Per user demand after data loss incident: never trust mode flags alone.
Previously only `full` mode created tar.gz backup. Now `safe` and
`settings-only` also create full tar.gz of ~/.claude (resp .codex,
.gemini, .qwen) BEFORE any mutation. If backup fails, refuse to
proceed for that user — skip to next.
Restore is always one command:
tar -xzf ~/.<tool>.uninstall-backup.<TS>.tar.gz -C ~
Applies to all 4 scripts: uclaude, ucodex, ugemini, uqwen.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
After user lost 6 months of work to `rm -rf ~/.claude`, ALL 4 uninstall
scripts (claude, codex, gemini, qwen) now require explicit choice:
Modes:
1) safe (default) — remove binary + env + settings.json
KEEP projects, history, commands(skills),
plans, file-history, plugins
2) settings-only — clear settings.json only, keep binary + data
3) full — wipe everything (tar backup first, requires
typing 'WIPE' to confirm)
4) cancel — exit, do nothing
Default flow:
- Interactive prompt with PREVIEW of user data (size, project count,
command count, history line count) before any destructive op
- Cancel option always available
- Each file backed up to *.uninstall.bak.<TS> before removal
- /etc/environment + .bashrc + /etc/profile.d backed up before sed
Non-interactive (CI / scripts):
UCLAUDE_MODE=safe sudo bash uclaude_uninstall.sh
UCLAUDE_MODE=full sudo bash uclaude_uninstall.sh # creates tar backup
UCLAUDE_YES=1 # skip prompt, default to safe mode
NEVER again should an uninstaller silently destroy user data.
Per-tool env vars: UCLAUDE_MODE / UCODEX_MODE / UGEMINI_MODE / UQWEN_MODE.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
CRITICAL: api_key 'ClauderAPI2' was committed to PUBLIC unlimitedcoding
repo (private:False on gitea) in 4 *_config.json + 8 ps1 scripts. Anyone
on the internet could read it via curl with no auth (HTTP 200 raw access).
This commit:
1. Sanitizes 4 *_config.json: api_key → "YOUR_API_KEY" + _note pointing
users to private config repo for production credentials.
2. Removes 'ClauderAPI2' literal from 8 ps1 installer/updater scripts
(claude/codex/gemini/qwen × install/update). Each script now has a
sanitized block at top that fetches api_key from private
unlimitedcoding-config repo at runtime via Authorization token.
3. Switches 6 sh installer scripts from public REPO_RAW to PRIVATE
unlimitedcoding-config base URL for *_config.json downloads.
4. Removes stale .patcher.config.cache.json (will regen on next install).
Production configs MOVED to private repo (separate commit e839102 on
unlimitedcoding-config/main).
KNOWN UNCHANGED:
- releases/v2.1.119/sea/cli-wrapper.cjs still has api_key (part of npm
package distribution; clients need it locally; sensey serves same).
- Read-only gitea token (cadffcb0...) remains in installers — needed
for token-auth fetch from private repo. Scoped read-only.
RECOMMEND: api_key rotation in proxy auth list because ClauderAPI2 was
publicly exposed for an unknown period. Existing client installs would
need re-install or env override.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Windows PowerShell 5.1 reads .ps1 files without BOM as Windows-1251 by
default. Em-dashes (-) and other Unicode chars in string literals get
mangled into invalid bytes (e.g. "session - no" becomes garbage that
breaks the parser with "Unexpected token" errors.
Replaced em-dash, en-dash, smart quotes, ellipsis, NBSP and arrows with
their ASCII equivalents across all 12 .ps1 scripts (install/update/
uninstall for claude/gemini/codex/qwen).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Qwen patcher had two issues:
1. Only patched dashscope.aliyuncs.com but missed regional endpoints
(cn-hongkong, dashscope-intl, dashscope-us). Users in those regions
would still hit Aliyun directly.
2. --validate raised ModuleNotFoundError (referenced removed updater/
package). Replaced with self-contained inline checker — 13 GREEN
targets covering cli.js markers, settings.json, env vars.
Also bump Codex version to v0.122.0 across all READMEs (was v0.116.0).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
gemini -p / qwen -p crashes with "setRawMode EIO" when stdin is not
a TTY (running from sudo bash script.sh). Verification now uses
--version instead — fast, reliable, no TTY needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Problem: `sudo bash install.sh` runs in child process, `export` inside it
never reaches the user's current shell. /etc/environment and /etc/profile.d/
only work for NEW sessions. So `codex`/`gemini`/`qwen` fail with
"Missing environment variable" right after install.
Solution: wrapper scripts that auto-source env file before exec'ing binary.
- codex: /usr/local/bin/codex (wrapper) -> /usr/local/bin/.codex-bin (real)
- gemini: /usr/local/bin/gemini (wrapper) -> node .../dist/index.js
- qwen: /usr/local/bin/qwen (wrapper) -> node .../dist/index.js
Works immediately in ANY shell, no manual `source` needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Same pattern as codex and gemini:
- Write QWEN_API_KEY + QWEN_BASE_URL to /etc/environment (all users)
- Create /etc/profile.d/qwen-code.sh for login shell export
- Update script now also sets env vars (was missing)
- Fix CRLF line endings
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- gemini/ugemini_install.sh: CURL_AUTH was defined but never used, fixed
- gemini/ugemini_update.sh: added GITEA_TOKEN + auth header
- qwen/uqwen_install.sh: use GITEA_TOKEN (was already defined but unused)
- qwen/uqwen_update.sh: added GITEA_TOKEN + auth header
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ugemini_install.sh: npm registry setup, Node.js auto-install, retry logic, env vars for all users
- uqwen_install.sh: new installer — npm registry, patches, settings, env vars
- README.md: add one-line installer commands for Gemini and Qwen
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
