- extract account resume lane guidance into a dedicated auth helper
- swallow diagnostic failures so account launches still reach execClaude
- add focused tests for the warning success and failure paths
- add runtime-aware resume lane diagnostics and auth backup flows
- warn when account resume uses a different plain ccs continuity lane
- surface lane mismatch guidance in the accounts dashboard, docs, and tests
- destroy the response stream when /v1/models exceeds the body limit
- prevent the oversized-response fallback test from hanging during server shutdown
- add a shared command catalog for root help and completion routing
- replace shell-local completion logic with a hidden __complete backend
- add topic help and parity tests for router, help, and completion coverage
- route dashboard WebSocket traffic through /ws to avoid Vite HMR collisions
- run the dev entrypoint with node so bun run dev stays stable in this repo
- restore the Image settings scroll container contract and add regression coverage
- Add 30s timeout on proxy requests to prevent indefinite hangs
- Wrap resolveLocalCliproxyPort in try/catch with default port fallback
- Simplify buildProxyBody: remove fragile content-length check that
caused Bun to fall through to req.pipe() on consumed streams
- Replace proxyRes.pipe(res) with manual streaming for Bun compatibility
(pipe hangs after writeHead in Bun runtime)
- Replace deprecated req.on('aborted') with res.on('close') cleanup
(req.on('close') fires with req.destroyed=true in Bun after body
consumption, prematurely destroying the proxy connection)
- Explicitly end proxy request for bodyless methods (GET/HEAD/OPTIONS)
instead of piping an already-consumed express stream
- Add server.closeAllConnections() in test cleanup to prevent hangs
- Add GET passthrough and 502 unreachable test cases
- switch ccs-websearch MCP to stdio-first framing and keep legacy compatibility
- add cooldown persistence and bounded retries for provider failures
- surface cooldown status in readiness output and regression tests
Move reverse proxy under /api/cliproxy-local so it sits behind auth
middleware. Enforce localhost-only access when dashboard auth is disabled.
Resolve the target port from unified config instead of hardcoding 8317.
Re-serialize parsed JSON bodies before forwarding so writes still work
behind express.json(). Clean up proxy connections on client abort.
On the frontend, point the iframe and health check at the new same-origin
API path, probe the proxy directly, and tighten iframe origin/path
validation before sending the auto-login secret.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- keep Codex team and personal auth files as separate identities
- resolve quota and live monitor stats by token file-backed account id
- surface duplicate-aware account labels across the dashboard and variant UI
In Docker, the browser cannot directly reach the container-internal CLIProxy
port (8317). This adds a reverse proxy at /cliproxy-local/* that forwards
requests through the dashboard Express server to 127.0.0.1:8317 internally.
The control panel embed now uses same-origin API endpoints for health checks
and the proxy path for the management iframe.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>