXIESenv var for explicit proxy trust configuration - Increased password minimum to 12 characters with Zod + runtime validation
- Added Zod validation on
PUT /api/tasksbulk status updates
Quality & DX
- All 31 API routes now use structured pino logger (replaced all
console.error/console.warn) - Docker HEALTHCHECK directive added
- Vitest coverage config with v8 provider and 60% thresholds
- Cron job deduplication on read + duplicate prevention on write
- Cron file I/O converted from sync to async
- Jittered WebSocket reconnect backoff (prevents thundering-herd)
- Feed item ID collision fix in live feed
Bug Fixes
- Model display:
getModelInfo()always returned haiku for unrecognized models (credit @TGLTommy) - Feed item key collisions between logs and activities (credit @doanbactam)
- Cron job duplicates in the management panel (credit @doanbactam)
Quality Gates
| Check | Result |
|---|---|
| TypeScript | 0 errors |
| ESLint | 0 warnings |
| Unit tests | 69/69 pass |
| E2E tests | 165/165 pass |
| Production build | Clean |
Contributors
- @TGLTommy — model display bug fix (#67)
- @doanbactam — feed ID fix, jittered reconnect, cron deduplication (#57)
- @rezero-household — WebSocket auth fix (#54), memory dir docs (#55)
Full Changelog: v1.2.0...v1.3.0