From 087cb370fa736fd0cdc7c9e91a56d8fe7423c1b4 Mon Sep 17 00:00:00 2001
From: chuckie <pengcube@gmail.com>
Date: Thu, 26 Mar 2026 14:57:40 +0800
Subject: [PATCH 1/3] fix: reuse existing secret-key on startup; add upstream
 sync workflow

---
 .github/workflows/sync-upstream.yml | 81 +++++++++++++++++++++++++++++
 src-tauri/src/main.rs               | 20 +++++--
 2 files changed, 97 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/sync-upstream.yml

diff --git a/.github/workflows/sync-upstream.yml b/.github/workflows/sync-upstream.yml
new file mode 100644
index 0000000..84cee86
--- /dev/null
+++ b/.github/workflows/sync-upstream.yml
@@ -0,0 +1,81 @@
+name: Sync Upstream and Release
+
+on:
+  schedule:
+    # Check for upstream changes daily at 00:00 UTC
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+    inputs:
+      force_release:
+        description: 'Force a release even if no upstream changes'
+        required: false
+        default: 'false'
+        type: choice
+        options:
+          - 'false'
+          - 'true'
+
+env:
+  UPSTREAM_REPO: https://github.com/router-for-me/EasyCLI.git
+  UPSTREAM_BRANCH: main
+
+jobs:
+  sync:
+    name: Sync Upstream
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Configure Git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Add upstream remote
+        run: |
+          git remote add upstream ${{ env.UPSTREAM_REPO }} || true
+          git fetch upstream ${{ env.UPSTREAM_BRANCH }}
+
+      - name: Check for upstream changes
+        id: check
+        run: |
+          LOCAL_SHA=$(git rev-parse HEAD)
+          UPSTREAM_SHA=$(git rev-parse upstream/${{ env.UPSTREAM_BRANCH }})
+
+          if [ "$LOCAL_SHA" = "$UPSTREAM_SHA" ] && [ "${{ github.event.inputs.force_release }}" != "true" ]; then
+            echo "No upstream changes detected."
+            echo "has_changes=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "Upstream changes detected or force release requested."
+            echo "has_changes=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Merge upstream changes
+        if: steps.check.outputs.has_changes == 'true'
+        run: |
+          git merge upstream/${{ env.UPSTREAM_BRANCH }} --no-edit --allow-unrelated-histories || {
+            echo "::warning::Merge conflict detected. Resolving by keeping our changes."
+            git checkout --ours .
+            git add .
+            git commit -m "Merge upstream (conflicts resolved by keeping local)"
+          }
+
+      - name: Push merged changes
+        if: steps.check.outputs.has_changes == 'true'
+        run: |
+          git push origin HEAD
+
+      - name: Create release tag (triggers build workflow)
+        if: steps.check.outputs.has_changes == 'true'
+        run: |
+          DATE=$(date +%Y%m%d)
+          SHORT_SHA=$(git rev-parse --short HEAD)
+          TAG="v${DATE}-sync-${SHORT_SHA}"
+          echo "Creating tag: ${TAG}"
+          git tag "$TAG"
+          git push origin "$TAG"
+          echo "Tag pushed — the 'Release on Tag' workflow will handle the build."
diff --git a/src-tauri/src/main.rs b/src-tauri/src/main.rs
index 7b9e15e..87557b6 100644
--- a/src-tauri/src/main.rs
+++ b/src-tauri/src/main.rs
@@ -1128,8 +1128,14 @@ fn start_cliproxyapi(app: tauri::AppHandle) -> Result<serde_json::Value, String>
         eprintln!("[PORT_CLEANUP] Warning: {}", e);
     }
 
-    // Generate random password for local mode
-    let password = generate_random_password();
+    // Reuse existing secret-key from config if present, otherwise generate a new one
+    let existing_key = conf
+        .get("remote-management")
+        .and_then(|v| v.get("secret-key"))
+        .and_then(|v| v.as_str())
+        .filter(|s| !s.trim().is_empty())
+        .map(|s| s.to_string());
+    let password = existing_key.unwrap_or_else(|| generate_random_password());
 
     // Store the password for keep-alive authentication
     *CLI_PROXY_PASSWORD.lock() = Some(password.clone());
@@ -1258,8 +1264,14 @@ fn restart_cliproxyapi(app: tauri::AppHandle) -> Result<(), String> {
         eprintln!("[PORT_CLEANUP] Warning: {}", e);
     }
 
-    // Generate random password for local mode
-    let password = generate_random_password();
+    // Reuse existing secret-key from config if present, otherwise generate a new one
+    let existing_key = conf
+        .get("remote-management")
+        .and_then(|v| v.get("secret-key"))
+        .and_then(|v| v.as_str())
+        .filter(|s| !s.trim().is_empty())
+        .map(|s| s.to_string());
+    let password = existing_key.unwrap_or_else(|| generate_random_password());
 
     // Store the password for keep-alive authentication
     *CLI_PROXY_PASSWORD.lock() = Some(password.clone());

From ab896a7be4a6bebf9ce5cc9096dbe1533c2a9646 Mon Sep 17 00:00:00 2001
From: chuckie <pengcube@gmail.com>
Date: Fri, 27 Mar 2026 09:59:22 +0800
Subject: [PATCH 2/3] refactor: reuse secret-key helper for cliproxyapi

---
 src-tauri/src/main.rs | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/src-tauri/src/main.rs b/src-tauri/src/main.rs
index 87557b6..31579f0 100644
--- a/src-tauri/src/main.rs
+++ b/src-tauri/src/main.rs
@@ -914,6 +914,15 @@ fn generate_random_password() -> String {
         .collect()
 }
 
+fn get_or_generate_secret_key(conf: &serde_yaml::Value) -> String {
+    conf.get("remote-management")
+        .and_then(|v| v.get("secret-key"))
+        .and_then(|v| v.as_str())
+        .filter(|s| !s.trim().is_empty())
+        .map(|s| s.to_string())
+        .unwrap_or_else(generate_random_password)
+}
+
 fn start_monitor(app: tauri::AppHandle) {
     let proc_ref = Arc::clone(&PROCESS);
     thread::spawn(move || {
@@ -1128,14 +1137,7 @@ fn start_cliproxyapi(app: tauri::AppHandle) -> Result<serde_json::Value, String>
         eprintln!("[PORT_CLEANUP] Warning: {}", e);
     }
 
-    // Reuse existing secret-key from config if present, otherwise generate a new one
-    let existing_key = conf
-        .get("remote-management")
-        .and_then(|v| v.get("secret-key"))
-        .and_then(|v| v.as_str())
-        .filter(|s| !s.trim().is_empty())
-        .map(|s| s.to_string());
-    let password = existing_key.unwrap_or_else(|| generate_random_password());
+    let password = get_or_generate_secret_key(&conf);
 
     // Store the password for keep-alive authentication
     *CLI_PROXY_PASSWORD.lock() = Some(password.clone());
@@ -1264,14 +1266,7 @@ fn restart_cliproxyapi(app: tauri::AppHandle) -> Result<(), String> {
         eprintln!("[PORT_CLEANUP] Warning: {}", e);
     }
 
-    // Reuse existing secret-key from config if present, otherwise generate a new one
-    let existing_key = conf
-        .get("remote-management")
-        .and_then(|v| v.get("secret-key"))
-        .and_then(|v| v.as_str())
-        .filter(|s| !s.trim().is_empty())
-        .map(|s| s.to_string());
-    let password = existing_key.unwrap_or_else(|| generate_random_password());
+    let password = get_or_generate_secret_key(&conf);
 
     // Store the password for keep-alive authentication
     *CLI_PROXY_PASSWORD.lock() = Some(password.clone());

From e7ad3a4d5d94afb3fbee550cf4ea30ba0059a91c Mon Sep 17 00:00:00 2001
From: Codex <codex@openai.com>
Date: Wed, 1 Apr 2026 16:32:18 +0800
Subject: [PATCH 3/3] Ignore local build artifacts and remove tracked generated
 files

---
 .gitignore | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index b3a3f4c..71995d0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,15 @@ dist-web/
 src-tauri/logs/
 .serena/
 AGENTS.md
-CLAUDE.md
\ No newline at end of file
+CLAUDE.md
+
+# codex: local build artifacts
+.vs/
+**/.vs/
+[Bb]in/
+[Oo]bj/
+**/[Bb]in/
+**/[Oo]bj/
+node_modules/
+**/node_modules/
+# codex: end local build artifacts
\ No newline at end of file