Commit Graph
396 Commits
Author SHA1 Message Date
kaitranntt 759d43c8f7 Merge remote-tracking branch 'origin/dev' into feat/login-auth 2026-01-13 14:31:01 -05:00
kaitranntt 464b410e8b feat(dashboard): add optional login authentication (#319)
Add session-based username/password auth for CCS dashboard:
- Backend: Express session middleware with bcrypt password verification
- Frontend: React AuthContext, login page, protected routes
- Config: dashboard_auth section in config.yaml + env var overrides
- Security: Rate limiting (5 attempts/15min), persistent session secret
- 16 unit tests for auth middleware

Auth disabled by default for backward compatibility.
2026-01-13 13:27:38 -05:00
kaitranntt 22c7d4a20d feat(doctor): add --help flag with comprehensive command documentation
- Add showHelp() with usage, options, checks, examples, exit codes
- Update handleDoctorCommand to accept args array instead of boolean
- Update ccs.ts to pass restArgs to doctor command
- Add doctor to CLAUDE.md Help Location Reference table
2026-01-13 11:43:27 -05:00
kaitranntt 0075248273 fix(delegation): only check profiles defined in config.yaml
Previously getReadyProfiles() scanned all *.settings.json files,
including orphan files (ghcp, kiro) not in config.yaml.

Now reads from config.yaml:
- profiles section (excluding 'default')
- cliproxy.providers section

Fixes doctor showing 11 profiles instead of configured 9.
2026-01-09 01:13:51 -05:00
kaitranntt f88ad8e781 fix(doctor): use dynamic profile discovery for delegation check
Replace hardcoded ['glm', 'kimi'] list with DelegationValidator.getReadyProfiles()
to detect all configured *.settings.json profiles including mm, or1, g7, etc.
2026-01-09 00:18:35 -05:00
kaitranntt 0abd021d25 fix(cliproxy): remove stable version cap, only v81-88 are faulty
- Set CLIPROXY_MAX_STABLE_VERSION to 9.9.999-0 (effectively no cap)
- v89+ are all stable, no longer show experimental warning
- Only v81-88 remain marked as faulty with known bugs
- Simplified lifecycle.ts to remove redundant experimental warning
2026-01-08 10:49:37 -05:00
Kai (Tam Nhu) TranandGitHub 71a0f9e91a Merge pull request #301 from oscarlehuu/feat/codex-reasoning-effort
Codex: inject OpenAI reasoning.effort per tier
2026-01-08 09:42:35 -06:00
kaitranntt 87cfcc5b3c fix(codex-proxy): security hardening and edge case fixes
- Fix path traversal in trace() via safe dir validation
- Add RFC 7230 hop-by-hop header filtering
- Fix isRecord() to exclude arrays
- Add req.destroy() on oversized body rejection
- Add missing ANTHROPIC_BASE_URL warning for Codex
- Use cwd() fallback when HOME undefined
- Add 4 edge case unit tests
2026-01-08 09:15:42 -05:00
Kai (Tam Nhu) TranandGitHub 6e0bf7cb1b fix(cliproxy): update version range and add persistent AI review logging (#303)
* fix(ci): add persistent logging and remove turn/diff limits for AI review (#298)

- Remove --max-turns limit (unlimited exploration)
- Remove head -8000 diff limit (full diff)
- Add persistent logging to /opt/actions-runner/logs/ai-review/
- Save prompt, stdout, stderr, timing, metadata as separate files
- Add structured metadata.json with run details
- Separate stdout/stderr capture for better debugging
- Include debug info in failure comments (exit code, duration, log path)
- Retry without tool restrictions if first attempt fails

* fix(cliproxy): correct faulty version range to v81-85 and set v89 as stable (#302)

PR #289 incorrectly marked all v81+ as faulty. v89 confirmed stable.
- CLIPROXY_MAX_STABLE_VERSION: 6.6.80-0 → 6.6.89-0
- CLIPROXY_FAULTY_RANGE max: 6.6.999-0 → 6.6.85-0
2026-01-08 09:15:34 -05:00
oscarlehuu 204eea00ce feat(codex): inject OpenAI reasoning.effort per tier 2026-01-08 16:02:02 +10:30
Kai (Tam Nhu) TranGitHubgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>
b6d65209cd feat(ci): add workflow_dispatch for AI review (#291)
* feat(ci): add AI code review workflow with Claude via CLIProxyAPI

- Self-hosted runner calls CLIProxyAPI at localhost:8317
- Triggers on PR open/update and /review comment
- Uses gemini-claude-opus-4-5-thinking for deep reviews
- Posts summary + inline comments via gh CLI
- Handles self-PR fallback to COMMENT mode

* chore(release): 7.15.0-dev.1 [skip ci]

* refactor(ci): use GitHub App for reviewer identity + new review format

- Posts as ccs-agy-reviewer[bot] via GitHub App token
- New review format: structured markdown with verdict, summary, issues table
- Single PR comment instead of inline comments
- Concise, focused on PR changes only

* chore(release): 7.15.0-dev.2 [skip ci]

* refactor(ci): switch to Claude Code CLI for reviews

- Use claude -p instead of custom TypeScript script
- Auto-install if not present on runner
- CLIProxyAPI via env vars (ANTHROPIC_BASE_URL, ANTHROPIC_MODEL)
- Allowed tools: Read, Glob, Grep
- Max 3 turns for file exploration

* chore(release): 7.15.0-dev.3 [skip ci]

* chore(release): 7.15.0-dev.4 [skip ci]

* feat(ci): add workflow_dispatch for manual review trigger

* chore(release): 7.15.0-dev.5 [skip ci]

* refactor(cliproxy): add faulty version range infrastructure (#289)

* refactor(cliproxy): add faulty version range infrastructure

- Add CLIPROXY_FAULTY_RANGE constant for marking known buggy versions
- Add isVersionFaulty() helper to version-checker.ts
- Update lifecycle.ts to warn users on faulty versions with upgrade suggestion
- Update health checks to distinguish faulty vs experimental versions
- Update stats routes to include faultyRange in API response
- Skip faulty versions when calculating latestStable

Infrastructure ready for future version promotions. Currently:
- v80 and below: stable
- v81+: marked as faulty (context cancellation bugs)

* chore: trigger review

* chore: re-trigger review

* chore: test PR trigger

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-01-07 02:25:49 -08:00
kaitranntt 4b7328b388 docs(cli): add cliproxy pause/resume/status to --help
Add new quota management subcommands to help output:
- ccs cliproxy pause <provider> <account>
- ccs cliproxy resume <provider> <account>
- ccs cliproxy status [provider]
2026-01-06 17:12:02 -05:00
kaitranntt db071e2ff2 refactor(quota): simplify AccountTier to free|paid|unknown
- consolidate 'pro'/'ultra' into single 'paid' tier (no distinction needed)
- update mapTierString() and inferTierFromModels() in quota-fetcher.ts
- fix tier_priority default from ['ultra','pro'] to ['paid']
- add missing quota_management to mergeWithDefaults() in config-loader
- update UI tier badge styling for 'paid' tier
- update api-client.ts tier type definition
2026-01-06 16:53:21 -05:00
kaitranntt 75b327c5c8 chore: merge dev - resolve conflict in account-manager.ts 2026-01-06 14:59:14 -05:00
kaitranntt a5f1472047 fix(quota): handle 'standard-tier' as free in tier mapping
API returns 'standard-tier' ID for free accounts, not 'FREE'.
Updated mapTierString() to recognize 'standard' substring.
2026-01-06 14:55:36 -05:00
kaitranntt aad0d44069 fix(quota): use API tier detection instead of model-based heuristics
Tier detection now uses paidTier/currentTier from loadCodeAssist API
response instead of inferring from model names. This is the correct
approach - all Antigravity accounts have access to same models
regardless of tier.

- Add TierInfo interface and tier fields to LoadCodeAssistResponse
- Add mapTierString() helper for API → AccountTier conversion
- Update getProjectId() to extract and return tier
- Update fetchAccountQuota() to use API tier
- Remove flawed detectTier() function
2026-01-06 14:41:25 -05:00
kaitranntt 0af185f6a0 fix(quota): correct tier detection - remove 2.5-pro from ultra indicators
2.5-pro is a standard pro-tier model, not ultra. This caused all accounts
with gemini-2.5-pro access to incorrectly display ULTRA badge.

Tier will be re-detected on next quota fetch for existing accounts.
2026-01-06 14:32:20 -05:00
Kai (Tam Nhu) TranandGitHub 206644eac0 Merge pull request #284 from kaitranntt/fix/kiro-nickname-accountid
fix(cliproxy): use nickname as accountId for kiro/ghcp providers
2026-01-06 11:19:53 -08:00
kaitranntt 107e2813f9 fix(cliproxy): prevent race in promptNickname close handler 2026-01-06 13:52:14 -05:00
kaitranntt a32fdc8cfb fix(quota): address edge cases from code review
- Add isPausingAccount disabled state to pause/resume dropdown (#30)
- Add rapid click prevention guard in cliproxy.tsx (#31)
- Add request deduplication via pendingFetches Map in quota-manager (#8)
- Add JSON parse error handler middleware in web-server (#26)
2026-01-06 13:05:45 -05:00
kaitranntt 5970e70e26 fix(cliproxy): harden nickname validation and race condition handling
- Trim nickname in API route for consistency with CLI
- Block URL-unsafe chars (%, /, &, ?, #) in nickname
- Block reserved patterns (kiro-N, ghcp-N) used by auto-discovery
- Add reload-merge pattern in discovery to reduce race condition
2026-01-06 13:00:50 -05:00
kaitranntt c13003d940 feat(api): add pause/resume account endpoints
- POST /api/cliproxy/auth/:provider/accounts/:accountId/pause

- POST /api/cliproxy/auth/:provider/accounts/:accountId/resume

Refs #282
2026-01-06 12:17:55 -05:00
kaitranntt cfd8dd974e feat(cli): add pause, resume, status subcommands
- ccs cliproxy pause <provider> <account>

- ccs cliproxy resume <provider> <account>

- ccs cliproxy status [provider] - show quota/tier info

Refs #282
2026-01-06 12:17:48 -05:00
kaitranntt b55cd795ab fix(cliproxy): update lastUsedAt on normal execution
Previously touchAccount was only called when switching accounts or auto-
switching due to quota exhaustion. Now lastUsedAt is updated for every
OAuth provider execution, ensuring dashboard shows accurate timestamps.
2026-01-06 12:17:40 -05:00
kaitranntt 10e3eec16f feat(cliproxy): integrate pre-flight quota check
- skip paused accounts during rotation

- check quota before request execution

Refs #282
2026-01-06 12:17:40 -05:00
kaitranntt 11ffca33bd feat(cliproxy): add hybrid quota management core
- add paused state and tier field to OAuthAccount

- create quota-manager.ts for central quota/tier logic

- add tier detection and 30s cache to quota-fetcher

- add quota_management schema to unified config

Refs #282
2026-01-06 12:17:34 -05:00
kaitranntt d96c67ba81 fix(cliproxy): use nickname as accountId for kiro/ghcp providers
Kiro/GHCP OAuth tokens have empty email field, causing all accounts to
use accountId='default' and overwrite each other. This fix:

- Add PROVIDERS_WITHOUT_EMAIL constant for kiro/ghcp identification
- Require nickname for kiro/ghcp during registration (CLI + web UI)
- Use nickname as accountId instead of email for these providers
- Enforce nickname uniqueness to prevent collisions
- Update discoverExistingAccounts() to generate unique IDs (kiro-1, etc.)

Closes #258, #267
2026-01-06 12:16:22 -05:00
Kai (Tam Nhu) TranandGitHub 3639f4e7ab Merge pull request #281 from kaitranntt/fix/codex-auth-port-map
fix(cliproxy): add missing OAuth callback ports for codex, agy, iflow
2026-01-06 08:32:56 -08:00
kaitranntt 472497fb03 fix(oauth): harden cleanup for edge cases in auth process
- Clear stdinKeepalive interval on SIGINT/SIGTERM signal handlers
- Add cancelProjectSelection() to timeout/exit/error handlers
- Close server on error path in testLocalhostBinding to prevent fd leak
- Add TTL-based cleanup for stale auth sessions (10 min expiry)
- Use DEVICE_CODE_TIMEOUT_MS constant instead of hardcoded value (DRY)
2026-01-06 11:31:40 -05:00
kaitranntt 0557f93f2f fix(oauth): add stdin keepalive to prevent blocking on manual URL prompt
CLIProxyAPIPlus has a 15-second timer that prompts for manual URL paste.
If user completes browser auth after this timer fires but before the
non-blocking check, the prompt blocks forever on stdin since CCS pipes
stdin but doesn't write to it.

Workaround: Send newline every 16s for authorization code flows to skip
the manual prompt and continue polling for callback.
2026-01-06 10:49:51 -05:00
kaitranntt cfe604a97c fix(cliproxy): add missing OAuth callback ports for codex, agy, iflow
Port cleanup before OAuth was skipped for providers whose ports were
only in comments. This caused hanging when stale processes blocked
the callback port from previous auth attempts.

Changes:
- auth-types.ts: Add codex (1455), agy (51121), iflow (11451) to map
- oauth-port-diagnostics.ts: Update iflow from device_code to auth_code flow
- Add Claude (54545) to doc comments for future reference
2026-01-06 10:32:08 -05:00
Kai (Tam Nhu) TranandGitHub 90a73b56da Merge pull request #277 from kaitranntt/feat/background-token-refresh-worker
feat(cliproxy): add background token refresh worker
2026-01-06 07:14:49 -08:00
kaitranntt 1067afbea7 fix(shared-manager): normalize plugin registry paths to canonical ~/.claude/
Replaces instance-specific paths (/.ccs/instances/<name>/) with
canonical /.claude/ paths in installed_plugins.json after linking.

Fixes #276
2026-01-05 20:48:49 -05:00
kaitranntt f98bb24a98 feat(cliproxy): add background token refresh worker
Proactively refreshes OAuth tokens before expiry to prevent
"context canceled" errors during long requests.

- Add TokenRefreshWorker with configurable interval/retries
- Add token-expiry-checker for multi-provider token inspection
- Add provider-refreshers abstraction (Gemini implemented)
- Integrate with service-manager lifecycle (start/stop)
- Add config schema in unified-config-types
- Include edge case protections:
  - expiry_date/refresh_token validation
  - File size limits (1MB)
  - Process exit handlers
  - Timeout wrapper
  - Config sanitization
  - Unrecoverable error detection
2026-01-05 20:47:54 -05:00
Kai (Tam Nhu) TranandGitHub 916ed9ed19 Merge pull request #272 from kaitranntt/fix/cliproxyapi-downgrade
fix(cliproxy): cap auto-update to v80 due to v81+ context bugs
2026-01-05 13:58:28 -08:00
kaitranntt 8ea1e333bc docs(agy): add quota management and failover documentation
- Add ccs cliproxy doctor command to help text
- Document Antigravity auto-failover in README
2026-01-05 13:31:34 -05:00
kaitranntt 5b58bd35c9 fix(agy): edge case handling for quota failover
- Fix formatQuotaBar crash on percentage > 100 or < 0 (clamp to 0-100)
- Fix shared project accounts excluded from failover (same GCP project = pooled quota)
- Fix division by zero in avgQuota when models array empty
- Fix null account label fallback to 'Unknown Account'
2026-01-05 13:27:54 -05:00
kaitranntt 6628be58e3 Merge remote-tracking branch 'origin/dev' into kai/feat/antigravity-failover 2026-01-05 13:13:41 -05:00
kaitranntt a69b2e9d10 feat(cliproxy): add version management UI with install/restart controls
Implements comprehensive version management for CLIProxyAPI Plus:

Backend APIs:
- GET /versions: fetch available versions from GitHub releases
- POST /install: install specific version with force flag for unstable
- POST /restart: restart proxy without version change

Frontend:
- 4-button layout: Restart, Update/Downgrade, Stop, Settings gear
- Collapsible version picker with dropdown + manual input
- Confirmation dialog for unstable versions (>6.6.80)
- Progressive disclosure (version picker hidden by default)

Ref: plans/260105-1250-cliproxy-version-management/
2026-01-05 13:12:46 -05:00
kaitranntt c5621dab51 feat(cliproxy): add dashboard UI parity for version stability
Add version stability warnings to Dashboard API and UI:
- Extend /api/cliproxy/update-check with isStable, maxStableVersion, stabilityMessage
- Health check shows warning status for v81+ installations
- UI header displays version badge with amber warning for unstable

Closes: relates to #269
2026-01-05 12:10:32 -05:00
kaitranntt 212aef81bc fix(cliproxy): add edge case handling for version capping
- Add isAboveMaxStable() helper for version stability checks
- Add null/empty guard in clampToMaxStable() function
- Warn users on unstable v81+ without forcing downgrade
- Add context note showing latest version when it's unstable
- Clamp fallback version on GitHub API failure
2026-01-05 11:50:06 -05:00
kaitranntt 869ab3eecd fix(cliproxy): cap auto-update to v80 due to v81+ context bugs
CLIProxyAPIPlus v81+ has context cancellation bugs causing:
- Intermittent 500 errors
- "context canceled" errors during streaming
- Broken token refresh handling

Root cause: v81 commit 7a77b23 changed refreshToken to use
detached context.Background() causing race conditions.

Solution: Add CLIPROXY_MAX_STABLE_VERSION constant (6.6.80-0)
and clamp auto-update to this version until upstream fixes.

Closes #269
2026-01-05 11:41:52 -05:00
kaitranntt ae1847d901 fix(validation): add Windows reserved name validation and version format edge cases
- Fixed version regex to accept -N suffix (e.g., 6.6.80-0)
- Added .trim() to version input for whitespace handling
- Added Windows reserved device names (CON, PRN, AUX, NUL, COM1-9, LPT1-9) validation
- Updated binary-service, variant-service, and validation-service with checks
2026-01-05 00:00:58 -05:00
kaitranntt c85ff74f3c feat(agy): add preflight quota check with auto-switch
Before launching Claude CLI for Antigravity, check if current account
has remaining quota. If exhausted, auto-switch to alternative account
with available quota. Prevents session failures mid-use.
2026-01-03 16:44:25 -05:00
kaitranntt 944f5c0fb0 feat(cliproxy): add doctor subcommand for quota diagnostics
Add `ccs cliproxy doctor` command that:
- Fetches quota for all Antigravity accounts in parallel
- Shows per-account quota status with visual bars
- Detects shared GCP projects (critical failover limitation)
- Warns when accounts share same quota pool

Part of #252 antigravity failover enhancement.
2026-01-03 16:34:49 -05:00
kaitranntt 24847f5804 feat(quota): add fetchAllProviderQuotas and findAvailableAccount
Add functions for multi-account quota fetching and auto-failover support:
- fetchAllProviderQuotas: Fetch quota for all accounts with project grouping
- findAvailableAccount: Find account with remaining quota for auto-switch
- readProjectIdFromAuthFile: Quick project ID read without API call

Detects accounts sharing same GCP project (failover won't help).
Part of #252 antigravity failover enhancement.
2026-01-03 16:31:20 -05:00
Kai (Tam Nhu) TranandGitHub e95c2cdf4c Merge pull request #260 from kaitranntt/fix/api-socket-connection
fix(cliproxy): proactive token refresh to prevent UND_ERR_SOCKET
2026-01-03 09:49:25 -08:00
kaitranntt a6a653f145 fix(cliproxy): proactive token refresh to prevent UND_ERR_SOCKET
When Gemini OAuth tokens expire, CLIProxyAPI attempts synchronous
refresh during API calls. If this fails or times out, the socket
connection closes abruptly causing Claude CLI's undici to report
UND_ERR_SOCKET errors.

This fix adds proactive token validation before spawning Claude CLI:
- New gemini-token-refresh.ts module handles Gemini OAuth refresh
- ensureTokenValid() in token-manager.ts checks expiry with 5min lead
- cliproxy-executor.ts calls ensureTokenValid() after auth check

The token is now refreshed BEFORE Claude CLI connects, eliminating
the race condition that caused socket errors.

Fixes #256
2026-01-03 12:47:50 -05:00
kaitranntt 7bb7ccc27f fix(cliproxy): extract unique accountId from token filename for Kiro/GHCP
When OAuth accounts have empty email fields (Kiro/GHCP), the accountId
was defaulting to 'default', causing multiple accounts to overwrite
each other. Now extracts unique ID from filename pattern:
- kiro-github-<PROFILE_ID>.json → github-<PROFILE_ID>
- ghcp-amazon-<PROFILE_ID>.json → amazon-<PROFILE_ID>

Fixes #258
2026-01-03 11:51:26 -05:00
kaitranntt 0e58d0e8b7 fix(cliproxy): add management_key support for remote proxy auth separation
- Add management_key field to CliproxyServerConfig for separate management API auth
- Update proxy-target-resolver with buildManagementHeaders() for /v0/management/* endpoints
- Update stats-fetcher and remote-auth-fetcher to use management headers
- Add management_key input field to dashboard remote proxy settings
- Disable quota UI in remote mode (tokens on remote server)
- Fix preset application to use dynamic API key from config instead of hardcoded placeholder
2026-01-02 22:31:28 -05:00