[BUG] Session rate-limit bucket stuck at 100% on OAuth token; survives /logout + /login; only fixed by deleting .credentials.json

Open 💬 0 comments Opened Jul 10, 2026 by AlvaroRojas

What's wrong?

Claude Code CLI blocked all requests with You've hit your session limit · resets 4pm (Europe/Madrid) while actual account usage was far under the limit. The block applied to every model (including Haiku), yet the same account worked normally at the same time on claude.ai and in Claude Desktop's Code mode.

Key symptom: running /usage briefly rendered 100%, then refreshed to 0% — suggesting the enforcement path and the usage endpoint were reading different state. The enforcement appears to have been keyed to the CLI's OAuth token/session, whose server-side bucket was stuck at 100%, while account-level usage was genuinely low.

/logout followed by /login did not fix it — presumably because it refreshes the same token lineage, which inherits the stuck bucket.

Fix that worked

  1. Kill all claude processes
  2. Delete %USERPROFILE%\.claude\.credentials.json
  3. Relaunch and complete a fresh OAuth login

Immediately unblocked after a fresh token grant. This workaround is not in the official troubleshooting docs.

Environment

  • Claude Code v2.1.206, native install, Windows (PowerShell)
  • Plan: Max 5x (default_claude_max_5x), stripe_subscription, extra usage disabled at org level
  • No ANTHROPIC_API_KEY / CLAUDE_CODE_OAUTH_TOKEN / ANTHROPIC_BASE_URL env vars set (verified)
  • No ~/.claude/statsig directory present (GrowthBook flags in use)
  • Date/time of incident: 2026-07-10, ~afternoon (Europe/Madrid)
  • Reset time shown: 4pm Europe/Madrid

Steps to reproduce (as observed)

  1. Use Claude Code CLI normally on a Max plan (heavy sessions, including Fable 5 usage in prior days)
  2. CLI begins returning You've hit your session limit on every prompt, all models
  3. /usage flickers 100% → 0%; claude.ai usage page shows low usage; Desktop Code mode works on the same account
  4. /logout + /login — still blocked
  5. Delete .credentials.json, fresh login — unblocked

Expected behavior

  • Rate-limit enforcement should be consistent with what /usage and the account usage page report
  • /logout + /login should be sufficient to clear any token-scoped stuck state
  • If a token-scoped bucket blocks requests, /usage should attribute it so users can diagnose

Related issues

#54750, #31367, #41084 (session shown exhausted despite low visible usage / reset not clearing / contradictory usage numbers)

View original on GitHub ↗