Commit Graph
1792 Commits
Author SHA1 Message Date
Kai (Tam Nhu) TranandGitHub bc9951656a Merge pull request #439 from kaitranntt/kai/fix/435-bun-update
fix(update): pre-remove package on Windows bun before reinstall
2026-02-03 21:50:08 -05:00
kaitranntt 0e7b9c9190 fix(hooks): add edge case validation in image analyzer
- Empty model validation: check `model.trim()` before using
- 10MB boundary: use `>=` instead of `>` for consistent messaging
- Timeout clamping: ensure timeout is between 1-600 seconds
- Response stream error: add error handler for network failures
- Empty response validation: check before JSON.parse to prevent crashes
2026-02-03 21:44:44 -05:00
kaitranntt a55e0af8ef fix(update): pre-remove package on Windows bun before reinstall
On Windows, bun's global binary symlink may not update properly when
reinstalling the same package. Pre-remove the existing installation
to ensure a clean update, mirroring the dev-install.sh behavior.

Closes #435
2026-02-03 21:41:56 -05:00
github-actions[bot] e821a3bee6 chore(release): 7.34.1-dev.3 [skip ci] 2026-02-04 02:35:51 +00:00
Kai (Tam Nhu) TranandGitHub b565ef9980 Merge pull request #438 from kaitranntt/kai/fix/glmt-verbose-retry-logs
fix(glmt): gate retry rate limit logs behind verbose flag
2026-02-03 21:34:47 -05:00
kaitranntt 40caff13ad refactor(hooks): use provider_models mapping for image analysis
Changes ImageAnalysisConfig from providers array to provider_models
mapping for granular vision model control per CLIProxy provider.

Breaking change: config.yaml image_analysis section now uses
provider_models instead of providers/model fields.

Provider-to-model mappings:
- agy → gemini-2.5-flash
- gemini → gemini-2.5-flash
- codex → gpt-5.1-codex-mini
- kiro → kiro-claude-haiku-4-5
- ghcp → claude-haiku-4.5
- claude → claude-haiku-4-5-20251001

Hook checks CCS_CURRENT_PROVIDER against provider_models and skips
if no vision model configured for that provider.
2026-02-03 21:32:19 -05:00
kaitranntt 73824bc99e fix(glmt): gate retry rate limit logs behind verbose flag
Rate limit retry messages now only appear when verbose mode is enabled,
keeping test output clean while preserving debug capability.
2026-02-03 21:09:18 -05:00
kaitranntt 9662490a74 fix(hooks): add defensive validation for env var generation 2026-02-03 21:03:05 -05:00
kaitranntt 70caaa00a0 fix(hooks): improve image analysis output format
Match websearch transformer format:
- Header: [Image Analysis via CLIProxy]
- Metadata: File name, size in KB, model used
- Separator lines for better readability
- Footer instruction for Claude
2026-02-03 20:58:05 -05:00
kaitranntt d5f2acaa6e feat(hooks): add image/PDF analysis via CLIProxy transformer
Intercept Read tool calls for image/PDF files and route through CLIProxy
with gemini-2.5-flash for vision analysis. Returns text descriptions
instead of blocking, enabling Claude to "see" images via proxy.

Key changes:
- Add image-analyzer-transformer.cjs hook script
- Add ImageAnalysisConfig type and loader
- Add hook installer and profile injector
- Add prompt templates for analysis customization
- Add e2e test suite (excluded from normal CI runs)
- Configure test:e2e script for manual testing

Environment variables:
- CCS_IMAGE_ANALYSIS_ENABLED: Enable/disable (default: 1)
- CCS_IMAGE_ANALYSIS_MODEL: Vision model (default: gemini-2.5-flash)
- CCS_IMAGE_ANALYSIS_TIMEOUT: Timeout in seconds (default: 60)
- CCS_CLIPROXY_API_KEY: API key for CLIProxy auth
- CCS_CLIPROXY_PORT: CLIProxy port (default: 8317)

Closes #426
2026-02-03 20:34:05 -05:00
github-actions[bot] 38d2db9304 chore(release): 7.34.1-dev.2 [skip ci] 2026-02-04 01:00:01 +00:00
Kai (Tam Nhu) TranandGitHub 384b147a64 Merge pull request #434 from kaitranntt/kai/fix/backup-redundancy
fix(backup): create backups only when settings content changes
2026-02-03 19:58:55 -05:00
kaitranntt c324e92eb4 fix(backup): create backups only when settings content changes
Previously, PUT /api/settings/:profile created a backup on every request
regardless of whether the content actually changed. This led to hundreds
of identical backup files accumulating in ~/.ccs/backups/.

Changes:
- Compare existing content with new content before creating backup
- Reuse computed newContent for atomic write (DRY)
- Make hook injection idempotent by checking content before write

Fixes #433
2026-02-03 19:48:00 -05:00
github-actions[bot] b833b149e0 chore(release): 7.34.1-dev.1 [skip ci] 2026-02-03 05:14:46 +00:00
Kai (Tam Nhu) TranandGitHub 2e96d215e4 Merge pull request #432 from kaitranntt/fix/431-dynamic-model-display
fix(delegation): dynamic model display from settings
2026-02-03 00:13:38 -05:00
kaitranntt f6b7045023 fix(delegation): dynamic model display from settings
- Read ANTHROPIC_MODEL from profile settings instead of hardcoding
- Display model name in full uppercase (GLM-4.7, not Glm-4.7)
- Add null/undefined guard to getModelDisplayName
- Remove hardcoded GLM-4.6/GLM-4.6 (Thinking) display names

Closes #431
2026-02-03 00:01:30 -05:00
semantic-release-bot d39e24ba16 chore(release): 7.34.1 [skip ci]
## [7.34.1](https://github.com/kaitranntt/ccs/compare/v7.34.0...v7.34.1) (2026-02-03)

### Bug Fixes

* **dashboard:** cross-browser OAuth with manual callback fallback ([#417](https://github.com/kaitranntt/ccs/issues/417)) ([#423](https://github.com/kaitranntt/ccs/issues/423)) ([24b0312](https://github.com/kaitranntt/ccs/commit/24b03121fd43121f229bd4c07cbd7e3ee5a0234a))
* **dashboard:** detect popup blocked during OAuth flow ([441870d](https://github.com/kaitranntt/ccs/commit/441870d38e5e7d8069df5f4695cb28275f0d48b6))
* **jsonl:** add explicit UTF-8 BOM stripping ([09b5239](https://github.com/kaitranntt/ccs/commit/09b5239f58213b24f2e13116cb2384748bf8913f))
* **quota:** add explicit 429 rate limit handling ([e596ab4](https://github.com/kaitranntt/ccs/commit/e596ab487d9782e4cd9633be081dc42e4a176668))
* **quota:** improve 403 error messaging for forbidden accounts ([5a308db](https://github.com/kaitranntt/ccs/commit/5a308db409392d88e637ee66b9c693b8b7557198))
* **websearch:** add type guards and deduplication for global settings ([847aad0](https://github.com/kaitranntt/ccs/commit/847aad00fee1fd920ddf8ea3a4b0e85aa1f3dfa4))
* **websearch:** normalize double-slash paths in hook detection ([66f5fe6](https://github.com/kaitranntt/ccs/commit/66f5fe6b2c2a955b4b616c38042ab3c9ead199a1))
* **websearch:** normalize Windows path separators in hook detection ([d61c940](https://github.com/kaitranntt/ccs/commit/d61c940a087d4e9134fa0a9ae32dc8d79d42648d))
* **websocket:** add maxPayload limit to prevent DoS attacks ([4fd2f60](https://github.com/kaitranntt/ccs/commit/4fd2f601f676c0710b078960ad1d6c45fba8a6ca))

### Code Refactoring

* **oauth:** align box chars with CCS standard and add JSDoc ([258220b](https://github.com/kaitranntt/ccs/commit/258220b7e8ec833efe772bf32b61800e20439ddb))
* **websearch:** extract shared hook utils to DRY module ([1f8d9b8](https://github.com/kaitranntt/ccs/commit/1f8d9b82d5ad89cefe73966e9c1ef57692dd9284)), closes [#420](https://github.com/kaitranntt/ccs/issues/420)

### Tests

* **websearch:** add unit tests for hook-utils module ([deb6249](https://github.com/kaitranntt/ccs/commit/deb62490dbe797369460ac07ad42a0790463a460))
2026-02-03 04:50:13 +00:00
Kai (Tam Nhu) TranandGitHub 29ba43ec66 Merge pull request #430 from kaitranntt/dev
Release: v7.34.0
2026-02-02 23:49:04 -05:00
github-actions[bot] 332d150a83 chore(release): 7.34.0-dev.3 [skip ci] 2026-02-03 04:42:32 +00:00
kaitranntt 258220b7e8 refactor(oauth): align box chars with CCS standard and add JSDoc
Use Unicode box characters (╔═╗║╚╝) per design guidelines and
add JSDoc to parseCallbackUrl helper function.
2026-02-02 23:41:13 -05:00
kaitranntt 441870d38e fix(dashboard): detect popup blocked during OAuth flow
Show toast warning with manual URL copy instructions when
browser blocks OAuth popup window.
2026-02-02 23:40:48 -05:00
kaitranntt 09b5239f58 fix(jsonl): add explicit UTF-8 BOM stripping
Strip BOM character before JSON parsing to ensure robust
cross-platform JSONL file handling.
2026-02-02 23:40:36 -05:00
kaitranntt 66f5fe6b2c fix(websearch): normalize double-slash paths in hook detection
Add .replace(/\/+/g, '/') to collapse multiple forward slashes,
preventing duplicate hook accumulation from malformed paths.
2026-02-02 23:40:25 -05:00
kaitranntt e596ab487d fix(quota): add explicit 429 rate limit handling
Match pattern from quota-fetcher-codex.ts for consistent
user-friendly error messages when rate limited.
2026-02-02 23:40:15 -05:00
kaitranntt 4fd2f601f6 fix(websocket): add maxPayload limit to prevent DoS attacks
Set 1MB payload limit and disable perMessageDeflate to prevent
memory exhaustion and zip bomb attacks on WebSocket server.
2026-02-02 23:40:04 -05:00
kaitranntt 9f3edc5daf fix(hooks): enable image-read blocking by default for third-party profiles
Match WebSearch hook pattern:
- ENABLED by default for settings/cliproxy profiles
- DISABLED for native Claude accounts (account/default)
- User can override via config: hooks.block_image_read.enabled: false

This ensures CCS CLI users get context protection out-of-the-box
while native Claude subscription users are unaffected.
2026-02-02 19:00:46 -05:00
kaitranntt 38eb74043c feat(hooks): add block-image-read hook to prevent context overflow
Add PreToolUse hook that intercepts Read tool calls on image files
(.png, .jpg, .webp, etc.) and blocks them with helpful message.

This prevents context exhaustion when image generation skills
produce multiple files and the agent tries to read them (each
image can consume 100K+ tokens).

Configuration:
- Enable via config.yaml: hooks.block_image_read.enabled: true
- Or env var: CCS_BLOCK_IMAGE_READ=1

Hook integration:
- lib/hooks/block-image-read.cjs - the hook script
- src/utils/hooks/image-read-block-hook-env.ts - config loader
- Integrated into all spawn locations (ccs.ts, shell-executor,
  cliproxy-executor)

Closes #426
2026-02-02 17:28:21 -05:00
Kai (Tam Nhu) TranandGitHub 24b03121fd fix(dashboard): cross-browser OAuth with manual callback fallback (#417) (#423)
- Remove destructive /start endpoint call from Dashboard OAuth dialog
  (was killing running CLIProxy Docker instances via killProcessOnPort)
- Use /start-url + polling only (management API, non-destructive)
- Auto-open browser tab via window.open() with manual fallback URL display
- Add paste-callback CLI mode (--paste-callback flag) for headless/SSH
- Use dynamic proxy target with management headers instead of hardcoded localhost
- Extract timeout constants, restore invariant comment
- Move hook-utils tests from src/__tests__/ to tests/unit/ (fixes tsc)
- Add try-catch for preset apply, remove auth URL console.log
2026-02-02 16:11:36 -05:00
kaitranntt deb62490db test(websearch): add unit tests for hook-utils module
Add 17 tests for isCcsWebSearchHook and deduplicateCcsHooks functions
covering Unix/Windows paths, edge cases, and duplicate cleanup.
Also add invariant comment in hook-config.ts.

Addresses code review feedback from PR #424.
2026-02-02 15:08:21 -05:00
github-actions[bot] cc55999628 chore(release): 7.34.0-dev.2 [skip ci] 2026-02-02 17:03:13 +00:00
Kai (Tam Nhu) TranandGitHub 5f8e2aeba8 Merge pull request #422 from kaitranntt/kai/fix/quota-forbidden-ux
fix(quota): improve 403 error messaging for forbidden accounts
2026-02-02 12:02:04 -05:00
github-actions[bot] deca06c42b chore(release): 7.34.0-dev.1 [skip ci] 2026-02-02 16:52:35 +00:00
kaitranntt 5a308db409 fix(quota): improve 403 error messaging for forbidden accounts
Instead of showing "Quota access forbidden" generic error, now shows:
- Antigravity: "403 Forbidden - No Gemini Code Assist access"
- Codex: "403 Forbidden - No quota API access"

Keeps success=false with isForbidden flag so UI can show distinct
"403" badge (similar to Antigravity-Manager) rather than conflating
with 0% exhausted state.

403 ≠ 0% exhausted - they are semantically different:
- 403: Account lacks API access entirely
- 0%: Account has access but quota is used up (shows reset time)
2026-02-02 11:52:23 -05:00
Kai (Tam Nhu) TranandGitHub dc75a4b9bb Merge pull request #420 from kaitranntt/kai/fix/windows-websearch-duplicates
fix(websearch): normalize Windows path separators in hook detection
2026-02-02 11:51:34 -05:00
kaitranntt 1f8d9b82d5 refactor(websearch): extract shared hook utils to DRY module
- Create hook-utils.ts with isCcsWebSearchHook() and deduplicateCcsHooks()
- Update profile-hook-injector.ts and hook-config.ts to use shared module
- Combine double writeFileSync into single write in ensureHookConfig()

Addresses code review feedback on PR #420
2026-02-02 11:42:39 -05:00
kaitranntt 847aad00fe fix(websearch): add type guards and deduplication for global settings
- Add typeof check before .replace() to prevent crash on non-string commands
- Add isCcsWebSearchHook() and deduplicateCcsHooks() to hook-config.ts
- Fix ensureHookConfig() detection to verify path, not just matcher
- Prevent overwriting user's custom WebSearch hooks
2026-02-02 11:36:48 -05:00
kaitranntt d61c940a08 fix(websearch): normalize Windows path separators in hook detection
On Windows, path.join() produces backslash paths (C:\Users\.ccs\hooks\...)
but detection used forward slashes, causing:
- Failed hook detection on Windows
- Duplicate hooks added on every CCS invocation

Changes:
- Normalize path separators (\ -> /) before matching
- Add deduplicateCcsHooks() to auto-cleanup accumulated duplicates
- Fix affects hasCcsHook(), isCcsWebSearchHook(), removeHookConfig()
2026-02-02 11:18:20 -05:00
semantic-release-bot be63056d11 chore(release): 7.34.0 [skip ci]
## [7.34.0](https://github.com/kaitranntt/ccs/compare/v7.33.0...v7.34.0) (2026-02-01)

### Features

* **glmt:** add rate limit resilience with exponential backoff retry ([3afdcea](https://github.com/kaitranntt/ccs/commit/3afdcea379a6527657ba326895f328c219ad6a88)), closes [#402](https://github.com/kaitranntt/ccs/issues/402)

### Bug Fixes

* **claude:** update base config to Claude 4.5 model IDs ([09dd701](https://github.com/kaitranntt/ccs/commit/09dd7016eb2570ef9946f9e7be0bbc300f75337a))
* **cliproxy:** load WebSearch hooks via --settings flag ([7aaf568](https://github.com/kaitranntt/ccs/commit/7aaf568c3f15ae0a5c9dcab14f3e61d811515c9a)), closes [#412](https://github.com/kaitranntt/ccs/issues/412)
* **glmt:** add env var validation and max delay cap ([67a8e2c](https://github.com/kaitranntt/ccs/commit/67a8e2cefcedad2f5a26f0d43952219379be5cc0))
* **glmt:** extract Retry-After from HTTP headers and cap maxRetries ([62ac3e2](https://github.com/kaitranntt/ccs/commit/62ac3e2ae9b941adaa35cc3962c4de54f917e065))
* **sync:** prevent duplicate backup folders on Windows ([a8b0547](https://github.com/kaitranntt/ccs/commit/a8b054781f9c18165e985de801500f31d87a88a8)), closes [#409](https://github.com/kaitranntt/ccs/issues/409)
* **update:** add line-buffering and unit tests for stderr filter ([b39726f](https://github.com/kaitranntt/ccs/commit/b39726fc0713451679b26d3467e70e835c784851))
* **update:** filter npm cleanup warnings on Windows ([c9f8ed1](https://github.com/kaitranntt/ccs/commit/c9f8ed1a04faa95af68650dca4371804391daef8)), closes [#405](https://github.com/kaitranntt/ccs/issues/405)
2026-02-01 07:52:36 +00:00
Kai (Tam Nhu) TranandGitHub 648bbc479f Merge pull request #414 from kaitranntt/dev
fix(release): WebSearch hooks for CLIProxy profiles
2026-02-01 02:51:29 -05:00
github-actions[bot] dcb1e53a9d chore(release): 7.33.0-dev.5 [skip ci] 2026-02-01 07:51:09 +00:00
Kai (Tam Nhu) TranandGitHub 8fd2346365 Merge pull request #413 from kaitranntt/fix/websearch-hook-cliproxy
fix(cliproxy): load WebSearch hooks via --settings flag
2026-02-01 02:50:03 -05:00
kaitranntt 7aaf568c3f fix(cliproxy): load WebSearch hooks via --settings flag
- Add --settings flag to Claude CLI spawn for CLIProxy profiles
- Use getProviderSettingsPath() for hardcoded profiles (agy, gemini, codex, qwen)
- Use cfg.customSettingsPath for CLIProxy variants (user-defined providers)
- Block user --settings flag to prevent duplicate flags
- Enables WebSearch hooks to load for all CLIProxy profiles

Closes #412
2026-02-01 02:47:15 -05:00
github-actions[bot] 53c9a3da9e chore(release): 7.33.0-dev.4 [skip ci] 2026-01-30 15:14:50 +00:00
Kai (Tam Nhu) TranandGitHub 63474bb4f5 Merge pull request #411 from kaitranntt/kai/fix/claude-model-presets
fix(claude): update base config to Claude 4.5 model IDs
2026-01-30 10:13:47 -05:00
kaitranntt 09dd7016eb fix(claude): update base config to Claude 4.5 model IDs
Updated default Claude model IDs from outdated v4 (May 2025) to
current v4.5 versions matching model-catalog.ts:

- ANTHROPIC_MODEL: claude-sonnet-4-5-20250929
- ANTHROPIC_DEFAULT_OPUS_MODEL: claude-opus-4-5-20251101
- ANTHROPIC_DEFAULT_SONNET_MODEL: claude-sonnet-4-5-20250929
- ANTHROPIC_DEFAULT_HAIKU_MODEL: claude-haiku-4-5-20251001

Fixes "unknown provider for model" 400 errors when users add
Claude accounts and switch to Haiku tier.
2026-01-30 10:09:47 -05:00
github-actions[bot] 4f4498232e chore(release): 7.33.0-dev.3 [skip ci] 2026-01-30 14:26:38 +00:00
Kai (Tam Nhu) TranandGitHub 711161e034 Merge pull request #410 from kaitranntt/fix/windows-sync-duplicate-backups
fix(sync): prevent duplicate backup folders on Windows
2026-01-30 09:25:31 -05:00
kaitranntt a8b054781f fix(sync): prevent duplicate backup folders on Windows
On Windows, symlinks often fail so copyFallback() copies directories instead.
Previously, subsequent `ccs sync` runs would see the copied folder, fail the
isOurSymlink() check, and create a new .backup-{date} folder every time.

This fix adds Windows copy detection in installItem() before calling backupItem().
When a valid CCS copy is detected, it refreshes the content instead of backing up.

Fixes #409
2026-01-30 09:17:55 -05:00
github-actions[bot] 63946eb5bc chore(release): 7.33.0-dev.2 [skip ci] 2026-01-30 13:26:09 +00:00
Kai (Tam Nhu) TranandGitHub 7be20765fe Merge pull request #407 from kaitranntt/feat/glmt-rate-limit-resilience
feat(glmt): add rate limit resilience with exponential backoff retry
2026-01-30 08:25:03 -05:00