Commit Graph
424 Commits
Author SHA1 Message Date
Huynh Duc DungandClaude bd3be23355 feat: add Ollama provider support
Add support for Ollama as a provider in CCS, enabling users to use
local Ollama models (qwen3-coder, gpt-oss:20b, gpt-oss:120b) and
Ollama Cloud models (glm-4.7:cloud, qwen3-coder:480b).

Changes:
- Add base-ollama.settings.json for local Ollama (localhost:11434)
- Add base-ollama-cloud.settings.json for ollama.com cloud API
- Add 'ollama' and 'ollama-cloud' presets to provider-presets.ts
- Update help documentation in api-command.ts and help-command.ts

Usage:
  ccs api create --preset ollama          # Local Ollama
  ccs api create --preset ollama-cloud    # Ollama Cloud

Ref: https://github.com/kaitranntt/ccs/issues/353

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-22 16:59:23 +08:00
kaitranntt a019ed2cf8 fix(cliproxy): address PR review issues for backend selection
- Remove duplicate CLIProxyBackend type from platform-detector.ts (import from types.ts)
- Add warning for invalid --backend CLI value (was silently ignored)
- Show toast notification when backend change blocked by running proxy
- Migrate from deprecated CLIPROXY_FALLBACK_VERSION to getFallbackVersion()
- Add comprehensive JSDoc for backend API endpoints
2026-01-18 10:24:53 -05:00
kaitranntt 8ade4a6b26 feat(cliproxy): add backend selection for CLIProxyAPI vs CLIProxyAPIPlus
Add cliproxy.backend config field to choose between CLIProxyAPI (original)
and CLIProxyAPIPlus backends. Includes CLI --backend flag, Dashboard toggle,
and provider validation to block Kiro/ghcp on original backend.
2026-01-18 10:10:01 -05:00
kaitranntt 504b1b3974 fix: resolve CI test timing and merge conflict with dev
- Fix connection tracking test: wait for 'close' event instead of only
  checking socket.destroyed (more reliable in CI environments)
- Increase timeout from 500ms to 1000ms for CI latency
- Add proper socket cleanup after test
- Merge dev changes: add projectId parameter to registerAccount()
2026-01-15 13:39:16 -05:00
Kai (Tam Nhu) TranandGitHub 126b244b36 Merge pull request #338 from kaitranntt/kai/fix/pause-account-cliproxy-usage
fix(cliproxy): move token files when pausing/resuming accounts
2026-01-15 13:06:50 -05:00
kaitranntt a931bc9745 fix(cliproxy): show clear message for paused accounts in Live Monitor
- Check isAccountPaused() before readAuthData() in fetchAccountQuota()
- Return "Account is paused" instead of confusing "Auth file not found"
- Improves UX by explaining why quota fetch fails for paused accounts
2026-01-15 12:57:37 -05:00
kaitranntt 4d31128b63 fix(cliproxy): use sibling auth-paused/ dir to prevent token refresh loops
CLIProxyAPI's watcher uses filepath.Walk() which recursively scans
all subdirectories of auth/. Moving paused tokens to auth/paused/
subdirectory didn't hide them from CLIProxyAPI, causing token refresh
loops where paused tokens were immediately recreated.

Solution: Use auth-paused/ as a sibling directory instead of auth/paused/
subdirectory. This places paused tokens completely outside CLIProxyAPI's
scan path, preventing token discovery and refresh.

Path change:
- Before: ~/.ccs/cliproxy/auth/paused/
- After:  ~/.ccs/cliproxy/auth-paused/
2026-01-15 12:41:44 -05:00
kaitranntt d87a653195 fix(cliproxy): add try-catch for file operations in pause/resume
Address PR review feedback:
- Wrap fs.renameSync() in try-catch for pauseAccount/resumeAccount
- Wrap fs.mkdirSync() in try-catch for paused directory creation
- Add idempotent checks (skip if already paused/active)
- Rely on syncRegistryWithTokenFiles() for recovery on failure

Follows same error handling pattern as removeAccount().
2026-01-15 11:50:35 -05:00
kaitranntt bc02ecc94c fix(dashboard): harden projectId handling with edge case fixes
- Validate empty string projectId with typeof check and trim()
- Include projectId in registerAccount return value
- Update projectId when changed (not just when missing)
- Add aria-hidden/aria-label for accessibility
- Add max-width + truncate for long projectId overflow
2026-01-15 11:46:02 -05:00
kaitranntt 36367d49f0 fix(dashboard): update projectId for existing accounts during discovery
Previously, discoverExistingAccounts skipped existing token files
entirely, so accounts created before the projectId feature never
got their projectId populated from auth files.

Now when a token file is already registered, we still check if
projectId needs to be updated for agy accounts.
2026-01-15 11:22:40 -05:00
kaitranntt ed2ce138e4 feat(dashboard): add project_id display for Antigravity accounts
Display GCP project_id for Antigravity (agy) accounts in the Dashboard:

- Add projectId field to AccountInfo interface (account-manager.ts)
- Read project_id from auth files when discovering/registering accounts
- Pass projectId through token-manager when registering new accounts
- Add projectId to OAuthAccount type (api-client.ts)
- Add projectId to AccountRow type (auth-monitor/types.ts)
- Display project_id in account-item.tsx with FolderCode icon
- Show N/A warning with amber tooltip if project_id is missing
  suggesting user remove and re-add account to fetch it

Note: project_id is read-only and respects privacy mode blur.
2026-01-15 10:49:23 -05:00
kaitranntt 7b80dccdd3 fix(persist): add rate limiting, tests, and code quality improvements
- Add express-rate-limit to restore endpoint (5 req/min)
- Add JSDoc documentation to RestoreMutex class
- Extract magic numbers to named constants in BackupsSection
- Add unit tests for persist-routes.ts (23 tests)
- Add unit tests for BackupsSection component (28 tests)

Addresses PR #339 code review feedback.
2026-01-14 17:59:15 -05:00
kaitranntt eee62a46a2 docs: update minimax preset references to 'mm'
Align README and CLI help with actual preset ID.
2026-01-14 17:43:52 -05:00
kaitranntt 623a3146d7 fix(dashboard): resolve 6 critical security and UX edge cases
- TOCTOU symlink attack: use file descriptor for atomic read in persist-routes
- Non-atomic mutex: add RestoreMutex class with Promise queue pattern
- Restore confirmation: add AlertDialog before destructive backup restore
- Sensitive data exposure: sanitize auth_token/management_key in debug console
- Chunk retry: add lazyWithRetry wrapper with exponential backoff (3 retries)
- URL tab case sensitivity: normalize tab param with toLowerCase()
2026-01-14 16:47:11 -05:00
kaitranntt 9d2442f9fa fix(cliproxy): move token files when pausing/resuming accounts
Pausing an account now physically moves the token file to auth/paused/
subdirectory, preventing CLIProxyAPI from discovering and using it.
Resume moves the file back to auth/ directory.

Changes:
- Add getPausedDir() helper for paused tokens location
- Update pauseAccount() to move token to paused/ subdir
- Update resumeAccount() to move token back to auth/
- Update syncRegistryWithTokenFiles() to check both directories
- Update removeAccount() to clean up from both directories
- Update getAccountTokenPath() to return correct path based on state

Fixes #337
2026-01-14 16:01:56 -05:00
kaitranntt 2e45447bb7 fix(dashboard): resolve edge cases in backup restore and settings UI
Backend:
- Add atomic restore with mutex to prevent concurrent corruption
- Implement rollback on failure for backup restore
- Add symlink security validation

Frontend:
- Add 'backups' tab to URL validation in settings hook
- Add error boundary for lazy-loaded settings sections
- Clamp progress bar values to prevent visual bugs
- Add AbortController cleanup to prevent memory leaks
- Fix misleading debug mode description and add actual console logging
2026-01-14 15:42:12 -05:00
kaitranntt bd5e9d2b78 feat(dashboard): implement full parity UX improvements
- Remove 'agy' hardcode from quota hook (multi-provider support)
- Add quota N/A badge with AlertCircle icon for fetch failures
- Add new 'backups' tab to Settings page with Archive icon
- Create BackupsSection component with list/restore UI
- Add persist backend routes (GET /api/persist/backups, POST /api/persist/restore)
- Add debug mode toggle in Settings proxy section (localStorage persisted)

Closes documentation gap for persist command dashboard parity.
2026-01-14 13:52:54 -05:00
Sergey GaluzaandOnSteroids e055890e16 fix: address PR #4 review - HTTPS tests and timeout handling
- Fix timeout test to use HTTPS server (tunnel uses https.request)
- Fix timeout event handling - call reject directly instead of relying on destroy error event
- Fix misleading comment in remote-token-uploader (Authorization header, not X-Management-Key)
- Remove unused imports in test files

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>
2026-01-14 18:06:58 +01:00
Sergey GaluzaandOnSteroids c3bfa34703 fix: address PR #4 review suggestions
- Fix race condition in start() using Promise instead of boolean flag
- Document that tunnel intentionally doesn't limit response sizes (streaming)
- Improve token upload failure visibility with actionable user message

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>
2026-01-14 18:06:58 +01:00
9e9cbd4858 feat(cliproxy): add HTTPS tunnel for remote proxy mode (#1)
* feat(cliproxy): add HTTPS tunnel for remote proxy mode

Claude Code doesn't support HTTPS in ANTHROPIC_BASE_URL directly (undici
limitation). This adds an HTTP→HTTPS tunnel proxy for remote CLIProxyAPI
connections.

Changes:
- Add HttpsTunnelProxy: local HTTP server tunneling to remote HTTPS
- Add CodexReasoningProxy HTTPS support and path prefix stripping
- Remote mode now uses root paths (/v1/messages) not provider-prefixed
- Add remote token uploader for syncing OAuth tokens to remote server
- Auto-upload tokens after OAuth auth when remote mode is enabled

Flow for remote HTTPS:
  Claude CLI → CodexReasoningProxy → HttpsTunnel → Remote HTTPS

Built with [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: address PR review issues for HTTPS tunnel proxy

- Add connection tracking with activeConnections Set for proper cleanup
- Add port validation after start() to reject port 0
- Add Authorization header fallback injection in buildForwardHeaders()
- Handle client disconnect (premature close) and request errors
- Improve error handling in uploadTokenToRemoteAsync (log instead of silent catch)
- Add comprehensive tests for HttpsTunnelProxy (97% coverage)
- Add integration tests for remote-token-uploader
- Add stripPathPrefix unit tests for remote mode

Built with [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: bump Node.js engine requirement to >=18.0.0

FormData and Blob APIs used in remote-token-uploader require Node.js 18+.
Addresses coderabbit review comment about Node.js engine compatibility.

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: address remaining PR suggestions

- Add verbose parameter to registerAccountFromToken for proper propagation
- Improve stripPathPrefix with path normalization (double slashes, leading slash)
- Add edge case tests for path normalization

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: add timeout to flaky npm CLI tests

Tests 'handles empty arguments gracefully' and 'handles very long argument'
were missing timeout option in execSync, causing occasional timeouts when
bun test's 5000ms limit was reached before CLI completed.

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

* fix: address new PR review feedback

- Add path segment boundary check to prevent partial matches (/codex vs /codextra)
- Add hostname validation in HttpsTunnelProxy constructor
- Add race condition protection with 'starting' flag in start()
- Sanitize error messages (detailed only in verbose mode)
- Update comments for clarity (regex behavior)
- Add comprehensive tests for all edge cases

Built [OnSteroids](https://onsteroids.ai)

Co-Authored-By: OnSteroids <built@onsteroids.ai>

---------

Co-authored-by: OnSteroids <built@onsteroids.ai>
2026-01-14 18:05:49 +01:00
Kai (Tam Nhu) TranandGitHub cc83b596fb Merge pull request #331 from kaitranntt/fix/quota-fix
fix(cliproxy): return null for unknown quota, add verbose diagnostics
2026-01-14 11:38:31 -05:00
kaitranntt 04c9b087ca fix(cliproxy): address PR review feedback
- Pass verbose flag through fetchQuotaWithDedup to fetchAccountQuota
- Change verbose logging from console.log to console.error (stderr)
- Keep quotaPercent optional (semantically correct for cases without quota)
2026-01-14 10:49:47 -05:00
kaitranntt 1ac19415ce fix(cliproxy): return null for unknown quota, add verbose diagnostics
- Change calculateAverageQuota() to return null instead of 100 when no model data
- Update callers to use null coalescing (?? 0) for health check thresholds
- Display "N/A (fetch unavailable)" for null quota values
- Add --verbose flag to quota-related functions for troubleshooting
- Add debug logging: token refresh status, API response, errors
2026-01-14 10:19:27 -05:00
Kai (Tam Nhu) TranandGitHub 397331ec89 fix(persist): harden security and edge case handling (#328)
Security fixes:
- Add fs.chmodSync(backupPath, 0o600) after backup creation
- Add symlink detection (isSymlink helper) before all file operations
- Reject symlinks in write, backup, and restore operations

Edge case fixes:
- Handle empty settings.json (0 bytes) gracefully
- Validate parsed JSON is object type (not array/primitive)
- Validate backup JSON integrity before restore
- Show backup path guidance on write failure
- Validate existing env is object before spread

Maintenance:
- Add backup rotation (keep last 10, MAX_BACKUPS constant)
- Add cleanupOldBackups() function

Addresses security findings from PR #312 code review.
2026-01-14 10:06:44 -05:00
Leynier Gutiérrez Gonzálezandkaitranntt ef7e595b6f feat(persist): add --list-backups and --restore options for backup management
Add backup management functionality to the persist command:
- List available backups with timestamps and dates
- Restore from most recent or specific backup
- Improved error handling for corrupted settings.json
- Updated CLAUDE.md to document the persist command and the exception to the non-invasive constraint
2026-01-14 09:27:48 -05:00
kaitranntt a3a167e62a fix(auth): add security hardening per code review
- Add timing-safe username comparison to prevent timing attacks
- Regenerate session on login to prevent session fixation
- Add warning log when session secret persistence fails
2026-01-13 16:23:10 -05:00
kaitranntt 39c1ee2ca0 feat(config): add ccs config auth CLI subcommand
Interactive CLI for managing dashboard authentication:
- ccs config auth setup: Interactive wizard with bcrypt password hashing
- ccs config auth show: Display current auth status and ENV overrides
- ccs config auth disable: Disable auth with confirmation

Follows modular facade pattern from auth-commands.ts.
Uses InteractivePrompt for masked password input.
Includes local documentation at docs/dashboard-auth-cli.md.

Related: #319
2026-01-13 15:13:10 -05:00
kaitranntt 37e3468d4d fix(auth): move redirect to useEffect and validate bcrypt hash format
- Fix React side effect: move navigate() to useEffect in LoginPage
- Remove misplaced express-rate-limit from ui/package.json
- Add bcrypt hash format validation before bcrypt.compare
2026-01-13 14:43:55 -05:00
kaitranntt 759d43c8f7 Merge remote-tracking branch 'origin/dev' into feat/login-auth 2026-01-13 14:31:01 -05:00
kaitranntt 464b410e8b feat(dashboard): add optional login authentication (#319)
Add session-based username/password auth for CCS dashboard:
- Backend: Express session middleware with bcrypt password verification
- Frontend: React AuthContext, login page, protected routes
- Config: dashboard_auth section in config.yaml + env var overrides
- Security: Rate limiting (5 attempts/15min), persistent session secret
- 16 unit tests for auth middleware

Auth disabled by default for backward compatibility.
2026-01-13 13:27:38 -05:00
kaitranntt 22c7d4a20d feat(doctor): add --help flag with comprehensive command documentation
- Add showHelp() with usage, options, checks, examples, exit codes
- Update handleDoctorCommand to accept args array instead of boolean
- Update ccs.ts to pass restArgs to doctor command
- Add doctor to CLAUDE.md Help Location Reference table
2026-01-13 11:43:27 -05:00
kaitranntt 0075248273 fix(delegation): only check profiles defined in config.yaml
Previously getReadyProfiles() scanned all *.settings.json files,
including orphan files (ghcp, kiro) not in config.yaml.

Now reads from config.yaml:
- profiles section (excluding 'default')
- cliproxy.providers section

Fixes doctor showing 11 profiles instead of configured 9.
2026-01-09 01:13:51 -05:00
kaitranntt f88ad8e781 fix(doctor): use dynamic profile discovery for delegation check
Replace hardcoded ['glm', 'kimi'] list with DelegationValidator.getReadyProfiles()
to detect all configured *.settings.json profiles including mm, or1, g7, etc.
2026-01-09 00:18:35 -05:00
kaitranntt 0abd021d25 fix(cliproxy): remove stable version cap, only v81-88 are faulty
- Set CLIPROXY_MAX_STABLE_VERSION to 9.9.999-0 (effectively no cap)
- v89+ are all stable, no longer show experimental warning
- Only v81-88 remain marked as faulty with known bugs
- Simplified lifecycle.ts to remove redundant experimental warning
2026-01-08 10:49:37 -05:00
Kai (Tam Nhu) TranandGitHub 71a0f9e91a Merge pull request #301 from oscarlehuu/feat/codex-reasoning-effort
Codex: inject OpenAI reasoning.effort per tier
2026-01-08 09:42:35 -06:00
kaitranntt 87cfcc5b3c fix(codex-proxy): security hardening and edge case fixes
- Fix path traversal in trace() via safe dir validation
- Add RFC 7230 hop-by-hop header filtering
- Fix isRecord() to exclude arrays
- Add req.destroy() on oversized body rejection
- Add missing ANTHROPIC_BASE_URL warning for Codex
- Use cwd() fallback when HOME undefined
- Add 4 edge case unit tests
2026-01-08 09:15:42 -05:00
Kai (Tam Nhu) TranandGitHub 6e0bf7cb1b fix(cliproxy): update version range and add persistent AI review logging (#303)
* fix(ci): add persistent logging and remove turn/diff limits for AI review (#298)

- Remove --max-turns limit (unlimited exploration)
- Remove head -8000 diff limit (full diff)
- Add persistent logging to /opt/actions-runner/logs/ai-review/
- Save prompt, stdout, stderr, timing, metadata as separate files
- Add structured metadata.json with run details
- Separate stdout/stderr capture for better debugging
- Include debug info in failure comments (exit code, duration, log path)
- Retry without tool restrictions if first attempt fails

* fix(cliproxy): correct faulty version range to v81-85 and set v89 as stable (#302)

PR #289 incorrectly marked all v81+ as faulty. v89 confirmed stable.
- CLIPROXY_MAX_STABLE_VERSION: 6.6.80-0 → 6.6.89-0
- CLIPROXY_FAULTY_RANGE max: 6.6.999-0 → 6.6.85-0
2026-01-08 09:15:34 -05:00
oscarlehuu 204eea00ce feat(codex): inject OpenAI reasoning.effort per tier 2026-01-08 16:02:02 +10:30
Kai (Tam Nhu) TranGitHubgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>
b6d65209cd feat(ci): add workflow_dispatch for AI review (#291)
* feat(ci): add AI code review workflow with Claude via CLIProxyAPI

- Self-hosted runner calls CLIProxyAPI at localhost:8317
- Triggers on PR open/update and /review comment
- Uses gemini-claude-opus-4-5-thinking for deep reviews
- Posts summary + inline comments via gh CLI
- Handles self-PR fallback to COMMENT mode

* chore(release): 7.15.0-dev.1 [skip ci]

* refactor(ci): use GitHub App for reviewer identity + new review format

- Posts as ccs-agy-reviewer[bot] via GitHub App token
- New review format: structured markdown with verdict, summary, issues table
- Single PR comment instead of inline comments
- Concise, focused on PR changes only

* chore(release): 7.15.0-dev.2 [skip ci]

* refactor(ci): switch to Claude Code CLI for reviews

- Use claude -p instead of custom TypeScript script
- Auto-install if not present on runner
- CLIProxyAPI via env vars (ANTHROPIC_BASE_URL, ANTHROPIC_MODEL)
- Allowed tools: Read, Glob, Grep
- Max 3 turns for file exploration

* chore(release): 7.15.0-dev.3 [skip ci]

* chore(release): 7.15.0-dev.4 [skip ci]

* feat(ci): add workflow_dispatch for manual review trigger

* chore(release): 7.15.0-dev.5 [skip ci]

* refactor(cliproxy): add faulty version range infrastructure (#289)

* refactor(cliproxy): add faulty version range infrastructure

- Add CLIPROXY_FAULTY_RANGE constant for marking known buggy versions
- Add isVersionFaulty() helper to version-checker.ts
- Update lifecycle.ts to warn users on faulty versions with upgrade suggestion
- Update health checks to distinguish faulty vs experimental versions
- Update stats routes to include faultyRange in API response
- Skip faulty versions when calculating latestStable

Infrastructure ready for future version promotions. Currently:
- v80 and below: stable
- v81+: marked as faulty (context cancellation bugs)

* chore: trigger review

* chore: re-trigger review

* chore: test PR trigger

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-01-07 02:25:49 -08:00
kaitranntt 4b7328b388 docs(cli): add cliproxy pause/resume/status to --help
Add new quota management subcommands to help output:
- ccs cliproxy pause <provider> <account>
- ccs cliproxy resume <provider> <account>
- ccs cliproxy status [provider]
2026-01-06 17:12:02 -05:00
kaitranntt db071e2ff2 refactor(quota): simplify AccountTier to free|paid|unknown
- consolidate 'pro'/'ultra' into single 'paid' tier (no distinction needed)
- update mapTierString() and inferTierFromModels() in quota-fetcher.ts
- fix tier_priority default from ['ultra','pro'] to ['paid']
- add missing quota_management to mergeWithDefaults() in config-loader
- update UI tier badge styling for 'paid' tier
- update api-client.ts tier type definition
2026-01-06 16:53:21 -05:00
kaitranntt 75b327c5c8 chore: merge dev - resolve conflict in account-manager.ts 2026-01-06 14:59:14 -05:00
kaitranntt a5f1472047 fix(quota): handle 'standard-tier' as free in tier mapping
API returns 'standard-tier' ID for free accounts, not 'FREE'.
Updated mapTierString() to recognize 'standard' substring.
2026-01-06 14:55:36 -05:00
kaitranntt aad0d44069 fix(quota): use API tier detection instead of model-based heuristics
Tier detection now uses paidTier/currentTier from loadCodeAssist API
response instead of inferring from model names. This is the correct
approach - all Antigravity accounts have access to same models
regardless of tier.

- Add TierInfo interface and tier fields to LoadCodeAssistResponse
- Add mapTierString() helper for API → AccountTier conversion
- Update getProjectId() to extract and return tier
- Update fetchAccountQuota() to use API tier
- Remove flawed detectTier() function
2026-01-06 14:41:25 -05:00
kaitranntt 0af185f6a0 fix(quota): correct tier detection - remove 2.5-pro from ultra indicators
2.5-pro is a standard pro-tier model, not ultra. This caused all accounts
with gemini-2.5-pro access to incorrectly display ULTRA badge.

Tier will be re-detected on next quota fetch for existing accounts.
2026-01-06 14:32:20 -05:00
Kai (Tam Nhu) TranandGitHub 206644eac0 Merge pull request #284 from kaitranntt/fix/kiro-nickname-accountid
fix(cliproxy): use nickname as accountId for kiro/ghcp providers
2026-01-06 11:19:53 -08:00
kaitranntt 107e2813f9 fix(cliproxy): prevent race in promptNickname close handler 2026-01-06 13:52:14 -05:00
kaitranntt a32fdc8cfb fix(quota): address edge cases from code review
- Add isPausingAccount disabled state to pause/resume dropdown (#30)
- Add rapid click prevention guard in cliproxy.tsx (#31)
- Add request deduplication via pendingFetches Map in quota-manager (#8)
- Add JSON parse error handler middleware in web-server (#26)
2026-01-06 13:05:45 -05:00
kaitranntt 5970e70e26 fix(cliproxy): harden nickname validation and race condition handling
- Trim nickname in API route for consistency with CLI
- Block URL-unsafe chars (%, /, &, ?, #) in nickname
- Block reserved patterns (kiro-N, ghcp-N) used by auto-discovery
- Add reload-merge pattern in discovery to reduce race condition
2026-01-06 13:00:50 -05:00
kaitranntt c13003d940 feat(api): add pause/resume account endpoints
- POST /api/cliproxy/auth/:provider/accounts/:accountId/pause

- POST /api/cliproxy/auth/:provider/accounts/:accountId/resume

Refs #282
2026-01-06 12:17:55 -05:00