When the auth check API call fails (e.g., 403 from the localhost
security middleware), the catch block assumed no auth was needed and
marked the user as authenticated. This caused a silently broken
dashboard with no providers and no error feedback.
Now treats auth check failure as auth-required, redirecting to the
login page where users get a clear prompt to configure credentials.
HeroSection defaulted to '5.0.0' when version prop was undefined,
causing a misleading version badge when the overview API fails (e.g.,
403 from remote access without auth). Now hides the badge entirely
until a real version is loaded.
Users deploying via ccs docker up hit silent failures when accessing
the dashboard remotely: empty providers, wrong version badge (v5.0.0),
no CLIProxy detected. Root cause is the dashboard auth middleware
blocking non-localhost API access.
Added sections:
- Dashboard auth setup (required for remote access)
- Auth token migration from previous deployments
- Post-deployment verification checklist
- Troubleshooting: empty dashboard, 0 clients, ETXTBSY race
Closes#841
Replace echo with printf '%s\n' for subagent prompt GITHUB_OUTPUT writes
to match the existing main prompt pattern (line 216). Prevents edge case
where echo misinterprets leading -n/-e as flags.
--allowedTools is an approval list (skip permission prompts), redundant
with bypassPermissions. --tools is the actual availability whitelist.
Also simplified tool list: Bash sub-patterns (gh pr diff *, etc.) aren't
supported by --tools. The workflow token has contents:read only, so the
agent physically cannot push/delete/modify the repo even with full Bash.
- Remove --allowedTools from claude_args (redundant with bypassPermissions,
was never actually restricting tools)
- Strengthen orchestrator prompt: MANDATORY/FORBIDDEN language for subagent
dispatch, explicit "you MUST use Agent tool" enforcement
Session registration in spawn handler can throw on lock contention or
disk errors — wrap in try-catch to prevent silent proxy-untracked state.
Narrow EBUSY catch to ETXTBSY only since EBUSY on non-Linux platforms
can mean mount point or directory in use, not running binary. Fix
misleading "skip" comment to say "abort".
In Docker, the dashboard tried to update the CLIProxy binary while
the bootstrap's instance was already executing it, causing ETXTBSY.
Now catches the error and throws a clear message instead of crashing.
Docker bootstrap spawns CLIProxy but never registered a session lock,
so the dashboard's fallback detection found nothing. Now registers on
spawn and unregisters on close.
Health check used OS-level port detection (lsof/ss) which is
unavailable in minimal Alpine containers. Switched to the unified
detectRunningProxy() which tries HTTP first, then session lock,
then port-process as fallback.
Remote compose commands placed env vars directly before a compound
if/then statement which is invalid bash syntax. Changed to export
statements chained with &&.
Added REMOTE_DOCKER_BUILD_TIMEOUT_MS (5min) for up and update
operations that involve npm install inside the container. Quick
queries (status, config, down) keep the default 30s timeout.
Closes#832
- fail enabled settings-profile create and launch flows when hook preparation is still unusable
- refresh stale shared hook binaries without rewriting unchanged installs or failing benign races
- add rollback and regression coverage for disabled, stale, invalid, copy, import, and launch paths
Verify all four integrated Docker assets (compose file, Dockerfile,
supervisord config, entrypoint script) resolve and exist on disk.
Prevents silent exclusion from future packaging changes.
The docker/ directory was missing from package.json files array,
causing all ccs docker commands to fail after npm install with
"Missing bundled Docker asset" error. Also add .npmignore exception
for docker/*.sh since the blanket *.sh exclusion stripped the
entrypoint script.
Closes#829