Conversation
…d popup
After creating an API key, the success popup now shows a second copyable
field: a ready-to-paste command that registers THIS server in the cix CLI
and makes it the default, so the flow is create → copy → paste → use.
The command writes a single `server.<alias>` entry (URL + the new key as
one unit — the key belongs to the server), then sets it as default:
cix config set server.<alias>.url <origin> && \
cix config set server.<alias>.key <key> && \
cix config set default_server <alias>
- <origin> comes from window.location.origin (dashboard is served
same-origin from cix-server, so it's always the correct base URL).
- <alias> is derived from window.location.host, sanitized to [a-z0-9-]
so it's dot-/whitespace-free as the CLI's parseServerKey requires.
Copy logic refactored into a reusable copyText() helper driving two
independent button states (key + command), preserving the existing
secure-context / execCommand fallback. Frontend-only; no CLI or server
change — the command uses existing `cix config set` commands.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The onOpenChange handler returned early whenever a key was revealed (`if (!next && revealed) return;`), which swallowed the close event from the top-right X button — the dialog could then only be dismissed by reloading the page. Accidental dismissal (outside-click, Escape) is already blocked separately at the DialogContent layer via preventDefault, so that early-return only ever harmed the explicit X click. Remove the guard so X (and "I've saved it") close and reset the dialog, while Escape / outside-click stay blocked at the content layer. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
feat(dashboard): copyable 'connect CLI' command in API-key-created popup + fix X close
Password hashing uses bcrypt cost 12 (~250ms/hash by design). Because nearly every server test seeds a user through a fixture, that deliberate cost dominated the whole `-race` suite: httpapi ~462s, users ~83s, sessions ~43s, apikeys ~28s — almost entirely bcrypt, serialized and amplified by CI CPU contention. Resolve the work factor once at init instead of a hard-coded const: 1. CIX_BCRYPT_COST — explicit override, clamped to [MinCost, MaxCost] 2. testing.Testing() — drop to bcrypt.MinCost under `go test` 3. 12 — production default (unchanged behaviour outside tests) testing.Testing() is false outside test binaries, and since Go 1.13 importing "testing" no longer registers test flags, so cix-server's flag.Parse() is unaffected (verified: `cix-server -v` still works). Also derive the user-not-found anti-enumeration dummy hash from the active cost (was a hard-coded `$2a$12$…` literal) so the timing mitigation stays accurate when the cost changes and the not-found path is cheap under test too. Measured (local, `go test -race -count=1`): httpapi 462.3s → 15.8s users 83.0s → <1s sessions 43.3s → <1s apikeys 27.9s → 5.4s full suite all green, 0 data races, ~23s wall. chunker (~19s, tree-sitter/CGO) is the remaining slow package and is inherent to -race; left untouched. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
perf(users/test): make bcrypt cost cheap under `go test`
…home
Add a collapsible step-by-step card on the dashboard home page that walks a
new user from zero to seeing the cix skills in Claude Code:
1. Install the cix CLI (curl installer)
2. Connect the CLI to this server (links to API Keys, shows the live
per-host connect command)
3. Add the plugin marketplace + install in Claude Code
4. (Optional) index a local project — skippable for workspace / external-
project-only users; cix status alone still verifies the connection
5. See the cix slash commands / skills appear
Collapse state persists in localStorage (expanded by default). Commands use
one-click copy buttons with the secure-context clipboard + execCommand
fallback for HTTP deploys.
Extract the per-host alias / connect-command derivation into
lib/cixServer.ts (cixServerAlias, cixConnectCommand) and reuse it in both the
card and the API-key popup so the two never drift. Add a reusable lib/useCopy
hook for the new components.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…e-guide feat(dashboard): "Connect Claude Code to cix" onboarding card on home
The home "Connect Claude Code to cix" guide's step 3 instructed users to type in-session slash commands (/plugin marketplace add, /plugin install, /reload-plugins). Rewrite them as `claude plugin` CLI commands run in a terminal, so the whole onboarding flow stays in the shell next to the other CLI steps. Installing via the CLI applies on the next `claude` session start, so the /reload-plugins step is dropped. Also update the now-stale hint text in step 3 and step 5 that referenced /reload-plugins. The "Connect the CLI to this server" command (step 2) and the API-key popup already derive the host dynamically from window.location via the shared cixConnectCommand helper — verified, no change needed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…dex) Add an admin-controlled, per-user switch that forbids a user from creating local projects and from indexing/reindexing, while keeping search of their already-indexed projects and workspace creation available. Admins are always exempt. - DB: users.local_project_disabled INTEGER NOT NULL DEFAULT 0 + idempotent migration #14. Default 0 backfills existing and new users to "allowed" (backward compatible). - Carry the column through every users.User builder, including the two hand-rolled auth-path JOINs that populate ac.User: apikeys.Authenticate (CLI/API-key path) and sessions.Get (dashboard path) — missing either is a silent enforcement bypass. - Enforcement: requireLocalProjectActions guard (access.go) gates CreateProject and index begin/files/finish with 403; admins and CIX_AUTH_DISABLED exempt. index/cancel (cleanup) and index/status + search (read) stay open. - Admin API: local_project_disabled on userPayload (/auth/me + /admin/users) and as a PATCH /admin/users/{id} field; SetLocalProjectDisabled setter. - OpenAPI: User + UpdateUserRequest schema fields, 403 docs; regen dashboard types; admin Users table gains a per-user toggle ("Always" for admins). - Tests: migration backfill + setter round-trip; httpapi gating (403 on create/index for a restricted user, read/workspace stay allowed, admin exempt, re-enable restores). docs/AUTH_REVIEW.md updated. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The cix-workspace skill and its investigator sub-agent assumed a single cix backend. The cix CLI supports several named servers (--server <alias>, CIX_SERVER), and a workspace + all its repos live on exactly one server — so a cross-project workflow that mixes servers silently returns empty or wrong-repo results. - cix-workspace SKILL: new "which server hosts the workspace?" section; thread --server through Step 0/1/2, the sub-agent fan-out prompt, the quick reference, and the TL;DR. Replace the raw curl per-project search (which hardcodes one server's URL/key) with `cix search -n <project> --server <alias>`, which resolves the right backend from config. - cix-workspace-investigator: every cix call must carry --server <alias> when the workspace is on a non-default server (tools list, hard rule 1, the "where your project lives" preamble). - skills/README.md: align the plugin install snippet with the dashboard onboarding card — `claude plugin …` console commands, drop the obsolete /reload-plugins. - Sync canonical skills into the plugin bundle (sync-skills.sh); plugin bats suite green (15/15). The cix skill already documented multi-server; no change needed there. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… edges Address review feedback on the per-user restriction: - Add an index/files 403 case to the gating test (the guard is identical to begin/finish, but explicit coverage closes the gap). - Document the role-independent persistence edge: the flag is not cleared on promote-to-admin (admins just ignore it) and re-activates on demotion — intentional. Noted at SetLocalProjectDisabled and the dashboard "Always" cell. - Document the mid-indexing edge: flipping the flag during an in-flight index session strands it; index/cancel stays open and the session TTLs out. Noted at requireLocalProjectActions. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Per-user local_project_disabled flag (block create + index)
govulncheck (Security workflow) flagged two Go standard-library vulnerabilities, both fixed in go1.25.11: - GO-2026-5039 (net/textproto) — reached via githubapi.DeleteWebhook → io.ReadAll - GO-2026-5037 (crypto/x509) — reached via tunnels.Installer.Install → io.Copy CI installs Go from `server/go.mod` (go-version-file), so bumping the directive to 1.25.11 is what moves the build onto the patched stdlib. Verified locally with the 1.25.11 toolchain: `govulncheck ./...` now reports 0 affecting vulnerabilities; build passes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
fix(server): bump Go to 1.25.11 (clear govulncheck stdlib vulns)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Minor release rolling up everything merged into
developsince v0.7.0. Server + dashboard + plugin/skills only — no CLI source changes (latest CLI stays v0.7.0; bump the CLI tag only if you want stream parity).Included PRs
local_project_disabledflag. Admin-controlled switch that forbids a user from creating local projects and from indexing/reindexing (403); search of already-indexed projects and workspace creation stay allowed; admins always exempt. Idempotent migration fix: rebuild CUDA image to patch CVEs, migrate to multi-stage build #14 backfills existing users to allowed (backward compatible). Admin toggle in the Users table; surfaced on/auth/me+/admin/users. Also makes thecix-workspaceskill + investigator sub-agent multi-server aware (--server/CIX_SERVER).claude plugin …console commands; dynamic host derivation.go test#61 — Cheap bcrypt cost undergo test(test-only perf).Release notes highlights
cix-workspaceskill now documents multiple cix servers and threads--serverthrough the workflow.Post-merge release steps
cd server && make scout-cuda→ verify 0 HIGH/CRITICAL.git tag server/v0.8.0 && git push origin server/v0.8.0→release-server.ymlbuilds CPU + CUDA, pushes:0.8.0,:latest,:0.8.0-cu128,:cu128(version injected via build-arg;version.gostays0.0.0-dev).Verification (on develop)
make testgreen; dashboardtypecheck+buildgreen; plugin bats suite 15/15. Migration is idempotent and backward compatible.🤖 Generated with Claude Code