Commit Graph
38 Commits
Author SHA1 Message Date
Kai (Tam Nhu) TranandGitHub 14da76abae fix: redact OAuth trace error messages 2026-05-30 15:28:32 -04:00
Kai (Tam Nhu) TranandGitHub 5f1976f69c fix: add CLIProxy account reauthentication 2026-05-27 10:13:03 -04:00
Kai (Tam Nhu) TranandGitHub e658e838f9 fix(cliproxy): scrub GitLab PAT env after token-login auth (#1360)
* fix(cliproxy): scrub gitlab pat env var after auth handoff

* style: apply prettier formatting
2026-05-23 21:44:35 -04:00
Tam Nhu Tran 1af6625f5c feat: add OAuth paste-callback traceability 2026-05-22 14:12:53 -04:00
Kai (Tam Nhu) TranandGitHub 29da75c0d4 fix(cliproxy): explain headless Codex OAuth recovery
Closes #1213
2026-05-11 14:25:34 -04:00
Tam Nhu Tran 4ba9df5425 fix(cliproxy/auth): generalize Plus OAuth credential guards for gemini and agy
Refactor getGeminiPlusOAuthCredentialError / getGeminiAuthUrlCredentialError
behind a provider-table-driven helper (PLUS_OAUTH_ENV_BY_PROVIDER) and add
getPlusOAuthCredentialError / getPlusAuthUrlCredentialError exports covering
both gemini and agy. Existing gemini-named exports preserved as aliases so
PR #1131 test surface remains unchanged. New AGY-parity test cases mirror
the original gemini diagnostics. CLI call sites in triggerOAuth /
handlePasteCallbackMode stay gemini-only; dashboard handler in the
follow-up commits will use the generalized exports for both providers.

Refs #1208
2026-05-10 21:55:08 -04:00
Kai (Tam Nhu) TranandGitHub 61390e5691 fix(cliproxy): diagnose Gemini Plus OAuth credentials
Closes #1131
2026-05-07 11:05:53 -04:00
Tam Nhu Tran bf8759460d feat(auth,commands): instrument oauth handler, profile registry, and doctor pipeline
Emit auth-stage events around OAuth round-trips and profile lookups so auth
flows are traceable end-to-end. Doctor command emits dispatch stages around
each health-check phase for clearer diagnostic logs.

Refs #1141, #1138
2026-04-30 13:00:16 -04:00
Tam Nhu Tran 1c72b4b8d5 refactor(cliproxy): flatten module structure and colocate tests (#1135)
- Split types.ts (331 LOC) into 4 concern-based files under types/:
  platform-types, binary-types, provider-types, config-types
- Preserve backward compat via barrel re-export (types.ts → types/index)
- Reorganize 53 root-level files into 8 subdirectories:
  accounts/, ai-providers/, auth/, binary/, config/, executor/,
  management/, proxy/, quota/, routing/, services/, sync/
- Reduce src/cliproxy/ root from 65 to 8 files (target: ≤10)
- Colocate 87 unit tests from tests/unit/cliproxy/ into
  src/cliproxy/*/__tests__/ (13 colocated test directories)
- Update import paths across 40+ consumer files
- Add TDD backward-compat test for types split

Refs #1135
2026-04-29 17:06:39 -04:00
Tam Nhu Tran 27f1416181 fix(cliproxy): avoid network-bound local startup
- skip CLIProxy auto-update checks on runtime bootstrap paths

- fail fast when local startup needs a missing binary instead of attempting installs

- add regression coverage for dashboard limited mode and startup test isolation
2026-04-15 22:55:11 -04:00
Tam Nhu Tran 58c2c46ed7 fix(cursor): migrate legacy settings and validate gitlab urls 2026-04-15 17:48:33 -04:00
Tam Nhu Tran 7f1c23607d fix(gitlab): sanitize PAT auth failures across cli and web 2026-04-15 02:01:39 -04:00
Tam Nhu Tran 87d93b651b fix(cursor): deprecate legacy bridge and harden gitlab auth 2026-04-15 01:23:15 -04:00
Tam Nhu Tran 2d9f8c9695 feat(cliproxy): integrate missing provider support 2026-04-15 00:26:12 -04:00
Tam Nhu Tran 25bcee2fa1 fix(kiro): require fresh token before auth success 2026-04-07 08:27:52 -04:00
Tam Nhu Tran 1434c3d1e0 fix(kiro): harden callback replay and auth detection 2026-04-05 18:41:23 -04:00
Tam Nhu Tran f40d435a92 fix(kiro): harden idc and callback auth paths
- keep headless paste routing aligned with the selected Kiro auth method

- validate local callback replay targets and add prompt cancellation safeguards

- wire IDC params through the dashboard start route and support equals-form CLI flags
2026-04-05 02:04:11 -04:00
Tam Nhu Tran 0fbea0f335 fix(kiro): align auth flows with CLIProxyAPIPlus
- auto-select Builder ID for the default Kiro AWS auth flow

- support IDC auth flags and callback-based Kiro paste replay

- update regression coverage for Kiro auth routing
2026-04-05 02:04:11 -04:00
Tam Nhu Tran bdb7ac2937 feat(cliproxy): allow optional provider nicknames
- stop requiring manual unique nicknames for no-email providers by default

- preserve explicit nickname validation and same-account reauth semantics

- persist optional nicknames through dashboard manual callback flows
2026-03-23 11:02:08 -04:00
Tam Nhu Tran b25b1653b0 fix(cliproxy): poll paste-callback auth urls 2026-03-07 13:48:34 +07:00
Tam Nhu Tran 86ca18003a fix(cliproxy): preserve kiro paste-callback start route 2026-03-07 13:38:22 +07:00
Brian Le fa027022a8 fix(cliproxy): use management oauth-callback in paste flow 2026-03-03 17:59:10 -05:00
Brian Le 6fcd924b1c fix(cliproxy): use management auth-url route in paste callback 2026-03-03 17:16:07 -05:00
Tam Nhu Tran 3b1271b5e4 fix(agy): enforce multi-step responsibility acknowledgement for antigravity oauth 2026-02-24 17:23:02 +07:00
Tam Nhu Tran 476eabe08f fix(cliproxy): warn gemini and agy users about issue 509 2026-02-19 10:12:57 +07:00
Tam Nhu Tran fd46ad022a fix(cliproxy): align kiro auth methods with upstream contracts
- add typed Kiro auth-method model and AWS device-code default

- map CLI flags and callback behavior by selected Kiro method

- harden CLI-only method guards and add contract regression tests

Refs #552

Refs #233
2026-02-14 13:33:28 +07:00
Kai (Tam Nhu) TranGitHubgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>
051805074e feat: account safety, quota monitoring, and stability fixes (#530)
* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names (#515)

* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names

CLIProxyAPI registry no longer recognizes the gemini-claude-* prefix convention.
Model names in catalog, base config, and user settings are migrated to upstream
claude-* names. Auto-migration in env-builder rewrites existing user settings on
load and persists the change.

Closes #513

* fix: address code review feedback — sync UI layer and add migration tests

- Sync UI isNativeGeminiModel() with backend (remove gemini-claude- exclusion)
- Update UI model catalog agy entries from gemini-claude-* to claude-*
- Update CI/CD workflow and code-reviewer default model names
- Add unit tests for migrateDeprecatedModelNames() logic

* fix(hooks): isolate image type check before error-prone processing (#514)

* fix(hooks): isolate image type check before error-prone processing

Restructure processHook() into two phases so non-image Read calls
never see hook error messages. Phase 1 defensively checks tool name
and file extension, exiting 0 silently on any failure. Phase 2 only
runs for confirmed image/PDF files where errors are relevant.

Closes #511

* fix(hooks): sync image analyzer hook file on every profile launch

Add installImageAnalyzerHook() call to cliproxy executor, matching
the existing installWebSearchHook() pattern. This ensures the .cjs
file in ~/.ccs/hooks/ gets refreshed from the npm package on every
launch, so users receive hook updates after npm update.

* chore(release): 7.41.0-dev.1 [skip ci]

* fix(cliproxy): add fork:true for Claude model aliases in config generator (#523)

Config generator now outputs fork:true for Claude model alias entries,
ensuring both upstream (claude-*) and aliased (gemini-claude-*) model
names appear in /v1/models listings. Also preserves fork flag when
parsing user-added aliases during config regeneration.

Bumps config version to v7 to trigger regeneration on next ccs doctor.

Closes #522

* chore(release): 7.41.0-dev.2 [skip ci]

* feat(cliproxy): add account safety guards to prevent Google account bans (#516)

* feat(cliproxy): add account safety guards to prevent Google account bans

Implements cross-provider isolation to prevent Google from flagging
concurrent OAuth usage across different client IDs (ref: #509, #512).

Three pillars:
1. Auto-pause enforcement at session launch — conflicting accounts in
   other Google OAuth providers are paused so CLIProxyAPI can't use them,
   restored on session exit with crash recovery via auto-paused.json
2. Ban/disable detection — error responses matching Google ban patterns
   auto-pause the affected account to prevent further damage
3. Cross-provider conflict warnings during OAuth registration

Key design decisions:
- PID-based session tracking for crash recovery (dead PID = restore)
- Timestamp comparison prevents restoring ban-paused accounts on exit
- Schema validation on auto-paused.json prevents corrupted state
- Falls back to warn-only when another session is managing isolation

* fix(cliproxy): address code review feedback (attempt 1/5)

- Re-read auto-paused.json before write in enforceProviderIsolation to
  reduce concurrent write race window
- Use actual email from registry for display instead of raw accountId
- Export maskEmail for testability
- Add 27 unit tests covering ban detection, email masking,
  cross-provider duplicate detection, enforcement lifecycle,
  crash recovery, and timestamp-guarded restore

* fix(cliproxy): address remaining review feedback (attempt 2/5)

- Add handleBanDetection test verifying account pause on ban error
- Add warnCrossProviderDuplicates tests (true/false/non-Google)
- Document PID reuse limitation in isPidAlive JSDoc comment

* chore(release): 7.41.0-dev.3 [skip ci]

* feat(cliproxy): runtime quota monitoring during active sessions (#529)

* feat(cliproxy): add runtime quota monitoring during active sessions

Adds adaptive background quota polling to detect and respond to quota
exhaustion during active CLIProxy sessions. Prevents rate-limit-driven
account bans by auto-cooling exhausted accounts and switching defaults.

- Adaptive polling: 300s normal, 60s at 20% threshold, stops at 0%
- Stderr warnings at 20%, boxed exhaustion alerts at 0%
- Cooldown + default switch on exhaustion (existing patterns)
- Configurable via quota_management.runtime_monitor in config.yaml
- Timer.unref() prevents blocking process exit
- monitorStopped guard for in-flight poll safety

Closes #524

* fix: address code review feedback (attempt 1/5)

- M1: Round quotaPercent display with Math.round() to avoid ugly floats
- M2: Rename exhaust_threshold -> exhaustion_threshold for consistency
  with existing auto.exhaustion_threshold config field
- M3: Replace async not.toThrow() with direct await assertion pattern

* fix: address code review feedback (attempt 2/5)

- Remove .claude/agent-memory/ from tracking and add to .gitignore
- Unify cooldown_minutes default to 5 (was 10 in runtime_monitor, 5 in auto)
- Add threshold validation in startQuotaMonitor (warn > exhaustion)
- Document intentional post-switch monitoring gap in code comment

* chore(release): 7.41.0-dev.4 [skip ci]

* fix(cliproxy): mask email in ban detection and fix JSDoc default

- Use maskEmail() in handleBanDetection output for consistency
- Fix cooldown_minutes JSDoc: default is 5, not 10

* chore(release): 7.41.0-dev.5 [skip ci]

* fix(cliproxy): address all review feedback (Low + informational)

- Add sync constraint comment on process.exit handler (executor)
- Add TOCTOU race acceptability comment (account-safety)
- Mask email in handleQuotaExhaustion reason string
- Use realistic exhaustion_threshold (5) in test configs

* chore(release): 7.41.0-dev.6 [skip ci]

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-12 00:48:29 +07:00
kaitranntt 7a1b4d6f20 feat(oauth): add interactive mode prompt for VPS/headless environments
- Add promptOAuthModeChoice() for headless OAuth mode selection
- Add --port-forward flag to force port-forwarding mode
- Add conflict detection for --paste-callback + --port-forward
- Handle edge cases: Ctrl+C, invalid input, non-TTY stdin
- Update help docs with new flag

Closes #461
2026-02-04 20:47:19 -05:00
kaitranntt 258220b7e8 refactor(oauth): align box chars with CCS standard and add JSDoc
Use Unicode box characters (╔═╗║╚╝) per design guidelines and
add JSDoc to parseCallbackUrl helper function.
2026-02-02 23:41:13 -05:00
Kai (Tam Nhu) TranandGitHub 24b03121fd fix(dashboard): cross-browser OAuth with manual callback fallback (#417) (#423)
- Remove destructive /start endpoint call from Dashboard OAuth dialog
  (was killing running CLIProxy Docker instances via killProcessOnPort)
- Use /start-url + polling only (management API, non-destructive)
- Auto-open browser tab via window.open() with manual fallback URL display
- Add paste-callback CLI mode (--paste-callback flag) for headless/SSH
- Use dynamic proxy target with management headers instead of hardcoded localhost
- Extract timeout constants, restore invariant comment
- Move hook-utils tests from src/__tests__/ to tests/unit/ (fixes tsc)
- Add try-catch for preset apply, remove auth URL console.log
2026-02-02 16:11:36 -05:00
kaitranntt 107e2813f9 fix(cliproxy): prevent race in promptNickname close handler 2026-01-06 13:52:14 -05:00
kaitranntt d96c67ba81 fix(cliproxy): use nickname as accountId for kiro/ghcp providers
Kiro/GHCP OAuth tokens have empty email field, causing all accounts to
use accountId='default' and overwrite each other. This fix:

- Add PROVIDERS_WITHOUT_EMAIL constant for kiro/ghcp identification
- Require nickname for kiro/ghcp during registration (CLI + web UI)
- Use nickname as accountId instead of email for these providers
- Enforce nickname uniqueness to prevent collisions
- Update discoverExistingAccounts() to generate unique IDs (kiro-1, etc.)

Closes #258, #267
2026-01-06 12:16:22 -05:00
kaitranntt add4aa55c7 fix(kiro): add fallback import from Kiro IDE when OAuth callback redirects
When Kiro OAuth callback redirects to Kiro IDE instead of CLI, this fix:
- Auto-attempts token import from Kiro IDE storage
- Adds --import flag for manual import (ccs kiro --import)
- Shows clear instructions if import fails

Fixes #212
2025-12-27 00:01:40 -05:00
kaitranntt df0c94781e feat(kiro): improve auth UX with normal browser default and URL display
- Change default to noIncognito=true (normal browser) for reliability
- Always print OAuth URL to terminal for VS Code popup detection
- Move incognito toggle from Proxy settings to Kiro provider page
- Add --incognito flag to opt into incognito mode (was --no-incognito)
- Update help text to reflect new defaults
2025-12-24 06:17:17 -05:00
kaitranntt 083e67426c feat(kiro): add UI toggle and auth hint for --no-incognito option
- Add "Kiro: Use normal browser" toggle in config dashboard (Proxy section)
- Add --no-incognito documentation to ccs --help output
- Show hint after successful Kiro auth about saving AWS credentials
2025-12-24 05:26:02 -05:00
kaitranntt 13e4baca22 fix(kiro): add --no-incognito option for normal browser auth
Kiro OAuth always opens in incognito browser mode, which doesn't save
login credentials. Users need to re-enter email each authentication.

Changes:
- Add noIncognito option to OAuthOptions interface
- Add kiro_no_incognito config option to CLIProxyConfig
- Pass --no-incognito flag to CLIProxyAPI binary when enabled
- Support both CLI flag (--no-incognito) and config.yaml setting

Usage:
- CLI: ccs kiro --auth --no-incognito
- Config: cliproxy.kiro_no_incognito: true in config.yaml
2025-12-24 05:02:33 -05:00
kaitranntt 2b441f6498 feat(auth): add Kiro and GitHub Copilot OAuth providers
- Add kiro (port 8329) and copilot (port 8330) to auth-types
- Implement OAuth flows in oauth-handler
- Update token-manager to include new providers
- Add new providers to CLIPROXY_PROFILES
- Update diagnostics and API routes for new providers
2025-12-21 22:26:11 -05:00
kaitranntt 5c28935d1e refactor(cliproxy): modularize auth handler and binary
- extract 6 auth modules to auth/ directory (932 → 65 lines)

- oauth-handler, oauth-process, token-manager

- environment-detector, auth-types

- extract binary/ with downloader, verifier modules

Phase 3: Large Files Breakdown (auth-handler.ts)
2025-12-19 11:48:21 -05:00