Releases: geekchongv/ccswitch-context-guard
Release list
CCProxy Agent v0.4.97
CCProxy Agent v0.4.97
This release adds macOS distribution, user-managed multimodal credentials, and adaptive protection against local-gateway HTTP 429 responses.
Highlights
- Downloadable macOS DMG and ZIP packages for Apple Silicon (
arm64) and Intel (x64). - Vision Base URL, path, model list, limits, prompt, and API key are configurable from the desktop UI.
- Vision API keys are encrypted with the operating system's credential service and are never included in renderer state, logs, source control, or release packages.
- Local gateway 429 responses trigger a shared cooldown, respect
Retry-After, lower future traffic to one concurrent request, and perform one serialized retry inside the proxy. - Rate-limit cooldown and recovery appear in the protection-event timeline.
macOS installation
Choose arm64 for Apple Silicon or x64 for Intel Macs. This initial macOS release is unsigned; if Gatekeeper blocks the first launch, Control-click CCProxy Agent and choose Open. Configuration and encrypted secrets live in the macOS user-data directory rather than inside the application bundle.
Security
Release automation scans Windows and macOS output directories for private config.json files and configured secret sentinels. A combined SHA256SUMS.txt covers all published binaries.
CCProxy Agent v0.4.95
CCProxy Agent v0.4.95
This release replaces the original utility-style Electron shell with a complete desktop control center while preserving the existing context-protection gateway and configuration contracts.
Highlights
- New CC Switch-inspired desktop information architecture
- Clear client → CCProxy Agent → CC Switch routing visualization
- Unified proxy controls and live process status
- Product health panel and recent protection-event timeline
- Structured network, context-guard, Claude integration, and multimodal settings
- Persistent light and dark themes
- Chinese UI encoding repaired throughout the renderer
- Application-owned Windows icon instead of the Electron default
Interaction and safety improvements
- Settings validate ports, context thresholds, and tool-result cleanup ranges before saving.
Ctrl+Ssaves the active settings page andCtrl+,opens proxy settings.- Start, stop, restart, and configuration mutations expose loading and error feedback.
- Empty health, event, and log states explain what data will appear instead of showing blank panels.
- The renderer keeps the existing isolated preload bridge and does not enable Node integration.
Release integrity
- Runtime version now comes from
package.json, preventing the packaged UI from displaying an older hard-coded version. - The Windows package is scanned for private configuration files and configured secret bytes.
- CI runs TypeScript checks, 71 automated tests, GUI reference validation, packaging, and a packaged context-rescue smoke test before publishing.
SHA256SUMS.txtis included with the Release assets.
Install
- Download
CCProxy-Agent-v0.4.95.exefrom this Release. - Keep
config.example.jsonbeside it only as a reference; the application creates a secret-free localconfig.jsonon first start. - Close any older CCProxy Agent instance before launching the new executable.
The portable package still includes the Electron runtime and is expected to remain around 86 MB. The interface rewrite itself adds only a small amount of application code.
v0.4.94
CCProxy Agent v0.4.94
Hotfix release: the v0.4.93 portable package could not start because the Electron entry file was missing from the asar archive. v0.4.94 fixes the build so CI once again produces a runnable Windows portable EXE.
Build fix
build:guinow bundleselectron-main.tstodist/electron-main.js(the entry referenced bypackage.json"main"), in addition togui-preload.ts.build:guicleansdistfirst to prevent stale or missing entry files from drifting into the packaged archive.- Without this,
electron-builderpacked an asar whose entry file was absent and the EXE failed at launch withApplication entry file ... was not found in this archive.
What this release contains
- Security-hardened open-source packaging (unchanged from v0.4.93):
- Private
config.jsonis not copied beside the EXE or included inapp.asar. - First startup creates a secret-free
config.jsonbeside the portable executable. - Packaging scans the full release directory for private config files and configured secret bytes.
- Every release includes
SHA256SUMS.txtandconfig.example.json.
- Private
- Context recovery (unchanged from v0.4.93):
- Agent rescue clears old tool results first.
- The newest oversized tool result preserves bounded head and tail evidence instead of being erased.
- JSON replay removes stale entity headers.
- Anthropic and OpenAI SSE compact reminders are supported.
- Chunk synthesis failures enter a one-shot context retry path.
Install
- Download
CCProxy-Agent-v0.4.94.exe. - Verify it with
SHA256SUMS.txt. - Run the EXE; a clean
config.jsonis generated automatically. - Configure CC Switch and optional Vision access in the desktop UI.
Windows may display a SmartScreen warning because the community build is not currently distributed with a commercial Authenticode certificate.
v0.4.91
v0.4.91
修复
- rescue 路径过度清理:keepRecent=0,清理目标改用上游真实值+undercountRatio 计算
- 阈值校准:代理估算≈真实值 0.5 倍,阈值砍半(compactThreshold 180K→90K,hardLimit 200K→130K,toolResultClear 170K/150K→80K/65K)
诊断
- 上下文超限日志新增 upstreamBody 字段
- 成功响应捕获上游 usage 对比
- collectRequestFlags 精简日志
v0.4.5
CCProxy Agent v0.4.5
Highlights
- Final synthesis is now hard-cap aware. After chunk execution, CCProxy Agent no longer places the full original
messagesJSON back into the synthesis request. - Synthesis now carries a bounded original-task preview plus chunk outputs, then truncates to the same hard-cap budget used by chunk execution.
- Synthesis output tokens are capped at 4,000, preventing the previous
large input + huge max_tokensfailure pattern from reappearing at the final step. - The Windows GUI release is now packaged as a clean zip containing the portable exe,
config.example.json, README, docs, license, changelog, and checksum.
Notes
- v0.4.4 fixed the oversized single-chunk bug. v0.4.5 closes the follow-up synthesis path so the whole chunking pipeline is protected.
- Added regression tests for oversized original messages and excessive chunk outputs during synthesis.
- Release zip intentionally excludes local
config.json, logs, runtime data, unpacked build directories, and secrets.
v0.4.2
CCProxy Agent v0.4.2
Highlights
- Adds a product-focused health panel to the desktop console.
- Shows proxy, upstream, Claude routing, and vision readiness at a glance.
- Adds a protection event feed that turns technical logs into user-facing guardrail events.
- Surfaces token budget checks,
max_tokensreductions, context-limit retries, compact reminders, chunking, and vision preprocessing as readable timeline cards. - Adds README dashboard screenshots so new users can understand the running product faster.
Notes
- The raw runtime log view is still available.
- Protection events are derived from existing structured logs, so the request orchestration path is unchanged.
- Vision readiness checks whether the configured vision API key environment variable is present when vision is enabled.
v0.4.0
CCProxy Agent v0.4 Release Notes
Summary
v0.4 adds multimodal image support for text-only downstream models.
Claude Desktop can send image blocks, but your downstream model may be GLM-5.2 or another text-only model. In that case, CCProxy Agent now intercepts the image, calls a dedicated vision model, injects a text summary, and strips the original image before forwarding downstream.
Default Vision Models
{
"vision": {
"enabled": true,
"models": [
"qwen3-vl-30b-a3b-instruct",
"Qwen3.6-35B-A3B"
],
"compareModels": true
}
}Both models are called by default. Their summaries are combined into one [VISION SUMMARY] block.
Secret Handling
The API key is not committed to config. Set it as a user environment variable:
[Environment]::SetEnvironmentVariable("CCPROXY_VISION_API_KEY", "your-token", "User")Restart the proxy after setting the variable.
Flow
Claude Desktop image input
-> CCProxy Agent extracts image blocks
-> calls qwen3-vl-30b-a3b-instruct
-> calls Qwen3.6-35B-A3B
-> injects [VISION SUMMARY]
-> strips image blocks
-> forwards text-only request to ccswitch / GLM-5.2
Limits
Default limits:
{
"maxImagesPerRequest": 5,
"maxImageBytes": 5000000,
"summaryMaxTokens": 1500
}These guardrails prevent image payloads from exploding context size.
Validation
- TypeScript check passes.
- Unit tests pass.
- Added regression coverage for dual vision model calls.
- Live test confirmed
qwen3-vl-30b-a3b-instructcan OCR the provided screenshot. - Live test confirmed
Qwen3.6-35B-A3Bcan return normal content whenenable_thinking=false.
v0.3.2
CCProxy Agent v0.3.2 Release Notes
Summary
v0.3.2 fixes Claude Desktop gateway probe failures where Desktop reported:
Gateway returned HTTP 500
responseBody: {"error":"ccproxy-agent internal error"}
Fixed
v0.3.1 preserved authentication headers correctly, but still forwarded hop-by-hop HTTP headers such as:
connectionkeep-alivetransfer-encodingupgradetetrailer
Those headers belong to a single client/proxy connection and should not be forwarded into the new upstream fetch call. In some Desktop probe requests, this could make the underlying fetch fail before ccswitch received the request.
v0.3.2 filters these headers while preserving useful headers such as:
Authorizationx-api-keyanthropic-versioncontent-type
Validation
Commands verified:
npm run check
npm testRegression coverage:
- Desktop gateway authorization headers are preserved.
- Desktop-style requests carrying connection headers no longer produce an internal proxy failure.
v0.3.1
CCProxy Agent v0.3.1 Release Notes
Summary
v0.3.1 fixes a Claude Desktop gateway authentication regression introduced by v0.3.
Fixed
Claude Desktop sends its gateway credential to CCProxy Agent, but v0.3 did not preserve request headers when a request entered the AI orchestration layer. As a result, ccswitch could reject the request and Claude Desktop could show:
Couldn't sign in to Gateway
The provider rejected your credentials.
v0.3.1 forwards the original non-hop request headers through all AI paths:
- normal request forwarding
max_tokensreduction- context-limit retry
- chunk execution
- synthesis request
Validation
Added a regression test that requires:
Authorization: Bearer desktop-token
The test now verifies that the header reaches the mock upstream after orchestration.
Commands verified:
npm run check
npm testv0.3.0
CCProxy Agent v0.3 Release Notes
Summary
v0.3 adds Claude Desktop 3P gateway support on top of the existing Claude CLI support.
When ccswitch configures Claude Desktop with a local 3P gateway such as:
http://127.0.0.1:15721/claude-desktop
CCProxy Agent can temporarily rewrite the applied Claude Desktop config to:
http://127.0.0.1:15722/claude-desktop
Requests still flow to ccswitch, but now pass through CCProxy Agent first:
Claude Desktop -> CCProxy Agent :15722 -> ccswitch :15721 -> provider
New Capabilities
- Detects Claude Desktop 3P local config library.
- Reads
_meta.jsonand patches only the currently applied config. - Preserves the existing ccswitch-generated models, API key, auth scheme, and gateway path.
- Restores the previous Desktop gateway URL on shutdown.
- Recovers stale Desktop patches left by a crashed previous process.
- Treats prefixed routes such as
/claude-desktop/v1/messagesas AI routes, so the v0.2 token guard still applies.
Default Policy
{
"claudeConfigPatch": {
"enabled": true
},
"claudeDesktopConfigPatch": {
"enabled": true
}
}On Windows, the default Desktop config path is:
%LOCALAPPDATA%/Claude-3p/configLibrary
Important Notes
- Claude Desktop reads 3P config on launch. Fully quit and reopen Claude Desktop after the proxy starts.
- This feature does not edit MCP server definitions.
- This feature does not log the full Desktop config because that file may contain secrets.
- If a managed MDM policy overrides local Desktop config, local patching may not take effect.