semantic-release needs to push version bump + CHANGELOG commits directly
to main. GITHUB_TOKEN cannot bypass branch protection rules, causing
@semantic-release/git to fail with "push declined due to repository rule
violations". PAT_TOKEN has admin bypass and resolves the issue.
- Extract generic shouldCacheQuotaResult replacing 4 identical functions
- Move parseTarget to route-helpers.ts (was duplicated in profile/variant routes)
- Add createRouteErrorHelpers factory (was duplicated in auth/settings routes)
- Fix config read-then-write race in proxy-routes.ts and misc-routes.ts
using mutateUnifiedConfig for atomic read-modify-write
- Replace raw error messages in 500 responses with generic messages +
server-side logging across all cliproxy-stats-routes handlers
- Convert extractErrorLogMetadata from sync fs to async fs.promises
- Fix X-Forwarded-For header spoofing in requireSensitiveLocalAccess (use socket-level address only)
- Add model ID length validation (max 256 chars) in PUT /models/:provider
- Add provider name validation (alphanumeric, max 64 chars) to prevent path traversal
- Add stale entry eviction for unbounded quotaRateLimits Map (>1000 entries)
- Fix concurrent refresh race in usage aggregator (wait for in-flight before forced refresh)
- Sanitize internal URLs/paths from OAuth failure diagnostics
- Add ValidationError class for denylist violations (distinct from system errors)
- Make CLIProxy sync interval configurable via CCS_CLIPROXY_SYNC_INTERVAL env var
- Improve legacy continuity config error logging (unconditional warn)
- Add CACHE_VERSION history comments
- add transformer unit tests for flattening and daily/hourly/monthly rollups
- add syncer tests for snapshot persistence and idempotent interval start
- add aggregator integration test for JSONL + CLIProxy merge behavior
- share one full-refresh promise across usage loaders to avoid duplicate work
- sync CLIProxy snapshot before source refresh and start sync lazily
- make refresh handler execute full refresh with proper error response
- reset pending cache state and guard sync interval double-start
- prevent km continuity mappings from affecting kimi cliproxy executions
- apply canonical alias fallback only for settings profile lookups
- add regression test for cross-type alias isolation
- resolve mappings with alias/canonical profile candidates
- fail open when source account initialization errors
- remove metadata touch side effects from inheritance preflight