11 Commits

  • docs: add model mapping documentation for Amp CLI integration
    - Add model mapping feature to README.md Amp CLI section
    - Add detailed Model Mapping Configuration section to amp-cli-integration.md
    - Update architecture diagram to show model mapping flow
    - Update Model Fallback Behavior to include mapping step
    - Add Table of Contents entry for model mapping
  • **docs: add Amp CLI integration guide to Chinese documentation**
    - Updated `README_CN.md` to introduce Amp CLI and IDE support.
    - Added detailed integration guide in `docs/amp-cli-integration_CN.md`.
    - Covered setup, configuration, OAuth, security, and usage of Amp CLI with Google/ChatGPT/Claude subscriptions.
  • security: fix localhost middleware header spoofing vulnerability
    Fix critical security vulnerability in amp-restrict-management-to-localhost
    feature where attackers could bypass localhost restriction by spoofing
    X-Forwarded-For headers.
    
    Changes:
    - Use RemoteAddr (actual TCP connection) instead of ClientIP() in
      localhostOnlyMiddleware to prevent header spoofing attacks
    - Add comprehensive test coverage for spoofing prevention (6 test cases)
    - Update documentation with reverse proxy deployment guidance and
      limitations of the RemoteAddr approach
    
    The fix prevents attacks like:
      curl -H "X-Forwarded-For: 127.0.0.1" https://server/api/user
    
    Trade-off: Users behind reverse proxies will need to disable the feature
    and use alternative security measures (firewall rules, proxy ACLs).
    
    Addresses security review feedback from PR #287.
  • docs: reposition Amp CLI as integrated feature for upstream PR
    - Update README.md to present Amp CLI as standard feature, not fork differentiator
    - Remove USING_WITH_FACTORY_AND_AMP.md (fork-specific, Factory docs live upstream)
    - Add comprehensive docs/amp-cli-integration.md with setup, config, troubleshooting
    - Eliminate fork justification messaging throughout documentation
    - Prepare Amp CLI integration for upstream merge consideration
    
    This positions Amp CLI support as a natural extension of CLIProxyAPI's
    multi-client architecture rather than a fork-specific feature.
  • feat(auth, docs): add SDK guides and local password support for management
    - Added extensive SDK usage guides for `cliproxy`, `sdk/access`, and watcher integration.
    - Introduced `--password` flag for specifying local management access passwords.
    - Enhanced management API with local password checks to secure localhost requests.
    - Updated documentation to reflect the new password functionality.
  • feat(auth): enhance watcher with asynchronous dispatch and buffering
    - Added async dispatch loop to `Watcher` for handling incremental `AuthUpdate` with in-memory buffering.
    - Improved resilience against high-frequency auth changes by coalescing updates and reducing redundant processing.
    - Updated `cliproxy` service to increase auth update queue capacity and optimize backlog consumption.
    - Added detailed SDK integration documentation in English and Chinese (`sdk-watcher.md`, `sdk-watcher_CN.md`).
  • docs(sdk-access): add SDK usage guides in English and Chinese
    - Added `sdk-access.md` and `sdk-access_CN.md` documentation files.
    - Included detailed guidelines for authentication manager lifecycle, configuration, built-in and custom providers.
    - Documented integration steps with `cliproxy` and instructions for hot reloading.
  • feat: introduce custom provider example and remove redundant debug logs
    - Added `examples/custom-provider/main.go` showcasing custom executor and translator integration using the SDK.
    - Removed redundant debug logs from translator modules to enhance code cleanliness.
    - Updated SDK documentation with new usage and advanced examples.
    - Expanded the management API with new endpoints, including request logging and GPT-5 Codex features.