Commit Graph
4320 Commits
Author SHA1 Message Date
Kai (Tam Nhu) TranandGitHub f22a8a0aee Merge pull request #1483 from kaitranntt/kai/feat/ccs-bar-quota-card-visual
feat(bar): bar-first quota card + sane time formatting
2026-06-09 15:07:42 -04:00
Tam Nhu Tran df967792b9 feat(bar-app): bar-first quota card with sane time formatting
Replace the prose window lines with an aligned per-window bar list (5h /
weekly / Opus / Sonnet), colored by headroom, with the binding window
highlighted and a compact reset chip. Humanize durations beyond a day
(Nd Nh instead of raw hours) and only show the burn-rate pace clause when a
window is projected to exhaust before it resets, so a meaningless 'resets in
44h' / '~110h left' projection no longer appears.
2026-06-09 15:07:08 -04:00
Kai (Tam Nhu) TranandGitHub a5579f84fe Merge pull request #1482 from kaitranntt/kai/feat/ccs-bar-subscription-cockpit
feat(bar): subscription-first cockpit — detailed quota card, Codex fix, scrollbar fix
2026-06-09 14:40:39 -04:00
Tam Nhu Tran 0e0b912187 feat(bar-app): subscription-first cockpit with detailed quota card
Lead the dropdown with subscriptions: a dedicated card shows the binding
window as the hero (gauge, remaining %, reset countdown, and a burn-rate
'left at this pace' line), a secondary window, and the Opus/Sonnet split for
Max, with a stale marker for older Codex data. Demote spend/usage to a compact
strip and surface cross-tool headroom. Add pure burn-rate / time-to-exhaustion
and binding-window math in Core. Kill the menu scroll indicator for real
(NSScrollView hider) so content stays aligned. Spend-cap alerts default off
(pay-per-use, opt-in).
2026-06-09 14:40:03 -04:00
Tam Nhu Tran e96967c224 feat(bar): per-window subscription quota detail + codex multi-session scan
Expose per-window detail (5h / weekly / Opus / Sonnet) on native subscription
rows instead of collapsing to a single percentage, so the bar can show the
binding window, resets, and a burn-rate pace line. Fix the Codex collector to
scan recent session rollouts newest-first for the latest non-null rate_limits
(today's exec-mode session is null) and mark the result stale with its source
time, so Codex quota appears instead of silently vanishing.
2026-06-09 14:39:41 -04:00
Kai (Tam Nhu) TranandGitHub e9df0757a2 Merge pull request #1481 from kaitranntt/kai/feat/ccs-bar-native-quota
feat(bar): native Claude Code + Codex subscription quota (safe)
2026-06-09 13:38:43 -04:00
Tam Nhu Tran 03077aa9fd feat(bar-app): render native subscription accounts with quota gauges
Show Claude Code and Codex subscription rows with the Tier 1 quota gauge and
reset countdown, visually distinguished from CLIProxy provider accounts, and
let them drive the existing quota alerts. Formatting + harness coverage for the
native rows.
2026-06-09 13:38:02 -04:00
Tam Nhu Tran dbeb0c543a feat(bar): native Claude Code + Codex subscription quota (safe, server-side)
Surface the logged-in Claude Code and Codex subscription quota as first-class
summary rows so the existing gauge and alert engine render them with no new UI.

Claude Code: read the native token (~/.claude/.credentials.json, macOS Keychain
fallback) and reuse the existing Anthropic usage fetch+normalize via a new
token-fed entry point. The /oauth/usage endpoint is hostile to polling, so the
fetch is server-side only behind a 10-minute on-demand cache, in-flight
coalescing, Retry-After + exponential backoff with jitter, a 3-strike circuit
breaker with a 15-minute cooldown, and serve-stale-on-failure; logged-out or
unsupported subscriptions never spend a token call. Codex: zero-network read of
the latest rate_limits from local session rollouts, omitted when absent.
Native rows side-load bounded so a slow or failed fetch degrades to CLIProxy
rows, never an error.
2026-06-09 13:37:38 -04:00
Kai (Tam Nhu) TranandGitHub 0fed2982f5 Merge pull request #1480 from kaitranntt/kai/feat/ccs-bar-tier1-quota-alerts
feat(bar): Tier 1 — quota gauges, threshold alerts, configurable glance
2026-06-09 13:04:21 -04:00
Tam Nhu Tran 559d4340e7 feat(bar-app): quota gauges, threshold alerts, configurable glance
Add real quota gauges with threshold bands and a reset countdown for
quota-capable accounts. Introduce a pure, deterministic alert rule engine
(CCSBarCore) covering quota-remaining, daily/monthly spend caps, reauth, and
cooldown, with per-rule dedupe keys that re-arm on period rollover or
clears-then-recurs so it never spams. Deliver via UNUserNotificationCenter
with an in-dropdown Alerts fallback when notifications are denied. Add a
preferences surface (per-rule toggles, caps, quota levels, glance mode)
persisted in UserDefaults, and a configurable menu-bar glance
(auto/today/month/lowest-quota/account-count) that still never shows a
lifetime dollar. Default spend caps raised to $500/day and $10000/month.
2026-06-09 13:03:44 -04:00
Tam Nhu Tran 68f0231f48 feat(bar): add calendar month-to-date spend to analytics
monthToDate (calendar 1st-of-month to now, local) on BarAnalytics in both
compute paths, kept distinct from the rolling last30d so a fresh month resets
toward zero. Feeds the monthly-spend alert and the month-spend glance without
a rolling-window false breach.
2026-06-09 13:03:25 -04:00
Kai (Tam Nhu) TranandGitHub 7f0640b4ca Merge pull request #1479 from kaitranntt/kai/feat/ccs-bar-analytics-overhaul
feat(bar): merged multi-source analytics, per-surface breakdown, UI overhaul
2026-06-09 11:51:11 -04:00
Tam Nhu Tran 4a633eac65 feat(bar-app): per-surface usage UI, unambiguous title, hidden scrollbar
Mirror the richer analytics payload (quotaStatus, per-account last-active,
bySurface) in the Codable models. Add a per-surface usage section (Claude
Code, Codex, Droid, CLIProxy) with proportional bars beside the existing
spend grid, sparkline, and top models. Rebuild the menu-bar title chain so a
lifetime dollar can never sit in the always-on title (it read as live spend):
quota% then today spend then account count. Rebuild the accounts rows
(default badge, tri-state quota, honest no-data cost, health), pivot to an
honest idle hero when no recent data, hide the scroll indicator, and tighten
spacing.
2026-06-09 11:49:55 -04:00
Tam Nhu Tran 5f850c4899 feat(bar): honest quota state and merged multi-source analytics
Derive a tri-state quotaStatus (ok|unsupported|error) per account so a
provider with no quota API renders as 'no quota' with a healthy dot instead
of an alarming bare dash, and treat unsupported as healthy in deriveHealth.

Switch the analytics endpoint off the CLIProxy snapshot, which freezes
whenever the proxy restarts (usage is in-memory only), and onto the merged
daily/hourly usage the dashboard uses. Recent activity from Claude Code,
Codex, and Droid now shows, and a per-surface breakdown answers where usage
goes. Add lastActivityAt, daysSinceLastActivity, hasRecentData and a 30-day
series; per-account today_cost reads null (unknown) rather than a misleading 0.
2026-06-09 11:49:36 -04:00
Tam Nhu Tran 9b64514a57 feat(bar-app): add CCS icon variants and usage analytics UI
- Menu-bar icon from the CCS logo: color mark + monochrome template that
  macOS auto-tints; footer toggle, persisted in UserDefaults
- Dropdown analytics section: today/7d/30d/all-time spend, 7-day sparkline,
  top-model bars (BarAnalytics model + client + view)
- Polished rows: branded header, colored health dots, provider/tier chips
- package_app.sh bundles the icon assets into the .app
- assert harness covers analytics decode + compact money/count formatting
2026-06-08 09:31:43 -04:00
Tam Nhu Tran 78f9fc7c0b feat(bar): harden summary against provider hangs and add analytics endpoint
Summary aggregator could block indefinitely: it ran the full system health
audit (a synchronous execSync) on every request and had no per-account or
request-level timeout. Now:
- per-account fetch is bounded; whole response is raced against a deadline
- health is derived per-account from each quota result (no blocking audit)
- stale-while-revalidate keeps the last value when a refresh is slow/fails

Adds GET /api/bar/analytics plus a pure, tested aggregator rolling up
today/7d/30d/all-time spend, a 7-day sparkline, and top models.
2026-06-08 09:31:18 -04:00
Tam Nhu Tran f0734348d0 fix(usage): compute cost fallback lazily to stop event-loop stall
normalizeCliproxyUsageHistoryDetail passed calculateHistoryDetailCost (a
~6ms model-pricing lookup) as an eager default argument to
normalizePersistedNumber, so it ran for every record even when a persisted
cost was already present. A few thousand records turned into a multi-second
synchronous stall that wedged the bar summary aggregator and the dashboard
startup prewarm. Compute the fallback only when cost is actually missing.
2026-06-08 09:30:55 -04:00
Kai (Tam Nhu) TranandGitHub 5c3b92971b Merge pull request #1478 from kaitranntt/kai/feat/ccs-bar-macos
feat: CCS Bar macOS app — SwiftUI menu bar client + ad-hoc packaging
2026-06-07 16:47:51 -04:00
Kai (Tam Nhu) TranandGitHub fc97581aae Merge pull request #1477 from kaitranntt/kai/feat/ccs-bar-backend
feat: CCS Bar backend — account cost, /api/bar/summary, tier-lock, ccs bar
2026-06-07 16:47:44 -04:00
Tam Nhu Tran 8350c24733 fix(macos-bar): correct set-default key, lead account, asset name
Send the composite provider:accountId (row.id) for Set as default so the server
can resolve the CLIProxy account; feature the account closest to exhaustion
(lowest remaining quota) in the title instead of the healthiest; rename the
packaged asset to CCS-Bar.app.zip to match what 'ccs bar install' downloads.
2026-06-07 16:38:38 -04:00
Tam Nhu Tran b9a1084bd4 fix(quota): reject tier-lock for non-managed providers
Only managed-quota providers (agy/claude/codex/gemini/ghcp) enforce tier_lock;
validate the provider against that set so locking a non-managed provider returns
400 instead of persisting a silently-unenforced config entry.
2026-06-07 16:38:18 -04:00
Tam Nhu Tran 63d10cb2d0 fix(cli): harden ccs bar install + align launch path
Resolve the app path via os.homedir() in launch to match install/uninstall;
validate the host on every redirect hop (manual follow, not blind
maxRedirections); reject zip-slip entries before extracting into ~/Applications.
2026-06-07 16:38:08 -04:00
Tam Nhu Tran cc7ac553e3 fix(usage): correct per-account cost attribution
Drop the detail.source fallback and dead numeric-key lookup in the usage
transformer so unmapped auth_index rows go to the 'unknown' bucket instead of
mis-keying cost; null out today_cost when an email cost-key is shared by more
than one account (duplicate-email providers) instead of double-displaying the
combined spend.
2026-06-07 16:37:59 -04:00
Tam Nhu Tran df4554fe1f feat(macos-bar): add ad-hoc packaging script + Info.plist
package_app.sh assembles and signs CCS Bar.app (menu-bar-only via LSUIElement).
Default ad-hoc signing for v1 with documented Gatekeeper guidance; developer-id
mode wired for the notarized public-launch path.
2026-06-07 15:52:03 -04:00
Tam Nhu Tran e7001fc252 feat(macos-bar): add SwiftUI MenuBarExtra app + view-model
Menu-bar app that paints cached rows instantly and fires a debounced
force-refresh on open. Dropdown shows per-account health, quota, tier, cost and
paused state with pause/resume, set default, solo and tier-lock actions, plus an
offline state when CCS is not running.
2026-06-07 15:52:03 -04:00
Tam Nhu Tran 23abf6a635 feat(macos-bar): add CCS Bar core (client, models, discovery) + tests
Pure-Foundation CCSBarCore: thin CCS web-server client (summary force-fresh,
pause/resume/default/solo/tier-lock), bar.json discovery with an offline state,
summary models, status-title formatting, and a force-refresh debouncer. Tested
via a runnable assert harness (ccs-bar-check) so it builds without full Xcode.
2026-06-07 15:52:03 -04:00
Tam Nhu Tran 205c2f3cd6 feat(cli): add ccs bar command for the macOS menu bar app
Add ccs bar (install/launch/uninstall/version) and the ~/.ccs/bar.json
discovery handshake the app reads. install resolves a floating release asset,
follows redirects, validates the download host over HTTPS, checks status,
verifies the extracted app, and runs a real version-compat handshake against
/api/overview.
2026-06-07 15:32:51 -04:00
Tam Nhu Tran 40f32ebbf0 feat(quota): add per-provider tier-lock account selection
Make tier_lock a per-provider map and honor it in findHealthyAccount and
preflightCheck for the selected provider only, so locking one provider never
disables failover for others. Add POST /api/accounts/tier-lock with tier
validation against known tiers, and serialize quota_management on config write
so the lock persists.
2026-06-07 15:32:40 -04:00
Tam Nhu Tran 6d3fde9ed3 feat(web-server): add /api/bar/summary aggregator with force-fresh
Single endpoint merging per-account quota, tier, paused, health and today cost
for the menu bar. Cached by default; ?refresh=true invalidates the quota cache
and pulls live server-side, debounced ~15s. Per-account errors degrade one row
without failing the payload; force-fresh skips paused accounts and caps fetch
concurrency.
2026-06-07 15:32:29 -04:00
Tam Nhu Tran 1867116472 feat(usage): attribute CLIProxy usage to accounts for per-account cost
Carry the CLIProxy auth_index through the usage transformer and aggregator,
build an auth_index->account map from the auth files, and wire it into the
usage syncer so persisted snapshots stamp accountId. Adds getTodayCostByAccount
and a snapshot detail reader. Backward-compatible: accountId is optional and
profile-based aggregation is unchanged.
2026-06-07 15:32:19 -04:00
semantic-release-bot 89414972be chore(release): 8.2.0 [skip ci]
## [8.2.0](https://github.com/kaitranntt/ccs/compare/v8.1.4...v8.2.0) (2026-06-06)

### Features

* **catalog:** add Claude Opus 4.8 to Anthropic model registry ([357ce8b](https://github.com/kaitranntt/ccs/commit/357ce8b07ad1eb12879f24d4a4b0eeb90d66bbd4))
* **cliproxy:** add Qoder as a CLIProxy provider channel ([43c8304](https://github.com/kaitranntt/ccs/commit/43c830469ad836d56db32a603b8536b26ec3a4fe))
* **cliproxy:** add qoder base config template ([85e7674](https://github.com/kaitranntt/ccs/commit/85e76742fe322ec5205c66a42c500dd768c90d28))
* **cliproxy:** add Qoder to channel catalog, model routing, and UI ([1e60fe1](https://github.com/kaitranntt/ccs/commit/1e60fe186e700ab00bd739b29085635053cba822))
* **pricing:** support per-service-tier rates; wire Opus fast mode ([878775f](https://github.com/kaitranntt/ccs/commit/878775f5b63e0f5debc563abd2d5d888a5488b80)), closes [#1](https://github.com/kaitranntt/ccs/issues/1)
* **qoder:** add model catalog entries for backend and UI ([b52c062](https://github.com/kaitranntt/ccs/commit/b52c0627ca7fa72365161b655cfaa12ba4f2fbc6))
* **qoder:** add provider logo asset and dashboard mapping ([d82cc13](https://github.com/kaitranntt/ccs/commit/d82cc13afc68603befee85f8c886d06722fc44d3))
* **qoder:** Change default models in base-qoder settings ([de5b545](https://github.com/kaitranntt/ccs/commit/de5b545ac35389c8e8878107dd70ff6e89ba6c5f))

### Bug Fixes

* add CLIProxy account reauthentication ([5f1976f](https://github.com/kaitranntt/ccs/commit/5f1976f69c447dac6b3141bc7ee2a962a355a8af))
* **analytics:** collapse profile-scope disclaimer into tooltip icon ([9130c7d](https://github.com/kaitranntt/ccs/commit/9130c7d8698442d4bb3a7ca47502ece8c99336ff)), closes [#1390](https://github.com/kaitranntt/ccs/issues/1390)
* **analytics:** price Claude Opus 4.7 thinking ([062e77e](https://github.com/kaitranntt/ccs/commit/062e77e55f05b821ff8c6c2b0380a57b5d8594f2))
* **analytics:** tighten top-bar layout (single-line trigger, grouped cluster, compact timestamp) ([bfa4c70](https://github.com/kaitranntt/ccs/commit/bfa4c704eb04b0b9b389c26dc77ba84fc2e832e8))
* avoid relative completion backend execution ([4f2dd70](https://github.com/kaitranntt/ccs/commit/4f2dd70b8c77d878c01fb3da9e0fae305cff2cf3))
* **browser:** avoid implicit explicit devtools port for config attach ([#1369](https://github.com/kaitranntt/ccs/issues/1369)) ([f985cec](https://github.com/kaitranntt/ccs/commit/f985cec3ff5de166592a06cfb9ee376436b10c1e))
* **browser:** cap click and key repeat counts in MCP ([#1367](https://github.com/kaitranntt/ccs/issues/1367)) ([c322829](https://github.com/kaitranntt/ccs/commit/c322829f44f8bf4edd43fe4d8fc97560b6fe180a))
* **browser:** handle DevTools close endpoint response ([9225218](https://github.com/kaitranntt/ccs/commit/92252189b1c2b70b71c104a9ce87d6b2fe293a7d))
* **browser:** log only matched intercepted requests ([#1366](https://github.com/kaitranntt/ccs/issues/1366)) ([8b3ba55](https://github.com/kaitranntt/ccs/commit/8b3ba5532e07af52f89cf012be63eafe2046e7b8))
* **browser:** track explicit devtools_port from config ([#1383](https://github.com/kaitranntt/ccs/issues/1383)) ([b63943e](https://github.com/kaitranntt/ccs/commit/b63943eb450b335bbce00946dfd71f2535538cc4)), closes [#1369](https://github.com/kaitranntt/ccs/issues/1369)
* **channels:** avoid secrets in --set-token argv ([#1389](https://github.com/kaitranntt/ccs/issues/1389)) ([88fbac3](https://github.com/kaitranntt/ccs/commit/88fbac3a324e409a26bcbe7cf44810b94ef134e2))
* **ci:** add always-reporting CI Gate so fork PRs stop deadlocking ([7dba36f](https://github.com/kaitranntt/ccs/commit/7dba36fb03d56da03e0abff152d7a582eb4f10fa)), closes [#1461](https://github.com/kaitranntt/ccs/issues/1461)
* **ci:** close dev-released issues on stable release ([#1396](https://github.com/kaitranntt/ccs/issues/1396)) ([52a427a](https://github.com/kaitranntt/ccs/commit/52a427a7a34faecb078af407725f9c50fc641103))
* **ci:** constrain PR-Agent GitHub App token permissions ([#1370](https://github.com/kaitranntt/ccs/issues/1370)) ([37fdf90](https://github.com/kaitranntt/ccs/commit/37fdf90e304507a3fc4e3e0066bb1856a05e74bc))
* **ci:** narrow issue reference parsing ([2a3bc68](https://github.com/kaitranntt/ccs/commit/2a3bc6807fc354ed2a55a386d5012a7536aa765e))
* **ci:** qualify docker release checkout refs ([#1374](https://github.com/kaitranntt/ccs/issues/1374)) ([cba1414](https://github.com/kaitranntt/ccs/commit/cba1414b7e5c038741f0e4a401280d0999afdf61))
* **claude-extension:** enforce private permissions for settings writes ([#1378](https://github.com/kaitranntt/ccs/issues/1378)) ([0db9705](https://github.com/kaitranntt/ccs/commit/0db9705d7509302f13816607ca055b9c387111b3))
* **cliproxy:** clean up upstream proxy on response disconnect ([#1361](https://github.com/kaitranntt/ccs/issues/1361)) ([2188cdc](https://github.com/kaitranntt/ccs/commit/2188cdc9907cf0934f074a9503501edd68f708e8))
* **cliproxy:** fall back from invalid Codex feature labels ([a0870aa](https://github.com/kaitranntt/ccs/commit/a0870aa40455ae0d1475041d533e909629e9d906))
* **cliproxy:** ignore stale executor exit code ([bcc6899](https://github.com/kaitranntt/ccs/commit/bcc68992fad7786a54ffadff5283e343a5e73084))
* **cliproxy:** infer emails from alternate token prefixes ([c0cd44e](https://github.com/kaitranntt/ccs/commit/c0cd44ecaa0546b9ca9f2ce55840c539c8bba676))
* **cliproxy:** prefer explicit Codex free fallbacks ([27e1694](https://github.com/kaitranntt/ccs/commit/27e16944808cf43210d4505993c9846fdd7309e4))
* **cliproxy:** preserve manual quota pauses ([6ecca9b](https://github.com/kaitranntt/ccs/commit/6ecca9b16fbd77cd3fe130cdd131fa90af68ae32))
* **cliproxy:** prevent management key leak on runtime proxy overrides ([#1386](https://github.com/kaitranntt/ccs/issues/1386)) ([4cf840e](https://github.com/kaitranntt/ccs/commit/4cf840ea0adeaee8370753f1bb20fb3c3cbd849f))
* **cliproxy:** redact generic token query params in oauth trace ([#1364](https://github.com/kaitranntt/ccs/issues/1364)) ([9357f4d](https://github.com/kaitranntt/ccs/commit/9357f4df26d8ce8a07db9d52d3d5b9c307206d56))
* **cliproxy:** revert to qoder/auto prefixed model in base config ([c5308de](https://github.com/kaitranntt/ccs/commit/c5308ded3b08493036cfc279b04432576f76094e))
* **cliproxy:** sanitize Codex quota labels ([4574122](https://github.com/kaitranntt/ccs/commit/457412277b1311decb660620ecdd0cdd78a90e1c))
* **cliproxy:** scrub GitLab PAT env after token-login auth ([#1360](https://github.com/kaitranntt/ccs/issues/1360)) ([e658e83](https://github.com/kaitranntt/ccs/commit/e658e838f906bebebde8484df6f492bcda737abe))
* **cliproxy:** use unprefixed auto model for qoder base config ([9a8430f](https://github.com/kaitranntt/ccs/commit/9a8430f68beef326bf43aa3686952875a0e818fa))
* **codex-auth:** narrow running Codex detection ([9eb0201](https://github.com/kaitranntt/ccs/commit/9eb0201b794d2c231416865e28b991c93982db43))
* **codex-auth:** restrict symlink fallback and harden copy path ([#1365](https://github.com/kaitranntt/ccs/issues/1365)) ([0bd2e57](https://github.com/kaitranntt/ccs/commit/0bd2e577b21401f586fb9cbee18de3baa2cfc817))
* **codex:** cap buffered upstream error response size ([#1375](https://github.com/kaitranntt/ccs/issues/1375)) ([b0a7541](https://github.com/kaitranntt/ccs/commit/b0a754179ca7bc0c0d4b70ef119fca1eef827dfc))
* **codex:** gate ccsxp config overrides ([e09e930](https://github.com/kaitranntt/ccs/commit/e09e930c38ef17dfecf000804504ab6ed4f38367))
* compare cliproxy fork release suffixes ([#1419](https://github.com/kaitranntt/ccs/issues/1419)) ([aee322e](https://github.com/kaitranntt/ccs/commit/aee322ea88e39ffb57a3b427016f5cd1339141cf))
* **config:** Update Kiro model settings in default configuration ([39656b9](https://github.com/kaitranntt/ccs/commit/39656b98262e7f1d7b3e3c29e67fed7b9cae9c95))
* **config:** use valid Kiro default model ([a06eff6](https://github.com/kaitranntt/ccs/commit/a06eff61f03678f60fb055735375f53b29cc621a))
* correct claude image analysis default model ([8842102](https://github.com/kaitranntt/ccs/commit/88421026c64b0dc86c183f6d71b38ec9e5d89920))
* create explicit CODEX_HOME with secure permissions ([#1380](https://github.com/kaitranntt/ccs/issues/1380)) ([55cd78b](https://github.com/kaitranntt/ccs/commit/55cd78bce47f219d03c7b8b7a43963f5eae182b0))
* **cursor-daemon:** auto-generate token + expose for callers ([#1384](https://github.com/kaitranntt/ccs/issues/1384)) ([b7d5ce1](https://github.com/kaitranntt/ccs/commit/b7d5ce178a46d4ade8c3cb58eb5fff7af44dc44f)), closes [1373/#1377](https://github.com/1373/ccs/issues/1377)
* **cursor-daemon:** widen safeResolve type for daemonToken ([#1385](https://github.com/kaitranntt/ccs/issues/1385)) ([ba887e0](https://github.com/kaitranntt/ccs/commit/ba887e012ac29b9764806232b30f311c2f597cf8)), closes [1373/#1377](https://github.com/1373/ccs/issues/1377)
* **cursor:** authenticate local daemon health/runtime traffic ([#1373](https://github.com/kaitranntt/ccs/issues/1373)) ([03a3011](https://github.com/kaitranntt/ccs/commit/03a30119d99753e52f4726f2f0a2078118690f3e))
* **cursor:** block cross-origin runtime probe requests ([#1371](https://github.com/kaitranntt/ccs/issues/1371)) ([e6f764c](https://github.com/kaitranntt/ccs/commit/e6f764c79b94209bcbeaabfd8ee94ae364f821e1))
* **cursor:** enforce auth token for anthropic daemon route ([#1377](https://github.com/kaitranntt/ccs/issues/1377)) ([210ab76](https://github.com/kaitranntt/ccs/commit/210ab761e2cbfcaf8d1e75757a517889479c6335))
* **dashboard:** clear local control-panel management key ([#1372](https://github.com/kaitranntt/ccs/issues/1372)) ([6c0f7ac](https://github.com/kaitranntt/ccs/commit/6c0f7ac39c17b99bd4259eb4eca35792aea31dff))
* **dashboard:** respect account last-used timeline base ([70601e6](https://github.com/kaitranntt/ccs/commit/70601e6364fd1fd0e4cce2fec922ebf33f5ca61f))
* disable docker legacy API key auth by default ([#1355](https://github.com/kaitranntt/ccs/issues/1355)) ([ab379e9](https://github.com/kaitranntt/ccs/commit/ab379e9e1387d73f2672d92c5438f6421c94f4f5))
* **docker:** pin runtime deps to committed bun lockfile ([#1358](https://github.com/kaitranntt/ccs/issues/1358)) ([aef331d](https://github.com/kaitranntt/ccs/commit/aef331d8efde63f9d9393f3d3a0d0adc16918dcb))
* forward bare Claude subcommands through the default profile ([3fbf850](https://github.com/kaitranntt/ccs/commit/3fbf8504718c38c7e675bd68c90c0acf7d13aa6c)), closes [#1218](https://github.com/kaitranntt/ccs/issues/1218) [#1404](https://github.com/kaitranntt/ccs/issues/1404)
* gate auth monitor stats polling ([#1421](https://github.com/kaitranntt/ccs/issues/1421)) ([c12174d](https://github.com/kaitranntt/ccs/commit/c12174db125ea69631a8ab530098d24040b31a3f))
* guard self-signed routing request setup ([5807328](https://github.com/kaitranntt/ccs/commit/5807328cb58e6a60637a797b046afa06262043bf))
* handle system messages in OpenAI proxy ([#1403](https://github.com/kaitranntt/ccs/issues/1403)) ([f42aee9](https://github.com/kaitranntt/ccs/commit/f42aee9a20afb7a305dc4d2d2026063d62d5e4ce))
* harden cliproxy usage cache ([6bba193](https://github.com/kaitranntt/ccs/commit/6bba193cdd742a56f3d495a3de5d478df636f444))
* harden provider alias normalization ([480f3ba](https://github.com/kaitranntt/ccs/commit/480f3ba46949b4d44b1a36fa5a6dcc2699a311d5))
* honor browser eval env override in attach config ([#1368](https://github.com/kaitranntt/ccs/issues/1368)) ([4e7894a](https://github.com/kaitranntt/ccs/commit/4e7894a3daa5105d2b9c32d456748b1e485d78b7))
* keep live catalog defaults visible ([f9dec01](https://github.com/kaitranntt/ccs/commit/f9dec01cfdc976442eddb60bd092abadf443d1b4))
* **management:** skip broken shared plugin entries ([f44b651](https://github.com/kaitranntt/ccs/commit/f44b651cd6752053e175301c8c8f911b1be882fc))
* narrow legacy GLMT base URL normalization ([#1376](https://github.com/kaitranntt/ccs/issues/1376)) ([781c84b](https://github.com/kaitranntt/ccs/commit/781c84b04b184cbb57853fa2d0cc892e45c980f2))
* normalize cliproxy v3 usage snapshots ([65adab5](https://github.com/kaitranntt/ccs/commit/65adab5bec2814a2f7deb681067892def77b03ad))
* normalize Codex provider requests ([0f0ad4e](https://github.com/kaitranntt/ccs/commit/0f0ad4e6ed2ae5949399b777c2d0f77e7a33506e)), closes [#1399](https://github.com/kaitranntt/ccs/issues/1399) [#1406](https://github.com/kaitranntt/ccs/issues/1406)
* persist codex target selections ([04dc97a](https://github.com/kaitranntt/ccs/commit/04dc97aaa4690433e1ee0409cf3edc225eaab02c))
* **persist:** bound Codex translator receipt scan ([5da6334](https://github.com/kaitranntt/ccs/commit/5da63347367564104b2cc514c94d1f1fc1519996))
* **pricing:** restore opus version order; cover 4.6/4.7 fast-tier rates ([5a79b47](https://github.com/kaitranntt/ccs/commit/5a79b475063a3451b14e8805f9b0dc05397930cb))
* **proxy:** honor backpressure in cliproxy local streaming ([#1379](https://github.com/kaitranntt/ccs/issues/1379)) ([90d5ca2](https://github.com/kaitranntt/ccs/commit/90d5ca2cbb07e46364d05e3558f177355ceed975))
* **proxy:** load pid-only profile daemon state ([216fae7](https://github.com/kaitranntt/ccs/commit/216fae7d577423e6fa13c49efe836df23dbb8af4))
* **proxy:** support opt-in OpenAI reasoning shaping ([8282ff6](https://github.com/kaitranntt/ccs/commit/8282ff68a1667efba68e23400eb7e7ec3f1af9bb))
* redact OAuth trace error messages ([14da76a](https://github.com/kaitranntt/ccs/commit/14da76abae511f020bfa67d9b2b57342ebdc27fa))
* reject symlinked cleanup directories ([920fba7](https://github.com/kaitranntt/ccs/commit/920fba7e1333ff53b7826981bf61b238091dbcf6))
* reject unsupported image analysis backends ([#1387](https://github.com/kaitranntt/ccs/issues/1387)) ([b35a23a](https://github.com/kaitranntt/ccs/commit/b35a23a6e4a1d59ae3d1a3fb754d3a31db1e5855))
* restrict Codex usage cache permissions ([c630ce8](https://github.com/kaitranntt/ccs/commit/c630ce878ea4ad22d0bfa07d71dd352392db728a))
* restrict local runtime readiness probes ([9a7b26e](https://github.com/kaitranntt/ccs/commit/9a7b26eab745f5099d57685c9a14845a4adb985e))
* **sse:** make CRLF normalization chunk-boundary safe ([#1359](https://github.com/kaitranntt/ccs/issues/1359)) ([2ec23c6](https://github.com/kaitranntt/ccs/commit/2ec23c6c3a277c9e901cbee588683f4ca7662837))
* stop ccsxp model alias parsing at option terminator ([5776e9c](https://github.com/kaitranntt/ccs/commit/5776e9c3b1ac584eebcd01c6332196acc6ff7aa4))
* surface cleanup directory read errors ([f93cb36](https://github.com/kaitranntt/ccs/commit/f93cb36da68495015428123d4407a9337740aeee))
* **test:** add qoder to PLUS_EXTRA_CLIPROXY_PROVIDERS test expectation ([dea4de4](https://github.com/kaitranntt/ccs/commit/dea4de45fd4d06f3f2c79d2fedcef18caa8fb045))
* time out stalled CLIProxy response streams ([d7d5ad2](https://github.com/kaitranntt/ccs/commit/d7d5ad2ad2170dc95b35984968dfe2362f4c7454))
* tolerate null retryable check ([54f3b68](https://github.com/kaitranntt/ccs/commit/54f3b6860a8e81b11c705bf0cbe05eeb8728e668))
* **ui:** blur account identity badges in privacy mode ([dd62027](https://github.com/kaitranntt/ccs/commit/dd62027d3f4e11274e4ada2872d942a20c4ef0ea))
* **ui:** guard invalid log detail timestamps ([4ce6669](https://github.com/kaitranntt/ccs/commit/4ce6669e26ba4c55e8ca3bc3a9590e128eee2f30))
* **ui:** preserve distinct log detail rows ([c0f5413](https://github.com/kaitranntt/ccs/commit/c0f5413523c8ae0f7cff25ea4de97c4427c5f989))
* **ui:** preserve Gemini tier fallback without entitlement ([1f7ed65](https://github.com/kaitranntt/ccs/commit/1f7ed656b2b99ed8c25909bf6a66c1dde744855e))
* **ui:** show dashboard audit logs by default ([2b59e04](https://github.com/kaitranntt/ccs/commit/2b59e040c4481d29809798b273ba3cd57915a4b6))
* **ui:** suppress privacy mode account title leaks ([f592260](https://github.com/kaitranntt/ccs/commit/f592260049a6e7345a3457d990fa952e8fb09ff3))
* validate browser flags before proxy side effects ([8114ff0](https://github.com/kaitranntt/ccs/commit/8114ff016e5c29c869692a9812b3187f2842ccae))
* validate usage profile query type ([901bad2](https://github.com/kaitranntt/ccs/commit/901bad2ec7faab8d5725a65c96a1de8cb9945b3d))
* **web-server:** stop startup local prefix sync secret leak ([#1362](https://github.com/kaitranntt/ccs/issues/1362)) ([d961644](https://github.com/kaitranntt/ccs/commit/d9616447f9c3117fd4882357373c8d820774e3a7))
* **web:** avoid runtime proxy probes on public masked settings route ([#1388](https://github.com/kaitranntt/ccs/issues/1388)) ([fec8441](https://github.com/kaitranntt/ccs/commit/fec84417a61b6cf9a3a2a65a564eaf55e294388e))
* **web:** harden localhost guard against DNS rebinding ([#1357](https://github.com/kaitranntt/ccs/issues/1357)) ([21764d5](https://github.com/kaitranntt/ccs/commit/21764d5b90c8db06f5c52a1747e2e41f65da478b))

### Hotfixes

* sync Docker release publishing fix to dev ([6ed9e09](https://github.com/kaitranntt/ccs/commit/6ed9e097e7e72c25bfe2e17f37fa248f2d0e9c0a)), closes [#1400](https://github.com/kaitranntt/ccs/issues/1400)

### Documentation

* **docker:** avoid exposing dashboard password in examples ([#1382](https://github.com/kaitranntt/ccs/issues/1382)) ([e59ee6d](https://github.com/kaitranntt/ccs/commit/e59ee6df7974964056f48759a3e68d130c580c0a))
* **docker:** harden remote token migration staging ([#1381](https://github.com/kaitranntt/ccs/issues/1381)) ([7ccea95](https://github.com/kaitranntt/ccs/commit/7ccea955ad1fcef8b880fafccac2b1a04cad564e))
* **pricing:** document legacy 4-7-thinking entry; cover tier metadata ([1fc595f](https://github.com/kaitranntt/ccs/commit/1fc595f10cda9c13fa0afd38c98c9fec1b869ae5))

### Styles

* format ccsxp config override changes ([89475e3](https://github.com/kaitranntt/ccs/commit/89475e39100ed67889943272bedf4e8494c4c06b))
* format codex target persistence changes ([ad47d0f](https://github.com/kaitranntt/ccs/commit/ad47d0f478bb5bf150f524b9ae271e2766c2bb12))
* format email fallback parsing changes ([79379a2](https://github.com/kaitranntt/ccs/commit/79379a25fe258025705088691f01f690040b053c))
* format live catalog default changes ([8261901](https://github.com/kaitranntt/ccs/commit/8261901b89a4baa351a802417ed3a1a83a75e62b))
* format provider alias normalization changes ([0ca3e4b](https://github.com/kaitranntt/ccs/commit/0ca3e4b35a356e0bbeabb3cb8b996f6eb71d70f7))
* format v3 snapshot migration changes ([b3a8ced](https://github.com/kaitranntt/ccs/commit/b3a8ced8feee587db1e3a5587b08fc0340dd140e))

### Code Refactoring

* **pricing:** derive fast-tier cache rates via buildRates helper ([254fc88](https://github.com/kaitranntt/ccs/commit/254fc88f717dd5f649aa6ffa30b1939ac3f9078f)), closes [#3](https://github.com/kaitranntt/ccs/issues/3)
* **pricing:** share Opus fast-tier rate constants ([e8057a7](https://github.com/kaitranntt/ccs/commit/e8057a70734e1d7556dbc53aec1739c73d0cf8cf))

### Tests

* **accounts:** align stale free-tier expectations with current behavior ([5157a92](https://github.com/kaitranntt/ccs/commit/5157a922a5ed0461381741d8a7b624c2dcd6f71d))
* **accounts:** align stale free-tier expectations with current grouping ([28cfc17](https://github.com/kaitranntt/ccs/commit/28cfc175bdbc28c914c171af8b1435a12b26a487))
* cover qoder base settings ([ba853b1](https://github.com/kaitranntt/ccs/commit/ba853b159b231bd97d3479701938846a83d45baa))
* **qoder:** add qoder to provider-capabilities test expectations ([4973f7a](https://github.com/kaitranntt/ccs/commit/4973f7a00f8d3d6e30efb0b59e3ed961216c26c7))
* restrict claudecode CCS_HOME cleanup ([6671423](https://github.com/kaitranntt/ccs/commit/6671423d79d7841cc2414caee252fbc67b426189))
* update proxy resolver coverage ([1f1cc05](https://github.com/kaitranntt/ccs/commit/1f1cc056ef038f491d588e56f2f81f7c0a9acfd1))
2026-06-06 22:23:37 +00:00
Kai (Tam Nhu) TranandGitHub 9b77436754 Merge pull request #1467 from kaitranntt/dev
feat(release): promote dev to main — Qoder provider, Opus 4.8, pricing & security batch
2026-06-06 18:20:13 -04:00
github-actions[bot] f5d84dcde1 chore(release): 8.1.4-dev.8 2026-06-03 15:20:04 +00:00
Kai (Tam Nhu) TranandGitHub 32154f2259 Merge pull request #1465 from kaitranntt/kai/fix/1458-1459-openai-reasoning
fix(proxy): support OpenAI reasoning payload opt-in
2026-06-03 11:16:22 -04:00
Tam Nhu Tran 8282ff68a1 fix(proxy): support opt-in OpenAI reasoning shaping 2026-06-03 11:08:41 -04:00
github-actions[bot] 288ee71c82 chore(release): 8.1.4-dev.7 2026-06-02 14:50:45 +00:00
Kai (Tam Nhu) TranandGitHub a2ad96bca3 Merge pull request #1463 from kaitranntt/kai/fix/stale-account-visual-groups-test
test(accounts): fix stale account-visual-groups free-tier expectations
2026-06-02 10:47:08 -04:00
Kai (Tam Nhu) TranandGitHub cfb4d7bf19 Merge pull request #1457 from sgaluza/feat/claude-opus-4-8
feat(catalog): add Claude Opus 4.8 to Anthropic model registry
2026-06-02 10:46:54 -04:00
Tam Nhu Tran bfb4258688 Merge remote-tracking branch 'origin/dev' into kai/validate/pr-1457 2026-06-02 07:00:33 -04:00
Tam Nhu Tran 28cfc175bd test(accounts): align stale free-tier expectations with current grouping
72ea1fc9 added a 'free' audience to AUDIENCE_ORDER in account-visual-groups.ts
but left the unit test asserting the old 'personal'/'Personal · Free' labels,
so the suite fails on dev. Realign the two assertions to the current source
output: free-tier codex variants resolve to audience 'free', inline label
'Free', and null compact detail label.
2026-06-02 06:56:09 -04:00
github-actions[bot] 2368d779c7 chore(release): 8.1.4-dev.6 2026-06-02 10:55:58 +00:00
Kai (Tam Nhu) TranandGitHub 06792d3382 Merge pull request #1462 from kaitranntt/kai/fix/1461-ci-gate
fix(ci): add always-reporting CI Gate so fork PRs stop deadlocking
2026-06-02 06:52:17 -04:00
Tam Nhu Tran 7dba36fb03 fix(ci): add always-reporting CI Gate so fork PRs stop deadlocking
The validate/build/test/compose-parity jobs are gated to trusted author
associations so untrusted fork code never runs on the self-hosted runners.
But a job skipped via a job-level if reports no status, and branch protection
requires the job names typecheck/lint/format/build/test directly, so fork PRs
hang on 'Expected - waiting for status to be reported' and can never merge.

Add a single CI Gate job (if: always(), needs the gated jobs, no checkout so it
runs no third-party code) that fails only when a gated job actually
failed/cancelled and passes when they succeed or skip-for-fork. Branch
protection should require CI Gate instead of the individual job names.

Closes #1461
2026-06-02 06:38:54 -04:00
Sergey Galuza 1fc595f10c docs(pricing): document legacy 4-7-thinking entry; cover tier metadata
Final review polish:

- Add an inline comment on the claude-opus-4-7-thinking registry entry
  explaining it is a pricing-only id kept for historical analytics data
  (no catalog model after Opus 4.7 moved to adaptive thinking levels),
  and why it carries no fast tier.
- Add a test asserting applyServiceTier preserves the serviceTiers map on
  its result, guarding against a future simplification dropping it.

Built [OnSteroids](https://onsteroids.ai)
2026-05-31 20:23:14 +02:00
Sergey Galuza 5a79b47506 fix(pricing): restore opus version order; cover 4.6/4.7 fast-tier rates
Address presto review on the fast-tier work:

- Move the claude-opus-4-8 entry after claude-opus-4-7-thinking so the
  registry keeps chronological 4.6 -> 4.7 -> 4.8 ordering (the 4.8 insert
  had split the 4-7 / 4-7-thinking pair).
- Drop the fast serviceTier from claude-opus-4-7-thinking: that id is a
  legacy pricing-only entry with no catalog model, so a fast premium on it
  is meaningless. The active 4.6-thinking variant (agy provider) keeps its
  fast tier.
- Extend the 4.7 fast-tier test with cache-rate assertions and add an
  equivalent 4.6 fast-tier test so the derived buildRates math is covered
  for every premium-tier model.

Built [OnSteroids](https://onsteroids.ai)
2026-05-31 18:52:54 +02:00
Sergey Galuza e8057a7073 refactor(pricing): share Opus fast-tier rate constants
Hoist the fast-mode rate sets into OPUS_46_47_FAST_RATES and
OPUS_48_FAST_RATES module constants (built via buildRates) so the
registry entries reference shared values instead of repeating literal
buildRates(...) calls. Also wires the fast tier onto the -thinking
aliases (claude-opus-4-6-thinking / -4-7-thinking) so they bill at the
same premium as their base ids.

Built [OnSteroids](https://onsteroids.ai)
2026-05-31 18:16:23 +02:00
Sergey Galuza 254fc88f71 refactor(pricing): derive fast-tier cache rates via buildRates helper
Address review feedback on the per-service-tier pricing:

- Extract `buildRates(input, output)` plus named CACHE_5M_WRITE_MULTIPLIER
  / CACHE_READ_MULTIPLIER constants so fast-tier cache rates are derived
  from Anthropic's documented multipliers instead of hand-computed numbers.
  This removes the inconsistency where Opus 4.6 fast-tier lacked the
  explanatory inline comments that 4.7/4.8 carried (presto suggestion #3).
- Document in `applyServiceTier` that no production caller passes
  `serviceTier` yet (Anthropic's service_tier is not captured on
  CliproxyRequestDetail), so fast-mode usage is currently billed at the
  standard rate until the usage pipeline records the tier.
- Add a combined date-suffix + fast-tier lookup test to prove the two
  resolution stages compose.

Built [OnSteroids](https://onsteroids.ai)
2026-05-31 10:34:50 +02:00
Sergey Galuza 5157a922a5 test(accounts): align stale free-tier expectations with current behavior
Commit 72ea1fc9 ("fix(accounts): simplify codex free tier badges") split
free codex accounts out of the `personal` audience into a distinct
`free` audience and dropped the `'Personal · '` prefix on inlineLabel,
but `account-visual-groups.test.ts` was not updated and has been
failing in CI ever since.

Update expectations to match the shipped behavior:
- `audience` for `-free` tokens is `'free'`, not `'personal'`
- `inlineLabel` for a bare free account is `'Free'`, not `'Personal · Free'`
- `compactDetailLabel` is `null` when no extra parts are present
- Sort order: business -> personal -> free -> unknown

Drive-by fix unrelated to the Opus 4.8 work in this PR but caught
because these tests started failing on every push to the branch.

Built [OnSteroids](https://onsteroids.ai)
2026-05-30 23:01:58 +02:00
Sergey Galuza c74ad22bd4 Merge remote-tracking branch 'upstream/dev' into feat/claude-opus-4-8 2026-05-30 22:31:55 +02:00
github-actions[bot] c8e0de6b02 chore(release): 8.1.4-dev.5 2026-05-30 20:24:52 +00:00