Commit Graph
344 Commits
Author SHA1 Message Date
Tam Nhu Tran 7bbf32ae9a feat(cliproxy): source model pickers from upstream catalogs
- fetch live provider model definitions through /api/cliproxy/catalog

- overlay CCS preset metadata without keeping UI dropdowns as the source of truth

- wire /cliproxy and quick setup to the upstream-backed catalog path
2026-04-08 17:23:35 -04:00
Tam Nhu Tran 6c799b2e58 feat(logging): unify CCS runtime logs and dashboard viewer
- add a shared structured logging service with bounded retention

- expose native /api/logs endpoints and the dashboard /logs route

- wire focused runtime emitters, cleanup support, and feature tests

Refs #926
2026-04-08 15:57:15 -04:00
Tam Nhu Tran 64ecd8b3dc feat(image-analysis): make MCP-first provisioning self-healing 2026-04-08 13:36:05 -04:00
Tam Nhu Tran 6393249111 feat(cliproxy): add routing guidance and strategy controls 2026-04-07 18:17:06 -04:00
Tam Nhu Tran d4f434a0e7 refactor(dashboard): use shared token fingerprinting for auth detection
Replace local mtime-only ProviderTokenSnapshot type and
listProviderTokenSnapshots/findNewTokenSnapshotForPendingAuth in
cliproxy-auth-routes with shared implementations from token-manager.
Ensures dashboard parity with CLI-side SHA-256 fingerprint detection.
2026-04-07 09:44:59 -04:00
Tam Nhu Tran 1603f19388 fix(usage): block remote refresh without auth 2026-04-07 07:04:57 -04:00
Tam Nhu Tran 5fbe731341 fix(web-server): block remote dashboard writes 2026-04-07 06:10:41 -04:00
Tam Nhu Tran 431c22a16a fix(dashboard): gate remote read-only auth 2026-04-07 05:19:44 -04:00
Tam Nhu Tran d130972916 feat(dashboard-auth): clarify remote dashboard login flow
- add explicit access modes so remote users see setup guidance instead of an ambiguous login

- redesign the login page with remote setup messaging, password visibility, and light/dark controls

- cover the access-state contract and login UI with focused tests
2026-04-06 17:01:49 -04:00
Tam Nhu Tran f40d435a92 fix(kiro): harden idc and callback auth paths
- keep headless paste routing aligned with the selected Kiro auth method

- validate local callback replay targets and add prompt cancellation safeguards

- wire IDC params through the dashboard start route and support equals-form CLI flags
2026-04-05 02:04:11 -04:00
Tam Nhu Tran 0fbea0f335 fix(kiro): align auth flows with CLIProxyAPIPlus
- auto-select Builder ID for the default Kiro AWS auth flow

- support IDC auth flags and callback-based Kiro paste replay

- update regression coverage for Kiro auth routing
2026-04-05 02:04:11 -04:00
Tam Nhu Tran 2830c2ae9e feat(auth): add resume lane diagnostics and recovery
- add runtime-aware resume lane diagnostics and auth backup flows

- warn when account resume uses a different plain ccs continuity lane

- surface lane mismatch guidance in the accounts dashboard, docs, and tests
2026-04-04 12:17:32 -04:00
Tam Nhu Tran 01313a5a8e fix(auth): harden delayed oauth token registration 2026-04-04 00:37:04 -04:00
Tam Nhu Tran e2e5d99465 fix(auth): wait for polled oauth token persistence 2026-04-04 00:08:46 -04:00
Tam Nhu Tran 77b488f8b1 fix(image-analysis): harden runtime and provisioning 2026-04-02 18:36:19 -04:00
Tam Nhu Tran 813b2dd4d0 feat(image-analysis): add provider-backed runtime 2026-04-02 15:44:13 -04:00
Tam Nhu Tran 7a783d0714 fix(settings): restore image tab scrolling and dev websocket routing
- route dashboard WebSocket traffic through /ws to avoid Vite HMR collisions

- run the dev entrypoint with node so bun run dev stays stable in this repo

- restore the Image settings scroll container contract and add regression coverage
2026-04-01 16:57:30 -04:00
Tam Nhu Tran 36acf9f190 Merge remote-tracking branch 'origin/dev' into kai/feat/867-image-analysis-backend-status 2026-04-01 16:49:21 -04:00
Tam Nhu Tran 982ffc5895 feat(image): add native-read controls and autosave settings
- add per-profile native image preferences and native-capability detection
- redesign Settings -> Image around compact sections with Web-style autosave
- expose richer backend/profile status and update Gemini Flash defaults
2026-04-01 15:32:37 -04:00
Tam Nhu Tran 9d1d281e34 feat(image-analysis): add dedicated dashboard settings 2026-04-01 15:32:37 -04:00
Tam Nhu Tran 1a01c6fc68 fix(image-analysis): surface runtime readiness 2026-04-01 15:32:37 -04:00
Tam Nhu Tran d394772f7c fix(image-analysis): preview backend status safely 2026-04-01 15:32:37 -04:00
Tam Nhu Tran ae459fc3d7 feat(image-analysis): resolve backend status per profile 2026-04-01 15:32:37 -04:00
Tam Nhu Tran 3246c40319 feat(codex-dashboard): add manual long-context controls 2026-04-01 14:57:56 -04:00
Kai (Tam Nhu) TranandGitHub e226a4d161 Merge pull request #866 from kapdon/review/docker-cliproxy-cors
fix(docker): proxy CLIProxy management panel through dashboard to avoid cross-origin errors
2026-04-01 11:52:59 -04:00
Tam Nhu Tran 27409b789b fix(docker): harden proxy with timeout, Bun compat, and test coverage
- Add 30s timeout on proxy requests to prevent indefinite hangs
- Wrap resolveLocalCliproxyPort in try/catch with default port fallback
- Simplify buildProxyBody: remove fragile content-length check that
  caused Bun to fall through to req.pipe() on consumed streams
- Replace proxyRes.pipe(res) with manual streaming for Bun compatibility
  (pipe hangs after writeHead in Bun runtime)
- Replace deprecated req.on('aborted') with res.on('close') cleanup
  (req.on('close') fires with req.destroyed=true in Bun after body
  consumption, prematurely destroying the proxy connection)
- Explicitly end proxy request for bodyless methods (GET/HEAD/OPTIONS)
  instead of piping an already-consumed express stream
- Add server.closeAllConnections() in test cleanup to prevent hangs
- Add GET passthrough and 502 unreachable test cases
2026-04-01 11:39:34 -04:00
Tam Nhu Tran ca54bad2aa fix(codex): harden native runtime detection 2026-04-01 01:39:14 -04:00
UserandClaude Opus 4.6 6471cc55d7 fix(docker): harden cliproxy local proxy with auth guard, dynamic port, and body handling
Move reverse proxy under /api/cliproxy-local so it sits behind auth
middleware. Enforce localhost-only access when dashboard auth is disabled.
Resolve the target port from unified config instead of hardcoding 8317.
Re-serialize parsed JSON bodies before forwarding so writes still work
behind express.json(). Clean up proxy connections on client abort.

On the frontend, point the iframe and health check at the new same-origin
API path, probe the proxy directly, and tighten iframe origin/path
validation before sending the auto-login secret.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 16:33:32 -07:00
Tam Nhu Tran c73f33872a feat(cliproxy): support duplicate-email codex accounts
- keep Codex team and personal auth files as separate identities

- resolve quota and live monitor stats by token file-backed account id

- surface duplicate-aware account labels across the dashboard and variant UI
2026-03-30 15:30:11 -04:00
UserandClaude Opus 4.6 881b061dfe fix(docker): proxy CLIProxy management panel through dashboard to avoid cross-origin errors
In Docker, the browser cannot directly reach the container-internal CLIProxy
port (8317). This adds a reverse proxy at /cliproxy-local/* that forwards
requests through the dashboard Express server to 127.0.0.1:8317 internally.
The control panel embed now uses same-origin API endpoints for health checks
and the proxy path for the management iframe.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 06:25:14 -07:00
Tam Nhu Tran bd1ff02521 fix(codex): align cliproxy guidance with runtime behavior 2026-03-29 21:04:59 -04:00
Tam Nhu Tran 0ffde4f3a2 feat(codex-ui): surface cliproxy setup guidance 2026-03-29 19:44:02 -04:00
Tam Nhu Tran 9e43beec40 feat(codex): harden runtime targeting and dashboard editing 2026-03-29 14:18:51 -04:00
Tam Nhu Tran ebc9acf8e4 fix(codex): harden dashboard config editing 2026-03-29 13:14:15 -04:00
Tam Nhu Tran b47aa0d28d feat(codex): add dashboard control center
- add guided editors for top-level settings, trust, profiles, providers, MCP, and features

- refresh raw snapshots after patch saves to avoid stale mtime conflicts

- block structured saves while raw TOML is dirty and add route plus hook coverage
2026-03-29 13:14:15 -04:00
Tam Nhu Tran 8c5da9f9e8 feat: add codex dashboard parity 2026-03-29 13:14:15 -04:00
Tam Nhu Tran f9c1238483 feat(profiles): expose codex runtime across surfaces
- update CLI, API, route, and dashboard surfaces to recognize the Codex runtime target

- normalize persisted codex targets back to claude so runtime-only behavior stays truthful

- add regression coverage for help text, route parsing, and profile storage normalization

Refs #773
2026-03-29 13:14:15 -04:00
Tam Nhu Tran 5a09547532 fix(auth): signal auth-required for remote access in /api/auth/check
The auth check endpoint always returned authRequired=false when auth
was disabled, even for remote clients. This caused the UI to render
the dashboard directly, where all data API calls return 403 silently.

Now detects remote access via isLoopbackRemoteAddress and sets
effectiveAuthRequired=true, so the UI properly redirects to the login
page. Also fixes misleading catch handler comment in auth-context.
2026-03-29 10:54:44 -04:00
Tam Nhu Tran 7d410b26d0 fix(docker): address review findings — PID guard, deleteBinary guard, blocked fallback
- Guard child.pid falsy in bootstrap (PID 0 creates immortal phantom lock)
- Add ETXTBSY/EBUSY guard to deleteBinary() (same vuln as downloadAndInstall)
- Fix error message to suggest container restart (not circular ccs docker update)
- Tighten status.blocked guard to handle missing blocker gracefully
2026-03-28 18:12:18 -04:00
Tam Nhu Tran d7a80ed38d fix(docker): use HTTP-first proxy detection in health checks
Health check used OS-level port detection (lsof/ss) which is
unavailable in minimal Alpine containers. Switched to the unified
detectRunningProxy() which tries HTTP first, then session lock,
then port-process as fallback.
2026-03-28 17:55:39 -04:00
Tam Nhu Tran 2423864817 fix(cliproxy): align gemini flash pricing and dashboard imports 2026-03-28 09:54:26 -04:00
Tam Nhu Tran 5ac91e0cac fix(cliproxy): align gemini 3.1 preset compatibility 2026-03-27 16:39:40 -04:00
Tam Nhu Tran dff40b5e24 fix(websearch): align provider validation metadata 2026-03-27 14:49:00 -04:00
Tam Nhu Tran 4ccc3edcbb fix(websearch): restrict dashboard secrets routes 2026-03-27 14:14:23 -04:00
Tam Nhu Tran 20c48c6105 feat(websearch): manage provider API keys in dashboard
- add masked dashboard-managed API key state for Exa, Tavily, and Brave
- persist WebSearch keys through global_env while keeping WebSearch as the UX surface
- treat dashboard-managed keys as ready in status checks and cover the flow with route/UI tests
2026-03-27 13:25:26 -04:00
Tam Nhu Tran 368a625d92 fix(cliproxy): restore live monitor provider attribution 2026-03-26 17:18:47 -04:00
Tam Nhu Tran ce4401e84e feat(auth): let power user mode skip Gemini auth gate 2026-03-26 15:03:24 -04:00
Tam Nhu Tran ec1417ab7c fix(channels): reject oversized official channel tokens
Add a 4096-character cap before persisting official channel tokens, map that validation failure to HTTP 400 in the dashboard route, and cover both paths with regression tests.
2026-03-25 22:38:15 -04:00
Tam Nhu Tran 3af554275e test: isolate shared-state test suites for CI stability
- add dependency injection to export-command, binary-manager,
  codex-plan-compatibility, config-command, and usage-syncer
- override process.exit in api-export test to prevent silent
  termination in Bun's parallel test runner
- harden test-environment bootstrap with process.env isolation
- fix auth middleware to avoid config upgrade during checks
2026-03-25 16:41:41 -04:00
Tam Nhu Tran a97fc42b10 feat(channels): auto-enable official Claude channels 2026-03-25 16:31:55 -04:00