- add guided editors for top-level settings, trust, profiles, providers, MCP, and features
- refresh raw snapshots after patch saves to avoid stale mtime conflicts
- block structured saves while raw TOML is dirty and add route plus hook coverage
- update CLI, API, route, and dashboard surfaces to recognize the Codex runtime target
- normalize persisted codex targets back to claude so runtime-only behavior stays truthful
- add regression coverage for help text, route parsing, and profile storage normalization
Refs #773
The auth check endpoint always returned authRequired=false when auth
was disabled, even for remote clients. This caused the UI to render
the dashboard directly, where all data API calls return 403 silently.
Now detects remote access via isLoopbackRemoteAddress and sets
effectiveAuthRequired=true, so the UI properly redirects to the login
page. Also fixes misleading catch handler comment in auth-context.
When the auth check API call fails (e.g., 403 from the localhost
security middleware), the catch block assumed no auth was needed and
marked the user as authenticated. This caused a silently broken
dashboard with no providers and no error feedback.
Now treats auth check failure as auth-required, redirecting to the
login page where users get a clear prompt to configure credentials.
HeroSection defaulted to '5.0.0' when version prop was undefined,
causing a misleading version badge when the overview API fails (e.g.,
403 from remote access without auth). Now hides the badge entirely
until a real version is loaded.
- add masked dashboard-managed API key state for Exa, Tavily, and Brave
- persist WebSearch keys through global_env while keeping WebSearch as the UX surface
- treat dashboard-managed keys as ready in status checks and cover the flow with route/UI tests
- add regression coverage for runtime, api create flags, and help text
- add provider-editor tests for multi-key [1m] state and preset preservation
Refs #789
- centralize Anthropic model-key [1m] handling in shared helpers
- keep dashboard preset and editor writes consistent across all Claude tiers
- add explicit api create and help guidance for --1m/--no-1m
Refs #789
- replace the Discord-only config with multi-channel official channels selection
- add Telegram token handling and iMessage platform-aware runtime gating
- expand CLI, dashboard, and tests for Telegram, Discord, and iMessage
Refs #783
- add runtime injection for official Discord Channels on eligible native Claude sessions
- add CLI and dashboard configuration plus secure token handling
- add tests for launch planning, token sync, and config routing
Refs #783
- prevent the providers page from introducing nested overflow
- show a select-profile state when profiles already exist
- localize the new quick-start and AI Providers copy