- Wrap JSON.parse in try-catch with clear error message for malformed JSON
- Add iflow, kiro, ghcp providers to CLIProxyVariantConfig type
- Make settings optional in CLIProxyVariantConfig (was required with empty string fallback)
- Remove unsafe type cast in loadConfigSafe()
Addresses additional edge cases from PR #215 code review.
Recovery failures (permission errors, disk full) no longer block
--version/--help commands. Recovery is best-effort - warns on failure
but allows basic CLI functionality to continue.
Fixes edge case identified in PR #215 code review.
Fixes#214 - Fresh install fails with 'Config not found' when running
ccs config before RecoveryManager runs.
Changes:
- Move RecoveryManager.recoverAll() before all early-exit commands in ccs.ts
- Fix loadConfigSafe() to return empty config instead of throwing in legacy mode
- Add getActiveConfigPath() for mode-aware config path resolution
- Rename cliproxy getConfigPath() to getCliproxyConfigPath() to avoid confusion
- Update help-command.ts to show correct config path based on mode
This ensures all commands benefit from auto-recovery on fresh installs,
and gracefully handles missing config files in all code paths.
The try/catch around loadConfig() in getSettingsPath() was ineffective
because process.exit() cannot be caught by try/catch - it terminates
the process immediately.
Replace with inline safe logic that:
1. Checks if config.json exists with fs.existsSync()
2. Reads and parses JSON manually
3. Uses isConfig() type guard for validation
4. Properly catches JSON parse errors
This ensures unified mode users don't crash when falling back to check
legacy config.json for profiles not found in config.yaml.
Add loadConfigSafe() function that handles both unified (config.yaml) and
legacy (config.json) config formats. Uses throwable errors instead of
process.exit() so try/catch blocks work properly in web server routes.
Updated files to use loadConfigSafe():
- overview-routes.ts: Dashboard overview API
- route-helpers.ts: readConfigSafe() helper
- profile-reader.ts: API profile reading
- profile-writer.ts: API profile writing
- variant-config-adapter.ts: CLIProxy variant config
Fixes#206 (Problem 2: config.json not found when user has config.yaml)
- Add SIGKILL escalation after 3s SIGTERM timeout in session-tracker
- Auto-stop running proxy before binary update in binary-manager
- Add waitForPortFree utility to port-utils
- Detect version mismatch on startup and auto-restart outdated proxy
- Store and expose version in session lock for detection
Fixes issue where old proxy version continues running after update,
causing UI to show different version than actually running.
Linux kernel truncates process names to 15 chars, causing
'cli-proxy-api-plus' to appear as 'cli-proxy-api-p' in lsof output.
Switch from exact whitelist to prefix matching for robust detection.
- Check config.yaml first (v2 format), fallback to config.json (legacy)
- Make glm.settings.json and kimi.settings.json optional
- Only validate settings files if they exist
- Fix false positives: postinstall no longer creates these files
Fixes health check reporting errors for missing files that are now
optional and created on-demand when user configures a profile.
Two bugs caused the health check to incorrectly report "Proxy not running":
1. lsof command used mutually exclusive flags (-t and -F)
- Removed -t flag since -F already provides structured output
2. isCLIProxyProcess whitelist was missing common binary names
- Added: cliproxyapi, cli-proxy-api-plus (and .exe variants)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Reduce config.yaml header from 26 lines to 2 lines
- Replace auto-save on blur with explicit Save button in Auth section
- Add hasChanges detection to enable/disable Save button
- Remove unused saveApiKey and saveSecret functions
- GET /api/settings/auth/tokens - masked token status
- GET /api/settings/auth/tokens/raw - unmasked (Cache-Control: no-store)
- PUT /api/settings/auth/tokens - update API key or management secret
- POST /api/settings/auth/tokens/regenerate-secret - generate secure secret
- POST /api/settings/auth/tokens/reset - reset to defaults
- overview-routes: Use ProfileRegistry for account count, merge both
legacy and unified sources
- file-watcher: Add config.yaml to watch list for real-time updates
in unified mode
Related to #203
Dashboard accounts page was only reading from profiles.json, ignoring
accounts stored in config.yaml when in unified mode. This caused
accounts created via CLI to be invisible in the dashboard.
- Use ProfileRegistry instead of direct file access
- Merge legacy and unified accounts (unified takes precedence)
- Set default via unified config when in unified mode
Fixes#203
Call initUI() at the start of main() to ensure chalk is loaded
before any status messages. Previously, colors only worked when
an update notification was displayed because showUpdateNotification()
was the only place calling initUI().
Fixes#201
When CCS updates trigger CLIProxy config regeneration, user-added API
keys in ~/.ccs/cliproxy/config.yaml were being overwritten with only
the internal CCS key.
Changes:
- Add parseUserApiKeys() to extract user keys from existing config
- Modify regenerateConfig() to preserve user API keys alongside port
- Update generateUnifiedConfigContent() to accept userApiKeys param
- Add comprehensive test suite (14 tests) for key preservation
Fixes#200
Add three new Anthropic-compatible API providers as presets:
- Minimax: M2.1/M2.1-lightning/M2 models with 1M context
- DeepSeek: V3.2 and R1 reasoning model (128K context)
- Qwen: Alibaba Cloud qwen3-coder-plus (256K context)
Closes#123
- variant-settings.ts: Use expandPath() in deleteSettingsFile()
- profile-writer.ts: Use expandPath() in removeApiProfileUnified()
- migration-manager.ts: Remove local expandPath(), import from helpers
All path expansion now uses the central expandPath() from utils/helpers.ts
which handles ~, ~\, ${VAR}, $VAR, and %VAR% on all platforms.
- Check legacy config.json/profiles.json in isFirstTimeInstall()
- Use expandPath() for cross-platform path handling in profile-detector
- Add pre-flight API key validation for better error messages
- Enhance 401 error handling with Z.AI refresh guidance
Fixes#195
- Change default to noIncognito=true (normal browser) for reliability
- Always print OAuth URL to terminal for VS Code popup detection
- Move incognito toggle from Proxy settings to Kiro provider page
- Add --incognito flag to opt into incognito mode (was --no-incognito)
- Update help text to reflect new defaults
- Add "Kiro: Use normal browser" toggle in config dashboard (Proxy section)
- Add --no-incognito documentation to ccs --help output
- Show hint after successful Kiro auth about saving AWS credentials
Kiro OAuth always opens in incognito browser mode, which doesn't save
login credentials. Users need to re-enter email each authentication.
Changes:
- Add noIncognito option to OAuthOptions interface
- Add kiro_no_incognito config option to CLIProxyConfig
- Pass --no-incognito flag to CLIProxyAPI binary when enabled
- Support both CLI flag (--no-incognito) and config.yaml setting
Usage:
- CLI: ccs kiro --auth --no-incognito
- Config: cliproxy.kiro_no_incognito: true in config.yaml
Enables running multiple CLIProxy variants simultaneously on different
ports. Each variant now gets a unique port in the 18100-18199 range,
allowing concurrent use of providers like Gemini + Codex + custom variants.
Key changes:
- Add port field to variant config schema
- Implement automatic port allocation (18100 + variant index)
- Support variant-specific settings paths in config generator
- Display port in dashboard UI for debugging
- Show all models in variant editor dropdown
- Add comprehensive tests for port allocation edge cases
Closes related variant isolation work.
Device Code flows (Qwen, GHCP) may require interactive terminal input
before generating the device code. For example, Qwen prompts for email.
Previously, all auth processes used piped stdin which blocked user input.
Now Device Code flows use 'inherit' for stdin, allowing users to respond
to prompts directly in the terminal.
Authorization Code flows (Gemini, Codex) still use piped stdin for
programmatic project selection.
Closes#188
- Fix port default logic: HTTP→8317, HTTPS→443 (was always 8317)
- Fix enabled:false being ignored in proxy config resolution
- Update stale comments referencing HTTP:80 to HTTP:8317
- Add 9 unit tests for edge cases (enabled handling, port defaults)
When authenticating with GitHub Copilot using device code flow,
the user code was not being displayed. This fix:
- Parses device codes from CLIProxy output in oauth-process.ts
- Displays code prominently in CLI terminal with box formatting
- Broadcasts device code events via WebSocket for UI display
- Creates DeviceCodeDialog component for web UI (ccs config)
- Follows same pattern as Gemini project selection dialog
Closes#189
- setup-command.ts: Add Ctrl+C handling (UserCancelledError), port
validation (1-65535), protocol stripping from host, try-catch with
user-friendly error messages
- postinstall.js: Add ~/.ccs file check (not directory), wrap js-yaml
require in try-catch with JSON fallback, validate config.json before
migration, warn when both config files exist
- recovery-manager.ts: Verify config is loadable (not just exists),
add nested error handling for fallback write
- ccs.ts: Make first-time install hint independent of recovery status
(shows even when user manually created empty config.yaml)
All edge cases identified by code review addressed.
- Update postinstall.js to create config.yaml instead of config.json
- Update recovery-manager to create config.yaml as primary config
- Fix isFirstTimeInstall() to check for meaningful config content
(profiles, accounts, variants, oauth_accounts, remote proxy)
- Update validation to accept config.yaml OR config.json
- Preserve backward compatibility: legacy config.json is migrated
to config.yaml on first run via autoMigrate()
- Update postinstall tests to verify config.yaml creation
Fixes#142 - remote CLIProxyAPI configuration
- Add categorized error detection for socket, timeout, HTTP, and redirect errors
- Implement smarter exponential backoff (longer delays for socket errors)
- Increase max retries from 3 to 5 with dynamic timeout adjustment
- Add resource cleanup (disable connection pooling for clean process exit)
- Add user-friendly error messages for each error type
- Refactor fetchText/fetchJson with retry logic and proper error handling
- Set 120s timeout for large binary downloads, 15-30s for text/JSON
- Prevent double-resolution and race conditions in Promise handlers
Add Microsoft Azure AI Foundry as a provider preset for `ccs api create`.
Usage: `ccs api create --preset foundry`
This is a cleaner implementation than the postinstall-based approach,
leveraging the existing preset system.
Co-authored-by: MinhOmega <49482201+MinhOmega@users.noreply.github.com>