- Fix X-Forwarded-For header spoofing in requireSensitiveLocalAccess (use socket-level address only)
- Add model ID length validation (max 256 chars) in PUT /models/:provider
- Add provider name validation (alphanumeric, max 64 chars) to prevent path traversal
- Add stale entry eviction for unbounded quotaRateLimits Map (>1000 entries)
- Fix concurrent refresh race in usage aggregator (wait for in-flight before forced refresh)
- Sanitize internal URLs/paths from OAuth failure diagnostics
- Add ValidationError class for denylist violations (distinct from system errors)
- Make CLIProxy sync interval configurable via CCS_CLIPROXY_SYNC_INTERVAL env var
- Improve legacy continuity config error logging (unconditional warn)
- Add CACHE_VERSION history comments
Add unified analytics tracking for all CLIProxy-routed providers
(Gemini/Droid, Codex, OpenCode, Antigravity, Qwen) alongside
existing Claude JSONL data.
- New transformer converts CLIProxy usage API response to
DailyUsage/HourlyUsage/MonthlyUsage types
- New syncer periodically fetches CLIProxy data (5min interval)
and persists snapshots to ~/.ccs/cache/cliproxy-usage/
- Aggregator treats CLIProxy as 3rd data source alongside
default Claude config and CCS instances
- Charts automatically show multi-provider data in unified view
- Graceful degradation when CLIProxy is unavailable
- resolve settings file from profile.settingsPath instead of reconstructing by name
- skip non-claude targets for local claude-api-key sync semantics
- add mapper regression tests for both behaviors
- add target to variant create/update flows for single and composite modes
- persist target in unified config and legacy cliproxy entries
- include target in variant list/remove return payloads
- change required acknowledgement phrase to "I ACCEPT RISK"
- apply typed phrase requirement to Gemini and Antigravity add-account flows
- keep CLI/server and UI phrase validation aligned
- update antigravity responsibility unit test
- add safer error responses for settings/auth routes to avoid leaking internals
- guard sensitive AGY settings endpoints to localhost when dashboard auth is off
- validate start-route bodies and reject OAuth start in remote mode for consistency
- preserve cliproxy.kiro_no_incognito and token_refresh during config merges
- enforce AGY acknowledgement in remote auth-token run/auth command paths
- replace issue #622/#619 references with issue #509 across CLI and dashboard
- shorten acknowledgement phrase to "I ACCEPT AGY RISK" for faster typing
- rename acknowledgement payload field to reviewedIssue509 and update tests