Commit Graph
53 Commits
Author SHA1 Message Date
Tam Nhu Tran 5013d411a7 feat(cliproxy): self-pause exhausted quota accounts 2026-04-28 20:35:15 -04:00
Tam Nhu Tran 7a9e67e6dc fix: route codex remote https through local proxy chain 2026-04-23 23:00:59 -04:00
Tam Nhu Tran 3d22bb07f0 fix(cliproxy): route plus backend to maintained fork 2026-04-23 21:25:29 -04:00
Kai (Tam Nhu) TranandGitHub 142381078e Merge pull request #1069 from sgaluza/feat/opus-4-7-adaptive-thinking
fix(cliproxy): use adaptive thinking for Opus 4.7 + add 'max' level
2026-04-22 22:03:21 -04:00
Tam Nhu Tran b3bc17639c fix(ui): surface the max thinking level in settings and help 2026-04-22 21:43:32 -04:00
Tam Nhu Tran dd90ea7e2f hotfix: close cliproxy plus fallback gaps 2026-04-22 08:52:17 -04:00
Tam Nhu Tran 039ed63a39 fix(browser): harden runtime policy edge cases 2026-04-20 21:01:19 -04:00
Tam Nhu Tran 7d02f55f9f feat(browser): add explicit runtime policy controls 2026-04-20 21:01:19 -04:00
Tam Nhu Tran ccdd0b6e8e fix(windows): align escaped wrapper shell handling
Use ComSpec-aware shell selection for escaped wrapper launches.

Apply it to the remaining Windows Claude launch paths.

Rewrite the Codex exec regression test to use scoped spies so the full suite stays isolated.
2026-04-19 14:27:27 -04:00
Tam Nhu Tran b52503300b fix(browser): bootstrap managed attach profile setup 2026-04-18 17:18:14 -04:00
Tam Nhu Tran 41bf5075e0 hotfix(browser): avoid aborting launch on missing managed profile
- skip managed Claude browser attach when the default CCS browser profile
  directory has not been created yet
- keep explicit env override flows failing fast so real misconfiguration still
  surfaces clearly
- add regression coverage for default and settings-profile launches
2026-04-16 22:59:43 -04:00
Tam Nhu Tran 4e30c9b080 feat(cli): add browser automation commands 2026-04-16 18:49:24 -04:00
Tam Nhu Tran 27f1416181 fix(cliproxy): avoid network-bound local startup
- skip CLIProxy auto-update checks on runtime bootstrap paths

- fail fast when local startup needs a missing binary instead of attempting installs

- add regression coverage for dashboard limited mode and startup test isolation
2026-04-15 22:55:11 -04:00
Tam Nhu Tran 87d93b651b fix(cursor): deprecate legacy bridge and harden gitlab auth 2026-04-15 01:23:15 -04:00
Tam Nhu Tran 2d9f8c9695 feat(cliproxy): integrate missing provider support 2026-04-15 00:26:12 -04:00
walkerandClaude Opus 4.6 eb8149e8fa feat(browser): 接入 CCS browser MCP 与最小交互闭环
新增 browser MCP 安装、Chrome 复用与运行时接线,
实现 navigate、click、type、take_screenshot 四个 phase-1 工具并补齐相关单测。

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 11:19:16 +08:00
Tam Nhu Tran 64ecd8b3dc feat(image-analysis): make MCP-first provisioning self-healing 2026-04-08 13:36:05 -04:00
Tam Nhu Tran c1d4294708 fix(cliproxy): remove dead codex reconcile settings arg 2026-04-07 17:59:56 -04:00
Tam Nhu Tran f40d435a92 fix(kiro): harden idc and callback auth paths
- keep headless paste routing aligned with the selected Kiro auth method

- validate local callback replay targets and add prompt cancellation safeguards

- wire IDC params through the dashboard start route and support equals-form CLI flags
2026-04-05 02:04:11 -04:00
Tam Nhu Tran 0fbea0f335 fix(kiro): align auth flows with CLIProxyAPIPlus
- auto-select Builder ID for the default Kiro AWS auth flow

- support IDC auth flags and callback-based Kiro paste replay

- update regression coverage for Kiro auth routing
2026-04-05 02:04:11 -04:00
Tam Nhu Tran 77b488f8b1 fix(image-analysis): harden runtime and provisioning 2026-04-02 18:36:19 -04:00
Tam Nhu Tran 813b2dd4d0 feat(image-analysis): add provider-backed runtime 2026-04-02 15:44:13 -04:00
Tam Nhu Tran 3b61673ad2 fix(cliproxy): preserve image-analysis runtime readiness 2026-04-01 15:32:37 -04:00
Tam Nhu Tran cae5b710b8 fix(websearch): close review gaps in managed runtime 2026-03-30 23:02:20 -04:00
Tam Nhu Tran de7171d810 feat(websearch): finish managed third-party rollout
- steer third-party launches toward the managed WebSearch MCP tool

- add opt-in trace diagnostics across launch, MCP, provider, and headless paths

- extend docs and regression coverage for the first-class runtime

Refs #862
2026-03-30 22:41:51 -04:00
Tam Nhu Tran e260df7178 feat: add first-class CCS WebSearch runtime 2026-03-30 16:10:39 -04:00
Tam Nhu Tran c73f33872a feat(cliproxy): support duplicate-email codex accounts
- keep Codex team and personal auth files as separate identities

- resolve quota and live monitor stats by token file-backed account id

- surface duplicate-aware account labels across the dashboard and variant UI
2026-03-30 15:30:11 -04:00
Tam Nhu Tran 2251312411 fix(cliproxy): centralize gemini compatibility and fallback hints 2026-03-27 17:38:31 -04:00
Tam Nhu Tran 5ac91e0cac fix(cliproxy): align gemini 3.1 preset compatibility 2026-03-27 16:39:40 -04:00
Tam Nhu Tran bdb7ac2937 feat(cliproxy): allow optional provider nicknames
- stop requiring manual unique nicknames for no-email providers by default

- preserve explicit nickname validation and same-account reauth semantics

- persist optional nicknames through dashboard manual callback flows
2026-03-23 11:02:08 -04:00
Tam Nhu Tran 551591ef18 fix(cliproxy): make codex defaults free-plan safe 2026-03-16 13:43:23 -04:00
Tam Nhu Tran 0b9f9826e2 feat(continuity): support cross-profile continuity inheritance from account profiles 2026-03-03 02:49:17 +07:00
Tam Nhu Tran b602ab99ab fix(auth): harden agy safety endpoints and config writes
- add safer error responses for settings/auth routes to avoid leaking internals

- guard sensitive AGY settings endpoints to localhost when dashboard auth is off

- validate start-route bodies and reject OAuth start in remote mode for consistency

- preserve cliproxy.kiro_no_incognito and token_refresh during config merges

- enforce AGY acknowledgement in remote auth-token run/auth command paths
2026-02-24 18:09:36 +07:00
Tam Nhu Tran 3b1271b5e4 fix(agy): enforce multi-step responsibility acknowledgement for antigravity oauth 2026-02-24 17:23:02 +07:00
Tam Nhu Tran 2385d9028a feat(cliproxy): add Claude quota windows and account failover 2026-02-22 01:19:02 +07:00
Tam Nhu Tran 954baecfe4 fix(thinking): handle clear no-op and tighten override coverage 2026-02-19 16:26:56 +07:00
Tam Nhu Tran 92e2ec111d fix(thinking): harden codex reasoning controls across cli and dashboard 2026-02-19 14:13:41 +07:00
Tam Nhu Tran c48ed2ea7f feat(thinking): complete thinking UX/DX for all providers
- Fix codex off-mode bug: add disableEffort to CodexReasoningProxy
  so mode=off actually skips reasoning injection
- Add CCS_THINKING env var (priority: flag > env > config)
- Add startup feedback: [i] Thinking: <level> (<source>)
- Add ccs config thinking CLI subcommand with --mode, --override,
  --tier, --provider-override, --clear-override
- Dashboard: add manual override selector when mode=manual
- Dashboard: add provider overrides collapsible section
- Dashboard: update info box with CCS_THINKING env var docs
- Update help-command.ts with CCS_THINKING and config thinking

Closes #583
2026-02-19 12:45:23 +07:00
Tam Nhu Tran 476eabe08f fix(cliproxy): warn gemini and agy users about issue 509 2026-02-19 10:12:57 +07:00
Tam Nhu Tran e425f477a4 fix(cli): add kiro auth-method flag wiring and help
- parse and validate --kiro-auth-method for Kiro and Kiro composite tiers

- pass selected method through auth/import flows

- document supported Kiro auth-method values in ccs --help

Refs #552

Refs #233
2026-02-14 13:33:37 +07:00
Tam Nhu Tran f9df3cfa7a fix(cliproxy): unify codex reasoning flags and thinking flow 2026-02-14 07:44:59 +07:00
Tam Nhu Tran 1a23f912a4 fix(cliproxy): harden composite validation and runtime safeguards 2026-02-13 05:34:30 +07:00
Tam Nhu Tran 0a8adb22fc fix(cliproxy): harden composite variant routing and validation 2026-02-12 15:18:33 +07:00
Tam Nhu Tran 8e6b67bf99 fix(cliproxy): fix edit dialog empty model and composite guidance
- P2: Edit dialog no longer seeds empty model string
  Changed `variant.model || ''` to `variant.model ?? undefined`
  Added payload filtering to exclude undefined/empty values before API call
  Prevents unintended model overwrites when user only changes other fields

- P3: Composite --config guidance now uses variant name
  Added profileName to ExecutorConfig interface
  Error message now shows correct variant name instead of default tier provider
  e.g., "ccs cliproxy edit my-mix" instead of "ccs cliproxy edit gemini"
2026-02-12 12:56:57 +07:00
Tam Nhu Tran 399d7e163a fix(cliproxy): address 3 code review issues in composite variants
- P1: Remove premature variant deletion in --force mode
  Fix destructive overwrite path - old variant preserved if user
  cancels auth or creation fails (createVariant handles overwrite)

- P2: Validate all composite tier providers at runtime
  Backend gating now checks all providers in composite, not just
  default tier. Prevents kiro/ghcp on non-default tiers bypassing
  Plus backend requirement.

- P2: Preserve tier thinking when default tier is off
  Early return skipped tier processing when default thinking was
  "off". Now uses flag-based approach - only main model skipped,
  tier loop continues with per-tier thinking config.
2026-02-12 12:29:43 +07:00
Tam Nhu Tran 6ff17d8480 fix(cliproxy): improve multi-provider auth with continue-on-error pattern
- Continue to remaining providers on auth failure instead of throwing
- Aggregate failures and show summary of succeeded/failed providers
- Improves UX when one provider fails in composite variant
2026-02-12 11:01:27 +07:00
Tam Nhu Tran ac574e0baf fix(cliproxy): address code review feedback (attempt 2/5)
- Add tiers shape validation in variant-routes POST/PUT endpoints
- Use process.exit(1) for blocked --config on composite variants
2026-02-12 08:26:03 +07:00
Tam Nhu Tran 854b198b64 fix(cliproxy): address code review feedback (attempt 1/5)
- Add composite fields to UpdateVariant type (default_tier, tiers)
- Handle forceAuth (--auth) for composite multi-provider variants
2026-02-12 08:15:27 +07:00
Tam Nhu Tran 44b30b8753 feat(cliproxy): add composite variant runtime execution
- Add getCompositeEnvVars() for root URL + per-tier model env vars
- Extend ProxyChainConfig with composite fields
- Route composite variants through root URL in buildClaudeEnvironment()
- Multi-provider auth check for composite (all tiers must pass)
- Multi-provider token refresh for composite
- Per-tier broken model check
- Block --config for composite variants
- Pass composite config through to env resolver

Refs #506
2026-02-12 04:09:19 +07:00
Kai (Tam Nhu) TranGitHubgithub-actions[bot] <github-actions[bot]@users.noreply.github.com>
051805074e feat: account safety, quota monitoring, and stability fixes (#530)
* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names (#515)

* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names

CLIProxyAPI registry no longer recognizes the gemini-claude-* prefix convention.
Model names in catalog, base config, and user settings are migrated to upstream
claude-* names. Auto-migration in env-builder rewrites existing user settings on
load and persists the change.

Closes #513

* fix: address code review feedback — sync UI layer and add migration tests

- Sync UI isNativeGeminiModel() with backend (remove gemini-claude- exclusion)
- Update UI model catalog agy entries from gemini-claude-* to claude-*
- Update CI/CD workflow and code-reviewer default model names
- Add unit tests for migrateDeprecatedModelNames() logic

* fix(hooks): isolate image type check before error-prone processing (#514)

* fix(hooks): isolate image type check before error-prone processing

Restructure processHook() into two phases so non-image Read calls
never see hook error messages. Phase 1 defensively checks tool name
and file extension, exiting 0 silently on any failure. Phase 2 only
runs for confirmed image/PDF files where errors are relevant.

Closes #511

* fix(hooks): sync image analyzer hook file on every profile launch

Add installImageAnalyzerHook() call to cliproxy executor, matching
the existing installWebSearchHook() pattern. This ensures the .cjs
file in ~/.ccs/hooks/ gets refreshed from the npm package on every
launch, so users receive hook updates after npm update.

* chore(release): 7.41.0-dev.1 [skip ci]

* fix(cliproxy): add fork:true for Claude model aliases in config generator (#523)

Config generator now outputs fork:true for Claude model alias entries,
ensuring both upstream (claude-*) and aliased (gemini-claude-*) model
names appear in /v1/models listings. Also preserves fork flag when
parsing user-added aliases during config regeneration.

Bumps config version to v7 to trigger regeneration on next ccs doctor.

Closes #522

* chore(release): 7.41.0-dev.2 [skip ci]

* feat(cliproxy): add account safety guards to prevent Google account bans (#516)

* feat(cliproxy): add account safety guards to prevent Google account bans

Implements cross-provider isolation to prevent Google from flagging
concurrent OAuth usage across different client IDs (ref: #509, #512).

Three pillars:
1. Auto-pause enforcement at session launch — conflicting accounts in
   other Google OAuth providers are paused so CLIProxyAPI can't use them,
   restored on session exit with crash recovery via auto-paused.json
2. Ban/disable detection — error responses matching Google ban patterns
   auto-pause the affected account to prevent further damage
3. Cross-provider conflict warnings during OAuth registration

Key design decisions:
- PID-based session tracking for crash recovery (dead PID = restore)
- Timestamp comparison prevents restoring ban-paused accounts on exit
- Schema validation on auto-paused.json prevents corrupted state
- Falls back to warn-only when another session is managing isolation

* fix(cliproxy): address code review feedback (attempt 1/5)

- Re-read auto-paused.json before write in enforceProviderIsolation to
  reduce concurrent write race window
- Use actual email from registry for display instead of raw accountId
- Export maskEmail for testability
- Add 27 unit tests covering ban detection, email masking,
  cross-provider duplicate detection, enforcement lifecycle,
  crash recovery, and timestamp-guarded restore

* fix(cliproxy): address remaining review feedback (attempt 2/5)

- Add handleBanDetection test verifying account pause on ban error
- Add warnCrossProviderDuplicates tests (true/false/non-Google)
- Document PID reuse limitation in isPidAlive JSDoc comment

* chore(release): 7.41.0-dev.3 [skip ci]

* feat(cliproxy): runtime quota monitoring during active sessions (#529)

* feat(cliproxy): add runtime quota monitoring during active sessions

Adds adaptive background quota polling to detect and respond to quota
exhaustion during active CLIProxy sessions. Prevents rate-limit-driven
account bans by auto-cooling exhausted accounts and switching defaults.

- Adaptive polling: 300s normal, 60s at 20% threshold, stops at 0%
- Stderr warnings at 20%, boxed exhaustion alerts at 0%
- Cooldown + default switch on exhaustion (existing patterns)
- Configurable via quota_management.runtime_monitor in config.yaml
- Timer.unref() prevents blocking process exit
- monitorStopped guard for in-flight poll safety

Closes #524

* fix: address code review feedback (attempt 1/5)

- M1: Round quotaPercent display with Math.round() to avoid ugly floats
- M2: Rename exhaust_threshold -> exhaustion_threshold for consistency
  with existing auto.exhaustion_threshold config field
- M3: Replace async not.toThrow() with direct await assertion pattern

* fix: address code review feedback (attempt 2/5)

- Remove .claude/agent-memory/ from tracking and add to .gitignore
- Unify cooldown_minutes default to 5 (was 10 in runtime_monitor, 5 in auto)
- Add threshold validation in startQuotaMonitor (warn > exhaustion)
- Document intentional post-switch monitoring gap in code comment

* chore(release): 7.41.0-dev.4 [skip ci]

* fix(cliproxy): mask email in ban detection and fix JSDoc default

- Use maskEmail() in handleBanDetection output for consistency
- Fix cooldown_minutes JSDoc: default is 5, not 10

* chore(release): 7.41.0-dev.5 [skip ci]

* fix(cliproxy): address all review feedback (Low + informational)

- Add sync constraint comment on process.exit handler (executor)
- Add TOCTOU race acceptability comment (account-safety)
- Mask email in handleQuotaExhaustion reason string
- Use realistic exhaustion_threshold (5) in test configs

* chore(release): 7.41.0-dev.6 [skip ci]

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-12 00:48:29 +07:00