Commit Graph
36 Commits
Author SHA1 Message Date
Tam Nhu Tran fd5d16f3f3 fix: align proxy routing across fetch and downloader 2026-03-16 07:10:39 -04:00
Tam Nhu Tran f50c9625de fix: harden global fetch proxy handling 2026-03-16 06:58:01 -04:00
Tam Nhu Tran 2be5c5a706 fix: sync error code docs links 2026-03-07 09:56:35 +07:00
Tam Nhu Tran 4cdb6594f8 fix: respect auto_update preference by disabling Claude auto-updater 2026-03-02 21:13:15 +07:00
Tam Nhu Tran 0aed60febb fix(ci): enforce parity gate and stabilize test execution 2026-02-23 23:53:09 +07:00
Tam Nhu Tran 04e4e61b68 fix(test): pin real child_process passthrough refs
- bind real spawn/spawnSync/execSync before module mocking

- avoid potential rebinding recursion or mock passthrough drift in CI

- keeps non-Claude process execution untouched during test mocks
2026-02-20 23:41:20 +07:00
Tam Nhu Tran 873b7adb70 fix(test): scope child_process mock to test lifecycle
- register child_process module mock in beforeAll instead of module load

- keep passthrough for non-Claude commands and restore after suite

- avoids cross-suite side effects that stalled cursor daemon CI tests
2026-02-20 23:36:22 +07:00
Tam Nhu Tran 5b164a6486 fix(test): prevent child_process mock cross-test leakage
- mock only Claude command spawns and pass through real child_process for others

- add missing ChildProcess-compatible fields (pid/unref) on mock child

- stabilizes cursor daemon and ccsd alias tests in CI parallel execution
2026-02-20 23:24:11 +07:00
Tam Nhu Tran 80a84edf1f test(delegation): add regression coverage for claudecode stripping
- verify case-insensitive CLAUDECODE removal helper behavior

- cover execClaude env merge, override, no-key, and Windows paths

- cover headless executor spawn env sanitization behavior

Refs #588
2026-02-20 23:01:09 +07:00
Tam Nhu Tran 0bf00b23d9 fix(profile): close km legacy kimi compatibility gaps 2026-02-19 13:02:56 +07:00
Tam Nhu Tran cf8070b5f0 fix(profile): handle km compatibility for legacy kimi api users 2026-02-19 12:43:41 +07:00
Tam Nhu Tran 672813beba chore: merge dev, resolve cursor-daemon test conflict 2026-02-17 17:05:47 +07:00
Tam Nhu Tran 539afea737 style: format source and test files 2026-02-17 17:03:11 +07:00
Kai (Tam Nhu) TranandGitHub 3c1f49ccd2 Merge pull request #577 from kaitranntt/feat/576-cursor-battle-test-integration
feat(cursor): harden daemon integration and model discovery
2026-02-17 16:49:29 +07:00
Tam Nhu Tran 4798741a99 fix(cursor): resolve review feedback and harden edge cases 2026-02-17 16:33:21 +07:00
Tam Nhu Tran 3da3407f9a fix(targets): harden adapter lifecycle and droid model edge cases 2026-02-17 04:09:48 +07:00
Tam Nhu Tran c9faf6cdc9 test(cliproxy): stabilize path-sensitive CI test assertions
- infer update cache paths from runtime module behavior instead of hardcoded ~/.ccs

- assert GLMT default log path via getCcsDir to avoid cross-suite env leakage
2026-02-13 06:47:32 +07:00
Kai (Tam Nhu) TranGitHubgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>
051805074e feat: account safety, quota monitoring, and stability fixes (#530)
* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names (#515)

* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names

CLIProxyAPI registry no longer recognizes the gemini-claude-* prefix convention.
Model names in catalog, base config, and user settings are migrated to upstream
claude-* names. Auto-migration in env-builder rewrites existing user settings on
load and persists the change.

Closes #513

* fix: address code review feedback — sync UI layer and add migration tests

- Sync UI isNativeGeminiModel() with backend (remove gemini-claude- exclusion)
- Update UI model catalog agy entries from gemini-claude-* to claude-*
- Update CI/CD workflow and code-reviewer default model names
- Add unit tests for migrateDeprecatedModelNames() logic

* fix(hooks): isolate image type check before error-prone processing (#514)

* fix(hooks): isolate image type check before error-prone processing

Restructure processHook() into two phases so non-image Read calls
never see hook error messages. Phase 1 defensively checks tool name
and file extension, exiting 0 silently on any failure. Phase 2 only
runs for confirmed image/PDF files where errors are relevant.

Closes #511

* fix(hooks): sync image analyzer hook file on every profile launch

Add installImageAnalyzerHook() call to cliproxy executor, matching
the existing installWebSearchHook() pattern. This ensures the .cjs
file in ~/.ccs/hooks/ gets refreshed from the npm package on every
launch, so users receive hook updates after npm update.

* chore(release): 7.41.0-dev.1 [skip ci]

* fix(cliproxy): add fork:true for Claude model aliases in config generator (#523)

Config generator now outputs fork:true for Claude model alias entries,
ensuring both upstream (claude-*) and aliased (gemini-claude-*) model
names appear in /v1/models listings. Also preserves fork flag when
parsing user-added aliases during config regeneration.

Bumps config version to v7 to trigger regeneration on next ccs doctor.

Closes #522

* chore(release): 7.41.0-dev.2 [skip ci]

* feat(cliproxy): add account safety guards to prevent Google account bans (#516)

* feat(cliproxy): add account safety guards to prevent Google account bans

Implements cross-provider isolation to prevent Google from flagging
concurrent OAuth usage across different client IDs (ref: #509, #512).

Three pillars:
1. Auto-pause enforcement at session launch — conflicting accounts in
   other Google OAuth providers are paused so CLIProxyAPI can't use them,
   restored on session exit with crash recovery via auto-paused.json
2. Ban/disable detection — error responses matching Google ban patterns
   auto-pause the affected account to prevent further damage
3. Cross-provider conflict warnings during OAuth registration

Key design decisions:
- PID-based session tracking for crash recovery (dead PID = restore)
- Timestamp comparison prevents restoring ban-paused accounts on exit
- Schema validation on auto-paused.json prevents corrupted state
- Falls back to warn-only when another session is managing isolation

* fix(cliproxy): address code review feedback (attempt 1/5)

- Re-read auto-paused.json before write in enforceProviderIsolation to
  reduce concurrent write race window
- Use actual email from registry for display instead of raw accountId
- Export maskEmail for testability
- Add 27 unit tests covering ban detection, email masking,
  cross-provider duplicate detection, enforcement lifecycle,
  crash recovery, and timestamp-guarded restore

* fix(cliproxy): address remaining review feedback (attempt 2/5)

- Add handleBanDetection test verifying account pause on ban error
- Add warnCrossProviderDuplicates tests (true/false/non-Google)
- Document PID reuse limitation in isPidAlive JSDoc comment

* chore(release): 7.41.0-dev.3 [skip ci]

* feat(cliproxy): runtime quota monitoring during active sessions (#529)

* feat(cliproxy): add runtime quota monitoring during active sessions

Adds adaptive background quota polling to detect and respond to quota
exhaustion during active CLIProxy sessions. Prevents rate-limit-driven
account bans by auto-cooling exhausted accounts and switching defaults.

- Adaptive polling: 300s normal, 60s at 20% threshold, stops at 0%
- Stderr warnings at 20%, boxed exhaustion alerts at 0%
- Cooldown + default switch on exhaustion (existing patterns)
- Configurable via quota_management.runtime_monitor in config.yaml
- Timer.unref() prevents blocking process exit
- monitorStopped guard for in-flight poll safety

Closes #524

* fix: address code review feedback (attempt 1/5)

- M1: Round quotaPercent display with Math.round() to avoid ugly floats
- M2: Rename exhaust_threshold -> exhaustion_threshold for consistency
  with existing auto.exhaustion_threshold config field
- M3: Replace async not.toThrow() with direct await assertion pattern

* fix: address code review feedback (attempt 2/5)

- Remove .claude/agent-memory/ from tracking and add to .gitignore
- Unify cooldown_minutes default to 5 (was 10 in runtime_monitor, 5 in auto)
- Add threshold validation in startQuotaMonitor (warn > exhaustion)
- Document intentional post-switch monitoring gap in code comment

* chore(release): 7.41.0-dev.4 [skip ci]

* fix(cliproxy): mask email in ban detection and fix JSDoc default

- Use maskEmail() in handleBanDetection output for consistency
- Fix cooldown_minutes JSDoc: default is 5, not 10

* chore(release): 7.41.0-dev.5 [skip ci]

* fix(cliproxy): address all review feedback (Low + informational)

- Add sync constraint comment on process.exit handler (executor)
- Add TOCTOU race acceptability comment (account-safety)
- Mask email in handleQuotaExhaustion reason string
- Use realistic exhaustion_threshold (5) in test configs

* chore(release): 7.41.0-dev.6 [skip ci]

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-12 00:48:29 +07:00
Tam Nhu Tran dc9b27623b test(utils): add unit tests for killWithEscalation
- Add 7 test cases covering SIGTERM/SIGKILL escalation, timer cleanup,
  default and custom grace periods, and already-exited process edge case
- Add timer.unref() to prevent keeping event loop alive during shutdown
- Add comment explaining 10s grace period in headless-executor timeout
2026-02-11 02:25:10 +07:00
Kai (Tam Nhu) TranGitHubgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>
b454834175 feat(release): v7.38.0 - Extended Context, Qwen Models, Bug Fixes (#480)
* fix(version): show active config path instead of deprecated config.json

The version command was using deprecated getConfigPath() which always
returned config.json path. Now uses getActiveConfigPath() which shows
config.yaml in unified mode or config.json in legacy mode.

* chore(release): 7.37.1-dev.1 [skip ci]

* fix(ui): use native dynamic import to fix Node 24 ESM/CJS interop

TypeScript compiles import() to require() when targeting CommonJS,
which breaks ESM packages like ora on Node 24. Use new Function()
to create native dynamic import at runtime, bypassing TS transform.

Closes #472

* chore(release): 7.37.1-dev.2 [skip ci]

* fix(env): strip ANTHROPIC_* from account/default profiles

Account and default profiles inherit process.env which may contain
stale ANTHROPIC_BASE_URL from prior CLIProxy sessions. This causes
ConnectionRefused errors when Claude tries to hit an unavailable proxy.

Settings-based profiles already handle this by explicitly injecting
their own ANTHROPIC_* values. This fix applies the same protection
to account/default profiles by stripping ANTHROPIC_* before spawn.

Closes #474

* test(env): add unit tests for stripAnthropicEnv

Address code review feedback from PR #475. Tests cover:
- Removing all ANTHROPIC_* keys
- Preserving non-ANTHROPIC keys
- Empty object handling
- Undefined value preservation
- Case sensitivity (only uppercase ANTHROPIC_)
- All ANTHROPIC_ prefixed variants stripped

* chore(release): 7.37.1-dev.3 [skip ci]

* feat(cliproxy): add extended context support for 1M token window

Add --1m and --no-1m flags to enable/disable 1M token context window.
Uses Claude Code's [1m] suffix mechanism.

Behavior:
- Gemini models: auto-enabled by default
- Claude models: opt-in with --1m flag
- New extendedContext field in model catalog

Also adds Claude Opus 4.6 to model catalog with extended context support.

Closes #103

* feat(ui): add extended context toggle in dashboard model config

- Add ExtendedContextToggle component for 1M token context window
- Add Claude Opus 4.6 (claude-opus-4-6-20260203) to model catalogs
- Mark Gemini and Claude models with extendedContext: true
- Toggle only appears when selected model supports extended context
- Auto-enabled info for native Gemini, opt-in info for Claude

Part of extended context feature implementation for issue #103.

* fix: address code review findings and CI failure

- Fix CI error: add missing 'provider' prop to ModelConfigSection
- Fix case sensitivity in applyExtendedContextSuffix
- Fix whitespace handling in stripModelSuffixes
- Handle --1m=value and --no-1m=value CLI patterns
- Add warning when --1m used on unsupported model
- Sync agy catalog: add extendedContext to gemini-3-pro-preview
- Extract isNativeGeminiModel to shared utility (DRY)
- Add 21 unit tests for extended-context-config

* fix(catalog): rename claude-opus-4-6-20260203 to claude-opus-4-6

* fix(ui): wire extended context toggle through component tree

- Add extendedContextEnabled and toggleExtendedContext to useProviderEditor hook
- Store setting as CCS_EXTENDED_CONTEXT env var in provider settings
- Pass props through provider-editor → model-config-tab → model-config-section
- Update UseProviderEditorReturn type with new properties

* fix(ui): apply [1m] suffix directly to model strings in settings

- Toggle now applies/strips [1m] suffix to all ANTHROPIC_*MODEL env vars
- Extended context detected by checking if any model has [1m] suffix
- Remove legacy CCS_EXTENDED_CONTEXT flag approach
- Add suffix utilities: applyExtendedContextSuffix, stripExtendedContextSuffix
- Raw Configuration now shows actual model values with [1m] suffix

* fix(qwen): update model catalog with correct context windows and tier mappings

- Update context window specs from official Alibaba docs:
  - Qwen3 Coder Plus: 1M context (was 32K)
  - Qwen3 Max: 256K context (flagship)
  - Qwen3 Coder Flash: fast code generation
- Fix preset mappings for Claude tier equivalence:
  - Opus → qwen3-max (flagship 256K)
  - Sonnet → qwen3-coder-plus (balanced 1M)
  - Haiku → qwen3-coder-flash (fast)
- Update provider descriptions to reflect 256K-1M context range
- Add all 7 Qwen models from CLIProxyAPI: qwen3-coder-plus, qwen3-max,
  qwen3-max-preview, qwen3-235b, qwen3-vl-plus, qwen3-coder-flash, qwen3-32b

Closes #478

* fix(ui): only apply [1m] suffix to ANTHROPIC_MODEL, fix toggle refresh

- Only ANTHROPIC_MODEL gets [1m] suffix, not tier mappings
- Strip [1m] when looking up model in catalog to prevent toggle disappearing
- Fix odd page refresh when toggling extended context

* chore(release): 7.37.1-dev.4 [skip ci]

* fix(ui): remove duplicate import in use-provider-editor

* chore: address PR review feedback - sync comment and unused import

* chore(release): 7.37.1-dev.5 [skip ci]

* feat(cliproxy): add Opus 4.6 to Antigravity model catalog (#482)

* feat(cliproxy): add Opus 4.6 to Antigravity model catalog

- Add gemini-claude-opus-4-6-thinking as new default agy model
- Update preset mappings to route opus tier to Opus 4.6
- Bump CLIProxy fallback versions to v6.8.2
- Keep Opus 4.5 as previous flagship option

* fix(cliproxy): include oauth-model-alias in config generation

Root cause: CLIProxy config.yaml was missing Opus 4.6 alias because:
1. CLIProxyPlus startup migration is disabled (intentional)
2. CCS config generator never wrote oauth-model-alias section
3. Existing users with outdated aliases got 502 on Opus 4.6

Fix:
- Add DEFAULT_ANTIGRAVITY_ALIASES to config generator
- Generate oauth-model-alias section in config.yaml template
- Preserve claude-api-key and custom aliases during regeneration
- Bump config version to v6 to trigger auto-regeneration
- Update model catalog tests for new model count

* fix(cliproxy): preserve YAML indentation in extractYamlSection

- Replace .trim() with regex to strip only leading/trailing newlines,
  preserving 2-space indent on claude-api-key children
- Skip standalone comments at col 0 in section boundary detection
- Update stale test description (4 → 5 models)

* chore(release): 7.37.1-dev.6 [skip ci]

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-06 20:28:58 -05:00
kaitranntt 61bc54af05 fix(shell): escape ! for cmd.exe delayed expansion
Adds defensive escaping for exclamation marks in case delayed
expansion is enabled in the user's cmd.exe environment.
2026-02-05 10:45:07 -05:00
kaitranntt 48aa3cca30 test(shell): add unit tests for escapeShellArg
- 11 tests covering Unix and Windows escaping behavior
- Tests for quotes, percent signs, carets, newlines, tabs
- Fixes comment inaccuracy (backslash → doubling)
2026-02-05 10:36:55 -05:00
kaitranntt 2fe6c336d7 test: add stress test and PostToolUse preservation tests
- Add stress test for 15 duplicate hooks (verifies O(n) scaling)
- Add test verifying PostToolUse/PreToolCall remain untouched
- Add optional debug logging when duplicates removed (CCS_DEBUG)

Addresses review feedback from PR #452
2026-02-04 11:44:33 -05:00
kaitranntt 7f83a7d435 fix(detector): use expandPath helper and add tests
- Refactor: Remove duplicate expandWindowsPath(), use expandPath() from helpers
- Simplify: Update WINDOWS_NATIVE_PATHS to actual install location
  (%USERPROFILE%\.local\bin\claude.exe from Claude's install.ps1)
- Tests: Add comprehensive test suite for Windows detection (9 tests)
- Address code review feedback from PR #449

Refs: #447
2026-02-04 11:14:17 -05:00
kaitranntt 66f5fe6b2c fix(websearch): normalize double-slash paths in hook detection
Add .replace(/\/+/g, '/') to collapse multiple forward slashes,
preventing duplicate hook accumulation from malformed paths.
2026-02-02 23:40:25 -05:00
Kai (Tam Nhu) TranandGitHub 24b03121fd fix(dashboard): cross-browser OAuth with manual callback fallback (#417) (#423)
- Remove destructive /start endpoint call from Dashboard OAuth dialog
  (was killing running CLIProxy Docker instances via killProcessOnPort)
- Use /start-url + polling only (management API, non-destructive)
- Auto-open browser tab via window.open() with manual fallback URL display
- Add paste-callback CLI mode (--paste-callback flag) for headless/SSH
- Use dynamic proxy target with management headers instead of hardcoded localhost
- Extract timeout constants, restore invariant comment
- Move hook-utils tests from src/__tests__/ to tests/unit/ (fixes tsc)
- Add try-catch for preset apply, remove auth URL console.log
2026-02-02 16:11:36 -05:00
kaitranntt 67a48a8305 fix(test): remove redundant build from beforeAll hook
CI already runs bun run build:all before validate step.
Duplicate build in test hook was causing timeout in CI.
2025-12-27 16:30:25 -05:00
kaitranntt f2a4200625 fix(core): address all code review issues from PR #199
Critical fixes:
- CRIT-1: Fix placeholder detection case sensitivity in api-key-validator
- CRIT-2: Add TOCTOU protection via loadMigrationCheckData() for atomic config reads
- CRIT-3: Restore fs.existsSync mock in profile-detector tests

High priority fixes:
- H1-H3: API validator HTTP/HTTPS support, timeout abort, debug log
- H4-H6: OAuth explicit flow type, signal handling, TTY detection
- H7-H8: Profile collision warning, config-first save order
- H9-H11: expandPath consistency, preset sync CLI/UI
2025-12-24 20:18:57 -05:00
kaitranntt 92a79aa78b test(auth): add comprehensive tests for GLM auth persistence fix
Add 26 new unit tests covering:
- isFirstTimeInstall() legacy config detection (8 tests)
- loadSettingsFromFile() path expansion (5 tests)
- ProfileDetector detectProfileType() (4 tests)
- expandPath() cross-platform handling (10 tests)

Test coverage for issue #195:
- Legacy config.json/profiles.json detection
- Tilde expansion to home directory
- Environment variable expansion (${VAR}, $VAR, %VAR%)
- Mixed path separator normalization
- Corrupted config graceful handling

Files:
- tests/unit/commands/setup-command.test.ts
- tests/unit/auth/profile-detector.test.ts
- tests/unit/utils/expand-path.test.ts
2025-12-24 18:33:52 -05:00
kaitranntt df77745eca fix(update): correct dev version comparison semantic
- dev versions (X.Y.Z-dev.N) now treated as newer than base release (X.Y.Z)
- reflects convention that dev work is AFTER the release, not before
- update GH Actions message to use 'ccs update --dev' instead of npm install
- update tests to match new semantic
2025-12-20 19:48:05 -05:00
kaitranntt b6b18173cc fix(update-checker): resolve dev channel update and duplicate comments
Fixes tag-agnostic cache issue causing 'ccs update --dev' to require
force. Implements tag-specific caching (dev_version vs latest_version)
to correctly detect updates across channels. Disables duplicate bot
comments on dev releases in .releaserc.cjs.
2025-12-19 04:50:09 -05:00
kaitranntt 790ac3c862 fix(cache): use ~/.ccs/cache/ for usage and update-check files
- usage-disk-cache.ts: usage-cache.json → cache/usage.json
- update-checker.ts: update-check.json → cache/update-check.json
- Both ensure cache directory exists before writing
- Update tests to use new cache paths
2025-12-10 18:32:35 -05:00
kaitranntt df31ffcee7 fix(prompt): strip bracketed paste escape sequences from password input
Terminals using bracketed paste mode wrap pasted content with ESC[200~
(start) and ESC[201~ (end) sequences. These were incorrectly passed
through to API keys, causing "[200~API_KEY[201~" instead of "API_KEY".

Now buffers ESC sequences and discards recognized paste markers.
2025-12-04 05:05:45 -05:00
kaitranntt 3bdbff9345 feat(prompt): add password input utility with masking
Adds new password prompt utility with customizable masking for secure
credential collection. Integrates with help command for improved UX.
2025-12-04 04:45:26 -05:00
semantic-release-botandkaitranntt bd46c8de12 fix(tests): migrate test suite from mocha to bun test runner
- Replace before()/after() with beforeAll()/afterAll()
- Remove this.timeout() calls (unsupported by bun)
- Update package.json scripts to use bun test
- Fix error message regex for cross-runtime compatibility
- Skip integration tests requiring network/child process mocking
- Format source files with prettier
2025-12-03 21:43:29 -05:00
kaitranntt 6e49e0e7e1 feat(ui): add central ui abstraction layer for cli styling
- create src/utils/ui.ts with semantic colors, status indicators, boxes, tables, spinners
- add ui types (SemanticColor, BoxOptions, TableOptions, SpinnerOptions) to src/types/utils.ts
- add deprecation notice to src/utils/helpers.ts for legacy color functions
- add unit tests for ui module (11 test cases)
- install chalk@5.6.2, boxen@8.0.1, gradient-string@3.0.0

features:
- semantic color system (success, error, warning, info, primary, secondary)
- ascii-only status indicators: [OK], [X], [!], [i]
- tty-aware with NO_COLOR/FORCE_COLOR support
- styled boxes with boxen (round, double, bold borders)
- formatted tables with cli-table3
- animated spinners with ora (fallback to plain text in non-tty)
- gradient text for headers (cyan-to-blue)
- lazy esm module loading for chalk/boxen/gradient-string
2025-12-01 19:22:51 -05:00