Kai (Tam Nhu) Tran and GitHub
0bd2e577b2
fix(codex-auth): restrict symlink fallback and harden copy path ( #1365 )
2026-05-23 21:43:51 -04:00
github-actions[bot]
1065f68eae
chore(release): 8.1.0-dev.4
2026-05-24 01:42:35 +00:00
Kai (Tam Nhu) Tran and GitHub
9357f4df26
fix(cliproxy): redact generic token query params in oauth trace ( #1364 )
2026-05-23 21:39:05 -04:00
github-actions[bot]
65ced77c4c
chore(release): 8.1.0-dev.3
2026-05-24 01:37:41 +00:00
Kai (Tam Nhu) Tran and GitHub
d9616447f9
fix(web-server): stop startup local prefix sync secret leak ( #1362 )
2026-05-23 21:24:18 -04:00
github-actions[bot]
7606a31b8e
chore(release): 8.1.0-dev.2
2026-05-24 01:23:22 +00:00
Kai (Tam Nhu) Tran and GitHub
aef331d8ef
fix(docker): pin runtime deps to committed bun lockfile ( #1358 )
2026-05-23 21:19:31 -04:00
github-actions[bot]
1e834b8478
chore(release): 8.1.0-dev.1
2026-05-24 01:18:20 +00:00
Kai (Tam Nhu) Tran and GitHub
ab379e9e13
fix: disable docker legacy API key auth by default ( #1355 )
2026-05-23 21:03:24 -04:00
semantic-release-bot
c21f589247
chore(release): 8.1.0 [skip ci]
...
## [8.1.0](https://github.com/kaitranntt/ccs/compare/v8.0.0...v8.1.0 ) (2026-05-23)
### Features
* **release:** promote dev to main — security hardening batch ([#1351 ](https://github.com/kaitranntt/ccs/issues/1351 )) ([aed942f ](https://github.com/kaitranntt/ccs/commit/aed942f51bc4f2dd1db52302d8cea3185a2bb192 )), closes [#1340 ](https://github.com/kaitranntt/ccs/issues/1340 ) [#1341 ](https://github.com/kaitranntt/ccs/issues/1341 ) [#1342 ](https://github.com/kaitranntt/ccs/issues/1342 ) [#1344 ](https://github.com/kaitranntt/ccs/issues/1344 ) [#1346 ](https://github.com/kaitranntt/ccs/issues/1346 ) [#1347 ](https://github.com/kaitranntt/ccs/issues/1347 ) [#1348 ](https://github.com/kaitranntt/ccs/issues/1348 ) [#1349 ](https://github.com/kaitranntt/ccs/issues/1349 ) [#1350 ](https://github.com/kaitranntt/ccs/issues/1350 ) [#1345 ](https://github.com/kaitranntt/ccs/issues/1345 ) [#1353 ](https://github.com/kaitranntt/ccs/issues/1353 ) [#1340 ](https://github.com/kaitranntt/ccs/issues/1340 ) [#1354 ](https://github.com/kaitranntt/ccs/issues/1354 ) [#1347 ](https://github.com/kaitranntt/ccs/issues/1347 ) [#1352 ](https://github.com/kaitranntt/ccs/issues/1352 )
### Bug Fixes
* **analytics:** harden sqlite3 invocation for native Droid usage scan ([#1347 ](https://github.com/kaitranntt/ccs/issues/1347 )) ([469c9ff ](https://github.com/kaitranntt/ccs/commit/469c9ffde44ca7bba8c9e33365d92b9a819cdec7 ))
* **analytics:** support sqlite3 path resolution on Windows and NixOS ([#1354 ](https://github.com/kaitranntt/ccs/issues/1354 )) ([9a42098 ](https://github.com/kaitranntt/ccs/commit/9a420988bc1b63a9cab270e331ee6e762726cb1b )), closes [#1347 ](https://github.com/kaitranntt/ccs/issues/1347 )
* **ci:** prevent promote-release tag command injection ([#1350 ](https://github.com/kaitranntt/ccs/issues/1350 )) ([3b94ec8 ](https://github.com/kaitranntt/ccs/commit/3b94ec853d090317211a33abb5cf4f56542ef664 ))
* **cliproxy:** disable spoofable default bg keepalive probe ([#1340 ](https://github.com/kaitranntt/ccs/issues/1340 )) ([f0ec820 ](https://github.com/kaitranntt/ccs/commit/f0ec82005446d51434816e5d64b74e3d0c0ea602 ))
* **cliproxy:** sanitize local port before config regeneration ([#1342 ](https://github.com/kaitranntt/ccs/issues/1342 )) ([af7aa0c ](https://github.com/kaitranntt/ccs/commit/af7aa0c2dda834237a3aa79661cd62d096c32876 ))
* **codex-auth:** stop spawning powershell in shell detection ([#1348 ](https://github.com/kaitranntt/ccs/issues/1348 )) ([825efb8 ](https://github.com/kaitranntt/ccs/commit/825efb8b109e88c4f778259176cf2485406eb8ed ))
* **codex-quota:** guard feature label type in quota windows ([#1346 ](https://github.com/kaitranntt/ccs/issues/1346 )) ([b71fe5d ](https://github.com/kaitranntt/ccs/commit/b71fe5dd6ec975ac13ea1f33bd00d51df8ac80dc ))
* **dispatcher:** also treat -p as non-subcommand short for --print ([#1352 ](https://github.com/kaitranntt/ccs/issues/1352 )) ([8335f0c ](https://github.com/kaitranntt/ccs/commit/8335f0c73cb2ade7f2bdd5d92ab6b0df1bc14e7a ))
* **dispatcher:** treat --print as non-subcommand Claude session ([#1341 ](https://github.com/kaitranntt/ccs/issues/1341 )) ([fd561b5 ](https://github.com/kaitranntt/ccs/commit/fd561b59bc4b1bd46419848a1babc388d31d5321 ))
* **models-dev:** sanitize models.dev registry entries and harden pricing resolver ([#1345 ](https://github.com/kaitranntt/ccs/issues/1345 )) ([9cd9b79 ](https://github.com/kaitranntt/ccs/commit/9cd9b796caa953e146077d8402971db7a63a2c8f ))
* **pricing:** guard malformed models.dev model entries ([#1344 ](https://github.com/kaitranntt/ccs/issues/1344 )) ([66966f3 ](https://github.com/kaitranntt/ccs/commit/66966f35276556551db52f38af46b5a5f8634c03 ))
* **ui-docs:** remove third-party runtime assets from health report ([#1349 ](https://github.com/kaitranntt/ccs/issues/1349 )) ([58df999 ](https://github.com/kaitranntt/ccs/commit/58df9999db44727695cbc0631f646623eb7e7fb5 ))
### Code Refactoring
* **cliproxy:** remove orphaned bg keepalive wiring ([#1353 ](https://github.com/kaitranntt/ccs/issues/1353 )) ([5d27f10 ](https://github.com/kaitranntt/ccs/commit/5d27f10367f2e869079c6850e8b24aa2b98242f1 )), closes [#1340 ](https://github.com/kaitranntt/ccs/issues/1340 )
2026-05-23 21:46:07 +00:00
aed942f51b
feat(release): promote dev to main — security hardening batch ( #1351 )
...
* fix(cliproxy): disable spoofable default bg keepalive probe (#1340 )
* fix(dispatcher): treat --print as non-subcommand Claude session (#1341 )
* fix(dispatcher): treat --print as non-subcommand Claude session
* style: apply prettier formatting
* fix(dispatcher): correct return type in subcommand detector
getClaudeSubcommandName returns string | null; return false (boolean)
was invalid after dev refactored isClaudeSubcommandInvocation to
delegate to it. Change to return null to preserve the --print safety
fix intent.
* fix(cliproxy): sanitize local port before config regeneration (#1342 )
* fix(pricing): guard malformed models.dev model entries (#1344 )
* fix(pricing): guard malformed models.dev model entries
* style: apply prettier formatting
* fix(codex-quota): guard feature label type in quota windows (#1346 )
* fix(analytics): harden sqlite3 invocation for native Droid usage scan (#1347 )
* fix(analytics): use trusted sqlite3 binary path
* style: apply prettier formatting
* fix(codex-auth): stop spawning powershell in shell detection (#1348 )
* fix(ui-docs): remove third-party runtime assets from health report (#1349 )
* fix(ui-docs): remove third-party runtime assets from health report
* style: apply prettier formatting
* fix(ci): prevent promote-release tag command injection (#1350 )
* chore(release): 8.0.0-dev.1
* fix(models-dev): sanitize models.dev registry entries and harden pricing resolver (#1345 )
* fix(models-dev): sanitize cached model entries before pricing lookup
* style: apply prettier formatting
* chore(release): 8.0.0-dev.2
* refactor(cliproxy): remove orphaned bg keepalive wiring (#1353 )
Red-team review of #1340 found that backgroundProbe / shouldKeepSessionProxiesAlive /
startKeepAliveWatcher and related types were never reachable: the sole caller
(claude-launcher.ts) passed no hasBackgroundWorkerUsingBaseUrl detector, so
backgroundProbe was always undefined and the keepalive branch never executed.
Remove the unreachable scaffold:
- Delete CLAUDE_BG_WORKER_ARGS, hasClaudeBackgroundWorkerUsingBaseUrl{,InProcessList},
shouldKeepSessionProxiesAlive, ShouldKeepSessionProxiesAliveOptions, and the
SessionProxyKeepAliveOptions interface from session-bridge.ts
- Remove the backgroundProbe/startKeepAliveWatcher block and keepalive exit branch
from setupCleanupHandlers; the function now always calls stopSessionResources on
Claude exit
- Remove backgroundKeepAliveBaseUrl wiring from claude-launcher.ts
- Remove the execFileSync import (was only used by the deleted ps-based detector)
- Update test file: remove tests for deleted exports, keep placeholder
A trusted bg-worker detector can be re-added in a future PR if the feature is
actually needed; the keepalive logic in shouldKeepSessionProxiesAlive can be
restored then.
* fix(analytics): support sqlite3 path resolution on Windows and NixOS (#1354 )
- Add CCS_SQLITE_BIN env-var override; validated with fs.realpathSync so
symlinks are fully resolved before prefix check
- Reject any override whose realpath does not start under a trusted system
prefix (prevents PATH-hijack reintroduction from #1347 )
- Add TRUSTED_PREFIX_UNIX covering /nix/store/, /opt/local/ (MacPorts),
/snap/, /run/current-system/ in addition to existing /usr/* and
/opt/homebrew/ entries
- Add TRUSTED_PREFIX_WINDOWS covering Program Files, System32, and the
Chocolatey managed bin dir (no canonical winget/Scoop path exists)
- Keep TRUSTED_SQLITE_PATHS_WINDOWS empty — Windows users set CCS_SQLITE_BIN
- Pass env as optional third param to querySqliteJson (backward compatible)
- Add 16-test suite covering env-var acceptance, /tmp rejection, symlink
traversal, NixOS paths, MacPorts, Windows fallback, and prefix safety
* fix(dispatcher): also treat -p as non-subcommand short for --print (#1352 )
Red-team follow-up to #1341 : the original fix only guarded --print but
Claude accepts -p as the short form, and CCS itself passes -p in
headless-executor.ts. Without this check the security bypass survived
via the short flag.
Added regression tests: ['-p', 'agents'], ['-p', 'doctor'], ['-p']
alone, and injector short-circuit verification for -p form.
* chore(release): 8.0.0-dev.3
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-05-23 17:42:54 -04:00
github-actions[bot]
e1f58246a4
chore(release): 8.0.0-dev.3
2026-05-23 21:38:19 +00:00
Kai (Tam Nhu) Tran and GitHub
8335f0c73c
fix(dispatcher): also treat -p as non-subcommand short for --print ( #1352 )
...
Red-team follow-up to #1341 : the original fix only guarded --print but
Claude accepts -p as the short form, and CCS itself passes -p in
headless-executor.ts. Without this check the security bypass survived
via the short flag.
Added regression tests: ['-p', 'agents'], ['-p', 'doctor'], ['-p']
alone, and injector short-circuit verification for -p form.
2026-05-23 17:33:38 -04:00
Kai (Tam Nhu) Tran and GitHub
9a420988bc
fix(analytics): support sqlite3 path resolution on Windows and NixOS ( #1354 )
...
- Add CCS_SQLITE_BIN env-var override; validated with fs.realpathSync so
symlinks are fully resolved before prefix check
- Reject any override whose realpath does not start under a trusted system
prefix (prevents PATH-hijack reintroduction from #1347 )
- Add TRUSTED_PREFIX_UNIX covering /nix/store/, /opt/local/ (MacPorts),
/snap/, /run/current-system/ in addition to existing /usr/* and
/opt/homebrew/ entries
- Add TRUSTED_PREFIX_WINDOWS covering Program Files, System32, and the
Chocolatey managed bin dir (no canonical winget/Scoop path exists)
- Keep TRUSTED_SQLITE_PATHS_WINDOWS empty — Windows users set CCS_SQLITE_BIN
- Pass env as optional third param to querySqliteJson (backward compatible)
- Add 16-test suite covering env-var acceptance, /tmp rejection, symlink
traversal, NixOS paths, MacPorts, Windows fallback, and prefix safety
2026-05-23 17:29:52 -04:00
Kai (Tam Nhu) Tran and GitHub
5d27f10367
refactor(cliproxy): remove orphaned bg keepalive wiring ( #1353 )
...
Red-team review of #1340 found that backgroundProbe / shouldKeepSessionProxiesAlive /
startKeepAliveWatcher and related types were never reachable: the sole caller
(claude-launcher.ts) passed no hasBackgroundWorkerUsingBaseUrl detector, so
backgroundProbe was always undefined and the keepalive branch never executed.
Remove the unreachable scaffold:
- Delete CLAUDE_BG_WORKER_ARGS, hasClaudeBackgroundWorkerUsingBaseUrl{,InProcessList},
shouldKeepSessionProxiesAlive, ShouldKeepSessionProxiesAliveOptions, and the
SessionProxyKeepAliveOptions interface from session-bridge.ts
- Remove the backgroundProbe/startKeepAliveWatcher block and keepalive exit branch
from setupCleanupHandlers; the function now always calls stopSessionResources on
Claude exit
- Remove backgroundKeepAliveBaseUrl wiring from claude-launcher.ts
- Remove the execFileSync import (was only used by the deleted ps-based detector)
- Update test file: remove tests for deleted exports, keep placeholder
A trusted bg-worker detector can be re-added in a future PR if the feature is
actually needed; the keepalive logic in shouldKeepSessionProxiesAlive can be
restored then.
2026-05-23 17:29:18 -04:00
github-actions[bot]
348e9ab7f9
chore(release): 8.0.0-dev.2
2026-05-23 21:07:18 +00:00
Kai (Tam Nhu) Tran and GitHub
9cd9b796ca
fix(models-dev): sanitize models.dev registry entries and harden pricing resolver ( #1345 )
...
* fix(models-dev): sanitize cached model entries before pricing lookup
* style: apply prettier formatting
2026-05-23 17:03:49 -04:00
github-actions[bot]
e2ef66d7d6
chore(release): 8.0.0-dev.1
2026-05-23 21:02:05 +00:00
Kai (Tam Nhu) Tran and GitHub
3b94ec853d
fix(ci): prevent promote-release tag command injection ( #1350 )
2026-05-23 16:57:32 -04:00
Kai (Tam Nhu) Tran and GitHub
58df9999db
fix(ui-docs): remove third-party runtime assets from health report ( #1349 )
...
* fix(ui-docs): remove third-party runtime assets from health report
* style: apply prettier formatting
2026-05-23 16:57:08 -04:00
Kai (Tam Nhu) Tran and GitHub
825efb8b10
fix(codex-auth): stop spawning powershell in shell detection ( #1348 )
2026-05-23 16:56:44 -04:00
Kai (Tam Nhu) Tran and GitHub
469c9ffde4
fix(analytics): harden sqlite3 invocation for native Droid usage scan ( #1347 )
...
* fix(analytics): use trusted sqlite3 binary path
* style: apply prettier formatting
2026-05-23 16:56:20 -04:00
Kai (Tam Nhu) Tran and GitHub
b71fe5dd6e
fix(codex-quota): guard feature label type in quota windows ( #1346 )
2026-05-23 16:55:55 -04:00
Kai (Tam Nhu) Tran and GitHub
66966f3527
fix(pricing): guard malformed models.dev model entries ( #1344 )
...
* fix(pricing): guard malformed models.dev model entries
* style: apply prettier formatting
2026-05-23 16:55:05 -04:00
Kai (Tam Nhu) Tran and GitHub
af7aa0c2dd
fix(cliproxy): sanitize local port before config regeneration ( #1342 )
2026-05-23 16:54:48 -04:00
Kai (Tam Nhu) Tran and GitHub
fd561b59bc
fix(dispatcher): treat --print as non-subcommand Claude session ( #1341 )
...
* fix(dispatcher): treat --print as non-subcommand Claude session
* style: apply prettier formatting
* fix(dispatcher): correct return type in subcommand detector
getClaudeSubcommandName returns string | null; return false (boolean)
was invalid after dev refactored isClaudeSubcommandInvocation to
delegate to it. Change to return null to preserve the --print safety
fix intent.
2026-05-23 16:54:30 -04:00
Kai (Tam Nhu) Tran and GitHub
f0ec820054
fix(cliproxy): disable spoofable default bg keepalive probe ( #1340 )
2026-05-23 16:54:13 -04:00
semantic-release-bot
7f904c86bf
chore(release): 8.0.0 [skip ci]
...
## [8.0.0](https://github.com/kaitranntt/ccs/compare/v7.79.1...v8.0.0 ) (2026-05-23)
### ⚠ BREAKING CHANGES
* **release:** decouple npm @latest from Docker rc.1 soak (REV11) (#1277 )
### Features
* add OAuth paste-callback traceability ([1af6625 ](https://github.com/kaitranntt/ccs/commit/1af6625f5c403a15410906f5a0ee459c2699a57c ))
* **ci:** sunset legacy dashboard image publishing ([9f6e64f ](https://github.com/kaitranntt/ccs/commit/9f6e64fd39e3c1c42280676681120aaaeb5cb439 ))
* **codex-auth:** add ccsx auth CLI subcommands (create/login/switch/use/show/remove) ([bf92645 ](https://github.com/kaitranntt/ccs/commit/bf92645b35b48fe844ebe4303dfef5d4312c390a ))
* **codex-auth:** add dashboard Auth Profiles tab + GET /api/codex/profiles ([e99c461 ](https://github.com/kaitranntt/ccs/commit/e99c4612a85c4f8500f52f6d76b5e55d4fe00e55 ))
* **codex-auth:** add import-default migration + integration tests + docs ([631c799 ](https://github.com/kaitranntt/ccs/commit/631c7993228c30ba29f326f543462beb9a124294 ))
* **codex-auth:** add profile registry + storage foundation ([358b703 ](https://github.com/kaitranntt/ccs/commit/358b703d984cb16f0f7473a2a7bd171f2aa0e43e ))
* **codex-auth:** wire ccsx bin router + ccsxp scope notice ([8c604a0 ](https://github.com/kaitranntt/ccs/commit/8c604a040ff4aab2f00a87c28ec20c62e8191875 ))
* **dashboard:** add Korean language support ([8ad7653 ](https://github.com/kaitranntt/ccs/commit/8ad7653a2e4015e19c37bddbaddc44cc5cd348fd )), closes [#1206 ](https://github.com/kaitranntt/ccs/issues/1206 ) [#1241 ](https://github.com/kaitranntt/ccs/issues/1241 )
* **docker:** canonical compose.yaml + smoke-test (P2 of [#1251 ](https://github.com/kaitranntt/ccs/issues/1251 )) ([#1258 ](https://github.com/kaitranntt/ccs/issues/1258 )) ([fbaac6a ](https://github.com/kaitranntt/ccs/commit/fbaac6a9ba96fb61155248bedd59e2312ad972aa ))
* **docker:** publish ccs:latest + ccs:full integrated images (P1 of [#1251 ](https://github.com/kaitranntt/ccs/issues/1251 )) ([#1257 ](https://github.com/kaitranntt/ccs/issues/1257 )) ([d558cd2 ](https://github.com/kaitranntt/ccs/commit/d558cd2e36c1d4974e35ebc554ac3478c4570ce8 ))
* **docker:** zero-install Docker UX — ccs:latest, ccs:full, canonical compose, ccs-net contract ([#1251 ](https://github.com/kaitranntt/ccs/issues/1251 )) ([#1261 ](https://github.com/kaitranntt/ccs/issues/1261 )) ([9aa854b ](https://github.com/kaitranntt/ccs/commit/9aa854bc59bb3735c4a7eaf60b1451f710f86b5d ))
* filter analytics by profile ([f1d655e ](https://github.com/kaitranntt/ccs/commit/f1d655e4257a035f1e0910d88d0748002842e0df ))
* report permission mode persist receipt status ([3dc1810 ](https://github.com/kaitranntt/ccs/commit/3dc1810540050abb8c23c48ab827e8d3e9966959 ))
* share stale Codex translator path scanner ([46d73ae ](https://github.com/kaitranntt/ccs/commit/46d73ae79f57f799719d07fc0d4a690db4353cb5 ))
* support minimal codex effort aliases ([6569eed ](https://github.com/kaitranntt/ccs/commit/6569eed15b99f85cf32db15d7a6fbd57b001b326 ))
### Bug Fixes
* address reviewer findings round 2 ([#1261 ](https://github.com/kaitranntt/ccs/issues/1261 ) loop 2) ([#1272 ](https://github.com/kaitranntt/ccs/issues/1272 )) ([adf5a83 ](https://github.com/kaitranntt/ccs/commit/adf5a836fc548d0c874e20aa79bbcf03b6c64fa6 ))
* address upstream reviewer findings + failing CI checks ([#1261 ](https://github.com/kaitranntt/ccs/issues/1261 ) loop 1) ([#1271 ](https://github.com/kaitranntt/ccs/issues/1271 )) ([7800474 ](https://github.com/kaitranntt/ccs/commit/78004746bec22a01876ea083fd754d63f6bafe73 )), closes [#1260 ](https://github.com/kaitranntt/ccs/issues/1260 )
* **browser:** block sensitive header intercept matchers ([a864864 ](https://github.com/kaitranntt/ccs/commit/a86486497b9cc75970c266929fbcd7a274bc1b18 )), closes [#1294 ](https://github.com/kaitranntt/ccs/issues/1294 )
* **browser:** gate response fulfillment opt-in ([538b644 ](https://github.com/kaitranntt/ccs/commit/538b6444ff5cdf5109ab15ccc202baec27bff916 )), closes [#1295 ](https://github.com/kaitranntt/ccs/issues/1295 )
* **browser:** redact observed event URLs ([9a2a1dd ](https://github.com/kaitranntt/ccs/commit/9a2a1dde31662051d7b0d7b686cc5b6a56af2156 )), closes [#1296 ](https://github.com/kaitranntt/ccs/issues/1296 )
* **browser:** stop recorder leaking sensitive input ([8051f16 ](https://github.com/kaitranntt/ccs/commit/8051f1614b7dfa3b90eddc0c93eaa14af0138cd0 )), closes [#1293 ](https://github.com/kaitranntt/ccs/issues/1293 )
* **ci:** reviewer loop 6 — REV12 compose image parsing, REV13 fork bypass, REV14 :full audit ([#1278 ](https://github.com/kaitranntt/ccs/issues/1278 )) ([e7ce699 ](https://github.com/kaitranntt/ccs/commit/e7ce699dc25683b5a9a9b3fe345a8a87a823225b ))
* **ci:** smoke-test failure check + relax service-key guard (REV9, REV10) ([#1276 ](https://github.com/kaitranntt/ccs/issues/1276 )) ([1f736b2 ](https://github.com/kaitranntt/ccs/commit/1f736b2da9c815cabac36e4b76883ef8a6b1a5cf ))
* **cliproxy:** bound Claude quota error-body reads and preserve timeout ([2f50fe3 ](https://github.com/kaitranntt/ccs/commit/2f50fe393dfb0ce2cf2d27588948e5e93e4b3a88 )), closes [#1300 ](https://github.com/kaitranntt/ccs/issues/1300 )
* **cliproxy:** cap oauth log parsing size in stats fallback ([b7ba3c7 ](https://github.com/kaitranntt/ccs/commit/b7ba3c743f3335a84b8476b151763be55688c15e )), closes [#1292 ](https://github.com/kaitranntt/ccs/issues/1292 )
* **cliproxy:** harden oauth trace snippet redaction ([29eebff ](https://github.com/kaitranntt/ccs/commit/29eebff7c50c7287630339358989b4a095b95ebb ))
* **cliproxy:** redact AI provider header secrets ([#1268 ](https://github.com/kaitranntt/ccs/issues/1268 )) ([ece43fc ](https://github.com/kaitranntt/ccs/commit/ece43fc30e735c385098cd20350cb7b4bf9568f9 ))
* **cliproxy:** redact token-like oauth trace snippets ([a526eb4 ](https://github.com/kaitranntt/ccs/commit/a526eb469aea22b7fe47baa4d2b9663ca9c1a876 ))
* **codex-auth:** address persistent review focus ([e461c7a ](https://github.com/kaitranntt/ccs/commit/e461c7a67e1500e28a7fa8266cd90b80212c760b ))
* **codex-auth:** address review focus areas ([211e51b ](https://github.com/kaitranntt/ccs/commit/211e51b94914a25f1f5e4c4ba95dffadef94f94c ))
* **codex-auth:** close local review gaps ([8552101 ](https://github.com/kaitranntt/ccs/commit/85521018bf29696460f07610661cbad878de69b6 ))
* **codex-auth:** close remaining review gaps ([5c79df4 ](https://github.com/kaitranntt/ccs/commit/5c79df4311de16dbc25eade6e124f201ad26917c ))
* **codex-auth:** fail closed on registry corruption ([2cd2d43 ](https://github.com/kaitranntt/ccs/commit/2cd2d43186afc64abe7e8cb8e54c6a8907b9fa60 ))
* **codex-auth:** fail fast on missing active profile ([08fe63c ](https://github.com/kaitranntt/ccs/commit/08fe63c6262cac61ce241ce573b107539997281e ))
* **codex-auth:** harden profile review findings ([a3fe2c6 ](https://github.com/kaitranntt/ccs/commit/a3fe2c63d8fefe533e5e2a85dc1cbfddf45cd7f7 ))
* **codex-auth:** harden registry fail-closed paths ([81c4acc ](https://github.com/kaitranntt/ccs/commit/81c4acc73a50a041c54e0523808f9233b826a526 ))
* **codex-auth:** reject stray profile args ([c90b3cb ](https://github.com/kaitranntt/ccs/commit/c90b3cb9da0e25ca119cbd92000d62aef708cd90 ))
* **codex-auth:** remove unused React import causing UI build failure ([4e7d648 ](https://github.com/kaitranntt/ccs/commit/4e7d648967eeec8ab8d74a511f4dce95d965d8d9 ))
* **codex-auth:** surface registry corruption ([54738e8 ](https://github.com/kaitranntt/ccs/commit/54738e88f78bc3a38bc985daad8a723276347693 ))
* **codex:** normalize native cliproxy tuning aliases ([#1254 ](https://github.com/kaitranntt/ccs/issues/1254 )) ([609bed0 ](https://github.com/kaitranntt/ccs/commit/609bed0c39551ccdafea6a8de5d9f4cc38eca01f ))
* **codex:** pass ccsx resume through to native codex ([5a54c1b ](https://github.com/kaitranntt/ccs/commit/5a54c1b536fe228c29754ed20be81149d51be4da )), closes [#1287 ](https://github.com/kaitranntt/ccs/issues/1287 )
* **codex:** pass native ccsx subcommands through ([#1290 ](https://github.com/kaitranntt/ccs/issues/1290 )) ([8a37578 ](https://github.com/kaitranntt/ccs/commit/8a375787025b434a5415d5ffac9df919e13139f4 ))
* **codex:** preserve custom ccsxp cliproxy base URLs ([d68ee37 ](https://github.com/kaitranntt/ccs/commit/d68ee37590f8de7d77c5d7e26cfbe5dd3647ae83 )), closes [#1281 ](https://github.com/kaitranntt/ccs/issues/1281 )
* **dispatcher:** preserve --permission-mode for `claude agents` subcommand ([ef4b746 ](https://github.com/kaitranntt/ccs/commit/ef4b746876412cafaddb8745d243fb31887abcde ))
* **docker:** apply red-team findings — drop :full, rc.1 soak, healthcheck, signing ([#1251 ](https://github.com/kaitranntt/ccs/issues/1251 )) ([#1262 ](https://github.com/kaitranntt/ccs/issues/1262 )) ([107b5b5 ](https://github.com/kaitranntt/ccs/commit/107b5b5db49e19369b02324b6bf87322671a9afd ))
* **docker:** harden integrated service exposure ([857dac8 ](https://github.com/kaitranntt/ccs/commit/857dac8751a759483a03e05247d711e3992dddb1 )), closes [#1291 ](https://github.com/kaitranntt/ccs/issues/1291 )
* ensure dashboard cliproxy restart waits for recovery ([fc5851e ](https://github.com/kaitranntt/ccs/commit/fc5851e3a24a30437a07ed82546a61186ac56379 ))
* **logging:** redact CLI argv in lifecycle start logs ([100308a ](https://github.com/kaitranntt/ccs/commit/100308a3cfb05673c65c4703f8d183cccfdf5d97 )), closes [#1297 ](https://github.com/kaitranntt/ccs/issues/1297 )
* mask Docker key rotation banner ([bbcf9e8 ](https://github.com/kaitranntt/ccs/commit/bbcf9e8b156301ce3ec74decc7e650c6d0ea2df7 ))
* normalize ccsxp codex model flag aliases ([6bc04de ](https://github.com/kaitranntt/ccs/commit/6bc04dee97eb7a816912b840d1961b4ff1481ece ))
* pause exhausted CLIProxy rotation accounts ([923bfee ](https://github.com/kaitranntt/ccs/commit/923bfee6fa2e890a42575e3f9327ee058dae40ff )), closes [#1337 ](https://github.com/kaitranntt/ccs/issues/1337 )
* **persist:** block codex claude settings bridge ([3b20164 ](https://github.com/kaitranntt/ccs/commit/3b2016462a249ead3ce540229f941eada27b8ff1 ))
* **persist:** print recovery receipt after settings write ([#1302 ](https://github.com/kaitranntt/ccs/issues/1302 )) ([67fe6d9 ](https://github.com/kaitranntt/ccs/commit/67fe6d9c7f832b561e7ab62ef00729b020e33a56 ))
* preserve Docker legacy API key during rotation ([30971eb ](https://github.com/kaitranntt/ccs/commit/30971ebb281e3afaf7e7668f346c6abf30c7c8e0 ))
* prevent Docker dashboard from orphaning CLIProxy ([acf9fd6 ](https://github.com/kaitranntt/ccs/commit/acf9fd690a17878733150cfe0a4609aa09aed014 ))
* **proxy:** require owned daemon PID before reusing legacy/profile proxy session ([fa31bea ](https://github.com/kaitranntt/ccs/commit/fa31bea6722afa35e0fcce3f20522c0586b6313e )), closes [#1298 ](https://github.com/kaitranntt/ccs/issues/1298 )
* **proxy:** scope insecure TLS to routed profile ([2447813 ](https://github.com/kaitranntt/ccs/commit/24478135dc255f49ab10a89c00bbb5f6830dcfb2 )), closes [#1299 ](https://github.com/kaitranntt/ccs/issues/1299 )
* redact Codex diagnostics metadata ([e2f2c7d ](https://github.com/kaitranntt/ccs/commit/e2f2c7dc2e743a758ec04faacaf242a15612a25f ))
* **release:** decouple npm [@latest](https://github.com/latest ) from Docker rc.1 soak (REV11) ([#1277 ](https://github.com/kaitranntt/ccs/issues/1277 )) ([4e9c14b ](https://github.com/kaitranntt/ccs/commit/4e9c14b64ab8218a411f868272900b1ee8d4b80c ))
* repair ccsx codex profile resources ([37a1452 ](https://github.com/kaitranntt/ccs/commit/37a14525cc24b8709261eca0bdcf81a1e289be45 ))
* resolve ccsx auth profiles before CCS profiles ([f667628 ](https://github.com/kaitranntt/ccs/commit/f667628411cc38ad3938d262907a0805e6ae6a37 ))
* **security:** reject 127-prefixed websocket origins ([#1263 ](https://github.com/kaitranntt/ccs/issues/1263 )) ([14cbe8f ](https://github.com/kaitranntt/ccs/commit/14cbe8fb671c8247adeeeedeba02044e85c2865a ))
* **security:** require localhost for Claude extension `/setup` when dashboard auth is disabled ([#1270 ](https://github.com/kaitranntt/ccs/issues/1270 )) ([db175b6 ](https://github.com/kaitranntt/ccs/commit/db175b6807c72f902b358591e609a53764424d5d ))
* tighten parity check + catch service-key rename ([#1261 ](https://github.com/kaitranntt/ccs/issues/1261 ) loop 3) ([#1274 ](https://github.com/kaitranntt/ccs/issues/1274 )) ([a4e16e0 ](https://github.com/kaitranntt/ccs/commit/a4e16e0b09647392434e98837b8866b1f27eaaaf ))
* treat remote-control as a Claude subcommand ([db4b938 ](https://github.com/kaitranntt/ccs/commit/db4b938c0ee4bcb9cdf1d68be61036409eebb33b ))
* **ui:** handle TOML triple-quotes in arrays and AST-aware JSON keys ([15a1faf ](https://github.com/kaitranntt/ccs/commit/15a1faf3abbb4980f43dfd54ce46fe9afbc93faf )), closes [#1248 ](https://github.com/kaitranntt/ccs/issues/1248 )
* **ui:** honor TOML quoted keys and escaped quotes in sensitive masking ([bac51ce ](https://github.com/kaitranntt/ccs/commit/bac51ce1ff36ba8ae6037e9cb50c781bc483f87d ))
* **ui:** make codex config.toml viewer selectable ([420494e ](https://github.com/kaitranntt/ccs/commit/420494e0e01f7f0c02266e5ed20c3abd84db29fe )), closes [#1247 ](https://github.com/kaitranntt/ccs/issues/1247 )
* **ui:** mask multi-line sensitive values in CodeEditor ([eefb762 ](https://github.com/kaitranntt/ccs/commit/eefb76214e17cefa5377cd9fe58554f167e730a6 ))
* **ui:** skip TOML comments when scanning sensitive array values ([a633ee0 ](https://github.com/kaitranntt/ccs/commit/a633ee0af45804f888beb2f33cc00d74ffbb4ef7 )), closes [#1248 ](https://github.com/kaitranntt/ccs/issues/1248 )
* **websearch:** avoid shell for legacy CLI fallbacks ([#1267 ](https://github.com/kaitranntt/ccs/issues/1267 )) ([2115742 ](https://github.com/kaitranntt/ccs/commit/2115742cafa9497e5a2eaa1564b5b3d0dad7a3ae ))
### Documentation
* **ci:** clarify rc.1 soak and :full removal as intentional design ([#1261 ](https://github.com/kaitranntt/ccs/issues/1261 )) ([#1279 ](https://github.com/kaitranntt/ccs/issues/1279 )) ([d2f7d3f ](https://github.com/kaitranntt/ccs/commit/d2f7d3f407b2b3d5944e7ceea90a75c6f87cf93d ))
* **docker:** document ccs-net contract for sibling containers ([#1259 ](https://github.com/kaitranntt/ccs/issues/1259 )) ([28f08cb ](https://github.com/kaitranntt/ccs/commit/28f08cbb50c70fab5cf8740294ed39a85042f236 ))
* **docker:** P3 — hoist two-command quickstart, restructure docker/README, add parity CI ([#1260 ](https://github.com/kaitranntt/ccs/issues/1260 )) ([b50c2db ](https://github.com/kaitranntt/ccs/commit/b50c2db3ce567885765918fe9344820f5dfbea5a ))
* sync agent guide with AGENTS ([b123d41 ](https://github.com/kaitranntt/ccs/commit/b123d415906d0d37013df497596defefa8715902 ))
### Code Refactoring
* **docker:** drop Bun from runtime stage; generate npm lockfile in build stage ([#1256 ](https://github.com/kaitranntt/ccs/issues/1256 )) ([775f438 ](https://github.com/kaitranntt/ccs/commit/775f438d78bd45358a38f5b8d2bfca86e005e2e4 ))
### Performance Improvements
* **ui:** tighten sensitive-mask decoration scope and reveal selector ([f404e52 ](https://github.com/kaitranntt/ccs/commit/f404e524392d333f0cba82c4c8c717cd68f2323e )), closes [#1248 ](https://github.com/kaitranntt/ccs/issues/1248 )
### Tests
* avoid fixed image analyzer e2e port ([c81ea20 ](https://github.com/kaitranntt/ccs/commit/c81ea20e446d641568820d2e878642005832915b ))
* cover agents permission-mode passthrough ([e0f43b8 ](https://github.com/kaitranntt/ccs/commit/e0f43b88c219ba2d08fae8470b69a272012320c5 ))
2026-05-23 18:57:40 +00:00
Kai (Tam Nhu) Tran and GitHub
8c8c22a6b6
Merge pull request #1343 from kaitranntt/dev
...
feat(release): promote dev to main
2026-05-23 14:54:26 -04:00
github-actions[bot]
9b1aa35d6b
chore(release): 7.79.1-dev.42
2026-05-23 04:12:23 +00:00
Kai (Tam Nhu) Tran and GitHub
923bfee6fa
fix: pause exhausted CLIProxy rotation accounts
...
Refs #1337
2026-05-23 00:08:53 -04:00
github-actions[bot]
9e5729d3f4
chore(release): 7.79.1-dev.41
2026-05-22 21:13:42 +00:00
Kai (Tam Nhu) Tran and GitHub
b77a58a02a
Merge pull request #1336 from kaitranntt/kai/fix/1335-banner-mask
...
fix(docker): mask key rotation banner output
2026-05-22 17:10:06 -04:00
Tam Nhu Tran
bbcf9e8b15
fix: mask Docker key rotation banner
2026-05-22 17:04:19 -04:00
github-actions[bot]
72688b6eff
chore(release): 7.79.1-dev.40
2026-05-22 20:58:15 +00:00
Kai (Tam Nhu) Tran and GitHub
460a213c45
Merge pull request #1334 from kaitranntt/kai/fix/1331-docker-api-key-rotation
...
fix: preserve Docker CLIProxy API key compatibility
2026-05-22 16:54:38 -04:00
Tam Nhu Tran
30971ebb28
fix: preserve Docker legacy API key during rotation
2026-05-22 16:49:16 -04:00
github-actions[bot]
6088ebaa09
chore(release): 7.79.1-dev.39
2026-05-22 20:44:08 +00:00
Kai (Tam Nhu) Tran and GitHub
c382fe959e
Merge pull request #1333 from kaitranntt/kai/fix/1332-ccsx-codex-profile-resources
...
fix: repair ccsx codex profile resources
2026-05-22 16:40:44 -04:00
Tam Nhu Tran
37a14525cc
fix: repair ccsx codex profile resources
2026-05-22 16:27:00 -04:00
github-actions[bot]
17e221ac2c
chore(release): 7.79.1-dev.38
2026-05-22 20:05:49 +00:00
Kai (Tam Nhu) Tran and GitHub
612dcf58c1
Merge pull request #1330 from kaitranntt/kai/fix/ccsx-auth-profile-resolution
...
fix: resolve ccsx auth profiles before CCS profiles
2026-05-22 16:02:20 -04:00
Tam Nhu Tran
f667628411
fix: resolve ccsx auth profiles before CCS profiles
2026-05-22 15:54:55 -04:00
github-actions[bot]
921657097c
chore(release): 7.79.1-dev.37
2026-05-22 19:48:21 +00:00
Kai (Tam Nhu) Tran and GitHub
0154c9cc64
Merge pull request #1328 from kaitranntt/kai/fix/1306-remote-control-passthrough
...
fix: treat remote-control as a Claude subcommand
2026-05-22 15:44:55 -04:00
Tam Nhu Tran
db4b938c0e
fix: treat remote-control as a Claude subcommand
2026-05-22 15:39:15 -04:00
github-actions[bot]
cb7ab4eb6f
chore(release): 7.79.1-dev.36
2026-05-22 18:41:53 +00:00
Kai (Tam Nhu) Tran and GitHub
f8df18a99b
Merge pull request #1327 from kaitranntt/kai/feat/1266-dashboard-sunset-guard
...
feat(ci): sunset legacy dashboard image publishing
2026-05-22 14:38:25 -04:00
github-actions[bot]
f0b916dd80
chore(release): 7.79.1-dev.35
2026-05-22 18:32:12 +00:00
Kai (Tam Nhu) Tran and GitHub
c158fe5c8f
Merge pull request #1326 from kaitranntt/kai/feat/1207-oauth-paste-traceability
...
feat: extend OAuth paste-callback traceability
2026-05-22 14:28:35 -04:00