Commit Graph
88 Commits
Author SHA1 Message Date
Kai (Tam Nhu) TranandGitHub 24b03121fd fix(dashboard): cross-browser OAuth with manual callback fallback (#417) (#423)
- Remove destructive /start endpoint call from Dashboard OAuth dialog
  (was killing running CLIProxy Docker instances via killProcessOnPort)
- Use /start-url + polling only (management API, non-destructive)
- Auto-open browser tab via window.open() with manual fallback URL display
- Add paste-callback CLI mode (--paste-callback flag) for headless/SSH
- Use dynamic proxy target with management headers instead of hardcoded localhost
- Extract timeout constants, restore invariant comment
- Move hook-utils tests from src/__tests__/ to tests/unit/ (fixes tsc)
- Add try-catch for preset apply, remove auth URL console.log
2026-02-02 16:11:36 -05:00
Kai (Tam Nhu) TranandGitHub 7be20765fe Merge pull request #407 from kaitranntt/feat/glmt-rate-limit-resilience
feat(glmt): add rate limit resilience with exponential backoff retry
2026-01-30 08:25:03 -05:00
kaitranntt 3afdcea379 feat(glmt): add rate limit resilience with exponential backoff retry
Add retry logic and connection pooling to GLMT proxy for handling Z.AI
429 rate limit errors gracefully.

Changes:
- Add RetryConfig with env vars (GLMT_MAX_RETRIES, GLMT_RETRY_BASE_DELAY, GLMT_DISABLE_RETRY)
- Add exponential backoff with jitter and Retry-After header support
- Add forwardWithRetry() and forwardAndStreamWithRetry() wrappers
- Add HTTPS connection pooling via shared https.Agent
- Add comprehensive unit tests (19 tests covering all scenarios)

Fixes: #402
2026-01-30 07:53:04 -05:00
kaitranntt b39726fc07 fix(update): add line-buffering and unit tests for stderr filter
Address review feedback:
- Add line-buffering to handle chunk splitting edge case
- Add 14 unit tests for stderr filter logic
- Test chunk boundary handling, mixed output, edge cases

Handles case where "npm warn cleanup" could be split across chunks.
2026-01-30 07:43:38 -05:00
kaitranntt 3df2619023 test(quota): add extensive test suite for quota caching system
- Add quota-response-cache.test.ts (22 tests):
  - Cache set/get operations
  - TTL expiration handling
  - Provider and account isolation
  - Cache invalidation patterns
  - High-volume concurrent access

- Add quota-caching-integration.test.ts (15 tests):
  - GeminiCliQuotaResult caching with bucket preservation
  - CodexQuotaResult caching with window preservation
  - Cross-provider isolation verification
  - Error state caching for visibility
  - needsReauth flag handling

Total: 37 new tests for quota caching behavior
2026-01-29 23:22:53 -05:00
kaitranntt bf190024f6 test(cliproxy): add integration tests for ToolSanitizationProxy
- Test proxy lifecycle (start/stop)
- Test request sanitization (duplicates, truncation, passthrough)
- Test response restoration (buffered and SSE streaming)
- Test error handling (invalid JSON, upstream errors)
- Test multiple tools with mapping tracking
- Mock upstream server for isolated testing
2026-01-29 16:23:56 -05:00
kaitranntt 63633507d2 feat(cliproxy): add ToolSanitizationProxy for Gemini 64-char limit
Fixes #219 - MCP tool names exceeding Gemini's 64-character limit
now get sanitized automatically.

- Add tool-name-sanitizer: dedupe segments + smart truncate with hash
- Add tool-name-mapper: bidirectional mapping for response restoration
- Add tool-sanitization-proxy: HTTP proxy layer for all CLIProxy providers
- Chain: Claude CLI → ToolSanitizationProxy → [CodexReasoningProxy] → CLIProxy
- Add unit tests for sanitizer and mapper modules
2026-01-29 16:04:17 -05:00
kaitranntt ad8327d17e test(cliproxy): add unit tests for quota fetchers and auth utilities
Add comprehensive unit tests for:
- buildCodexQuotaWindows(): window parsing, clamping, reset time calculation
- buildGeminiCliBuckets(): bucket grouping, model series, token types
- resolveGeminiCliProjectId(): project ID extraction from account field
- sanitizeEmail(): email to filename conversion
- isTokenExpired(): token expiry validation

Also removes unused 'preferred' field from GEMINI_CLI_GROUPS (YAGNI)

39 new tests covering edge cases:
- Percentage clamping (0-100, 0-1)
- Missing/null fields
- camelCase/snake_case API responses
- Empty inputs
- Invalid date strings

Addresses code review feedback on PR #395
2026-01-29 15:01:26 -05:00
kaitranntt aeb9abc998 feat(cliproxy): add granular account tier prioritization (ultra/pro/free)
- change AccountTier from binary (free/paid) to granular (ultra/pro/free/unknown)

- update mapTierString() to parse API tier strings correctly

- remove faulty inferTierFromModels() fallback - tier comes only from API

- update default tier_priority config to ['ultra', 'pro', 'free']

- update model catalog tier types and display logic

Closes #387
2026-01-28 15:11:00 -05:00
kaitranntt 6611142dcc test(cliproxy): add management-api-client unit tests
- Add 31 unit tests for fetchLocalSyncStatus, fetchProfiles, and performLocalSync
- Cover success, error, timeout, and network failure scenarios
- Remove unused --force flag from sync handler (YAGNI)
2026-01-28 14:12:42 -05:00
kaitranntt c3f85bc4a8 fix(cliproxy): correct sync terminology and add unit tests
- Fix "Remote" → "Local" in sync-dialog.tsx and CLI help text
- Add resetWatcherState() export for test cleanup
- Add unit tests for profile-mapper, local-config-sync, auto-sync-watcher
- Remove unused ModelAlias and AliasesResponse types from hooks
2026-01-28 13:26:40 -05:00
kaitranntt 5c62e06d02 fix(ui): add iFlow to PROVIDER_ASSETS + sync validation test
- Add iflow.png to PROVIDER_ASSETS map

- Add backend-ui-provider-arrays-sync.test.ts to catch mismatches

- Addresses PR #384 review: dual source of truth + missing iFlow
2026-01-27 22:20:15 -05:00
kaitranntt 838cd1d460 fix(test): use correct provider name 'ghcp' instead of 'copilot' 2026-01-26 16:19:56 -05:00
kaitrannttandShun Kakinoki 21e819b590 fix(cliproxy): improve skip-local-auth edge case handling
- Validate authToken with trim() to reject whitespace-only values
- Show broken model warning for both remote and local modes
- Add context-aware messaging for remote proxy users
- Add comprehensive test coverage for authToken edge cases:
  - Whitespace-only strings
  - Null values
  - Tabs/newlines
  - Tokens with leading/trailing whitespace

Co-authored-by: Shun Kakinoki <shunkakinoki@gmail.com>
2026-01-26 16:16:23 -05:00
Shun Kakinoki 1f5d11930e feat: skip local OAuth when using remote proxy with auth token
When --proxy-host and --proxy-auth-token are provided, the remote proxy
handles authentication via its own OAuth sessions. This change skips:

- Local OAuth check/trigger
- Preflight quota check (managed by remote server)
- Model configuration prompts (configured on remote server)
- Broken model warnings (model selection is remote)

This enables headless CI/CD usage without requiring pre-cached
CCS_SESSIONS when a remote proxy with auth token is available.
2026-01-26 16:25:24 +09:00
kaitranntt 596a9c6843 test(setup): add unit tests for setup_completed flag detection
- Add 3 test cases for setup_completed flag:
  - Detect flag when present and true
  - Treat missing flag as first-time eligible
  - Treat false flag as first-time eligible
- Update JSDoc to document detection priority order

Addresses code review feedback on PR #372.
2026-01-25 21:26:23 -05:00
kaitranntt aaa6feb8db fix(tests): remove undefined MockRoute export and unused imports
- Remove MockRoute from index.ts (type was removed in previous commit)
- Remove unused UPLOAD_SUCCESS, UNAUTHORIZED imports from test file
2026-01-23 23:47:09 -05:00
kaitranntt 5c83429a79 perf(tests): replace real network ops with mock infrastructure
- Add centralized mock infrastructure in tests/mocks/:
  - mock-fetch.ts: Bun native fetch interception
  - mock-http-server.ts: Fake server responses (no ports)
  - fixtures/responses.ts: Preset response constants
  - types.ts: Mock type definitions

- Refactor https-tunnel-proxy.test.ts:
  - Remove TEST_CERT constant (~50 lines)
  - Remove real HTTPS server creation
  - Use invalid hosts for error path testing
  - 26/26 tests pass in ~430ms

- Refactor remote-token-uploader.test.ts:
  - Replace 7 real HTTP servers with mockFetch
  - Reduce from 422 to 289 lines
  - 18/18 tests pass in ~120ms

- Add global test timeout (10s) in bunfig.toml

Test suite: 10+ min → 14 seconds
2026-01-23 23:35:17 -05:00
kaitranntt fbb71a228e test: update tests for codex catalog inclusion
- Fix config-generator test assertion for parseUserApiKeys
- Update model-catalog tests to expect codex provider
- Remove outdated codex unsupported test from model-config
2026-01-21 17:25:56 -05:00
kaitranntt 99d164901e Merge remote-tracking branch 'origin/dev' into feat/thinking-flag
Resolve merge conflicts keeping both features:
- thinking: extended thinking/reasoning budget control
- dashboard_auth: dashboard authentication
- backups: config backups section
2026-01-20 20:19:51 -05:00
kaitranntt 8ade4a6b26 feat(cliproxy): add backend selection for CLIProxyAPI vs CLIProxyAPIPlus
Add cliproxy.backend config field to choose between CLIProxyAPI (original)
and CLIProxyAPIPlus backends. Includes CLI --backend flag, Dashboard toggle,
and provider validation to block Kiro/ghcp on original backend.
2026-01-18 10:10:01 -05:00
kaitranntt b735234beb fix: make connection tracking test deterministic
The previous test relied on client socket receiving close event from
server-side destroy, which is timing-dependent and flaky in CI.

New approach:
- Verify stop() behavior directly via getPort() returning null
- Test what we control (server state) not what we observe (client state)
- Remove timing-dependent assertions
- Faster and more reliable (83ms vs 1000ms+ timeout)
2026-01-15 14:00:36 -05:00
kaitranntt 504b1b3974 fix: resolve CI test timing and merge conflict with dev
- Fix connection tracking test: wait for 'close' event instead of only
  checking socket.destroyed (more reliable in CI environments)
- Increase timeout from 500ms to 1000ms for CI latency
- Add proper socket cleanup after test
- Merge dev changes: add projectId parameter to registerAccount()
2026-01-15 13:39:16 -05:00
kaitranntt 7b80dccdd3 fix(persist): add rate limiting, tests, and code quality improvements
- Add express-rate-limit to restore endpoint (5 req/min)
- Add JSDoc documentation to RestoreMutex class
- Extract magic numbers to named constants in BackupsSection
- Add unit tests for persist-routes.ts (23 tests)
- Add unit tests for BackupsSection component (28 tests)

Addresses PR #339 code review feedback.
2026-01-14 17:59:15 -05:00
Sergey GaluzaandOnSteroids e055890e16 fix: address PR #4 review - HTTPS tests and timeout handling
- Fix timeout test to use HTTPS server (tunnel uses https.request)
- Fix timeout event handling - call reject directly instead of relying on destroy error event
- Fix misleading comment in remote-token-uploader (Authorization header, not X-Management-Key)
- Remove unused imports in test files

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>
2026-01-14 18:06:58 +01:00
Sergey GaluzaandOnSteroids e7e95e6970 fix: increase timeout in connection tracking test for CI
Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>
2026-01-14 18:06:58 +01:00
9e9cbd4858 feat(cliproxy): add HTTPS tunnel for remote proxy mode (#1)
* feat(cliproxy): add HTTPS tunnel for remote proxy mode

Claude Code doesn't support HTTPS in ANTHROPIC_BASE_URL directly (undici
limitation). This adds an HTTP→HTTPS tunnel proxy for remote CLIProxyAPI
connections.

Changes:
- Add HttpsTunnelProxy: local HTTP server tunneling to remote HTTPS
- Add CodexReasoningProxy HTTPS support and path prefix stripping
- Remote mode now uses root paths (/v1/messages) not provider-prefixed
- Add remote token uploader for syncing OAuth tokens to remote server
- Auto-upload tokens after OAuth auth when remote mode is enabled

Flow for remote HTTPS:
  Claude CLI → CodexReasoningProxy → HttpsTunnel → Remote HTTPS

Built with [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: address PR review issues for HTTPS tunnel proxy

- Add connection tracking with activeConnections Set for proper cleanup
- Add port validation after start() to reject port 0
- Add Authorization header fallback injection in buildForwardHeaders()
- Handle client disconnect (premature close) and request errors
- Improve error handling in uploadTokenToRemoteAsync (log instead of silent catch)
- Add comprehensive tests for HttpsTunnelProxy (97% coverage)
- Add integration tests for remote-token-uploader
- Add stripPathPrefix unit tests for remote mode

Built with [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: bump Node.js engine requirement to >=18.0.0

FormData and Blob APIs used in remote-token-uploader require Node.js 18+.
Addresses coderabbit review comment about Node.js engine compatibility.

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: address remaining PR suggestions

- Add verbose parameter to registerAccountFromToken for proper propagation
- Improve stripPathPrefix with path normalization (double slashes, leading slash)
- Add edge case tests for path normalization

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: add timeout to flaky npm CLI tests

Tests 'handles empty arguments gracefully' and 'handles very long argument'
were missing timeout option in execSync, causing occasional timeouts when
bun test's 5000ms limit was reached before CLI completed.

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: address new PR review feedback

- Add path segment boundary check to prevent partial matches (/codex vs /codextra)
- Add hostname validation in HttpsTunnelProxy constructor
- Add race condition protection with 'starting' flag in start()
- Sanitize error messages (detailed only in verbose mode)
- Update comments for clarity (regex behavior)
- Add comprehensive tests for all edge cases

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

---------

Co-authored-by: OnSteroids <built@onsteroids.ai>
2026-01-14 18:05:49 +01:00
Leynier Gutiérrez Gonzálezandkaitranntt ef7e595b6f feat(persist): add --list-backups and --restore options for backup management
Add backup management functionality to the persist command:
- List available backups with timestamps and dates
- Restore from most recent or specific backup
- Improved error handling for corrupted settings.json
- Updated CLAUDE.md to document the persist command and the exception to the non-invasive constraint
2026-01-14 09:27:48 -05:00
kaitranntt 464b410e8b feat(dashboard): add optional login authentication (#319)
Add session-based username/password auth for CCS dashboard:
- Backend: Express session middleware with bcrypt password verification
- Frontend: React AuthContext, login page, protected routes
- Config: dashboard_auth section in config.yaml + env var overrides
- Security: Rate limiting (5 attempts/15min), persistent session secret
- 16 unit tests for auth middleware

Auth disabled by default for backward compatibility.
2026-01-13 13:27:38 -05:00
kaitranntt 3bd3e379fe test(cliproxy): add unit tests for thinking validator
- test budget bounds and constants

- test off/auto/level values handling

- test budget-type and level-type models

- test edge cases and unknown models

Refs #307
2026-01-08 15:20:37 -05:00
kaitranntt 87cfcc5b3c fix(codex-proxy): security hardening and edge case fixes
- Fix path traversal in trace() via safe dir validation
- Add RFC 7230 hop-by-hop header filtering
- Fix isRecord() to exclude arrays
- Add req.destroy() on oversized body rejection
- Add missing ANTHROPIC_BASE_URL warning for Codex
- Use cwd() fallback when HOME undefined
- Add 4 edge case unit tests
2026-01-08 09:15:42 -05:00
oscarlehuu 204eea00ce feat(codex): inject OpenAI reasoning.effort per tier 2026-01-08 16:02:02 +10:30
kaitranntt d96c67ba81 fix(cliproxy): use nickname as accountId for kiro/ghcp providers
Kiro/GHCP OAuth tokens have empty email field, causing all accounts to
use accountId='default' and overwrite each other. This fix:

- Add PROVIDERS_WITHOUT_EMAIL constant for kiro/ghcp identification
- Require nickname for kiro/ghcp during registration (CLI + web UI)
- Use nickname as accountId instead of email for these providers
- Enforce nickname uniqueness to prevent collisions
- Update discoverExistingAccounts() to generate unique IDs (kiro-1, etc.)

Closes #258, #267
2026-01-06 12:16:22 -05:00
kaitranntt 1067afbea7 fix(shared-manager): normalize plugin registry paths to canonical ~/.claude/
Replaces instance-specific paths (/.ccs/instances/<name>/) with
canonical /.claude/ paths in installed_plugins.json after linking.

Fixes #276
2026-01-05 20:48:49 -05:00
kaitranntt 43f1a9890e test(cliproxy): add unit tests for discoverExistingAccounts
- Test kiro/ghcp provider type mapping
- Test email extraction from filename fallback
- Test multiple accounts per provider
- Test edge cases (invalid JSON, missing type, unknown provider)
2026-01-01 13:34:25 -05:00
kaitranntt e0a1f8f312 fix(cliproxy): add comprehensive port validation across proxy system
- Export validatePort() from config-generator with full edge case handling
- Add YAML port validation in proxy-config-resolver before use
- Add final port validation in cliproxy-executor after config merge
- Add default port parameter and validation to proxy-detector
- Add 38 new tests covering all port validation edge cases

Fixes undefined port bug when upgrading from 7.11.1 to 7.12.0
2026-01-01 02:00:30 -05:00
Kai (Tam Nhu) TranGitHubgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>Shun KakinokiClaude Opus 4.5
b3ef76a07b feat(release): CLI flag passthrough, proxy fixes, and UI improvements (#239)
* fix(cliproxy): pass variant port to executor for isolation

Variants configured with dedicated ports (8318-8417) were not using
their assigned port. The executor always defaulted to 8317.

Changes:
- Add port field to ProfileDetectionResult interface
- Pass variant.port from profile-detector to ccs.ts
- Forward port to execClaudeWithCLIProxy options
- Update executor priority: CLI flags > variant port > config.yaml > default

Closes #228

* fix(cliproxy): propagate port in unified config and UI preset handlers

Edge case fixes identified in codebase review:
- Unified config variant detection: add settingsPath and port fields
- Provider editor: use variant port in handleApplyPreset/handleCustomPresetApply
- preset-utils: add optional port parameter to applyDefaultPreset()

* chore(release): 7.11.1-dev.1 [skip ci]

* fix(cliproxy): use correct default port (8317) for remote HTTP connections

Root cause: Inconsistent default port logic across code paths.
- Test Connection used 8317 (correct)
- Actual API calls used 80 (wrong)

Changes:
- Add centralized getRemoteDefaultPort() helper in config-generator.ts
- Fix proxy-target-resolver.ts to use shared helper
- Fix rewriteLocalhostUrls() and getRemoteEnvVars() in config-generator.ts
- Update remote-proxy-client.ts to use shared helper (DRY)

Fixes all 3 reported issues:
1. Port empty → now correctly uses :8317 instead of :80
2. BASEURL construction → now includes correct port
3. CLIProxy Plus auth → now fetches from remote on correct port

* chore(release): 7.11.1-dev.2 [skip ci]

* feat(delegation): add Claude Code CLI flag passthrough

Add explicit passthrough support for key Claude Code CLI flags:
- --max-turns: Limit agentic turns (prevents infinite loops)
- --fallback-model: Auto-fallback when model overloaded
- --agents: Dynamic subagent JSON injection
- --betas: Enable experimental features

Maintain extraArgs catch-all for future Claude Code flags.
Update help command with new "Delegation Flags" section.

Closes #89

* test(delegation): add comprehensive CLI flag passthrough tests

Add 45 test cases covering all edge cases for CLI flag passthrough:
- DelegationHandler: timeout/max-turns/fallback-model/agents/betas validation
- HeadlessExecutor: duplicate flag filtering, undefined vs truthy checks

* chore(release): 7.11.1-dev.3 [skip ci]

* fix(ui): enable cancel button during OAuth authentication

Resolves #234 - Cancel button was disabled during authentication flow,
preventing users from canceling the OAuth process.

Changes:
- Add auth-session-manager.ts for tracking active OAuth sessions
- Add POST /cliproxy/auth/:provider/cancel endpoint to abort sessions
- Kill spawned CLIProxy auth process when cancel is triggered
- Enable Cancel button in AddAccountDialog during authentication
- Add cancel support to QuickSetupWizard auth step
- Update useCancelAuth hook to call backend cancel endpoint

* chore(release): 7.11.1-dev.4 [skip ci]

* fix(prompt): add stdin.pause() to prevent process hang after password input

Fixes #236. The password() method called resume() on stdin but never
paused it in cleanup, keeping the event loop alive indefinitely.

* chore(release): 7.11.1-dev.5 [skip ci]

* feat(cliproxy): add --allow-self-signed flag for HTTPS connections (#227)

Previously, allowSelfSigned was hardcoded to true for all HTTPS protocol
connections, forcing use of the native https module which has issues with
Cloudflare-proxied connections causing timeouts.

This change:
- Adds --allow-self-signed CLI flag (default: false)
- Adds CCS_ALLOW_SELF_SIGNED environment variable
- Uses standard fetch API by default for HTTPS (works with valid certs)
- Only uses native https module when --allow-self-signed is specified

Usage:
- For production HTTPS proxies with valid certs: no flag needed
- For dev proxies with self-signed certs: use --allow-self-signed

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

* chore(release): 7.11.1-dev.6 [skip ci]

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Shun Kakinoki <39187513+shunkakinoki@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-31 16:36:18 -08:00
kaitranntt 67a48a8305 fix(test): remove redundant build from beforeAll hook
CI already runs bun run build:all before validate step.
Duplicate build in test hook was causing timeout in CI.
2025-12-27 16:30:25 -05:00
kaitranntt ec2ee0a36d fix(tests): update test files for renamed getCliproxyConfigPath function
Update tests to use renamed function after refactoring getConfigPath
to getCliproxyConfigPath in cliproxy/config-generator.ts

Files updated:
- tests/unit/cliproxy/config-generator-port.test.js
- tests/unit/cliproxy/config-generator.test.js
2025-12-27 01:14:54 -05:00
kaitranntt ed6776aadc test(cliproxy): add comprehensive auth token test suite
- auth-token-manager.test.js: token generation, masking, inheritance (35 tests)
- tokens-command.test.js: CLI parsing and flag handling (24 tests)
- settings-routes-auth.test.js: API endpoint responses (22 tests)
- Total: 81 new tests covering all auth token functionality
2025-12-25 16:43:39 -05:00
Kai (Tam Nhu) TranandGitHub 459d730029 Merge pull request #184 from kaitranntt/kai/feat/variant-port-isolation
feat(cliproxy): add variant port isolation
2025-12-25 05:19:06 -05:00
kaitranntt 8f120b515f test(cliproxy): add integration tests for variant port isolation
Add comprehensive test suite mapping to PR #184 test plan:
- Create multiple variants with unique ports (8318-8417)
- Verify port persistence in config and separate config-{port}.yaml
- Run multiple variants concurrently with isolated sessions
- Verify list shows port column for each variant
- Remove variant cleans config, session, and port-specific files

25 new tests covering edge cases:
- Port exhaustion (100 variant max)
- Port reuse after deletion
- Legacy variants without port field
- Stale session cleanup for dead PIDs
- Default port special handling (sessions.json)
2025-12-25 05:15:49 -05:00
kaitranntt 2b4d21e8ae fix(cliproxy): preserve user API keys during config regeneration
When CCS updates trigger CLIProxy config regeneration, user-added API
keys in ~/.ccs/cliproxy/config.yaml were being overwritten with only
the internal CCS key.

Changes:
- Add parseUserApiKeys() to extract user keys from existing config
- Modify regenerateConfig() to preserve user API keys alongside port
- Update generateUnifiedConfigContent() to accept userApiKeys param
- Add comprehensive test suite (14 tests) for key preservation

Fixes #200
2025-12-24 22:12:09 -05:00
kaitranntt f2a4200625 fix(core): address all code review issues from PR #199
Critical fixes:
- CRIT-1: Fix placeholder detection case sensitivity in api-key-validator
- CRIT-2: Add TOCTOU protection via loadMigrationCheckData() for atomic config reads
- CRIT-3: Restore fs.existsSync mock in profile-detector tests

High priority fixes:
- H1-H3: API validator HTTP/HTTPS support, timeout abort, debug log
- H4-H6: OAuth explicit flow type, signal handling, TTY detection
- H7-H8: Profile collision warning, config-first save order
- H9-H11: expandPath consistency, preset sync CLI/UI
2025-12-24 20:18:57 -05:00
kaitranntt 92a79aa78b test(auth): add comprehensive tests for GLM auth persistence fix
Add 26 new unit tests covering:
- isFirstTimeInstall() legacy config detection (8 tests)
- loadSettingsFromFile() path expansion (5 tests)
- ProfileDetector detectProfileType() (4 tests)
- expandPath() cross-platform handling (10 tests)

Test coverage for issue #195:
- Legacy config.json/profiles.json detection
- Tilde expansion to home directory
- Environment variable expansion (${VAR}, $VAR, %VAR%)
- Mixed path separator normalization
- Corrupted config graceful handling

Files:
- tests/unit/commands/setup-command.test.ts
- tests/unit/auth/profile-detector.test.ts
- tests/unit/utils/expand-path.test.ts
2025-12-24 18:33:52 -05:00
kaitranntt 0bcaf4bc68 feat(cliproxy): add variant port isolation for concurrent proxy instances
Enables running multiple CLIProxy variants simultaneously on different
ports. Each variant now gets a unique port in the 18100-18199 range,
allowing concurrent use of providers like Gemini + Codex + custom variants.

Key changes:
- Add port field to variant config schema
- Implement automatic port allocation (18100 + variant index)
- Support variant-specific settings paths in config generator
- Display port in dashboard UI for debugging
- Show all models in variant editor dropdown
- Add comprehensive tests for port allocation edge cases

Closes related variant isolation work.
2025-12-24 04:15:04 -05:00
kaitranntt a99b6eb93f fix(cliproxy): respect enabled:false and use protocol-based port defaults
- Fix port default logic: HTTP→8317, HTTPS→443 (was always 8317)
- Fix enabled:false being ignored in proxy config resolution
- Update stale comments referencing HTTP:80 to HTTP:8317
- Add 9 unit tests for edge cases (enabled handling, port defaults)
2025-12-24 03:36:48 -05:00
Kai (Tam Nhu) TranandGitHub 13dd5614a2 Merge pull request #168 from kaitranntt/kai/feat/openrouter-model-catalog
feat(openrouter): add model catalog integration with searchable picker and tier mapping
2025-12-20 23:58:50 -05:00
kaitranntt 4f4ab43eb3 refactor(config): remove secrets.yaml architecture
- delete secrets-manager.ts entirely

- remove secrets API routes and client methods

- simplify unified-config-types (remove vault/secrets)

- update profile-reader to remove secrets loading

- clean up unused hooks and API client methods
2025-12-20 23:10:35 -05:00
kaitranntt df77745eca fix(update): correct dev version comparison semantic
- dev versions (X.Y.Z-dev.N) now treated as newer than base release (X.Y.Z)
- reflects convention that dev work is AFTER the release, not before
- update GH Actions message to use 'ccs update --dev' instead of npm install
- update tests to match new semantic
2025-12-20 19:48:05 -05:00