Commit graph

78 commits

Author SHA1 Message Date
AgentSeal
e7dbe56107 release: 0.9.15
Bump the version, document the Zed provider (logo, provider doc, data
table row), add the audit and context commands to the README, and
refresh the stale Cursor data-source description to the composer-meter
accounting.
2026-07-02 06:19:14 +02:00
Resham Joshi
69eee2c1f4
chore(release): 0.9.14 (#551)
Browser dashboard (codeburn web), device sharing (share/devices), new providers (Grok Build, ZCode, Hermes Agent, Kiro CLI, zerostack), Codex credit usage, plus CLI and menubar fixes. See CHANGELOG for the full list and contributor credits.

Document codeburn web and device sharing in the README and bump the package version.
2026-06-22 03:50:00 +02:00
Resham Joshi
887374de2c
feat(sharing): securely combine usage across your own devices (#532)
* feat(sharing): pairing, token, and device-identity core

First piece of local device sharing: self-cert fingerprint identity
(trust-on-first-use), a one-time expiring pairing PIN, fingerprint-bound
tokens, and a peer store that authorizes a pull only when both the token
and the TLS peer fingerprint match the same paired device. Pure logic,
fully unit-tested; the TLS share server and host pull build on this.

* feat(sharing): secure mutual-TLS transport + pairing handshake

Add device identity (self-signed cert, persisted; fingerprint = sha256 of
the cert DER), an HTTPS share server (mutual TLS: presents its cert, reads
the client's, and serves /api/usage only when the bearer token AND the
client fingerprint match the same paired peer), a one-time-PIN pairing
endpoint, and a fingerprint-pinning client. Verified end to end on
loopback: PIN pairing, pinned authed pull, and rejection of a wrong PIN,
a token replayed from another device, and a mismatched server
fingerprint. Adds the selfsigned dep (Node cannot generate certs natively).

* feat(sharing): share + devices CLI (pair, pull, combine)

Phase 3 terminal flow: codeburn share runs the secure server on-demand
(stops after 10 min idle; --always to persist, --pair to add a device),
and codeburn devices add <host> --pin <pin> pairs and pins a remote.
codeburn devices pulls this machine plus every paired device, keeps each
separate, and prints a per-device table with a simple summed Combined
row (no server-side merge). Persists identity and peers under the config
dir. Host pair-and-pull flow covered by a loopback integration test.

* feat(sharing): mDNS discovery + approve-style (no-PIN) pairing

Add bonjour-service discovery (advertise/browse over the LAN), a short
confirmation code derived from both cert fingerprints (Bluetooth-style
'do these match?' check), and an approve-style pairing endpoint that
prompts the owner instead of requiring a typed PIN. Loopback-tested:
approved device gets a working token with a matching code on both sides,
declined device is rejected.

* feat(sharing): AirDrop-style discover + approve UX

codeburn share now advertises on the LAN and approves incoming devices
interactively (confirm the matching code, no typed PIN). codeburn devices
add (no args) discovers nearby devices, lets you pick one, shows the
confirmation code, and waits for the owner to approve. Manual
add <host> --pin stays as a fallback for networks that block mDNS.

* feat(sharing): share only aggregates, never project names or paths

Sanitize each device's payload before it leaves the machine: drop
topProjects and topSessions (project names + session detail) and send
only aggregate numbers (cost, tokens, models, tools, activities, daily).
What you are working on stays local; only the totals travel.
2026-06-20 16:24:53 +02:00
Resham Joshi
2d44aeaedb
feat(web): local React dashboard served by codeburn web (#531)
Add a Vite + React 19 + Tailwind v4 + Recharts SPA (dash/) and a 'web'
command that serves the built UI plus a local /api/usage endpoint backed
by the existing menubar aggregation. Midnight theme with CodeBurn's
orange chart ramp: hero cost, a stacked-by-model daily bar chart with a
custom tooltip and hover-dim, metric cards, by-tool and by-activity bar
lists, and top-projects and tools tables. Period and provider filters,
react-query with skeleton loading. Stays 100% local.

build:dash builds the SPA into dist/dash (shipped via package files,
served at runtime); a missing build falls back to a helpful message.
2026-06-20 16:21:25 +02:00
Resham Joshi
60410a2632
chore(dev): silence the tsx module.register deprecation warning (#529)
Some checks are pending
CI / semgrep (push) Waiting to run
Node 26 flags tsx's loader use of module.register() as deprecated, which
prints DEP0205 on every npm run dev. Run dev with
NODE_OPTIONS=--no-deprecation so the output stays clean. Dev-only; the
built dist is unaffected.
2026-06-20 11:46:59 +02:00
Resham Joshi
a41a3b89c6
docs: finish README overhaul (#518)
Follow-up to #516, which was merged before these two commits had landed on the branch, so they did not make it into `main`.

Adds the remaining parts of the overhaul:
- Collapse **Commands**, **Features**, **Reading the dashboard**, **How it reads your data**, and **Environment Variables** behind `<details>` toggles so the README is short by default.
- Replace "AI coding tools" with "AI tools" in the README (3 places) and the `package.json` description.
2026-06-19 12:58:21 +02:00
Stephan Leicht Vogt
04f3fc1060
fix(menubar): support installer HTTP proxies (#475)
Some checks failed
CI / semgrep (push) Has been cancelled
Route the menubar installer's GitHub downloads through an undici ProxyAgent when HTTP(S)_PROXY is set, honoring NO_PROXY for bypass. Falls back to direct fetch when no proxy is configured. Closes #473.
2026-06-11 14:13:10 +02:00
iamtoruk
1e96a27df7 chore(release): 0.9.12
Changelog for 0.9.12, README node badge aligned to the real >=22 requirement
(node:sqlite for Cursor/OpenCode), and ws lockfile bumped to patched 8.21.0
(npm audit clean). No source changes.
2026-06-10 00:54:26 +02:00
Tiago Santos
cf35854b09
feat: add devin provider (#444)
* feat: add devin provider

* feat: add devin to gnome extension and improve dev scripts

* fix: fix local installer

* chore: cleanup unecessary changes and address pr comments
2026-06-09 21:58:31 +02:00
iamtoruk
4e61fd1369 build(mcp): add @modelcontextprotocol/sdk + zod, externalize in tsup 2026-06-02 01:38:45 -07:00
iamtoruk
14026a806a bump version to 0.9.11 2026-05-27 05:51:49 -07:00
iamtoruk
1317af2acf Bump to 0.9.10, fix per-provider chart history for today period
Some checks are pending
CI / semgrep (push) Waiting to run
The fallback daily history path (used when rangeStartStr = todayStr)
was missing cache-based historical data, showing only today's bar in
the trend chart. Now includes allCacheDays filtered by provider.
2026-05-17 14:06:13 -07:00
iamtoruk
06c90d0293 Merge main into feat/codebuff-provider to resolve conflicts 2026-05-16 08:02:27 -07:00
iamtoruk
5696a74571 Merge main into feat/kimi-code-provider to resolve conflicts 2026-05-16 07:25:12 -07:00
iamtoruk
a7bb780618 Reduce Claude parser OOM risk via entry compaction (0.9.9)
Strip heavy fields from JournalEntry immediately after JSON.parse in the
JSONL hot loop. Keeps only what downstream consumers need: type, timestamp,
sessionId, cwd, compacted user text (2000 char total cap), assistant
model/usage/id, tool_use names with Skill and Bash inputs, and MCP
inventory attachments. Text, thinking, and tool_result blocks are dropped.

Also removes redundant hydrateCache() from status --format json and
terminal status paths, and clears the session cache between period
parses to avoid pinning both today and month result sets.

This is a mitigation, not a full fix. Very large month ranges still
materialize full ProjectSummary.turns arrays. The real fix is the
streaming single-pass parser refactor.
2026-05-15 13:20:50 -07:00
iamtoruk
403efd4727 Merge remote-tracking branch 'origin/main' into fix/menubar-version-prefix
# Conflicts:
#	package.json
#	src/parser.ts
2026-05-13 20:32:22 -07:00
iamtoruk
aa946d0965 Keep CLI executable after build 2026-05-12 19:13:40 -07:00
Resham Joshi
38e41e93c3
Add Node version guard for unsupported runtimes (#319)
Split CLI into a tiny launcher (src/cli.ts) that checks for Node >= 22.13.0
before dynamically importing the full CLI (src/main.ts). Users on Node 18
now get a clear upgrade message instead of a cryptic regex parse error from
string-width. Closes #232.
2026-05-11 21:50:17 -07:00
AgentSeal
03e22ecb80
Add IBM Bob provider with workspace extraction (#316)
Some checks are pending
CI / semgrep (push) Waiting to run
* Add IBM Bob provider

* Add workspace extraction for Cline-family providers

Extract project name from workspace directory in api_conversation_history.json
so sessions show actual folder names instead of the provider display name.
Thread projectPath through ParsedProviderCall to avoid unsanitizePath mangling
hyphenated folder names.

---------

Co-authored-by: ozymandiashh <234437643+ozymandiashh@users.noreply.github.com>
Co-authored-by: iamtoruk <hello@agentseal.org>
2026-05-11 20:54:13 -07:00
ozymandiashh
78cbfd3798 Add Kimi provider 2026-05-11 19:02:28 +03:00
iamtoruk
d9acd8c4cd Release 0.9.8
Some checks are pending
CI / semgrep (push) Waiting to run
2026-05-10 17:09:16 -07:00
Resham Joshi
02f4635cec
Fix node:sqlite V8 crash on invalid UTF-8 in text columns (#272)
node:sqlite calls v8::String::NewFromUtf8 with kAbort on TEXT columns.
Cursor chat blobs often contain truncated multi-byte chars from streaming
boundaries, which triggers a V8 CHECK abort (not a JS exception).

Select all text-content columns as CAST(col AS BLOB) so node:sqlite
returns Uint8Array instead. Decode in JS with TextDecoder fatal:false
which replaces bad bytes with U+FFFD. Covers all three SQLite providers
(Cursor, Goose, OpenCode).

Removes the version blocklist (MIN_NODE_22_PATCH) and lowers engines
requirement from >=22.20 to >=22 since the BLOB cast approach works
on all Node 22.x versions.

Closes #264
Closes #250
2026-05-10 17:05:08 -07:00
Resham Joshi
04aeda71b6
Refuse to load node:sqlite on known-buggy Node 22.x patch versions (#265)
Some checks are pending
CI / semgrep (push) Waiting to run
Reported in #264 as a V8 CHECK abort with `Check failed: (location_) != nullptr`
inside `node::sqlite::StatementSync::ColumnToValue`. The crash happens when
SQLite returns a TEXT column whose bytes V8's String::NewFromUtf8 rejects
(invalid UTF-8 — common for Cursor's stored chat text where multi-byte chars
are truncated at streaming boundaries). Node 22.x prior to 22.20 does not
check the resulting MaybeLocal<String> for empty before dereferencing,
aborting the whole process with a trace trap.

A try/catch in JS can't recover — the abort runs in the C++ extension before
the V8 exception handler. So we refuse to load node:sqlite at all when we
detect a buggy Node version, surface a clear "upgrade Node" diagnostic, and
let the rest of the CLI run with the file-based providers (Claude, Codex,
Copilot, Gemini, etc.) instead of taking the whole tool down.

- engines.node bumped to >=22.20 so npm warns at install time
- src/sqlite.ts: checkBuggyNodeVersion() detects Node 22.x < 22.20 and routes
  through the existing isSqliteAvailable() / loadError diagnostic path
2026-05-07 09:48:57 -07:00
Resham Joshi
492bb5a5ec
chore: bump to 0.9.7 (#260)
Some checks are pending
CI / semgrep (push) Waiting to run
2026-05-06 23:11:29 -07:00
iamtoruk
6dbd25ce55 Bump version to 0.9.6 2026-05-03 12:12:56 -07:00
iamtoruk
341aa46f78 Strip ANSI escapes from bash commands across all providers
Use strip-ansi (already in dep tree via Ink) in extractBashCommands
to prevent terminal escape codes from leaking into dashboard bash
breakdown keys. Route goose, gemini, qwen, and openclaw through
extractBashCommands instead of inline split, which also gives them
multi-command extraction (matching claude/codex/droid behavior).
2026-05-02 20:59:24 -07:00
iamtoruk
033da415c5 Bump version to 0.9.5
Some checks are pending
CI / semgrep (push) Waiting to run
2026-05-01 08:16:14 -07:00
anandghegde
c66c804b67 Merge origin/main into feat/codebuff-provider and scope sessionId by channel
Resolves merge conflicts with main (README.md, src/providers/index.ts,
tests/provider-registry.test.ts, package-lock.json) and addresses PR
review feedback from Qodo-Free-For-OSS:

- Codebuff sessionId now includes the channel root name (manicode,
  manicode-dev, manicode-staging) derived from the chat directory
  structure, preventing the same chatId from colliding across channels
  when downstream aggregation keys by (provider, sessionId, project).
- Uses '/' as the channel/chatId separator to avoid clashing with
  src/parser.ts's colon-delimited session key format.
- Adds tests: collision across channels, channel inclusion, and
  fallback when the path doesn't match the expected shape.
- Updates README dedup paragraph to mention Codebuff's strategy.
2026-05-01 00:14:18 +05:30
AgentSeal
46924322d9 Bump version to 0.9.4
Some checks are pending
CI / semgrep (push) Waiting to run
OpenClaw, Roo Code, KiloCode, Qwen, Droid providers. Durable daily cache
with migration. Gemini JSONL fix. README restructure with honeycomb hero.
16 providers supported.
2026-04-29 01:11:27 +02:00
AgentSeal
d043795855 Add Qwen provider and replace hardcoded pricing with LiteLLM snapshot
- Add Qwen CLI provider (discovers sessions from ~/.qwen/projects/)
- Replace FALLBACK_PRICING (40 hand-maintained entries) with auto-generated
  LiteLLM snapshot (3595 models including Azure, OpenRouter pricing)
- Build script fetches and bundles LiteLLM data before tsup
- Provider-prefixed lookups (azure/, openrouter/) resolve to correct pricing
- Add display names for all GPT-5.x model variants
- Add Qwen to menubar provider filter and tab strip
2026-04-28 19:49:14 +02:00
AgentSeal
dbde5cb52a Release 0.9.3: Gemini CLI, Kiro, Copilot VS Code, Cursor lookback fix
Some checks are pending
CI / semgrep (push) Waiting to run
2026-04-28 05:14:56 +02:00
AgentSeal
314ef7a505 Release 0.9.2: fix Cursor cost tracking for v3 format and NULL timestamps
Some checks are pending
CI / semgrep (push) Waiting to run
2026-04-28 00:38:29 +02:00
AgentSeal
37a54081b2 Release 0.9.1: yield command
Some checks failed
CI / semgrep (push) Has been cancelled
Adds `codeburn yield` to track which AI sessions shipped to main vs were reverted or abandoned.
2026-04-25 17:11:37 +02:00
AgentSeal
ed7d76567b Release 0.9.0: Cursor Composer 2 support and provider fixes
- Fix cursor-agent provider to detect Composer 2 JSONL sessions (#142)
- Bump version to 0.9.0
- Update changelog with all 0.9.0 changes
2026-04-24 20:24:49 +02:00
iamtoruk
b4fad91512 chore: bump version to 0.8.9, add changelog
Some checks are pending
CI / semgrep (push) Waiting to run
Stale menubar price fix (#136), variable-width status item default.
2026-04-22 13:06:17 -07:00
iamtoruk
46f945fd72 fix: restore package.json truncated by sed 2026-04-22 05:38:14 -07:00
iamtoruk
f3687db447 chore: bump version to 0.8.8, add changelog
OOM streaming fix (#132), compact menubar mode (#133), keychain
credential fix + App Nap hardening (#134).
2026-04-22 05:35:06 -07:00
iamtoruk
cb44cc6deb chore: bump version to 0.8.7, add changelog entry
Skips 0.8.6 to match mac-v0.8.7 and keep CLI + menubar versions aligned.
CLI change: MiniMax-M2.7 and MiniMax-M2.7-highspeed pricing. macOS menubar
change: three stability fixes culminating in the App Nap opt-out that keeps
the refresh loop ticking while the icon is idle in the background.
2026-04-21 13:43:49 -07:00
Anand Hegde
3c0302b938 feat(providers): add Codebuff provider
Adds the Codebuff provider (formerly Manicode) as a single-file plugin
under src/providers/codebuff.ts, following the conventions used by the
pi and opencode providers.

Data source:
- Walks ~/.config/manicode/projects/<project>/chats/<chatId>/
- chat-messages.json holds the serialized ChatMessage[]
- run-state.json is consulted to recover the real cwd so sessions group
  by the originating project directory
- manicode-dev and manicode-staging channels are walked automatically
- Honors CODEBUFF_DATA_DIR for a custom root

Cost model:
- Codebuff bills in credits, not tokens. Each completed assistant message
  records credits on message.credits; CodeBurn approximates cost using
  the public PAYG rate ($0.01 / credit) as a conservative upper bound.
- When Codebuff routes a call through an upstream provider and the
  stashed RunState records real token totals (providerOptions.usage or
  providerOptions.codebuff.usage in messageHistory), the LiteLLM-based
  calculation takes precedence.

Tool normalization maps Codebuff-native names (read_files, str_replace,
run_terminal_command, spawn_agents, etc.) to the canonical set used by
the classifier (Read, Edit, Bash, Agent, TodoWrite, ...).

Tests:
- 18 provider tests covering discovery, parsing, multi-turn sessions,
  providerOptions fallback, dedup, malformed files, display names
- provider-registry.test.ts updated to assert codebuff is registered
  and its tool/model display names

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
2026-04-21 21:02:58 +05:30
iamtoruk
07d2fb07aa chore: bump version to 0.8.5, add changelog entry explaining revert
Reverts the persistent source cache added in 0.8.2 back to v0.8.1's
full-reparse path for Claude sessions; keeps the plan pill, pricing fix,
cursor-agent provider, and the Mac menubar prefetch+timezone work added
between 0.8.2 and 0.8.4.
2026-04-21 04:44:23 -07:00
iamtoruk
9940d64258 chore: bump version to 0.8.1 2026-04-19 13:35:04 -07:00
iamtoruk
6e4db43c41 Release 0.8.0: model comparison, auto-refresh, menubar fix
Add compare command docs to README, update changelog for 0.8.0,
bump version. TUI auto-refresh default 30s, menubar refresh 15s.
2026-04-19 08:58:45 -07:00
iamtoruk
070a378160 chore: bump to 0.7.4 and update CHANGELOG
Some checks are pending
CI / semgrep (push) Waiting to run
2026-04-19 03:36:27 -07:00
AgentSeal
a031c8d32d
chore: point repo URLs at getagentseal org (#97)
Add package.json repository/bugs/homepage fields. Swap hardcoded
AgentSeal/codeburn URLs to getagentseal/codeburn across README,
mac README, macOS menubar star banner, and the menubar installer's
release-API endpoint. 301 redirects keep old URLs working, but
canonical links now point at the current org.

Co-authored-by: AgentSeal <hello@agentseal.org>
2026-04-18 14:55:44 -07:00
AgentSeal
c83a12efed chore: reset version to 0.7.3 to match published npm 2026-04-18 09:54:03 -07:00
AgentSeal
35d4d32955 chore: bump to 0.7.4-rc.2 for Node 24 OIDC retry 2026-04-18 09:47:21 -07:00
AgentSeal
e7f1b33196 chore: bump to 0.7.4-rc.1 for OIDC retry after npm upgrade fix 2026-04-18 09:36:38 -07:00
AgentSeal
46f72ba348 chore: bump to 0.7.4-rc.0 for OIDC test publish
Pre-release bump to validate npm OIDC trusted publishing end to end:
workflow trigger, Environment approval gate, Trusted Publisher match,
provenance attestation. Will not be tagged as `latest` on npm (npm
auto-excludes SemVer pre-releases from dist-tags). After this RC
succeeds, cut 0.7.4 proper.
2026-04-18 09:25:59 -07:00
AgentSeal
7aefd674fc fix: drop better-sqlite3 to remove deprecated prebuild-install (#75)
npm was warning on every install that prebuild-install@7.1.3 is no
longer maintained. prebuild-install ships as a transitive dependency
of better-sqlite3 and upstream PR #1446 to replace it is still open,
so we switch to Node's built-in node:sqlite module (stable in Node 24,
experimental in Node 22/23) and remove the better-sqlite3 dep entirely.

- src/sqlite.ts: uses DatabaseSync from node:sqlite. The one-shot
  ExperimentalWarning about SQLite on Node 22/23 is silenced for that
  specific warning; other warnings pass through unchanged.
- package.json: engines.node bumped to >=22 (Node 20 EOL 2026-04-30),
  better-sqlite3 and @types/better-sqlite3 removed, @types/node added
  (it was coming in transitively via @types/better-sqlite3).
- tests/providers/opencode.test.ts: fixture DB creation switched to
  node:sqlite (API parity for the CREATE TABLE + INSERT + prepare
  path we use).

End-user install footprint shrinks from 167 to 40 packages and prints
zero deprecation warnings.

Credit: @primeminister for the report.
2026-04-18 01:26:23 -07:00
AgentSeal
818a249c87 chore: release 0.7.2 native macOS menubar app
See CHANGELOG.md for the full breakdown. Highlights:

- Native Swift + SwiftUI menubar app under mac/ replaces the SwiftBar
  plugin. Install via `npx codeburn menubar`.
- `status --format menubar-json` payload builder.
- `export -f csv` now writes a folder of clean per-table CSVs; `-o`
  path guard prevents arbitrary deletion.
- `status` terminal Today/Month bucketed by local date instead of UTC.
- FX rate values clamped to sane bounds in both runtimes.
- SwiftBar plugin, install-menubar / uninstall-menubar, and
  `--format menubar` removed.
2026-04-17 17:08:24 -07:00