- stop the Codex free-plan compatibility guard from rewriting codex.settings.json
- keep saved dashboard selections intact and rely on runtime fallback when needed
- update reconcile coverage to lock the non-mutating behavior in place
Replace local mtime-only ProviderTokenSnapshot type and
listProviderTokenSnapshots/findNewTokenSnapshotForPendingAuth in
cliproxy-auth-routes with shared implementations from token-manager.
Ensures dashboard parity with CLI-side SHA-256 fingerprint detection.
Use extractLikelyOAuthAuthorizationUrl before falling back to naive
regex when detecting auth URLs in stderr for manual callback replay.
Prevents prompting with non-OAuth URLs when stderr emits multiple URLs.
Cache file content in RawTokenCandidate to avoid double-reading token
files (TOCTOU race between metadata extraction and fingerprinting).
Rename stale test description and add fingerprint fields to test
snapshots so they exercise the same comparison path as production.
- add explicit access modes so remote users see setup guidance instead of an ambiguous login
- redesign the login page with remote setup messaging, password visibility, and light/dark controls
- cover the access-state contract and login UI with focused tests
- keep headless paste routing aligned with the selected Kiro auth method
- validate local callback replay targets and add prompt cancellation safeguards
- wire IDC params through the dashboard start route and support equals-form CLI flags
- auto-select Builder ID for the default Kiro AWS auth flow
- support IDC auth flags and callback-based Kiro paste replay
- update regression coverage for Kiro auth routing
- extract account resume lane guidance into a dedicated auth helper
- swallow diagnostic failures so account launches still reach execClaude
- add focused tests for the warning success and failure paths
- add runtime-aware resume lane diagnostics and auth backup flows
- warn when account resume uses a different plain ccs continuity lane
- surface lane mismatch guidance in the accounts dashboard, docs, and tests
- destroy the response stream when /v1/models exceeds the body limit
- prevent the oversized-response fallback test from hanging during server shutdown
- add a shared command catalog for root help and completion routing
- replace shell-local completion logic with a hidden __complete backend
- add topic help and parity tests for router, help, and completion coverage
- route dashboard WebSocket traffic through /ws to avoid Vite HMR collisions
- run the dev entrypoint with node so bun run dev stays stable in this repo
- restore the Image settings scroll container contract and add regression coverage
- Add 30s timeout on proxy requests to prevent indefinite hangs
- Wrap resolveLocalCliproxyPort in try/catch with default port fallback
- Simplify buildProxyBody: remove fragile content-length check that
caused Bun to fall through to req.pipe() on consumed streams
- Replace proxyRes.pipe(res) with manual streaming for Bun compatibility
(pipe hangs after writeHead in Bun runtime)
- Replace deprecated req.on('aborted') with res.on('close') cleanup
(req.on('close') fires with req.destroyed=true in Bun after body
consumption, prematurely destroying the proxy connection)
- Explicitly end proxy request for bodyless methods (GET/HEAD/OPTIONS)
instead of piping an already-consumed express stream
- Add server.closeAllConnections() in test cleanup to prevent hangs
- Add GET passthrough and 502 unreachable test cases