Commit Graph
1562 Commits
Author SHA1 Message Date
Kai (Tam Nhu) TranandGitHub b7d5ce178a fix(cursor-daemon): auto-generate token + expose for callers (#1384)
PRs #1373/#1377 gated cursor daemon endpoints behind a token check, but
startDaemon() did not generate or expose a token. Health-check probing
during startup then 401'd against the new auth, so startDaemon waited 30s
then reported failure. Same for tests asserting /404 and validation
behavior — they couldn't reach the downstream logic past the 401 gate.

- Auto-generate a 32-byte hex token in startDaemon when caller did not
  provide one
- Return daemonToken in startDaemon result so callers/tests can attach it
- Update integration tests to include x-ccs-cursor-token header
2026-05-23 22:07:15 -04:00
Kai (Tam Nhu) TranandGitHub b63943eb45 fix(browser): track explicit devtools_port from config (#1383)
#1369 unconditionally set hasExplicitDevtoolsPort=false for config-attach,
which broke users who explicitly set devtools_port in config. Now track
whether config.claude.devtools_port was actually provided.
2026-05-23 21:55:02 -04:00
Kai (Tam Nhu) TranandGitHub f985cec3ff fix(browser): avoid implicit explicit devtools port for config attach (#1369)
* fix(browser): avoid implicit explicit devtools port for config attach

* style: apply prettier formatting
2026-05-23 21:46:04 -04:00
Kai (Tam Nhu) TranandGitHub 55cd78bce4 fix: create explicit CODEX_HOME with secure permissions (#1380) 2026-05-23 21:45:12 -04:00
Kai (Tam Nhu) TranandGitHub 90d5ca2cbb fix(proxy): honor backpressure in cliproxy local streaming (#1379) 2026-05-23 21:45:09 -04:00
Kai (Tam Nhu) TranandGitHub 0db9705d75 fix(claude-extension): enforce private permissions for settings writes (#1378) 2026-05-23 21:45:07 -04:00
Kai (Tam Nhu) TranandGitHub 210ab761e2 fix(cursor): enforce auth token for anthropic daemon route (#1377) 2026-05-23 21:45:05 -04:00
Kai (Tam Nhu) TranandGitHub 781c84b04b fix: narrow legacy GLMT base URL normalization (#1376)
* fix: narrow legacy glmt base url normalization

* style: apply prettier formatting
2026-05-23 21:45:02 -04:00
Kai (Tam Nhu) TranandGitHub b0a754179c fix(codex): cap buffered upstream error response size (#1375) 2026-05-23 21:45:00 -04:00
Kai (Tam Nhu) TranandGitHub 03a30119d9 fix(cursor): authenticate local daemon health/runtime traffic (#1373) 2026-05-23 21:44:55 -04:00
Kai (Tam Nhu) TranandGitHub e6f764c79b fix(cursor): block cross-origin runtime probe requests (#1371) 2026-05-23 21:44:50 -04:00
Kai (Tam Nhu) TranandGitHub 4e7894a3da fix: honor browser eval env override in attach config (#1368) 2026-05-23 21:44:44 -04:00
Kai (Tam Nhu) TranandGitHub 2188cdc990 fix(cliproxy): clean up upstream proxy on response disconnect (#1361)
* fix(cliproxy): clean up upstream proxy on response disconnect

* style: apply prettier formatting
2026-05-23 21:44:37 -04:00
Kai (Tam Nhu) TranandGitHub e658e838f9 fix(cliproxy): scrub GitLab PAT env after token-login auth (#1360)
* fix(cliproxy): scrub gitlab pat env var after auth handoff

* style: apply prettier formatting
2026-05-23 21:44:35 -04:00
Kai (Tam Nhu) TranandGitHub 2ec23c6c3a fix(sse): make CRLF normalization chunk-boundary safe (#1359)
* fix(sse): handle CRLF split across chunk boundaries

* style: apply prettier formatting
2026-05-23 21:44:32 -04:00
Kai (Tam Nhu) TranandGitHub 21764d5b90 fix(web): harden localhost guard against DNS rebinding (#1357)
* fix(web): harden localhost guard against DNS rebinding

* style: apply prettier formatting
2026-05-23 21:44:19 -04:00
Kai (Tam Nhu) TranandGitHub 0bd2e577b2 fix(codex-auth): restrict symlink fallback and harden copy path (#1365) 2026-05-23 21:43:51 -04:00
Kai (Tam Nhu) TranandGitHub 9357f4df26 fix(cliproxy): redact generic token query params in oauth trace (#1364) 2026-05-23 21:39:05 -04:00
Kai (Tam Nhu) TranandGitHub d9616447f9 fix(web-server): stop startup local prefix sync secret leak (#1362) 2026-05-23 21:24:18 -04:00
Kai (Tam Nhu) TranandGitHub ab379e9e13 fix: disable docker legacy API key auth by default (#1355) 2026-05-23 21:03:24 -04:00
Kai (Tam Nhu) TranandGitHub 8335f0c73c fix(dispatcher): also treat -p as non-subcommand short for --print (#1352)
Red-team follow-up to #1341: the original fix only guarded --print but
Claude accepts -p as the short form, and CCS itself passes -p in
headless-executor.ts. Without this check the security bypass survived
via the short flag.

Added regression tests: ['-p', 'agents'], ['-p', 'doctor'], ['-p']
alone, and injector short-circuit verification for -p form.
2026-05-23 17:33:38 -04:00
Kai (Tam Nhu) TranandGitHub 9a420988bc fix(analytics): support sqlite3 path resolution on Windows and NixOS (#1354)
- Add CCS_SQLITE_BIN env-var override; validated with fs.realpathSync so
  symlinks are fully resolved before prefix check
- Reject any override whose realpath does not start under a trusted system
  prefix (prevents PATH-hijack reintroduction from #1347)
- Add TRUSTED_PREFIX_UNIX covering /nix/store/, /opt/local/ (MacPorts),
  /snap/, /run/current-system/ in addition to existing /usr/* and
  /opt/homebrew/ entries
- Add TRUSTED_PREFIX_WINDOWS covering Program Files, System32, and the
  Chocolatey managed bin dir (no canonical winget/Scoop path exists)
- Keep TRUSTED_SQLITE_PATHS_WINDOWS empty — Windows users set CCS_SQLITE_BIN
- Pass env as optional third param to querySqliteJson (backward compatible)
- Add 16-test suite covering env-var acceptance, /tmp rejection, symlink
  traversal, NixOS paths, MacPorts, Windows fallback, and prefix safety
2026-05-23 17:29:52 -04:00
Kai (Tam Nhu) TranandGitHub 5d27f10367 refactor(cliproxy): remove orphaned bg keepalive wiring (#1353)
Red-team review of #1340 found that backgroundProbe / shouldKeepSessionProxiesAlive /
startKeepAliveWatcher and related types were never reachable: the sole caller
(claude-launcher.ts) passed no hasBackgroundWorkerUsingBaseUrl detector, so
backgroundProbe was always undefined and the keepalive branch never executed.

Remove the unreachable scaffold:
- Delete CLAUDE_BG_WORKER_ARGS, hasClaudeBackgroundWorkerUsingBaseUrl{,InProcessList},
  shouldKeepSessionProxiesAlive, ShouldKeepSessionProxiesAliveOptions, and the
  SessionProxyKeepAliveOptions interface from session-bridge.ts
- Remove the backgroundProbe/startKeepAliveWatcher block and keepalive exit branch
  from setupCleanupHandlers; the function now always calls stopSessionResources on
  Claude exit
- Remove backgroundKeepAliveBaseUrl wiring from claude-launcher.ts
- Remove the execFileSync import (was only used by the deleted ps-based detector)
- Update test file: remove tests for deleted exports, keep placeholder

A trusted bg-worker detector can be re-added in a future PR if the feature is
actually needed; the keepalive logic in shouldKeepSessionProxiesAlive can be
restored then.
2026-05-23 17:29:18 -04:00
Kai (Tam Nhu) TranandGitHub 9cd9b796ca fix(models-dev): sanitize models.dev registry entries and harden pricing resolver (#1345)
* fix(models-dev): sanitize cached model entries before pricing lookup

* style: apply prettier formatting
2026-05-23 17:03:49 -04:00
Kai (Tam Nhu) TranandGitHub 825efb8b10 fix(codex-auth): stop spawning powershell in shell detection (#1348) 2026-05-23 16:56:44 -04:00
Kai (Tam Nhu) TranandGitHub 469c9ffde4 fix(analytics): harden sqlite3 invocation for native Droid usage scan (#1347)
* fix(analytics): use trusted sqlite3 binary path

* style: apply prettier formatting
2026-05-23 16:56:20 -04:00
Kai (Tam Nhu) TranandGitHub b71fe5dd6e fix(codex-quota): guard feature label type in quota windows (#1346) 2026-05-23 16:55:55 -04:00
Kai (Tam Nhu) TranandGitHub 66966f3527 fix(pricing): guard malformed models.dev model entries (#1344)
* fix(pricing): guard malformed models.dev model entries

* style: apply prettier formatting
2026-05-23 16:55:05 -04:00
Kai (Tam Nhu) TranandGitHub af7aa0c2dd fix(cliproxy): sanitize local port before config regeneration (#1342) 2026-05-23 16:54:48 -04:00
Kai (Tam Nhu) TranandGitHub fd561b59bc fix(dispatcher): treat --print as non-subcommand Claude session (#1341)
* fix(dispatcher): treat --print as non-subcommand Claude session

* style: apply prettier formatting

* fix(dispatcher): correct return type in subcommand detector

getClaudeSubcommandName returns string | null; return false (boolean)
was invalid after dev refactored isClaudeSubcommandInvocation to
delegate to it. Change to return null to preserve the --print safety
fix intent.
2026-05-23 16:54:30 -04:00
Kai (Tam Nhu) TranandGitHub f0ec820054 fix(cliproxy): disable spoofable default bg keepalive probe (#1340) 2026-05-23 16:54:13 -04:00
Kai (Tam Nhu) TranandGitHub 923bfee6fa fix: pause exhausted CLIProxy rotation accounts
Refs #1337
2026-05-23 00:08:53 -04:00
Tam Nhu Tran bbcf9e8b15 fix: mask Docker key rotation banner 2026-05-22 17:04:19 -04:00
Tam Nhu Tran 30971ebb28 fix: preserve Docker legacy API key during rotation 2026-05-22 16:49:16 -04:00
Tam Nhu Tran 37a14525cc fix: repair ccsx codex profile resources 2026-05-22 16:27:00 -04:00
Tam Nhu Tran f667628411 fix: resolve ccsx auth profiles before CCS profiles 2026-05-22 15:54:55 -04:00
Tam Nhu Tran db4b938c0e fix: treat remote-control as a Claude subcommand 2026-05-22 15:39:15 -04:00
Tam Nhu Tran 1af6625f5c feat: add OAuth paste-callback traceability 2026-05-22 14:12:53 -04:00
Kai (Tam Nhu) TranandGitHub 07cef20c76 Merge pull request #1324 from kaitranntt/kai/fix/dashboard-cliproxy-restart-button
fix: ensure dashboard cliproxy restart waits for recovery
2026-05-22 13:51:42 -04:00
Tam Nhu Tran fc5851e3a2 fix: ensure dashboard cliproxy restart waits for recovery 2026-05-22 13:37:21 -04:00
Tam Nhu Tran 6bc04dee97 fix: normalize ccsxp codex model flag aliases 2026-05-22 13:03:00 -04:00
Kai (Tam Nhu) TranandGitHub ca85d2a3aa Merge pull request #1307 from kaitranntt/codex/propose-fix-for-oauth-log-redaction-issue
fix(cliproxy): redact token-like OAuth trace snippets
2026-05-22 12:50:34 -04:00
Kai (Tam Nhu) TranandGitHub fa17ad5af1 Merge pull request #1318 from kaitranntt/kai/feat/1255-analytics-profile-filter
feat: filter analytics dashboard by profile
2026-05-22 12:38:50 -04:00
Kai (Tam Nhu) TranandGitHub d0359dc479 Merge pull request #1322 from kaitranntt/kai/feat/1304-doctor-stale-translator-paths
feat: share stale Codex translator paths with doctor
2026-05-22 12:29:11 -04:00
Tam Nhu Tran 46d73ae79f feat: share stale Codex translator path scanner 2026-05-22 12:10:54 -04:00
Tam Nhu Tran acf9fd690a fix: prevent Docker dashboard from orphaning CLIProxy 2026-05-22 12:04:28 -04:00
Kai (Tam Nhu) TranandGitHub 8e2a89ea56 Merge pull request #1316 from kaitranntt/kai/feat/1303-persist-receipt
feat: report permission mode persist receipt status
2026-05-22 11:34:24 -04:00
Kai (Tam Nhu) TranandGitHub 9aeb1c1e99 Merge pull request #1315 from kaitranntt/kai/fix/1275-codex-diagnostics-redaction
fix: redact Codex diagnostics metadata
2026-05-22 11:25:10 -04:00
Tam Nhu Tran f1d655e425 feat: filter analytics by profile 2026-05-22 11:24:21 -04:00
Tam Nhu Tran 3dc1810540 feat: report permission mode persist receipt status 2026-05-22 11:14:17 -04:00