Integrates #856 as a focused runtime API security slice.
Default local behavior remains unchanged. `/v1/*` routes require a token only when `--auth-token` or `DEEPSEEK_RUNTIME_TOKEN` is set, and `/health` remains public for readiness checks.
Co-authored-by: Zhuoran Deng <dengzhuoran9@gmail.com>
Bridge work to unblock whalescale-desktop's Settings/Composer/Archived-chats
flows without requiring a daemon recompile per dev-port or client-side
aggregation.
#561 / whalescale#255 — CORS allow-list configurable
* Add `[runtime_api] cors_origins` config field, `--cors-origin URL`
(repeatable) flag on `deepseek serve --http`, and `DEEPSEEK_CORS_ORIGINS`
env var. User entries stack on top of the built-in defaults
(localhost:3000, localhost:1420, tauri://localhost). Resolution preserves
first-seen order and drops empty/duplicate values; invalid HeaderValues
log a warning and are skipped.
* Refactor `cors_layer()` to read merged origins from `RuntimeApiState`.
#562 / whalescale#256 — `PATCH /v1/threads/{id}` accepts the full editable
field set
* Extend `UpdateThreadRequest` with `allow_shell`, `trust_mode`,
`auto_approve`, `model`, `mode`, `title`, `system_prompt`. Each is
optional; missing means no change. Empty-string clears `title`/
`system_prompt`. Empty `model`/`mode` rejected with 400.
* Add `title: Option<String>` to `ThreadRecord` (additive, no schema bump
per documented criteria — old readers ignore the field without
misinterpretation). `list_threads_summary` now returns the user-set title
when present, falling back to the derived input-summary title.
* `thread.updated` event payload now carries a `changes` map with only the
fields that actually changed.
#563 / whalescale#260 — list-archived-only filter
* New `archived_only=true` query param on `GET /v1/threads` and
`GET /v1/threads/summary`. Backed by a new `ThreadListFilter` enum
(`ActiveOnly` | `IncludeArchived` | `ArchivedOnly`). `archived_only`
takes precedence over `include_archived`. Default behavior unchanged.
#564 / whalescale#261 — `GET /v1/usage` aggregation
* New `RuntimeThreadManager::aggregate_usage` walks all threads/turns,
filters by inclusive `since`/`until` RFC 3339 bounds, accumulates token
totals + cost (via `pricing::calculate_turn_cost_from_usage`), and
groups by `day` (default), `model`, `provider`, or `thread`.
* New `GET /v1/usage` route. `since`/`until`/`group_by` query params,
`since > until` and unknown `group_by` rejected with 400. Empty time
ranges yield empty `buckets` (never 404).
5 new tests cover preflight Allow-Origin echoing for both default and
extra origins, the extended PATCH field set + clear-by-empty + 400 paths,
the archived_only filter on list + summary endpoints, and the
/v1/usage envelope + validation errors. Existing 13 runtime_api tests
continue to pass; the parity gates and full workspace test suite are clean.
`docs/RUNTIME_API.md` and `config.example.toml` updated to document the
new params, body shape, endpoint, and CORS knob.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Move src/* into crates/tui/src/ to create a proper workspace structure
- Add .claude/ and .trimtab/ directories for Trimtab closed-loop workflow
- Add DEPENDENCY_GRAPH.md and update documentation
- Update Cargo.toml files to reflect new crate dependencies
- Update CI workflows and npm package scripts
- All tests pass, release build works
Major Features:
- Runtime API for external integrations and turn management
- Task manager with persistence and recovery
- Shell output streaming and improved tool execution
- Error taxonomy and audit logging
- Command palette and UI enhancements
Documentation:
- Runtime API documentation
- Operations runbook
- Architecture updates
Fixes:
- Auto-compaction threshold and triggering logic
- Doctor command API key validation
- Clippy and formatting compliance
Hunter Bown