Commit Graph
1252 Commits
Author SHA1 Message Date
Tam Nhu Tran 27409b789b fix(docker): harden proxy with timeout, Bun compat, and test coverage
- Add 30s timeout on proxy requests to prevent indefinite hangs
- Wrap resolveLocalCliproxyPort in try/catch with default port fallback
- Simplify buildProxyBody: remove fragile content-length check that
  caused Bun to fall through to req.pipe() on consumed streams
- Replace proxyRes.pipe(res) with manual streaming for Bun compatibility
  (pipe hangs after writeHead in Bun runtime)
- Replace deprecated req.on('aborted') with res.on('close') cleanup
  (req.on('close') fires with req.destroyed=true in Bun after body
  consumption, prematurely destroying the proxy connection)
- Explicitly end proxy request for bodyless methods (GET/HEAD/OPTIONS)
  instead of piping an already-consumed express stream
- Add server.closeAllConnections() in test cleanup to prevent hangs
- Add GET passthrough and 502 unreachable test cases
2026-04-01 11:39:34 -04:00
Tam Nhu Tran ca54bad2aa fix(codex): harden native runtime detection 2026-04-01 01:39:14 -04:00
Tam Nhu Tran b6717c5529 fix: bootstrap explicit CODEX_HOME for ccsxp 2026-04-01 00:03:10 -04:00
Tam Nhu Tran 014a844844 fix: probe Codex config override support directly 2026-03-31 23:38:23 -04:00
Tam Nhu Tran 7f83e041b7 feat(websearch): add managed mcp runtime and provider cooldowns
- switch ccs-websearch MCP to stdio-first framing and keep legacy compatibility

- add cooldown persistence and bounded retries for provider failures

- surface cooldown status in readiness output and regression tests
2026-03-31 14:22:11 -04:00
Tam Nhu Tran cae5b710b8 fix(websearch): close review gaps in managed runtime 2026-03-30 23:02:20 -04:00
Tam Nhu Tran de7171d810 feat(websearch): finish managed third-party rollout
- steer third-party launches toward the managed WebSearch MCP tool

- add opt-in trace diagnostics across launch, MCP, provider, and headless paths

- extend docs and regression coverage for the first-class runtime

Refs #862
2026-03-30 22:41:51 -04:00
UserandClaude Opus 4.6 6471cc55d7 fix(docker): harden cliproxy local proxy with auth guard, dynamic port, and body handling
Move reverse proxy under /api/cliproxy-local so it sits behind auth
middleware. Enforce localhost-only access when dashboard auth is disabled.
Resolve the target port from unified config instead of hardcoding 8317.
Re-serialize parsed JSON bodies before forwarding so writes still work
behind express.json(). Clean up proxy connections on client abort.

On the frontend, point the iframe and health check at the new same-origin
API path, probe the proxy directly, and tighten iframe origin/path
validation before sending the auto-login secret.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 16:33:32 -07:00
Tam Nhu Tran b087c02738 fix: merge existing disallowed tool flags for websearch 2026-03-30 17:39:21 -04:00
Tam Nhu Tran 2c153045f3 refactor: remove duplicate copilot websearch sync 2026-03-30 17:20:37 -04:00
Tam Nhu Tran f0cd44e016 fix: use type-only import in instance manager 2026-03-30 16:12:30 -04:00
Tam Nhu Tran e260df7178 feat: add first-class CCS WebSearch runtime 2026-03-30 16:10:39 -04:00
Tam Nhu Tran 22f091689f fix(codex): harden duplicate-email account actions 2026-03-30 15:30:11 -04:00
Tam Nhu Tran c73f33872a feat(cliproxy): support duplicate-email codex accounts
- keep Codex team and personal auth files as separate identities

- resolve quota and live monitor stats by token file-backed account id

- surface duplicate-aware account labels across the dashboard and variant UI
2026-03-30 15:30:11 -04:00
UserandClaude Opus 4.6 881b061dfe fix(docker): proxy CLIProxy management panel through dashboard to avoid cross-origin errors
In Docker, the browser cannot directly reach the container-internal CLIProxy
port (8317). This adds a reverse proxy at /cliproxy-local/* that forwards
requests through the dashboard Express server to 127.0.0.1:8317 internally.
The control panel embed now uses same-origin API endpoints for health checks
and the proxy path for the management iframe.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 06:25:14 -07:00
Tam Nhu Tran bd1ff02521 fix(codex): align cliproxy guidance with runtime behavior 2026-03-29 21:04:59 -04:00
Tam Nhu Tran 0ffde4f3a2 feat(codex-ui): surface cliproxy setup guidance 2026-03-29 19:44:02 -04:00
Tam Nhu Tran 318b57bedc docs(codex): clarify ccsxp and cliproxy setup 2026-03-29 19:43:46 -04:00
Tam Nhu Tran deb1e9d71e feat(codex): add ccsxp runtime shortcut 2026-03-29 19:43:26 -04:00
Tam Nhu Tran 643bd2a5ac fix(codex): restore version context for override failures 2026-03-29 16:32:11 -04:00
Tam Nhu Tran f47ab484f3 fix(codex): harden native alias launches
- pass ccsx help/version flags straight through to native Codex

- strip parent Codex session env before nested launches

- avoid eager version/help probes unless config override detection is needed
2026-03-29 15:54:18 -04:00
Kai (Tam Nhu) TranandGitHub 6fc9aacc06 Merge pull request #850 from kaitranntt/kai/feat/issue-773-codex-runtime-target
feat: add codex runtime target and dashboard parity
2026-03-29 14:43:09 -04:00
Tam Nhu Tran 9e43beec40 feat(codex): harden runtime targeting and dashboard editing 2026-03-29 14:18:51 -04:00
Tam Nhu Tran 6707b7d5b4 fix(cliproxy): preserve manual high-minor alias clusters 2026-03-29 14:13:23 -04:00
Tam Nhu Tran c4428e4176 fix(cliproxy): narrow legacy gemini alias cleanup 2026-03-29 14:07:28 -04:00
Tam Nhu Tran 061cd9679f fix(cliproxy): prune stale control panel alias clusters
- prune stale generated Gemini preview clusters during config regeneration

- preserve manual preview overrides on built-in Gemini alias names

- add regression coverage for stale cluster cleanup and manual pins
2026-03-29 14:07:28 -04:00
Tam Nhu Tran ebc9acf8e4 fix(codex): harden dashboard config editing 2026-03-29 13:14:15 -04:00
Tam Nhu Tran b47aa0d28d feat(codex): add dashboard control center
- add guided editors for top-level settings, trust, profiles, providers, MCP, and features

- refresh raw snapshots after patch saves to avoid stale mtime conflicts

- block structured saves while raw TOML is dirty and add route plus hook coverage
2026-03-29 13:14:15 -04:00
Tam Nhu Tran 3c52b1ab6d fix(codex): align runtime compatibility and dashboard types 2026-03-29 13:14:15 -04:00
Tam Nhu Tran 8c5da9f9e8 feat: add codex dashboard parity 2026-03-29 13:14:15 -04:00
Tam Nhu Tran f9c1238483 feat(profiles): expose codex runtime across surfaces
- update CLI, API, route, and dashboard surfaces to recognize the Codex runtime target

- normalize persisted codex targets back to claude so runtime-only behavior stays truthful

- add regression coverage for help text, route parsing, and profile storage normalization

Refs #773
2026-03-29 13:14:15 -04:00
Tam Nhu Tran 8f60820f33 feat(targets): add native codex runtime target
- add a Codex adapter, detector, runtime aliases, and compatibility matrix

- keep Codex runtime-only while preserving persisted targets for claude and droid

- cover Codex launch, reasoning, wrapper detection, and bridge routing regressions

Refs #773
2026-03-29 13:14:15 -04:00
Tam Nhu Tran 5a09547532 fix(auth): signal auth-required for remote access in /api/auth/check
The auth check endpoint always returned authRequired=false when auth
was disabled, even for remote clients. This caused the UI to render
the dashboard directly, where all data API calls return 403 silently.

Now detects remote access via isLoopbackRemoteAddress and sets
effectiveAuthRequired=true, so the UI properly redirects to the login
page. Also fixes misleading catch handler comment in auth-context.
2026-03-29 10:54:44 -04:00
Tam Nhu Tran 59be7f8682 fix(docker): print auth setup reminder after remote deployment
Users deploying via ccs docker up --host see "Docker stack is running"
but hit a broken dashboard because auth is required for remote API
access. Now prints a reminder with the exact command to configure auth.
2026-03-28 21:22:20 -04:00
Tam Nhu Tran e8b7ac730f fix(docker): wrap session registration in try-catch and narrow ETXTBSY guard
Session registration in spawn handler can throw on lock contention or
disk errors — wrap in try-catch to prevent silent proxy-untracked state.

Narrow EBUSY catch to ETXTBSY only since EBUSY on non-Linux platforms
can mean mount point or directory in use, not running binary. Fix
misleading "skip" comment to say "abort".
2026-03-28 19:00:54 -04:00
Tam Nhu Tran 7d410b26d0 fix(docker): address review findings — PID guard, deleteBinary guard, blocked fallback
- Guard child.pid falsy in bootstrap (PID 0 creates immortal phantom lock)
- Add ETXTBSY/EBUSY guard to deleteBinary() (same vuln as downloadAndInstall)
- Fix error message to suggest container restart (not circular ccs docker update)
- Tighten status.blocked guard to handle missing blocker gracefully
2026-03-28 18:12:18 -04:00
Tam Nhu Tran 5eac9c584a fix(cliproxy): guard binary install against ETXTBSY when running
In Docker, the dashboard tried to update the CLIProxy binary while
the bootstrap's instance was already executing it, causing ETXTBSY.
Now catches the error and throws a clear message instead of crashing.
2026-03-28 17:56:03 -04:00
Tam Nhu Tran a0f28f8807 fix(docker): register session lock from bootstrap for proxy discovery
Docker bootstrap spawns CLIProxy but never registered a session lock,
so the dashboard's fallback detection found nothing. Now registers on
spawn and unregisters on close.
2026-03-28 17:55:51 -04:00
Tam Nhu Tran d7a80ed38d fix(docker): use HTTP-first proxy detection in health checks
Health check used OS-level port detection (lsof/ss) which is
unavailable in minimal Alpine containers. Switched to the unified
detectRunningProxy() which tries HTTP first, then session lock,
then port-process as fallback.
2026-03-28 17:55:39 -04:00
Tam Nhu Tran 60167d3f2b fix(docker): use export for remote env vars and increase build timeout
Remote compose commands placed env vars directly before a compound
if/then statement which is invalid bash syntax. Changed to export
statements chained with &&.

Added REMOTE_DOCKER_BUILD_TIMEOUT_MS (5min) for up and update
operations that involve npm install inside the container. Quick
queries (status, config, down) keep the default 30s timeout.

Closes #832
2026-03-28 16:22:17 -04:00
Tam Nhu Tran 836c485095 Merge remote-tracking branch 'origin/dev' into kai/fix/websearch-hook-install-settings-profiles 2026-03-28 15:47:22 -04:00
Tam Nhu Tran 0821c68559 fix(websearch): restore hook recovery and force register 2026-03-28 10:37:20 -04:00
Tam Nhu Tran 2423864817 fix(cliproxy): align gemini flash pricing and dashboard imports 2026-03-28 09:54:26 -04:00
Tam Nhu Tran 0e6965d205 fix(websearch): harden settings-profile hook setup
- fail enabled settings-profile create and launch flows when hook preparation is still unusable

- refresh stale shared hook binaries without rewriting unchanged installs or failing benign races

- add rollback and regression coverage for disabled, stale, invalid, copy, import, and launch paths
2026-03-28 09:51:13 -04:00
Tam Nhu Tran 2251312411 fix(cliproxy): centralize gemini compatibility and fallback hints 2026-03-27 17:38:31 -04:00
Tam Nhu Tran fbbdd80830 fix(websearch): avoid partial settings-hook migration
- verify the hook binary before migrating global WebSearch hook state

- centralize migration-marker helpers in hook-installer exports

- expand regression coverage for existing-hook, disabled, invalid-name, and failed-install paths
2026-03-27 17:22:56 -04:00
Tam Nhu Tran 39a3e9dfc0 fix(websearch): install hook for settings profiles
- ensure profile hook injection installs the transformer binary before writing the command

- keep migration marker cleanup in the installer to avoid a circular import

- add a regression test for isolated CCS_HOME settings profiles
2026-03-27 17:05:41 -04:00
Tam Nhu Tran 5ac91e0cac fix(cliproxy): align gemini 3.1 preset compatibility 2026-03-27 16:39:40 -04:00
Kai (Tam Nhu) TranandGitHub 508c96e289 Merge pull request #820 from kaitranntt/kai/feat/812-docker-command
feat: add ccs docker deployment commands
2026-03-27 15:23:12 -04:00
Tam Nhu Tran 5ad4303345 fix(docker): bound blocking command execution
- add default local and remote sync-command timeouts with clearer timeout diagnostics

- remove extra synchronous fs and process.exit patterns from docker assets/bootstrap helpers

- register the docker help handler in CLAUDE.md for the repo help-location reference
2026-03-27 15:05:17 -04:00