Commit Graph
949 Commits
Author SHA1 Message Date
Kai (Tam Nhu) TranandGitHub aee322ea88 fix: compare cliproxy fork release suffixes (#1419) 2026-05-30 13:42:31 -04:00
github-actions[bot] 7c959d0a2b chore(sync): merge main into dev after release
# Conflicts:
#	package.json
2026-05-29 15:53:46 +00:00
Kai (Tam Nhu) TranandGitHub c3d8dcbdd9 hotfix: avoid Docker smoke port collisions (#1412) 2026-05-29 11:49:25 -04:00
github-actions[bot] c2cff36362 chore(sync): merge main into dev after release
# Conflicts:
#	package.json
2026-05-29 15:20:44 +00:00
Kai (Tam Nhu) TranandGitHub 0e3383d31d hotfix: add integrated Docker healthcheck
Refs #1400
2026-05-29 11:16:19 -04:00
Kai (Tam Nhu) TranandGitHub 6ed9e097e7 hotfix: sync Docker release publishing fix to dev
Refs #1400
2026-05-29 10:33:55 -04:00
Kai (Tam Nhu) TranandGitHub d49bbdaec3 hotfix: repair Docker release publishing
Refs #1400
2026-05-29 10:19:38 -04:00
Tam Nhu Tran 3fbf850471 fix: forward bare Claude subcommands through the default profile
`ccs agents` exited with "Profile not found: agents" instead of opening
the Claude agent view. The first positional token was treated as a
profile name, so `detectProfileType` threw for any bare Claude subcommand
that is not also a profile. `ccs <profile> agents` (#1218) and
`ccs default agents` already worked; only the bare form was unrouted.

On the profile-not-found path, reroute documented Claude subcommands
(agents, mcp, plugin, project, setup-token, auto-mode, remote-control,
ultrareview, upgrade, install) through the default profile so they launch
`claude <subcommand>` — where the existing launcher already strips
interactive-session args. Gated to the claude target so codex/droid keep
their own subcommand routing, and only reached when no profile of that
name exists, so a real configured profile still wins. CCS commands that
shadow Claude subcommands (doctor, update, auth) are intercepted earlier
by the root-command router and are unaffected.

Closes #1404
2026-05-28 22:21:26 -04:00
Halil ErtekinandGitHub f42aee9a20 fix: handle system messages in OpenAI proxy (#1403) 2026-05-28 22:08:07 -04:00
Kai (Tam Nhu) TranandGitHub 5f1976f69c fix: add CLIProxy account reauthentication 2026-05-27 10:13:03 -04:00
Kai (Tam Nhu) TranandGitHub 52a427a7a3 fix(ci): close dev-released issues on stable release (#1396) 2026-05-27 08:28:01 -04:00
Kai (Tam Nhu) TranandGitHub 88fbac3a32 fix(channels): avoid secrets in --set-token argv (#1389) 2026-05-23 22:37:55 -04:00
Kai (Tam Nhu) TranandGitHub b35a23a6e4 fix: reject unsupported image analysis backends (#1387)
* fix: reject unsupported image analysis backends

* style: apply prettier formatting
2026-05-23 22:37:44 -04:00
Kai (Tam Nhu) TranandGitHub 55cd78bce4 fix: create explicit CODEX_HOME with secure permissions (#1380) 2026-05-23 21:45:12 -04:00
Kai (Tam Nhu) TranandGitHub 0db9705d75 fix(claude-extension): enforce private permissions for settings writes (#1378) 2026-05-23 21:45:07 -04:00
Kai (Tam Nhu) TranandGitHub 781c84b04b fix: narrow legacy GLMT base URL normalization (#1376)
* fix: narrow legacy glmt base url normalization

* style: apply prettier formatting
2026-05-23 21:45:02 -04:00
Kai (Tam Nhu) TranandGitHub 03a30119d9 fix(cursor): authenticate local daemon health/runtime traffic (#1373) 2026-05-23 21:44:55 -04:00
Kai (Tam Nhu) TranandGitHub e6f764c79b fix(cursor): block cross-origin runtime probe requests (#1371) 2026-05-23 21:44:50 -04:00
Kai (Tam Nhu) TranandGitHub 37fdf90e30 fix(ci): constrain PR-Agent GitHub App token permissions (#1370)
* fix(ci): constrain pr-agent app token permissions

* style: apply prettier formatting
2026-05-23 21:44:47 -04:00
Kai (Tam Nhu) TranandGitHub 4e7894a3da fix: honor browser eval env override in attach config (#1368) 2026-05-23 21:44:44 -04:00
Kai (Tam Nhu) TranandGitHub c322829f44 fix(browser): cap click and key repeat counts in MCP (#1367)
* fix(browser): cap click and key repeat counts in MCP

* style: apply prettier formatting
2026-05-23 21:44:42 -04:00
Kai (Tam Nhu) TranandGitHub 8b3ba5532e fix(browser): log only matched intercepted requests (#1366) 2026-05-23 21:44:40 -04:00
Kai (Tam Nhu) TranandGitHub 2ec23c6c3a fix(sse): make CRLF normalization chunk-boundary safe (#1359)
* fix(sse): handle CRLF split across chunk boundaries

* style: apply prettier formatting
2026-05-23 21:44:32 -04:00
Kai (Tam Nhu) TranandGitHub 0bd2e577b2 fix(codex-auth): restrict symlink fallback and harden copy path (#1365) 2026-05-23 21:43:51 -04:00
Kai (Tam Nhu) TranandGitHub ab379e9e13 fix: disable docker legacy API key auth by default (#1355) 2026-05-23 21:03:24 -04:00
Kai (Tam Nhu) TranandGitHub 8335f0c73c fix(dispatcher): also treat -p as non-subcommand short for --print (#1352)
Red-team follow-up to #1341: the original fix only guarded --print but
Claude accepts -p as the short form, and CCS itself passes -p in
headless-executor.ts. Without this check the security bypass survived
via the short flag.

Added regression tests: ['-p', 'agents'], ['-p', 'doctor'], ['-p']
alone, and injector short-circuit verification for -p form.
2026-05-23 17:33:38 -04:00
Kai (Tam Nhu) TranandGitHub 9a420988bc fix(analytics): support sqlite3 path resolution on Windows and NixOS (#1354)
- Add CCS_SQLITE_BIN env-var override; validated with fs.realpathSync so
  symlinks are fully resolved before prefix check
- Reject any override whose realpath does not start under a trusted system
  prefix (prevents PATH-hijack reintroduction from #1347)
- Add TRUSTED_PREFIX_UNIX covering /nix/store/, /opt/local/ (MacPorts),
  /snap/, /run/current-system/ in addition to existing /usr/* and
  /opt/homebrew/ entries
- Add TRUSTED_PREFIX_WINDOWS covering Program Files, System32, and the
  Chocolatey managed bin dir (no canonical winget/Scoop path exists)
- Keep TRUSTED_SQLITE_PATHS_WINDOWS empty — Windows users set CCS_SQLITE_BIN
- Pass env as optional third param to querySqliteJson (backward compatible)
- Add 16-test suite covering env-var acceptance, /tmp rejection, symlink
  traversal, NixOS paths, MacPorts, Windows fallback, and prefix safety
2026-05-23 17:29:52 -04:00
Kai (Tam Nhu) TranandGitHub 5d27f10367 refactor(cliproxy): remove orphaned bg keepalive wiring (#1353)
Red-team review of #1340 found that backgroundProbe / shouldKeepSessionProxiesAlive /
startKeepAliveWatcher and related types were never reachable: the sole caller
(claude-launcher.ts) passed no hasBackgroundWorkerUsingBaseUrl detector, so
backgroundProbe was always undefined and the keepalive branch never executed.

Remove the unreachable scaffold:
- Delete CLAUDE_BG_WORKER_ARGS, hasClaudeBackgroundWorkerUsingBaseUrl{,InProcessList},
  shouldKeepSessionProxiesAlive, ShouldKeepSessionProxiesAliveOptions, and the
  SessionProxyKeepAliveOptions interface from session-bridge.ts
- Remove the backgroundProbe/startKeepAliveWatcher block and keepalive exit branch
  from setupCleanupHandlers; the function now always calls stopSessionResources on
  Claude exit
- Remove backgroundKeepAliveBaseUrl wiring from claude-launcher.ts
- Remove the execFileSync import (was only used by the deleted ps-based detector)
- Update test file: remove tests for deleted exports, keep placeholder

A trusted bg-worker detector can be re-added in a future PR if the feature is
actually needed; the keepalive logic in shouldKeepSessionProxiesAlive can be
restored then.
2026-05-23 17:29:18 -04:00
Kai (Tam Nhu) TranandGitHub 9cd9b796ca fix(models-dev): sanitize models.dev registry entries and harden pricing resolver (#1345)
* fix(models-dev): sanitize cached model entries before pricing lookup

* style: apply prettier formatting
2026-05-23 17:03:49 -04:00
Kai (Tam Nhu) TranandGitHub 66966f3527 fix(pricing): guard malformed models.dev model entries (#1344)
* fix(pricing): guard malformed models.dev model entries

* style: apply prettier formatting
2026-05-23 16:55:05 -04:00
Kai (Tam Nhu) TranandGitHub fd561b59bc fix(dispatcher): treat --print as non-subcommand Claude session (#1341)
* fix(dispatcher): treat --print as non-subcommand Claude session

* style: apply prettier formatting

* fix(dispatcher): correct return type in subcommand detector

getClaudeSubcommandName returns string | null; return false (boolean)
was invalid after dev refactored isClaudeSubcommandInvocation to
delegate to it. Change to return null to preserve the --print safety
fix intent.
2026-05-23 16:54:30 -04:00
Tam Nhu Tran bbcf9e8b15 fix: mask Docker key rotation banner 2026-05-22 17:04:19 -04:00
Tam Nhu Tran 30971ebb28 fix: preserve Docker legacy API key during rotation 2026-05-22 16:49:16 -04:00
Tam Nhu Tran 37a14525cc fix: repair ccsx codex profile resources 2026-05-22 16:27:00 -04:00
Tam Nhu Tran f667628411 fix: resolve ccsx auth profiles before CCS profiles 2026-05-22 15:54:55 -04:00
Tam Nhu Tran db4b938c0e fix: treat remote-control as a Claude subcommand 2026-05-22 15:39:15 -04:00
Kai (Tam Nhu) TranandGitHub f8df18a99b Merge pull request #1327 from kaitranntt/kai/feat/1266-dashboard-sunset-guard
feat(ci): sunset legacy dashboard image publishing
2026-05-22 14:38:25 -04:00
Tam Nhu Tran 9f6e64fd39 feat(ci): sunset legacy dashboard image publishing 2026-05-22 14:16:42 -04:00
Tam Nhu Tran 4d7f30a260 chore(docker): skip ccs postinstall in legacy image 2026-05-22 14:10:29 -04:00
Kai (Tam Nhu) TranandGitHub 07cef20c76 Merge pull request #1324 from kaitranntt/kai/fix/dashboard-cliproxy-restart-button
fix: ensure dashboard cliproxy restart waits for recovery
2026-05-22 13:51:42 -04:00
Tam Nhu Tran fc5851e3a2 fix: ensure dashboard cliproxy restart waits for recovery 2026-05-22 13:37:21 -04:00
Tam Nhu Tran 6bc04dee97 fix: normalize ccsxp codex model flag aliases 2026-05-22 13:03:00 -04:00
Kai (Tam Nhu) TranandGitHub fa17ad5af1 Merge pull request #1318 from kaitranntt/kai/feat/1255-analytics-profile-filter
feat: filter analytics dashboard by profile
2026-05-22 12:38:50 -04:00
Tam Nhu Tran 46d73ae79f feat: share stale Codex translator path scanner 2026-05-22 12:10:54 -04:00
Kai (Tam Nhu) TranandGitHub 8e2a89ea56 Merge pull request #1316 from kaitranntt/kai/feat/1303-persist-receipt
feat: report permission mode persist receipt status
2026-05-22 11:34:24 -04:00
Kai (Tam Nhu) TranandGitHub 9aeb1c1e99 Merge pull request #1315 from kaitranntt/kai/fix/1275-codex-diagnostics-redaction
fix: redact Codex diagnostics metadata
2026-05-22 11:25:10 -04:00
Tam Nhu Tran f1d655e425 feat: filter analytics by profile 2026-05-22 11:24:21 -04:00
Tam Nhu Tran 3dc1810540 feat: report permission mode persist receipt status 2026-05-22 11:14:17 -04:00
Tam Nhu Tran e2f2c7dc2e fix: redact Codex diagnostics metadata 2026-05-22 11:12:20 -04:00
Tam Nhu Tran e0f43b88c2 test: cover agents permission-mode passthrough 2026-05-22 11:11:08 -04:00