kaitranntt
2e45447bb7
fix(dashboard): resolve edge cases in backup restore and settings UI
...
Backend:
- Add atomic restore with mutex to prevent concurrent corruption
- Implement rollback on failure for backup restore
- Add symlink security validation
Frontend:
- Add 'backups' tab to URL validation in settings hook
- Add error boundary for lazy-loaded settings sections
- Clamp progress bar values to prevent visual bugs
- Add AbortController cleanup to prevent memory leaks
- Fix misleading debug mode description and add actual console logging
2026-01-14 15:42:12 -05:00
kaitranntt
bd5e9d2b78
feat(dashboard): implement full parity UX improvements
...
- Remove 'agy' hardcode from quota hook (multi-provider support)
- Add quota N/A badge with AlertCircle icon for fetch failures
- Add new 'backups' tab to Settings page with Archive icon
- Create BackupsSection component with list/restore UI
- Add persist backend routes (GET /api/persist/backups, POST /api/persist/restore)
- Add debug mode toggle in Settings proxy section (localStorage persisted)
Closes documentation gap for persist command dashboard parity.
2026-01-14 13:52:54 -05:00
semantic-release-bot
01fe780514
chore(release): 7.20.1 [skip ci]
...
## [7.20.1](https://github.com/kaitranntt/ccs/compare/v7.20.0...v7.20.1 ) (2026-01-14)
### Bug Fixes
* **ci:** expand ai-review allowedTools to prevent token waste ([ac7b324 ](https://github.com/kaitranntt/ccs/commit/ac7b324d4989883c7a8e92030891e51bfc040cc3 ))
* **cliproxy:** address PR review feedback ([04c9b08 ](https://github.com/kaitranntt/ccs/commit/04c9b087ca3466c4b2871a777906f87b19566d3c ))
* **cliproxy:** return null for unknown quota, add verbose diagnostics ([1ac1941 ](https://github.com/kaitranntt/ccs/commit/1ac19415ce835df15f3fcefbb698f12ec89ec5e9 ))
* **deps:** add express-rate-limit to production dependencies ([d9631be ](https://github.com/kaitranntt/ccs/commit/d9631be81a018d9e007f241bcb6b928664cc6991 )), closes [#333 ](https://github.com/kaitranntt/ccs/issues/333 )
2026-01-14 18:39:17 +00:00
Kai (Tam Nhu) Tran and GitHub
bc1b1b6799
Merge pull request #335 from kaitranntt/dev
...
feat(release): v7.20.1 - quota diagnostics and ai-review improvements
2026-01-14 13:38:10 -05:00
github-actions[bot]
bb9549cb22
chore(release): 7.20.0-dev.3 [skip ci]
2026-01-14 18:32:34 +00:00
kaitranntt
ac7b324d49
fix(ci): expand ai-review allowedTools to prevent token waste
...
- Add more allowed bash patterns: gh issue view, gh api, git commands
- Add base tools: Edit, LS for better flexibility
- Update prompt to write pr_review.md in working dir (not /tmp/)
- Add step to Read before Write to avoid security block
- Add explicit rules about avoiding shell operators (||, &&, <<)
- Allow rm pr_review.md for cleanup
Previous run had 9 tool rejections wasting ~5000 tokens due to:
- gh issue view not allowed (only gh pr view was)
- /tmp/ outside working directory
- Write without Read blocked
- Complex shell operators blocked
2026-01-14 13:31:18 -05:00
github-actions[bot]
43aaa6dbf4
chore(release): 7.20.0-dev.2 [skip ci]
2026-01-14 18:12:00 +00:00
Kai (Tam Nhu) Tran and GitHub
3ea1ea3064
Merge pull request #334 from kaitranntt/kai/fix/missing-express-rate-limit
...
fix(deps): add express-rate-limit to production dependencies
2026-01-14 13:10:58 -05:00
kaitranntt
d9631be81a
fix(deps): add express-rate-limit to production dependencies
...
express-rate-limit was imported in auth-middleware.ts but only the
@types/express-rate-limit package was declared in devDependencies.
This caused "Cannot find module 'express-rate-limit'" error when
running `ccs config` after installing v7.20.0 globally.
Closes #333
2026-01-14 13:06:58 -05:00
github-actions[bot]
b740816dd9
chore(release): 7.20.0-dev.1 [skip ci]
2026-01-14 16:39:33 +00:00
Kai (Tam Nhu) Tran and GitHub
cc83b596fb
Merge pull request #331 from kaitranntt/fix/quota-fix
...
fix(cliproxy): return null for unknown quota, add verbose diagnostics
2026-01-14 11:38:31 -05:00
kaitranntt
04c9b087ca
fix(cliproxy): address PR review feedback
...
- Pass verbose flag through fetchQuotaWithDedup to fetchAccountQuota
- Change verbose logging from console.log to console.error (stderr)
- Keep quotaPercent optional (semantically correct for cases without quota)
2026-01-14 10:49:47 -05:00
semantic-release-bot
8e115a2a20
chore(release): 7.20.0 [skip ci]
...
## [7.20.0](https://github.com/kaitranntt/ccs/compare/v7.19.2...v7.20.0 ) (2026-01-14)
### Features
* **config:** add ccs config auth CLI subcommand ([39c1ee2 ](https://github.com/kaitranntt/ccs/commit/39c1ee2ca0f01a1254812a4a8fe8f6c2ed052fe0 )), closes [#319 ](https://github.com/kaitranntt/ccs/issues/319 )
* **dashboard:** add optional login authentication ([#319 ](https://github.com/kaitranntt/ccs/issues/319 )) ([464b410 ](https://github.com/kaitranntt/ccs/commit/464b410e8b3e017689ce7de6b6fc06b3f04c7fdd ))
* **persist:** add --list-backups and --restore options for backup management ([ef7e595 ](https://github.com/kaitranntt/ccs/commit/ef7e595b6fa4c96ac88e2e98f992fd05f7525e2e ))
* **persist:** add backup management for settings.json ([#312 ](https://github.com/kaitranntt/ccs/issues/312 )) ([3ac687e ](https://github.com/kaitranntt/ccs/commit/3ac687ec9fab6ad4ce11bd3af6af5c596958a5e2 )), closes [#248 ](https://github.com/kaitranntt/ccs/issues/248 )
### Bug Fixes
* **auth:** add security hardening per code review ([a3a167e ](https://github.com/kaitranntt/ccs/commit/a3a167e62aaa555c71379e91a9dfd0b7f5ddf145 ))
* **auth:** move redirect to useEffect and validate bcrypt hash format ([37e3468 ](https://github.com/kaitranntt/ccs/commit/37e3468d4dece26d35ef6b5ad9683312473e1ca9 ))
* **ci:** add full CLIProxy env vars for AI review ([7cfd3c1 ](https://github.com/kaitranntt/ccs/commit/7cfd3c1f9dbd387d4fc6388382727222bd8475bd ))
* **ci:** add Write tool to allowedTools for PR comment posting ([e7dca48 ](https://github.com/kaitranntt/ccs/commit/e7dca480d313b2227638a3e8a53554b3d28d2c8e ))
* **persist:** harden security and edge case handling ([#328 ](https://github.com/kaitranntt/ccs/issues/328 )) ([397331e ](https://github.com/kaitranntt/ccs/commit/397331ec8995b261e0b6916874d59947ede0a88f )), closes [#312 ](https://github.com/kaitranntt/ccs/issues/312 )
* **ui:** use wss:// for WebSocket on HTTPS pages ([#315 ](https://github.com/kaitranntt/ccs/issues/315 )) ([db58c6b ](https://github.com/kaitranntt/ccs/commit/db58c6bbcabdb1edc1748212ad0b85af682ac597 ))
2026-01-14 15:35:23 +00:00
Kai (Tam Nhu) Tran and GitHub
2faa837777
Merge pull request #329 from kaitranntt/dev
...
feat(release): v7.20.0 - persist command and dashboard auth
2026-01-14 10:34:23 -05:00
github-actions[bot]
cafb849b0b
chore(release): 7.19.2-dev.5 [skip ci]
2026-01-14 15:32:37 +00:00
kaitranntt
7cfd3c1f9d
fix(ci): add full CLIProxy env vars for AI review
...
- Use /api/provider/agy endpoint for proper model routing
- Set ANTHROPIC_DEFAULT_*_MODEL to route Haiku/Sonnet/Opus correctly
- Disable telemetry, error reporting, bug command
- Set max output/thinking tokens
2026-01-14 10:31:37 -05:00
kaitranntt
1ac19415ce
fix(cliproxy): return null for unknown quota, add verbose diagnostics
...
- Change calculateAverageQuota() to return null instead of 100 when no model data
- Update callers to use null coalescing (?? 0) for health check thresholds
- Display "N/A (fetch unavailable)" for null quota values
- Add --verbose flag to quota-related functions for troubleshooting
- Add debug logging: token refresh status, API response, errors
2026-01-14 10:19:27 -05:00
github-actions[bot]
2af9c31643
chore(release): 7.19.2-dev.4 [skip ci]
2026-01-14 15:07:42 +00:00
Kai (Tam Nhu) Tran and GitHub
397331ec89
fix(persist): harden security and edge case handling ( #328 )
...
Security fixes:
- Add fs.chmodSync(backupPath, 0o600) after backup creation
- Add symlink detection (isSymlink helper) before all file operations
- Reject symlinks in write, backup, and restore operations
Edge case fixes:
- Handle empty settings.json (0 bytes) gracefully
- Validate parsed JSON is object type (not array/primitive)
- Validate backup JSON integrity before restore
- Show backup path guidance on write failure
- Validate existing env is object before spread
Maintenance:
- Add backup rotation (keep last 10, MAX_BACKUPS constant)
- Add cleanupOldBackups() function
Addresses security findings from PR #312 code review.
2026-01-14 10:06:44 -05:00
kaitranntt
e7dca480d3
fix(ci): add Write tool to allowedTools for PR comment posting
...
Root cause: Claude's allowedTools pattern matching is literal string
matching. Multiline content in --body breaks the `Bash(gh pr comment *)`
pattern. The Bash(cat *) pattern only matches reading, not writing with
redirection.
Changes:
- Add Write tool to allowedTools (enables temp file creation)
- Remove Bash(cat *) (not needed, Write replaces it)
- Update prompt to require Write + --body-file pattern
- Explicitly warn against inline --body with multiline content
Tested locally: Successfully posted comment using Write + --body-file
2026-01-14 10:06:05 -05:00
github-actions[bot]
c2a16a253e
chore(release): 7.19.2-dev.3 [skip ci]
2026-01-14 14:30:53 +00:00
kaitranntt and Leynier Gutiérrez González
3ac687ec9f
feat(persist): add backup management for settings.json ( #312 )
...
Add `--list-backups` and `--restore` options to the ccs persist command
for backup management. Enables users to list and restore settings.json
backups. Updated CLAUDE.md to document persist command.
Resolves #248
Co-authored-by: Leynier Gutiérrez González <leynier41@gmail.com >
2026-01-14 09:29:32 -05:00
Leynier Gutiérrez González and kaitranntt
ef7e595b6f
feat(persist): add --list-backups and --restore options for backup management
...
Add backup management functionality to the persist command:
- List available backups with timestamps and dates
- Restore from most recent or specific backup
- Improved error handling for corrupted settings.json
- Updated CLAUDE.md to document the persist command and the exception to the non-invasive constraint
2026-01-14 09:27:48 -05:00
github-actions[bot]
3b4c29ddcb
chore(release): 7.19.2-dev.2 [skip ci]
2026-01-14 13:35:51 +00:00
Sergey and GitHub
db58c6bbca
fix(ui): use wss:// for WebSocket on HTTPS pages ( #315 )
2026-01-14 08:34:53 -05:00
github-actions[bot]
8daabdde5c
chore(release): 7.19.2-dev.1 [skip ci]
2026-01-13 21:46:25 +00:00
Kai (Tam Nhu) Tran and GitHub
4a1679d747
Merge pull request #327 from kaitranntt/feat/login-auth
...
feat(dashboard): add optional login authentication with CLI setup (#319 )
2026-01-13 16:45:27 -05:00
github-actions[bot]
fffcd7aa0e
chore(sync): merge main into dev after release [skip ci]
2026-01-13 21:45:08 +00:00
semantic-release-bot
cb32e913d2
chore(release): 7.19.2 [skip ci]
...
## [7.19.2](https://github.com/kaitranntt/ccs/compare/v7.19.1...v7.19.2 ) (2026-01-13)
### Bug Fixes
* **ci:** expand allowedTools patterns for flexible comment posting ([0a27c6a ](https://github.com/kaitranntt/ccs/commit/0a27c6a12f53dd050dc8104ce8d82e2cb4bcef3f ))
2026-01-13 21:44:41 +00:00
kaitranntt
0a27c6a12f
fix(ci): expand allowedTools patterns for flexible comment posting
...
Add Bash(echo *) and Bash(cat *) patterns to allow heredocs and pipes.
This gives the AI reviewer flexibility to use any method for posting
multi-line review comments while remaining safe (shell-operator aware).
2026-01-13 16:43:39 -05:00
github-actions[bot]
a4437491ed
chore(sync): merge main into dev after release [skip ci]
2026-01-13 21:39:14 +00:00
semantic-release-bot
e0776df0e6
chore(release): 7.19.1 [skip ci]
...
## [7.19.1](https://github.com/kaitranntt/ccs/compare/v7.19.0...v7.19.1 ) (2026-01-13)
### Bug Fixes
* **ci:** update allowedTools pattern to prevent token waste on retries ([edec6f6 ](https://github.com/kaitranntt/ccs/commit/edec6f6df242a092545a3c7ffd2856aad4f3f2af ))
2026-01-13 21:38:50 +00:00
kaitranntt
edec6f6df2
fix(ci): update allowedTools pattern to prevent token waste on retries
...
Changed pattern from `Bash(gh pr comment:*)` to `Bash(gh pr comment *)`
to match space-separated args. Updated prompt to discourage heredocs
and pipes which don't match the pattern, causing 6+ retry attempts.
2026-01-13 16:37:43 -05:00
kaitranntt
a3a167e62a
fix(auth): add security hardening per code review
...
- Add timing-safe username comparison to prevent timing attacks
- Regenerate session on login to prevent session fixation
- Add warning log when session secret persistence fails
2026-01-13 16:23:10 -05:00
github-actions[bot]
60488c262d
chore(sync): merge main into dev after release [skip ci]
...
# Conflicts:
# package.json
2026-01-13 21:23:02 +00:00
semantic-release-bot
c514a8bc75
chore(release): 7.19.0 [skip ci]
...
## [7.19.0](https://github.com/kaitranntt/ccs/compare/v7.18.3...v7.19.0 ) (2026-01-13)
### Features
* **doctor:** add --help flag with comprehensive command documentation ([22c7d4a ](https://github.com/kaitranntt/ccs/commit/22c7d4a20d96d12a2c38ec60d226a6bc26dce9b0 ))
### Bug Fixes
* **ci:** prevent AI review self-cancellation with smart concurrency ([25d31ce ](https://github.com/kaitranntt/ccs/commit/25d31ce4329daf9512df4e0236e02d89d05b0842 ))
* **ci:** trigger AI review on follow-up commits to PR ([a2a13fb ](https://github.com/kaitranntt/ccs/commit/a2a13fb16ec3d655a817e548a5cb72a21c6c774e ))
2026-01-13 21:22:36 +00:00
github-actions[bot]
1d2dcbf1f6
chore(release): 7.18.3-dev.3 [skip ci]
2026-01-13 21:04:12 +00:00
kaitranntt
25d31ce432
fix(ci): prevent AI review self-cancellation with smart concurrency
...
Root cause: When the bot posts a review comment, GitHub fires an
issue_comment event that joins the same concurrency group and cancels
the in-progress run BEFORE job `if` conditions are evaluated.
Solution: Non-actionable triggers (bot comments, comments without
/review) get a unique per-run group via format('skip-{0}', github.run_id),
while legitimate triggers share the PR-based group for proper
cancellation of outdated reviews.
2026-01-13 16:03:02 -05:00
github-actions[bot]
865870ba4c
chore(release): 7.18.3-dev.2 [skip ci]
2026-01-13 20:53:31 +00:00
kaitranntt
a2a13fb16e
fix(ci): trigger AI review on follow-up commits to PR
...
- Add `synchronize` event to trigger on new commits pushed to PR
- Add `reopened` event to trigger when PR is reopened
- Update documentation comments to reflect new behavior
- Keep cancel-in-progress to prevent stale reviews
Fixes issue where AI review only ran on PR creation, requiring
manual /review comment for subsequent commits.
2026-01-13 15:52:18 -05:00
kaitranntt
39c1ee2ca0
feat(config): add ccs config auth CLI subcommand
...
Interactive CLI for managing dashboard authentication:
- ccs config auth setup: Interactive wizard with bcrypt password hashing
- ccs config auth show: Display current auth status and ENV overrides
- ccs config auth disable: Disable auth with confirmation
Follows modular facade pattern from auth-commands.ts.
Uses InteractivePrompt for masked password input.
Includes local documentation at docs/dashboard-auth-cli.md.
Related: #319
2026-01-13 15:13:10 -05:00
kaitranntt
37e3468d4d
fix(auth): move redirect to useEffect and validate bcrypt hash format
...
- Fix React side effect: move navigate() to useEffect in LoginPage
- Remove misplaced express-rate-limit from ui/package.json
- Add bcrypt hash format validation before bcrypt.compare
2026-01-13 14:43:55 -05:00
kaitranntt
759d43c8f7
Merge remote-tracking branch 'origin/dev' into feat/login-auth
2026-01-13 14:31:01 -05:00
github-actions[bot]
097b018532
chore(release): 7.18.3-dev.1 [skip ci]
2026-01-13 19:22:20 +00:00
Kai (Tam Nhu) Tran and GitHub
8fb822f873
Merge pull request #320 from kaitranntt/feat/doctor-help-command
...
feat(doctor): add --help flag with comprehensive command documentation
2026-01-13 14:21:23 -05:00
github-actions[bot]
aaa8f88662
chore(sync): merge main into dev after release [skip ci]
...
# Conflicts:
# package.json
2026-01-13 19:02:01 +00:00
semantic-release-bot
75609221b1
chore(release): 7.18.3 [skip ci]
...
## [7.18.3](https://github.com/kaitranntt/ccs/compare/v7.18.2...v7.18.3 ) (2026-01-13)
### Bug Fixes
* **ci:** simplify AI review workflow by disabling progress tracking ([4ef2d48 ](https://github.com/kaitranntt/ccs/commit/4ef2d4848cf12d197ba1f8cd5dac66b55c82c8be ))
* **ci:** simplify AI review workflow by disabling progress tracking ([#323 ](https://github.com/kaitranntt/ccs/issues/323 )) ([39b37ca ](https://github.com/kaitranntt/ccs/commit/39b37caa892f8b723f003c8ed0c6d8f2fe96d799 ))
2026-01-13 19:01:33 +00:00
github-actions[bot]
dfe0e2d5ba
chore(release): 7.18.2-dev.1 [skip ci]
2026-01-13 19:01:15 +00:00
Kai (Tam Nhu) Tran and GitHub
39b37caa89
fix(ci): simplify AI review workflow by disabling progress tracking ( #323 )
...
fix(ci): simplify AI review workflow by disabling progress tracking
2026-01-13 14:00:31 -05:00
kaitranntt
4ef2d4848c
fix(ci): simplify AI review workflow by disabling progress tracking
...
Root cause of cancellations was track_progress posting comments that
triggered new workflow runs. Instead of complex concurrency isolation,
simply disable progress tracking.
Changes:
- track_progress: false (no intermediate comments)
- Simple concurrency: ai-review-<PR_NUMBER>
- Removed extra bot filters (no longer needed)
Result: Clean PRs with just the final review comment.
2026-01-13 14:00:14 -05:00