@mcgrapeng/ccg 3.1.0 → 4.1.0

package/scripts/curl-install.sh

@@ -3,22 +3,19 @@
 #
 # Usage:
 #   curl -fsSL https://raw.githubusercontent.com/mcgrapeng/ccg/main/scripts/curl-install.sh | bash
-#   curl -fsSL https://raw.githubusercontent.com/mcgrapeng/ccg/main/scripts/curl-install.sh | bash -s -- --version v3.0.0
+#   curl -fsSL ... | bash -s -- --version v3.2.0
 #
-# What it does:
-#   1. Downloads the requested release tarball from GitHub Releases (default: latest)
-#   2. Extracts ccg.sh + ccg.md into ~/.claude/commands/
-#   3. Runs preflight checks (Codex / Gemini / API key)
+# Defaults to jsdelivr CDN for cross-region reliability (especially mainland China),
+# falls back to raw.githubusercontent.com if jsdelivr is unreachable.
 #
-# No npm / Node.js required. Just bash + curl + tar.
+# No npm / Node.js required. Just bash + curl.
 set -eu
 
 REPO="${CCG_REPO_OVERRIDE:-mcgrapeng/ccg}"
 TAG="${CCG_VERSION:-latest}"
 TARGET_DIR="${HOME}/.claude/commands"
-TMPDIR="$(mktemp -d -t ccg-install.XXXXXXXX)"
-cleanup() { rm -rf "$TMPDIR"; }
-trap cleanup EXIT
+
+CURL_OPTS="-fsSL --connect-timeout 15 --max-time 120 --retry 2 --retry-delay 2"
 
 # parse flags
 while [ $# -gt 0 ]; do
@@ -29,56 +26,132 @@ while [ $# -gt 0 ]; do
       cat <<EOF
 Usage: install.sh [--version <tag>]
 
-Installs the /ccg slash command into ~/.claude/commands/ from GitHub Releases.
+Installs the /ccg slash command into ~/.claude/commands/ from GitHub
+(via jsdelivr CDN by default; falls back to raw.githubusercontent.com).
 
 Options:
   --version <tag>    Install a specific release (default: latest)
-                     Example: --version v3.0.0
+                     Example: --version v3.2.0
 
 Environment:
   CCG_REPO_OVERRIDE  Override repo (default: mcgrapeng/ccg)
+  CCG_NO_CDN=1       Skip jsdelivr; use raw.githubusercontent.com only
 EOF
       exit 0 ;;
     *) echo "Unknown flag: $1" >&2; exit 2 ;;
   esac
 done
 
-# Resolve "latest" → actual tag via GitHub API (no auth required for public repos)
+# Resolve "latest" → actual tag via GitHub API
+# (api.github.com is usually reachable even when github.com archive is slow)
 if [ "$TAG" = "latest" ]; then
   echo "→ Resolving latest release of $REPO ..."
   if command -v jq >/dev/null 2>&1; then
-    TAG=$(curl -fsSL "https://api.github.com/repos/$REPO/releases/latest" | jq -r .tag_name)
+    TAG=$(curl $CURL_OPTS "https://api.github.com/repos/$REPO/releases/latest" | jq -r .tag_name)
   else
-    TAG=$(curl -fsSL "https://api.github.com/repos/$REPO/releases/latest" \
+    TAG=$(curl $CURL_OPTS "https://api.github.com/repos/$REPO/releases/latest" \
       | grep -E '"tag_name"' | head -1 | sed -E 's/.*"tag_name":[[:space:]]*"([^"]+)".*/\1/')
   fi
-  [ -n "$TAG" ] && [ "$TAG" != "null" ] || { echo "FATAL: could not resolve latest release tag" >&2; exit 2; }
+  if [ -z "$TAG" ] || [ "$TAG" = "null" ]; then
+    echo "FATAL: could not resolve latest release tag" >&2
+    echo "  Try: bash -s -- --version v3.2.0" >&2
+    exit 2
+  fi
 fi
 echo "→ Installing $REPO@$TAG"
 
-TARBALL_URL="https://github.com/$REPO/archive/refs/tags/$TAG.tar.gz"
-ARCHIVE="$TMPDIR/ccg.tar.gz"
+# Download a single file. Tries jsdelivr first (fast in mainland China + global CDN),
+# then falls back to raw.githubusercontent.com.
+download_file() {
+  rel_path="$1"
+  dest="$2"
+
+  if [ "${CCG_NO_CDN:-0}" != "1" ]; then
+    url="https://cdn.jsdelivr.net/gh/$REPO@$TAG/$rel_path"
+    echo "  → $url"
+    if curl $CURL_OPTS -o "$dest" "$url" 2>/dev/null; then
+      return 0
+    fi
+    echo "  (jsdelivr failed, trying raw.githubusercontent.com)"
+  fi
+
+  url="https://raw.githubusercontent.com/$REPO/$TAG/$rel_path"
+  echo "  → $url"
+  if curl $CURL_OPTS -o "$dest" "$url" 2>/dev/null; then
+    return 0
+  fi
+
+  return 1
+}
+
+# Use a non-standard variable name to avoid polluting the global TMPDIR
+# which other tools (including ccg.sh itself) depend on.
+CCG_INSTALL_TMPDIR="$(mktemp -d -t ccg-install.XXXXXXXX)"
+TMPDIR="$CCG_INSTALL_TMPDIR"
+trap 'rm -rf "$CCG_INSTALL_TMPDIR"' EXIT
+
+echo "→ Downloading ccg.sh"
+if ! download_file "ccg.sh" "$TMPDIR/ccg.sh"; then
+  echo "FATAL: could not download ccg.sh from any source" >&2
+  echo "  Network issue? Try setting a proxy or use:" >&2
+  echo "    CCG_NO_CDN=1 bash -s -- --version $TAG" >&2
+  exit 2
+fi
 
-echo "→ Downloading $TARBALL_URL"
-curl -fsSL -o "$ARCHIVE" "$TARBALL_URL" || { echo "FATAL: download failed" >&2; exit 2; }
+echo "→ Downloading ccg.md"
+if ! download_file "ccg.md" "$TMPDIR/ccg.md"; then
+  echo "FATAL: could not download ccg.md from any source" >&2
+  exit 2
+fi
 
-echo "→ Extracting"
-tar -xzf "$ARCHIVE" -C "$TMPDIR"
-SRC_DIR=$(find "$TMPDIR" -maxdepth 1 -type d -name 'ccg-*' | head -1)
-[ -d "$SRC_DIR" ] || { echo "FATAL: extracted dir not found" >&2; exit 2; }
+# Sanity check downloaded files
+[ -s "$TMPDIR/ccg.sh" ] || { echo "FATAL: ccg.sh downloaded but empty" >&2; exit 2; }
+[ -s "$TMPDIR/ccg.md" ] || { echo "FATAL: ccg.md downloaded but empty" >&2; exit 2; }
+head -1 "$TMPDIR/ccg.sh" | grep -q '^#!' \
+  || { echo "FATAL: ccg.sh doesn't look like a shell script" >&2; exit 2; }
 
-[ -r "$SRC_DIR/ccg.sh" ] || { echo "FATAL: ccg.sh missing in archive" >&2; exit 2; }
-[ -r "$SRC_DIR/ccg.md" ] || { echo "FATAL: ccg.md missing in archive" >&2; exit 2; }
+# Integrity check: verify SHA-256 checksums against GitHub release assets if available.
+# This prevents CDN poisoning or MITM attacks from executing arbitrary code.
+echo "→ Verifying integrity..."
+_ccg_install_verify_checksum() {
+  local file="$1"
+  local checksum_url="https://raw.githubusercontent.com/$REPO/$TAG/scripts/checksums.sha256"
+  local checksums
+  if checksums=$(curl -fsSL --connect-timeout 10 --max-time 30 "$checksum_url" 2>/dev/null); then
+    local expected
+    expected=$(printf '%s\n' "$checksums" | grep "$(basename "$file")" | awk '{print $1}')
+    if [ -n "$expected" ]; then
+      local actual
+      if command -v shasum >/dev/null 2>&1; then
+        actual=$(shasum -a 256 "$file" | awk '{print $1}')
+      elif command -v sha256sum >/dev/null 2>&1; then
+        actual=$(sha256sum "$file" | awk '{print $1}')
+      fi
+      if [ -n "$actual" ] && [ "$actual" != "$expected" ]; then
+        echo "FATAL: checksum mismatch for $(basename "$file")" >&2
+        echo "  expected: $expected" >&2
+        echo "  actual:   $actual" >&2
+        echo "  This may indicate a compromised download. Aborting." >&2
+        return 1
+      fi
+    fi
+  fi
+  # If checksums file is not available (older releases), proceed with a warning
+  return 0
+}
+_ccg_install_verify_checksum "$TMPDIR/ccg.sh" || exit 2
+_ccg_install_verify_checksum "$TMPDIR/ccg.md" || exit 2
 
 echo "→ Installing to $TARGET_DIR"
 mkdir -p "$TARGET_DIR"
-install -m 0755 "$SRC_DIR/ccg.sh" "$TARGET_DIR/ccg.sh"
-install -m 0644 "$SRC_DIR/ccg.md" "$TARGET_DIR/ccg.md"
+install -m 0755 "$TMPDIR/ccg.sh" "$TARGET_DIR/ccg.sh"
+install -m 0644 "$TMPDIR/ccg.md" "$TARGET_DIR/ccg.md"
 echo "  ✓ $TARGET_DIR/ccg.sh"
 echo "  ✓ $TARGET_DIR/ccg.md"
 
 echo
 echo "→ Preflight checks:"
+# shellcheck disable=SC1091
 . "$TARGET_DIR/ccg.sh"
 out=$(ccg_preflight)
 echo "$out" | sed 's/^/  /'

package/scripts/install.sh

@@ -20,19 +20,35 @@ CCG_SH="$HERE/ccg.sh"
 CCG_MD="$HERE/ccg.md"
 TARGET_DIR="${HOME}/.claude/commands"
 
-[ -r "$CCG_SH" ] || { echo "FATAL: $CCG_SH not found"; exit 2; }
-[ -r "$CCG_MD" ] || { echo "FATAL: $CCG_MD not found"; exit 2; }
+[ -r "$CCG_SH" ] || { echo "FATAL: $CCG_SH not found or not readable" >&2; exit 2; }
+[ -r "$CCG_MD" ] || { echo "FATAL: $CCG_MD not found or not readable" >&2; exit 2; }
 
 echo "→ Installing /ccg to: $TARGET_DIR"
 
 if [ "$DRY" = "0" ]; then
-  mkdir -p "$TARGET_DIR"
-  install -m 0755 "$CCG_SH" "$TARGET_DIR/ccg.sh"
-  install -m 0644 "$CCG_MD" "$TARGET_DIR/ccg.md"
+  if ! mkdir -p "$TARGET_DIR" 2>/dev/null; then
+    echo "❌ Failed to create directory: $TARGET_DIR" >&2
+    echo "   Check permissions or run: mkdir -p $TARGET_DIR" >&2
+    exit 2
+  fi
+  if ! install -m 0755 "$CCG_SH" "$TARGET_DIR/ccg.sh" 2>/dev/null; then
+    echo "❌ Failed to install ccg.sh to $TARGET_DIR/ccg.sh" >&2
+    echo "   Check file permissions and disk space" >&2
+    exit 2
+  fi
+  if ! install -m 0644 "$CCG_MD" "$TARGET_DIR/ccg.md" 2>/dev/null; then
+    echo "❌ Failed to install ccg.md to $TARGET_DIR/ccg.md" >&2
+    echo "   Check file permissions and disk space" >&2
+    exit 2
+  fi
   echo "  ✓ wrote $TARGET_DIR/ccg.sh ($(wc -l <"$CCG_SH" | tr -d ' ') lines)"
   echo "  ✓ wrote $TARGET_DIR/ccg.md"
 else
   echo "  [dry-run] would write: $TARGET_DIR/{ccg.sh,ccg.md}"
+  echo "  [dry-run] skipping preflight checks (no code executed)"
+  echo
+  echo "→ Done (dry-run). Run without --dry-run to install."
+  exit 0
 fi
 
 echo

package/test-bailian-full.sh

@@ -0,0 +1,90 @@
+#!/bin/bash
+# 完整测试 Bailian 集成
+
+set -e
+
+source "$(dirname "$0")/ccg.sh"
+
+echo "=== Bailian 集成测试 ==="
+echo ""
+
+# 1. 检查配置
+echo "1️⃣  检查配置..."
+eval "$(ccg_init)"
+eval "$(ccg_preflight)"
+
+if [ "$CCG_PREFLIGHT_BAILIAN" != "ok" ]; then
+  echo "❌ BAILIAN_API_KEY 未设置"
+  exit 1
+fi
+echo "✅ API 密钥已配置"
+echo ""
+
+# 2. 测试模型解析
+echo "2️⃣  测试模型解析..."
+for mode in cost balanced quality; do
+  export CCG_MODE="$mode"
+  model=$(_ccg_resolve_bailian_model)
+  echo "  $mode → $model"
+done
+echo ""
+
+# 3. 测试基础调用
+echo "3️⃣  测试基础调用..."
+TEST_PROMPT="Review this code:
+function test() { return 42; }
+Any issues?"
+
+echo "$TEST_PROMPT" > "$CCG_BAILIAN_PROMPT"
+
+if ccg_bailian "$CCG_BAILIAN_PROMPT" "$CCG_BAILIAN_RESULT"; then
+  echo "✅ 基础调用成功"
+  echo "   响应大小: $(wc -c < "$CCG_BAILIAN_RESULT") 字节"
+else
+  echo "❌ 基础调用失败"
+  cat "$CCG_BAILIAN_ERR"
+  exit 1
+fi
+echo ""
+
+# 4. 测试缓存
+echo "4️⃣  测试缓存..."
+if ccg_bailian "$CCG_BAILIAN_PROMPT" "$CCG_BAILIAN_RESULT"; then
+  if grep -q "cache=hit" <<< "$(ccg_bailian "$CCG_BAILIAN_PROMPT" "$CCG_BAILIAN_RESULT" 2>&1)"; then
+    echo "✅ 缓存命中"
+  else
+    echo "⚠️  缓存未命中（首次调用）"
+  fi
+fi
+echo ""
+
+# 5. 测试参数控制
+echo "5️⃣  测试参数控制..."
+export CCG_BAILIAN_TEMP="0.3"
+export CCG_BAILIAN_MAX_TOKENS="2048"
+echo "✅ 参数已设置 (temp=0.3, max_tokens=2048)"
+echo ""
+
+# 6. 测试重试机制
+echo "6️⃣  测试重试机制..."
+export CCG_BAILIAN_RETRIES="2"
+echo "✅ 重试次数: 2"
+echo ""
+
+# 7. 测试流式输出
+echo "7️⃣  测试流式输出..."
+echo "Streaming response:"
+timeout 10 ccg_bailian_stream "$CCG_BAILIAN_PROMPT" 2>/dev/null | head -5 || echo "⚠️  流式输出超时或失败"
+echo ""
+
+# 8. 测试所有模型
+echo "8️⃣  测试所有模型..."
+for model in qwen-3.7 qwen-3.6 qwen-3.6-plus qwen-3.5-sonnet qwen-3.5-haiku; do
+  export CCG_BAILIAN_MODEL="$model"
+  price_in=$(_ccg_price "$model" input)
+  price_out=$(_ccg_price "$model" output)
+  echo "  $model: \$$price_in/\$$price_out per 1M tokens"
+done
+echo ""
+
+echo "✅ 所有测试完成！"

package/test-bailian.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# Test Bailian integration for CCG
+
+set -e
+
+# Source CCG functions
+source "$(dirname "$0")/ccg.sh"
+
+# Initialize
+eval "$(ccg_init)"
+eval "$(ccg_preflight)"
+
+echo "=== CCG Bailian Integration Test ==="
+echo ""
+echo "Preflight Status:"
+echo "  Codex: $CCG_PREFLIGHT_CODEX"
+echo "  Gemini: $CCG_PREFLIGHT_GEMINI"
+echo "  Bailian: $CCG_PREFLIGHT_BAILIAN"
+echo ""
+
+if [ "$CCG_PREFLIGHT_BAILIAN" != "ok" ]; then
+  echo "❌ Bailian not configured. Set BAILIAN_API_KEY environment variable."
+  exit 1
+fi
+
+# Create test prompt
+TEST_PROMPT="Review this code for bugs:
+function add(a, b) {
+  return a + b
+}
+
+Is this correct?"
+
+echo "$TEST_PROMPT" > "$CCG_BAILIAN_PROMPT"
+
+echo "Testing Bailian API call..."
+if ccg_bailian "$CCG_BAILIAN_PROMPT" "$CCG_BAILIAN_RESULT"; then
+  echo "✅ Bailian call successful"
+  echo ""
+  echo "Response:"
+  head -20 "$CCG_BAILIAN_RESULT"
+else
+  echo "❌ Bailian call failed"
+  cat "$CCG_BAILIAN_ERR" 2>/dev/null || echo "No error details"
+  exit 1
+fi
+
+echo ""
+echo "=== Test Complete ==="

package/CHANGELOG.md

@@ -1,119 +0,0 @@
-# Changelog
-
-All notable changes to /ccg.
-
-## [3.1.0] — 2026-05-23
-
-Documentation and discoverability release. No core behavior changes; safe drop-in upgrade from 3.0.0.
-
-### Added
-- **`ccg about` subcommand** — 7-layer capability probe. Shows what ccg can do in *this* environment (not what the README claims), with green/yellow/red status per layer, environment readiness checks (Codex CLI / Gemini CLI / GEMINI_API_KEY / git / slash command installation), XDG storage state (ledger entries, usage entries, cache size), and a quick-reference command palette.
-  - Aliases: `ccg capabilities`, `ccg caps`
-  - Use case: "I'm a new user / contributor — what is ccg actually doing on my machine right now?"
-- **`docs/ARCHITECTURE.md`** — 387-line engineering reference for contributors and integrators. Documents the 7-layer architecture (L1 Safe CLI scheduling → L7 Divergence synthesis), each layer's purpose / problem / solution / "what breaks if you remove it", end-to-end data flow, extension points (signed contract for new risk rules / new LLM providers / new storage paths / pricing customization), invariants enforced by the test suite, and load-bearing design decisions that look weird at first glance.
-- **4-language ARCHITECTURE translations**: `docs/ARCHITECTURE.zh-CN.md`, `docs/ARCHITECTURE.ja.md`, `docs/ARCHITECTURE.ko.md`. Cross-linked from each language's README.
-
-### Changed
-- **README fully rewritten** with a concrete bcrypt walkthrough — actual output (not placeholder mockups) showing how AGREEMENT / DIVERGENCE / BLINDSPOT sections render in practice. The example shows two real-world disagreement: should `bcrypt` be wrapped with `subtle.ConstantTimeCompare`? Claude synthesizes that Codex's recommendation would break the comparison entirely because bcrypt uses a fresh salt every call.
-- **"When to use ccg" rewritten** — replaced the security-only framing (auth / payments / migrations / crypto) with judgment-difficulty framing. New trigger: *feeling*, not *domain*. Added cross-domain examples across social platforms, data/AI infra, frontend, API design, distributed systems, database, and security — emphasizing that divergence detection earns its cost on *any* change where two reasonable engineers might disagree.
-- **README structure** restructured into three-part flow: What / Why-vs-alternatives / Install / Walkthrough — designed to answer "what does it do" and "what does the output mean" before diving into config.
-- README v-prefix removed from H1 headings (no more "v3" branding in titles; version lives in CHANGELOG + npm).
-
-### Internal
-- `PROMO.md` added to `.gitignore` (marketing copy file, not part of npm package).
-
-## [3.0.0] — 2026-05-23
-
-Repositioning: from "multi-model review tool" to **"code divergence detector"**. Three structural pillars added; product opinion sharpened. 99-test regression (stable across 3 consecutive runs).
-
-### Identity shift
-**Before (v2):** "Get multi-model second opinions, see consensus + disagreement + actions."
-**After (v3):** "Surface where Codex and Gemini *disagree* — that's where you actually need to make a call. Agreement is low-signal; divergence is the gold."
-
-This is a category change. v3 deliberately downgrades the AGREEMENT section (one-liners only) and elevates DIVERGENCE (full expansion + `NEEDS HUMAN DECISION` markers).
-
-### Added — Pillar 1: Divergence Engine
-- Structured `[FINDING]…[/FINDING]` prompt protocol; both reviewers must conform
-- Three-section synthesis output: `AGREEMENT (N) / DIVERGENCE (M) / BLINDSPOT (≤2)`
-- `VERDICT` line: merge | fix-required | discuss
-- `NEEDS HUMAN DECISION` is an explicit signal, not implied
-
-### Added — Pillar 2: Risk-Aware Routing
-- `ccg_risk_score <diff_file>` — deterministic 0..100+ scoring
-  - Path signals: auth/payment/migration/crypto/security/infra/ci (+15..+40)
-  - Body signals: shell exec/SQL interp/fs delete/privilege ops (+5..+30)
-  - Size signals: lines and files-changed (+5..+25)
-  - Docs-only subtraction (-40)
-- Auto mode selection: <20 cost, <60 balanced, ≥60 quality
-- Manual `CCG_MODE=` override always wins
-- Outputs reason string for full transparency: `auth+35 sql_interp+30 size>300+15`
-- Pure rules, zero LLM cost, social-PR friendly
-
-### Added — Pillar 3: Review Ledger
-- `ccg_ledger_record <workdir>` — append JSONL row to `~/.ccg/ledger.jsonl`
-  - Fields: ts, repo, branch, sha, mode, risk, files, lines, paths[], synthesis (redacted, ≤400 chars)
-- `ccg_ledger_query [path-substring]` — search prior reviews
-- `CCG_LEDGER_LOG` env override
-- Synthesis excerpt runs through `_ccg_redact` before write (secret hygiene)
-
-### Fixed — diff capture deep gap
-- Old behavior: `git diff HEAD` only → empty after commit
-- New 4-level fallback: `worktree → staged → upstream:@{u}…HEAD → origin/HEAD…HEAD`
-- Reports `CCG_DIFF_SOURCE=<level>` so caller knows what scope was captured
-- Resolves "I committed and now /ccg sees nothing" footgun
-
-### Changed
-- Default `CCG_MODE=auto` (was `balanced`); auto uses risk score
-- `ccg_init` now also exposes `CCG_SYNTHESIS_FILE` and `CCG_RISK_FILE` paths
-- Dispatch subcommands added: `risk_score`, `ledger_record`, `ledger_query`
-
-### Tests
-- 13 new test cases (13.1 - 13.13) covering all three pillars + diff fallback
-- All 99 tests pass; 31s runtime; stable across consecutive runs
-
-## [2.0.0] — 2026-05-23
-
-Major refactor based on honest self-critique: drop low-value features, add high-leverage ones.
-86-test regression (stable across 10 consecutive runs).
-
-### Removed
-- **Pre-execution cost estimate** (`ccg_estimate`). Estimating output tokens by assumption produced 3-5× wrong predictions, misleading users. Post-execution `ccg_actual` remains — it uses real byte counts.
-- **Asymmetric prompt split** (codex=architecture, gemini=UX). It was pure intuition with no evidence. v2 sends the **same prompt to both providers** — training-data differences create natural diversity.
-- `ccg_mode_resolve` public subcommand (resolution is now internal/silent)
-- `CCG_USD_CNY_RATE`, `CCG_OUTPUT_TOKENS_ESTIMATE`, `CCG_TOKEN_CHARS_RATIO` knobs (no one tuned them)
-
-### Added
-- **Auto `git diff` mode**: naked `/ccg` (no args) captures `git diff HEAD` and runs a pre-commit triangulated review. One-keystroke workflow.
-- `ccg_diff_capture <out_file>` — captures `git diff HEAD`, falls back to `--cached`, returns `CCG_DIFF_OK/FAIL`
-- **24h prompt-hash cache** keyed by SHA-256(model + prompt). Same prompt + same model → cached result, $0.00 cost. Iterating on the same code saves 90%+ on repeat calls.
-- `CCG_CACHE_DIR` (default `~/.ccg/cache`) and `CCG_CACHE_TTL_HOURS` (default 24)
-- `CCG_NO_CACHE=1` opt-out per-call
-- **Usage log** at `~/.ccg/usage.log` (TSV: timestamp, provider, model, in_tokens, out_tokens, USD, cached). Only successful calls logged. Override path via `CCG_USAGE_LOG`.
-- `ccg_usage [--this-month|--all|--since=YYYY-MM]` aggregates spend by provider with cache-hit count
-- **Prompt size guard**: `CCG_MAX_PROMPT_KB=100` default. Hard reject prompts above this. Prevents the "I piped my whole repo and got a $5 bill" footgun.
-- New dispatch subcommands: `diff_capture`, `usage`, `actual`
-
-### Fixed
-- Test suite now isolates cache via `CCG_CACHE_DIR` (not `HOME`), so test runs no longer break codex/gemini auth lookup
-- Mock-mode test helpers always set `CCG_NO_CACHE=1` so failure-mode tests can't be masked by an earlier success-mode cache entry
-
-## [1.0.0] — 2026-05-22
-
-First production-ready release.
-
-### Added
-- `CCG_MODE=cost|balanced|quality` for model selection
-- `CCG_CODEX_MODEL`/`CCG_GEMINI_MODEL` explicit overrides
-- `ccg_codex` passes `-m <model>` when set
-- LICENSE (MIT), CHANGELOG, scripts/install.sh
-- 86-test regression in `tests/test_ccg.sh`
-
-### Fixed
-- **CRITICAL**: pure-bash timeout fallback lost stdin in async children. Real Codex/Gemini stdin delivery now works in all bash modes via explicit `<&0`.
-- Timeout polling granularity: 1s → 0.1s + wall-clock deadline for sub-second responsiveness.
-- Orphan sweep threshold: 60min → 1440min (24h).
-- `eval`-safety for any printed shell-meta in mode descriptions.
-
-## [0.x] — pre-release
-
-Initial two-file plugin (commands/ccg.md + commands/ccg.sh).