- unify CLIPROXY_SUPPORTED_PROVIDERS to import from CLIPROXY_PROVIDER_IDS
- replace 4 inline union types with CLIProxyProvider import
- replace hardcoded provider arrays in migration-manager and proxy-routes
- remove duplicate PROVIDER_DISPLAY_NAMES, use getProviderDisplayName()
- sync test now imports from ui/src/lib/provider-config instead of hardcoded array
Adding a new CLIProxy provider no longer requires updating 14+ hardcoded lists.
Implement target adapter pattern enabling CCS CLI to support multiple backend targets
(Claude, Droid) via pluggable adapters. Core additions:
- TargetAdapter interface for pluggable target implementations
- ClaudeAdapter and DroidAdapter concrete implementations
- Target registry (singleton Map-based storage)
- Target resolver with precedence: --target flag > per-profile config > busybox detection
- Droid config manager with atomic writes and file locking to ~/.factory/settings.json
- Droid binary detector to validate runtime environment
- Adapter dispatch integrated into ccs.ts main execution flow
- ccsd busybox alias for seamless Droid invocation
- --target flag documentation in help
- Session tracking enriched with target metadata
- Dashboard target badge for visual identification
Testing:
- 43 unit tests covering resolver, registry, config manager, and adapters
- Full coverage of target detection logic and edge cases
Documentation:
- Refactored system-architecture.md into modular docs/system-architecture/ subdirectory
- Updated code-standards.md with target adapter guidelines
- Updated codebase-summary.md with architecture overview
- Updated maintainability baseline (33.8% → 35.2%)
This establishes extensible foundation for multi-target support without breaking
existing Claude workflows. Droid adapter is production-ready but defaults to Claude
for backward compatibility.
- add cursor model fields to unified config defaults and YAML comments
- expand Cursor model catalog/defaults and return configured current model
- keep cursor.settings.json env model fields in sync with config updates
- align unit tests for new model defaults and route merge behavior
Refs #555
- Add cursor section serialization after copilot, before global_env
- Fixes P1 data loss: cursor settings now persist to config.yaml
- Previously cursor was merged in memory but never written to disk
- Change /start and /stop to /daemon/start and /daemon/stop matching copilot convention
- Add enabled field to CursorConfig for dashboard toggle parity
- Simplify getCursorConfig() to trust mergeWithDefaults()
- Handle bare 'ccs cursor' to show help instead of reserved-name error
- Add fallback? (provider+model) to CompositeTierConfig for per-tier retry
- Add thinking? string to CompositeTierConfig for per-tier thinking budget
- Add hasFallback flag to VariantConfig for runtime detection
- Propagate new fields in listVariantsFromConfig()
Refs #506
* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names (#515)
* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names
CLIProxyAPI registry no longer recognizes the gemini-claude-* prefix convention.
Model names in catalog, base config, and user settings are migrated to upstream
claude-* names. Auto-migration in env-builder rewrites existing user settings on
load and persists the change.
Closes#513
* fix: address code review feedback — sync UI layer and add migration tests
- Sync UI isNativeGeminiModel() with backend (remove gemini-claude- exclusion)
- Update UI model catalog agy entries from gemini-claude-* to claude-*
- Update CI/CD workflow and code-reviewer default model names
- Add unit tests for migrateDeprecatedModelNames() logic
* fix(hooks): isolate image type check before error-prone processing (#514)
* fix(hooks): isolate image type check before error-prone processing
Restructure processHook() into two phases so non-image Read calls
never see hook error messages. Phase 1 defensively checks tool name
and file extension, exiting 0 silently on any failure. Phase 2 only
runs for confirmed image/PDF files where errors are relevant.
Closes#511
* fix(hooks): sync image analyzer hook file on every profile launch
Add installImageAnalyzerHook() call to cliproxy executor, matching
the existing installWebSearchHook() pattern. This ensures the .cjs
file in ~/.ccs/hooks/ gets refreshed from the npm package on every
launch, so users receive hook updates after npm update.
* chore(release): 7.41.0-dev.1 [skip ci]
* fix(cliproxy): add fork:true for Claude model aliases in config generator (#523)
Config generator now outputs fork:true for Claude model alias entries,
ensuring both upstream (claude-*) and aliased (gemini-claude-*) model
names appear in /v1/models listings. Also preserves fork flag when
parsing user-added aliases during config regeneration.
Bumps config version to v7 to trigger regeneration on next ccs doctor.
Closes#522
* chore(release): 7.41.0-dev.2 [skip ci]
* feat(cliproxy): add account safety guards to prevent Google account bans (#516)
* feat(cliproxy): add account safety guards to prevent Google account bans
Implements cross-provider isolation to prevent Google from flagging
concurrent OAuth usage across different client IDs (ref: #509, #512).
Three pillars:
1. Auto-pause enforcement at session launch — conflicting accounts in
other Google OAuth providers are paused so CLIProxyAPI can't use them,
restored on session exit with crash recovery via auto-paused.json
2. Ban/disable detection — error responses matching Google ban patterns
auto-pause the affected account to prevent further damage
3. Cross-provider conflict warnings during OAuth registration
Key design decisions:
- PID-based session tracking for crash recovery (dead PID = restore)
- Timestamp comparison prevents restoring ban-paused accounts on exit
- Schema validation on auto-paused.json prevents corrupted state
- Falls back to warn-only when another session is managing isolation
* fix(cliproxy): address code review feedback (attempt 1/5)
- Re-read auto-paused.json before write in enforceProviderIsolation to
reduce concurrent write race window
- Use actual email from registry for display instead of raw accountId
- Export maskEmail for testability
- Add 27 unit tests covering ban detection, email masking,
cross-provider duplicate detection, enforcement lifecycle,
crash recovery, and timestamp-guarded restore
* fix(cliproxy): address remaining review feedback (attempt 2/5)
- Add handleBanDetection test verifying account pause on ban error
- Add warnCrossProviderDuplicates tests (true/false/non-Google)
- Document PID reuse limitation in isPidAlive JSDoc comment
* chore(release): 7.41.0-dev.3 [skip ci]
* feat(cliproxy): runtime quota monitoring during active sessions (#529)
* feat(cliproxy): add runtime quota monitoring during active sessions
Adds adaptive background quota polling to detect and respond to quota
exhaustion during active CLIProxy sessions. Prevents rate-limit-driven
account bans by auto-cooling exhausted accounts and switching defaults.
- Adaptive polling: 300s normal, 60s at 20% threshold, stops at 0%
- Stderr warnings at 20%, boxed exhaustion alerts at 0%
- Cooldown + default switch on exhaustion (existing patterns)
- Configurable via quota_management.runtime_monitor in config.yaml
- Timer.unref() prevents blocking process exit
- monitorStopped guard for in-flight poll safety
Closes#524
* fix: address code review feedback (attempt 1/5)
- M1: Round quotaPercent display with Math.round() to avoid ugly floats
- M2: Rename exhaust_threshold -> exhaustion_threshold for consistency
with existing auto.exhaustion_threshold config field
- M3: Replace async not.toThrow() with direct await assertion pattern
* fix: address code review feedback (attempt 2/5)
- Remove .claude/agent-memory/ from tracking and add to .gitignore
- Unify cooldown_minutes default to 5 (was 10 in runtime_monitor, 5 in auto)
- Add threshold validation in startQuotaMonitor (warn > exhaustion)
- Document intentional post-switch monitoring gap in code comment
* chore(release): 7.41.0-dev.4 [skip ci]
* fix(cliproxy): mask email in ban detection and fix JSDoc default
- Use maskEmail() in handleBanDetection output for consistency
- Fix cooldown_minutes JSDoc: default is 5, not 10
* chore(release): 7.41.0-dev.5 [skip ci]
* fix(cliproxy): address all review feedback (Low + informational)
- Add sync constraint comment on process.exit handler (executor)
- Add TOCTOU race acceptability comment (account-safety)
- Mask email in handleQuotaExhaustion reason string
- Use realistic exhaustion_threshold (5) in test configs
* chore(release): 7.41.0-dev.6 [skip ci]
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Use Atomics.wait for synchronous sleep instead of CPU-intensive
busy-wait loop. This properly sleeps the thread without wasting cycles.
Addresses code review feedback on PR #441.
Changes ImageAnalysisConfig from providers array to provider_models
mapping for granular vision model control per CLIProxy provider.
Breaking change: config.yaml image_analysis section now uses
provider_models instead of providers/model fields.
Provider-to-model mappings:
- agy → gemini-2.5-flash
- gemini → gemini-2.5-flash
- codex → gpt-5.1-codex-mini
- kiro → kiro-claude-haiku-4-5
- ghcp → claude-haiku-4.5
- claude → claude-haiku-4-5-20251001
Hook checks CCS_CURRENT_PROVIDER against provider_models and skips
if no vision model configured for that provider.
Intercept Read tool calls for image/PDF files and route through CLIProxy
with gemini-2.5-flash for vision analysis. Returns text descriptions
instead of blocking, enabling Claude to "see" images via proxy.
Key changes:
- Add image-analyzer-transformer.cjs hook script
- Add ImageAnalysisConfig type and loader
- Add hook installer and profile injector
- Add prompt templates for analysis customization
- Add e2e test suite (excluded from normal CI runs)
- Configure test:e2e script for manual testing
Environment variables:
- CCS_IMAGE_ANALYSIS_ENABLED: Enable/disable (default: 1)
- CCS_IMAGE_ANALYSIS_MODEL: Vision model (default: gemini-2.5-flash)
- CCS_IMAGE_ANALYSIS_TIMEOUT: Timeout in seconds (default: 60)
- CCS_CLIPROXY_API_KEY: API key for CLIProxy auth
- CCS_CLIPROXY_PORT: CLIProxy port (default: 8317)
Closes#426
- change AccountTier from binary (free/paid) to granular (ultra/pro/free/unknown)
- update mapTierString() to parse API tier strings correctly
- remove faulty inferTierFromModels() fallback - tier comes only from API
- update default tier_priority config to ['ultra', 'pro', 'free']
- update model catalog tier types and display logic
Closes#387
- Fix auto_sync JSDoc to say (default: true) matching actual default
- Add unlink event handler for profile deletion sync
- Add debug logging for sync failures in api-command
Add Claude as a first-class OAuth provider in CCS CLI and dashboard.
Backend support already exists in CLIProxyAPIPlus (port 54545).
Changes:
- Add 'claude' to CLIProxyProvider type and profile detector
- Add Claude OAuth config (port 54545, --anthropic-login flag)
- Add Claude to oauth-port-diagnostics flow types
- Add Claude token discovery prefixes (claude-, anthropic-)
- Add Claude model catalog (Opus 4.5, Sonnet 4.5/4, Haiku 4.5)
- Add Claude logo and provider display name
- Update variant config types and adapters
Closes#380
Critical fix: setup_completed was set in memory but never written to disk.
- Add setup_completed to generateYamlWithComments() for YAML serialization
- Add setup_completed to mergeWithDefaults() to preserve during config merge
Without these changes, the flag was lost on save/reload, causing first-time
notice to reappear.
Addresses critical code review feedback on PR #372.
After running ccs setup with local proxy mode, the CLI was still showing
the first-time install notice because isFirstTimeInstall() only checked
for user-created content (profiles, accounts, variants, etc.). When user
chose "Local" mode and skipped API profiles, config had empty objects,
causing all checks to return false.
Added setup_completed flag to UnifiedConfig interface and set it to true
when setup wizard completes. isFirstTimeInstall() now checks this flag
first.
- Add backend field to BinaryManagerConfig type for installer context
- Thread backend parameter through tar/zip extractors to use correct names
- Delete existing binary before install to prevent mismatched binaries
- Track backend in session metadata for debugging/monitoring
- Validate and preserve backend field in config mergeWithDefaults
- Pass backend to registerSession for session tracking
The core issue was extractors calling getExecutableName() without the
backend parameter, causing it to default to 'plus' regardless of user
selection. This resulted in wrong binaries being extracted/renamed.
Add cliproxy.backend config field to choose between CLIProxyAPI (original)
and CLIProxyAPIPlus backends. Includes CLI --backend flag, Dashboard toggle,
and provider validation to block Kiro/ghcp on original backend.
- add ThinkingConfig type with mode/override/tier_defaults
- add getThinkingConfig() and getEffectiveThinkingBudget() helpers
- support auto/off/manual modes with tier-based defaults
Refs #307
- consolidate 'pro'/'ultra' into single 'paid' tier (no distinction needed)
- update mapTierString() and inferTierFromModels() in quota-fetcher.ts
- fix tier_priority default from ['ultra','pro'] to ['paid']
- add missing quota_management to mergeWithDefaults() in config-loader
- update UI tier badge styling for 'paid' tier
- update api-client.ts tier type definition
- add paused state and tier field to OAuthAccount
- create quota-manager.ts for central quota/tier logic
- add tier detection and 30s cache to quota-fetcher
- add quota_management schema to unified config
Refs #282
- Fixed version regex to accept -N suffix (e.g., 6.6.80-0)
- Added .trim() to version input for whitespace handling
- Added Windows reserved device names (CON, PRN, AUX, NUL, COM1-9, LPT1-9) validation
- Updated binary-service, variant-service, and validation-service with checks
- Add management_key field to CliproxyServerConfig for separate management API auth
- Update proxy-target-resolver with buildManagementHeaders() for /v0/management/* endpoints
- Update stats-fetcher and remote-auth-fetcher to use management headers
- Add management_key input field to dashboard remote proxy settings
- Disable quota UI in remote mode (tokens on remote server)
- Fix preset application to use dynamic API key from config instead of hardcoded placeholder