Commit Graph
42 Commits
Author SHA1 Message Date
Kai (Tam Nhu) TranandGitHub 2115742caf fix(websearch): avoid shell for legacy CLI fallbacks (#1267)
* fix(websearch): avoid shell for legacy CLI fallbacks

* style: apply prettier formatting
2026-05-16 13:58:52 -04:00
Kai (Tam Nhu) TranandGitHub 40300c286e fix(security): constrain image fallback hook to workspace (#1232) 2026-05-12 18:13:32 -04:00
Tam Nhu Tran 8b553c35c1 fix(websearch): harden searxng url handling 2026-04-12 06:31:20 -04:00
buiducnhat eec8c8b4a3 feat(websearch): add SearXNG provider support and configuration
- Updated websearch.md to include SearXNG in the configuration guide.
- Implemented SearXNG JSON API integration in websearch-transformer.cjs.
- Enhanced unified-config-loader.ts to support SearXNG settings.
- Defined SearXNG configuration types in unified-config-types.ts.
- Updated hook-env.ts to manage SearXNG environment variables.
- Modified status.ts to include SearXNG in web search provider checks.
- Added SearXNG routes and validation in websearch-routes.ts.
- Implemented SearXNG provider tests in websearch-transformer.test.ts.
- Updated readiness tests to account for SearXNG in status.test.ts.
- Enhanced websearch routes tests to validate SearXNG settings.
- Added SearXNG configuration fields in the UI settings.
2026-04-11 16:43:59 +07:00
Tam Nhu Tran 64ecd8b3dc feat(image-analysis): make MCP-first provisioning self-healing 2026-04-08 13:36:05 -04:00
Tam Nhu Tran a33d3f4481 fix: classify DuckDuckGo non-result HTML as failure 2026-04-04 13:05:31 -04:00
Tam Nhu Tran 77b488f8b1 fix(image-analysis): harden runtime and provisioning 2026-04-02 18:36:19 -04:00
Tam Nhu Tran 813b2dd4d0 feat(image-analysis): add provider-backed runtime 2026-04-02 15:44:13 -04:00
Tam Nhu Tran 7f83e041b7 feat(websearch): add managed mcp runtime and provider cooldowns
- switch ccs-websearch MCP to stdio-first framing and keep legacy compatibility

- add cooldown persistence and bounded retries for provider failures

- surface cooldown status in readiness output and regression tests
2026-03-31 14:22:11 -04:00
Tam Nhu Tran cae5b710b8 fix(websearch): close review gaps in managed runtime 2026-03-30 23:02:20 -04:00
Tam Nhu Tran de7171d810 feat(websearch): finish managed third-party rollout
- steer third-party launches toward the managed WebSearch MCP tool

- add opt-in trace diagnostics across launch, MCP, provider, and headless paths

- extend docs and regression coverage for the first-class runtime

Refs #862
2026-03-30 22:41:51 -04:00
Tam Nhu Tran e260df7178 feat: add first-class CCS WebSearch runtime 2026-03-30 16:10:39 -04:00
Tam Nhu Tran a5d71e3560 fix: normalize websearch hook output for local providers 2026-03-30 15:10:30 -04:00
Tam Nhu Tran 6c7d215ecc feat(websearch): add real provider chain 2026-03-23 15:26:05 -04:00
Tam Nhu Tran 50973752ba test(hooks): add image analyzer regression coverage 2026-03-07 14:50:39 +07:00
Brian Le 0060c77c25 fix(hooks): handle thinking blocks in image analyzer response parsing
When models have thinking enabled (e.g. codex with thinking: auto), the
API returns content as [{ type: 'thinking', thinking: '...' }, { type:
'text', text: '...' }]. The hook reads content[0].text which is
undefined for thinking blocks, causing 'No text content in response'
errors that block the Read tool (exit 2).

Also fix cross-provider model fallback: getModelsToTry() unconditionally
appends DEFAULT_MODEL (gemini-2.5-flash) as retry, which 502s on
non-gemini provider routes (e.g. codex). Only use DEFAULT_MODEL when no
provider-specific model is configured.

Fixes: content[0].text -> content.find(b => b.type === 'text')
Fixes: cross-provider retry causing 'unknown provider' 502
Ref: #511
2026-03-04 00:29:17 -05:00
Tam Nhu Tran 0d09604bb9 fix(websearch): support Gemini positional prompt mode 2026-02-26 22:12:16 +07:00
Kai (Tam Nhu) TranGitHubgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>
051805074e feat: account safety, quota monitoring, and stability fixes (#530)
* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names (#515)

* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names

CLIProxyAPI registry no longer recognizes the gemini-claude-* prefix convention.
Model names in catalog, base config, and user settings are migrated to upstream
claude-* names. Auto-migration in env-builder rewrites existing user settings on
load and persists the change.

Closes #513

* fix: address code review feedback — sync UI layer and add migration tests

- Sync UI isNativeGeminiModel() with backend (remove gemini-claude- exclusion)
- Update UI model catalog agy entries from gemini-claude-* to claude-*
- Update CI/CD workflow and code-reviewer default model names
- Add unit tests for migrateDeprecatedModelNames() logic

* fix(hooks): isolate image type check before error-prone processing (#514)

* fix(hooks): isolate image type check before error-prone processing

Restructure processHook() into two phases so non-image Read calls
never see hook error messages. Phase 1 defensively checks tool name
and file extension, exiting 0 silently on any failure. Phase 2 only
runs for confirmed image/PDF files where errors are relevant.

Closes #511

* fix(hooks): sync image analyzer hook file on every profile launch

Add installImageAnalyzerHook() call to cliproxy executor, matching
the existing installWebSearchHook() pattern. This ensures the .cjs
file in ~/.ccs/hooks/ gets refreshed from the npm package on every
launch, so users receive hook updates after npm update.

* chore(release): 7.41.0-dev.1 [skip ci]

* fix(cliproxy): add fork:true for Claude model aliases in config generator (#523)

Config generator now outputs fork:true for Claude model alias entries,
ensuring both upstream (claude-*) and aliased (gemini-claude-*) model
names appear in /v1/models listings. Also preserves fork flag when
parsing user-added aliases during config regeneration.

Bumps config version to v7 to trigger regeneration on next ccs doctor.

Closes #522

* chore(release): 7.41.0-dev.2 [skip ci]

* feat(cliproxy): add account safety guards to prevent Google account bans (#516)

* feat(cliproxy): add account safety guards to prevent Google account bans

Implements cross-provider isolation to prevent Google from flagging
concurrent OAuth usage across different client IDs (ref: #509, #512).

Three pillars:
1. Auto-pause enforcement at session launch — conflicting accounts in
   other Google OAuth providers are paused so CLIProxyAPI can't use them,
   restored on session exit with crash recovery via auto-paused.json
2. Ban/disable detection — error responses matching Google ban patterns
   auto-pause the affected account to prevent further damage
3. Cross-provider conflict warnings during OAuth registration

Key design decisions:
- PID-based session tracking for crash recovery (dead PID = restore)
- Timestamp comparison prevents restoring ban-paused accounts on exit
- Schema validation on auto-paused.json prevents corrupted state
- Falls back to warn-only when another session is managing isolation

* fix(cliproxy): address code review feedback (attempt 1/5)

- Re-read auto-paused.json before write in enforceProviderIsolation to
  reduce concurrent write race window
- Use actual email from registry for display instead of raw accountId
- Export maskEmail for testability
- Add 27 unit tests covering ban detection, email masking,
  cross-provider duplicate detection, enforcement lifecycle,
  crash recovery, and timestamp-guarded restore

* fix(cliproxy): address remaining review feedback (attempt 2/5)

- Add handleBanDetection test verifying account pause on ban error
- Add warnCrossProviderDuplicates tests (true/false/non-Google)
- Document PID reuse limitation in isPidAlive JSDoc comment

* chore(release): 7.41.0-dev.3 [skip ci]

* feat(cliproxy): runtime quota monitoring during active sessions (#529)

* feat(cliproxy): add runtime quota monitoring during active sessions

Adds adaptive background quota polling to detect and respond to quota
exhaustion during active CLIProxy sessions. Prevents rate-limit-driven
account bans by auto-cooling exhausted accounts and switching defaults.

- Adaptive polling: 300s normal, 60s at 20% threshold, stops at 0%
- Stderr warnings at 20%, boxed exhaustion alerts at 0%
- Cooldown + default switch on exhaustion (existing patterns)
- Configurable via quota_management.runtime_monitor in config.yaml
- Timer.unref() prevents blocking process exit
- monitorStopped guard for in-flight poll safety

Closes #524

* fix: address code review feedback (attempt 1/5)

- M1: Round quotaPercent display with Math.round() to avoid ugly floats
- M2: Rename exhaust_threshold -> exhaustion_threshold for consistency
  with existing auto.exhaustion_threshold config field
- M3: Replace async not.toThrow() with direct await assertion pattern

* fix: address code review feedback (attempt 2/5)

- Remove .claude/agent-memory/ from tracking and add to .gitignore
- Unify cooldown_minutes default to 5 (was 10 in runtime_monitor, 5 in auto)
- Add threshold validation in startQuotaMonitor (warn > exhaustion)
- Document intentional post-switch monitoring gap in code comment

* chore(release): 7.41.0-dev.4 [skip ci]

* fix(cliproxy): mask email in ban detection and fix JSDoc default

- Use maskEmail() in handleBanDetection output for consistency
- Fix cooldown_minutes JSDoc: default is 5, not 10

* chore(release): 7.41.0-dev.5 [skip ci]

* fix(cliproxy): address all review feedback (Low + informational)

- Add sync constraint comment on process.exit handler (executor)
- Add TOCTOU race acceptability comment (account-safety)
- Mask email in handleQuotaExhaustion reason string
- Use realistic exhaustion_threshold (5) in test configs

* chore(release): 7.41.0-dev.6 [skip ci]

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-12 00:48:29 +07:00
kaitranntt 1201b4bb4b fix(hooks): add network errors to noRetryPatterns, update E2E test
- Add ENOTFOUND, ENETUNREACH, EAI_AGAIN to noRetryPatterns to prevent
  infinite retries on network errors
- Update E2E test to expect exit code 2 (block) when CLIProxy unavailable
- Fix debug message expectation in test
2026-02-04 00:59:10 -05:00
kaitranntt 51b719ef34 refactor(hooks): deprecate block-image-read, add CLIProxy fallback
- Remove redundant block-image-read.cjs hook (image-analyzer handles all)
- Add fallback blocking when CLIProxy unavailable (prevents context overflow)
- Simplify fallback message to prevent context pollution/hallucination
- Remove image-read-block-hook-env.ts and related exports
- Update comments per PR #442 review suggestions
- Add defensive check for empty models array

Closes #426
2026-02-04 00:49:52 -05:00
kaitranntt ae3eb282b4 feat(hooks): add ANTHROPIC_MODEL fallback for image analysis
Model resolution priority:
1. provider_models[current_provider]
2. ANTHROPIC_MODEL from profile settings
3. DEFAULT_MODEL (gemini-2.5-flash)

Allows users to override vision model via profile's ANTHROPIC_MODEL.
2026-02-04 00:19:51 -05:00
kaitranntt cb8de2c8e8 fix(hooks): improve error handling and edge cases for image analysis
- Add empty model string validation in config command

- Add --enable/--disable conflict detection

- Truncate long model names in display (>40 chars)

- Add EACCES/EPERM file permission error handler

- Add filesystem error classification (ENOSPC, EROFS)

- Log config upgrade save failures instead of silent catch
2026-02-03 22:32:49 -05:00
kaitranntt 2b0717ed53 feat(hooks): add UX improvements for image analysis hook
Add comprehensive UX enhancements for the image analysis CLIProxy hook:

- Add `ccs config image-analysis` CLI command for managing settings
  - Enable/disable toggle
  - Timeout configuration (10-600s)
  - Per-provider model configuration
  - Status display with provider models

- Add specialized error handlers with actionable messages
  - File too large (with compression hints)
  - CLIProxy unavailable (with start instructions)
  - Auth failure (with re-auth commands)
  - Timeout (with increase timeout hint)
  - Rate limit (with retry guidance)
  - API error (with response body parsing)

- Add comprehensive debug output (CCS_DEBUG=1)
  - Provider name and model
  - File size and media type
  - Timeout and endpoint
  - Skip reasons with context

- Add help text updates
  - `ccs --help` includes Image Analysis section
  - `ccs config --help` lists image-analysis subcommand

- Add doctor integration
  - Validates image_analysis config
  - Checks enabled status, providers, timeout
  - Warns if CLIProxy not running

- Add unit tests for new config command
2026-02-03 22:14:52 -05:00
kaitranntt 0e7b9c9190 fix(hooks): add edge case validation in image analyzer
- Empty model validation: check `model.trim()` before using
- 10MB boundary: use `>=` instead of `>` for consistent messaging
- Timeout clamping: ensure timeout is between 1-600 seconds
- Response stream error: add error handler for network failures
- Empty response validation: check before JSON.parse to prevent crashes
2026-02-03 21:44:44 -05:00
kaitranntt 40caff13ad refactor(hooks): use provider_models mapping for image analysis
Changes ImageAnalysisConfig from providers array to provider_models
mapping for granular vision model control per CLIProxy provider.

Breaking change: config.yaml image_analysis section now uses
provider_models instead of providers/model fields.

Provider-to-model mappings:
- agy → gemini-2.5-flash
- gemini → gemini-2.5-flash
- codex → gpt-5.1-codex-mini
- kiro → kiro-claude-haiku-4-5
- ghcp → claude-haiku-4.5
- claude → claude-haiku-4-5-20251001

Hook checks CCS_CURRENT_PROVIDER against provider_models and skips
if no vision model configured for that provider.
2026-02-03 21:32:19 -05:00
kaitranntt 70caaa00a0 fix(hooks): improve image analysis output format
Match websearch transformer format:
- Header: [Image Analysis via CLIProxy]
- Metadata: File name, size in KB, model used
- Separator lines for better readability
- Footer instruction for Claude
2026-02-03 20:58:05 -05:00
kaitranntt d5f2acaa6e feat(hooks): add image/PDF analysis via CLIProxy transformer
Intercept Read tool calls for image/PDF files and route through CLIProxy
with gemini-2.5-flash for vision analysis. Returns text descriptions
instead of blocking, enabling Claude to "see" images via proxy.

Key changes:
- Add image-analyzer-transformer.cjs hook script
- Add ImageAnalysisConfig type and loader
- Add hook installer and profile injector
- Add prompt templates for analysis customization
- Add e2e test suite (excluded from normal CI runs)
- Configure test:e2e script for manual testing

Environment variables:
- CCS_IMAGE_ANALYSIS_ENABLED: Enable/disable (default: 1)
- CCS_IMAGE_ANALYSIS_MODEL: Vision model (default: gemini-2.5-flash)
- CCS_IMAGE_ANALYSIS_TIMEOUT: Timeout in seconds (default: 60)
- CCS_CLIPROXY_API_KEY: API key for CLIProxy auth
- CCS_CLIPROXY_PORT: CLIProxy port (default: 8317)

Closes #426
2026-02-03 20:34:05 -05:00
kaitranntt 9f3edc5daf fix(hooks): enable image-read blocking by default for third-party profiles
Match WebSearch hook pattern:
- ENABLED by default for settings/cliproxy profiles
- DISABLED for native Claude accounts (account/default)
- User can override via config: hooks.block_image_read.enabled: false

This ensures CCS CLI users get context protection out-of-the-box
while native Claude subscription users are unaffected.
2026-02-02 19:00:46 -05:00
kaitranntt 38eb74043c feat(hooks): add block-image-read hook to prevent context overflow
Add PreToolUse hook that intercepts Read tool calls on image files
(.png, .jpg, .webp, etc.) and blocks them with helpful message.

This prevents context exhaustion when image generation skills
produce multiple files and the agent tries to read them (each
image can consume 100K+ tokens).

Configuration:
- Enable via config.yaml: hooks.block_image_read.enabled: true
- Or env var: CCS_BLOCK_IMAGE_READ=1

Hook integration:
- lib/hooks/block-image-read.cjs - the hook script
- src/utils/hooks/image-read-block-hook-env.ts - config loader
- Integrated into all spawn locations (ccs.ts, shell-executor,
  cliproxy-executor)

Closes #426
2026-02-02 17:28:21 -05:00
ruan-catandCursor 3c534f48cb fix(websearch): add shell option for Windows spawnSync compatibility
On Windows, globally installed CLI tools via npm/pnpm are .cmd/.bat
batch files, not real .exe executables. Node.js spawnSync() without
the shell option cannot execute these files and returns ENOENT error.

Changes:
- Extract isWindows as a global constant at file top
- Add shell: isWindows to all CLI execution spawnSync calls
- Remove duplicate isWindows declaration in isCliAvailable()

Fixes #378

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-01-28 02:45:22 +08:00
kaitranntt e03d9b7743 fix(websearch): use 'where' command on Windows for CLI detection
Fixes #273

The websearch-transformer hook used hardcoded 'which' command which doesn't
exist on Windows. Now uses process.platform detection to choose 'where' on
Windows and 'which' on Unix systems.
2026-01-05 12:38:01 -05:00
kaitranntt 98c21efb5a fix(websearch): detect Gemini CLI auth status before showing Ready
Previously, WebSearch status showed "Ready (Gemini)" when the CLI binary
was installed, misleading users who hadn't authenticated yet.

Changes:
- Add isGeminiAuthenticated() to check ~/.gemini/oauth_creds.json
- Add 'needs_auth' state to WebSearchReadiness type
- Show warning "[!] Gemini: run 'gemini' to login" when not authenticated
- Fix incorrect 'gemini auth login' references (no such command exists)
- Update docs with correct npm install and authentication instructions
2025-12-18 03:24:59 -05:00
kaitranntt 6bd1f420d9 fix(websearch): pass through to native WebSearch for account profiles
WebSearch hook was blocking native Claude accounts (ccs ck, default)
with "No Providers Enabled" message instead of passing through to
server-side WebSearch.

Changes:
- Add shouldSkipHook() detection for account/default profile types
- Fix blocking bug: exit(0) when no providers enabled instead of blocking
- Pass CCS_PROFILE_TYPE and CCS_WEBSEARCH_SKIP env vars for profile-aware behavior
- Add profile type signals to settings, cliproxy, account, and default execution paths
2025-12-18 00:27:40 -05:00
kaitranntt 14c53d575f feat(websearch): add model config + improve hook UX
- Add model field to Gemini/OpenCode WebSearch providers
- Config.yaml now explicitly stores model (gemini-2.5-flash, opencode/grok-code)
- UI: blur-to-save for model inputs (no save on every keystroke)
- UI: collapsible install hints inside provider cards
- UI: left accent border for enabled providers (better light theme contrast)
- Hook: use systemMessage for info-styled confirmation
- Hook: cleaner result format without defensive "NOT an error" language
2025-12-17 00:16:03 -05:00
kaitranntt d33fefd133 feat(websearch): dynamic hook timeout from config + grok-code default
- Hook timeout now computed from max provider timeout + 30s buffer
- Removes hardcoded HOOK_TIMEOUT_SECONDS constant
- ensureHookConfig() now updates timeout when it changes
- Default OpenCode model changed from gpt-5-nano to grok-code
- Default OpenCode timeout changed from 60s to 90s
- Single source of truth: config.yaml controls all timeouts
2025-12-16 23:07:11 -05:00
kaitranntt cbc2022ed1 refactor(websearch): consolidate prompts with shared instructions + provider overrides
- Add SHARED_INSTRUCTIONS constant with 7 quality guidelines applied to ALL providers
- Refactor PROVIDER_CONFIG to use toolInstruction (provider-specific) and quirks (optional)
- Add buildPrompt() function to combine shared + provider-specific instructions
- Gemini: google_web_search tool instruction
- OpenCode: built-in capabilities instruction
- Grok: web search + X/Twitter quirk for real-time events

DRY improvement: shared guidelines now maintained in one place
2025-12-16 22:47:53 -05:00
kaitranntt e71cb6227c feat(websearch): respect config provider settings and consolidate prompts
Major refactor of WebSearch hook to:

1. **Respect config.yaml settings**: Hook now reads CCS_WEBSEARCH_GEMINI,
   CCS_WEBSEARCH_OPENCODE, CCS_WEBSEARCH_GROK env vars to determine which
   providers to use. Only enabled AND installed providers are tried.

2. **Consolidate prompts/models**: Added PROVIDER_CONFIG section at top of
   hook file for easy prompt engineering:
   - gemini: model + prompt template
   - opencode: model (overridable via env) + prompt template
   - grok: model + prompt template

3. **Pass provider states via env**: Updated getWebSearchHookEnv() to pass
   individual provider enabled states as env vars.

Breaking change: Hook no longer falls back to all installed CLIs. It now
strictly respects config.yaml settings.
2025-12-16 22:30:37 -05:00
kaitranntt e6aa8ac453 feat(websearch): implement fallback chain for CLI providers
Add automatic fallback chain (Gemini -> OpenCode -> Grok) when multiple
WebSearch CLI providers are available. The hook now tries each provider
in order until one succeeds.

Changes:
- Update websearch-transformer.cjs with tryOpenCodeSearch() and tryGrokSearch()
- Implement fallback chain logic in processHook()
- Add outputAllFailedMessage() for when all providers fail
- Update outputNoToolsMessage() with all three install options
- Update config.yaml comments to document OpenCode and fallback behavior
2025-12-16 21:42:49 -05:00
kaitranntt c0938e1c82 feat(websearch): add Grok CLI support and improve install guidance
- Add Grok CLI detection (grok-4-cli by lalomorales22) alongside Gemini CLI
- Add WebSearch health check group to health-service.ts
- Update settings UI to show both Gemini and Grok CLI providers
- Add detailed install hints when no WebSearch CLI is installed
- Update API routes to return grokCli status
- Both CLI and dashboard users now see clear installation guidance

Providers:
- Gemini CLI: FREE tier (1000 req/day), no API key needed
- Grok CLI: Requires xAI API key (XAI_API_KEY), web + X search
2025-12-16 21:00:35 -05:00
kaitranntt f7a1a40b42 feat(websearch): enhance Gemini CLI integration, package manager detection, and WebSearch status
- Improve Gemini CLI integration in websearch hook: use gemini-2.5-flash & --yolo.
- Update `dev-install.sh` for better package manager (npm/bun) auto-detection.
- Introduce `displayWebSearchStatus` for improved user experience.
- Refactor `mcp-manager.ts` to track CCS-managed MCP servers.
2025-12-16 04:18:40 -05:00
kaitranntt fd99ebca98 feat(websearch): add MCP fallback and Gemini CLI hook for third-party profiles
- Add Gemini CLI transformer hook (websearch-gemini-transformer.cjs)
- Implement MCP auto-configuration with web-search-prime, brave, tavily fallback
- Add installWebSearchHook() to activate hook on profile launch
- Update settings.tsx to clarify web-search-prime requires z.ai subscription
- Add WebSearch config types and loader support
- Create implementation plan for WebSearch UX enhancement (startup status, dashboard)

Third-party profiles (gemini, agy, codex, qwen, glm, kimi) now have WebSearch
capability via Gemini CLI primary + MCP fallback chain.
2025-12-16 02:49:07 -05:00
kaitranntt 071ec041ed feat(websearch): add multi-tier MCP fallback for third-party profiles
Implements CCS WebSearch Native Infrastructure (Phases 1-3):

Phase 1 - Multi-tier MCP Fallback:
- Add mcp-manager.ts with ensureMcpWebSearch() for auto-configuration
- Support web-search-prime (primary), Brave Search, and Tavily MCPs
- Case-insensitive detection of existing web search MCPs
- Block-websearch hook for optional native WebSearch blocking

Phase 2 - User Configuration:
- Add WebSearchConfig interface to unified-config-types.ts
- Add getWebSearchConfig() to unified-config-loader.ts
- Support configurable webSearchPrimeUrl for security
- Add GET/PUT /api/websearch endpoints in routes.ts
- Add WebSearch settings UI in settings.tsx dashboard

Phase 3 - Documentation & Testing:
- Add WebSearch section to README.md
- Create comprehensive docs/websearch.md guide
- Add 23 unit tests for MCP manager logic

Enables web search for gemini, codex, agy, qwen, glm, kimi profiles
that cannot access Anthropic's native WebSearch API.
2025-12-16 00:42:13 -05:00