Commit Graph

598 Commits

  • fix: guard migrations against missing tables and fix highlighted text assertion
    - Make migrate_v6_to_v7 check skills table existence before ALTER
    - Make migrate_v7_to_v8 check model_pricing table existence before UPDATE
    - Fix SessionManagerPage test: use getByRole heading instead of getAllByText
      which breaks when highlightText splits text across <mark> elements
  • fix: update tests for InstalledSkill new fields and missing hook mocks
    - Add content_hash and updated_at fields to 4 InstalledSkill literals in skill_sync.rs
    - Add useCheckSkillUpdates and useUpdateSkill to UnifiedSkillsPanel test mock
    - Suppress unused import warning in auto_launch.rs test module
  • feat(session-manager): extract meaningful titles for Claude sessions
    Instead of showing directory basenames for all Claude sessions, extract
    titles from JSONL content with a priority chain:
    1. custom-title metadata (set via /rename in Claude Code)
    2. First real user message (skipping /clear, /compact caveats)
    3. Directory basename (fallback)
  • feat(common-config): show first-run notice dialog when editing providers
    Display a one-time informational dialog explaining the Common Config
    Snippet feature when users first open the add/edit provider form.
    Uses a derived isOpen state from settings to avoid race conditions.
    Adds commonConfigConfirmed flag to both TS and Rust settings types.
  • feat(welcome): show first-run welcome dialog on fresh install
    Introduce a one-time welcome dialog that explains CC Switch's workflow
    to new users: how their existing config is preserved as a "default"
    provider and how the bundled "Official" preset enables one-click revert.
    Upgrade users are excluded by checking is_providers_empty() at startup
    and never see the dialog.
    
    Persistence follows the existing *_confirmed convention in AppSettings
    (proxy/usage/stream_check/failover), stored in settings.json. The field
    is only written when the user explicitly clicks the confirm button,
    keeping its semantics strictly about user acknowledgement.
    
    Also adds two reusable DAO helpers:
    - Database::is_providers_empty for fresh-install detection, using
      EXISTS(SELECT 1) for a short-circuit query.
    - Database::get_bool_flag accepting "true" | "1", with
      init_default_official_providers migrated to use it.
    
    Dialog copy in zh/en/ja uses conditional phrasing so it stays
    accurate whether or not existing live config was found.
  • feat(providers): auto-import OpenCode/OpenClaw live providers on startup
    Drops the friction of clicking the manual "Import current config" button
    for OpenCode and OpenClaw — they now match the auto-import behavior the
    previous commit added for Claude/Codex/Gemini.
    
    - New "1.6." startup block in lib.rs runs both
      import_opencode_providers_from_live and import_openclaw_providers_from_live
      on every launch. The functions are id-keyed and idempotent, so re-running
      just picks up new providers added externally to the live JSON files.
    - Both functions now use a new Database::get_provider_ids() helper
      (HashSet<String> from a single SELECT id-only query) instead of
      get_all_providers(), avoiding the N+1 endpoint sub-queries that would
      otherwise hit the startup hot path on every launch.
  • feat(providers): seed an official preset on startup for Claude/Codex/Gemini
    New and existing users now see a built-in "Claude Official" / "OpenAI
    Official" / "Google Official" entry in their provider list, so switching
    back to the official endpoint is one click away instead of buried in the
    README.
    
    - New providers_seed.rs holds the three seeds (id, name, settings_config,
      icon) keyed by AppType, with a single is_official_seed_id() helper that
      scans OFFICIAL_SEEDS so the id list has one source of truth.
    - Database::init_default_official_providers() runs once per database
      (gated by an official_providers_seeded setting flag), appends each seed
      to the end of the sort order, and never touches is_current.
    - Startup also auto-imports the live config (settings.json / auth.json /
      .env) as a "default" provider before seeding, so users with an existing
      manual config don't lose it when they click the official preset.
    - Database::has_non_official_seed_provider() replaces the get_all_providers
      call in import_default_config's gating check with an id-only scan,
      dropping the N+1 endpoint sub-queries from every startup.
  • refactor(stream-check): rename helper and drop phase markers
    Post-merge cleanup from a simplify review pass on the phase 1-4
    OpenCode/OpenClaw changes.
    
    - Rename check_once_opencode_like → check_once_without_adapter. The
      new name directly expresses the intent (bypass get_adapter) instead
      of suggesting the function is somehow "like" OpenCode.
    - Drop two "Phase 4 会美化错误消息" phase-history markers from
      docstrings; git history is the right place for them.
    - Document in resolve_opencode_base_url why its default endpoints
      cannot be merged with ProviderType::default_endpoint(): the former
      encode AI SDK package defaults (e.g. @ai-sdk/openai ships with the
      /v1 suffix) while the latter encode proxy upstream hosts. They
      happen to overlap but are two independent truth sources.
  • feat(stream-check): handle edge cases for OpenCode/OpenClaw
    Phase 4: polish the four remaining edge cases uncovered by Phase 1-3.
    
    Custom headers passthrough
    - check_claude_stream and check_gemini_stream now accept an optional
      extra_headers map which is appended after all built-in headers so it
      can override defaults (e.g. a custom User-Agent).
    - OpenClaw reads from settings_config.headers.
    - OpenCode reads from settings_config.options.headers.
    - All pre-existing Claude/Codex/Gemini call sites pass None.
    
    OpenClaw custom auth header (Longcat-style)
    - When settings_config.authHeader is true, the provider expects a
      custom auth header whose name is only known to the OpenClaw gateway
      itself. Return a dedicated openclaw_auth_header_not_supported error
      so the user sees a meaningful explanation instead of a 401.
    
    Bedrock error polish
    - The bedrock-converse-stream (OpenClaw) and @ai-sdk/amazon-bedrock
      (OpenCode) branches now explain why (SigV4 signing) and point to
      the official consoles as an alternative test path.
    
    OpenCode baseURL fallback
    - resolve_opencode_base_url: when options.baseURL is empty and the
      npm package has a canonical default endpoint (@ai-sdk/openai,
      @ai-sdk/anthropic, @ai-sdk/google), fall back to that endpoint.
      @ai-sdk/openai-compatible still requires an explicit baseURL
      because its whole purpose is to point at a custom OpenAI clone.
    
    Tests
    - 8 new unit tests covering authHeader detection, baseURL resolution
      (explicit / fallback / error), and header map extraction on both
      apps. Total stream_check tests: 18 → 26.
  • feat(stream-check): support OpenCode via npm package mapping
    Phase 3: implement stream check for OpenCode providers by mapping the
    `settings_config.npm` (AI SDK package name) to the corresponding API
    protocol and delegating to the existing stream checkers.
    
    Package mapping:
    - @ai-sdk/openai-compatible → openai_chat
    - @ai-sdk/openai            → openai_responses
    - @ai-sdk/anthropic         → anthropic (ClaudeAuth strategy)
    - @ai-sdk/google            → gemini (Google strategy)
    - @ai-sdk/amazon-bedrock    → not supported (phase 4 message polish)
    
    Note: OpenCode nests baseURL/apiKey under `settings_config.options`
    (different from OpenClaw's root-level fields) and uses `baseURL` with
    a capital L. Three new extractors (base_url / api_key / npm) encode
    these shape differences so check_opencode_stream stays symmetric with
    check_openclaw_stream.
    
    Frontend: drop the remaining `appId !== "opencode"` filter in
    ProviderList.tsx — both apps can now test providers.
  • feat(stream-check): support remaining 3 OpenClaw protocols
    Phase 2: extend check_openclaw_stream to cover the full non-Bedrock
    protocol set declared by openclawApiProtocols.
    
    - openai-responses   → check_claude_stream(api_format="openai_responses")
    - anthropic-messages → check_claude_stream(api_format="anthropic"),
      using AuthStrategy::ClaudeAuth (Bearer-only) so Claude relay
      services that reject a simultaneous x-api-key still work. Official
      Anthropic also accepts pure Bearer on /v1/messages.
    - google-generative-ai → check_gemini_stream with AuthStrategy::Google.
    
    bedrock-converse-stream still errors out but with a dedicated
    openclaw_bedrock_not_supported key; its user-facing message will be
    polished in phase 4.
    
    Each protocol now builds its own AuthInfo inside the match arm because
    the auth strategy is protocol-specific.
  • feat(stream-check): support OpenClaw openai-completions protocol
    Phase 1 of extending stream health check to OpenCode/OpenClaw apps.
    
    - Add early-dispatch path for OpenCode/OpenClaw in check_once so they
      bypass the adapter layer (which only knows Claude/Codex/Gemini
      settings_config shapes).
    - Introduce check_openclaw_stream dispatcher that reads the `api` field
      from settings_config and routes to the existing check_claude_stream
      with api_format="openai_chat" for "openai-completions". Other
      protocols return localized errors to be lit up in phases 2 and 4.
    - Extract build_stream_check_result helper to avoid duplicating the
      StreamCheckResult construction logic between the two code paths.
    - Unblock the test button for OpenClaw providers in ProviderList.tsx.
    
    OpenCode still returns the "not yet supported" error; it will be
    enabled in phase 3.
  • fix(linux): repair unresponsive UI on startup and full-screen panels
    Linux users reported the window UI (including native title bar buttons)
    couldn't receive clicks until manually maximizing and restoring the
    window. Root causes: (1) Tauri webview did not acquire focus on startup
    so first clicks were consumed by X11/Wayland click-to-activate
    (Tauri #10746, wry #637); (2) GTK surface input region failed to
    renegotiate on the visible:false + show() path under some
    WebKitGTK/compositor combinations.
    
    - Add linux_fix::nudge_main_window helper that performs set_focus plus
      a ±1px no-op resize after window show, with a 500ms reconciliation
      readback to compensate for dropped resize requests on slow
      compositors.
    - Wire the helper into every window re-show path: normal startup,
      deeplink, single_instance, tray show_main, and lightweight exit.
    - Set WEBKIT_DISABLE_COMPOSITING_MODE=1 at startup to avoid resize
      crashes and Wayland surface negotiation issues.
    - Remove data-tauri-drag-region on Linux from App.tsx header and the
      shared FullScreenPanel (used by all provider/MCP/workspace forms)
      to avoid Tauri #13440 in Wayland sessions. Extract drag-region
      constants to src/lib/platform.ts for reuse.
    
    All Rust changes are gated by #[cfg(target_os = "linux")]; frontend
    changes preserve macOS/Windows behavior via runtime isLinux() checks.
    Known limitation: tiling Wayland compositors ignore set_size, so
    GDK_BACKEND=x11 remains the user-side workaround.
  • feat: display subscription quota for Codex OAuth provider cards
    Codex OAuth (ChatGPT Plus/Pro) providers previously fell through to the
    default UsageFooter branch and showed no quota at all, while Copilot and
    official Codex providers already had a wham/usage-backed quota footer.
    
    This wires up the same five-hour / seven-day tier badges for codex_oauth
    provider cards by reusing the existing query_codex_quota function and
    SubscriptionQuotaFooter rendering, parameterized to keep both the CLI
    credential path ("codex") and the cc-switch managed OAuth path
    ("codex_oauth") working from a single source of truth.
    
    - Parameterize services::subscription::query_codex_quota with tool_label
      and expired_message; promote SubscriptionQuota constructors to
      pub(crate). The CLI path keeps its existing "codex" label and the
      "re-login with Codex CLI" message; the new path passes "codex_oauth"
      and a cc-switch-specific re-login hint.
    - Add a new get_codex_oauth_quota Tauri command in commands/codex_oauth.rs
      that resolves the ChatGPT account (explicit binding > default account
      > not_found), pulls a valid access_token from CodexOAuthManager
      (auto-refresh handled), and delegates to query_codex_quota.
    - Extract SubscriptionQuotaFooter's render body into a pure
      SubscriptionQuotaView component (props: quota / loading / refetch /
      appIdForExpiredHint / inline). The existing SubscriptionQuotaFooter
      becomes a thin wrapper with identical props and behavior, so
      CopilotQuotaFooter and the official Claude/Codex/Gemini paths are
      untouched. This avoids duplicating ~280 lines of five-state rendering.
    - Add CodexOauthQuotaFooter, a 38-line wrapper that calls the new
      useCodexOauthQuota hook and forwards to SubscriptionQuotaView.
    - ProviderCard inserts an isCodexOauth branch between isCopilot and
      isOfficial, keyed off PROVIDER_TYPES.CODEX_OAUTH (newly added to
      config/constants.ts to centralize the previously scattered string).
    - Frontend hook caches per (codex_oauth, accountId) so multiple cards
      bound to the same ChatGPT account share one fetch via react-query
      dedup; cards bound to different accounts get independent fetches.
    - No new i18n keys: existing subscription.fiveHour / sevenDay / expired /
      refresh / queryFailed / expiredHint are reused.
  • feat: add Codex OAuth (ChatGPT Plus/Pro) reverse proxy support
    Adds a new managed OAuth provider that lets Claude Code route requests
    through a user's ChatGPT Plus/Pro subscription via the chatgpt.com
    backend-api/codex endpoint.
    
    - CodexOAuthManager: OpenAI Device Code flow with multi-account support,
      JWT-based account identification, and automatic access_token refresh.
    - Reuses the generic managed-auth command surface (auth_start_login,
      auth_poll_for_account, etc.) via provider dispatch in commands/auth.rs.
    - ClaudeAdapter detects codex_oauth providers, forces the base URL to
      the ChatGPT backend, pins api_format to openai_responses, and emits
      Authorization + originator headers; the forwarder injects the dynamic
      access_token and ChatGPT-Account-Id per request.
    - transform_responses gains an is_codex_oauth path that aligns the body
      with OpenAI's codex-rs ResponsesApiRequest contract: sets store:false,
      appends reasoning.encrypted_content to include, strips max_output_tokens
      / temperature / top_p, injects default instructions/tools/parallel_tool_calls,
      and forces stream:true. Covered by 9 new unit tests plus regression
      guards for the non-Codex path.
    - Stream check reuses the same transform flag so detection matches the
      production request shape.
    - Frontend adds CodexOAuthSection + useCodexOauth hook, integrates it
      into ClaudeFormFields / ProviderForm / AuthCenterPanel, ships a new
      "Codex (ChatGPT Plus/Pro)" preset, and adds zh/en/ja i18n strings.
  • fix: resolve rustfmt formatting and clippy warnings
    - Apply cargo fmt across schema.rs, session_usage*.rs, skill.rs, usage_stats.rs
    - Fix clippy::for_kv_map: use messages.values() instead of (_, msg) pattern
    - Suppress clippy::only_used_in_recursion for intentional recursive base path
    - Fix prettier formatting in UsageScriptModal.tsx
  • fix: resolve session-based usage showing as unknown provider
    Session logs use placeholder provider_ids (_session, _codex_session,
    _gemini_session) that don't exist in the providers table, causing LEFT
    JOIN to return NULL and display "Unknown". Add COALESCE fallback in all
    4 usage queries to show meaningful names like "Claude (Session)".
  • feat: add per-app usage filtering (Claude/Codex/Gemini)
    Add dashboard-level app type filter to usage statistics, replacing the
    DataSourceBar with a more useful segmented control. All components
    (summary cards, trend chart, provider stats, model stats, request logs)
    now respond to the selected app filter.
    
    Backend: add optional app_type parameter to get_usage_summary,
    get_daily_trends, get_provider_stats, and get_model_stats queries.
    Frontend: new AppTypeFilter type, updated query keys with appType
    dimension for proper cache separation, and RequestLogTable local
    filter auto-locks when dashboard filter is active.
  • fix: correct Gemini session sync accuracy issues
    - Use UPSERT with WHERE guard instead of INSERT OR IGNORE, so updated
      token values on existing messages are properly synced without
      unnecessary rewrites of unchanged rows
    - Include cached tokens in the skip-zero filter to stop silently
      discarding pure cache-hit records
    - Restrict file collection to session-*.json to match documented scope
      and prevent ingesting non-session JSON files
  • feat: add Gemini CLI session log usage tracking
    Parse ~/.gemini/tmp/*/chats/session-*.json for precise per-message
    token data (input/output/cached/thoughts). Integrates with existing
    background sync and manual sync button alongside Claude and Codex.
  • feat: add Codex model name normalization for consistent pricing lookup
    Normalize model names from JSONL session logs before storage and pricing
    lookup: lowercase, strip provider prefix (openai/), strip date suffixes
    (-YYYY-MM-DD, -YYYYMMDD). Also clamp cached tokens to not exceed input.
  • feat: replace Codex estimated usage with precise JSONL session log parsing
    Replace the 70/30 input/output token estimation from state_5.sqlite
    with precise parsing of Codex CLI JSONL session logs (~/.codex/sessions/).
    
    - Parse event_msg (token_count), turn_context, and session_meta events
    - Compute exact input/output/cached token deltas from cumulative totals
    - Reuse session_log_sync table for incremental file scanning
    - Pre-filter lines with string contains() before JSON deserialization
    - Add codex_session data source to DataSourceBar with i18n (zh/en/ja)
  • fix: correct model pricing CNY→USD and add missing models
    - Fix 13 Chinese model prices that were stored as CNY values in USD
      fields (DeepSeek, Kimi, MiniMax, GLM, Doubao, Mimo)
    - Add 12 new models: GPT-5.4/mini/nano, o3, o4-mini, GPT-4.1/mini/nano,
      Gemini 3.1 Pro/Flash Lite, Gemini 2.5 Flash Lite, Gemini 2.0 Flash,
      DeepSeek Chat/Reasoner, Kimi K2.5
    - Merge pricing migration into existing v7→v8 to avoid extra version bump
  • feat: add session log usage tracking without proxy
    Parse Claude Code JSONL session files (~/.claude/projects/) and Codex
    SQLite database (~/.codex/state_5.sqlite) to track API usage without
    requiring proxy interception. This enables usage statistics for users
    who don't use the proxy feature.
    
    Key changes:
    - Add session_usage.rs: incremental JSONL parser with message.id dedup
    - Add session_usage_codex.rs: import thread-level token data from Codex
    - Add data_source column to proxy_request_logs (proxy/session_log/codex_db)
    - Add session_log_sync table for tracking parse offsets
    - Background sync every 60s + manual sync via DataSourceBar UI
    - Schema migration v7→v8
    - i18n support for zh/en/ja
  • fix: hide empty description and fix broken skill link for skills.sh results
    - Hide "暂无描述" text when skill has no description (skills.sh API
      doesn't return descriptions), show empty spacer instead
    - Change skills.sh result link from guessed subdirectory path to repo
      root URL, since skillId doesn't reflect the actual nested path
  • feat: integrate skills.sh search for discovering skills from public registry
    Add skills.sh API integration allowing users to search and install from
    a catalog of 91K+ agent skills directly within CC Switch. The search
    results are converted to DiscoverableSkill objects and reuse the existing
    install pipeline. Includes fallback directory search for repos where
    skills are nested in subdirectories, and filters out non-GitHub sources.
  • feat: add skill storage location toggle between CC Switch and ~/.agents/skills
    Allow users to choose between storing skills in CC Switch's managed
    directory (~/.cc-switch/skills/) or the Agent Skills open standard
    directory (~/.agents/skills/). Includes migration logic that safely
    moves files before updating settings, with confirmation dialog for
    non-empty installations.
  • feat: add skill update detection via SHA-256 content hashing
    - Add content_hash and updated_at fields to skills table (DB migration v6→v7)
    - Compute directory content hash on install/import/restore for version tracking
    - Add check_updates command: downloads repos, compares hashes, returns update list
    - Add update_skill command: backs up old files, re-downloads and replaces SSOT
    - Backfill content_hash for existing skills on first update check
    - Add "Check Updates" button and per-skill update badge/button in UnifiedSkillsPanel
    - Add i18n keys for zh/en/ja
  • feat: add official balance query for DeepSeek, StepFun, SiliconFlow, OpenRouter, Novita AI
    Add a new "Official" (官方) template type in the usage query panel that
    queries account balance via each provider's native API endpoint.
    Follows the same zero-script pattern as Token Plan — Rust handles the
    HTTP call, frontend auto-detects the provider from base URL.
    
    Supported providers and endpoints:
    - DeepSeek: GET /user/balance
    - StepFun: GET /v1/accounts
    - SiliconFlow: GET /v1/user/info (cn + com)
    - OpenRouter: GET /api/v1/credits
    - Novita AI: GET /v3/user/balance
  • fix: handle UTF-8 multi-byte characters split across stream chunk boundaries (#1923)
    * fix: handle UTF-8 multi-byte characters split across stream chunk boundaries
    
    Replace String::from_utf8_lossy with append_utf8_safe in all four SSE
    streaming paths. When a multi-byte UTF-8 character (e.g. Chinese, emoji)
    is split across TCP chunk boundaries, from_utf8_lossy silently replaces
    the incomplete halves with U+FFFD (�). This caused intermittent garbled
    output in Claude Code when using the Copilot reverse proxy, because the
    format conversion streams reconstruct SSE events from the corrupted buffer.
    
    The new append_utf8_safe function preserves incomplete trailing bytes in
    a remainder buffer and merges them with the next chunk before decoding,
    ensuring characters are never split during UTF-8 conversion.
    
    Fixes: intermittent U+FFFD replacement characters in Claude Code output
    via Copilot proxy (not reproducible with direct Copilot connections like
    opencode because they pass through raw bytes without format conversion).
    
    * style: fix cargo fmt formatting in UTF-8 boundary tests
    
    ---------
    
    Co-authored-by: Cod1ng <codingts@gmail.com>
    Co-authored-by: encodets <encodets@gmail.com>
  • Normalize fragmented system prompts for strict chat backends (#1942)
    Some OpenAI-compatible chat providers reject requests when Claude-side\nsystem fragments arrive as multiple system messages. Normalize the\nconverted OpenAI chat payload so system content becomes a single\nleading system message while leaving the rest of the message stream\nunchanged.\n\nConstraint: Nvidia/Qwen-style chat completions require a single leading system prompt\nRejected: Reorder system messages only | still leaves fragmented system prompts for strict backends\nConfidence: high\nScope-risk: narrow\nReversibility: clean\nDirective: Keep OpenAI chat system prompts normalized unless a provider explicitly requires fragmented system messages\nTested: cargo test proxy::providers::transform --manifest-path src-tauri/Cargo.toml\nNot-tested: Full end-to-end proxy capture against Nvidia upstream in this session\nRelated: #1881
  • fix: gate parse_gemini_keychain_json with cfg(target_os = "macos")
    The function is only called from read_gemini_credentials_from_keychain
    which is already macOS-only. Without the gate, non-macOS CI fails with
    dead-code error due to -D warnings.
  • fix: invert MiniMax usage_count to match 0%→100% convention
    usage_count is remaining quota (starts at total, decreases to 0),
    not used count. Invert calculation so all providers consistently
    show 0% when fresh and 100% when exhausted.
  • fix: correct MiniMax quota calculation and improve Token Plan display
    - Fix MiniMax usage_count being treated as remaining (was inverted)
    - Add MiniMax weekly quota tier extraction
    - Remove Zhipu TIME_LIMIT (tools usage), keep only TOKENS_LIMIT
    - Improve Kimi parsing with extract_reset_time and parse_f64 helpers
    - Reuse TierBadge for Token Plan inline rendering
    - Clean up unused i18n keys and debug println
  • feat: add Token Plan quota query for Kimi, Zhipu GLM, and MiniMax
    Add a new "Token Plan" template type in the usage query panel that
    natively queries quota/usage from Chinese coding plan providers
    (Kimi For Coding, Zhipu GLM, MiniMax) without requiring custom scripts.
    
    - Rust backend: new coding_plan service with provider-specific API
      queries (Kimi /v1/usages, Zhipu /api/monitor/usage/quota/limit,
      MiniMax /coding_plan/remains) normalized into UsageResult
    - Frontend: Token Plan template in UsageScriptModal with auto-detection
      of provider based on ANTHROPIC_BASE_URL pattern matching
    - Follows the same pattern as GitHub Copilot template (dedicated API
      path in queryProviderUsage, no JS script needed)
  • feat: add Copilot optimizer to reduce premium interaction consumption
    Implement request classification, tool result merging, compact detection,
    deterministic request IDs, and warmup downgrade for Copilot proxy.
    
    The root cause was x-initiator being hardcoded to "user", making Copilot
    count every API request (including tool callbacks and agent continuations)
    as a separate premium interaction. The optimizer dynamically classifies
    requests as "user" or "agent" based on message content analysis.
    
    Closes #1813
  • feat: add official subscription quota display for Gemini
    - Read Gemini OAuth credentials from macOS Keychain (gemini-cli-oauth)
      or legacy file (~/.gemini/oauth_creds.json)
    - Auto-refresh expired access tokens using refresh_token (Google OAuth
      tokens expire in ~1h, unlike Claude/Codex)
    - Two-step API: loadCodeAssist for project ID, then retrieveUserQuota
      for per-model quota buckets
    - Classify models into Pro/Flash/Flash Lite categories, show min
      remaining fraction as utilization percentage
    - Extend isOfficialProvider() for Gemini (no API key + no base URL)
    - Parameterize expiredHint i18n key with tool name for all three apps
  • feat: add official subscription quota display for Codex
    Read Codex OAuth credentials from ~/.codex/auth.json (with macOS
    Keychain fallback) and query chatgpt.com/backend-api/wham/usage to
    show rate limit utilization on official Codex provider cards. Reuses
    the same tier naming (five_hour, seven_day) for frontend i18n compat.
  • feat: display official subscription quota on Claude provider cards
    Read Claude OAuth credentials from macOS Keychain (with file fallback)
    and query the Anthropic usage API to show quota utilization inline on
    official provider cards. Includes compact countdown timer for reset
    windows and hides the rarely-used seven_day_sonnet tier in inline mode.
  • feat(tray): collapse providers into submenus to prevent menu overflow
    Each app type (Claude/Codex/Gemini) now renders as a submenu instead
    of flat items, keeping the top-level tray menu compact regardless of
    provider count. The submenu label shows the current provider name
    (e.g. "Claude · OpenRouter") for at-a-glance visibility.
  • feat: add auto-fetch models from provider's /v1/models endpoint
    Add ability to fetch available models from third-party aggregation
    providers (SiliconFlow, OpenRouter, etc.) via OpenAI-compatible
    GET /v1/models endpoint. Users can click "Fetch Models" button in
    the provider form, then select models from a dropdown on each
    model input field.
    
    - Backend: new model_fetch service + Tauri command (Rust)
    - Frontend: ModelInputWithFetch shared component
    - Integrated into all 5 app forms (Claude/Codex/Gemini/OpenCode/OpenClaw)
    - i18n support for zh/en/ja
  • fix(copilot): 修复 GitHub Copilot 认证和代理问题 (#1854)
    * fix(copilot): 修复 GitHub Copilot 400 认证错误
    
    问题:使用 GitHub Copilot provider 时报错 400 bad request
    
    根因:与 copilot-api 项目对比发现多处差异
    
    修复内容:
    - 更新版本号 0.26.7 到 0.38.2
    - 更新 API 版本 2025-04-01 到 2025-10-01
    - 添加缺失的关键 headers
    - 修正 openai-intent 值
    - 添加动态 API endpoint 支持
    - 同步更新 stream_check.rs headers
    
    Closes #1777
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    
    * fix: flush stream after write_all in hyper_client proxy
    
    Add explicit flush() calls after write_all() for TLS stream, plain TCP
    stream, and CONNECT tunnel requests to ensure buffered data is sent
    immediately, preventing connection hangs in Copilot auth header flow.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * 修复登录时的剪切板在mac与linux端可能没复制验证码
    
    * fix: flush stream after write_all in hyper_client proxy
    
    Add explicit flush() calls after write_all() for TLS stream, plain TCP
    stream, and CONNECT tunnel requests to ensure buffered data is sent
    immediately, preventing connection hangs in Copilot auth header flow.
    
    * 修复登录时的剪切板在mac与linux端可能没复制验证码
    
    * 1、修复不同类型的个人商业等不同类型的copilot账号问题
    2、将验证码复制改为异步操作
    
    * fix: address PR review comments for Copilot auth                                                      │
    │                                                                                                                      │
    │ - Fix clipboard blocking by using spawn_blocking for arboard ops                                                     │
    │ - Implement dynamic endpoint routing for enterprise Copilot users                                                    │
    │ - Add api_endpoints cache cleanup in remove_account() and clear_auth()                                               │
    │ - Change API endpoint log level from info to debug                                                                   │
    │ - Fix clear_auth() to continue cleanup even if file deletion fails                                                   │
    │ - Add 9 unit tests for Copilot detection and api_endpoints cachin
    
    * style: fix cargo fmt formatting
    
    * Fix Copilot dynamic endpoint handling
    
    * fix: restore clear_auth() memory-first cleanup order and fix cache leaks
    
    - Restore clear_auth() to clean memory state before deleting the storage
      file. The previous order (file deletion first) caused a regression where
      users could get stuck in a "cannot log out" state if file removal failed.
    
    - Add missing copilot_models.clear() in clear_auth() — this cache was
      cleaned in remove_account() but never in the full clear path.
    
    - Add endpoint_locks cleanup in both remove_account() and clear_auth()
      to prevent minor in-process memory leaks.
    
    - Update test to assert the correct behavior: memory should be cleaned
      even when file deletion fails.
    
    ---------
    
    Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
    Co-authored-by: 周梦泽 <mengze.zhou@dafeng-tech.com>
    Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
    Co-authored-by: Jason <farion1231@gmail.com>
  • fix(test): resolve HOME env race condition in parallel tests
    - Use get_home_dir() instead of dirs::home_dir() in get_opencode_dir()
      and get_openclaw_dir() to respect CC_SWITCH_TEST_HOME override
    - Add CC_SWITCH_TEST_HOME to all TempHome implementations
    - Add #[serial] to all with_test_home tests to share serialization
      with other env-mutating tests
    - Remove --test-threads=1 workaround from CI
  • fix(claude): sync takeover live config during provider changes (#1828)
    Keep Claude's live settings aligned with the latest provider state while proxy takeover is active, without breaking takeover fields or restore behavior.
    
    Co-authored-by: Jason <farion1231@gmail.com>
  • feat(provider): additive provider key lifecycle & fix openclaw serializer panic (#1724)
    * feat(provider): support additive provider key lifecycle management
    
    Add `addToLive` parameter to add_provider so callers can opt out of
    writing to the live config (e.g. when duplicating an inactive provider).
    Add `originalId` parameter to update_provider to support provider key
    renames — the old key is removed from live config before the new one
    is written.
    
    Frontend: ProviderForm now exposes provider-key input for openclaw app
    type, and EditProviderDialog forwards originalId on save. Deep-link
    import passes addToLive=true to preserve existing behavior.
    
    * test(provider): add integration tests for additive provider key flows
    
    Cover openclaw provider duplication scenario to verify that a generated
    provider key is assigned automatically. Add MSW handlers for
    get_openclaw_live_provider_ids, get_openclaw_default_model,
    scan_openclaw_config_health, and check_env_conflicts endpoints.
    Update EditProviderDialog mock to pass originalId alongside provider.
    
    * fix(openclaw): replace json-five serializer to prevent panic on empty collections
    
    json-five 0.3.1 panics when pretty-printing nested empty maps/arrays.
    Switch value_to_rt_value() to serde_json::to_string_pretty() which
    produces valid JSON5 output without the panic. Add regression test for
    removing the last provider (empty providers map).
    
    * style: apply rustfmt formatting to proxy and provider modules
    
    Reformat chained .header() calls in ClaudeAdapter and StreamCheckService
    for consistent alignment. Reorder imports alphabetically in stream_check.
    Fix trailing whitespace in transform.rs and merge import lines in
    provider/mod.rs.
    
    * style: fix clippy warnings in live.rs and tray.rs
    
    * refactor(provider): simplify live_config_managed and deduplicate tolerant live config checks
    
    - Change live_config_managed from Option<bool> to bool with #[serde(default)]
    - Extract repeated tolerant live config query into check_live_config_exists helper
    - Fix duplicate key generation to also check live-only provider IDs
    - Fix updateProvider test to match new { provider, originalId } call signature
    - Add streaming_responses test type annotation for compiler inference
    
    * fix(provider): distinguish legacy providers from db-only when tolerating live config errors
    
    Change `ProviderMeta.live_config_managed` from `bool` to `Option<bool>`
    to introduce a three-state semantic:
    - `Some(true)`: provider has been written to live config
    - `Some(false)`: explicitly db-only, never written to live config
    - `None`: legacy data or unknown state (pre-existing providers)
    
    Previously, legacy providers defaulted to `live_config_managed = false`
    via `#[serde(default)]`, which silently swallowed live config parse
    errors. This could mask genuine configuration issues for providers that
    had actually been synced to live config before the field was introduced.
    
    Now, only providers with an explicit `Some(false)` marker tolerate parse
    errors; legacy `None` providers surface errors as before, preserving
    safety for already-managed configurations.
    
    Also wrap the `ensureQueryData` call for live provider IDs during
    duplication in a try/catch so that a malformed config file shows a
    user-facing toast instead of silently failing.
    
    Add tests for both the legacy error propagation path and the frontend
    duplication failure scenario.
    
    * refactor(provider): unify OMO variant updates with atomic file-then-db writes and rollback
    
    Consolidate the duplicated omo/omo-slim update branches into a single
    match on the variant. Write the OMO config file from the in-memory
    provider state *before* persisting to the database, so a file-write or
    plugin-sync failure leaves the database unchanged. If `add_plugin`
    fails after the config file is already written, roll back to the
    previous on-disk contents via snapshot/restore.
    
    Also:
    - `sync_all_providers_to_live` now skips db-only providers
      (`live_config_managed == Some(false)`) instead of attempting to write
      them to live config.
    - `import_{opencode,openclaw}_providers_from_live` mark imported
      providers as `live_config_managed: Some(true)` so they are correctly
      recognized during subsequent syncs.
    - Extract OmoService helpers: `profile_data_from_provider`,
      `snapshot_config_file`, `restore_config_file`, `write_profile_config`,
      and the new public `write_provider_config_to_file`.
    - Add 9 new tests covering sync skip, legacy restore, import marking,
      OMO persistence, file-write failure, and plugin-sync rollback.
    
    * fix(provider): fix additive provider delete/switch regressions and redundancy
    
    - fix(delete): replace stale live_config_managed flag check with
      check_live_config_exists so providers written to live before the
      flag-flip logic was introduced are still cleaned up on delete
    - fix(switch): make write_live_with_common_config return Err instead of
      silently returning Ok when config structure is invalid, preventing
      live_config_managed from being incorrectly flipped to true
    - fix(update): block provider key rename for OMO/OMO Slim categories to
      prevent orphaned current-state markers breaking OMO file syncs
    - fix(switch): flip live_config_managed to true after successful live
      write for DB-only additive providers so sync_all_providers_to_live
      includes them on future syncs; roll back live write if DB update fails
    - refactor(delete): merge symmetric OMO/OMO-Slim blocks into single
      match-on-variant path; hoist DB read to top of additive branch
    - refactor(remove_from_live_config): merge OMO/OMO-Slim if/else-if
      into single match-on-variant path
    - refactor(switch_normal): merge two OMO/OMO-Slim if blocks into one
      OpenCode guard with (enable, disable) variant pair
    - fix(update): remove redundant duplicate return Ok(true) after OMO
      current-state write
    
    * fix(test): use preferred_filename after OMO field rename
    
    The merge from main brought in #1746 which renamed
    OmoVariant.filename → preferred_filename, but the test helper
    omo_config_path() was not updated, breaking compilation of all
    new provider tests.
    
    ---------
    
    Co-authored-by: Jason <farion1231@gmail.com>
  • fix(proxy): serialize per-app provider switches to prevent state corruption
    Concurrent failover switches for the same app could cause is_current,
    local settings, and Live backup to point at different providers.
    
    - Add SwitchLockManager with per-app mutexes (different apps still parallel)
    - Unify scattered switch logic into ProxyService::hot_switch_provider
    - Fix TOCTOU in set_current_provider via mutate_settings
    - Add logical_target_changed to skip redundant UI refreshes
    - Add tests for serialization and restore-waits-for-switch scenarios