Feature request: write rate-limit headers to ~/.claude/rate-limits.json

Resolved 💬 4 comments Opened Mar 27, 2026 by frr149 Closed Apr 29, 2026

Problem

Third-party tools that monitor Claude Max/Pro quota (menu bar apps, widgets, dashboards) currently depend on reading the OAuth token from the system Keychain (Claude Code-credentials).

This creates a terrible UX on macOS: every ~8h when Claude Code refreshes the token (via delete+add, likely due to keytar), the Keychain ACL is destroyed and macOS shows a password popup. kSecUseAuthenticationUISkip is unreliable on macOS Sequoia after sleep/wake cycles. See #22144.

Multiple projects in the ecosystem are affected (claude-code-meter, claude-quota, ccburn, claudometer, tokemon, etc. — at least 10+ projects on GitHub).

Proposed solution

After each API response, write the anthropic-ratelimit-unified-* headers to a JSON file:

~/.claude/rate-limits.json

Example content:

{
  "updated_at": "2026-03-27T14:30:00Z",
  "five_hour": {
    "utilization": 0.08,
    "resets_at": "2026-03-27T18:00:00Z"
  },
  "seven_day": {
    "utilization": 0.19,
    "resets_at": "2026-04-02T14:59:59Z"
  },
  "seven_day_sonnet": {
    "utilization": 0.0,
    "resets_at": null
  },
  "extra_usage": null
}

This is analogous to how stats-cache.json already works — Claude Code writes, third-party tools read via FSEvents. No Keychain access needed, no popups, no OAuth tokens leaving the process.

Alternatives considered

| Alternative | Why insufficient |
|---|---|
| Read OAuth token from Keychain | Popup every ~8h (ACL destroyed on token refresh) |
| Own OAuth flow (PKCE) | Prohibited by ToS for third-party apps (Feb 2026) |
| WebView scraping claude.ai | Blocked by Cloudflare managed challenge |
| Estimate from local JSONL | ~5% error, no ground truth for window utilization |
| API keys | Don't reflect Max/Pro subscription quota |

Impact

This single file would:

  • Eliminate Keychain popups for the entire ecosystem
  • Remove the need for third-party apps to handle OAuth tokens
  • Provide exact quota data without network requests
  • Work within macOS sandbox (file read only, no Keychain)
  • Be trivial to implement (Claude Code already parses these headers internally)

References

  • #22144 — Keychain popup every ~8h
  • #28091 — OAuth tokens banned for third-party apps
  • #31637 — /api/oauth/usage aggressive rate limiting

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗