Merge branch 'main' into fix/file-tree-concurrency

Use lstat for file-tree metadata so symlink entries are identified without following targets.

docs/nginx-subpath-template.conf

@@ -1,218 +0,0 @@
-# CloudCLI UI Nginx subpath deployment template.
-#
-# Purpose:
-#   Serve CloudCLI UI from a path prefix such as:
-#     http://localhost/ai/
-#     https://example.com/ai/
-#
-# CloudCLI itself still runs at the root of its own HTTP server, for example:
-#     http://127.0.0.1:3001/
-#
-# Nginx receives public requests under /ai, strips that prefix, and forwards the
-# remaining path to CloudCLI. For example:
-#     /ai/                  ->  /
-#     /ai/session/abc       ->  /session/abc
-#     /ai/assets/index.js   ->  /assets/index.js
-#
-# Important Nginx limitation:
-#   Nginx does not allow variables in `location` matchers or `rewrite` regexes.
-#   The configurable variables below are still useful for proxy/filter values,
-#   but if you change /ai to a different subpath, also update every line marked:
-#     [SUBPATH LITERAL]
-#
-# To use a different subpath, replace these literal matchers:
-#     location = /ai
-#     location ^~ /ai/
-#     rewrite ^/ai(?<cloudcli_path>/.*)$ ...
-#
-# Recommended deployment shape:
-#   CloudCLI is the only app using /ai, while root paths /api, /ws, and /shell
-#   are also proxied because the current frontend still calls those endpoints
-#   with root-relative URLs.
-
-worker_processes 1;
-
-events {
-    # Maximum simultaneous connections handled by each worker process.
-    # The default is enough for local testing and small self-hosted deployments.
-    worker_connections 1024;
-}
-
-http {
-    # WebSocket requests include an Upgrade header. Normal HTTP requests do not.
-    # This map gives us the right Connection header for both cases:
-    #   Upgrade present -> "upgrade"
-    #   Upgrade absent  -> "close"
-    map $http_upgrade $connection_upgrade {
-        default upgrade;
-        '' close;
-    }
-
-    server {
-        # For HTTPS deployments, replace this with `listen 443 ssl http2;` and
-        # add ssl_certificate / ssl_certificate_key lines.
-        listen 80 default_server;
-
-        # Use your real hostname in production, for example:
-        #   server_name cloudcli.example.com;
-        server_name localhost 127.0.0.1;
-
-        # ---- User settings -------------------------------------------------
-        #
-        # Public path prefix where users access CloudCLI.
-        # Do not add a trailing slash.
-        #
-        # This variable can be used in redirects and response rewrites. It
-        # cannot be used in `location` matchers, so update the [SUBPATH LITERAL]
-        # lines too if you change it.
-        set $cloudcli_subpath /ai;
-
-        # Private upstream URL where the CloudCLI server is listening.
-        # For a default local server this is usually http://127.0.0.1:3001.
-        set $cloudcli_upstream http://127.0.0.1:3001;
-
-        # Allow larger file uploads through the code editor/project file APIs.
-        client_max_body_size 100m;
-
-        # Redirect /ai to /ai/ so relative browser URL resolution is stable.
-        # [SUBPATH LITERAL] Change `/ai` if you change $cloudcli_subpath.
-        location = /ai {
-            return 301 $cloudcli_subpath/;
-        }
-
-        # Main prefixed CloudCLI UI route.
-        #
-        # [SUBPATH LITERAL] Change `/ai/` and the `^/ai` rewrite if you change
-        # $cloudcli_subpath.
-        location ^~ /ai/ {
-            # Strip the public subpath before proxying. CloudCLI expects to see
-            # root paths such as /, /session/:id, /assets/..., /manifest.json.
-            rewrite ^/ai(?<cloudcli_path>/.*)$ $cloudcli_path break;
-
-            # Forward the rewritten request to the private CloudCLI server.
-            proxy_pass $cloudcli_upstream;
-
-            # Use HTTP/1.1 so WebSocket upgrade requests can pass through if a
-            # browser reaches a socket endpoint under the subpath.
-            proxy_http_version 1.1;
-
-            # Preserve useful request metadata for logs and future app support.
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-Forwarded-Prefix $cloudcli_subpath;
-
-            # WebSocket upgrade headers. Harmless for normal HTTP requests.
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection $connection_upgrade;
-
-            # Long-running agent and terminal sessions can stay open for a long
-            # time, so avoid closing idle proxied connections too aggressively.
-            proxy_read_timeout 3600s;
-            proxy_send_timeout 3600s;
-
-            # Disable gzip from the upstream response so sub_filter can inspect
-            # and rewrite HTML/JSON/JS response bodies.
-            proxy_set_header Accept-Encoding "";
-
-            # Rewrite browser-visible root-relative URLs so the runtime can
-            # discover that the app is mounted under the subpath.
-            #
-            # Examples:
-            #   href="/manifest.json" -> href="/ai/manifest.json"
-            #   src="/assets/app.js"  -> src="/ai/assets/app.js"
-            #
-            # These rewrites are important for React Router basename detection.
-            sub_filter_once off;
-            sub_filter_types
-                application/json
-                application/manifest+json
-                application/javascript
-                text/javascript;
-
-            sub_filter 'href="/' 'href="$cloudcli_subpath/';
-            sub_filter 'src="/' 'src="$cloudcli_subpath/';
-
-            # The production HTML and JS register the service worker at /sw.js.
-            # Rewrite that registration so the worker is served from /ai/sw.js.
-            sub_filter "register('/sw.js')" "register('$cloudcli_subpath/sw.js')";
-            sub_filter 'register("/sw.js")' 'register("$cloudcli_subpath/sw.js")';
-
-            # The manifest and service worker contain root-relative paths too.
-            # Rewriting them keeps PWA metadata and cached manifest requests
-            # under the same public subpath.
-            sub_filter '"start_url": "/"' '"start_url": "$cloudcli_subpath/"';
-            sub_filter '"scope": "/"' '"scope": "$cloudcli_subpath/"';
-            sub_filter '"src": "/' '"src": "$cloudcli_subpath/';
-            sub_filter "'/manifest.json'" "'$cloudcli_subpath/manifest.json'";
-            sub_filter '"/manifest.json"' '"$cloudcli_subpath/manifest.json"';
-        }
-
-        # Root API proxy.
-        #
-        # The current CloudCLI frontend calls APIs with root-relative URLs such
-        # as /api/auth/login. Keep this location unless the frontend becomes
-        # fully prefix-aware for API requests.
-        location ^~ /api/ {
-            proxy_pass $cloudcli_upstream;
-
-            proxy_http_version 1.1;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-Forwarded-Prefix $cloudcli_subpath;
-
-            proxy_read_timeout 3600s;
-            proxy_send_timeout 3600s;
-        }
-
-        # Main app WebSocket proxy.
-        #
-        # The frontend opens /ws for realtime chat/session/task updates.
-        location /ws {
-            proxy_pass $cloudcli_upstream;
-
-            proxy_http_version 1.1;
-            proxy_set_header Host $host;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection $connection_upgrade;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-Forwarded-Prefix $cloudcli_subpath;
-
-            proxy_read_timeout 3600s;
-            proxy_send_timeout 3600s;
-        }
-
-        # Shell WebSocket proxy.
-        #
-        # The browser terminal uses /shell. It requires the same WebSocket
-        # upgrade handling as /ws.
-        location /shell {
-            proxy_pass $cloudcli_upstream;
-
-            proxy_http_version 1.1;
-            proxy_set_header Host $host;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection $connection_upgrade;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-Forwarded-Prefix $cloudcli_subpath;
-
-            proxy_read_timeout 3600s;
-            proxy_send_timeout 3600s;
-        }
-
-        # Optional health endpoint proxy used by the frontend version checker.
-        location = /health {
-            proxy_pass $cloudcli_upstream;
-
-            proxy_set_header Host $host;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-Forwarded-Prefix $cloudcli_subpath;
-        }
-    }
-}

public/modelConstants.js

@@ -11,8 +11,7 @@ export const CLAUDE_MODELS = {
     {
       value: "default",
       label: "Default (recommended)",
-      description:
-        "Use the default model (currently Opus 4.8 (1M context)) · $5/$25 per Mtok",
+      description: "Use the default model (currently Opus 4.8 (1M context)) · $5/$25 per Mtok",
     },
     {
       value: "sonnet",
@@ -24,12 +23,6 @@ export const CLAUDE_MODELS = {
       label: "Sonnet (1M context)",
       description: "Sonnet 4.6 for long sessions · $3/$15 per Mtok",
     },
-    {
-      value: "opus[1m]",
-      label: "Opus 4.8 (1M context)",
-      description:
-        "Opus 4.8 with 1M context · Most capable for complex work · $5/$25 per Mtok",
-    },
     {
       value: "haiku",
       label: "Haiku",

server/modules/providers/list/claude/claude-models.provider.ts

@@ -18,23 +18,18 @@ export const CLAUDE_FALLBACK_MODELS: ProviderModelsDefinition = {
     {
       value: 'default',
       label: 'Default (recommended)',
-      description: 'Use the default model (currently Opus 4.8 (1M context)) · $5/$25 per Mtok',
+      description: 'Use the default model (currently Opus 4.7 (1M context)) · $5/$25 per Mtok',
     },
     {
-      value: "sonnet",
-      label: "Sonnet",
-      description: "Sonnet 4.6 · Best for everyday tasks · $3/$15 per Mtok",
+      value: 'sonnet',
+      label: 'Sonnet',
+      description: 'Sonnet 4.6 · Best for everyday tasks · $3/$15 per Mtok',
     },
     {
       value: 'sonnet[1m]',
       label: 'Sonnet (1M context)',
       description: 'Sonnet 4.6 for long sessions · $3/$15 per Mtok',
     },
-    {
-      value: 'opus[1m]',
-      label: 'Opus 4.8 (1M context)',
-      description: 'Opus 4.8 with 1M context · Most capable for complex work · $5/$25 per Mtok',
-    },
     {
       value: 'haiku',
       label: 'Haiku',

server/modules/providers/services/provider-models.service.ts

@@ -17,7 +17,6 @@ import { readProviderSessionActiveModelChange } from '@/shared/utils.js';
 
 export const PROVIDER_MODELS_CACHE_TTL_MS = 3 * 24 * 60 * 60 * 1000;
 const PROVIDER_MODELS_CACHE_VERSION = 1;
-const UNCACHED_PROVIDERS = new Set<LLMProvider>(['claude']);
 
 type ProviderModelsServiceDependencies = {
   resolveProvider?: (provider: LLMProvider) => Pick<IProvider, 'models'>;
@@ -233,42 +232,10 @@ export const createProviderModelsService = (dependencies: ProviderModelsServiceD
     return request;
   };
 
-  const loadDirectModels = (
-    provider: LLMProvider,
-  ): Promise<ProviderModelsResult> => {
-    const request = resolveProvider(provider).models.getSupportedModels()
-      .then((models) => {
-        const currentTime = now();
-        return {
-          models,
-          cache: {
-            updatedAt: new Date(currentTime).toISOString(),
-            expiresAt: new Date(currentTime).toISOString(),
-            source: 'fresh' as const,
-          },
-        };
-      })
-      .finally(() => {
-        pendingRequests.delete(provider);
-      });
-
-    pendingRequests.set(provider, request);
-    return request;
-  };
-
   const getProviderModels = async (
     provider: LLMProvider,
     options: ProviderModelsOptions = {},
   ): Promise<ProviderModelsResult> => {
-    if (UNCACHED_PROVIDERS.has(provider)) {
-      const pendingRequest = pendingRequests.get(provider);
-      if (pendingRequest) {
-        return pendingRequest;
-      }
-
-      return loadDirectModels(provider);
-    }
-
     if (options.bypassCache) {
       const pendingRequest = pendingRequests.get(provider);
       if (pendingRequest) {

server/modules/providers/tests/provider-models.service.test.ts

@@ -130,37 +130,6 @@ test('provider models are cached for the three-day ttl', async () => {
   }
 });
 
-test('claude provider models are always loaded directly from the provider', async () => {
-  const tempRoot = await mkdtemp(path.join(os.tmpdir(), 'provider-model-cache-claude-direct-'));
-  let loadCount = 0;
-
-  try {
-    const service = createProviderModelsService({
-      cachePath: path.join(tempRoot, 'models-cache.json'),
-      resolveProvider: (provider) => ({
-        models: {
-          getSupportedModels: async () => {
-            loadCount += 1;
-            return createModels(`${provider}-${loadCount}`);
-          },
-          getCurrentActiveModel: async () => createCurrentActiveModel(`${provider}-active`),
-          changeActiveModel: async (input) => createSessionActiveModelChange(provider, input),
-        },
-      }),
-    });
-
-    const first = await service.getProviderModels('claude');
-    const second = await service.getProviderModels('claude');
-
-    assert.equal(loadCount, 2);
-    assert.equal(first.models.DEFAULT, 'claude-1');
-    assert.equal(second.models.DEFAULT, 'claude-2');
-    assert.equal(second.cache.source, 'fresh');
-  } finally {
-    await rm(tempRoot, { recursive: true, force: true });
-  }
-});
-
 test('provider model cache is persisted across service instances', async () => {
   const tempRoot = await mkdtemp(path.join(os.tmpdir(), 'provider-model-cache-file-'));
   const cachePath = path.join(tempRoot, 'models-cache.json');

server/modules/websocket/services/websocket-auth.service.ts

@@ -20,13 +20,7 @@ export function verifyWebSocketClient(
   dependencies: WebSocketAuthDependencies
 ): boolean {
   const request = info.req as AuthenticatedWebSocketRequest;
-  const upgradeUrl = new URL(request.url ?? '/', 'http://localhost');
-  const loggedUrl = new URL(upgradeUrl);
-  if (loggedUrl.searchParams.has('token')) {
-    loggedUrl.searchParams.set('token', 'REDACTED');
-  }
-
-  console.log('WebSocket connection attempt to:', `${loggedUrl.pathname}${loggedUrl.search}`);
+  console.log('WebSocket connection attempt to:', request.url);
 
   // Platform mode: use the first DB user and skip token checks.
   if (dependencies.isPlatform) {
@@ -42,6 +36,7 @@ export function verifyWebSocketClient(
   }
 
   // OSS mode: read JWT from query string first, then Authorization header.
+  const upgradeUrl = new URL(request.url ?? '/', 'http://localhost');
   const token =
     upgradeUrl.searchParams.get('token') ??
     request.headers.authorization?.split(' ')[1] ??