Commit Graph
616 Commits
Author SHA1 Message Date
Tam Nhu Tran 29eebff7c5 fix(cliproxy): harden oauth trace snippet redaction 2026-05-22 11:12:37 -04:00
Kai (Tam Nhu) TranandTam Nhu Tran a526eb469a fix(cliproxy): redact token-like oauth trace snippets 2026-05-22 11:11:06 -04:00
Tam Nhu Tran 6569eed15b feat: support minimal codex effort aliases 2026-05-20 11:11:46 -04:00
Kai (Tam Nhu) TranandGitHub 2f50fe393d fix(cliproxy): bound Claude quota error-body reads and preserve timeout
Squash merge PR #1300 into dev.
2026-05-19 08:21:29 -04:00
Kai (Tam Nhu) TranandGitHub b7ba3c743f fix(cliproxy): cap oauth log parsing size in stats fallback
Squash merge PR #1292 into dev.
2026-05-19 07:51:57 -04:00
Kai (Tam Nhu) TranandGitHub ece43fc30e fix(cliproxy): redact AI provider header secrets (#1268)
* fix(cliproxy): redact AI provider header secrets

* style: apply prettier formatting
2026-05-16 13:58:55 -04:00
Kai (Tam Nhu) TranandGitHub 609bed0c39 fix(codex): normalize native cliproxy tuning aliases (#1254) 2026-05-15 09:51:42 -04:00
walker1211andGitHub 35b6210cd2 fix: support Claude subcommands and background sessions
Squash merge PR #1240.\n\nValidated locally from the PR head because trusted-author GitHub CI was skipped for this fork PR:\n- bun run validate\n- bun run build:all\n- bun run test:all\n- CCS_E2E_SKIP_BUILD=1 bun run test:e2e
2026-05-14 10:18:23 -04:00
Tam Nhu Tran c2b00b7ad6 feat(dispatcher): pass through Claude subcommands without interactive-session args
Closes #1218.

When the user invokes `ccs <profile> agents` (and other Claude subcommands
like `mcp`, `doctor`, `plugin`, ...), CCS was unconditionally injecting
session-only Claude flags (`--append-system-prompt`, `--disallowedTools`,
`--settings`, official-channels plugin specs) and forwarding the
`DISABLE_TELEMETRY=1` env var from profile settings. Each of those
either errored out the subcommand (`error: unknown option
'--append-system-prompt'`) or silently flipped Claude into
non-interactive list mode, so the new `claude agents` agent view never
opened under CCS.

Add a small `claude-subcommand-detector` that recognizes the documented
Claude subcommand set after skipping known value-taking flags, then have
the three steering-prompt injectors (websearch, image-analysis, browser),
the cliproxy and settings launchers, and the official-channels plan
short-circuit when a subcommand invocation is detected. Also strip
`DISABLE_TELEMETRY` from the spawned env only for subcommand
invocations — upstream Claude Code uses that var as a kill switch for
the subcommand TUIs, and the user's telemetry preference still applies
to every normal interactive session.

Verified end-to-end against `ccs glm agents` and `ccs ck agents`: the
agent view opens correctly, no `unknown option` error, and all 1938
existing tests pass.
2026-05-12 16:35:37 -04:00
Kai (Tam Nhu) TranandGitHub 29da75c0d4 fix(cliproxy): explain headless Codex OAuth recovery
Closes #1213
2026-05-11 14:25:34 -04:00
Tam Nhu Tran 4ba9df5425 fix(cliproxy/auth): generalize Plus OAuth credential guards for gemini and agy
Refactor getGeminiPlusOAuthCredentialError / getGeminiAuthUrlCredentialError
behind a provider-table-driven helper (PLUS_OAUTH_ENV_BY_PROVIDER) and add
getPlusOAuthCredentialError / getPlusAuthUrlCredentialError exports covering
both gemini and agy. Existing gemini-named exports preserved as aliases so
PR #1131 test surface remains unchanged. New AGY-parity test cases mirror
the original gemini diagnostics. CLI call sites in triggerOAuth /
handlePasteCallbackMode stay gemini-only; dashboard handler in the
follow-up commits will use the generalized exports for both providers.

Refs #1208
2026-05-10 21:55:08 -04:00
Tam Nhu Tran 641d492cd6 feat(cliproxy): add OAuth callback traceability across profiles
Introduces structured per-phase tracing for OAuth flows so users see
branch-specific error messages instead of a generic "token not found"
fallback.

- New oauth-trace/ module: recorder, redactor, three sinks
  (in-memory ring buffer, verbose stdout, opt-in JSONL file at
  ~/.ccs/logs/oauth-YYYYMMDD.log mode 0o600 via CCS_OAUTH_LOG_FILE=1)
- Branch-specific diagnostics for: URL-not-displayed,
  callback-not-observed, binary-error, token-exchange-error,
  session-expired, token-file-missing; UNKNOWN fallback preserves
  prior UX
- Trace recorder threaded through oauth-process.ts spawn/stdout/stderr/
  exit lifecycle; SIGINT/SIGTERM cleanup flushes recorder and records
  Cancelled
- Redactor strips code, state, access_token, refresh_token, id_token,
  client_secret, code_verifier, device_code, assertion, subject_token,
  plus Authorization: Bearer headers; covers URL fragments,
  URL-encoded keys, and arrays
- 68 new tests including adversarial regression cases for redactor
  bypass attempts

Phases for paste-callback path and cross-profile failure-matrix
deferred to follow-up #1207.

Closes #1206
2026-05-10 15:12:40 -04:00
Kai (Tam Nhu) TranandGitHub 74d73748ee feat: support Codex fast service-tier aliases
* feat: support Codex fast service-tier aliases

* fix: send Codex fast tier as priority
2026-05-07 15:34:05 -04:00
Kai (Tam Nhu) TranandGitHub 19a50a8dd8 feat: deprecate GitHub Copilot compatibility surfaces (#1196) 2026-05-07 13:06:03 -04:00
Kai (Tam Nhu) TranandGitHub 8b681df455 fix: route Cursor auth through browser polling
Closes #1194
2026-05-07 11:25:17 -04:00
Kai (Tam Nhu) TranandGitHub 61390e5691 fix(cliproxy): diagnose Gemini Plus OAuth credentials
Closes #1131
2026-05-07 11:05:53 -04:00
Kai (Tam Nhu) TranandGitHub ba18b68494 fix: count CLIProxy OAuth usage in dashboard stats (#1190)
* fix: count CLIProxy OAuth usage in dashboard stats

* fix: fill cliproxy oauth usage details from logs

* fix: keep mixed cliproxy oauth usage details

* fix: avoid aggregate usage enrichment inflation

* fix: cover oauth source prefixes and full log scans

* fix: preserve distinct oauth usage details

* fix: dedupe oauth log usage by auth identity

* fix: drain usage queue and preserve repeated oauth requests

* fix: guard usage queue drain against repeated full batches

* fix(cliproxy): harden oauth usage stats merging
2026-05-06 17:35:00 -04:00
Tam Nhu Tran 9a687fc03c fix: preserve CLIProxy platform arch compatibility 2026-05-04 11:39:47 -04:00
Tam Nhu Tran 2274cef658 fix: preserve arm64 compatibility for CLIProxy assets 2026-05-04 10:44:20 -04:00
juwain 4acc81c082 style: apply prettier formatting 2026-05-04 15:36:37 +03:00
juwain 70bf0806f3 fix: use aarch64 for CLIProxy arm assets 2026-05-04 14:59:14 +03:00
Tam Nhu Tran 3862411bb7 fix(cliproxy): harden custom local port handling 2026-05-03 14:07:31 -04:00
Tam Nhu Tran a7c10be72e Merge origin/dev into fix/cliproxy-local-port-config
Resolve the dispatcher and dashboard conflicts from origin/dev while preserving the configured local CLIProxy port behavior. Also harden lifecycle port fallback and wait for the actual stopped port during binary installs.
2026-05-03 13:56:43 -04:00
Kai (Tam Nhu) TranandGitHub 923683bf30 feat(cliproxy): route plus dashboard to maintained fork (#1173) 2026-05-03 13:01:04 -04:00
Tam Nhu Tran 05e1c35203 refactor: merge facade adoption from #1169 into executor extraction 2026-05-03 11:54:04 -04:00
MolkoandClaude Opus 4.7 509bd5dbef fix(cliproxy): respect configured local port instead of hardcoding 8317
All call sites that spawn or probe CLIProxyApiPlus now read
cliproxy_server.local.port from config via resolveLifecyclePort()
instead of using the hardcoded CLIPROXY_DEFAULT_PORT constant.

- Move resolveLifecyclePort helper to src/cliproxy/config/port-manager.ts
- Fix 7 call sites: ccs.ts, config-command.ts, copilot-executor.ts,
  lifecycle.ts, binary-manager.ts, cliproxy-stats-routes.ts,
  cliproxy-local-proxy.ts
- Remove duplicate resolveLocalCliproxyPort helper
- Cache port resolution in /proxy-status handler to avoid repeated I/O

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-03 07:40:48 -04:00
Tam Nhu Tran 4f6e61739c refactor(config): adopt config-loader-facade across the codebase
Issue #1161. Sweeps 127 files to import from
src/config/config-loader-facade.ts instead of unified-config-loader or
utils/config-manager directly.

WRITE callers (32 files): replaced raw saveUnifiedConfig /
mutateUnifiedConfig / updateUnifiedConfig calls with the facade's
cache-coherent wrappers saveConfig / mutateConfig / updateConfig. This
fixes a latent stale-cache window where direct writes through the
underlying loader bypassed the facade's memoization.

READ callers (95 files): mechanical import-path migration only —
function names unchanged because the facade re-exports them. No
behavior change.

Also updated:
- tests/unit/utils/browser/browser-setup.test.ts (DI interface rename)
- src/management/checks/image-analysis-check.ts (dynamic import rename)
- src/web-server/health-service.ts (dynamic require rename)
- src/ccs.ts (path prefix fix from sweep script)

After sweep: zero raw write callers remain outside src/config/. Direct
imports of config-manager remain only for symbols not in the facade
(getConfigPath, getCcsDirSource, etc). Behavior unchanged; full suite
passes 1824/1824.

Out of scope: switching loadOrCreateUnifiedConfig() callers to
getCachedConfig() — needs per-callsite cache-safety analysis. Tracked
as follow-up.

Refs #1161
2026-05-03 01:42:53 -04:00
Tam Nhu Tran 09268e7e33 refactor(cliproxy/executor): extract model-warnings + claude-launcher and polish orchestrator
Phases 08+09+10 of #1162. Final extractions and orchestrator cleanup:

- src/cliproxy/executor/model-warnings.ts (80 LOC):
  warnBrokenModels — handles composite + simple paths, broken-model
  notification with replacement suggestions.
- src/cliproxy/executor/claude-launcher.ts (161 LOC):
  launchClaude — final args assembly (web search, image analysis, browser
  tool args), trace context env, Windows shell escaping, spawn,
  quota monitor wiring, cleanup handlers.
- New tests: 227 + 217 LOC.
- index.ts cleanup: numbered section comments through orchestrator,
  removed ~17 now-unused imports, re-export block preserved.

index.ts: 665 -> 550 LOC. Final reduction across all 10 phases:
1428 -> 550 (-878, -61%). Behavior unchanged; full suite passes
1824/1824. The remaining 550 LOC is the natural orchestrator floor —
further extraction would require a 15-field context struct, which is
manufactured complexity rather than genuine separation of concerns.

Closes phases 02-10 of #1162.

Refs #1162
2026-05-02 22:39:13 -04:00
Tam Nhu Tran 8b39d8a25f refactor(cliproxy/executor): extract proxy-chain-builder from index.ts
Phase 07 of #1162. Splits tool-sanitization + codex-reasoning proxy spawn
out of the orchestrator:

- src/cliproxy/executor/proxy-chain-builder.ts (185 LOC):
  buildProxyChain + ProxyChainContext / ProxyChainResult types.
  DI escape hatch (_ToolSanitizationProxy / _CodexReasoningProxy) for
  testability without refactoring the proxy classes (Bun module cache
  blocks mock.module of already-loaded modules).
- 9 unit tests covering codex-only, tool-san only, both-together,
  spawn failure swallowing, env propagation.

index.ts: 716 -> 665 LOC (-51). HTTPS tunnel kept inline because
tunnelPort is needed by image-analysis resolution before first-pass
buildClaudeEnvironment — folding it in would also require moving image
analysis. Two-pass buildClaudeEnvironment dance preserved exactly.
Behavior unchanged; full suite passes 1824/1824.

Refs #1162
2026-05-02 22:32:37 -04:00
Tam Nhu Tran 8b7e7f4847 refactor(cliproxy/executor): extract auth-coordinator from index.ts
Phase 06 of #1162. Splits the largest remaining concern out of the
orchestrator into a focused module:

- src/cliproxy/executor/auth-coordinator.ts (397 LOC):
  handleLogout, handleImport, resolveSkipLocalAuth, runAntigravityGate,
  ensureProviderAuthentication, runPreflightQuotaCheck,
  runAccountSafetyGuards, ensureModelConfiguration,
  ensureProviderSettingsFile. Preserves load-bearing ordering of
  antigravity gate -> auth -> token refresh -> quota check.
- 36 unit tests covering --auth/--logout/--import early exit,
  antigravity gate refusal/acceptance, OAuth trigger paths, composite
  providers, remote-proxy skipLocalAuth.

index.ts: 895 -> 716 LOC (-179). Behavior unchanged; full suite passes
1824/1824. Module is 397 LOC (over the <200 ideal) — kept whole because
the auth ordering contract should not be split across files.

Refs #1162
2026-05-02 22:03:46 -04:00
Tam Nhu Tran bc48613bbd refactor(cliproxy/executor): extract browser-setup and account-resolution
Phases 04+05 of #1162. Splits two more concerns out of the orchestrator:

- src/cliproxy/executor/browser-launch-setup.ts (118 LOC):
  resolveBrowserLaunchFlags + resolveBrowserRuntime. Encapsulates browser
  flag resolution, attach config, blocked-override warning, and runtime
  setup including MCP sync.
- src/cliproxy/executor/account-resolution.ts (197 LOC):
  resolveRuntimeQuotaMonitorProviders, resolveAccounts (--accounts /
  --use / --nickname / OAuth ban-risk warn / default touch),
  applyAccountSafetyGuards, touchDefaultAccount.
- New tests: 184 + 430 LOC covering both modules.

index.ts: 1045 -> 895 LOC (-150). resolveRuntimeQuotaMonitorProviders
re-exported from index.ts for __testExports backwards compat. Behavior
unchanged; full suite passes 1824/1824.

Refs #1162
2026-05-02 21:47:54 -04:00
Tam Nhu Tran 968681f261 refactor(cliproxy/executor): extract proxy-resolver from index.ts
Phase 03 of #1162. Splits proxy + binary resolution out of the orchestrator
into a focused module:

- src/cliproxy/executor/proxy-resolver.ts (196 LOC):
  ResolvedProxy + ResolveExecutorProxyContext interfaces, resolveExecutorProxy
  function. Encapsulates proxy config resolution, port mutation, remote
  reachability check, fallback prompt, local backend selection, and
  binary acquisition.
- src/cliproxy/executor/__tests__/proxy-resolver.test.ts: 10 unit tests
  covering local/remote/fallback paths.

index.ts: 1168 -> 1045 LOC (-123). Removes 9 now-unused imports. Browser
flag handling intentionally left in index.ts for Phase 04. Behavior
unchanged; full suite passes 1824/1824.

Refs #1162
2026-05-02 21:38:38 -04:00
Tam Nhu Tran 19d24954be refactor(cliproxy/executor): extract arg-parser from index.ts
Phases 01+02 of #1162. Splits executor flag parsing/validation out of the
1428-LOC orchestrator into a focused module:

New files:
- src/cliproxy/executor/arg-parser.ts (~500 LOC):
  readOptionValue, hasGitLabTokenLoginFlag, getGitLabTokenLoginFlagName,
  CCS_FLAGS + filterCcsFlags, ParsedExecutorFlags + parseExecutorFlags,
  validateFlagCombinations (process.exit semantics preserved for parity).
- src/cliproxy/executor/__tests__/arg-parser.test.ts: 45 unit tests.
- src/cliproxy/executor/__tests__/index-characterization.test.ts:
  TDD baseline (16 pass + 7 skipped scenarios at the spawn/dynamic-import
  boundary; mock simplification deferred to a follow-up phase).

index.ts: 1428 -> 1175 LOC (-253). Re-exports preserved at module bottom
for backwards compatibility. Behavior unchanged; full test suite passes
(1824/1824).

Refs #1162
2026-05-02 21:17:07 -04:00
Kai (Tam Nhu) TranandGitHub 50b0ffba75 fix(cliproxy): refresh upstream model and quota surfaces (#1158)
* fix(cliproxy): refresh upstream model and quota surfaces

* test(cliproxy): cover codex legacy model fallback
2026-05-01 02:19:31 -04:00
Kai (Tam Nhu) TranandGitHub b892739756 Merge pull request #1146 from kaitranntt/kai/feat/1138-logs-ui-redesign
feat(ui): redesign dashboard logs page (#1142)
2026-04-30 13:14:47 -04:00
Tam Nhu Tran bf8759460d feat(auth,commands): instrument oauth handler, profile registry, and doctor pipeline
Emit auth-stage events around OAuth round-trips and profile lookups so auth
flows are traceable end-to-end. Doctor command emits dispatch stages around
each health-check phase for clearer diagnostic logs.

Refs #1141, #1138
2026-04-30 13:00:16 -04:00
Tam Nhu Tran 33a1553431 test: include colocated cliproxy tests in buckets 2026-04-30 12:49:57 -04:00
Tam Nhu Tran 20c2005df9 fix(cliproxy): clear stale cleanup timer and fix session/tunnel edge cases
- Stop cleanup interval when all auth sessions are removed (unregister,
  cancel, cancelAll) so the Node event loop isn't held alive.
- getActiveSessionForProvider now returns the most recent session by
  startedAt instead of the first map entry.
- HTTPS tunnel includes port in Host header when non-443.
2026-04-29 18:13:15 -04:00
Tam Nhu Tran 6633bf456b fix(cliproxy): handle all invalid prefixes and reverse-order collisions
forceValidChars() now ensures leading char is letter or underscore
(catches dot, hyphen, colon, slash — not just digits). registerTools()
always registers in mapping so collisions are detected regardless of
tool registration order.
2026-04-29 18:04:19 -04:00
Tam Nhu Tran 218d0cf6c6 fix(cliproxy): sanitize invalid tool name chars and disambiguate collisions
sanitizeToolName() fallback now forces valid characters (replaces
unsupported chars with underscores, ensures leading letter/underscore)
instead of only truncating. registerTools() disambiguates colliding
sanitized names with numeric suffixes so restoreToolUse() always maps
back to the correct original.
2026-04-29 17:57:11 -04:00
Tam Nhu Tran 31dc18657c fix(cliproxy): fix base-config-loader __dirname path and stale mock.module paths
- base-config-loader.ts moved from src/cliproxy/ to src/cliproxy/config/,
  so __dirname relative path needs one more .. to reach config/ dir
- Update mock.module paths for proxy-detector and routing-strategy
  in non-colocated test files
2026-04-29 17:40:33 -04:00
Tam Nhu Tran c3c8cb7a82 fix(cliproxy): exclude colocated tests from tsconfig and eslint
- Add src/**/__tests__/** to tsconfig.json exclude list
- Add ignores pattern for __tests__ in eslint.config.mjs
- Fix ui/src/lib/api-client.ts import path for provider-entitlement-types
- Remove stale build artifacts from ui/src/lib/ and tests/mocks/
2026-04-29 17:18:23 -04:00
Tam Nhu Tran 273214d166 fix(cliproxy): correct relative import paths in colocated tests 2026-04-29 17:10:05 -04:00
Tam Nhu Tran 1c72b4b8d5 refactor(cliproxy): flatten module structure and colocate tests (#1135)
- Split types.ts (331 LOC) into 4 concern-based files under types/:
  platform-types, binary-types, provider-types, config-types
- Preserve backward compat via barrel re-export (types.ts → types/index)
- Reorganize 53 root-level files into 8 subdirectories:
  accounts/, ai-providers/, auth/, binary/, config/, executor/,
  management/, proxy/, quota/, routing/, services/, sync/
- Reduce src/cliproxy/ root from 65 to 8 files (target: ≤10)
- Colocate 87 unit tests from tests/unit/cliproxy/ into
  src/cliproxy/*/__tests__/ (13 colocated test directories)
- Update import paths across 40+ consumer files
- Add TDD backward-compat test for types split

Refs #1135
2026-04-29 17:06:39 -04:00
Tam Nhu Tran 5013d411a7 feat(cliproxy): self-pause exhausted quota accounts 2026-04-28 20:35:15 -04:00
Tam Nhu Tran 73c82b3567 Merge remote-tracking branch 'origin/dev' into kai/fix/1118-ai-provider-model-rules 2026-04-28 14:27:53 -04:00
Tam Nhu Tran 9a28ca55d8 fix(cliproxy): tolerate plain AI provider model rules 2026-04-28 14:19:21 -04:00
Tam Nhu Tran aa7f155161 test(cliproxy): stabilize routing endpoint coverage 2026-04-28 14:07:15 -04:00
Tam Nhu Tran 8ef703024b fix(cliproxy): probe routing via management endpoint 2026-04-28 14:02:58 -04:00
Kai (Tam Nhu) TranandGitHub b6432f783e Merge pull request #1114 from yousiki/fix/claude-utilization-percent-unit
fix(cliproxy): use explicit utilization unit per Claude payload form
2026-04-28 13:41:31 -04:00