Commit Graph
329 Commits
Author SHA1 Message Date
kaitranntt ac6f382f6a fix(quota,error-logs): match CLIProxyAPI headers and enhance error log display
Quota fetcher:
- loadCodeAssist headers now match antigravity.go exactly
- fetchAvailableModels uses empty body {} and correct User-Agent
- Prevents accounts being flagged for anomalous requests

Error logs:
- Extract status code from end of log (RESPONSE section)
- Display full model names instead of abbreviated
- Show status badges (500/429/4xx) with color coding
- Add provider icons with white background
2025-12-29 15:48:37 -05:00
kaitranntt 00597b3358 feat(quota): implement proactive token refresh (5-min lead time)
- Refresh token 5 minutes before expiry (matches CLIProxyAPIPlus)
- Only refresh when: expired, no expiry info, or expiring within 5 min
- Reduces unnecessary OAuth API calls when token is still valid
2025-12-29 13:57:21 -05:00
kaitranntt ecfdcdef78 fix(quota): add unprovisioned account detection with actionable message
- Add isUnprovisioned flag to QuotaResult interface
- Detect when account is authenticated but lacks project ID
- Show actionable message: "Sign in to Antigravity app to activate quota."
- Refactor getProjectId retry logic for cleaner error propagation
2025-12-29 13:48:56 -05:00
kaitranntt 4be8e927a0 feat(quota): add OAuth token refresh for independent quota fetching
CCS can now fetch quota independently of CLIProxyAPI by refreshing
access tokens using the refresh_token stored in auth files.

- Add refreshAccessToken() using Google OAuth token endpoint
- Use public Antigravity OAuth credentials (from CLIProxyAPIPlus)
- Proactively refresh token before API calls to avoid stale tokens
- Fallback retry on auth errors

This fixes quota showing "Access token expired" for accounts whose
file-based access_token is stale (CLIProxyAPI refreshes at runtime
but doesn't persist to disk).
2025-12-29 13:25:14 -05:00
kaitranntt 739270aac4 fix(quota): remove misleading token expiration check in quota fetcher
Backend was returning 'Token expired' error based on stale file state
without attempting API call. CLIProxyAPIPlus refreshes tokens at runtime
but intentionally doesn't persist to disk, making file-based expiration
checks always misleading.

Now quota fetcher attempts API call regardless of file expiration state.
If token is truly invalid, API returns 401 which is handled properly.
2025-12-29 13:18:02 -05:00
kaitranntt 6ccf6c5e13 feat(ui): replace misleading token expiry with runtime-based status
- Remove "Token expired" warning (showed stale file state, not runtime)
- Add "Active/Last used" status based on CLIProxyAPI runtime stats
- Show green checkmark for recently used accounts (within 1h)
- Show "Not used yet" for accounts without usage stats
- Remove expired warning from flow-viz account cards
- Add model quota sorting (Claude > Gemini > GPT > other)
- Add quota reset time display in tooltips
- Fix re-auth button to use correct CCS endpoint
- Reduce quota cache staleness (30s stale, 1m refresh)

CLIProxyAPI intentionally doesn't persist refreshed tokens to disk
(to prevent refresh loops), so file-based expiry was misleading.
Dashboard now shows truthful operational state from runtime stats.
2025-12-29 13:03:37 -05:00
kaitranntt 7861b63a5d fix(cliproxy): resolve merge conflicts and add edge case fixes
Merge changes from dev:
- Kiro incognito toggle feature
- Auth profile management
- Setup wizard updates

Edge case fixes:
- Add fs.existsSync check before readdirSync in quota-fetcher
- Add isFinite check for quota values
- Clamp percentage to 0-100 range
- Wrap error response JSON parsing in try-catch
2025-12-29 09:56:55 -05:00
kaitranntt 205b5ab71f feat(cliproxy): add account quota display for Antigravity provider
- Add quota-fetcher.ts for Google Cloud Code API integration
- Add REST endpoint GET /api/cliproxy/quota/:provider/:accountId
- Add useAccountQuota hook with React Query caching
- Display quota bar in AccountItem with per-model tooltip
- Create reusable Progress component
- Consolidate quota types in api-client.ts
2025-12-28 19:24:12 -05:00
Kai (Tam Nhu) TranandGitHub d386ea7c3d Merge pull request #216 from kaitranntt/feat/dashboard-parity-auth-crud
feat(ui): add auth profile management to Dashboard
2025-12-27 13:39:39 -08:00
Kai (Tam Nhu) TranandGitHub 0b0959314c Merge pull request #215 from kaitranntt/fix/214-config-recovery-before-commands
fix: run RecoveryManager before early-exit commands and improve config handling
2025-12-27 13:31:51 -08:00
kaitranntt 8a3c5a446b fix: improve type safety and error handling in config-manager
- Wrap JSON.parse in try-catch with clear error message for malformed JSON
- Add iflow, kiro, ghcp providers to CLIProxyVariantConfig type
- Make settings optional in CLIProxyVariantConfig (was required with empty string fallback)
- Remove unsafe type cast in loadConfigSafe()

Addresses additional edge cases from PR #215 code review.
2025-12-27 12:28:59 -05:00
kaitranntt 2fff770b6b fix: wrap RecoveryManager in try-catch to prevent blocking CLI commands
Recovery failures (permission errors, disk full) no longer block
--version/--help commands. Recovery is best-effort - warns on failure
but allows basic CLI functionality to continue.

Fixes edge case identified in PR #215 code review.
2025-12-27 12:25:59 -05:00
kaitranntt 5f59d710a6 feat(dashboard): add Import from Kiro IDE button
Add "Import from IDE" button to Dashboard AddAccountDialog for Kiro provider:
- POST /api/cliproxy/auth/kiro/import endpoint using tryKiroImport()
- useKiroImport() React Query hook with cache invalidation
- UI button shown alongside OAuth authenticate for Kiro only
- Applies default preset when importing first account
- Fix UI typecheck script (remove incompatible --build flag)
2025-12-27 12:04:52 -05:00
kaitranntt fa8830e1ce feat(ui): add auth profile management to Dashboard
- Add create profile dialog with CLI command copy-paste
- Add delete profile with confirmation dialog
- Add reset to CCS default button
- Add DELETE endpoints for /accounts/:name and /accounts/reset-default
- Achieve CLI/Dashboard parity per design philosophy

Refs: plans/251227-0114-ccs-cli-dashboard-parity-audit
2025-12-27 11:20:10 -05:00
kaitranntt 0be3977845 fix: run RecoveryManager before early-exit commands and improve config handling
Fixes #214 - Fresh install fails with 'Config not found' when running
ccs config before RecoveryManager runs.

Changes:
- Move RecoveryManager.recoverAll() before all early-exit commands in ccs.ts
- Fix loadConfigSafe() to return empty config instead of throwing in legacy mode
- Add getActiveConfigPath() for mode-aware config path resolution
- Rename cliproxy getConfigPath() to getCliproxyConfigPath() to avoid confusion
- Update help-command.ts to show correct config path based on mode

This ensures all commands benefit from auto-recovery on fresh installs,
and gracefully handles missing config files in all code paths.
2025-12-27 00:05:31 -05:00
kaitranntt add4aa55c7 fix(kiro): add fallback import from Kiro IDE when OAuth callback redirects
When Kiro OAuth callback redirects to Kiro IDE instead of CLI, this fix:
- Auto-attempts token import from Kiro IDE storage
- Adds --import flag for manual import (ccs kiro --import)
- Shows clear instructions if import fails

Fixes #212
2025-12-27 00:01:40 -05:00
Kai (Tam Nhu) TranandGitHub 8833a5a77f Merge pull request #211 from kaitranntt/fix/206-dashboard-unified-config
fix(dashboard): support unified config.yaml in web server routes
2025-12-26 10:53:08 -08:00
kaitranntt a4a473ac93 fix(config): use safe inline logic in getSettingsPath() legacy fallback
The try/catch around loadConfig() in getSettingsPath() was ineffective
because process.exit() cannot be caught by try/catch - it terminates
the process immediately.

Replace with inline safe logic that:
1. Checks if config.json exists with fs.existsSync()
2. Reads and parses JSON manually
3. Uses isConfig() type guard for validation
4. Properly catches JSON parse errors

This ensures unified mode users don't crash when falling back to check
legacy config.json for profiles not found in config.yaml.
2025-12-26 13:47:17 -05:00
kaitranntt 0c69740694 fix(dashboard): support unified config.yaml in web server routes
Add loadConfigSafe() function that handles both unified (config.yaml) and
legacy (config.json) config formats. Uses throwable errors instead of
process.exit() so try/catch blocks work properly in web server routes.

Updated files to use loadConfigSafe():
- overview-routes.ts: Dashboard overview API
- route-helpers.ts: readConfigSafe() helper
- profile-reader.ts: API profile reading
- profile-writer.ts: API profile writing
- variant-config-adapter.ts: CLIProxy variant config

Fixes #206 (Problem 2: config.json not found when user has config.yaml)
2025-12-26 13:37:54 -05:00
kaitranntt 29f19308e6 fix(cliproxy): ensure version sync after binary update
- Add SIGKILL escalation after 3s SIGTERM timeout in session-tracker
- Auto-stop running proxy before binary update in binary-manager
- Add waitForPortFree utility to port-utils
- Detect version mismatch on startup and auto-restart outdated proxy
- Store and expose version in session lock for detection

Fixes issue where old proxy version continues running after update,
causing UI to show different version than actually running.
2025-12-26 13:31:27 -05:00
github-actions[bot] 2093ae2cc8 chore(sync): merge main into dev after release [skip ci]
# Conflicts:
#	package.json
2025-12-26 18:09:54 +00:00
kaitranntt 91e7b9f937 fix(health): use prefix matching for Linux process name truncation
Linux kernel truncates process names to 15 chars, causing
'cli-proxy-api-plus' to appear as 'cli-proxy-api-p' in lsof output.
Switch from exact whitelist to prefix matching for robust detection.
2025-12-26 12:57:56 -05:00
kaitranntt ac745503e2 fix(doctor): comprehensive health check fixes
- profile-check.ts: check config.yaml first, fallback to config.json
- recovery-manager.ts: remove dead code (ensureGlm/Glmt/Kimi methods)
- 4 files: use os.homedir() for cross-platform compatibility

Fixes:
- ProfilesChecker now respects unified config format (yaml)
- Removed ~100 lines of dead code that contradicted install policy
- Windows compatibility for home directory detection

Files modified:
- src/management/checks/profile-check.ts
- src/management/recovery-manager.ts
- src/cliproxy/model-config.ts
- src/cliproxy/services/variant-service.ts
- src/web-server/health/config-checks.ts
- src/web-server/routes/settings-routes.ts
2025-12-26 12:54:54 -05:00
kaitranntt 4fca7d16ed fix(doctor): prefer config.yaml and make settings files optional
- Check config.yaml first (v2 format), fallback to config.json (legacy)
- Make glm.settings.json and kimi.settings.json optional
- Only validate settings files if they exist
- Fix false positives: postinstall no longer creates these files

Fixes health check reporting errors for missing files that are now
optional and created on-demand when user configures a profile.
2025-12-26 12:45:12 -05:00
Kai (Tam Nhu) TranandGitHub 3a6e3cf6b6 Merge pull request #205 from kaitranntt/kai/feat/customizable-auth-tokens
feat(cliproxy): customizable auth tokens for CLIProxyAPI
2025-12-26 09:35:21 -08:00
Shun KakinokiandClaude Opus 4.5 d1a0ebee61 fix(health): correct CLIProxy port detection on macOS/Linux
Two bugs caused the health check to incorrectly report "Proxy not running":

1. lsof command used mutually exclusive flags (-t and -F)
   - Removed -t flag since -F already provides structured output

2. isCLIProxyProcess whitelist was missing common binary names
   - Added: cliproxyapi, cli-proxy-api-plus (and .exe variants)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-26 19:42:23 +09:00
kaitranntt 7e031b5097 fix(ui): simplify config header and add explicit save button
- Reduce config.yaml header from 26 lines to 2 lines
- Replace auto-save on blur with explicit Save button in Auth section
- Add hasChanges detection to enable/disable Save button
- Remove unused saveApiKey and saveSecret functions
2025-12-25 17:02:14 -05:00
kaitranntt 9722e1905d fix(dashboard): support unified config across health checks and settings
- health-service.ts: respect isUnifiedMode() in fixHealthIssue()
- config-checks.ts: check config.yaml in unified mode
- profile-checks.ts: read profiles from unified config
- settings-routes.ts: use atomic writes (temp+rename) for presets
- profile-registry.ts: add DRY helpers getAllProfilesMerged(), getDefaultResolved()

Closes #203
2025-12-25 16:50:55 -05:00
kaitranntt 133aebaabc fix(cliproxy): use auth inheritance in stats-fetcher and config-generator
- Replace hardcoded CCS_CONTROL_PANEL_SECRET with getEffectiveManagementSecret()
- Replace hardcoded CCS_INTERNAL_API_KEY with getEffectiveApiKey()
- Ensures custom tokens work across entire CLIProxy integration
2025-12-25 14:37:53 -05:00
kaitranntt ffd499698e feat(api): add auth tokens REST endpoints
- GET /api/settings/auth/tokens - masked token status
- GET /api/settings/auth/tokens/raw - unmasked (Cache-Control: no-store)
- PUT /api/settings/auth/tokens - update API key or management secret
- POST /api/settings/auth/tokens/regenerate-secret - generate secure secret
- POST /api/settings/auth/tokens/reset - reset to defaults
2025-12-25 14:36:34 -05:00
kaitranntt 0c6491c9d2 feat(cli): add tokens command for auth token management
- Add ccs tokens command with subcommands:
  --show, --api-key, --secret, --regenerate-secret, --reset, --variant
- Integrate tokens command into main CLI (ccs.ts)
- Display masked tokens by default, --show for unmasked
- Auto-regenerate CLIProxy config on token changes
2025-12-25 14:36:11 -05:00
kaitranntt c4f09168ff feat(cliproxy): add customizable auth token manager
- Add CLIProxyAuthConfig type with api_key and management_secret fields
- Implement auth-token-manager.ts with inheritance chain:
  variant auth → global auth → default constants
- Add secure token generation using crypto.randomBytes (256-bit entropy)
- Export auth functions from cliproxy barrel (index.ts)
- Bump UNIFIED_CONFIG_VERSION to 6
2025-12-25 14:35:43 -05:00
kaitranntt 25f0ddb9dd fix(dashboard): support unified config in overview and file watcher
- overview-routes: Use ProfileRegistry for account count, merge both
  legacy and unified sources
- file-watcher: Add config.yaml to watch list for real-time updates
  in unified mode

Related to #203
2025-12-25 14:35:31 -05:00
kaitranntt 8d7845d67f fix(dashboard): read accounts from unified config
Dashboard accounts page was only reading from profiles.json, ignoring
accounts stored in config.yaml when in unified mode. This caused
accounts created via CLI to be invisible in the dashboard.

- Use ProfileRegistry instead of direct file access
- Merge legacy and unified accounts (unified takes precedence)
- Set default via unified config when in unified mode

Fixes #203
2025-12-25 14:25:40 -05:00
Kai (Tam Nhu) TranandGitHub 459d730029 Merge pull request #184 from kaitranntt/kai/feat/variant-port-isolation
feat(cliproxy): add variant port isolation
2025-12-25 05:19:06 -05:00
kaitranntt e38af6ad6e fix(ui): initialize colors early for consistent status output
Call initUI() at the start of main() to ensure chalk is loaded
before any status messages. Previously, colors only worked when
an update notification was displayed because showUpdateNotification()
was the only place calling initUI().

Fixes #201
2025-12-25 04:53:32 -05:00
kaitranntt 2b4d21e8ae fix(cliproxy): preserve user API keys during config regeneration
When CCS updates trigger CLIProxy config regeneration, user-added API
keys in ~/.ccs/cliproxy/config.yaml were being overwritten with only
the internal CCS key.

Changes:
- Add parseUserApiKeys() to extract user keys from existing config
- Modify regenerateConfig() to preserve user API keys alongside port
- Update generateUnifiedConfigContent() to accept userApiKeys param
- Add comprehensive test suite (14 tests) for key preservation

Fixes #200
2025-12-24 22:12:09 -05:00
Kai (Tam Nhu) TranandGitHub b52e6d69d6 Merge pull request #193 from kaitranntt/kai/fix/kiro-incognito
fix(kiro): add --no-incognito option for normal browser auth
2025-12-24 21:59:19 -05:00
kaitranntt f2a4200625 fix(core): address all code review issues from PR #199
Critical fixes:
- CRIT-1: Fix placeholder detection case sensitivity in api-key-validator
- CRIT-2: Add TOCTOU protection via loadMigrationCheckData() for atomic config reads
- CRIT-3: Restore fs.existsSync mock in profile-detector tests

High priority fixes:
- H1-H3: API validator HTTP/HTTPS support, timeout abort, debug log
- H4-H6: OAuth explicit flow type, signal handling, TTY detection
- H7-H8: Profile collision warning, config-first save order
- H9-H11: expandPath consistency, preset sync CLI/UI
2025-12-24 20:18:57 -05:00
Kai (Tam Nhu) TranandGitHub 080ad11804 Merge pull request #197 from kaitranntt/fix/glm-auth-persistence
fix(profiles): prevent GLM auth regression from first-time install detection
2025-12-24 18:48:40 -05:00
kaitranntt 92a79aa78b test(auth): add comprehensive tests for GLM auth persistence fix
Add 26 new unit tests covering:
- isFirstTimeInstall() legacy config detection (8 tests)
- loadSettingsFromFile() path expansion (5 tests)
- ProfileDetector detectProfileType() (4 tests)
- expandPath() cross-platform handling (10 tests)

Test coverage for issue #195:
- Legacy config.json/profiles.json detection
- Tilde expansion to home directory
- Environment variable expansion (${VAR}, $VAR, %VAR%)
- Mixed path separator normalization
- Corrupted config graceful handling

Files:
- tests/unit/commands/setup-command.test.ts
- tests/unit/auth/profile-detector.test.ts
- tests/unit/utils/expand-path.test.ts
2025-12-24 18:33:52 -05:00
kaitranntt e7066b9997 feat(api): add Minimax, DeepSeek, Qwen provider presets
Add three new Anthropic-compatible API providers as presets:
- Minimax: M2.1/M2.1-lightning/M2 models with 1M context
- DeepSeek: V3.2 and R1 reasoning model (128K context)
- Qwen: Alibaba Cloud qwen3-coder-plus (256K context)

Closes #123
2025-12-24 18:32:07 -05:00
kaitranntt adb6222bc6 refactor(paths): use expandPath() consistently for cross-platform path handling
- variant-settings.ts: Use expandPath() in deleteSettingsFile()
- profile-writer.ts: Use expandPath() in removeApiProfileUnified()
- migration-manager.ts: Remove local expandPath(), import from helpers

All path expansion now uses the central expandPath() from utils/helpers.ts
which handles ~, ~\, ${VAR}, $VAR, and %VAR% on all platforms.
2025-12-24 18:19:47 -05:00
kaitranntt cc2d62db38 fix(profiles): prevent GLM auth regression from first-time install detection
- Check legacy config.json/profiles.json in isFirstTimeInstall()
- Use expandPath() for cross-platform path handling in profile-detector
- Add pre-flight API key validation for better error messages
- Enhance 401 error handling with Z.AI refresh guidance

Fixes #195
2025-12-24 18:09:09 -05:00
kaitranntt df0c94781e feat(kiro): improve auth UX with normal browser default and URL display
- Change default to noIncognito=true (normal browser) for reliability
- Always print OAuth URL to terminal for VS Code popup detection
- Move incognito toggle from Proxy settings to Kiro provider page
- Add --incognito flag to opt into incognito mode (was --no-incognito)
- Update help text to reflect new defaults
2025-12-24 06:17:17 -05:00
kaitranntt 083e67426c feat(kiro): add UI toggle and auth hint for --no-incognito option
- Add "Kiro: Use normal browser" toggle in config dashboard (Proxy section)
- Add --no-incognito documentation to ccs --help output
- Show hint after successful Kiro auth about saving AWS credentials
2025-12-24 05:26:02 -05:00
kaitranntt 13e4baca22 fix(kiro): add --no-incognito option for normal browser auth
Kiro OAuth always opens in incognito browser mode, which doesn't save
login credentials. Users need to re-enter email each authentication.

Changes:
- Add noIncognito option to OAuthOptions interface
- Add kiro_no_incognito config option to CLIProxyConfig
- Pass --no-incognito flag to CLIProxyAPI binary when enabled
- Support both CLI flag (--no-incognito) and config.yaml setting

Usage:
- CLI: ccs kiro --auth --no-incognito
- Config: cliproxy.kiro_no_incognito: true in config.yaml
2025-12-24 05:02:33 -05:00
kaitranntt 0bcaf4bc68 feat(cliproxy): add variant port isolation for concurrent proxy instances
Enables running multiple CLIProxy variants simultaneously on different
ports. Each variant now gets a unique port in the 18100-18199 range,
allowing concurrent use of providers like Gemini + Codex + custom variants.

Key changes:
- Add port field to variant config schema
- Implement automatic port allocation (18100 + variant index)
- Support variant-specific settings paths in config generator
- Display port in dashboard UI for debugging
- Show all models in variant editor dropdown
- Add comprehensive tests for port allocation edge cases

Closes related variant isolation work.
2025-12-24 04:15:04 -05:00
kaitranntt c811fdfc79 fix(qwen): inherit stdin for Device Code flows to enable interactive prompts
Device Code flows (Qwen, GHCP) may require interactive terminal input
before generating the device code. For example, Qwen prompts for email.

Previously, all auth processes used piped stdin which blocked user input.
Now Device Code flows use 'inherit' for stdin, allowing users to respond
to prompts directly in the terminal.

Authorization Code flows (Gemini, Codex) still use piped stdin for
programmatic project selection.

Closes #188
2025-12-24 04:04:22 -05:00
kaitranntt a99b6eb93f fix(cliproxy): respect enabled:false and use protocol-based port defaults
- Fix port default logic: HTTP→8317, HTTPS→443 (was always 8317)
- Fix enabled:false being ignored in proxy config resolution
- Update stale comments referencing HTTP:80 to HTTP:8317
- Add 9 unit tests for edge cases (enabled handling, port defaults)
2025-12-24 03:36:48 -05:00