Commit Graph
2805 Commits
Author SHA1 Message Date
Tam Nhu Tran bcbf8a236d fix(ai-review): increase max-turns to 40 and add hotfix commitlint type
- Bump --max-turns 30→40 for comprehensive single-reviewer prompt
- Add 'hotfix' to commitlint allowed types (already in .releaserc.cjs)
2026-03-29 13:01:55 -04:00
Tam Nhu Tran fb8b26c694 fix(ai-review): revert to single-job review with enhanced prompt
Multi-job parallel pipeline proved too fragile for CI:
- Agent tool unavailable in claude-code-action
- 6-job workflow: artifact passing failures, turn budget exhaustion
- GLM API errors cascade across jobs

Reverts to proven single-job architecture. Keeps enhanced prompt
combining security, quality, and CCS compliance scopes.
2026-03-29 13:00:09 -04:00
semantic-release-bot fa0b393def chore(release): 7.62.1 [skip ci]
## [7.62.1](https://github.com/kaitranntt/ccs/compare/v7.62.0...v7.62.1) (2026-03-29)

### Bug Fixes

* **ai-review:** bump orchestrator max-turns 20→25 for large PR merges ([106067f](https://github.com/kaitranntt/ccs/commit/106067fefb99844a0ee83b79cccc803fe660e664))
* **ai-review:** increase turn budget and improve fallback extraction ([1c4fc96](https://github.com/kaitranntt/ccs/commit/1c4fc96d33413efdae0223a3b7db0cab2a14bcec))
2026-03-29 16:41:38 +00:00
Kai (Tam Nhu) TranandGitHub c269fb342f Merge pull request #847 from kaitranntt/dev
fix(ai-review): increase turn budget and improve fallback extraction
2026-03-29 12:40:02 -04:00
github-actions[bot] a7a70c80fd chore(release): 7.62.0-dev.1 [skip ci] 2026-03-29 16:37:31 +00:00
Kai (Tam Nhu) TranandGitHub d3cd84e4a3 Merge pull request #846 from kaitranntt/kai/fix/ai-review-turn-budget-and-fallback
fix(ai-review): increase turn budget and improve fallback extraction
2026-03-29 12:35:52 -04:00
Tam Nhu Tran 106067fefb fix(ai-review): bump orchestrator max-turns 20→25 for large PR merges 2026-03-29 12:33:38 -04:00
Tam Nhu Tran 1c4fc96d33 fix(ai-review): increase turn budget and improve fallback extraction
- Increase per-reviewer max-turns 25→40 (security review hit limit on
  large PRs like codex runtime with ~5000 line diff)
- Increase orchestrator max-turns 15→20
- Improve fallback extraction: concatenate ALL assistant messages (not
  just last) when reviewer hits turn limit without writing output file
- Add descriptive prefix to fallback output explaining why extraction
  was needed (e.g., "hit turn limit", "no execution log")
- Ensures something meaningful is posted even when CI jobs fail
2026-03-29 12:21:28 -04:00
semantic-release-bot c1c17b3f0d chore(release): 7.62.0 [skip ci]
## [7.62.0](https://github.com/kaitranntt/ccs/compare/v7.61.1...v7.62.0) (2026-03-29)

### Features

* **ai-review:** parallel subagent review pipeline ([ce023aa](https://github.com/kaitranntt/ccs/commit/ce023aa8f40bad7b6851779700bf59b8739cfb5c)), closes [#837](https://github.com/kaitranntt/ccs/issues/837)
* **ai-review:** workflow-level parallel review jobs ([8c371e7](https://github.com/kaitranntt/ccs/commit/8c371e73a38389b579fb2ecbfea20c1f4b8d630a)), closes [#843](https://github.com/kaitranntt/ccs/issues/843)

### Bug Fixes

* **ai-review:** address all review findings — restore allowedTools, add fallbacks ([36e8cc4](https://github.com/kaitranntt/ccs/commit/36e8cc47d934ca798d92637079ba39d101eba164))
* **ai-review:** use printf for subagent prompt outputs, match existing pattern ([d2510fc](https://github.com/kaitranntt/ccs/commit/d2510fc860628ea8c10c30da8d9fb7a6d2d86297))
* **auth:** signal auth-required for remote access in /api/auth/check ([5a09547](https://github.com/kaitranntt/ccs/commit/5a09547532754da21faacb5351cc3538a9db05a4))
* **cliproxy:** align gemini 3.1 preset compatibility ([5ac91e0](https://github.com/kaitranntt/ccs/commit/5ac91e0cac6cb4acc9f26f9461943788d5c43ae6))
* **cliproxy:** align gemini flash pricing and dashboard imports ([2423864](https://github.com/kaitranntt/ccs/commit/2423864817bd045e04f76f5905c2e09c6748a687))
* **cliproxy:** centralize gemini compatibility and fallback hints ([2251312](https://github.com/kaitranntt/ccs/commit/2251312411f1e2b8f04844efa4a6ca2a07229a4e))
* **cliproxy:** guard binary install against ETXTBSY when running ([5eac9c5](https://github.com/kaitranntt/ccs/commit/5eac9c584ac67382c71510489578644c81ed01f8))
* **cliproxy:** resolve gemini presets from live models ([934e6ab](https://github.com/kaitranntt/ccs/commit/934e6ab52b7bc80dd3876b6fe7c75803f0392d82))
* **docker:** address review findings — PID guard, deleteBinary guard, blocked fallback ([7d410b2](https://github.com/kaitranntt/ccs/commit/7d410b26d04b72bfa77b98334a8b3fcbb4dfb3d8))
* **docker:** address review findings — test, docs, bcrypt path ([cd09b84](https://github.com/kaitranntt/ccs/commit/cd09b845daed75dde6fd4248fac8450837974513))
* **docker:** include docker/ assets in npm package ([50b5660](https://github.com/kaitranntt/ccs/commit/50b56600ddc38b85c9308cb9d541b15720aaf5ce)), closes [#829](https://github.com/kaitranntt/ccs/issues/829)
* **docker:** print auth setup reminder after remote deployment ([59be7f8](https://github.com/kaitranntt/ccs/commit/59be7f8682c4be95886728555fd1567ea1faf7cf))
* **docker:** register session lock from bootstrap for proxy discovery ([a0f28f8](https://github.com/kaitranntt/ccs/commit/a0f28f8807dff5036f94183e8f12cd0cd36505af))
* **docker:** use export for remote env vars and increase build timeout ([60167d3](https://github.com/kaitranntt/ccs/commit/60167d3f2b3a1d94392d888e7cc5859372beac39)), closes [#832](https://github.com/kaitranntt/ccs/issues/832)
* **docker:** use HTTP-first proxy detection in health checks ([d7a80ed](https://github.com/kaitranntt/ccs/commit/d7a80ed38d61204479bd8fb971b656a35e705d42))
* **docker:** wrap session registration in try-catch and narrow ETXTBSY guard ([e8b7ac7](https://github.com/kaitranntt/ccs/commit/e8b7ac730f108a2ef9393767e070c7703c16e557))
* harden CCS backlog sync pagination and recovery ([e661772](https://github.com/kaitranntt/ccs/commit/e6617726cb9fcbeefd64d57d3f001fe381099607))
* **ui:** hide version badge when API fails instead of showing v5.0.0 ([efe6953](https://github.com/kaitranntt/ccs/commit/efe6953da06263d4fdb03468f0c0f7385523cb17))
* **ui:** redirect to login when auth check fails from remote access ([e9fceed](https://github.com/kaitranntt/ccs/commit/e9fceed80716b4e032e4ad0eca65b5fb005f02ae))
* **websearch:** avoid partial settings-hook migration ([fbbdd80](https://github.com/kaitranntt/ccs/commit/fbbdd8083028ee6eb43d2f939212e8f63910453c))
* **websearch:** harden settings-profile hook setup ([0e6965d](https://github.com/kaitranntt/ccs/commit/0e6965d205c06667e9fe43205d8fadcfa4278aa7))
* **websearch:** install hook for settings profiles ([39a3e9d](https://github.com/kaitranntt/ccs/commit/39a3e9dfc09eacddd1ca2e11fbc8ea7585e64bbb))
* **websearch:** restore hook recovery and force register ([0821c68](https://github.com/kaitranntt/ccs/commit/0821c68559d7dac6dc3cd0bd1062f0b2889fc774))

### Documentation

* **docker:** add post-deployment guide for auth, token migration, and verification ([c26efae](https://github.com/kaitranntt/ccs/commit/c26efae72ad664f9c8b5a85168704bc7fee7533f)), closes [#841](https://github.com/kaitranntt/ccs/issues/841)
* **docker:** use docker cp for token migration and fix bcrypt command ([f8c43a3](https://github.com/kaitranntt/ccs/commit/f8c43a374d68b1e8bd1c4fd18b1ab1a903116a60))

### Styles

* **ai-review:** add emojis to orchestrator output format sections ([86f45c2](https://github.com/kaitranntt/ccs/commit/86f45c22741841db64937bc98b9a5d211340f2e4))

### Code Refactoring

* **ai-review:** matrix strategy + orchestrator AI merge ([97f07c2](https://github.com/kaitranntt/ccs/commit/97f07c2b121b85ad05a931b16fe2f348755a5e55))
* **ai-review:** remove redundant allowedTools, enforce subagent dispatch ([d67fa35](https://github.com/kaitranntt/ccs/commit/d67fa350b8bd1c2ada0577c22a70908284adcb1c))
* **ai-review:** switch --allowedTools to --tools for actual restriction ([53ad283](https://github.com/kaitranntt/ccs/commit/53ad2836c4cedca8dcc819f003f1526b2cc0a31c))

### Tests

* **auth:** verify effectiveAuthRequired logic for remote vs local access ([a23caf0](https://github.com/kaitranntt/ccs/commit/a23caf00513411132a7d28b12f40a51476a69790))
* **docker:** add regression test for bundled asset availability ([13254f2](https://github.com/kaitranntt/ccs/commit/13254f28a6d6170fe0a46ed2ed2326441cc2d717))
* **docker:** add tests for health check port detection and ETXTBSY guard ([a517c50](https://github.com/kaitranntt/ccs/commit/a517c506cbcb7e6993f458b24048c9ccccb9faf5))
* **docker:** update executor tests for export syntax and build timeout ([cbe93d4](https://github.com/kaitranntt/ccs/commit/cbe93d4f7643091fbdc1c0073c5e05bef4b2eac5))
2026-03-29 15:46:52 +00:00
Kai (Tam Nhu) TranandGitHub dc51cb1e2f Merge pull request #845 from kaitranntt/dev
feat(release): promote dev to main — v7.62.0
2026-03-29 11:45:17 -04:00
github-actions[bot] db2b600250 chore(release): 7.61.1-dev.8 [skip ci] 2026-03-29 15:32:24 +00:00
Kai (Tam Nhu) TranandGitHub 5c848558f4 Merge pull request #842 from kaitranntt/kai/docs/841-docker-deployment-guide
fix(docker): add auth guide, fix remote dashboard access, and improve deployment UX
2026-03-29 11:30:50 -04:00
Tam Nhu Tran f8c43a374d docs(docker): use docker cp for token migration and fix bcrypt command
Replace direct volume mountpoint writes (requires root) with docker cp
which works without elevated permissions. Fix malformed npx bcrypt
command — use require('bcrypt') with Node module resolution. Add
security note about not committing password hashes to docker-compose.
2026-03-29 11:17:38 -04:00
Tam Nhu Tran a23caf0051 test(auth): verify effectiveAuthRequired logic for remote vs local access
Cover all 4 combinations: localhost+disabled, remote+disabled,
remote+enabled, localhost+enabled. Also tests isLoopbackRemoteAddress
helper for IPv4, IPv6, mapped addresses, LAN, and undefined.
2026-03-29 11:17:24 -04:00
Tam Nhu Tran cd09b845da fix(docker): address review findings — test, docs, bcrypt path
- Add test assertion for --host auth reminder message
- Use Node module resolution for bcrypt in README (not hardcoded path)
- Replace cat|grep with direct grep in verification commands
2026-03-29 10:55:10 -04:00
Tam Nhu Tran 5a09547532 fix(auth): signal auth-required for remote access in /api/auth/check
The auth check endpoint always returned authRequired=false when auth
was disabled, even for remote clients. This caused the UI to render
the dashboard directly, where all data API calls return 403 silently.

Now detects remote access via isLoopbackRemoteAddress and sets
effectiveAuthRequired=true, so the UI properly redirects to the login
page. Also fixes misleading catch handler comment in auth-context.
2026-03-29 10:54:44 -04:00
Tam Nhu Tran 59be7f8682 fix(docker): print auth setup reminder after remote deployment
Users deploying via ccs docker up --host see "Docker stack is running"
but hit a broken dashboard because auth is required for remote API
access. Now prints a reminder with the exact command to configure auth.
2026-03-28 21:22:20 -04:00
Tam Nhu Tran e9fceed807 fix(ui): redirect to login when auth check fails from remote access
When the auth check API call fails (e.g., 403 from the localhost
security middleware), the catch block assumed no auth was needed and
marked the user as authenticated. This caused a silently broken
dashboard with no providers and no error feedback.

Now treats auth check failure as auth-required, redirecting to the
login page where users get a clear prompt to configure credentials.
2026-03-28 21:22:20 -04:00
Tam Nhu Tran efe6953da0 fix(ui): hide version badge when API fails instead of showing v5.0.0
HeroSection defaulted to '5.0.0' when version prop was undefined,
causing a misleading version badge when the overview API fails (e.g.,
403 from remote access without auth). Now hides the badge entirely
until a real version is loaded.
2026-03-28 21:22:20 -04:00
Tam Nhu Tran c26efae72a docs(docker): add post-deployment guide for auth, token migration, and verification
Users deploying via ccs docker up hit silent failures when accessing
the dashboard remotely: empty providers, wrong version badge (v5.0.0),
no CLIProxy detected. Root cause is the dashboard auth middleware
blocking non-localhost API access.

Added sections:
- Dashboard auth setup (required for remote access)
- Auth token migration from previous deployments
- Post-deployment verification checklist
- Troubleshooting: empty dashboard, 0 clients, ETXTBSY race

Closes #841
2026-03-28 21:22:20 -04:00
github-actions[bot] 39a4cc3523 chore(release): 7.61.1-dev.7 [skip ci] 2026-03-29 01:13:33 +00:00
Kai (Tam Nhu) TranandGitHub 37b8acc07a Merge pull request #844 from kaitranntt/kai/feat/843-parallel-review-jobs
feat(ai-review): workflow-level parallel review jobs
2026-03-28 21:11:57 -04:00
Tam Nhu Tran 86f45c2274 style(ai-review): add emojis to orchestrator output format sections 2026-03-28 21:09:56 -04:00
Tam Nhu Tran 97f07c2b12 refactor(ai-review): matrix strategy + orchestrator AI merge
- Replace 3 duplicate review jobs with 1 matrix job (-200 lines)
  Matrix entries: Security, Quality, CCS Compliance (run in parallel)
- Restore review-prompt.md as orchestrator merge prompt
  (dedup, severity rank, unified assessment, security+CCS tables)
- Aggregate job now runs claude-code-action with orchestrator prompt
  to produce polished unified review (not just stapled sections)
- Fallback to simple concat if orchestrator fails
- Dynamic prompt access via outputs[matrix.prompt_output] syntax
2026-03-28 21:02:57 -04:00
Tam Nhu Tran 8c371e73a3 feat(ai-review): workflow-level parallel review jobs
Replace single monolithic review job with 3 parallel GitHub Actions jobs
running simultaneously. Agent tool is unavailable in claude-code-action,
so parallelism is achieved at the workflow level instead.

Pipeline: prepare → load-prompts → 3 parallel reviews → aggregate

Jobs:
- prepare: resolve PR metadata and runner (unchanged)
- load-prompts: load focused prompts from base branch (security model)
- security-review: injection, auth, race conditions, supply chain
- quality-review: error handling, false assumptions, performance
- ccs-review: CCS-specific project compliance rules
- aggregate: merge 3 outputs into single PR comment

Each reviewer runs independently with 10min timeout, 25 max-turns.
Aggregate is pure bash (no API calls) — downloads artifacts, merges,
posts/updates single deduped comment.

Closes #843
2026-03-28 20:55:42 -04:00
github-actions[bot] 9e94d06aef chore(release): 7.61.1-dev.6 [skip ci] 2026-03-29 00:28:06 +00:00
Kai (Tam Nhu) TranandGitHub 66b66583f1 Merge pull request #838 from kaitranntt/kai/feat/837-parallel-ai-review
feat(ai-review): parallel subagent review pipeline
2026-03-28 20:26:31 -04:00
Tam Nhu Tran d2510fc860 fix(ai-review): use printf for subagent prompt outputs, match existing pattern
Replace echo with printf '%s\n' for subagent prompt GITHUB_OUTPUT writes
to match the existing main prompt pattern (line 216). Prevents edge case
where echo misinterprets leading -n/-e as flags.
2026-03-28 20:24:46 -04:00
Tam Nhu Tran 53ad2836c4 refactor(ai-review): switch --allowedTools to --tools for actual restriction
--allowedTools is an approval list (skip permission prompts), redundant
with bypassPermissions. --tools is the actual availability whitelist.

Also simplified tool list: Bash sub-patterns (gh pr diff *, etc.) aren't
supported by --tools. The workflow token has contents:read only, so the
agent physically cannot push/delete/modify the repo even with full Bash.
2026-03-28 20:13:47 -04:00
Tam Nhu Tran 36e8cc47d9 fix(ai-review): address all review findings — restore allowedTools, add fallbacks
Fixes from ai-review bot feedback on PR #838:

- [HIGH] Restore --allowedTools with Agent added (was incorrectly removed,
  not redundant with bypassPermissions — it's a tool whitelist)
- [MED] Add inline fallback prompts when subagent files missing from base branch
- [MED] Add graceful degradation in orchestrator for Agent tool failures
  and empty subagent prompts
- [MED] Replace hardcoded PROMPT_EOF delimiters with random openssl-generated
  delimiters to prevent early heredoc termination
- [LOW] Add per-subagent turn budget guidance (8-10 turns each, 50 total)
- [LOW] Add "Do NOT fetch diff separately" instruction to all 4 subagent prompts
2026-03-28 19:59:35 -04:00
Tam Nhu Tran d67fa350b8 refactor(ai-review): remove redundant allowedTools, enforce subagent dispatch
- Remove --allowedTools from claude_args (redundant with bypassPermissions,
  was never actually restricting tools)
- Strengthen orchestrator prompt: MANDATORY/FORBIDDEN language for subagent
  dispatch, explicit "you MUST use Agent tool" enforcement
2026-03-28 19:50:13 -04:00
github-actions[bot] bdb7bdb101 chore(release): 7.61.1-dev.5 [skip ci] 2026-03-28 23:38:44 +00:00
Kai (Tam Nhu) TranandGitHub 73003a12a0 Merge pull request #835 from kaitranntt/kai/fix/834-docker-cliproxy-detection
fix(docker): CLIProxy detection, session lock, and binary guard for integrated stack
2026-03-28 19:37:12 -04:00
Tam Nhu Tran ce023aa8f4 feat(ai-review): parallel subagent review pipeline
Rewrite ai-review workflow to use parallel subagents for faster,
more thorough PR reviews. Splits monolithic single-agent review into
4-stage pipeline: triage → 3 parallel focused reviewers → adversarial
red-team → aggregated single comment.

Changes:
- Add Agent tool to allowedTools for subagent spawning
- Increase max-turns 30→50, timeout 15→18min for subagent overhead
- Rewrite review-prompt.md as orchestration prompt (198→93 lines)
- Create 4 focused subagent prompts in .github/review-prompts/:
  - security.md: injection, auth, race conditions, supply chain
  - quality.md: error handling, false assumptions, AI blind spots
  - ccs-compliance.md: all 12 CCS-specific project rules
  - adversarial.md: red-team gap hunter (runs after parallel phase)
- Load all subagent prompts from base branch (security model preserved)
- Scope-aware dispatch: trivial PRs skip subagents entirely

Target: reduce avg review time from ~7min to <5min.

Closes #837
2026-03-28 19:32:08 -04:00
Tam Nhu Tran a517c506cb test(docker): add tests for health check port detection and ETXTBSY guard
Cover checkCliproxyPort() with all ProxyStatus branches (running,
starting, blocked with/without blocker, free). Cover deleteBinary()
ETXTBSY guard — verifies ETXTBSY throws clear message while other
errors (ENOENT, EACCES, EBUSY) are re-thrown.
2026-03-28 19:20:05 -04:00
Tam Nhu Tran e8b7ac730f fix(docker): wrap session registration in try-catch and narrow ETXTBSY guard
Session registration in spawn handler can throw on lock contention or
disk errors — wrap in try-catch to prevent silent proxy-untracked state.

Narrow EBUSY catch to ETXTBSY only since EBUSY on non-Linux platforms
can mean mount point or directory in use, not running binary. Fix
misleading "skip" comment to say "abort".
2026-03-28 19:00:54 -04:00
Tam Nhu Tran 7d410b26d0 fix(docker): address review findings — PID guard, deleteBinary guard, blocked fallback
- Guard child.pid falsy in bootstrap (PID 0 creates immortal phantom lock)
- Add ETXTBSY/EBUSY guard to deleteBinary() (same vuln as downloadAndInstall)
- Fix error message to suggest container restart (not circular ccs docker update)
- Tighten status.blocked guard to handle missing blocker gracefully
2026-03-28 18:12:18 -04:00
Tam Nhu Tran 5eac9c584a fix(cliproxy): guard binary install against ETXTBSY when running
In Docker, the dashboard tried to update the CLIProxy binary while
the bootstrap's instance was already executing it, causing ETXTBSY.
Now catches the error and throws a clear message instead of crashing.
2026-03-28 17:56:03 -04:00
Tam Nhu Tran a0f28f8807 fix(docker): register session lock from bootstrap for proxy discovery
Docker bootstrap spawns CLIProxy but never registered a session lock,
so the dashboard's fallback detection found nothing. Now registers on
spawn and unregisters on close.
2026-03-28 17:55:51 -04:00
Tam Nhu Tran d7a80ed38d fix(docker): use HTTP-first proxy detection in health checks
Health check used OS-level port detection (lsof/ss) which is
unavailable in minimal Alpine containers. Switched to the unified
detectRunningProxy() which tries HTTP first, then session lock,
then port-process as fallback.
2026-03-28 17:55:39 -04:00
github-actions[bot] 4536d1e5e3 chore(release): 7.61.1-dev.4 [skip ci] 2026-03-28 20:37:48 +00:00
Kai (Tam Nhu) TranandGitHub 119b08fa00 Merge pull request #833 from kaitranntt/kai/fix/832-docker-remote-deploy
fix(docker): remote env var syntax and build timeout
2026-03-28 16:36:16 -04:00
Tam Nhu Tran cbe93d4f76 test(docker): update executor tests for export syntax and build timeout
Align test assertions with the env var export pattern and the 5-minute
build timeout used by up and update operations.
2026-03-28 16:22:17 -04:00
Tam Nhu Tran 60167d3f2b fix(docker): use export for remote env vars and increase build timeout
Remote compose commands placed env vars directly before a compound
if/then statement which is invalid bash syntax. Changed to export
statements chained with &&.

Added REMOTE_DOCKER_BUILD_TIMEOUT_MS (5min) for up and update
operations that involve npm install inside the container. Quick
queries (status, config, down) keep the default 30s timeout.

Closes #832
2026-03-28 16:22:17 -04:00
github-actions[bot] 23fd673fee chore(release): 7.61.1-dev.3 [skip ci] 2026-03-28 20:12:53 +00:00
Kai (Tam Nhu) TranandGitHub c6bdf4d39c Merge pull request #827 from kaitranntt/kai/fix/websearch-hook-install-settings-profiles
fix(websearch): install hook for settings profiles
2026-03-28 16:11:14 -04:00
Tam Nhu Tran 836c485095 Merge remote-tracking branch 'origin/dev' into kai/fix/websearch-hook-install-settings-profiles 2026-03-28 15:47:22 -04:00
github-actions[bot] 2c52fe614f chore(release): 7.61.1-dev.2 [skip ci] 2026-03-28 19:41:27 +00:00
Kai (Tam Nhu) TranandGitHub d3f0acc59c Merge pull request #826 from kaitranntt/kai/fix/gemini-3-1-presets
fix(cliproxy): resolve gemini presets from live models
2026-03-28 15:39:56 -04:00
github-actions[bot] 27cd473c97 chore(release): 7.61.1-dev.1 [skip ci] 2026-03-28 19:36:55 +00:00