Commit Graph
296 Commits
Author SHA1 Message Date
kaitranntt c4f09168ff feat(cliproxy): add customizable auth token manager
- Add CLIProxyAuthConfig type with api_key and management_secret fields
- Implement auth-token-manager.ts with inheritance chain:
  variant auth → global auth → default constants
- Add secure token generation using crypto.randomBytes (256-bit entropy)
- Export auth functions from cliproxy barrel (index.ts)
- Bump UNIFIED_CONFIG_VERSION to 6
2025-12-25 14:35:43 -05:00
Kai (Tam Nhu) TranandGitHub 459d730029 Merge pull request #184 from kaitranntt/kai/feat/variant-port-isolation
feat(cliproxy): add variant port isolation
2025-12-25 05:19:06 -05:00
kaitranntt e38af6ad6e fix(ui): initialize colors early for consistent status output
Call initUI() at the start of main() to ensure chalk is loaded
before any status messages. Previously, colors only worked when
an update notification was displayed because showUpdateNotification()
was the only place calling initUI().

Fixes #201
2025-12-25 04:53:32 -05:00
kaitranntt 2b4d21e8ae fix(cliproxy): preserve user API keys during config regeneration
When CCS updates trigger CLIProxy config regeneration, user-added API
keys in ~/.ccs/cliproxy/config.yaml were being overwritten with only
the internal CCS key.

Changes:
- Add parseUserApiKeys() to extract user keys from existing config
- Modify regenerateConfig() to preserve user API keys alongside port
- Update generateUnifiedConfigContent() to accept userApiKeys param
- Add comprehensive test suite (14 tests) for key preservation

Fixes #200
2025-12-24 22:12:09 -05:00
Kai (Tam Nhu) TranandGitHub b52e6d69d6 Merge pull request #193 from kaitranntt/kai/fix/kiro-incognito
fix(kiro): add --no-incognito option for normal browser auth
2025-12-24 21:59:19 -05:00
kaitranntt f2a4200625 fix(core): address all code review issues from PR #199
Critical fixes:
- CRIT-1: Fix placeholder detection case sensitivity in api-key-validator
- CRIT-2: Add TOCTOU protection via loadMigrationCheckData() for atomic config reads
- CRIT-3: Restore fs.existsSync mock in profile-detector tests

High priority fixes:
- H1-H3: API validator HTTP/HTTPS support, timeout abort, debug log
- H4-H6: OAuth explicit flow type, signal handling, TTY detection
- H7-H8: Profile collision warning, config-first save order
- H9-H11: expandPath consistency, preset sync CLI/UI
2025-12-24 20:18:57 -05:00
Kai (Tam Nhu) TranandGitHub 080ad11804 Merge pull request #197 from kaitranntt/fix/glm-auth-persistence
fix(profiles): prevent GLM auth regression from first-time install detection
2025-12-24 18:48:40 -05:00
kaitranntt 92a79aa78b test(auth): add comprehensive tests for GLM auth persistence fix
Add 26 new unit tests covering:
- isFirstTimeInstall() legacy config detection (8 tests)
- loadSettingsFromFile() path expansion (5 tests)
- ProfileDetector detectProfileType() (4 tests)
- expandPath() cross-platform handling (10 tests)

Test coverage for issue #195:
- Legacy config.json/profiles.json detection
- Tilde expansion to home directory
- Environment variable expansion (${VAR}, $VAR, %VAR%)
- Mixed path separator normalization
- Corrupted config graceful handling

Files:
- tests/unit/commands/setup-command.test.ts
- tests/unit/auth/profile-detector.test.ts
- tests/unit/utils/expand-path.test.ts
2025-12-24 18:33:52 -05:00
kaitranntt e7066b9997 feat(api): add Minimax, DeepSeek, Qwen provider presets
Add three new Anthropic-compatible API providers as presets:
- Minimax: M2.1/M2.1-lightning/M2 models with 1M context
- DeepSeek: V3.2 and R1 reasoning model (128K context)
- Qwen: Alibaba Cloud qwen3-coder-plus (256K context)

Closes #123
2025-12-24 18:32:07 -05:00
kaitranntt adb6222bc6 refactor(paths): use expandPath() consistently for cross-platform path handling
- variant-settings.ts: Use expandPath() in deleteSettingsFile()
- profile-writer.ts: Use expandPath() in removeApiProfileUnified()
- migration-manager.ts: Remove local expandPath(), import from helpers

All path expansion now uses the central expandPath() from utils/helpers.ts
which handles ~, ~\, ${VAR}, $VAR, and %VAR% on all platforms.
2025-12-24 18:19:47 -05:00
kaitranntt cc2d62db38 fix(profiles): prevent GLM auth regression from first-time install detection
- Check legacy config.json/profiles.json in isFirstTimeInstall()
- Use expandPath() for cross-platform path handling in profile-detector
- Add pre-flight API key validation for better error messages
- Enhance 401 error handling with Z.AI refresh guidance

Fixes #195
2025-12-24 18:09:09 -05:00
kaitranntt df0c94781e feat(kiro): improve auth UX with normal browser default and URL display
- Change default to noIncognito=true (normal browser) for reliability
- Always print OAuth URL to terminal for VS Code popup detection
- Move incognito toggle from Proxy settings to Kiro provider page
- Add --incognito flag to opt into incognito mode (was --no-incognito)
- Update help text to reflect new defaults
2025-12-24 06:17:17 -05:00
kaitranntt 083e67426c feat(kiro): add UI toggle and auth hint for --no-incognito option
- Add "Kiro: Use normal browser" toggle in config dashboard (Proxy section)
- Add --no-incognito documentation to ccs --help output
- Show hint after successful Kiro auth about saving AWS credentials
2025-12-24 05:26:02 -05:00
kaitranntt 13e4baca22 fix(kiro): add --no-incognito option for normal browser auth
Kiro OAuth always opens in incognito browser mode, which doesn't save
login credentials. Users need to re-enter email each authentication.

Changes:
- Add noIncognito option to OAuthOptions interface
- Add kiro_no_incognito config option to CLIProxyConfig
- Pass --no-incognito flag to CLIProxyAPI binary when enabled
- Support both CLI flag (--no-incognito) and config.yaml setting

Usage:
- CLI: ccs kiro --auth --no-incognito
- Config: cliproxy.kiro_no_incognito: true in config.yaml
2025-12-24 05:02:33 -05:00
kaitranntt 0bcaf4bc68 feat(cliproxy): add variant port isolation for concurrent proxy instances
Enables running multiple CLIProxy variants simultaneously on different
ports. Each variant now gets a unique port in the 18100-18199 range,
allowing concurrent use of providers like Gemini + Codex + custom variants.

Key changes:
- Add port field to variant config schema
- Implement automatic port allocation (18100 + variant index)
- Support variant-specific settings paths in config generator
- Display port in dashboard UI for debugging
- Show all models in variant editor dropdown
- Add comprehensive tests for port allocation edge cases

Closes related variant isolation work.
2025-12-24 04:15:04 -05:00
kaitranntt c811fdfc79 fix(qwen): inherit stdin for Device Code flows to enable interactive prompts
Device Code flows (Qwen, GHCP) may require interactive terminal input
before generating the device code. For example, Qwen prompts for email.

Previously, all auth processes used piped stdin which blocked user input.
Now Device Code flows use 'inherit' for stdin, allowing users to respond
to prompts directly in the terminal.

Authorization Code flows (Gemini, Codex) still use piped stdin for
programmatic project selection.

Closes #188
2025-12-24 04:04:22 -05:00
kaitranntt a99b6eb93f fix(cliproxy): respect enabled:false and use protocol-based port defaults
- Fix port default logic: HTTP→8317, HTTPS→443 (was always 8317)
- Fix enabled:false being ignored in proxy config resolution
- Update stale comments referencing HTTP:80 to HTTP:8317
- Add 9 unit tests for edge cases (enabled handling, port defaults)
2025-12-24 03:36:48 -05:00
kaitranntt 5de6cccee0 refactor(ghcp): remove unused device code session management
- Remove unused functions: registerDeviceCode, completeDeviceCode,
  failDeviceCode, getActiveDeviceCode, hasActiveDeviceCode,
  getAllActiveDeviceCodes, ActiveSession interface, activeSessions Map
- Reduce device-code-handler.ts from 168 to 33 lines (YAGNI)
- Add ARIA labels to copy button for accessibility
- Fix timer to stop at 0 seconds instead of continuing negative
- Add "(Code expired)" visual indicator with destructive styling
- Change void sessionId to data-session-id attribute for debugging

Code review findings applied. Gemini OAuth unaffected (uses separate
project-selection-handler.ts with Authorization Code Flow).
2025-12-24 03:15:57 -05:00
kaitranntt 46f1699b1c fix(ghcp): display device code during OAuth device code flow
When authenticating with GitHub Copilot using device code flow,
the user code was not being displayed. This fix:

- Parses device codes from CLIProxy output in oauth-process.ts
- Displays code prominently in CLI terminal with box formatting
- Broadcasts device code events via WebSocket for UI display
- Creates DeviceCodeDialog component for web UI (ccs config)
- Follows same pattern as Gemini project selection dialog

Closes #189
2025-12-24 03:02:36 -05:00
kaitranntt ca78993e76 fix(config): improve edge case handling for config initialization
- setup-command.ts: Add Ctrl+C handling (UserCancelledError), port
  validation (1-65535), protocol stripping from host, try-catch with
  user-friendly error messages
- postinstall.js: Add ~/.ccs file check (not directory), wrap js-yaml
  require in try-catch with JSON fallback, validate config.json before
  migration, warn when both config files exist
- recovery-manager.ts: Verify config is loadable (not just exists),
  add nested error handling for fallback write
- ccs.ts: Make first-time install hint independent of recovery status
  (shows even when user manually created empty config.yaml)

All edge cases identified by code review addressed.
2025-12-23 22:34:32 -05:00
kaitranntt b34469d75f refactor(config): migrate to config.yaml as primary format
- Update postinstall.js to create config.yaml instead of config.json
- Update recovery-manager to create config.yaml as primary config
- Fix isFirstTimeInstall() to check for meaningful config content
  (profiles, accounts, variants, oauth_accounts, remote proxy)
- Update validation to accept config.yaml OR config.json
- Preserve backward compatibility: legacy config.json is migrated
  to config.yaml on first run via autoMigrate()
- Update postinstall tests to verify config.yaml creation

Fixes #142 - remote CLIProxyAPI configuration
2025-12-23 21:54:55 -05:00
kaitranntt cec616d530 feat(setup): add first-time setup wizard for config initialization
Addresses Issue #142 - remote CLIProxyAPI configuration for Docker/server deployments.

Changes:
- Add `ccs setup` command with interactive wizard
- Support local vs remote CLIProxy mode selection
- Guide users through remote proxy config (host, port, auth token)
- Auto-detect first-time install and suggest setup wizard
- Update help command to include setup

Scenarios covered:
1. New users - wizard guides through local/remote/skip choice
2. Remote proxy users - configure host/port/protocol/auth_token
3. Local users - default auto-start behavior
4. Skip CLIProxy - only API profiles or Claude accounts
2025-12-23 21:28:38 -05:00
kaitranntt e981c391a2 feat(cli): add config command hints to help and error messages
Enhance discoverability of the 'ccs config' command by adding hints to
the help menu, post-update/doctor messages, and relevant error states.
2025-12-23 00:55:17 -05:00
kaitranntt 91cd9ffc16 fix(ui): use UI color system for consistent CLI indicators 2025-12-22 19:41:05 -05:00
kaitranntt c2dd0261b7 refactor(cliproxy): enhance binary downloader with robust error handling
- Add categorized error detection for socket, timeout, HTTP, and redirect errors
- Implement smarter exponential backoff (longer delays for socket errors)
- Increase max retries from 3 to 5 with dynamic timeout adjustment
- Add resource cleanup (disable connection pooling for clean process exit)
- Add user-friendly error messages for each error type
- Refactor fetchText/fetchJson with retry logic and proper error handling
- Set 120s timeout for large binary downloads, 15-30s for text/JSON
- Prevent double-resolution and race conditions in Promise handlers
2025-12-22 18:22:32 -05:00
kaitranntt a827b73eef feat(glm): add GLM 4.7 model support
- Update default GLM/GLMT model from glm-4.6 to glm-4.7
- Add glm-4.7 pricing entry
- Sync UI presets with CLI changes

Closes #179
2025-12-22 16:13:19 -05:00
kaitrannttandMinhOmega 31bafaab8d feat(api): add Azure Foundry preset
Add Microsoft Azure AI Foundry as a provider preset for `ccs api create`.

Usage: `ccs api create --preset foundry`

This is a cleaner implementation than the postinstall-based approach,
leveraging the existing preset system.

Co-authored-by: MinhOmega <49482201+MinhOmega@users.noreply.github.com>
2025-12-22 15:34:27 -05:00
kaitranntt 8c8a15f1e1 docs(cli): add ccs kiro and ccs ghcp to help text
- add 'ccs kiro' entry for AWS CodeWhisperer

- add 'ccs ghcp' entry for GitHub Copilot OAuth

- clarify ccs copilot is for copilot-api integration
2025-12-22 00:46:01 -05:00
kaitranntt d04bcc117f feat(config): add kiro and ghcp to unified config and auth routes
- extend CLIProxyVariantConfig provider type

- update createEmptyUnifiedConfig providers array

- add kiro and ghcp to validProviders in auth routes
2025-12-22 00:45:38 -05:00
kaitranntt 49bc0a44cc feat(cliproxy): add kiro and ghcp to OAuth diagnostics and account manager
- add OAUTH_CALLBACK_PORTS: kiro=9876, ghcp=null (device code)

- add OAUTH_FLOW_TYPES for both providers

- update getAllAccountsSummary providers array
2025-12-22 00:45:13 -05:00
kaitranntt fae1ee2b31 feat(cliproxy): add ghcp settings and update variant adapter
- rename base-copilot.settings.json to base-ghcp.settings.json

- add kiro and ghcp to variant adapter providers list

- update provider display names in config generator
2025-12-22 00:44:52 -05:00
kaitranntt a01abe181b feat(cliproxy): add kiro and ghcp OAuth configurations
- add OAUTH_CONFIGS entries for kiro (authorization_code) and ghcp (device_code)

- update getAllAuthStatus providers array
2025-12-22 00:44:26 -05:00
kaitranntt 036714c774 feat(cliproxy): add kiro and ghcp providers to CLIProxyProvider type
- extend CLIProxyProvider union with 'kiro' and 'ghcp'

- add both to CLIPROXY_PROFILES array
2025-12-22 00:44:03 -05:00
kaitranntt af92bc30bf refactor: complete CLIProxy Plus branding across CLI and UI
CLI changes:
- platform-commands.ts: Update taskkill/pkill to use cli-proxy-api-plus binary name
- help-command.ts: Fix binary path display to show cli-proxy-api-plus
- oauth-process.ts: Update auth error message
- binary-manager.ts: Update removal message
- cliproxy-executor.ts: Update startup failure messages
- cliproxy-command.ts: Update variant creation messages
- service-manager.ts: Update startup error message
- cliproxy-stats-routes.ts: Update all API error messages

UI changes:
- proxy/index.tsx: Update connection mode descriptions
- cliproxy-stats-overview.tsx: Update metrics description
- model-preferences-grid.tsx: Update models description
2025-12-21 23:17:04 -05:00
kaitranntt 4829902826 fix: update download URLs and binary names for CLIProxyAPIPlus
- Change binaryName from CLIProxyAPI_ to CLIProxyAPIPlus_ prefix
- Update download URL to use CLIProxyAPIPlus repository
- Update checksums URL to use CLIProxyAPIPlus repository
- Change executable name from cli-proxy-api to cli-proxy-api-plus
- Update User-Agent header to CCS-CLIProxyPlus-Updater
- Update status messages to say "CLIProxy Plus"

Fixes HTTP 404 error when running `ccs cliproxy --latest`
2025-12-21 23:09:41 -05:00
kaitranntt 670993d364 refactor: rename CLIProxyAPI to CLIProxy Plus across UI and CLI
- Update cliproxy-command.ts status output and install messages
- Update help-command.ts with Plus branding and new kiro/copilot providers
- Update doctor.ts header to show CLIPROXY PLUS
- Update cliproxy-check.ts binary check output
- Update proxy-status-widget.tsx label to CLIProxy Plus
- Point release URLs to CLIProxyAPIPlus repository
2025-12-21 22:57:03 -05:00
kaitranntt b15ff7f235 feat(config): add base settings for Kiro and Copilot providers
- Add base-kiro.settings.json with default Kiro models
- Add base-copilot.settings.json with default Copilot models
- Update config-generator for new provider sections
- Extend CLIProxyProvider type with kiro and copilot
2025-12-21 22:26:32 -05:00
kaitranntt 2b441f6498 feat(auth): add Kiro and GitHub Copilot OAuth providers
- Add kiro (port 8329) and copilot (port 8330) to auth-types
- Implement OAuth flows in oauth-handler
- Update token-manager to include new providers
- Add new providers to CLIPROXY_PROFILES
- Update diagnostics and API routes for new providers
2025-12-21 22:26:11 -05:00
kaitranntt 6f8587db68 feat(cliproxy): migrate from CLIProxyAPI to CLIProxyAPIPlus
- Update GitHub repo URL to router-for-me/CLIProxyAPIPlus
- Handle new release naming pattern (v6.6.X-0 suffix)
- Add version comparison support for Plus releases
2025-12-21 22:25:48 -05:00
kaitranntt 28c62625b3 fix(cliproxy): merge dev with proper remote mode integration
Resolve conflicts in cliproxy-auth-routes.ts by combining:
- Dev's improved error handling with try-catch patterns
- Branch's remote mode routing logic

All 638 tests pass.
2025-12-21 19:21:29 -05:00
kaitranntt 3ed961fce9 fix(api): complete error handling and add missing endpoints
- Add try-catch to all route handlers in settings, variant, config routes
- Implement 5 missing endpoints in cliproxy-stats-routes:
  - GET/PUT /config.yaml for YAML config management
  - GET /auth-files to list auth directory files
  - GET /auth-files/download for file download
  - PUT /models/:provider to update model settings
- All handlers now return proper error messages on failure
2025-12-21 18:18:46 -05:00
kaitranntt 85b0f17110 fix(api): add try-catch error handling to route handlers
- Add try-catch to cliproxy-auth-routes GET /
- Add try-catch to health-routes GET / and POST /fix/:checkId
- Add try-catch to config-routes GET /format and POST /migrate
- Improve error messages with specific context
- All handlers now return 500 with error message on failure
2025-12-21 18:03:37 -05:00
kaitranntt 557926ffe3 fix(api): resolve route path mismatches
- Add /usage alias for /cliproxy/stats (frontend compatibility)
- Create account-routes.ts to fix /accounts/accounts double path
- Update index.ts to mount accountRoutes at /accounts
- Remove account code from profile-routes.ts
- Clean up unused imports in profile-routes.ts
2025-12-21 18:03:15 -05:00
kaitranntt 4ee3100622 fix(cliproxy): respect user model settings in remote proxy mode
getRemoteEnvVars was ignoring user settings and always loading
models from base config. Now follows same priority as local mode:
1. Custom settings path (variant configs)
2. User settings file (~/.ccs/{provider}.settings.json)
3. Base config defaults

This fixes the issue where selecting Opus 4.5 in UI resulted in
Gemini 3 preview being loaded when using remote proxy mode.
2025-12-21 04:29:49 -05:00
kaitranntt a2d01bcc8a fix(cliproxy): load remote config from config.yaml for proxy resolution
- Import loadOrCreateUnifiedConfig to access cliproxy_server settings
- Pass remote/local config to resolveProxyConfig() function
- Enables CLI to detect remote mode from user's config.yaml
2025-12-21 04:13:57 -05:00
kaitranntt d0599e8d2c feat(cliproxy): add localhost URL rewriting for remote proxy mode
- Add rewriteLocalhostUrls() to detect and rewrite localhost URLs
- Support 127.0.0.1, localhost, 0.0.0.0 patterns
- Update getEffectiveEnvVars() to accept remoteRewriteConfig param
- Auto-rewrite saved settings URLs to remote server at runtime
2025-12-21 04:13:36 -05:00
kaitranntt 068d5772f2 fix(cliproxy): add gemini-cli provider mapping for remote auth 2025-12-21 02:37:36 -05:00
kaitranntt 86d992fce6 fix(ui): fix profile switching and improve UX
- Add key prop to ProfileEditor to force remount on profile change

- Reset editorHasChanges on discard confirmation

- Add text-white to destructive dialog button

- Change OpenRouter default model to claude-opus-4.5
2025-12-21 01:20:57 -05:00
kaitranntt cdb465342e fix(cliproxy): address code review findings for remote routing
- Add runtime API response validation in remote-auth-fetcher
- Add AbortController cleanup to prevent state updates after unmount
- Validate postMessage origin matches iframe src before sending creds
- Mask auth token display (show ***last4) for security
- Reset error/connected state on refresh
- Fix port default to use protocol-based (443 for https, 80 for http)
- Normalize path in buildProxyUrl to ensure leading slash
- Add fallback for undefined email (default to 'Unknown')
- Extract timeout constant (REMOTE_FETCH_TIMEOUT_MS)
- Remove unused RemoteAuthFilesResponse interface
2025-12-21 00:42:54 -05:00
kaitranntt 17bb6f9836 feat(cliproxy): add remote routing for stats and auth endpoints
- Refactor stats-fetcher.ts: 5 functions now use getProxyTarget()
- Add remote-auth-fetcher.ts: fetch auth status from remote /v0/management/auth-files
- Update cliproxy-auth-routes.ts: branch on isRemote for GET routes
- Return 501 for account management in remote mode (unsupported)
2025-12-21 00:42:54 -05:00