* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names (#515)
* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names
CLIProxyAPI registry no longer recognizes the gemini-claude-* prefix convention.
Model names in catalog, base config, and user settings are migrated to upstream
claude-* names. Auto-migration in env-builder rewrites existing user settings on
load and persists the change.
Closes#513
* fix: address code review feedback — sync UI layer and add migration tests
- Sync UI isNativeGeminiModel() with backend (remove gemini-claude- exclusion)
- Update UI model catalog agy entries from gemini-claude-* to claude-*
- Update CI/CD workflow and code-reviewer default model names
- Add unit tests for migrateDeprecatedModelNames() logic
* fix(hooks): isolate image type check before error-prone processing (#514)
* fix(hooks): isolate image type check before error-prone processing
Restructure processHook() into two phases so non-image Read calls
never see hook error messages. Phase 1 defensively checks tool name
and file extension, exiting 0 silently on any failure. Phase 2 only
runs for confirmed image/PDF files where errors are relevant.
Closes#511
* fix(hooks): sync image analyzer hook file on every profile launch
Add installImageAnalyzerHook() call to cliproxy executor, matching
the existing installWebSearchHook() pattern. This ensures the .cjs
file in ~/.ccs/hooks/ gets refreshed from the npm package on every
launch, so users receive hook updates after npm update.
* chore(release): 7.41.0-dev.1 [skip ci]
* fix(cliproxy): add fork:true for Claude model aliases in config generator (#523)
Config generator now outputs fork:true for Claude model alias entries,
ensuring both upstream (claude-*) and aliased (gemini-claude-*) model
names appear in /v1/models listings. Also preserves fork flag when
parsing user-added aliases during config regeneration.
Bumps config version to v7 to trigger regeneration on next ccs doctor.
Closes#522
* chore(release): 7.41.0-dev.2 [skip ci]
* feat(cliproxy): add account safety guards to prevent Google account bans (#516)
* feat(cliproxy): add account safety guards to prevent Google account bans
Implements cross-provider isolation to prevent Google from flagging
concurrent OAuth usage across different client IDs (ref: #509, #512).
Three pillars:
1. Auto-pause enforcement at session launch — conflicting accounts in
other Google OAuth providers are paused so CLIProxyAPI can't use them,
restored on session exit with crash recovery via auto-paused.json
2. Ban/disable detection — error responses matching Google ban patterns
auto-pause the affected account to prevent further damage
3. Cross-provider conflict warnings during OAuth registration
Key design decisions:
- PID-based session tracking for crash recovery (dead PID = restore)
- Timestamp comparison prevents restoring ban-paused accounts on exit
- Schema validation on auto-paused.json prevents corrupted state
- Falls back to warn-only when another session is managing isolation
* fix(cliproxy): address code review feedback (attempt 1/5)
- Re-read auto-paused.json before write in enforceProviderIsolation to
reduce concurrent write race window
- Use actual email from registry for display instead of raw accountId
- Export maskEmail for testability
- Add 27 unit tests covering ban detection, email masking,
cross-provider duplicate detection, enforcement lifecycle,
crash recovery, and timestamp-guarded restore
* fix(cliproxy): address remaining review feedback (attempt 2/5)
- Add handleBanDetection test verifying account pause on ban error
- Add warnCrossProviderDuplicates tests (true/false/non-Google)
- Document PID reuse limitation in isPidAlive JSDoc comment
* chore(release): 7.41.0-dev.3 [skip ci]
* feat(cliproxy): runtime quota monitoring during active sessions (#529)
* feat(cliproxy): add runtime quota monitoring during active sessions
Adds adaptive background quota polling to detect and respond to quota
exhaustion during active CLIProxy sessions. Prevents rate-limit-driven
account bans by auto-cooling exhausted accounts and switching defaults.
- Adaptive polling: 300s normal, 60s at 20% threshold, stops at 0%
- Stderr warnings at 20%, boxed exhaustion alerts at 0%
- Cooldown + default switch on exhaustion (existing patterns)
- Configurable via quota_management.runtime_monitor in config.yaml
- Timer.unref() prevents blocking process exit
- monitorStopped guard for in-flight poll safety
Closes#524
* fix: address code review feedback (attempt 1/5)
- M1: Round quotaPercent display with Math.round() to avoid ugly floats
- M2: Rename exhaust_threshold -> exhaustion_threshold for consistency
with existing auto.exhaustion_threshold config field
- M3: Replace async not.toThrow() with direct await assertion pattern
* fix: address code review feedback (attempt 2/5)
- Remove .claude/agent-memory/ from tracking and add to .gitignore
- Unify cooldown_minutes default to 5 (was 10 in runtime_monitor, 5 in auto)
- Add threshold validation in startQuotaMonitor (warn > exhaustion)
- Document intentional post-switch monitoring gap in code comment
* chore(release): 7.41.0-dev.4 [skip ci]
* fix(cliproxy): mask email in ban detection and fix JSDoc default
- Use maskEmail() in handleBanDetection output for consistency
- Fix cooldown_minutes JSDoc: default is 5, not 10
* chore(release): 7.41.0-dev.5 [skip ci]
* fix(cliproxy): address all review feedback (Low + informational)
- Add sync constraint comment on process.exit handler (executor)
- Add TOCTOU race acceptability comment (account-safety)
- Mask email in handleQuotaExhaustion reason string
- Use realistic exhaustion_threshold (5) in test configs
* chore(release): 7.41.0-dev.6 [skip ci]
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
- Add profile name completions to fish env subcommand
- Add iflow, kiro, ghcp, claude to zsh proxy_profiles and PS1 cliproxyProfiles
- Distinguish non-API profile type error from "profile not found"
- Add iflow, kiro, ghcp, claude to bash completion env block
- Add --shell flag validation matching --format pattern
- Add backtick injection test case
- P1: Fix bash completion $cliproxy_profiles scoping — inline profiles
in env block since variable is only defined at COMP_CWORD=1 scope
- P2: Detect account-based profiles and show specific error message
instead of generic "not found"
- P2: Show `ccs migrate` hint when unified mode is disabled and settings
profile resolution fails
- P2: transformToOpenAI omits empty entries at transform time instead of
relying on output filter (removes fragile coupling)
- P3: Add zsh and auto to --shell completions across all 4 shells; map
--shell zsh to bash in command handler since syntax is identical
- P3: Auto-detect PowerShell from SHELL containing pwsh on non-Windows
- Tests: 33 pass (+1 pwsh detection test, updated transform assertions)
- Add settings profiles to zsh env completion (was proxy-only)
- Document intentional ANTHROPIC_MODEL omission in transformToOpenAI
- Use getCcsDir() in error hint instead of hardcoded ~/.ccs/
- Export parseFlag and add 5 unit tests for flag parsing
- Add fish and PowerShell single-quote escaping tests
- Validate env var keys match ^[A-Za-z_][A-Za-z0-9_]*$ before output
to prevent injection via crafted config files
- Add env command to all 4 shell completion scripts (bash, zsh, fish,
PowerShell) with sub-completions for --format and --shell flags
- postuninstall.js: add file logging for debugging on error
- profile-hook-injector.ts: use 'wx' flag for atomic marker creation
- profile-hook-injector.ts: include parse error message in debug log
- install-command.ts: use actual counts for consistent semantics
- Windows tests: align Section 7 with per-profile hook architecture
- remove removeHookConfig() call from uninstallWebSearchHook()
- add removeMigrationMarker() cleanup
- update postuninstall.js to only clean CCS files
- global ~/.claude/settings.json is never touched
* feat(ci): add AI code review workflow with Claude via CLIProxyAPI
- Self-hosted runner calls CLIProxyAPI at localhost:8317
- Triggers on PR open/update and /review comment
- Uses gemini-claude-opus-4-5-thinking for deep reviews
- Posts summary + inline comments via gh CLI
- Handles self-PR fallback to COMMENT mode
* chore(release): 7.15.0-dev.1 [skip ci]
* refactor(ci): use GitHub App for reviewer identity + new review format
- Posts as ccs-agy-reviewer[bot] via GitHub App token
- New review format: structured markdown with verdict, summary, issues table
- Single PR comment instead of inline comments
- Concise, focused on PR changes only
* chore(release): 7.15.0-dev.2 [skip ci]
* refactor(ci): switch to Claude Code CLI for reviews
- Use claude -p instead of custom TypeScript script
- Auto-install if not present on runner
- CLIProxyAPI via env vars (ANTHROPIC_BASE_URL, ANTHROPIC_MODEL)
- Allowed tools: Read, Glob, Grep
- Max 3 turns for file exploration
* chore(release): 7.15.0-dev.3 [skip ci]
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Add dev:symlink and dev:unlink scripts to enable seamless testing of
development changes using the global 'ccs' command without needing to
pack/install globally each time.
- scripts/dev-symlink.sh: New script that safely creates symlinks from
global ccs to dev dist/ccs.js with backup/restore functionality
- package.json: Added dev:symlink and dev:unlink npm scripts
- CONTRIBUTING.md: Updated development setup documentation with
symlink workflow option
This improves developer experience by allowing immediate testing of
changes with 'ccs <command>' instead of './dist/ccs.js <command>'.
- setup-command.ts: Add Ctrl+C handling (UserCancelledError), port
validation (1-65535), protocol stripping from host, try-catch with
user-friendly error messages
- postinstall.js: Add ~/.ccs file check (not directory), wrap js-yaml
require in try-catch with JSON fallback, validate config.json before
migration, warn when both config files exist
- recovery-manager.ts: Verify config is loadable (not just exists),
add nested error handling for fallback write
- ccs.ts: Make first-time install hint independent of recovery status
(shows even when user manually created empty config.yaml)
All edge cases identified by code review addressed.
- Update postinstall.js to create config.yaml instead of config.json
- Update recovery-manager to create config.yaml as primary config
- Fix isFirstTimeInstall() to check for meaningful config content
(profiles, accounts, variants, oauth_accounts, remote proxy)
- Update validation to accept config.yaml OR config.json
- Preserve backward compatibility: legacy config.json is migrated
to config.yaml on first run via autoMigrate()
- Update postinstall tests to verify config.yaml creation
Fixes#142 - remote CLIProxyAPI configuration
- dev-release.sh: save release notes to .dev-release-info.json
- send-discord-release.cjs: read from generated file for dev releases
- add .dev-release-info.json to .gitignore
Replaces semantic-release for dev branch with custom script that:
- Bases dev versions on current stable (e.g., 6.7.1-dev.N)
- Increments only the dev number, not the base version
- Keeps GitHub releases, issue tagging, Discord notifications
Bun's `add -g` with file: protocol appends instead of replacing existing
entries, causing duplicate key warnings on repeated installs. Fix by
removing the package before re-adding.
- Add split-view provider editor with model mapping UI and JSON editor
- Implement persistent custom presets (save/load per provider)
- Add provider logos with white backgrounds for light/dark theme
- Integrate CLIProxyAPI control panel embed via iframe
- Add service manager for CLIProxyAPI lifecycle control
- Support variant logo display using parent provider
- Add categorized model selector with search and groups
- Disable subject-case rule in commitlint to allow capital letters in commit subjects
- Add clean-dist.js script to preserve UI bundle during TypeScript builds
- Update package.json prebuild script to use new clean-dist.js
- Settings editor with API key masking and conflict detection
- Health dashboard with status cards and one-click fixes
- Home dashboard with stats and quick actions
- Shared data viewer for commands/skills/agents
- Build scripts for UI + server bundle
- Bundle size verification (<500KB gzipped)
- Pre-release checklist script
- Styled cliproxy help output with UI primitives and added status hint
- Added cliproxy --help reference to main help command
- Updated bash, zsh, fish, and PowerShell completions with:
- Missing commands (api, cliproxy)
- CLIProxy OAuth profiles (gemini, codex, agy, qwen)
- Provider flags and update command flags
- Update base-kimi.settings.json with model fields
- Update install.sh KIMI_MODEL variable
- Update postinstall.js template and migration to add model fields
- Migration now adds model fields instead of removing them (v5.5.0)
When upgrading from older CCS versions, ~/.ccs/shared/* directories may
exist as broken symlinks (dangling symlinks pointing to deleted targets).
Problem:
- fs.existsSync() returns false for broken symlinks
- fs.mkdirSync() fails with ENOENT because path exists as broken symlink
Solution:
- Added removeIfBrokenSymlink() helper that detects and removes dangling
symlinks using lstatSync (doesn't follow symlinks) + statSync (follows)
- Applied to shared directory and all subdirectories before mkdir
Fixes npm install error: ENOENT: no such file or directory, mkdir
Update CI/CD configuration, documentation, and scripts to use dev as the
primary integration branch instead of beta. Changes include GitHub Actions
workflow triggers, semantic-release configuration, and all relevant
documentation and helper scripts.
Issue #37: When running `ccs` (default profile), users were unknowingly
using GLM API instead of their Claude subscription because:
1. config.json had `default: '~/.claude/settings.json'` entry
2. ProfileDetector treated this as settings-based profile
3. CCS passed `--settings ~/.claude/settings.json` flag to Claude
4. Any stale ANTHROPIC_* env vars in that file got applied
Fix (3-pronged approach):
- Remove `default` entry from new config.json template
- Add migration to remove existing `default: ~/.claude/settings.json`
- Add ProfileDetector safety net: if default points to ~/.claude/settings.json,
treat as pass-through to Claude's native auth (no --settings flag)
Now `ccs` (no profile) correctly uses Claude's native OAuth authentication
without loading potentially polluted env vars from previous sessions.
Closes#37
- Simplify test files by removing custom TestRunner class
- Use standard Node.js assert module across all unit tests
- Update CLAUDE.md with streamlined development instructions
- Update tests/README.md with current testing approach
- Reduce boilerplate in delegation and GLMT test suites (652 lines removed)
- Remove lib/ccs and lib/ccs.ps1 version updates (now bootstraps)
- Update comments explaining v4.5.0+ architecture
- Use ASCII markers [OK]/[X]/[!] instead of emojis
- Update next steps to reflect new file list
Problem: Test suite was directly modifying user's personal ~/.ccs/
directory, causing configuration interference during development.
Solution:
- Add test-environment.js fixture with CCS_HOME env var support
- Update postinstall.js to respect CCS_HOME for test isolation
- Update config-manager.ts with getCcsHome() helper
- Update postinstall.test.js and cli.test.js to use isolated env
- Remove auto-install of .claude/ symlinks from postinstall
(users can run "ccs sync" to opt-in)
Benefits:
- Tests run in temp directories, no user config affected
- Users control when .claude/ items are installed via "ccs sync"
- All 39 tests passing with proper isolation
Phase 05: Migrate test imports from bin/ to dist/
- Update 19 test files to import from dist/ instead of bin/
- Update CLI path in cli.test.js and special-commands.test.js
- Update cross-platform.test.js to check dist/ directory
Phase 06: Cleanup & validation
- Remove bin/ directory (32 JS files)
- Fix ClaudeSymlinkManager import in doctor.ts
- Update postinstall.js to use dist/ modules
- Regenerate package-lock.json (now points to dist/ccs.js)
All 39 tests passing. TypeScript migration complete.
* feat(shared): add plugin support to shared directories
Add Claude Code plugins to the .ccs/shared/ symlink architecture,
enabling plugin sharing across all CCS profiles (GLM, GLMT, Kimi, etc).
Changes:
- SharedManager: Add 'plugins' to sharedDirs array
- Help text: Update all three implementations (Node.js, bash, PowerShell)
- Postinstall: Create ~/.ccs/shared/plugins/ directory on install
Architecture:
~/.claude/plugins/ <- ~/.ccs/shared/plugins/ <- instance/plugins/
This follows the existing pattern for commands/skills/agents and
maintains cross-platform compatibility with Windows fallback support.
* chore: bump version to 4.3.6
* docs: update CHANGELOG for v4.3.6
* feat(completion): improve fish shell completion with category prefixes
- Remove problematic inline set_color commands that prevented descriptions from displaying
- Add [cmd], [model], and [account] prefixes to visually group completions
- Update file header to document categorization features
This brings fish completion quality closer to zsh by making categories
clear and ensuring descriptions actually display to users.
Fixes issue where fish completions showed no descriptions.
* chore: bump version to 4.3.1