- fall back to stale CLIProxy version caches instead of surfacing 500s
- remove duplicate dashboard update-check fetches and disable retry/focus refetch
- add backend and UI regressions for the degraded-path behavior
- Updated websearch.md to include SearXNG in the configuration guide.
- Implemented SearXNG JSON API integration in websearch-transformer.cjs.
- Enhanced unified-config-loader.ts to support SearXNG settings.
- Defined SearXNG configuration types in unified-config-types.ts.
- Updated hook-env.ts to manage SearXNG environment variables.
- Modified status.ts to include SearXNG in web search provider checks.
- Added SearXNG routes and validation in websearch-routes.ts.
- Implemented SearXNG provider tests in websearch-transformer.test.ts.
- Updated readiness tests to account for SearXNG in status.test.ts.
- Enhanced websearch routes tests to validate SearXNG settings.
- Added SearXNG configuration fields in the UI settings.
- add explicit access modes so remote users see setup guidance instead of an ambiguous login
- redesign the login page with remote setup messaging, password visibility, and light/dark controls
- cover the access-state contract and login UI with focused tests
- keep headless paste routing aligned with the selected Kiro auth method
- validate local callback replay targets and add prompt cancellation safeguards
- wire IDC params through the dashboard start route and support equals-form CLI flags
- auto-select Builder ID for the default Kiro AWS auth flow
- support IDC auth flags and callback-based Kiro paste replay
- update regression coverage for Kiro auth routing
- add runtime-aware resume lane diagnostics and auth backup flows
- warn when account resume uses a different plain ccs continuity lane
- surface lane mismatch guidance in the accounts dashboard, docs, and tests
- route dashboard WebSocket traffic through /ws to avoid Vite HMR collisions
- run the dev entrypoint with node so bun run dev stays stable in this repo
- restore the Image settings scroll container contract and add regression coverage
- Add 30s timeout on proxy requests to prevent indefinite hangs
- Wrap resolveLocalCliproxyPort in try/catch with default port fallback
- Simplify buildProxyBody: remove fragile content-length check that
caused Bun to fall through to req.pipe() on consumed streams
- Replace proxyRes.pipe(res) with manual streaming for Bun compatibility
(pipe hangs after writeHead in Bun runtime)
- Replace deprecated req.on('aborted') with res.on('close') cleanup
(req.on('close') fires with req.destroyed=true in Bun after body
consumption, prematurely destroying the proxy connection)
- Explicitly end proxy request for bodyless methods (GET/HEAD/OPTIONS)
instead of piping an already-consumed express stream
- Add server.closeAllConnections() in test cleanup to prevent hangs
- Add GET passthrough and 502 unreachable test cases
Move reverse proxy under /api/cliproxy-local so it sits behind auth
middleware. Enforce localhost-only access when dashboard auth is disabled.
Resolve the target port from unified config instead of hardcoding 8317.
Re-serialize parsed JSON bodies before forwarding so writes still work
behind express.json(). Clean up proxy connections on client abort.
On the frontend, point the iframe and health check at the new same-origin
API path, probe the proxy directly, and tighten iframe origin/path
validation before sending the auto-login secret.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- add guided editors for top-level settings, trust, profiles, providers, MCP, and features
- refresh raw snapshots after patch saves to avoid stale mtime conflicts
- block structured saves while raw TOML is dirty and add route plus hook coverage
- update CLI, API, route, and dashboard surfaces to recognize the Codex runtime target
- normalize persisted codex targets back to claude so runtime-only behavior stays truthful
- add regression coverage for help text, route parsing, and profile storage normalization
Refs #773