v2.1.0 - Quota Monitoring & EPCC Workflow Enhancements
v2.1.0 - Quota Monitoring & EPCC Workflow Enhancements
🎯 Major Features
Quota Monitoring System
Comprehensive per-user token quota management with fine-grained controls to manage costs and prevent unexpected overages.
Key Features:
- 📊 Per-user/group quota policies with precedence rules (user > group > default)
- 🔒 JWT-authenticated real-time quota API
- 🚦 Dual enforcement modes:
alert(notify only) orblock(deny access) - 🌐 Browser notifications with visual progress bars
- ⏰ Periodic re-check for cached credentials (configurable interval)
- 💰 Bill shock protection with auto-calculated daily limits
- 📈 Monthly and daily token limits with burst buffer
New CLI Commands:
ccwb quota set-user <email> --monthly-limit 500M --daily-limit 20M
ccwb quota set-group <group> --monthly-limit 400M --enforcement block
ccwb quota set-default --monthly-limit 225M
ccwb quota list
ccwb quota show <email>
ccwb quota usage <email>
ccwb quota delete user <email>
ccwb quota unblock <email> --duration 24h
ccwb quota export <file>
ccwb quota import <file> --dry-runInfrastructure:
- New CloudFormation stack:
quota-monitoring.yaml - DynamoDB tables: QuotaPolicies, UserQuotaMetrics
- Lambda functions: quota_check, quota_monitor, metrics_aggregator
- API Gateway with JWT authorizer
- SNS topic for alerts
EPCC Workflow v3.1.0 Updates
Enhanced multi-session support for long-running projects:
- 📋 New
/epcc-resumecommand for session continuity - 🔄 Session startup protocol with automatic orientation
- ✅ Feature verification gates
- 📝 Progress tracking with
epcc-progress.md - 🎯 Feature list management with
epcc-features.json - 🏗️ Technical Requirements Document (TRD) command
- 🎨 Frontend design plugin
🔒 Security Enhancements
All security measures include secure defaults and configurable behavior:
- ✅ HTML escaping for XSS prevention in browser notifications
- ✅ Fail-closed security by default (configurable via environment variables)
- ✅ Email validation (RFC 5322) for all quota commands
- ✅ STS caller identity for audit trails
- ✅ Maximum unblock duration enforcement (7 days)
- ✅ Configurable security policies via
MISSING_EMAIL_ENFORCEMENTandERROR_HANDLING_MODE
🐛 Bug Fixes
- fix: Resolve Cognito authentication issues for CLI credential process (#32e1825)
- fix: Correct vpc_config typo in infrastructure templates (#75)
- fix: Malformed Windows install.bat script (#73)
- fix: Existing VPC configuration handling (#66)
📚 Documentation
- New comprehensive QUOTA_MONITORING.md guide
- Updated CLI_REFERENCE.md with all quota commands
- Enhanced Okta setup guide with quota monitoring configuration
- Updated EPCC workflow command documentation
🔄 Changes Since v2.0.1
Added:
- Quota monitoring system (27 files, 7,782 additions)
- EPCC workflow enhancements with multi-session support
- TRD (Technical Requirements Document) phase
- Frontend design plugin for EPCC workflow
- PRD (Product Requirements Document) enhancements
Fixed:
- Cognito authentication credential provider
- VPC configuration template typo
- Windows installer script
- Existing VPC integration
⚙️ Configuration
Quota monitoring is opt-in during ccwb init. To enable:
ccwb init # Select "Yes" when prompted for quota monitoring
ccwb deploy quota # Deploy the quota monitoring stack🔐 Security Configuration
Lambda environment variables for security tuning:
MISSING_EMAIL_ENFORCEMENT: "block" (default) | "open"ERROR_HANDLING_MODE: "fail_closed" (default) | "fail_open"
📊 Compatibility
- ✅ Backward compatible - No breaking changes
- ✅ Opt-in feature - Quota monitoring disabled by default
- ✅ Existing deployments - No migration required
🙏 Contributors
- @jawhnycooke - Quota monitoring system and EPCC workflow enhancements
- @OleksandrRebenok - VPC configuration fixes
- @schuettc - Security review and release management
📦 Installation
# Install or upgrade
pip install --upgrade claude-code-with-bedrock
# Or download the latest release binariesFull Changelog: v2.0.1...v2.1.0
Contributors
jawhnycooke, schuettc, and OleksandrRebenok