semantic-release needs to push version bump + CHANGELOG commits directly
to main. GITHUB_TOKEN cannot bypass branch protection rules, causing
@semantic-release/git to fail with "push declined due to repository rule
violations". PAT_TOKEN has admin bypass and resolves the issue.
* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names (#515)
* fix(cliproxy): migrate deprecated gemini-claude-* model names to upstream claude-* names
CLIProxyAPI registry no longer recognizes the gemini-claude-* prefix convention.
Model names in catalog, base config, and user settings are migrated to upstream
claude-* names. Auto-migration in env-builder rewrites existing user settings on
load and persists the change.
Closes#513
* fix: address code review feedback — sync UI layer and add migration tests
- Sync UI isNativeGeminiModel() with backend (remove gemini-claude- exclusion)
- Update UI model catalog agy entries from gemini-claude-* to claude-*
- Update CI/CD workflow and code-reviewer default model names
- Add unit tests for migrateDeprecatedModelNames() logic
* fix(hooks): isolate image type check before error-prone processing (#514)
* fix(hooks): isolate image type check before error-prone processing
Restructure processHook() into two phases so non-image Read calls
never see hook error messages. Phase 1 defensively checks tool name
and file extension, exiting 0 silently on any failure. Phase 2 only
runs for confirmed image/PDF files where errors are relevant.
Closes#511
* fix(hooks): sync image analyzer hook file on every profile launch
Add installImageAnalyzerHook() call to cliproxy executor, matching
the existing installWebSearchHook() pattern. This ensures the .cjs
file in ~/.ccs/hooks/ gets refreshed from the npm package on every
launch, so users receive hook updates after npm update.
* chore(release): 7.41.0-dev.1 [skip ci]
* fix(cliproxy): add fork:true for Claude model aliases in config generator (#523)
Config generator now outputs fork:true for Claude model alias entries,
ensuring both upstream (claude-*) and aliased (gemini-claude-*) model
names appear in /v1/models listings. Also preserves fork flag when
parsing user-added aliases during config regeneration.
Bumps config version to v7 to trigger regeneration on next ccs doctor.
Closes#522
* chore(release): 7.41.0-dev.2 [skip ci]
* feat(cliproxy): add account safety guards to prevent Google account bans (#516)
* feat(cliproxy): add account safety guards to prevent Google account bans
Implements cross-provider isolation to prevent Google from flagging
concurrent OAuth usage across different client IDs (ref: #509, #512).
Three pillars:
1. Auto-pause enforcement at session launch — conflicting accounts in
other Google OAuth providers are paused so CLIProxyAPI can't use them,
restored on session exit with crash recovery via auto-paused.json
2. Ban/disable detection — error responses matching Google ban patterns
auto-pause the affected account to prevent further damage
3. Cross-provider conflict warnings during OAuth registration
Key design decisions:
- PID-based session tracking for crash recovery (dead PID = restore)
- Timestamp comparison prevents restoring ban-paused accounts on exit
- Schema validation on auto-paused.json prevents corrupted state
- Falls back to warn-only when another session is managing isolation
* fix(cliproxy): address code review feedback (attempt 1/5)
- Re-read auto-paused.json before write in enforceProviderIsolation to
reduce concurrent write race window
- Use actual email from registry for display instead of raw accountId
- Export maskEmail for testability
- Add 27 unit tests covering ban detection, email masking,
cross-provider duplicate detection, enforcement lifecycle,
crash recovery, and timestamp-guarded restore
* fix(cliproxy): address remaining review feedback (attempt 2/5)
- Add handleBanDetection test verifying account pause on ban error
- Add warnCrossProviderDuplicates tests (true/false/non-Google)
- Document PID reuse limitation in isPidAlive JSDoc comment
* chore(release): 7.41.0-dev.3 [skip ci]
* feat(cliproxy): runtime quota monitoring during active sessions (#529)
* feat(cliproxy): add runtime quota monitoring during active sessions
Adds adaptive background quota polling to detect and respond to quota
exhaustion during active CLIProxy sessions. Prevents rate-limit-driven
account bans by auto-cooling exhausted accounts and switching defaults.
- Adaptive polling: 300s normal, 60s at 20% threshold, stops at 0%
- Stderr warnings at 20%, boxed exhaustion alerts at 0%
- Cooldown + default switch on exhaustion (existing patterns)
- Configurable via quota_management.runtime_monitor in config.yaml
- Timer.unref() prevents blocking process exit
- monitorStopped guard for in-flight poll safety
Closes#524
* fix: address code review feedback (attempt 1/5)
- M1: Round quotaPercent display with Math.round() to avoid ugly floats
- M2: Rename exhaust_threshold -> exhaustion_threshold for consistency
with existing auto.exhaustion_threshold config field
- M3: Replace async not.toThrow() with direct await assertion pattern
* fix: address code review feedback (attempt 2/5)
- Remove .claude/agent-memory/ from tracking and add to .gitignore
- Unify cooldown_minutes default to 5 (was 10 in runtime_monitor, 5 in auto)
- Add threshold validation in startQuotaMonitor (warn > exhaustion)
- Document intentional post-switch monitoring gap in code comment
* chore(release): 7.41.0-dev.4 [skip ci]
* fix(cliproxy): mask email in ban detection and fix JSDoc default
- Use maskEmail() in handleBanDetection output for consistency
- Fix cooldown_minutes JSDoc: default is 5, not 10
* chore(release): 7.41.0-dev.5 [skip ci]
* fix(cliproxy): address all review feedback (Low + informational)
- Add sync constraint comment on process.exit handler (executor)
- Add TOCTOU race acceptability comment (account-safety)
- Mask email in handleQuotaExhaustion reason string
- Use realistic exhaustion_threshold (5) in test configs
* chore(release): 7.41.0-dev.6 [skip ci]
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Reverts to the original guided output format with:
- Visual hierarchy with emojis and separators
- Priority tags (High/Medium/Low)
- Security and code quality checklists
- Ultrathink directive
- Reaction comments for /review triggers
- Model signature in review footer
claude-code-action validates that anthropic_api_key is non-empty before
running. CLIProxy ignores this value and uses ANTHROPIC_AUTH_TOKEN for
actual authentication.
- Use anthropics/claude-code-action@v1 directly
- Remove ccs-reviewer wrapper dependency
- Match pr-review-comprehensive.yml pattern
- Keep CLIProxy env vars for model routing
- Restore comprehensive allowedTools for posting
- Add more allowed bash patterns: gh issue view, gh api, git commands
- Add base tools: Edit, LS for better flexibility
- Update prompt to write pr_review.md in working dir (not /tmp/)
- Add step to Read before Write to avoid security block
- Add explicit rules about avoiding shell operators (||, &&, <<)
- Allow rm pr_review.md for cleanup
Previous run had 9 tool rejections wasting ~5000 tokens due to:
- gh issue view not allowed (only gh pr view was)
- /tmp/ outside working directory
- Write without Read blocked
- Complex shell operators blocked
- Use /api/provider/agy endpoint for proper model routing
- Set ANTHROPIC_DEFAULT_*_MODEL to route Haiku/Sonnet/Opus correctly
- Disable telemetry, error reporting, bug command
- Set max output/thinking tokens
Add Bash(echo *) and Bash(cat *) patterns to allow heredocs and pipes.
This gives the AI reviewer flexibility to use any method for posting
multi-line review comments while remaining safe (shell-operator aware).
Changed pattern from `Bash(gh pr comment:*)` to `Bash(gh pr comment *)`
to match space-separated args. Updated prompt to discourage heredocs
and pipes which don't match the pattern, causing 6+ retry attempts.
Root cause: When the bot posts a review comment, GitHub fires an
issue_comment event that joins the same concurrency group and cancels
the in-progress run BEFORE job `if` conditions are evaluated.
Solution: Non-actionable triggers (bot comments, comments without
/review) get a unique per-run group via format('skip-{0}', github.run_id),
while legitimate triggers share the PR-based group for proper
cancellation of outdated reviews.
- Add `synchronize` event to trigger on new commits pushed to PR
- Add `reopened` event to trigger when PR is reopened
- Update documentation comments to reflect new behavior
- Keep cancel-in-progress to prevent stale reviews
Fixes issue where AI review only ran on PR creation, requiring
manual /review comment for subsequent commits.
Root cause of cancellations was track_progress posting comments that
triggered new workflow runs. Instead of complex concurrency isolation,
simply disable progress tracking.
Changes:
- track_progress: false (no intermediate comments)
- Simple concurrency: ai-review-<PR_NUMBER>
- Removed extra bot filters (no longer needed)
Result: Clean PRs with just the final review comment.
Previous fix was incomplete - both human /review comments and bot
progress comments were issue_comment events sharing the same
concurrency group.
Now includes comment author in concurrency group:
- Human: ai-review-issue_comment-kaitranntt-320
- Bot: ai-review-issue_comment-ccs-agy-reviewer[bot]-320
- PR/dispatch: ai-review-<event>-system-320
This completely isolates bot activity from human-triggered reviews.
Root cause: Bot progress comments triggered issue_comment events,
which created new workflow runs with the same concurrency group,
causing cancel-in-progress to kill the original review.
Fixes:
1. Add event_name to concurrency group (prevents cross-event cancellation)
2. Explicit filter for ccs-agy-reviewer[bot] comments (belt-and-suspenders)
Closes race condition causing 25+ cancelled AI review runs.
Bot progress comments were triggering new workflow runs,
which cancelled in-progress reviews due to concurrency group.
Added check for github.event.comment.user.type != 'Bot'.
Removes synchronize trigger to prevent cancel-on-push issue.
Reviews now trigger:
- Auto: when PR is first opened
- Manual: via /review comment
- Manual: via workflow_dispatch
This prevents pushes to dev from cancelling in-progress reviews.
- Add emojis to review focus areas and output sections
- Use priority color indicators (🔴/🟡/🟢)
- Add ⭐ for exceptional strengths
- Request tables for checklists
- Improve visual scannability
* fix(ci): add persistent logging and remove turn/diff limits for AI review (#298)
- Remove --max-turns limit (unlimited exploration)
- Remove head -8000 diff limit (full diff)
- Add persistent logging to /opt/actions-runner/logs/ai-review/
- Save prompt, stdout, stderr, timing, metadata as separate files
- Add structured metadata.json with run details
- Separate stdout/stderr capture for better debugging
- Include debug info in failure comments (exit code, duration, log path)
- Retry without tool restrictions if first attempt fails
* fix(cliproxy): correct faulty version range to v81-85 and set v89 as stable (#302)
PR #289 incorrectly marked all v81+ as faulty. v89 confirmed stable.
- CLIPROXY_MAX_STABLE_VERSION: 6.6.80-0 → 6.6.89-0
- CLIPROXY_FAULTY_RANGE max: 6.6.999-0 → 6.6.85-0
* ci(github): migrate ai-review to claude-code-action with CLIProxy
- Replace manual claude CLI setup with anthropics/claude-code-action@v1
- Add REVIEW_MODEL env var for centralized model configuration
- Configure ANTHROPIC_BASE_URL for CLIProxy routing
- Enable track_progress for live PR comment updates
- Add model attribution footer instruction
- Restrict tools to gh pr commands, Read, Glob, Grep only
- Simplify workflow from 424 to 55 lines (-369 lines)
* chore(release): 7.16.0-dev.1 [skip ci]
* fix(ci): skip ai-review when secrets unavailable
Add secrets check to job condition to gracefully skip on fork PRs
where CCS_REVIEWER_APP_ID secret is not accessible
* chore(release): 7.16.0-dev.2 [skip ci]
* feat(ci): enable ai-review for fork PRs via pull_request_target
Use pull_request_target event to allow secrets access for fork PRs.
Safe for code review since we only read diff, not execute fork code.
* chore(release): 7.16.0-dev.3 [skip ci]
* fix(ci): disable track_progress for workflow_dispatch
* chore(release): 7.16.0-dev.4 [skip ci]
* fix(ci): clear Claude install locks before each run
* perf(ci): use pre-installed Claude executable on runner
* chore(release): 7.16.0-dev.5 [skip ci]
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* fix(ci): add persistent logging and remove turn/diff limits for AI review (#298)
- Remove --max-turns limit (unlimited exploration)
- Remove head -8000 diff limit (full diff)
- Add persistent logging to /opt/actions-runner/logs/ai-review/
- Save prompt, stdout, stderr, timing, metadata as separate files
- Add structured metadata.json with run details
- Separate stdout/stderr capture for better debugging
- Include debug info in failure comments (exit code, duration, log path)
- Retry without tool restrictions if first attempt fails
* fix(cliproxy): correct faulty version range to v81-85 and set v89 as stable (#302)
PR #289 incorrectly marked all v81+ as faulty. v89 confirmed stable.
- CLIPROXY_MAX_STABLE_VERSION: 6.6.80-0 → 6.6.89-0
- CLIPROXY_FAULTY_RANGE max: 6.6.999-0 → 6.6.85-0
* feat(ci): add AI code review workflow with Claude via CLIProxyAPI
- Self-hosted runner calls CLIProxyAPI at localhost:8317
- Triggers on PR open/update and /review comment
- Uses gemini-claude-opus-4-5-thinking for deep reviews
- Posts summary + inline comments via gh CLI
- Handles self-PR fallback to COMMENT mode
* chore(release): 7.15.0-dev.1 [skip ci]
* refactor(ci): use GitHub App for reviewer identity + new review format
- Posts as ccs-agy-reviewer[bot] via GitHub App token
- New review format: structured markdown with verdict, summary, issues table
- Single PR comment instead of inline comments
- Concise, focused on PR changes only
* chore(release): 7.15.0-dev.2 [skip ci]
* refactor(ci): switch to Claude Code CLI for reviews
- Use claude -p instead of custom TypeScript script
- Auto-install if not present on runner
- CLIProxyAPI via env vars (ANTHROPIC_BASE_URL, ANTHROPIC_MODEL)
- Allowed tools: Read, Glob, Grep
- Max 3 turns for file exploration
* chore(release): 7.15.0-dev.3 [skip ci]
* chore(release): 7.15.0-dev.4 [skip ci]
* feat(ci): add workflow_dispatch for manual review trigger
* chore(release): 7.15.0-dev.5 [skip ci]
* refactor(cliproxy): add faulty version range infrastructure (#289)
* refactor(cliproxy): add faulty version range infrastructure
- Add CLIPROXY_FAULTY_RANGE constant for marking known buggy versions
- Add isVersionFaulty() helper to version-checker.ts
- Update lifecycle.ts to warn users on faulty versions with upgrade suggestion
- Update health checks to distinguish faulty vs experimental versions
- Update stats routes to include faultyRange in API response
- Skip faulty versions when calculating latestStable
Infrastructure ready for future version promotions. Currently:
- v80 and below: stable
- v81+: marked as faulty (context cancellation bugs)
* chore: trigger review
* chore: re-trigger review
* chore: test PR trigger
* chore(release): 7.15.0-dev.6 [skip ci]
* fix(ci): rename workflow to force GitHub re-registration (#293)
* chore(release): 7.15.0-dev.7 [skip ci]
* fix(ci): use heredoc to avoid YAML parsing issues in workflow (#294)
* chore(release): 7.15.0-dev.8 [skip ci]
* fix(ci): enhance review prompt for better output format (#296)
* fix(ci): enhance review prompt for better output format
- Add emojis for visual hierarchy
- Include model name in review header
- Use severity table with file:line references
- Add summary section and suggestions
* fix: use pipe delimiter in sed to avoid slash issues
* feat(ci): comprehensive AI code review with codebase exploration
Key enhancements:
- Increased max-turns from 3 to 10 for deeper file exploration
- Added Read/Glob/Grep tool access for codebase analysis
- Checkout PR head for full file access during review
- Expanded prompt with 10+ analysis sections matching claudekit-cli quality
- Added fallback handling for review generation failures
- Increased diff limit from 5000 to 8000 lines
- Split prompt into separate step for YAML compatibility
* fix(ci): unify checkout logic for all trigger types
Apply AI review suggestion: use gh pr checkout for all event types
to ensure Read tool sees correct files on manual /review triggers
* feat(ci): force tool usage for comprehensive code review
Key changes:
- Add MANDATORY tool exploration step before writing review
- Explicit instructions to Read each changed file in full
- Require finding and reading test files via Glob
- Require usage search via Grep for breaking change detection
- Increase max-turns from 10 to 15 for deeper exploration
- Enhanced output format with code snippet examples
- Better testing section with specific file references
* fix(ci): add --force flag and retry logic for Claude install
* fix(ci): remove invalid --force flag from install script
* fix(ci): add fallback to claude install --force on lock conflict
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* feat(ci): add AI code review workflow with Claude via CLIProxyAPI
- Self-hosted runner calls CLIProxyAPI at localhost:8317
- Triggers on PR open/update and /review comment
- Uses gemini-claude-opus-4-5-thinking for deep reviews
- Posts summary + inline comments via gh CLI
- Handles self-PR fallback to COMMENT mode
* chore(release): 7.15.0-dev.1 [skip ci]
* refactor(ci): use GitHub App for reviewer identity + new review format
- Posts as ccs-agy-reviewer[bot] via GitHub App token
- New review format: structured markdown with verdict, summary, issues table
- Single PR comment instead of inline comments
- Concise, focused on PR changes only
* chore(release): 7.15.0-dev.2 [skip ci]
* refactor(ci): switch to Claude Code CLI for reviews
- Use claude -p instead of custom TypeScript script
- Auto-install if not present on runner
- CLIProxyAPI via env vars (ANTHROPIC_BASE_URL, ANTHROPIC_MODEL)
- Allowed tools: Read, Glob, Grep
- Max 3 turns for file exploration
* chore(release): 7.15.0-dev.3 [skip ci]
* chore(release): 7.15.0-dev.4 [skip ci]
* feat(ci): add workflow_dispatch for manual review trigger
* chore(release): 7.15.0-dev.5 [skip ci]
* refactor(cliproxy): add faulty version range infrastructure (#289)
* refactor(cliproxy): add faulty version range infrastructure
- Add CLIPROXY_FAULTY_RANGE constant for marking known buggy versions
- Add isVersionFaulty() helper to version-checker.ts
- Update lifecycle.ts to warn users on faulty versions with upgrade suggestion
- Update health checks to distinguish faulty vs experimental versions
- Update stats routes to include faultyRange in API response
- Skip faulty versions when calculating latestStable
Infrastructure ready for future version promotions. Currently:
- v80 and below: stable
- v81+: marked as faulty (context cancellation bugs)
* chore: trigger review
* chore: re-trigger review
* chore: test PR trigger
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* feat(ci): add AI code review workflow with Claude via CLIProxyAPI
- Self-hosted runner calls CLIProxyAPI at localhost:8317
- Triggers on PR open/update and /review comment
- Uses gemini-claude-opus-4-5-thinking for deep reviews
- Posts summary + inline comments via gh CLI
- Handles self-PR fallback to COMMENT mode
* chore(release): 7.15.0-dev.1 [skip ci]
* refactor(ci): use GitHub App for reviewer identity + new review format
- Posts as ccs-agy-reviewer[bot] via GitHub App token
- New review format: structured markdown with verdict, summary, issues table
- Single PR comment instead of inline comments
- Concise, focused on PR changes only
* chore(release): 7.15.0-dev.2 [skip ci]
* refactor(ci): switch to Claude Code CLI for reviews
- Use claude -p instead of custom TypeScript script
- Auto-install if not present on runner
- CLIProxyAPI via env vars (ANTHROPIC_BASE_URL, ANTHROPIC_MODEL)
- Allowed tools: Read, Glob, Grep
- Max 3 turns for file exploration
* chore(release): 7.15.0-dev.3 [skip ci]
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
- dev versions (X.Y.Z-dev.N) now treated as newer than base release (X.Y.Z)
- reflects convention that dev work is AFTER the release, not before
- update GH Actions message to use 'ccs update --dev' instead of npm install
- update tests to match new semantic
Replaces semantic-release for dev branch with custom script that:
- Bases dev versions on current stable (e.g., 6.7.1-dev.N)
- Increments only the dev number, not the base version
- Keeps GitHub releases, issue tagging, Discord notifications
Changes semantic-release to use the built-in GITHUB_TOKEN instead of
PAT_TOKEN so that release comments appear from github-actions[bot]
instead of the repository owner's personal account.
PAT_TOKEN is still used for checkout to ensure downstream workflows
can be triggered by the release commits.
- stable releases: fetch GH release, post green embed with changelog
- dev releases: post orange embed with version info
- graceful skip if webhook not configured
The native shell installers (install.sh, install.ps1) were removed in the
recent refactor, but the dev-release workflow still tried to update and
commit them, causing CI failures.
- Remove tests from pre-commit hook (keep typecheck+lint only)
- Remove build+validate from prepublishOnly/prepack (CI handles it)
- Add HUSKY=0 to CI commit step to skip hooks
Before: 4 test runs per release (pre-commit, CI validate, prepublishOnly, prepack)
After: 1 test run (CI validate only)
- Add label-pending-release.yml workflow to tag issues when PR created
- Update dev-release.yml to comment and label issues after npm publish
- Labels: pending-release (yellow), released-dev (blue)
- Auto-removes pending-release when released-dev is applied
- validate now uses test:all directly (build already done)
- Added test:ci script for explicit CI usage
- ci.yml now builds UI deps and uses build:all
- dev-release.yml separates build and validate steps
- Reduces build count from 3-4 to 1 per release cycle