v1.0.3

Web Coding (/chat)

• Added dedicated /chat web coding workspace with full-screen chat layout and persisted session history.
• Chat transport on /chat uses WebSocket (/api/coding/ws) for live event streaming.
• Added workspace-aware new session flow with folder picker and server-side path suggestions.
• Added session route targeting via query parameter (/chat?id=<session_id>) for direct open/resume behavior.
• Added coding activity timeline rendering alongside assistant outputs in the web chat UI.
• Added coding slash commands support focused for web workflow (/status and /review).
• Added skill picker integration to insert $skill_name hints directly into the composer.
• Added streaming-focused chat UX updates (in-progress state + progressive assistant output).
• Added runtime session APIs (/api/coding/sessions, /api/coding/messages, /api/coding/chat) and persistent storage tables for coding sessions/messages.
• Added runtime lifecycle metadata for coding sessions (runtime_mode, runtime_status, restart_pending) across coding session APIs.
• Added runtime control APIs for chat orchestration: PUT /api/coding/sessions/runtime, GET /api/coding/runtime/status, and POST /api/coding/runtime/restart.
• Added runtime lifecycle websocket events in /api/coding/ws (runtime_started, runtime_status, runtime_error) to improve Codex CLI parity on /chat.
• Added deferred runtime-restart behavior when restart is requested during in-flight coding turns (restart_scheduled -> restart after turn finishes).
• Added dedicated terminal execution bubbles in /chat with click-to-open modal for full command output, built from activity + raw Codex JSON stream events.
• Added pagination to /api/coding/messages with limit + before_id cursor and page metadata fields (has_more, oldest_id, newest_id).
• Improved /chat scroll UX during running streams: user scroll position is preserved when reading older messages and auto-follow to bottom is disabled until user jumps back.
• Added floating Jump to latest button in /chat when conversation is scrolled away from bottom.
• Made stale pagination cursors (before_id) resolve gracefully as end-of-history instead of returning request errors.
• Fixed /review command argument handling so prompted review no longer sends conflicting --uncommitted + prompt flags to Codex CLI.

Added

• Zo API key management (multi-key add/remove, per-key request counters, last-request info, and OpenAI-compatible Zo endpoint support).
• System Logs page with database-backed rotation and log detail viewer for account switch/usage events.
• Added GET /api/accounts/total endpoint to efficiently count total stored accounts without loading full records.
• Background usage scheduler now automatically "delists" accounts that return API 401 or suspended (account_suspended) errors; delisted accounts are permanently skipped in future background checks until manually refreshed and restored.

Changed

• Codex CLI Strategy now includes:
  • round_robin rotation (automatic periodic switch)
  • manual mode with auto-switch when remaining usage is below configured threshold.
• API Workspace refinement: Zo model caching, model mapping list improvements, and cleaner endpoint examples.
• Usage automation and account switching behavior were stabilized for large multi-account pools.
• Runtime bind mode is now simplified: use CODEXSESS_PUBLIC=true for public bind (0.0.0.0:<PORT>), otherwise local bind (127.0.0.1:<PORT>). CODEXSESS_BIND_ADDR is no longer used.
• Startup logs now clearly show bind scope (public or local) to avoid ambiguous network status messages.
• Installer systemd unit now uses CODEXSESS_PUBLIC=true for server mode.
• README (EN/ID) was updated to document CODEXSESS_PUBLIC and remove old CODEXSESS_BIND_ADDR guidance.
• System Logs filter UI was refined: search/filter row now has proper bottom spacing and full-width control layout.
• Refactored all Dashboard filtering (search, account type, token status, usage availability) from Client-Side Svelte to Server-Side SQL query filters, enabling true global search across all paginated pages.
• Advanced Dashboard sorting algorithm now guarantees that any account reporting under 50% hourly usage is automatically pushed to the bottom of the active list, while ensuring revoked accounts stay firmly beneath them.
• Dashboard account listing now uses server-side pagination via GET /api/accounts?page=1&limit=20 to prevent browser crashes and backend memory spikes when managing very large account pools.
• Dashboard account list now sorts Revoked accounts to the very bottom automatically.
• Dashboard sidebar now accurately displays the true total count of all accounts across all pages instead of just the paginated slice length.
• Dashboard account card now gracefully hides usage progress bars when an account is marked as Revoked, displaying the revoked reason/status clearly instead.
• Improved revoked token detection logic during background usage refresh to correctly identify API token_invalidated, account_suspended, and account_deactivated errors.
• Added a one-time backend startup migration to automatically scan and backfill the Revoked status for any legacy accounts that were suspended prior to the new revoked schema upgrade.

v1.0.2

Added

• Dedicated GitHub workflow for PR code review with synthesized final review output.
• Optional PR autofix helper workflow that generates patch suggestions and uploads patch artifacts for manual application.
• New API-key protected endpoint GET /v1/auth.json to export the active API account auth payload for external Codex CLI runners.

Changed

• OpenAI /v1 root payload validation now only dispatches to chat completions and responses APIs.
• API settings payload now exposes auth_json_endpoint for automation clients.
• API Workspace UI now shows Auth JSON endpoint and download example for automation use.
• Code-review automation flow is now review-first and can be configured to avoid direct push/merge behavior.
• API logging and automation coverage were refined so review flows stay visible and traceable in API logs.
• Settings and documentation were expanded with automation usage details and cURL examples.
• GitHub Actions code-review and autofix automation are now consolidated into a single workflow file for simpler maintenance.
• GitHub code-review workflow now supports manual run from Actions (workflow_dispatch) with optional base/head SHA and PR comment target.
• Release and code-review workflows now use Node 24-ready artifact action (actions/upload-artifact@v7), and release publishing was migrated from softprops/action-gh-release to gh release CLI.
• Fixed Linux installer cleanup trap to avoid bash: line 1: tmp: unbound variable after package install in strict shell mode (set -u).
• Installer now prints default auth credentials (admin / hijilabs) and password change command (codexsess --changepassword) after install.
• Server-mode installer now verifies codexsess.service active state and prints status check command (systemctl status codexsess).
• Default bind address is now 0.0.0.0:<PORT> (with CODEXSESS_BIND_ADDR override support), and server service unit sets CODEXSESS_BIND_ADDR=0.0.0.0:3061.
• Installer terminal output now uses clearer colored status lines for info, success, and error messages.
• README now documents CODEXSESS_BIND_ADDR and includes GUI-mode ~/.bashrc bind override example for 0.0.0.0.
• Startup logging now prints actual bind address separately from local browser URL so public bind mode is explicit in runtime logs.
• Startup logging now adds explicit public bind enabled line when bind host is 0.0.0.0 or ::.
• API request routing now applies backend auto-switch consistently across chat/responses/messages routes: if active account quota is exhausted, it switches to the best available account; if all are exhausted, it returns quota exhaustion.
• First-account bootstrap now auto-selects the very first added account as both API active and CLI (Codex) active when account storage is empty.
• Copy actions now include a non-secure-context fallback (execCommand) so copy buttons keep working when accessing CodexSess via IP over HTTP.
• Installer now enforces Codex CLI availability: it auto-installs npm when missing and then installs @openai/codex globally when codex is not found.
• Runtime now performs fail-fast Codex CLI checks (PATH + executable test via codex --version) before starting the server.
• Added configurable Codex binary resolution (codex_bin in config / CODEXSESS_CODEX_BIN env), and runtime now resolves/stores absolute binary path for all Codex exec calls.
• Startup Codex binary detection now includes explicit Windows fallback resolution (codex.cmd / .exe / .bat) and exposes detected Codex CLI version in web settings payload.
• Sidebar header now displays Codex CLI version directly under Codex Account Management.
• Installer now performs a final systemctl restart codexsess.service pass at the end of execution (including --mode update) whenever the service exists, with explicit status output.
• Installer-generated systemd unit now runs as the installer user by default ($SUDO_USER or current user), and sets matching HOME/CODEX_HOME for consistent Codex account context.
• Proxy API auth execution now uses isolated per-account CODEX_HOME under CodexSess storage, so API traffic no longer conflicts with Use CLI auth context.
• API account resolution no longer synchronizes CLI active context implicitly; only explicit Use CLI updates CLI auth state.
• Codex exec error reporting now prefers structured JSON error events (error / turn.failed) before falling back to stderr/exit code, reducing generic exit status 1 responses.
• Installer update/download flow now forces release asset re-download with cache-bypass headers/query, so update keeps fetching binary/package even when version tag is unchanged.
• GitHub code-review workflow now supports true manual runs without pr_number (via target_ref) and auto-creates a dedicated autofix branch on manual mode when safe changes exist.
• GitHub code-review autofix push is now guarded for PR mode to skip direct push on fork-based PRs, preventing workflow failure from cross-repo push permission errors.

v1.0.1

Added

• About view in the web console with app information, version state, release link, and latest changelog panel.
• API traffic logging now includes resolved account detail fields.
• Version/update API surface for frontend (/api/version/check and version fields in settings response).
• Browser login now supports manual callback URL submission (/api/auth/browser/complete) for VPS/remote login flows.
• New API endpoint POST /v1/code-review with optional custom_prompt for dedicated code-review workflows.

Changed

• Sidebar now shows current app version above logout.
• Browser document title now defaults to CodexSess Console and changes per active menu (for example Settings - CodexSess Console).
• About page content is now clearer and includes a dedicated HIJINetwork promotion section with direct external link.
• About page changelog section title now includes version context (for example Latest Changelog v1.0.1).
• About page product description was expanded to better explain operational value and production use cases.
• Mobile layout now keeps sidebar behavior with a burger-triggered slide-in menu and overlay close interaction.
• Improved API/logging behavior for streaming and full body capture.
• Improved settings UX and update status visibility.
• Browser login modal now includes manual callback URL input with inline submit action.
• OAuth callback base URL resolution now respects request/forwarded host instead of forcing localhost.
• OpenAI streaming final chunk now sends assistant role in delta for stricter client compatibility.
• Code review endpoint now enforces input size limits and quota checks for consistency with other proxy endpoints.
• GitHub code-review workflow now uses jq --rawfile for large diffs and adds retry/timeout hardening for CodexSess API calls.

v1.0

docs: clarify installer modes in README and keep About update-only