Commit Graph
368 Commits
Author SHA1 Message Date
Tam Nhu Tran ca54bad2aa fix(codex): harden native runtime detection 2026-04-01 01:39:14 -04:00
UserandClaude Opus 4.6 6471cc55d7 fix(docker): harden cliproxy local proxy with auth guard, dynamic port, and body handling
Move reverse proxy under /api/cliproxy-local so it sits behind auth
middleware. Enforce localhost-only access when dashboard auth is disabled.
Resolve the target port from unified config instead of hardcoding 8317.
Re-serialize parsed JSON bodies before forwarding so writes still work
behind express.json(). Clean up proxy connections on client abort.

On the frontend, point the iframe and health check at the new same-origin
API path, probe the proxy directly, and tighten iframe origin/path
validation before sending the auto-login secret.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 16:33:32 -07:00
Tam Nhu Tran c73f33872a feat(cliproxy): support duplicate-email codex accounts
- keep Codex team and personal auth files as separate identities

- resolve quota and live monitor stats by token file-backed account id

- surface duplicate-aware account labels across the dashboard and variant UI
2026-03-30 15:30:11 -04:00
UserandClaude Opus 4.6 881b061dfe fix(docker): proxy CLIProxy management panel through dashboard to avoid cross-origin errors
In Docker, the browser cannot directly reach the container-internal CLIProxy
port (8317). This adds a reverse proxy at /cliproxy-local/* that forwards
requests through the dashboard Express server to 127.0.0.1:8317 internally.
The control panel embed now uses same-origin API endpoints for health checks
and the proxy path for the management iframe.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 06:25:14 -07:00
Tam Nhu Tran bd1ff02521 fix(codex): align cliproxy guidance with runtime behavior 2026-03-29 21:04:59 -04:00
Tam Nhu Tran 0ffde4f3a2 feat(codex-ui): surface cliproxy setup guidance 2026-03-29 19:44:02 -04:00
Tam Nhu Tran 9e43beec40 feat(codex): harden runtime targeting and dashboard editing 2026-03-29 14:18:51 -04:00
Tam Nhu Tran ebc9acf8e4 fix(codex): harden dashboard config editing 2026-03-29 13:14:15 -04:00
Tam Nhu Tran b47aa0d28d feat(codex): add dashboard control center
- add guided editors for top-level settings, trust, profiles, providers, MCP, and features

- refresh raw snapshots after patch saves to avoid stale mtime conflicts

- block structured saves while raw TOML is dirty and add route plus hook coverage
2026-03-29 13:14:15 -04:00
Tam Nhu Tran 8c5da9f9e8 feat: add codex dashboard parity 2026-03-29 13:14:15 -04:00
Tam Nhu Tran f9c1238483 feat(profiles): expose codex runtime across surfaces
- update CLI, API, route, and dashboard surfaces to recognize the Codex runtime target

- normalize persisted codex targets back to claude so runtime-only behavior stays truthful

- add regression coverage for help text, route parsing, and profile storage normalization

Refs #773
2026-03-29 13:14:15 -04:00
Tam Nhu Tran 5a09547532 fix(auth): signal auth-required for remote access in /api/auth/check
The auth check endpoint always returned authRequired=false when auth
was disabled, even for remote clients. This caused the UI to render
the dashboard directly, where all data API calls return 403 silently.

Now detects remote access via isLoopbackRemoteAddress and sets
effectiveAuthRequired=true, so the UI properly redirects to the login
page. Also fixes misleading catch handler comment in auth-context.
2026-03-29 10:54:44 -04:00
Tam Nhu Tran 7d410b26d0 fix(docker): address review findings — PID guard, deleteBinary guard, blocked fallback
- Guard child.pid falsy in bootstrap (PID 0 creates immortal phantom lock)
- Add ETXTBSY/EBUSY guard to deleteBinary() (same vuln as downloadAndInstall)
- Fix error message to suggest container restart (not circular ccs docker update)
- Tighten status.blocked guard to handle missing blocker gracefully
2026-03-28 18:12:18 -04:00
Tam Nhu Tran d7a80ed38d fix(docker): use HTTP-first proxy detection in health checks
Health check used OS-level port detection (lsof/ss) which is
unavailable in minimal Alpine containers. Switched to the unified
detectRunningProxy() which tries HTTP first, then session lock,
then port-process as fallback.
2026-03-28 17:55:39 -04:00
Tam Nhu Tran 2423864817 fix(cliproxy): align gemini flash pricing and dashboard imports 2026-03-28 09:54:26 -04:00
Tam Nhu Tran 5ac91e0cac fix(cliproxy): align gemini 3.1 preset compatibility 2026-03-27 16:39:40 -04:00
Tam Nhu Tran dff40b5e24 fix(websearch): align provider validation metadata 2026-03-27 14:49:00 -04:00
Tam Nhu Tran 4ccc3edcbb fix(websearch): restrict dashboard secrets routes 2026-03-27 14:14:23 -04:00
Tam Nhu Tran 20c48c6105 feat(websearch): manage provider API keys in dashboard
- add masked dashboard-managed API key state for Exa, Tavily, and Brave
- persist WebSearch keys through global_env while keeping WebSearch as the UX surface
- treat dashboard-managed keys as ready in status checks and cover the flow with route/UI tests
2026-03-27 13:25:26 -04:00
Tam Nhu Tran 368a625d92 fix(cliproxy): restore live monitor provider attribution 2026-03-26 17:18:47 -04:00
Tam Nhu Tran ce4401e84e feat(auth): let power user mode skip Gemini auth gate 2026-03-26 15:03:24 -04:00
Tam Nhu Tran ec1417ab7c fix(channels): reject oversized official channel tokens
Add a 4096-character cap before persisting official channel tokens, map that validation failure to HTTP 400 in the dashboard route, and cover both paths with regression tests.
2026-03-25 22:38:15 -04:00
Tam Nhu Tran 3af554275e test: isolate shared-state test suites for CI stability
- add dependency injection to export-command, binary-manager,
  codex-plan-compatibility, config-command, and usage-syncer
- override process.exit in api-export test to prevent silent
  termination in Bun's parallel test runner
- harden test-environment bootstrap with process.env isolation
- fix auth middleware to avoid config upgrade during checks
2026-03-25 16:41:41 -04:00
Tam Nhu Tran a97fc42b10 feat(channels): auto-enable official Claude channels 2026-03-25 16:31:55 -04:00
Tam Nhu Tran 0e2f47802b style: format official channel files 2026-03-25 16:31:55 -04:00
Tam Nhu Tran 6f1f032c63 feat(channels): support telegram and imessage
- replace the Discord-only config with multi-channel official channels selection

- add Telegram token handling and iMessage platform-aware runtime gating

- expand CLI, dashboard, and tests for Telegram, Discord, and iMessage

Refs #783
2026-03-25 16:31:55 -04:00
Tam Nhu Tran 4bce1559dd feat(channels): auto-enable official discord plugin
- add runtime injection for official Discord Channels on eligible native Claude sessions

- add CLI and dashboard configuration plus secure token handling

- add tests for launch planning, token sync, and config routing

Refs #783
2026-03-25 16:31:55 -04:00
Tam Nhu Tran 6ccf53ec7d fix(config): preserve hidden auth secrets and block scalars 2026-03-24 15:25:49 -04:00
Tam Nhu Tran e983bed1da fix(config): close dashboard secret redaction gaps 2026-03-24 15:15:29 -04:00
Tam Nhu Tran 37251cd1f8 fix(config): harden dashboard config and rollback paths 2026-03-24 14:38:40 -04:00
Tam Nhu Tran 06d098ae0e style(auth): format cliproxy auth route 2026-03-24 09:26:15 -04:00
Tam Nhu Tran 09eb01f16e fix(auth): verify polled oauth account persistence 2026-03-24 09:15:05 -04:00
Tam Nhu Tran 83dab7fea7 style(websearch): format routes after rebase 2026-03-23 15:38:10 -04:00
Tam Nhu Tran 6c7d215ecc feat(websearch): add real provider chain 2026-03-23 15:26:05 -04:00
Tam Nhu Tran 4df08f6d99 feat: make cliproxy provider nicknames optional by default 2026-03-23 11:02:08 -04:00
Tam Nhu Tran bdb7ac2937 feat(cliproxy): allow optional provider nicknames
- stop requiring manual unique nicknames for no-email providers by default

- preserve explicit nickname validation and same-account reauth semantics

- persist optional nicknames through dashboard manual callback flows
2026-03-23 11:02:08 -04:00
Tam Nhu Tran 0d90f04f3e fix: stabilize validate pipeline and cliproxy route tests 2026-03-20 09:29:51 -04:00
Tam Nhu Tran 50c55bb108 feat(cliproxy): add dedicated ai providers workspace 2026-03-19 11:55:02 -04:00
Tam Nhu Tran 287691fa04 feat(profiles): add cliproxy api profile bridge
- add backend and CLI flows for creating routed API profiles from CLIProxy providers

- add dashboard bridge CTAs, metadata, and guided create dialog mode

- cover bridge routes and dialog behavior with focused tests

Refs #649
2026-03-19 10:24:28 -04:00
Tam Nhu Tran 36e8ed5d87 fix(management): serialize lifecycle maintenance paths
- serialize deleteInstance with the same profile and plugin-layout locks as ensure

- lock non-account marketplace normalization paths and ignore .locks as an instance source
2026-03-18 08:04:48 -04:00
Tam Nhu Tran eb9e9a8c83 fix: restore route target parser exports 2026-03-17 10:10:08 -04:00
Tam Nhu Tran dcc67477ec fix: align dashboard host warnings with effective bind 2026-03-17 09:58:11 -04:00
Tam Nhu Tran 553f8ac1e5 feat: add dashboard host binding option 2026-03-17 09:57:51 -04:00
Tam Nhu Tran 6724ea52c2 style(claude-extension): apply formatter output 2026-03-15 15:58:37 -04:00
Tam Nhu Tran a2f531016d feat(claude-extension): add binding workflow 2026-03-15 15:58:37 -04:00
Tam Nhu Tran 56ba37911a fix(config): guard Claude extension metadata 2026-03-15 15:58:37 -04:00
Tam Nhu Tran b82f10e639 feat(config): add Claude IDE extension setup flow 2026-03-15 15:58:37 -04:00
Tam Nhu Tran 7bd4049602 fix(copilot): stop mutating config on read 2026-03-15 14:53:43 -04:00
Tam Nhu Tran c409a4522c fix: normalize stale copilot raptor-mini model 2026-03-10 17:55:28 +07:00
Tam Nhu Tran 5bcad30762 Merge remote-tracking branch 'origin/dev' into pr-689-anthropic-direct-api
# Conflicts:
#	ui/src/components/profiles/profile-dialog.tsx
2026-03-07 15:59:44 +07:00