From 3d75fb3fae6eb50f8d2ae5e678dfdc2978e33163 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues de Sa e Souza <8016841+diegosouzapw@users.noreply.github.com> Date: Sun, 10 May 2026 00:55:06 -0300 Subject: [PATCH 1/6] Release v3.8.0 (#2073) Integrated into release/v3.8.0 --- .env.example | 31 +- .github/workflows/build-fork.yml | 5 +- .gitignore | 1 + .../feat-batch-delete-provider-accounts.md | 328 +++ .../console-2026-05-08T21-45-11-820Z.log | 2 + .../console-2026-05-08T21-48-04-319Z.log | 2 + .../console-2026-05-08T21-48-18-603Z.log | 2 + .../console-2026-05-08T21-48-23-115Z.log | 2 + .../console-2026-05-08T21-50-33-480Z.log | 2 + .../console-2026-05-08T21-50-50-409Z.log | 1 + .../console-2026-05-08T21-50-54-130Z.log | 1 + .../page-2026-05-08T21-45-12-712Z.yml | 5 + .../page-2026-05-08T21-48-04-721Z.yml | 5 + .../page-2026-05-08T21-48-12-156Z.yml | 19 + .../page-2026-05-08T21-48-18-924Z.yml | 5 + .../page-2026-05-08T21-48-23-425Z.yml | 5 + .../page-2026-05-08T21-50-33-675Z.yml | 5 + .../page-2026-05-08T21-50-44-525Z.yml | 2095 +++++++++++++++ .../page-2026-05-08T21-50-50-813Z.yml | 158 ++ .../page-2026-05-08T21-50-54-493Z.yml | 158 ++ CHANGELOG.md | 92 + CLAUDE.md | 135 + Dockerfile | 11 +- README.md | 11 +- Tuto_Qdrant.MD | 138 + bin/cli/args.mjs | 47 + bin/cli/commands/doctor.mjs | 518 ++++ bin/cli/commands/providers.mjs | 428 +++ bin/cli/commands/setup.mjs | 200 ++ bin/cli/data-dir.mjs | 38 + bin/cli/encryption.mjs | 62 + bin/cli/index.mjs | 19 + bin/cli/io.mjs | 36 + bin/cli/provider-catalog.mjs | 175 ++ bin/cli/provider-store.mjs | 276 ++ bin/cli/provider-test.mjs | 181 ++ bin/cli/settings-store.mjs | 45 + bin/cli/sqlite.mjs | 37 + bin/omniroute.mjs | 41 + docker-compose.prod.yml | 19 + docker-compose.yml | 19 + docs/API_REFERENCE.md | 4 +- docs/CLI-TOOLS.md | 2 +- docs/RFC-AUTO-ASSESSMENT.md | 64 +- docs/SETUP_GUIDE.md | 31 + docs/USER_GUIDE.md | 74 +- docs/i18n/ar/CHANGELOG.md | 783 +++++- docs/i18n/ar/README.md | 8 +- docs/i18n/ar/docs/API_REFERENCE.md | 4 +- docs/i18n/ar/docs/CLI-TOOLS.md | 2 +- docs/i18n/ar/llm.txt | 43 +- docs/i18n/bg/CHANGELOG.md | 783 +++++- docs/i18n/bg/README.md | 8 +- docs/i18n/bg/docs/API_REFERENCE.md | 4 +- docs/i18n/bg/docs/CLI-TOOLS.md | 2 +- docs/i18n/bg/llm.txt | 43 +- docs/i18n/bn/CHANGELOG.md | 783 +++++- docs/i18n/bn/README.md | 8 +- docs/i18n/bn/docs/API_REFERENCE.md | 4 +- docs/i18n/bn/docs/CLI-TOOLS.md | 2 +- docs/i18n/bn/llm.txt | 477 ++++ docs/i18n/cs/CHANGELOG.md | 783 +++++- docs/i18n/cs/README.md | 8 +- docs/i18n/cs/docs/API_REFERENCE.md | 4 +- docs/i18n/cs/docs/CLI-TOOLS.md | 2 +- docs/i18n/cs/llm.txt | 43 +- docs/i18n/da/CHANGELOG.md | 783 +++++- docs/i18n/da/README.md | 8 +- docs/i18n/da/docs/API_REFERENCE.md | 4 +- docs/i18n/da/docs/CLI-TOOLS.md | 2 +- docs/i18n/da/llm.txt | 43 +- docs/i18n/de/CHANGELOG.md | 783 +++++- docs/i18n/de/README.md | 8 +- docs/i18n/de/docs/API_REFERENCE.md | 4 +- docs/i18n/de/docs/CLI-TOOLS.md | 2 +- docs/i18n/de/llm.txt | 43 +- docs/i18n/es/CHANGELOG.md | 783 +++++- docs/i18n/es/README.md | 8 +- docs/i18n/es/docs/API_REFERENCE.md | 4 +- docs/i18n/es/docs/CLI-TOOLS.md | 2 +- docs/i18n/es/llm.txt | 43 +- docs/i18n/fa/CHANGELOG.md | 783 +++++- docs/i18n/fa/README.md | 8 +- docs/i18n/fa/docs/API_REFERENCE.md | 4 +- docs/i18n/fa/docs/CLI-TOOLS.md | 2 +- docs/i18n/fa/llm.txt | 477 ++++ docs/i18n/fi/CHANGELOG.md | 783 +++++- docs/i18n/fi/README.md | 8 +- docs/i18n/fi/docs/API_REFERENCE.md | 4 +- docs/i18n/fi/docs/CLI-TOOLS.md | 2 +- docs/i18n/fi/llm.txt | 43 +- docs/i18n/fr/CHANGELOG.md | 781 +++++- docs/i18n/fr/README.md | 8 +- docs/i18n/fr/docs/API_REFERENCE.md | 4 +- docs/i18n/fr/docs/CLI-TOOLS.md | 2 +- docs/i18n/fr/llm.txt | 43 +- docs/i18n/gu/CHANGELOG.md | 783 +++++- docs/i18n/gu/README.md | 8 +- docs/i18n/gu/docs/API_REFERENCE.md | 4 +- docs/i18n/gu/docs/CLI-TOOLS.md | 2 +- docs/i18n/gu/llm.txt | 477 ++++ docs/i18n/he/CHANGELOG.md | 783 +++++- docs/i18n/he/README.md | 8 +- docs/i18n/he/docs/API_REFERENCE.md | 4 +- docs/i18n/he/docs/CLI-TOOLS.md | 2 +- docs/i18n/he/llm.txt | 43 +- docs/i18n/hi/CHANGELOG.md | 783 +++++- docs/i18n/hi/README.md | 8 +- docs/i18n/hi/docs/API_REFERENCE.md | 4 +- docs/i18n/hi/docs/CLI-TOOLS.md | 2 +- docs/i18n/hi/llm.txt | 43 +- docs/i18n/hu/CHANGELOG.md | 783 +++++- docs/i18n/hu/README.md | 8 +- docs/i18n/hu/docs/API_REFERENCE.md | 4 +- docs/i18n/hu/docs/CLI-TOOLS.md | 2 +- docs/i18n/hu/llm.txt | 43 +- docs/i18n/id/CHANGELOG.md | 783 +++++- docs/i18n/id/README.md | 8 +- docs/i18n/id/docs/API_REFERENCE.md | 4 +- docs/i18n/id/docs/CLI-TOOLS.md | 2 +- docs/i18n/id/llm.txt | 43 +- docs/i18n/in/CHANGELOG.md | 2394 ++++++++++++++++- docs/i18n/in/README.md | 8 +- docs/i18n/in/docs/API_REFERENCE.md | 4 +- docs/i18n/in/docs/CLI-TOOLS.md | 2 +- docs/i18n/in/llm.txt | 43 +- docs/i18n/it/CHANGELOG.md | 783 +++++- docs/i18n/it/README.md | 8 +- docs/i18n/it/docs/API_REFERENCE.md | 4 +- docs/i18n/it/docs/CLI-TOOLS.md | 2 +- docs/i18n/it/llm.txt | 43 +- docs/i18n/ja/CHANGELOG.md | 783 +++++- docs/i18n/ja/README.md | 8 +- docs/i18n/ja/docs/API_REFERENCE.md | 4 +- docs/i18n/ja/docs/CLI-TOOLS.md | 2 +- docs/i18n/ja/llm.txt | 43 +- docs/i18n/ko/CHANGELOG.md | 783 +++++- docs/i18n/ko/README.md | 8 +- docs/i18n/ko/docs/API_REFERENCE.md | 4 +- docs/i18n/ko/docs/CLI-TOOLS.md | 2 +- docs/i18n/ko/llm.txt | 43 +- docs/i18n/mr/CHANGELOG.md | 783 +++++- docs/i18n/mr/README.md | 8 +- docs/i18n/mr/docs/API_REFERENCE.md | 4 +- docs/i18n/mr/docs/CLI-TOOLS.md | 2 +- docs/i18n/mr/llm.txt | 477 ++++ docs/i18n/ms/CHANGELOG.md | 783 +++++- docs/i18n/ms/README.md | 8 +- docs/i18n/ms/docs/API_REFERENCE.md | 4 +- docs/i18n/ms/docs/CLI-TOOLS.md | 2 +- docs/i18n/ms/llm.txt | 43 +- docs/i18n/nl/CHANGELOG.md | 783 +++++- docs/i18n/nl/README.md | 8 +- docs/i18n/nl/docs/API_REFERENCE.md | 4 +- docs/i18n/nl/docs/CLI-TOOLS.md | 2 +- docs/i18n/nl/llm.txt | 43 +- docs/i18n/no/CHANGELOG.md | 783 +++++- docs/i18n/no/README.md | 8 +- docs/i18n/no/docs/API_REFERENCE.md | 4 +- docs/i18n/no/docs/CLI-TOOLS.md | 2 +- docs/i18n/no/llm.txt | 43 +- docs/i18n/phi/CHANGELOG.md | 783 +++++- docs/i18n/phi/README.md | 8 +- docs/i18n/phi/docs/API_REFERENCE.md | 4 +- docs/i18n/phi/docs/CLI-TOOLS.md | 2 +- docs/i18n/phi/llm.txt | 43 +- docs/i18n/pl/CHANGELOG.md | 783 +++++- docs/i18n/pl/README.md | 8 +- docs/i18n/pl/docs/API_REFERENCE.md | 4 +- docs/i18n/pl/docs/CLI-TOOLS.md | 2 +- docs/i18n/pl/llm.txt | 43 +- docs/i18n/pt-BR/CHANGELOG.md | 783 +++++- docs/i18n/pt-BR/README.md | 8 +- docs/i18n/pt-BR/docs/API_REFERENCE.md | 4 +- docs/i18n/pt-BR/docs/CLI-TOOLS.md | 2 +- docs/i18n/pt-BR/llm.txt | 43 +- docs/i18n/pt/CHANGELOG.md | 783 +++++- docs/i18n/pt/README.md | 8 +- docs/i18n/pt/docs/API_REFERENCE.md | 4 +- docs/i18n/pt/docs/CLI-TOOLS.md | 2 +- docs/i18n/pt/llm.txt | 43 +- docs/i18n/ro/CHANGELOG.md | 783 +++++- docs/i18n/ro/README.md | 8 +- docs/i18n/ro/docs/API_REFERENCE.md | 4 +- docs/i18n/ro/docs/CLI-TOOLS.md | 2 +- docs/i18n/ro/llm.txt | 43 +- docs/i18n/ru/CHANGELOG.md | 783 +++++- docs/i18n/ru/README.md | 8 +- docs/i18n/ru/docs/API_REFERENCE.md | 4 +- docs/i18n/ru/docs/CLI-TOOLS.md | 2 +- docs/i18n/ru/llm.txt | 43 +- docs/i18n/sk/CHANGELOG.md | 783 +++++- docs/i18n/sk/README.md | 8 +- docs/i18n/sk/docs/API_REFERENCE.md | 4 +- docs/i18n/sk/docs/CLI-TOOLS.md | 2 +- docs/i18n/sk/llm.txt | 43 +- docs/i18n/sv/CHANGELOG.md | 783 +++++- docs/i18n/sv/README.md | 8 +- docs/i18n/sv/docs/API_REFERENCE.md | 4 +- docs/i18n/sv/docs/CLI-TOOLS.md | 2 +- docs/i18n/sv/llm.txt | 43 +- docs/i18n/sw/CHANGELOG.md | 783 +++++- docs/i18n/sw/README.md | 8 +- docs/i18n/sw/docs/API_REFERENCE.md | 4 +- docs/i18n/sw/docs/CLI-TOOLS.md | 2 +- docs/i18n/sw/llm.txt | 477 ++++ docs/i18n/ta/CHANGELOG.md | 783 +++++- docs/i18n/ta/README.md | 8 +- docs/i18n/ta/docs/API_REFERENCE.md | 4 +- docs/i18n/ta/docs/CLI-TOOLS.md | 2 +- docs/i18n/ta/llm.txt | 477 ++++ docs/i18n/te/CHANGELOG.md | 783 +++++- docs/i18n/te/README.md | 8 +- docs/i18n/te/docs/API_REFERENCE.md | 4 +- docs/i18n/te/docs/CLI-TOOLS.md | 2 +- docs/i18n/te/llm.txt | 477 ++++ docs/i18n/th/CHANGELOG.md | 783 +++++- docs/i18n/th/README.md | 8 +- docs/i18n/th/docs/API_REFERENCE.md | 4 +- docs/i18n/th/docs/CLI-TOOLS.md | 2 +- docs/i18n/th/llm.txt | 43 +- docs/i18n/tr/CHANGELOG.md | 783 +++++- docs/i18n/tr/README.md | 8 +- docs/i18n/tr/docs/API_REFERENCE.md | 4 +- docs/i18n/tr/docs/CLI-TOOLS.md | 2 +- docs/i18n/tr/llm.txt | 43 +- docs/i18n/uk-UA/CHANGELOG.md | 783 +++++- docs/i18n/uk-UA/README.md | 8 +- docs/i18n/uk-UA/docs/API_REFERENCE.md | 4 +- docs/i18n/uk-UA/docs/CLI-TOOLS.md | 2 +- docs/i18n/uk-UA/llm.txt | 43 +- docs/i18n/ur/CHANGELOG.md | 783 +++++- docs/i18n/ur/README.md | 8 +- docs/i18n/ur/docs/API_REFERENCE.md | 4 +- docs/i18n/ur/docs/CLI-TOOLS.md | 2 +- docs/i18n/ur/llm.txt | 477 ++++ docs/i18n/vi/CHANGELOG.md | 783 +++++- docs/i18n/vi/README.md | 8 +- docs/i18n/vi/docs/API_REFERENCE.md | 4 +- docs/i18n/vi/docs/CLI-TOOLS.md | 2 +- docs/i18n/vi/llm.txt | 43 +- docs/i18n/zh-CN/CHANGELOG.md | 783 +++++- docs/i18n/zh-CN/README.md | 8 +- docs/i18n/zh-CN/docs/API_REFERENCE.md | 4 +- docs/i18n/zh-CN/docs/CLI-TOOLS.md | 2 +- docs/i18n/zh-CN/llm.txt | 43 +- docs/openapi.yaml | 2 +- electron/package-lock.json | 253 +- electron/package.json | 10 +- llm.txt | 8 +- next.config.mjs | 9 + open-sse/config/anthropicHeaders.ts | 2 +- open-sse/config/antigravityUpstream.ts | 4 +- open-sse/config/audioRegistry.ts | 31 +- open-sse/config/cliFingerprints.ts | 42 +- open-sse/config/codexClient.ts | 2 +- open-sse/config/constants.ts | 13 +- open-sse/config/embeddingRegistry.ts | 8 + open-sse/config/glmProvider.ts | 341 ++- open-sse/config/imageRegistry.ts | 55 +- open-sse/config/musicRegistry.ts | 15 + open-sse/config/providerHeaderProfiles.ts | 4 +- open-sse/config/providerRegistry.ts | 412 ++- open-sse/config/videoRegistry.ts | 29 + open-sse/executors/antigravity.ts | 318 ++- open-sse/executors/base.ts | 319 ++- open-sse/executors/claudeIdentity.ts | 373 +++ open-sse/executors/codex.ts | 2 +- open-sse/executors/cursor.ts | 1724 ++++++------ open-sse/executors/gemini-cli.ts | 29 +- open-sse/executors/glm.ts | 400 +++ open-sse/executors/index.ts | 6 + open-sse/executors/kie.ts | 109 + open-sse/executors/kiro.ts | 22 +- open-sse/executors/vertex.ts | 6 +- open-sse/handlers/audioSpeech.ts | 192 +- open-sse/handlers/audioTranscription.ts | 94 + open-sse/handlers/chatCore.ts | 225 +- open-sse/handlers/embeddings.ts | 98 +- open-sse/handlers/imageGeneration.ts | 257 +- open-sse/handlers/musicGeneration.ts | 202 ++ open-sse/handlers/videoGeneration.ts | 138 + .../__tests__/glmCodingProviderConfig.test.ts | 70 +- open-sse/package.json | 2 +- .../__tests__/chatgptTlsClient.test.ts | 96 + .../__tests__/manifestAdapter.test.ts | 136 + .../__tests__/specificityDetector.test.ts | 240 ++ .../services/__tests__/tierResolver.test.ts | 216 ++ open-sse/services/accountFallback.ts | 34 +- open-sse/services/antigravityHeaders.ts | 31 +- open-sse/services/antigravityIdentity.ts | 108 + open-sse/services/antigravityVersion.ts | 25 +- open-sse/services/autoCombo/scoring.ts | 96 +- open-sse/services/batchProcessor.ts | 668 +++-- open-sse/services/chatgptTlsClient.ts | 45 + open-sse/services/claudeCodeCompatible.ts | 4 +- open-sse/services/combo.ts | 562 +++- open-sse/services/comboConfig.ts | 6 + open-sse/services/comboManifestMetrics.ts | 13 + open-sse/services/compression/bodyAdapter.ts | 160 ++ .../compression/engines/cavemanAdapter.ts | 30 +- .../compression/engines/rtk/codeStripper.ts | 38 +- .../services/compression/engines/rtk/index.ts | 90 +- open-sse/services/compression/outputMode.ts | 6 +- .../compression/rules/es/context.json | 49 + .../services/compression/rules/es/dedup.json | 38 + .../services/compression/rules/es/filler.json | 40 + .../compression/rules/es/structural.json | 75 + .../services/compression/rules/es/ultra.json | 107 + .../services/compression/strategySelector.ts | 45 +- open-sse/services/cursorSessionManager.ts | 167 ++ open-sse/services/deepseekQuotaFetcher.ts | 244 ++ open-sse/services/geminiCliHeaders.ts | 2 +- open-sse/services/manifestAdapter.ts | 134 + open-sse/services/model.ts | 109 +- open-sse/services/providerCostData.ts | 49 + open-sse/services/providerRequestDefaults.ts | 1 + open-sse/services/quotaPreflight.ts | 6 +- open-sse/services/specificityDetector.ts | 89 + open-sse/services/specificityRules.ts | 257 ++ open-sse/services/specificityTypes.ts | 43 + open-sse/services/tierConfig.ts | 75 + open-sse/services/tierDefaults.json | 27 + open-sse/services/tierResolver.ts | 144 + open-sse/services/tierTypes.ts | 40 + open-sse/services/toolLimitDetector.ts | 63 + open-sse/services/usage.ts | 275 +- open-sse/translator/helpers/geminiHelper.ts | 4 +- .../translator/request/openai-to-claude.ts | 24 +- .../translator/request/openai-to-gemini.ts | 138 +- open-sse/translator/request/openai-to-kiro.ts | 75 +- open-sse/utils/cursorAgentProtobuf.ts | 1369 ++++++++++ open-sse/utils/cursorProtobuf.ts | 897 ------ open-sse/utils/cursorVersionDetector.ts | 2 +- open-sse/utils/kieTask.ts | 127 + open-sse/utils/requestLogger.ts | 4 + open-sse/utils/sleep.ts | 9 + open-sse/utils/sseHeartbeat.ts | 8 +- open-sse/utils/streamHandler.ts | 7 +- open-sse/utils/streamReadiness.ts | 40 +- package-lock.json | 768 +++--- package.json | 59 +- package/package.json | 225 ++ public/providers/agentrouter.png | Bin 0 -> 9597 bytes public/providers/alibaba.png | Bin 4859 -> 0 bytes public/providers/alicode-intl.png | Bin 4859 -> 0 bytes public/providers/alicode.png | Bin 4859 -> 0 bytes public/providers/anthropic.png | Bin 2736 -> 0 bytes public/providers/antigravity.png | Bin 11588 -> 0 bytes public/providers/assemblyai.svg | 12 - public/providers/aws-polly.png | Bin 1734 -> 0 bytes public/providers/bailian-coding-plan.png | Bin 4859 -> 0 bytes public/providers/brave-search.png | Bin 3304 -> 0 bytes public/providers/brave-search.svg | 1 + public/providers/brave.png | Bin 3304 -> 0 bytes public/providers/cerebras.png | Bin 2295 -> 0 bytes public/providers/clarifai.svg | 13 + public/providers/claude.png | Bin 11797 -> 0 bytes public/providers/claude.svg | 1 + public/providers/cline.png | Bin 15547 -> 0 bytes public/providers/cloudflare-ai.svg | 1 - public/providers/codex.png | Bin 5819 -> 0 bytes public/providers/codex.svg | 1 + public/providers/cohere.png | Bin 2791 -> 0 bytes public/providers/comfyui.svg | 1 - public/providers/databricks.png | Bin 2307 -> 0 bytes public/providers/deepseek.png | Bin 2393 -> 0 bytes public/providers/docker-model-runner.svg | 1 + public/providers/droid.png | Bin 6875 -> 0 bytes public/providers/droid.svg | 1 + public/providers/elevenlabs.svg | 6 - public/providers/exa-search.png | Bin 6768 -> 0 bytes public/providers/exa-search.svg | 4 - public/providers/exa.svg | 4 - public/providers/fireworks.png | Bin 2612 -> 0 bytes public/providers/gemini-cli.png | Bin 11646 -> 0 bytes public/providers/gemini-cli.svg | 1 + public/providers/gemini.png | Bin 9927 -> 0 bytes public/providers/github.png | Bin 27346 -> 0 bytes public/providers/gitlab-duo.png | Bin 1196 -> 0 bytes public/providers/gitlab-duo.svg | 24 + public/providers/gitlab.png | Bin 1196 -> 0 bytes public/providers/gitlab.svg | 24 + public/providers/glm.png | Bin 2548 -> 0 bytes public/providers/groq.png | Bin 2882 -> 0 bytes public/providers/huggingface.svg | 37 - public/providers/hyperbolic.svg | 13 - public/providers/kie.png | Bin 0 -> 52959 bytes public/providers/kilo-gateway.png | Bin 472 -> 0 bytes public/providers/kilo-gateway.svg | 1 + public/providers/kilocode.png | Bin 314 -> 0 bytes public/providers/kilocode.svg | 1 + public/providers/kimi-coding-apikey.png | Bin 18477 -> 0 bytes public/providers/kimi-coding.png | Bin 18477 -> 0 bytes public/providers/kimi.png | Bin 18477 -> 0 bytes public/providers/kiro.png | Bin 8905 -> 0 bytes public/providers/kiro.svg | 1 + public/providers/lemonade.png | Bin 0 -> 25562 bytes public/providers/llamafile.png | Bin 0 -> 192117 bytes public/providers/longcat.png | Bin 14685 -> 0 bytes public/providers/maritalk.png | Bin 1742 -> 252640 bytes public/providers/minimax-cn.png | Bin 15349 -> 0 bytes public/providers/minimax.png | Bin 15349 -> 0 bytes public/providers/mistral.png | Bin 2106 -> 0 bytes public/providers/modal.png | Bin 2705 -> 0 bytes public/providers/modal.svg | 1 + public/providers/nanobanana.svg | 12 - public/providers/nebius.png | Bin 2335 -> 0 bytes public/providers/nlpcloud.svg | 1 + public/providers/nvidia.png | Bin 2582 -> 0 bytes public/providers/oci.png | Bin 1243 -> 0 bytes public/providers/oci.svg | 13 + public/providers/ollama-cloud.png | 375 --- public/providers/openai.png | Bin 1117 -> 0 bytes public/providers/opencode-go.svg | 18 - public/providers/opencode-zen.svg | 18 - public/providers/openrouter.png | Bin 8824 -> 0 bytes public/providers/perplexity-search.png | Bin 7175 -> 0 bytes public/providers/perplexity.png | Bin 7175 -> 0 bytes public/providers/poe.png | Bin 2509 -> 0 bytes public/providers/pollinations.png | Bin 18844 -> 0 bytes public/providers/qoder.png | Bin 1934 -> 0 bytes public/providers/qwen.png | Bin 14534 -> 0 bytes public/providers/recraft.png | Bin 1176 -> 0 bytes public/providers/roo.png | Bin 3084 -> 0 bytes public/providers/runwayml.png | Bin 1218 -> 0 bytes public/providers/sap.svg | 1 + public/providers/sdwebui.svg | 1 - public/providers/searxng-search.svg | 1 + public/providers/serper-search.png | Bin 2798 -> 0 bytes public/providers/serper-search.svg | 1 + public/providers/serper.png | Bin 2798 -> 0 bytes public/providers/siliconflow.png | Bin 47179 -> 0 bytes public/providers/tavily-search.png | Bin 1306 -> 0 bytes public/providers/tavily.png | Bin 1306 -> 0 bytes public/providers/together.png | Bin 2024 -> 0 bytes public/providers/triton.png | Bin 1829 -> 0 bytes public/providers/venice.png | Bin 1372 -> 0 bytes public/providers/vertex.svg | 1 - public/providers/voyage-ai.png | Bin 1223 -> 0 bytes public/providers/wandb.png | Bin 1242 -> 0 bytes public/providers/wandb.svg | 1 + public/providers/windsurf.svg | 6 - public/providers/xai.png | Bin 2651 -> 0 bytes public/providers/youcom-search.png | Bin 3024 -> 0 bytes public/providers/youcom-search.svg | 17 + public/providers/zai.svg | 1 - scripts/bootstrap-env.mjs | 9 +- scripts/check-docs-sync.mjs | 62 + scripts/cursor-tap.cjs | 176 ++ scripts/generate-docs-index.mjs | 46 + scripts/run-next-playwright.mjs | 1 + scripts/scratch/check_usage.js | 34 + scripts/sync-cursor-models.mjs | 130 + scripts/sync-env.mjs | 9 +- .../(dashboard)/dashboard/BootstrapBanner.tsx | 25 +- .../api-manager/ApiManagerPageClient.tsx | 274 +- .../dashboard/batch/BatchDetailModal.tsx | 41 +- .../dashboard/batch/BatchListTab.tsx | 43 +- .../dashboard/batch/FileDetailModal.tsx | 240 ++ .../dashboard/batch/FilesListTab.tsx | 204 +- .../dashboard/batch/batch-utils.ts | 40 + src/app/(dashboard)/dashboard/batch/page.tsx | 224 +- .../dashboard/cache/media/MediaPageClient.tsx | 259 +- .../components/AntigravityToolCard.tsx | 15 +- .../cli-tools/components/ClaudeToolCard.tsx | 14 +- .../cli-tools/components/ClineToolCard.tsx | 20 +- .../cli-tools/components/CodexToolCard.tsx | 15 +- .../cli-tools/components/DefaultToolCard.tsx | 15 +- .../cli-tools/components/DroidToolCard.tsx | 15 +- src/app/(dashboard)/dashboard/combos/page.tsx | 106 +- .../dashboard/endpoint/EndpointPageClient.tsx | 41 +- .../dashboard/providers/[id]/page.tsx | 721 +++-- .../providers/components/ProviderCard.tsx | 18 +- .../(dashboard)/dashboard/providers/page.tsx | 28 +- .../settings/components/MemorySkillsTab.tsx | 435 ++- .../settings/components/ProxyTab.tsx | 110 +- .../settings/components/RoutingTab.tsx | 41 +- .../settings/components/SystemStorageTab.tsx | 130 +- .../(dashboard)/dashboard/settings/page.tsx | 2 + .../ProviderLimits/ProviderLimitCard.tsx | 1 + .../usage/components/ProviderLimits/index.tsx | 107 +- .../usage/components/ProviderLimits/utils.tsx | 103 +- src/app/api/batches/[id]/route.ts | 19 + .../api/cli-tools/antigravity-mitm/route.ts | 8 +- src/app/api/keys/[id]/regenerate/route.ts | 36 + src/app/api/keys/[id]/route.ts | 12 + src/app/api/keys/route.ts | 4 +- src/app/api/providers/[id]/models/route.ts | 96 +- src/app/api/providers/[id]/route.ts | 2 + src/app/api/providers/route.ts | 53 + src/app/api/settings/combo-defaults/route.ts | 1 + src/app/api/settings/mitm/route.ts | 12 +- src/app/api/settings/model-aliases/route.ts | 6 +- src/app/api/settings/oneproxy/route.ts | 21 +- .../settings/qdrant/embedding-models/route.ts | 93 + src/app/api/settings/require-login/route.ts | 2 +- src/app/api/usage/analytics/route.ts | 255 +- src/app/api/v1/_helpers/apiKeyScope.ts | 6 +- src/app/api/v1/batches/route.ts | 5 +- src/app/api/v1/embeddings/route.ts | 189 +- src/app/api/v1/files/[id]/content/route.ts | 6 +- src/app/api/v1/files/route.ts | 4 +- src/app/api/v1/models/catalog.ts | 56 +- src/app/docs/components/ApiExplorerClient.tsx | 2 +- src/app/docs/components/DocsSidebarClient.tsx | 2 +- src/app/landing/components/FlowAnimation.tsx | 20 +- src/app/login/page.tsx | 239 +- src/domain/costRules.ts | 3 +- src/i18n/messages/ar.json | 56 +- src/i18n/messages/bg.json | 58 +- src/i18n/messages/bn.json | 56 +- src/i18n/messages/cs.json | 58 +- src/i18n/messages/da.json | 58 +- src/i18n/messages/de.json | 74 +- src/i18n/messages/en.json | 81 +- src/i18n/messages/es.json | 58 +- src/i18n/messages/fa.json | 56 +- src/i18n/messages/fi.json | 58 +- src/i18n/messages/fr.json | 58 +- src/i18n/messages/gu.json | 56 +- src/i18n/messages/he.json | 58 +- src/i18n/messages/hi.json | 58 +- src/i18n/messages/hu.json | 58 +- src/i18n/messages/id.json | 62 +- src/i18n/messages/in.json | 56 +- src/i18n/messages/it.json | 58 +- src/i18n/messages/ja.json | 58 +- src/i18n/messages/ko.json | 58 +- src/i18n/messages/mr.json | 56 +- src/i18n/messages/ms.json | 58 +- src/i18n/messages/nl.json | 58 +- src/i18n/messages/no.json | 58 +- src/i18n/messages/phi.json | 58 +- src/i18n/messages/pl.json | 58 +- src/i18n/messages/pt-BR.json | 58 +- src/i18n/messages/pt.json | 58 +- src/i18n/messages/ro.json | 58 +- src/i18n/messages/ru.json | 58 +- src/i18n/messages/sk.json | 58 +- src/i18n/messages/sv.json | 58 +- src/i18n/messages/sw.json | 56 +- src/i18n/messages/ta.json | 56 +- src/i18n/messages/te.json | 56 +- src/i18n/messages/th.json | 58 +- src/i18n/messages/tr.json | 58 +- src/i18n/messages/uk-UA.json | 58 +- src/i18n/messages/ur.json | 56 +- src/i18n/messages/vi.json | 58 +- src/i18n/messages/zh-CN.json | 58 +- src/lib/api/requireManagementAuth.ts | 43 +- src/lib/batches/dispatch.ts | 6 +- src/lib/dataPaths.ts | 15 +- src/lib/db/apiKeys.ts | 242 +- src/lib/db/batches.ts | 39 +- src/lib/db/combos.ts | 6 + src/lib/db/compressionAnalytics.ts | 19 +- src/lib/db/core.ts | 6 + src/lib/db/domainState.ts | 13 +- src/lib/db/files.ts | 73 +- src/lib/db/migrationRunner.ts | 24 +- src/lib/db/migrations/001_initial_schema.sql | 2 + .../db/migrations/051_hot_path_db_indexes.sql | 10 + .../db/migrations/052_manifest_routing.sql | 21 + .../053_remove_status_from_files.sql | 2 + .../054_usage_history_service_tier.sql | 4 + src/lib/db/modelComboMappings.ts | 6 +- src/lib/db/providers.ts | 18 + src/lib/db/proxies.ts | 15 + src/lib/db/registeredKeys.ts | 1 + src/lib/db/settings.ts | 65 +- src/lib/db/tierConfig.ts | 41 + src/lib/embeddings/service.ts | 160 ++ src/lib/localDb.ts | 5 +- src/lib/memory/qdrant.ts | 409 +++ src/lib/modelCapabilities.ts | 5 +- src/lib/oauth/constants/oauth.ts | 13 +- src/lib/oauth/providers/antigravity.ts | 2 + src/lib/oauth/providers/claude.ts | 117 +- src/lib/oauth/services/antigravity.ts | 2 + src/lib/providerModels/cursorAgent.ts | 166 ++ src/lib/providers/codexFastTier.ts | 65 + src/lib/providers/validation.ts | 97 + src/lib/usage/callLogs.ts | 53 +- src/lib/usage/costCalculator.ts | 55 +- src/lib/usage/fetcher.ts | 17 +- src/lib/usage/providerLimits.ts | 99 +- src/lib/usage/usageHistory.ts | 13 +- src/lib/usage/usageStats.ts | 62 +- src/lib/usageAnalytics.ts | 28 +- src/mitm/cert/install.ts | 54 +- src/mitm/manager.runtime.ts | 5 + src/mitm/manager.stub.ts | 27 +- src/mitm/server.cjs | 33 +- src/models/index.ts | 1 + src/shared/components/ProviderIcon.tsx | 101 +- src/shared/components/Toggle.tsx | 6 +- src/shared/components/UsageAnalytics.tsx | 27 +- src/shared/components/analytics/charts.tsx | 65 + src/shared/components/analytics/index.tsx | 1 + src/shared/components/lobeProviderIcons.ts | 15 + src/shared/constants/batch.ts | 1 + src/shared/constants/cliTools.ts | 10 +- src/shared/constants/providers.ts | 140 +- src/shared/constants/publicApiRoutes.ts | 6 +- src/shared/constants/routingStrategies.ts | 8 + src/shared/utils/apiAuth.ts | 8 + src/shared/utils/apiKeyPolicy.ts | 121 +- src/shared/utils/rateLimiter.ts | 142 + src/shared/utils/runtimeTimeouts.ts | 12 + src/shared/validation/schemas.ts | 29 +- src/shared/validation/settingsSchemas.ts | 1 + src/sse/handlers/chat.ts | 158 +- src/sse/handlers/chatHelpers.ts | 98 +- src/sse/services/auth.ts | 10 +- src/sse/services/model.ts | 4 +- src/types/combo.ts | 1 + src/types/settings.ts | 1 + tests/e2e/settings-toggles.spec.ts | 12 +- tests/fixtures/cursor/.gitignore | 5 + .../integration/batch-e2e-rate-limit.test.ts | 354 +++ .../batch-processor-escaping.test.ts | 265 ++ tests/integration/chat-pipeline.test.ts | 9 +- tests/integration/cursor-e2e.test.ts | 147 + tests/integration/files-api.test.ts | 228 ++ tests/integration/manifest-routing.test.ts | 77 + tests/manual/batch.http | 53 + tests/manual/embedding.http | 27 +- tests/manual/image-generation.http | 4 +- .../unit/anthropic-cache-fingerprint.test.ts | 2 +- tests/unit/antigravity-model-aliases.test.ts | 33 +- tests/unit/antigravity-version.test.ts | 26 +- tests/unit/api-auth.test.ts | 85 + tests/unit/api-key-policy.test.ts | 5 +- tests/unit/api-key-regeneration.test.ts | 62 + .../unit/audio-transcription-handler.test.ts | 33 +- tests/unit/authz/pipeline.test.ts | 34 + .../unit/bailian-coding-plan-provider.test.ts | 2 +- tests/unit/batch-maybe-throttle.test.ts | 134 + tests/unit/batch-processor-expiration.test.ts | 162 ++ tests/unit/batch-processor.test.ts | 228 ++ tests/unit/batch_api.test.ts | 36 +- tests/unit/batch_results.test.ts | 132 + tests/unit/bootstrap-env.test.ts | 17 + tests/unit/call-log-cap.test.ts | 5 +- tests/unit/chat-cooldown-aware-retry.test.ts | 85 +- tests/unit/chat-helpers.test.ts | 53 + tests/unit/chatcore-translation-paths.test.ts | 11 +- tests/unit/claude-oauth-provider.test.ts | 32 + tests/unit/cli-args.test.ts | 21 + tests/unit/cli-doctor-command.test.ts | 111 + tests/unit/cli-providers-command.test.ts | 147 + tests/unit/cli-setup-command.test.ts | 176 ++ tests/unit/cli-tools.test.ts | 6 +- tests/unit/codex-fast-tier.test.ts | 55 + tests/unit/combo-499-abort.test.ts | 2 +- tests/unit/combo-config.test.ts | 3 + tests/unit/combo-context-length.test.ts | 265 ++ tests/unit/combo-routing-engine.test.ts | 3 + tests/unit/combo-strategies.test.ts | 395 ++- tests/unit/compression/body-adapter.test.ts | 189 ++ .../compression/compressionAnalytics.test.ts | 31 + tests/unit/compression/language-packs.test.ts | 31 + tests/unit/compression/outputMode.test.ts | 11 + .../compression/rtk-code-stripper.test.ts | 89 +- tests/unit/cursor-agent-exec-router.test.ts | 219 ++ tests/unit/cursor-agent-models.test.ts | 42 + tests/unit/cursor-agent-protobuf.test.ts | 490 ++++ tests/unit/cursor-agent-session.test.ts | 227 ++ tests/unit/cursor-agent-system-prompt.test.ts | 122 + tests/unit/cursor-agent-tool-calls.test.ts | 236 ++ tests/unit/cursor-protobuf.test.ts | 318 --- tests/unit/cursor-streaming.test.ts | 276 ++ tests/unit/db-apikeys-crud.test.ts | 30 + tests/unit/db-migration-runner.test.ts | 291 ++ tests/unit/db-providers-crud.test.ts | 34 + tests/unit/deepseek-quota-fetcher.test.ts | 329 +++ tests/unit/embeddings-auth.test.ts | 110 + tests/unit/executor-antigravity.test.ts | 82 +- tests/unit/executor-codex.test.ts | 12 +- tests/unit/executor-cursor-extended.test.ts | 549 ---- tests/unit/executor-gemini-cli.test.ts | 19 +- tests/unit/executor-vertex-extended.test.ts | 2 +- tests/unit/file-deletion.test.ts | 149 + tests/unit/file-expiration-policy.test.ts | 146 + tests/unit/glm-executor.test.ts | 617 +++++ .../glm-provider-model-import-route.test.ts | 168 ++ tests/unit/image-generation-handler.test.ts | 62 +- tests/unit/kie-executor-routing.test.ts | 12 + tests/unit/login-bootstrap-route.test.ts | 24 + tests/unit/model-alias-route.test.ts | 4 +- tests/unit/model-combo-mappings-db.test.ts | 37 +- tests/unit/model-cross-proxy-compat.test.ts | 15 +- tests/unit/model-test-route.test.ts | 4 +- tests/unit/models-catalog-route.test.ts | 84 + tests/unit/music-generation-handler.test.ts | 58 + tests/unit/oauth-providers-config.test.ts | 25 +- tests/unit/payload-rules-route.test.ts | 4 +- tests/unit/plan3-p0.test.ts | 4 +- tests/unit/provider-limits-ui.test.ts | 31 + tests/unit/provider-models-route.test.ts | 10 +- .../providers-route-managed-catalog.test.ts | 69 + tests/unit/proxy-management-v1-route.test.ts | 8 +- tests/unit/public-api-routes.test.ts | 4 +- tests/unit/qianfan-provider.test.ts | 17 +- tests/unit/registry-utils.test.ts | 13 + tests/unit/responses-handler.test.ts | 68 +- tests/unit/route-edge-coverage.test.ts | 8 +- tests/unit/runtime-timeouts.test.ts | 1 + tests/unit/security-hashkey.test.ts | 25 + ...settings-schema-routing-strategies.test.ts | 17 + tests/unit/stream-handler.test.ts | 4 +- tests/unit/sync-env.test.ts | 38 +- tests/unit/t20-t22-provider-headers.test.ts | 14 +- .../unit/t23-t24-fallback-resilience.test.ts | 2 + tests/unit/t28-model-catalog-updates.test.ts | 11 +- .../unit/t29-vertex-sa-json-executor.test.ts | 2 +- tests/unit/tool-limit-detector.test.ts | 61 + .../unit/translator-openai-to-gemini.test.ts | 99 +- tests/unit/translator-openai-to-kiro.test.ts | 67 +- tests/unit/usage-analytics-route.test.ts | 114 +- tests/unit/usage-analytics.test.ts | 106 +- tests/unit/usage-history-db.test.ts | 28 + tests/unit/usage-service-deepseek.test.ts | 179 ++ tests/unit/usage-service-hardening.test.ts | 108 +- tests/unit/video-generation-handler.test.ts | 56 + 726 files changed, 68517 insertions(+), 10865 deletions(-) create mode 100644 .issues/feat-batch-delete-provider-accounts.md create mode 100644 .playwright-mcp/console-2026-05-08T21-45-11-820Z.log create mode 100644 .playwright-mcp/console-2026-05-08T21-48-04-319Z.log create mode 100644 .playwright-mcp/console-2026-05-08T21-48-18-603Z.log create mode 100644 .playwright-mcp/console-2026-05-08T21-48-23-115Z.log create mode 100644 .playwright-mcp/console-2026-05-08T21-50-33-480Z.log create mode 100644 .playwright-mcp/console-2026-05-08T21-50-50-409Z.log create mode 100644 .playwright-mcp/console-2026-05-08T21-50-54-130Z.log create mode 100644 .playwright-mcp/page-2026-05-08T21-45-12-712Z.yml create mode 100644 .playwright-mcp/page-2026-05-08T21-48-04-721Z.yml create mode 100644 .playwright-mcp/page-2026-05-08T21-48-12-156Z.yml create mode 100644 .playwright-mcp/page-2026-05-08T21-48-18-924Z.yml create mode 100644 .playwright-mcp/page-2026-05-08T21-48-23-425Z.yml create mode 100644 .playwright-mcp/page-2026-05-08T21-50-33-675Z.yml create mode 100644 .playwright-mcp/page-2026-05-08T21-50-44-525Z.yml create mode 100644 .playwright-mcp/page-2026-05-08T21-50-50-813Z.yml create mode 100644 .playwright-mcp/page-2026-05-08T21-50-54-493Z.yml create mode 100644 Tuto_Qdrant.MD create mode 100644 bin/cli/args.mjs create mode 100644 bin/cli/commands/doctor.mjs create mode 100644 bin/cli/commands/providers.mjs create mode 100644 bin/cli/commands/setup.mjs create mode 100644 bin/cli/data-dir.mjs create mode 100644 bin/cli/encryption.mjs create mode 100644 bin/cli/index.mjs create mode 100644 bin/cli/io.mjs create mode 100644 bin/cli/provider-catalog.mjs create mode 100644 bin/cli/provider-store.mjs create mode 100644 bin/cli/provider-test.mjs create mode 100644 bin/cli/settings-store.mjs create mode 100644 bin/cli/sqlite.mjs create mode 100644 docs/i18n/bn/llm.txt create mode 100644 docs/i18n/fa/llm.txt create mode 100644 docs/i18n/gu/llm.txt create mode 100644 docs/i18n/mr/llm.txt create mode 100644 docs/i18n/sw/llm.txt create mode 100644 docs/i18n/ta/llm.txt create mode 100644 docs/i18n/te/llm.txt create mode 100644 docs/i18n/ur/llm.txt create mode 100644 open-sse/executors/claudeIdentity.ts create mode 100644 open-sse/executors/glm.ts create mode 100644 open-sse/executors/kie.ts create mode 100644 open-sse/services/__tests__/chatgptTlsClient.test.ts create mode 100644 open-sse/services/__tests__/manifestAdapter.test.ts create mode 100644 open-sse/services/__tests__/specificityDetector.test.ts create mode 100644 open-sse/services/__tests__/tierResolver.test.ts create mode 100644 open-sse/services/antigravityIdentity.ts create mode 100644 open-sse/services/comboManifestMetrics.ts create mode 100644 open-sse/services/compression/bodyAdapter.ts create mode 100644 open-sse/services/compression/rules/es/dedup.json create mode 100644 open-sse/services/compression/rules/es/ultra.json create mode 100644 open-sse/services/cursorSessionManager.ts create mode 100644 open-sse/services/deepseekQuotaFetcher.ts create mode 100644 open-sse/services/manifestAdapter.ts create mode 100644 open-sse/services/providerCostData.ts create mode 100644 open-sse/services/specificityDetector.ts create mode 100644 open-sse/services/specificityRules.ts create mode 100644 open-sse/services/specificityTypes.ts create mode 100644 open-sse/services/tierConfig.ts create mode 100644 open-sse/services/tierDefaults.json create mode 100644 open-sse/services/tierResolver.ts create mode 100644 open-sse/services/tierTypes.ts create mode 100644 open-sse/services/toolLimitDetector.ts create mode 100644 open-sse/utils/cursorAgentProtobuf.ts delete mode 100644 open-sse/utils/cursorProtobuf.ts create mode 100644 open-sse/utils/kieTask.ts create mode 100644 open-sse/utils/sleep.ts create mode 100644 package/package.json create mode 100644 public/providers/agentrouter.png delete mode 100644 public/providers/alibaba.png delete mode 100644 public/providers/alicode-intl.png delete mode 100644 public/providers/alicode.png delete mode 100644 public/providers/anthropic.png delete mode 100644 public/providers/antigravity.png delete mode 100644 public/providers/assemblyai.svg delete mode 100644 public/providers/aws-polly.png delete mode 100644 public/providers/bailian-coding-plan.png delete mode 100644 public/providers/brave-search.png create mode 100644 public/providers/brave-search.svg delete mode 100644 public/providers/brave.png delete mode 100644 public/providers/cerebras.png create mode 100644 public/providers/clarifai.svg delete mode 100644 public/providers/claude.png create mode 100644 public/providers/claude.svg delete mode 100644 public/providers/cline.png delete mode 100644 public/providers/cloudflare-ai.svg delete mode 100644 public/providers/codex.png create mode 100644 public/providers/codex.svg delete mode 100644 public/providers/cohere.png delete mode 100644 public/providers/comfyui.svg delete mode 100644 public/providers/databricks.png delete mode 100644 public/providers/deepseek.png create mode 100644 public/providers/docker-model-runner.svg delete mode 100644 public/providers/droid.png create mode 100644 public/providers/droid.svg delete mode 100644 public/providers/elevenlabs.svg delete mode 100644 public/providers/exa-search.png delete mode 100644 public/providers/exa-search.svg delete mode 100644 public/providers/exa.svg delete mode 100644 public/providers/fireworks.png delete mode 100644 public/providers/gemini-cli.png create mode 100644 public/providers/gemini-cli.svg delete mode 100644 public/providers/gemini.png delete mode 100644 public/providers/github.png delete mode 100644 public/providers/gitlab-duo.png create mode 100644 public/providers/gitlab-duo.svg delete mode 100644 public/providers/gitlab.png create mode 100644 public/providers/gitlab.svg delete mode 100644 public/providers/glm.png delete mode 100644 public/providers/groq.png delete mode 100644 public/providers/huggingface.svg delete mode 100644 public/providers/hyperbolic.svg create mode 100644 public/providers/kie.png delete mode 100644 public/providers/kilo-gateway.png create mode 100644 public/providers/kilo-gateway.svg delete mode 100644 public/providers/kilocode.png create mode 100644 public/providers/kilocode.svg delete mode 100644 public/providers/kimi-coding-apikey.png delete mode 100644 public/providers/kimi-coding.png delete mode 100644 public/providers/kimi.png delete mode 100644 public/providers/kiro.png create mode 100644 public/providers/kiro.svg create mode 100644 public/providers/lemonade.png create mode 100644 public/providers/llamafile.png delete mode 100644 public/providers/longcat.png delete mode 100644 public/providers/minimax-cn.png delete mode 100644 public/providers/minimax.png delete mode 100644 public/providers/mistral.png delete mode 100644 public/providers/modal.png create mode 100644 public/providers/modal.svg delete mode 100644 public/providers/nanobanana.svg delete mode 100644 public/providers/nebius.png create mode 100644 public/providers/nlpcloud.svg delete mode 100644 public/providers/nvidia.png delete mode 100644 public/providers/oci.png create mode 100644 public/providers/oci.svg delete mode 100644 public/providers/ollama-cloud.png delete mode 100644 public/providers/openai.png delete mode 100644 public/providers/opencode-go.svg delete mode 100644 public/providers/opencode-zen.svg delete mode 100644 public/providers/openrouter.png delete mode 100644 public/providers/perplexity-search.png delete mode 100644 public/providers/perplexity.png delete mode 100644 public/providers/poe.png delete mode 100644 public/providers/pollinations.png delete mode 100644 public/providers/qoder.png delete mode 100644 public/providers/qwen.png delete mode 100644 public/providers/recraft.png delete mode 100644 public/providers/roo.png delete mode 100644 public/providers/runwayml.png create mode 100644 public/providers/sap.svg delete mode 100644 public/providers/sdwebui.svg create mode 100644 public/providers/searxng-search.svg delete mode 100644 public/providers/serper-search.png create mode 100644 public/providers/serper-search.svg delete mode 100644 public/providers/serper.png delete mode 100644 public/providers/siliconflow.png delete mode 100644 public/providers/tavily-search.png delete mode 100644 public/providers/tavily.png delete mode 100644 public/providers/together.png delete mode 100644 public/providers/triton.png delete mode 100644 public/providers/venice.png delete mode 100644 public/providers/vertex.svg delete mode 100644 public/providers/voyage-ai.png delete mode 100644 public/providers/wandb.png create mode 100644 public/providers/wandb.svg delete mode 100644 public/providers/windsurf.svg delete mode 100644 public/providers/xai.png delete mode 100644 public/providers/youcom-search.png create mode 100644 public/providers/youcom-search.svg delete mode 100644 public/providers/zai.svg create mode 100644 scripts/cursor-tap.cjs create mode 100644 scripts/scratch/check_usage.js create mode 100644 scripts/sync-cursor-models.mjs create mode 100644 src/app/(dashboard)/dashboard/batch/FileDetailModal.tsx create mode 100644 src/app/(dashboard)/dashboard/batch/batch-utils.ts create mode 100644 src/app/api/batches/[id]/route.ts create mode 100644 src/app/api/keys/[id]/regenerate/route.ts create mode 100644 src/app/api/settings/qdrant/embedding-models/route.ts create mode 100644 src/lib/db/migrations/051_hot_path_db_indexes.sql create mode 100644 src/lib/db/migrations/052_manifest_routing.sql create mode 100644 src/lib/db/migrations/053_remove_status_from_files.sql create mode 100644 src/lib/db/migrations/054_usage_history_service_tier.sql create mode 100644 src/lib/db/tierConfig.ts create mode 100644 src/lib/embeddings/service.ts create mode 100644 src/lib/memory/qdrant.ts create mode 100644 src/lib/providerModels/cursorAgent.ts create mode 100644 src/lib/providers/codexFastTier.ts create mode 100644 src/mitm/manager.runtime.ts create mode 100644 src/shared/constants/batch.ts create mode 100644 src/shared/utils/rateLimiter.ts create mode 100644 tests/fixtures/cursor/.gitignore create mode 100644 tests/integration/batch-e2e-rate-limit.test.ts create mode 100644 tests/integration/batch-processor-escaping.test.ts create mode 100644 tests/integration/cursor-e2e.test.ts create mode 100644 tests/integration/files-api.test.ts create mode 100644 tests/integration/manifest-routing.test.ts create mode 100644 tests/unit/api-key-regeneration.test.ts create mode 100644 tests/unit/batch-maybe-throttle.test.ts create mode 100644 tests/unit/batch-processor-expiration.test.ts create mode 100644 tests/unit/batch-processor.test.ts create mode 100644 tests/unit/batch_results.test.ts create mode 100644 tests/unit/cli-args.test.ts create mode 100644 tests/unit/cli-doctor-command.test.ts create mode 100644 tests/unit/cli-providers-command.test.ts create mode 100644 tests/unit/cli-setup-command.test.ts create mode 100644 tests/unit/codex-fast-tier.test.ts create mode 100644 tests/unit/combo-context-length.test.ts create mode 100644 tests/unit/compression/body-adapter.test.ts create mode 100644 tests/unit/cursor-agent-exec-router.test.ts create mode 100644 tests/unit/cursor-agent-models.test.ts create mode 100644 tests/unit/cursor-agent-protobuf.test.ts create mode 100644 tests/unit/cursor-agent-session.test.ts create mode 100644 tests/unit/cursor-agent-system-prompt.test.ts create mode 100644 tests/unit/cursor-agent-tool-calls.test.ts delete mode 100644 tests/unit/cursor-protobuf.test.ts create mode 100644 tests/unit/cursor-streaming.test.ts create mode 100644 tests/unit/deepseek-quota-fetcher.test.ts create mode 100644 tests/unit/embeddings-auth.test.ts delete mode 100644 tests/unit/executor-cursor-extended.test.ts create mode 100644 tests/unit/file-deletion.test.ts create mode 100644 tests/unit/file-expiration-policy.test.ts create mode 100644 tests/unit/glm-executor.test.ts create mode 100644 tests/unit/kie-executor-routing.test.ts create mode 100644 tests/unit/security-hashkey.test.ts create mode 100644 tests/unit/tool-limit-detector.test.ts create mode 100644 tests/unit/usage-service-deepseek.test.ts diff --git a/.env.example b/.env.example index 089b87379c..0bd7ebd43e 100644 --- a/.env.example +++ b/.env.example @@ -54,6 +54,12 @@ STORAGE_ENCRYPTION_KEY_VERSION=v1 # Default: false (backups enabled) | Set true to skip backup on every restart. DISABLE_SQLITE_AUTO_BACKUP=false +# ── Redis (Rate Limiting) ── +# Redis connection URL for the rate limiter backend. +# Used by: src/shared/utils/rateLimiter.ts +# Default: redis://localhost:6379 (or redis://redis:6379 in Docker) +REDIS_URL=redis://localhost:6379 + # ═══════════════════════════════════════════════════════════════════════════════ # 3. NETWORK & PORTS @@ -387,6 +393,13 @@ ANTIGRAVITY_OAUTH_CLIENT_SECRET=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 # ── GitHub Copilot ── GITHUB_OAUTH_CLIENT_ID=Iv1.b507a08c87ecfe98 +# ── GitLab Duo ── +# Register an OAuth app at: https://gitlab.com/-/profile/applications +# Set redirect URI to: http://localhost:20128/callback (or your NEXT_PUBLIC_BASE_URL + /callback) +# Required scopes: api, read_user, openid, profile, email +# GITLAB_DUO_OAUTH_CLIENT_ID=*** +# GITLAB_DUO_OAUTH_CLIENT_SECRET=*** # optional — PKCE flow does not require a secret + # ── Qoder ── QODER_OAUTH_CLIENT_SECRET=4Z3YjXycVsQvyGF1etiNlIBB4RsqSDtW @@ -447,15 +460,15 @@ QODER_OAUTH_CLIENT_SECRET=4Z3YjXycVsQvyGF1etiNlIBB4RsqSDtW # Used by: open-sse/executors/base.ts — buildHeaders() dynamic lookup. # Update these when providers release new CLI versions to avoid blocks. -CLAUDE_USER_AGENT=claude-cli/2.1.121 (external, cli) -CODEX_USER_AGENT=codex-cli/0.125.0 (Windows 10.0.26100; x64) -GITHUB_USER_AGENT=GitHubCopilotChat/0.45.1 -ANTIGRAVITY_USER_AGENT=antigravity/1.107.0 darwin/arm64 -KIRO_USER_AGENT=AWS-SDK-JS/3.0.0 kiro-ide/1.0.0 -QODER_USER_AGENT=Qoder-Cli -QWEN_USER_AGENT=QwenCode/0.15.3 (linux; x64) -CURSOR_USER_AGENT=connect-es/1.6.1 -GEMINI_CLI_USER_AGENT=google-api-nodejs-client/10.3.0 +CLAUDE_USER_AGENT="claude-cli/2.1.137 (external, cli)" +CODEX_USER_AGENT="codex-cli/0.130.0 (Windows 10.0.26200; x64)" +GITHUB_USER_AGENT="GitHubCopilotChat/0.45.1" +ANTIGRAVITY_USER_AGENT="antigravity/1.23.2 darwin/arm64" +KIRO_USER_AGENT="AWS-SDK-JS/3.0.0 kiro-ide/1.0.0" +QODER_USER_AGENT="Qoder-Cli" +QWEN_USER_AGENT="QwenCode/0.15.9 (linux; x64)" +CURSOR_USER_AGENT="Cursor/3.3" +GEMINI_CLI_USER_AGENT="google-api-nodejs-client/10.3.0" # ═══════════════════════════════════════════════════════════════════════════════ diff --git a/.github/workflows/build-fork.yml b/.github/workflows/build-fork.yml index 3071abdf0f..46dc5833d6 100644 --- a/.github/workflows/build-fork.yml +++ b/.github/workflows/build-fork.yml @@ -1,6 +1,8 @@ name: Build Fork Image (ghcr.io) on: + push: + branches: [main] workflow_dispatch: permissions: @@ -15,7 +17,7 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - ref: fix/xiaomi-mimo-provider + ref: main - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 @@ -35,7 +37,6 @@ jobs: platforms: linux/amd64 push: true tags: | - ghcr.io/gi99lin/omniroute:fix-xiaomi-mimo-provider ghcr.io/gi99lin/omniroute:latest cache-from: type=gha cache-to: type=gha,mode=max diff --git a/.gitignore b/.gitignore index a768864d54..d02375f660 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,7 @@ next-env.d.ts data/ .data/ logs/* +test_output.log # analysis directories (generated, not tracked) .analysis/ diff --git a/.issues/feat-batch-delete-provider-accounts.md b/.issues/feat-batch-delete-provider-accounts.md new file mode 100644 index 0000000000..fe84a123c8 --- /dev/null +++ b/.issues/feat-batch-delete-provider-accounts.md @@ -0,0 +1,328 @@ +# Feature Proposal: Batch Delete Provider Accounts + +## Summary + +Add **batch delete** functionality for provider accounts (connections) in the provider detail page (`/dashboard/providers/[id]`). Users select multiple accounts via checkboxes and delete them in a single action, replacing the current one-by-one delete workflow. + +## Problem Statement + +Users managing multiple provider accounts (e.g., 20+ API keys or OAuth connections) have to delete accounts individually. Each deletion requires: + +1. Finding the account +2. Clicking the delete button +3. Confirming via browser `confirm()` dialog +4. Waiting for the API call +5. Repeating for every account + +This is: +- **Time-consuming**: O(n) confirm dialogs and API calls for n accounts +- **Error-prone**: Easy to accidentally click the wrong account +- **Tedious**: No way to quickly clean up stale or duplicate accounts + +## Solution + +Add a checkbox-based selection UI to the provider connections list: + +``` +┌────────────────────────────────────────────────────────────────┐ +│ [x] Account #1 (kiro-prod) [Delete Selected (3)] │ +│ [x] Account #2 (kiro-staging) │ +│ [ ] Account #3 (kiro-backup) │ +└────────────────────────────────────────────────────────────────┘ +``` + +## Detailed PR Specification + +### Files to Modify + +| File | Change | +|------|--------| +| `src/app/(dashboard)/dashboard/providers/[id]/page.tsx` | Add batch delete state, select-all + per-row checkboxes, batch delete handler | +| `src/app/api/providers/route.ts` | Add `DELETE /api/providers` with `POST` body `ids: string[]` for batch delete | +| `src/lib/db/providers.ts` | Add `deleteProviderConnections(ids: string[])` batch DB function | +| `src/i18n/messages/en.json` | Add i18n keys: `batchDeleteSelected`, `batchDeleteConfirm`, `batchDeleteSuccess` | +| `src/i18n/messages/*.json` | Add i18n keys to all locale files | +| `tests/unit/db-providers-crud.test.ts` | Add unit tests for batch delete DB function | +| `tests/integration/api-routes-critical.test.ts` | Add integration test for batch delete API endpoint | + +### 1. DB Layer (`src/lib/db/providers.ts`) + +```typescript +export async function deleteProviderConnections(ids: string[]): Promise { + const db = getDbInstance() as unknown as DbLike; + if (ids.length === 0) return 0; + + // Delete quota snapshots for each connection first + const deleteSnapshots = db.prepare("DELETE FROM quota_snapshots WHERE connection_id = ?"); + for (const id of ids) { + deleteSnapshots.run(id); + } + + // Batch delete connections + const placeholders = ids.map(() => "?").join(","); + const result = db.prepare( + `DELETE FROM provider_connections WHERE id IN (${placeholders})` + ).run(...ids); + + backupDbFile("pre-write"); + invalidateDbCache("connections"); + return result.changes ?? 0; +} +``` + +### 2. API Route (`src/app/api/providers/route.ts`) + +Add a new route handler for batch delete. The existing `/api/providers/[id]` only handles single-id operations. The main providers route file (`/api/providers/route.ts`) should be extended: + +```typescript +// DELETE /api/providers — Batch delete connections +// Body: { ids: string[] } +export async function DELETE(request: Request) { + const authError = await requireManagementAuth(request); + if (authError) return authError; + + let body: { ids?: string[] }; + try { + body = await request.json(); + } catch { + return NextResponse.json({ error: "Invalid JSON body" }, { status: 400 }); + } + + if (!Array.isArray(body.ids) || body.ids.length === 0) { + return NextResponse.json( + { error: "ids must be a non-empty array of connection IDs" }, + { status: 400 } + ); + } + + if (body.ids.length > 100) { + return NextResponse.json( + { error: "Cannot delete more than 100 connections at once" }, + { status: 400 } + ); + } + + try { + const deleted = await deleteProviderConnections(body.ids); + await syncToCloudIfEnabled(); + + logAuditEvent({ + action: "provider.credentials.batch_revoked", + actor: "admin", + resourceType: "provider_credentials", + status: "success", + metadata: { count: deleted, ids: body.ids }, + }); + + return NextResponse.json({ message: `Deleted ${deleted} connection(s)`, deleted }); + } catch (error) { + console.log("Error batch deleting connections:", error); + return NextResponse.json({ error: "Failed to batch delete connections" }, { status: 500 }); + } +} +``` + +### 3. UI Layer (`src/app/(dashboard)/dashboard/providers/[id]/page.tsx`) + +#### New State Variables + +```typescript +// Batch selection state +const [selectedIds, setSelectedIds] = useState>(new Set()); +const [batchDeleting, setBatchDeleting] = useState(false); +``` + +#### New Functions + +```typescript +const handleToggleSelectAll = useCallback(() => { + setSelectedIds((prev) => + prev.size === connections.length ? new Set() : new Set(connections.map((c) => c.id)) + ); +}, [connections]); + +const handleToggleSelectOne = useCallback((id: string) => { + setSelectedIds((prev) => { + const next = new Set(prev); + if (next.has(id)) next.delete(id); + else next.add(id); + return next; + }); +}, []); + +const handleBatchDelete = async () => { + if (selectedIds.size === 0) return; + if (!confirm(t("batchDeleteConfirm", { count: selectedIds.size }))) return; + + setBatchDeleting(true); + try { + const res = await fetch("/api/providers", { + method: "DELETE", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ ids: Array.from(selectedIds) }), + }); + + if (res.ok) { + setSelectedIds(new Set()); + await fetchConnections(); + notify.success(t("batchDeleteSuccess", { count: selectedIds.size })); + } else { + const data = await res.json(); + notify.error(data.error || "Batch delete failed"); + } + } catch (error) { + notify.error("Network error during batch delete"); + } finally { + setBatchDeleting(false); + } +}; +``` + +#### Per-Row Checkbox (inside `ConnectionRow`) + +Add a checkbox as the first element of each row: + +```tsx +// In ConnectionRow interface, add: +interface ConnectionRowProps { + isSelected?: boolean; + onToggleSelect?: () => void; + // ... existing props +} + +// In ConnectionRow render, before priority arrows: +
+ + {/* Priority arrows */} + ... +``` + +#### Header Row (above connections list) + +```tsx +
+ + + {selectedIds.size > 0 && ( + + )} +
+``` + +### 4. i18n Keys (to add to all locale files) + +```json +{ + "batchDeleteSelected": "Delete Selected ({count})", + "batchDeleteConfirm": "Delete {count} connection(s)? This action cannot be undone.", + "batchDeleteSuccess": "Deleted {count} connection(s)" +} +``` + +### 5. Testing + +#### Unit Test (`tests/unit/db-providers-crud.test.ts`) + +```typescript +test("deleteProviderConnections deletes multiple connections", async () => { + const ids = [ + (await createProviderConnection({ provider: "openai", name: "test-1", authType: "apikey" })).id!, + (await createProviderConnection({ provider: "openai", name: "test-2", authType: "apikey" })).id!, + ]; + + const deleted = await deleteProviderConnections(ids); + expect(deleted).toBe(2); + + for (const id of ids) { + const conn = await getProviderConnectionById(id); + expect(conn).toBeNull(); + } +}); + +test("deleteProviderConnections with empty array returns 0", async () => { + const deleted = await deleteProviderConnections([]); + expect(deleted).toBe(0); +}); +``` + +#### Integration Test (`tests/integration/api-routes-critical.test.ts`) + +```typescript +test("DELETE /api/providers — batch delete", async () => { + const ids = [conn1.id, conn2.id]; + const res = await fetch("http://localhost:20128/api/providers", { + method: "DELETE", + headers: { "Content-Type": "application/json", "Authorization": `Bearer ${apiKey}` }, + body: JSON.stringify({ ids }), + }); + + expect(res.status).toBe(200); + const data = await res.json(); + expect(data.deleted).toBe(2); +}); +``` + +### UX Details + +1. **Indeterminate select-all**: When some (but not all) rows are selected, the select-all checkbox shows as indeterminate (dash) +2. **Confirmation**: Shows `confirm()` with count ("Delete 3 connections?") +3. **Optimistic update**: Immediately clears selected IDs and removes deleted connections from list on success +4. **Error handling**: Shows error notification; connections remain in list if delete fails +5. **Loading state**: Button shows spinner during delete; row checkboxes disabled +6. **Empty state**: No "Delete Selected" button when nothing selected +7. **Audit logging**: Each batch delete logged as `provider.credentials.batch_revoked` + +### Non-Goals + +- Bulk enable/disable (separate feature) +- Moving selected accounts (separate feature) +- Batch rename/edit (separate feature) +- Deleting across different providers (each provider page operates independently) + +### Risks & Mitigations + +| Risk | Mitigation | +|------|------------| +| User accidentally deletes wrong accounts | Require confirmation dialog with count | +| Too many connections selected | Cap at 100 per batch; show error if exceeded | +| Partial failure on batch delete | DB runs in transaction; all-or-nothing semantics | +| Performance with large selections | Batch SQL with `IN (...)` clause is efficient up to 100 | + +### Coverage + +Per repository rules, this change affects production code in `src/` → automated tests required: +- Unit test for `deleteProviderConnections()` in `tests/unit/db-providers-crud.test.ts` +- Integration test for `DELETE /api/providers` batch endpoint in `tests/integration/api-routes-critical.test.ts` +- Run `npm run test:coverage` — all 4 metrics must meet 60% minimum + +--- + +## Related Issues + +- Closes this issue on merge diff --git a/.playwright-mcp/console-2026-05-08T21-45-11-820Z.log b/.playwright-mcp/console-2026-05-08T21-45-11-820Z.log new file mode 100644 index 0000000000..476c52eb95 --- /dev/null +++ b/.playwright-mcp/console-2026-05-08T21-45-11-820Z.log @@ -0,0 +1,2 @@ +[ 556ms] [ERROR] Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. @ https://ai.aitradepulse.com/login:0 +[ 987ms] [VERBOSE] [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o @ https://ai.aitradepulse.com/login:0 diff --git a/.playwright-mcp/console-2026-05-08T21-48-04-319Z.log b/.playwright-mcp/console-2026-05-08T21-48-04-319Z.log new file mode 100644 index 0000000000..d5d370c8e7 --- /dev/null +++ b/.playwright-mcp/console-2026-05-08T21-48-04-319Z.log @@ -0,0 +1,2 @@ +[ 310ms] [ERROR] Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. @ https://ai.aitradepulse.com/login:0 +[ 458ms] [VERBOSE] [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o @ https://ai.aitradepulse.com/login:0 diff --git a/.playwright-mcp/console-2026-05-08T21-48-18-603Z.log b/.playwright-mcp/console-2026-05-08T21-48-18-603Z.log new file mode 100644 index 0000000000..7d73fda53c --- /dev/null +++ b/.playwright-mcp/console-2026-05-08T21-48-18-603Z.log @@ -0,0 +1,2 @@ +[ 300ms] [ERROR] Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. @ https://ai.aitradepulse.com/login:0 +[ 382ms] [VERBOSE] [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o @ https://ai.aitradepulse.com/login:0 diff --git a/.playwright-mcp/console-2026-05-08T21-48-23-115Z.log b/.playwright-mcp/console-2026-05-08T21-48-23-115Z.log new file mode 100644 index 0000000000..785e6554cf --- /dev/null +++ b/.playwright-mcp/console-2026-05-08T21-48-23-115Z.log @@ -0,0 +1,2 @@ +[ 283ms] [ERROR] Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. @ https://ai.aitradepulse.com/login:0 +[ 373ms] [VERBOSE] [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o @ https://ai.aitradepulse.com/login:0 diff --git a/.playwright-mcp/console-2026-05-08T21-50-33-480Z.log b/.playwright-mcp/console-2026-05-08T21-50-33-480Z.log new file mode 100644 index 0000000000..ddf67efde8 --- /dev/null +++ b/.playwright-mcp/console-2026-05-08T21-50-33-480Z.log @@ -0,0 +1,2 @@ +[ 160ms] [ERROR] Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. @ https://ai.aitradepulse.com/login:0 +[ 268ms] [VERBOSE] [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o @ https://ai.aitradepulse.com/login:0 diff --git a/.playwright-mcp/console-2026-05-08T21-50-50-409Z.log b/.playwright-mcp/console-2026-05-08T21-50-50-409Z.log new file mode 100644 index 0000000000..56d79af50c --- /dev/null +++ b/.playwright-mcp/console-2026-05-08T21-50-50-409Z.log @@ -0,0 +1 @@ +[ 282ms] [ERROR] Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. @ https://ai.aitradepulse.com/dashboard/providers:0 diff --git a/.playwright-mcp/console-2026-05-08T21-50-54-130Z.log b/.playwright-mcp/console-2026-05-08T21-50-54-130Z.log new file mode 100644 index 0000000000..c31d26911c --- /dev/null +++ b/.playwright-mcp/console-2026-05-08T21-50-54-130Z.log @@ -0,0 +1 @@ +[ 155ms] [ERROR] Loading the script 'https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked. @ https://ai.aitradepulse.com/dashboard/combos:0 diff --git a/.playwright-mcp/page-2026-05-08T21-45-12-712Z.yml b/.playwright-mcp/page-2026-05-08T21-45-12-712Z.yml new file mode 100644 index 0000000000..b1ab3d5d77 --- /dev/null +++ b/.playwright-mcp/page-2026-05-08T21-45-12-712Z.yml @@ -0,0 +1,5 @@ +- generic [active] [ref=e1]: + - link "Skip to content" [ref=e2] [cursor=pointer]: + - /url: "#main-content" + - generic [ref=e8]: Loading... + - alert [ref=e9] diff --git a/.playwright-mcp/page-2026-05-08T21-48-04-721Z.yml b/.playwright-mcp/page-2026-05-08T21-48-04-721Z.yml new file mode 100644 index 0000000000..b1ab3d5d77 --- /dev/null +++ b/.playwright-mcp/page-2026-05-08T21-48-04-721Z.yml @@ -0,0 +1,5 @@ +- generic [active] [ref=e1]: + - link "Skip to content" [ref=e2] [cursor=pointer]: + - /url: "#main-content" + - generic [ref=e8]: Loading... + - alert [ref=e9] diff --git a/.playwright-mcp/page-2026-05-08T21-48-12-156Z.yml b/.playwright-mcp/page-2026-05-08T21-48-12-156Z.yml new file mode 100644 index 0000000000..235ab4b74d --- /dev/null +++ b/.playwright-mcp/page-2026-05-08T21-48-12-156Z.yml @@ -0,0 +1,19 @@ +- generic [ref=e1]: + - link "Skip to content" [ref=e2] [cursor=pointer]: + - /url: "#main-content" + - generic [ref=e6]: + - generic [ref=e10]: + - generic [ref=e11]: + - generic [ref=e13]: hub + - generic [ref=e14]: OmniRoute + - heading "Sign in" [level=1] [ref=e15] + - paragraph [ref=e16]: Enter your password to continue + - generic [ref=e17]: + - generic [ref=e18]: + - text: Password + - textbox "Enter your password to continue" [active] [ref=e21] + - paragraph [ref=e22]: "Default password: CHANGEME (unless INITIAL_PASSWORD was set)" + - button "Continue" [ref=e23] [cursor=pointer] + - link "Forgot password?" [ref=e25] [cursor=pointer]: + - /url: /forgot-password + - alert [ref=e9] diff --git a/.playwright-mcp/page-2026-05-08T21-48-18-924Z.yml b/.playwright-mcp/page-2026-05-08T21-48-18-924Z.yml new file mode 100644 index 0000000000..b1ab3d5d77 --- /dev/null +++ b/.playwright-mcp/page-2026-05-08T21-48-18-924Z.yml @@ -0,0 +1,5 @@ +- generic [active] [ref=e1]: + - link "Skip to content" [ref=e2] [cursor=pointer]: + - /url: "#main-content" + - generic [ref=e8]: Loading... + - alert [ref=e9] diff --git a/.playwright-mcp/page-2026-05-08T21-48-23-425Z.yml b/.playwright-mcp/page-2026-05-08T21-48-23-425Z.yml new file mode 100644 index 0000000000..b1ab3d5d77 --- /dev/null +++ b/.playwright-mcp/page-2026-05-08T21-48-23-425Z.yml @@ -0,0 +1,5 @@ +- generic [active] [ref=e1]: + - link "Skip to content" [ref=e2] [cursor=pointer]: + - /url: "#main-content" + - generic [ref=e8]: Loading... + - alert [ref=e9] diff --git a/.playwright-mcp/page-2026-05-08T21-50-33-675Z.yml b/.playwright-mcp/page-2026-05-08T21-50-33-675Z.yml new file mode 100644 index 0000000000..b1ab3d5d77 --- /dev/null +++ b/.playwright-mcp/page-2026-05-08T21-50-33-675Z.yml @@ -0,0 +1,5 @@ +- generic [active] [ref=e1]: + - link "Skip to content" [ref=e2] [cursor=pointer]: + - /url: "#main-content" + - generic [ref=e8]: Loading... + - alert [ref=e9] diff --git a/.playwright-mcp/page-2026-05-08T21-50-44-525Z.yml b/.playwright-mcp/page-2026-05-08T21-50-44-525Z.yml new file mode 100644 index 0000000000..0bc32afbf5 --- /dev/null +++ b/.playwright-mcp/page-2026-05-08T21-50-44-525Z.yml @@ -0,0 +1,2095 @@ +- generic [active] [ref=e1]: + - link "Skip to content" [ref=e2] [cursor=pointer]: + - /url: "#main-content" + - alert [ref=e9] + - generic [ref=e26]: + - complementary [ref=e28]: + - link "Skip to content" [ref=e29] [cursor=pointer]: + - /url: "#main-content" + - link "OmniRoute v3.7.9" [ref=e35] [cursor=pointer]: + - /url: /dashboard + - img [ref=e37] + - generic [ref=e49]: + - heading "OmniRoute" [level=1] [ref=e50] + - generic [ref=e51]: v3.7.9 + - navigation "Main navigation" [ref=e52]: + - generic [ref=e53]: + - link "home Home" [ref=e54] [cursor=pointer]: + - /url: /dashboard + - generic [ref=e55]: home + - generic [ref=e56]: Home + - link "api Endpoints" [ref=e57] [cursor=pointer]: + - /url: /dashboard/endpoint + - generic [ref=e58]: api + - generic [ref=e59]: Endpoints + - link "vpn_key API Manager" [ref=e60] [cursor=pointer]: + - /url: /dashboard/api-manager + - generic [ref=e61]: vpn_key + - generic [ref=e62]: API Manager + - link "dns Providers" [ref=e63] [cursor=pointer]: + - /url: /dashboard/providers + - generic [ref=e64]: dns + - generic [ref=e65]: Providers + - link "layers Combos" [ref=e66] [cursor=pointer]: + - /url: /dashboard/combos + - generic [ref=e67]: layers + - generic [ref=e68]: Combos + - link "view_list Batch Testing" [ref=e69] [cursor=pointer]: + - /url: /dashboard/batch + - generic [ref=e70]: view_list + - generic [ref=e71]: Batch Testing + - link "account_balance_wallet Costs" [ref=e72] [cursor=pointer]: + - /url: /dashboard/costs + - generic [ref=e73]: account_balance_wallet + - generic [ref=e74]: Costs + - link "analytics Analytics" [ref=e75] [cursor=pointer]: + - /url: /dashboard/analytics + - generic [ref=e76]: analytics + - generic [ref=e77]: Analytics + - link "cached Cache" [ref=e78] [cursor=pointer]: + - /url: /dashboard/cache + - generic [ref=e79]: cached + - generic [ref=e80]: Cache + - link "tune Limits & Quotas" [ref=e81] [cursor=pointer]: + - /url: /dashboard/limits + - generic [ref=e82]: tune + - generic [ref=e83]: Limits & Quotas + - link "perm_media Media" [ref=e84] [cursor=pointer]: + - /url: /dashboard/cache/media + - generic [ref=e85]: perm_media + - generic [ref=e86]: Media + - generic [ref=e87]: + - paragraph [ref=e88]: Context & Cache + - link "compress Caveman" [ref=e89] [cursor=pointer]: + - /url: /dashboard/context/caveman + - generic [ref=e90]: compress + - generic [ref=e91]: Caveman + - link "filter_alt RTK" [ref=e92] [cursor=pointer]: + - /url: /dashboard/context/rtk + - generic [ref=e93]: filter_alt + - generic [ref=e94]: RTK + - link "hub Compression Combos" [ref=e95] [cursor=pointer]: + - /url: /dashboard/context/combos + - generic [ref=e96]: hub + - generic [ref=e97]: Compression Combos + - generic [ref=e98]: + - paragraph [ref=e99]: CLI + - link "terminal Tools" [ref=e100] [cursor=pointer]: + - /url: /dashboard/cli-tools + - generic [ref=e101]: terminal + - generic [ref=e102]: Tools + - link "smart_toy Agents" [ref=e103] [cursor=pointer]: + - /url: /dashboard/agents + - generic [ref=e104]: smart_toy + - generic [ref=e105]: Agents + - link "psychology Memory" [ref=e106] [cursor=pointer]: + - /url: /dashboard/memory + - generic [ref=e107]: psychology + - generic [ref=e108]: Memory + - link "auto_fix_high Skills" [ref=e109] [cursor=pointer]: + - /url: /dashboard/skills + - generic [ref=e110]: auto_fix_high + - generic [ref=e111]: Skills + - generic [ref=e112]: + - paragraph [ref=e113]: Debug + - link "science Playground" [ref=e114] [cursor=pointer]: + - /url: /dashboard/playground + - generic [ref=e115]: science + - generic [ref=e116]: Playground + - link "manage_search Search Tools" [ref=e117] [cursor=pointer]: + - /url: /dashboard/search-tools + - generic [ref=e118]: manage_search + - generic [ref=e119]: Search Tools + - generic [ref=e120]: + - paragraph [ref=e121]: System + - link "description Logs" [ref=e122] [cursor=pointer]: + - /url: /dashboard/logs + - generic [ref=e123]: description + - generic [ref=e124]: Logs + - link "policy Audit Log" [ref=e125] [cursor=pointer]: + - /url: /dashboard/audit + - generic [ref=e126]: policy + - generic [ref=e127]: Audit Log + - link "webhook Webhooks" [ref=e128] [cursor=pointer]: + - /url: /dashboard/webhooks + - generic [ref=e129]: webhook + - generic [ref=e130]: Webhooks + - link "health_and_safety Health" [ref=e131] [cursor=pointer]: + - /url: /dashboard/health + - generic [ref=e132]: health_and_safety + - generic [ref=e133]: Health + - link "dns Proxy" [ref=e134] [cursor=pointer]: + - /url: /dashboard/system/proxy + - generic [ref=e135]: dns + - generic [ref=e136]: Proxy + - link "settings Settings" [ref=e137] [cursor=pointer]: + - /url: /dashboard/settings + - generic [ref=e138]: settings + - generic [ref=e139]: Settings + - generic [ref=e140]: + - paragraph [ref=e141]: Help + - link "menu_book Docs" [ref=e142] [cursor=pointer]: + - /url: /docs + - generic [ref=e143]: menu_book + - generic [ref=e144]: Docs + - link "bug_report Issues" [ref=e145] [cursor=pointer]: + - /url: https://github.com/diegosouzapw/OmniRoute/issues + - generic [ref=e146]: bug_report + - generic [ref=e147]: Issues + - link "campaign Changelog" [ref=e148] [cursor=pointer]: + - /url: /dashboard/changelog + - generic [ref=e149]: campaign + - generic [ref=e150]: Changelog + - generic [ref=e151]: + - button "restart_alt Restart" [ref=e152]: + - generic: restart_alt + - text: Restart + - button "power_settings_new Shutdown" [ref=e153]: + - generic: power_settings_new + - text: Shutdown + - main [ref=e154]: + - generic [ref=e155]: + - button "menu" [ref=e157]: + - generic: menu + - generic [ref=e158]: + - button "🇺🇸 EN expand_more" [ref=e160]: + - generic [ref=e161]: 🇺🇸 + - generic [ref=e162]: EN + - generic: expand_more + - button "Switch to light mode" [ref=e163]: + - generic: light_mode + - button "error 34" [ref=e165]: + - generic: error + - generic [ref=e166]: "34" + - button "logout" [ref=e167]: + - generic: logout + - generic [ref=e170]: + - generic [ref=e172]: + - generic [ref=e173]: + - generic [ref=e174]: + - heading "Quick Start" [level=2] [ref=e175] + - paragraph [ref=e176]: Get up and running in 4 steps. Connect providers, route models, monitor everything. + - link "menu_book Full Docs" [ref=e177] [cursor=pointer]: + - /url: /docs + - generic [ref=e178]: menu_book + - text: Full Docs + - list [ref=e179]: + - listitem [ref=e180]: + - generic [ref=e182]: key + - generic [ref=e183]: + - text: 1. Create API key + - paragraph [ref=e184]: + - text: Go to + - link "Endpoint" [ref=e185] [cursor=pointer]: + - /url: /dashboard/endpoint + - text: "-> Registered Keys. Generate one key per environment." + - listitem [ref=e186]: + - generic [ref=e188]: dns + - generic [ref=e189]: + - text: 2. Connect providers + - paragraph [ref=e190]: + - text: Add accounts in + - link "Providers" [ref=e191] [cursor=pointer]: + - /url: /dashboard/providers + - text: . Supports OAuth, API Key, and free tiers. + - listitem [ref=e192]: + - generic [ref=e194]: link + - generic [ref=e195]: + - text: 3. Point your client + - paragraph [ref=e196]: Set base URL to https://ai.aitradepulse.com/v1 in your IDE or API client. + - listitem [ref=e197]: + - generic [ref=e199]: analytics + - generic [ref=e200]: + - text: 4. Monitor & optimize + - paragraph [ref=e201]: + - text: Track tokens, cost and errors in + - link "Request Logs" [ref=e202] [cursor=pointer]: + - /url: /dashboard/logs + - text: and + - link "Analytics" [ref=e203] [cursor=pointer]: + - /url: /dashboard/analytics + - text: . + - generic [ref=e204]: + - link "menu_book Documentation" [ref=e205] [cursor=pointer]: + - /url: /docs + - generic [ref=e206]: menu_book + - text: Documentation + - link "dns Providers" [ref=e207] [cursor=pointer]: + - /url: /dashboard/providers + - generic [ref=e208]: dns + - text: Providers + - link "layers Combos" [ref=e209] [cursor=pointer]: + - /url: /dashboard/combos + - generic [ref=e210]: layers + - text: Combos + - link "analytics Analytics" [ref=e211] [cursor=pointer]: + - /url: /dashboard/analytics + - generic [ref=e212]: analytics + - text: Analytics + - link "health_and_safety Health Monitor" [ref=e213] [cursor=pointer]: + - /url: /dashboard/health + - generic [ref=e214]: health_and_safety + - text: Health Monitor + - link "terminal CLI Tools" [ref=e215] [cursor=pointer]: + - /url: /dashboard/cli-tools + - generic [ref=e216]: terminal + - text: CLI Tools + - link "bug_report Report issue" [ref=e217] [cursor=pointer]: + - /url: https://github.com/diegosouzapw/OmniRoute/issues + - generic [ref=e218]: bug_report + - text: Report issue + - generic [ref=e219]: + - generic [ref=e220]: + - generic [ref=e221]: + - heading "Providers Overview" [level=2] [ref=e222] + - paragraph [ref=e223]: 32 configured of 160 available providers + - generic [ref=e224]: + - generic [ref=e225]: + - generic [ref=e226]: Free + - generic [ref=e228]: OAuth + - generic [ref=e230]: API Key + - link "settings Manage" [ref=e232] [cursor=pointer]: + - /url: /dashboard/providers + - generic [ref=e233]: settings + - text: Manage + - generic [ref=e234]: + - button "qoder Qoder AI Free Not configured 0 models" [ref=e235] [cursor=pointer]: + - generic [ref=e236]: + - img "qoder" [ref=e239] + - generic [ref=e242]: + - generic [ref=e243]: + - paragraph [ref=e244]: Qoder AI + - generic "Free" [ref=e245] + - paragraph [ref=e246]: Not configured + - generic [ref=e247]: + - paragraph [ref=e248]: "0" + - paragraph [ref=e249]: models + - button "qwen Qwen Code Free 0 active · 0 error 0/1 reqs 0% ~887ms 0 models" [ref=e250] [cursor=pointer]: + - generic [ref=e251]: + - img "qwen" [ref=e254] + - generic [ref=e256]: + - generic [ref=e257]: + - paragraph [ref=e258]: Qwen Code + - generic "Free" [ref=e259] + - paragraph [ref=e260]: 0 active · 0 error + - generic [ref=e261]: + - generic [ref=e262]: 0/1 reqs + - generic [ref=e263]: 0% + - generic [ref=e264]: ~887ms + - generic [ref=e265]: + - paragraph [ref=e266]: "0" + - paragraph [ref=e267]: models + - button "gemini-cli Gemini CLI Free 5 active · 0 error 4 models" [ref=e268] [cursor=pointer]: + - generic [ref=e269]: + - img "gemini-cli" [ref=e272] + - generic [ref=e275]: + - generic [ref=e276]: + - paragraph [ref=e277]: Gemini CLI + - generic "Free" [ref=e278] + - paragraph [ref=e279]: 5 active · 0 error + - generic [ref=e280]: + - paragraph [ref=e281]: "4" + - paragraph [ref=e282]: models + - button "kiro Kiro AI Free 25 active · 0 error 2684/24570 reqs 11% ~1878ms 5 models" [ref=e283] [cursor=pointer]: + - generic [ref=e284]: + - img "kiro" [ref=e287] + - generic [ref=e288]: + - generic [ref=e289]: + - paragraph [ref=e290]: Kiro AI + - generic "Free" [ref=e291] + - paragraph [ref=e292]: 25 active · 0 error + - generic [ref=e293]: + - generic [ref=e294]: 2684/24570 reqs + - generic [ref=e295]: 11% + - generic [ref=e296]: ~1878ms + - generic [ref=e297]: + - paragraph [ref=e298]: "5" + - paragraph [ref=e299]: models + - button "amazon-q Amazon Q Free Not configured 0 models" [ref=e300] [cursor=pointer]: + - generic [ref=e301]: + - img "amazon-q" [ref=e304] + - generic [ref=e307]: + - generic [ref=e308]: + - paragraph [ref=e309]: Amazon Q + - generic "Free" [ref=e310] + - paragraph [ref=e311]: Not configured + - generic [ref=e312]: + - paragraph [ref=e313]: "0" + - paragraph [ref=e314]: models + - button "claude Claude Code OAuth 0 active · 1 error 0/1 reqs 0% ~3396ms 5 models" [ref=e315] [cursor=pointer]: + - generic [ref=e316]: + - img "claude" [ref=e319] + - generic [ref=e321]: + - generic [ref=e322]: + - paragraph [ref=e323]: Claude Code + - generic "OAuth" [ref=e324] + - paragraph [ref=e325]: 0 active · 1 error + - generic [ref=e326]: + - generic [ref=e327]: 0/1 reqs + - generic [ref=e328]: 0% + - generic [ref=e329]: ~3396ms + - generic [ref=e330]: + - paragraph [ref=e331]: "5" + - paragraph [ref=e332]: models + - button "antigravity Antigravity OAuth 28 active · 0 error 28/5852 reqs 0% ~1508ms 9 models" [ref=e333] [cursor=pointer]: + - generic [ref=e334]: + - img "antigravity" [ref=e337] + - generic [ref=e361]: + - generic [ref=e362]: + - paragraph [ref=e363]: Antigravity + - generic "OAuth" [ref=e364] + - paragraph [ref=e365]: 28 active · 0 error + - generic [ref=e366]: + - generic [ref=e367]: 28/5852 reqs + - generic [ref=e368]: 0% + - generic [ref=e369]: ~1508ms + - generic [ref=e370]: + - paragraph [ref=e371]: "9" + - paragraph [ref=e372]: models + - button "codex OpenAI Codex OAuth 0 active · 0 error 0 models" [ref=e373] [cursor=pointer]: + - generic [ref=e374]: + - img "codex" [ref=e377] + - generic [ref=e380]: + - generic [ref=e381]: + - paragraph [ref=e382]: OpenAI Codex + - generic "OAuth" [ref=e383] + - paragraph [ref=e384]: 0 active · 0 error + - generic [ref=e385]: + - paragraph [ref=e386]: "0" + - paragraph [ref=e387]: models + - button "github GitHub Copilot OAuth 3 active · 0 error 2453/15467 reqs 16% ~4615ms 16 models" [ref=e388] [cursor=pointer]: + - generic [ref=e389]: + - img "github" [ref=e392] + - generic [ref=e394]: + - generic [ref=e395]: + - paragraph [ref=e396]: GitHub Copilot + - generic "OAuth" [ref=e397] + - paragraph [ref=e398]: 3 active · 0 error + - generic [ref=e399]: + - generic [ref=e400]: 2453/15467 reqs + - generic [ref=e401]: 16% + - generic [ref=e402]: ~4615ms + - generic [ref=e403]: + - paragraph [ref=e404]: "16" + - paragraph [ref=e405]: models + - button "gitlab-duo GitLab Duo OAuth Not configured 0 models" [ref=e406] [cursor=pointer]: + - generic [ref=e407]: + - img "gitlab-duo" [ref=e410] + - generic [ref=e411]: + - generic [ref=e412]: + - paragraph [ref=e413]: GitLab Duo + - generic "OAuth" [ref=e414] + - paragraph [ref=e415]: Not configured + - generic [ref=e416]: + - paragraph [ref=e417]: "0" + - paragraph [ref=e418]: models + - button "cursor Cursor IDE OAuth Not configured 0 models" [ref=e419] [cursor=pointer]: + - generic [ref=e420]: + - img "cursor" [ref=e423] + - generic [ref=e425]: + - generic [ref=e426]: + - paragraph [ref=e427]: Cursor IDE + - generic "OAuth" [ref=e428] + - paragraph [ref=e429]: Not configured + - generic [ref=e430]: + - paragraph [ref=e431]: "0" + - paragraph [ref=e432]: models + - button "kimi-coding Kimi Coding OAuth 0 active · 33 error 0/33 reqs 0% ~1298ms 2 models" [ref=e433] [cursor=pointer]: + - generic [ref=e434]: + - img "kimi-coding" [ref=e437] + - generic [ref=e440]: + - generic [ref=e441]: + - paragraph [ref=e442]: Kimi Coding + - generic "OAuth" [ref=e443] + - paragraph [ref=e444]: 0 active · 33 error + - generic [ref=e445]: + - generic [ref=e446]: 0/33 reqs + - generic [ref=e447]: 0% + - generic [ref=e448]: ~1298ms + - generic [ref=e449]: + - paragraph [ref=e450]: "2" + - paragraph [ref=e451]: models + - button "kilocode Kilo Code OAuth 32 active · 0 error 40/40 reqs 100% ~2265ms 15 models" [ref=e452] [cursor=pointer]: + - generic [ref=e453]: + - img "kilocode" [ref=e456] + - generic [ref=e458]: + - generic [ref=e459]: + - paragraph [ref=e460]: Kilo Code + - generic "OAuth" [ref=e461] + - paragraph [ref=e462]: 32 active · 0 error + - generic [ref=e463]: + - generic [ref=e464]: 40/40 reqs + - generic [ref=e465]: 100% + - generic [ref=e466]: ~2265ms + - generic [ref=e467]: + - paragraph [ref=e468]: "15" + - paragraph [ref=e469]: models + - button "cline Cline OAuth 0 active · 0 error 0 models" [ref=e470] [cursor=pointer]: + - generic [ref=e471]: + - img "cline" [ref=e474] + - generic [ref=e477]: + - generic [ref=e478]: + - paragraph [ref=e479]: Cline + - generic "OAuth" [ref=e480] + - paragraph [ref=e481]: 0 active · 0 error + - generic [ref=e482]: + - paragraph [ref=e483]: "0" + - paragraph [ref=e484]: models + - button "AgentRouter API Key 0 active · 0 error 8 models" [ref=e485] [cursor=pointer]: + - generic [ref=e486]: + - img [ref=e489] + - generic [ref=e492]: + - generic [ref=e493]: + - paragraph [ref=e494]: AgentRouter + - generic "API Key" [ref=e495] + - paragraph [ref=e496]: 0 active · 0 error + - generic [ref=e497]: + - paragraph [ref=e498]: "8" + - paragraph [ref=e499]: models + - button "openrouter OpenRouter API Key 0 active · 0 error 0/2 reqs 0% ~928ms 1 models" [ref=e500] [cursor=pointer]: + - generic [ref=e501]: + - img "openrouter" [ref=e504] + - generic [ref=e506]: + - generic [ref=e507]: + - paragraph [ref=e508]: OpenRouter + - generic "API Key" [ref=e509] + - paragraph [ref=e510]: 0 active · 0 error + - generic [ref=e511]: + - generic [ref=e512]: 0/2 reqs + - generic [ref=e513]: 0% + - generic [ref=e514]: ~928ms + - generic [ref=e515]: + - paragraph [ref=e516]: "1" + - paragraph [ref=e517]: models + - button "qianfan Baidu Qianfan API Key Not configured 0 models" [ref=e518] [cursor=pointer]: + - generic [ref=e519]: + - img "qianfan" [ref=e522] + - generic [ref=e523]: + - generic [ref=e524]: + - paragraph [ref=e525]: Baidu Qianfan + - generic "API Key" [ref=e526] + - paragraph [ref=e527]: Not configured + - generic [ref=e528]: + - paragraph [ref=e529]: "0" + - paragraph [ref=e530]: models + - button "glm GLM Coding API Key 0 active · 0 error 10 models" [ref=e531] [cursor=pointer]: + - generic [ref=e532]: + - img "glm" [ref=e535] + - generic [ref=e537]: + - generic [ref=e538]: + - paragraph [ref=e539]: GLM Coding + - generic "API Key" [ref=e540] + - paragraph [ref=e541]: 0 active · 0 error + - generic [ref=e542]: + - paragraph [ref=e543]: "10" + - paragraph [ref=e544]: models + - button "glm-cn GLM Coding (China) API Key Not configured 0 models" [ref=e545] [cursor=pointer]: + - generic [ref=e546]: + - img "glm-cn" [ref=e549] + - generic [ref=e551]: + - generic [ref=e552]: + - paragraph [ref=e553]: GLM Coding (China) + - generic "API Key" [ref=e554] + - paragraph [ref=e555]: Not configured + - generic [ref=e556]: + - paragraph [ref=e557]: "0" + - paragraph [ref=e558]: models + - button "glmt GLM Thinking API Key Not configured 0 models" [ref=e559] [cursor=pointer]: + - generic [ref=e560]: + - img "glmt" [ref=e563] + - generic [ref=e565]: + - generic [ref=e566]: + - paragraph [ref=e567]: GLM Thinking + - generic "API Key" [ref=e568] + - paragraph [ref=e569]: Not configured + - generic [ref=e570]: + - paragraph [ref=e571]: "0" + - paragraph [ref=e572]: models + - button "bailian-coding-plan Alibaba Coding Plan API Key Not configured 0 models" [ref=e573] [cursor=pointer]: + - generic [ref=e574]: + - img "bailian-coding-plan" [ref=e577] + - generic [ref=e585]: + - generic [ref=e586]: + - paragraph [ref=e587]: Alibaba Coding Plan + - generic "API Key" [ref=e588] + - paragraph [ref=e589]: Not configured + - generic [ref=e590]: + - paragraph [ref=e591]: "0" + - paragraph [ref=e592]: models + - button "kimi Kimi API Key Not configured 0 models" [ref=e593] [cursor=pointer]: + - generic [ref=e594]: + - img "kimi" [ref=e597] + - generic [ref=e600]: + - generic [ref=e601]: + - paragraph [ref=e602]: Kimi + - generic "API Key" [ref=e603] + - paragraph [ref=e604]: Not configured + - generic [ref=e605]: + - paragraph [ref=e606]: "0" + - paragraph [ref=e607]: models + - button "kimi-coding-apikey Kimi Coding (API Key) API Key Not configured 0 models" [ref=e608] [cursor=pointer]: + - generic [ref=e609]: + - img "kimi-coding-apikey" [ref=e612] + - generic [ref=e615]: + - generic [ref=e616]: + - paragraph [ref=e617]: Kimi Coding (API Key) + - generic "API Key" [ref=e618] + - paragraph [ref=e619]: Not configured + - generic [ref=e620]: + - paragraph [ref=e621]: "0" + - paragraph [ref=e622]: models + - button "minimax Minimax Coding API Key Not configured 0 models" [ref=e623] [cursor=pointer]: + - generic [ref=e624]: + - img "minimax" [ref=e627] + - generic [ref=e629]: + - generic [ref=e630]: + - paragraph [ref=e631]: Minimax Coding + - generic "API Key" [ref=e632] + - paragraph [ref=e633]: Not configured + - generic [ref=e634]: + - paragraph [ref=e635]: "0" + - paragraph [ref=e636]: models + - button "minimax-cn Minimax (China) API Key Not configured 0 models" [ref=e637] [cursor=pointer]: + - generic [ref=e638]: + - img "minimax-cn" [ref=e641] + - generic [ref=e643]: + - generic [ref=e644]: + - paragraph [ref=e645]: Minimax (China) + - generic "API Key" [ref=e646] + - paragraph [ref=e647]: Not configured + - generic [ref=e648]: + - paragraph [ref=e649]: "0" + - paragraph [ref=e650]: models + - button "CrofAI API Key Not configured 0 models" [ref=e651] [cursor=pointer]: + - generic [ref=e652]: + - img [ref=e655] + - generic [ref=e658]: + - generic [ref=e659]: + - paragraph [ref=e660]: CrofAI + - generic "API Key" [ref=e661] + - paragraph [ref=e662]: Not configured + - generic [ref=e663]: + - paragraph [ref=e664]: "0" + - paragraph [ref=e665]: models + - button "alicode Alibaba API Key Not configured 0 models" [ref=e666] [cursor=pointer]: + - generic [ref=e667]: + - img "alicode" [ref=e670] + - generic [ref=e672]: + - generic [ref=e673]: + - paragraph [ref=e674]: Alibaba + - generic "API Key" [ref=e675] + - paragraph [ref=e676]: Not configured + - generic [ref=e677]: + - paragraph [ref=e678]: "0" + - paragraph [ref=e679]: models + - button "alicode-intl Alibaba Intl API Key Not configured 0 models" [ref=e680] [cursor=pointer]: + - generic [ref=e681]: + - img "alicode-intl" [ref=e684] + - generic [ref=e686]: + - generic [ref=e687]: + - paragraph [ref=e688]: Alibaba Intl + - generic "API Key" [ref=e689] + - paragraph [ref=e690]: Not configured + - generic [ref=e691]: + - paragraph [ref=e692]: "0" + - paragraph [ref=e693]: models + - button "openai OpenAI API Key 0 active · 2 error 0/2 reqs 0% ~3711ms 8 models" [ref=e694] [cursor=pointer]: + - generic [ref=e695]: + - img "openai" [ref=e698] + - generic [ref=e700]: + - generic [ref=e701]: + - paragraph [ref=e702]: OpenAI + - generic "API Key" [ref=e703] + - paragraph [ref=e704]: 0 active · 2 error + - generic [ref=e705]: + - generic [ref=e706]: 0/2 reqs + - generic [ref=e707]: 0% + - generic [ref=e708]: ~3711ms + - generic [ref=e709]: + - paragraph [ref=e710]: "8" + - paragraph [ref=e711]: models + - button "azure-openai Azure OpenAI API Key Not configured 0 models" [ref=e712] [cursor=pointer]: + - generic [ref=e713]: + - img "azure-openai" [ref=e716] + - generic [ref=e720]: + - generic [ref=e721]: + - paragraph [ref=e722]: Azure OpenAI + - generic "API Key" [ref=e723] + - paragraph [ref=e724]: Not configured + - generic [ref=e725]: + - paragraph [ref=e726]: "0" + - paragraph [ref=e727]: models + - button "azure-ai Azure AI Foundry API Key Not configured 0 models" [ref=e728] [cursor=pointer]: + - generic [ref=e729]: + - img "azure-ai" [ref=e732] + - generic [ref=e736]: + - generic [ref=e737]: + - paragraph [ref=e738]: Azure AI Foundry + - generic "API Key" [ref=e739] + - paragraph [ref=e740]: Not configured + - generic [ref=e741]: + - paragraph [ref=e742]: "0" + - paragraph [ref=e743]: models + - button "bedrock Amazon Bedrock API Key Not configured 0 models" [ref=e744] [cursor=pointer]: + - generic [ref=e745]: + - img "bedrock" [ref=e748] + - generic [ref=e750]: + - generic [ref=e751]: + - paragraph [ref=e752]: Amazon Bedrock + - generic "API Key" [ref=e753] + - paragraph [ref=e754]: Not configured + - generic [ref=e755]: + - paragraph [ref=e756]: "0" + - paragraph [ref=e757]: models + - button "watsonx IBM watsonx.ai Gateway API Key Not configured 0 models" [ref=e758] [cursor=pointer]: + - generic [ref=e759]: + - img "watsonx" [ref=e762] + - generic [ref=e764]: + - generic [ref=e765]: + - paragraph [ref=e766]: IBM watsonx.ai Gateway + - generic "API Key" [ref=e767] + - paragraph [ref=e768]: Not configured + - generic [ref=e769]: + - paragraph [ref=e770]: "0" + - paragraph [ref=e771]: models + - button "oci OCI Generative AI API Key Not configured 0 models" [ref=e772] [cursor=pointer]: + - generic [ref=e773]: + - img "oci" [ref=e776] + - generic [ref=e777]: + - generic [ref=e778]: + - paragraph [ref=e779]: OCI Generative AI + - generic "API Key" [ref=e780] + - paragraph [ref=e781]: Not configured + - generic [ref=e782]: + - paragraph [ref=e783]: "0" + - paragraph [ref=e784]: models + - button "SAP Generative AI Hub API Key Not configured 0 models" [ref=e785] [cursor=pointer]: + - generic [ref=e786]: + - img [ref=e789] + - generic [ref=e792]: + - generic [ref=e793]: + - paragraph [ref=e794]: SAP Generative AI Hub + - generic "API Key" [ref=e795] + - paragraph [ref=e796]: Not configured + - generic [ref=e797]: + - paragraph [ref=e798]: "0" + - paragraph [ref=e799]: models + - button "modal Modal API Key Not configured 0 models" [ref=e800] [cursor=pointer]: + - generic [ref=e801]: + - img "modal" [ref=e804] + - generic [ref=e805]: + - generic [ref=e806]: + - paragraph [ref=e807]: Modal + - generic "API Key" [ref=e808] + - paragraph [ref=e809]: Not configured + - generic [ref=e810]: + - paragraph [ref=e811]: "0" + - paragraph [ref=e812]: models + - button "reka Reka API Key 2 active · 0 error 2 models" [ref=e813] [cursor=pointer]: + - generic [ref=e814]: + - img "reka" [ref=e817] + - generic [ref=e818]: + - generic [ref=e819]: + - paragraph [ref=e820]: Reka + - generic "API Key" [ref=e821] + - paragraph [ref=e822]: 2 active · 0 error + - generic [ref=e823]: + - paragraph [ref=e824]: "2" + - paragraph [ref=e825]: models + - button "NLP Cloud API Key Not configured 0 models" [ref=e826] [cursor=pointer]: + - generic [ref=e827]: + - img [ref=e830] + - generic [ref=e833]: + - generic [ref=e834]: + - paragraph [ref=e835]: NLP Cloud + - generic "API Key" [ref=e836] + - paragraph [ref=e837]: Not configured + - generic [ref=e838]: + - paragraph [ref=e839]: "0" + - paragraph [ref=e840]: models + - button "runwayml Runway API Key Not configured 0 models" [ref=e841] [cursor=pointer]: + - generic [ref=e842]: + - img "runwayml" [ref=e845] + - generic [ref=e847]: + - generic [ref=e848]: + - paragraph [ref=e849]: Runway + - generic "API Key" [ref=e850] + - paragraph [ref=e851]: Not configured + - generic [ref=e852]: + - paragraph [ref=e853]: "0" + - paragraph [ref=e854]: models + - button "anthropic Anthropic API Key Not configured 0 models" [ref=e855] [cursor=pointer]: + - generic [ref=e856]: + - img "anthropic" [ref=e859] + - generic [ref=e861]: + - generic [ref=e862]: + - paragraph [ref=e863]: Anthropic + - generic "API Key" [ref=e864] + - paragraph [ref=e865]: Not configured + - generic [ref=e866]: + - paragraph [ref=e867]: "0" + - paragraph [ref=e868]: models + - button "gemini Gemini (Google AI Studio) API Key 22 active · 3 error 844/13894 reqs 6% ~20068ms 0 models" [ref=e869] [cursor=pointer]: + - generic [ref=e870]: + - img "gemini" [ref=e873] + - generic [ref=e878]: + - generic [ref=e879]: + - paragraph [ref=e880]: Gemini (Google AI Studio) + - generic "API Key" [ref=e881] + - paragraph [ref=e882]: 22 active · 3 error + - generic [ref=e883]: + - generic [ref=e884]: 844/13894 reqs + - generic [ref=e885]: 6% + - generic [ref=e886]: ~20068ms + - generic [ref=e887]: + - paragraph [ref=e888]: "0" + - paragraph [ref=e889]: models + - button "deepseek DeepSeek API Key Not configured 0 models" [ref=e890] [cursor=pointer]: + - generic [ref=e891]: + - img "deepseek" [ref=e894] + - generic [ref=e896]: + - generic [ref=e897]: + - paragraph [ref=e898]: DeepSeek + - generic "API Key" [ref=e899] + - paragraph [ref=e900]: Not configured + - generic [ref=e901]: + - paragraph [ref=e902]: "0" + - paragraph [ref=e903]: models + - button "groq Groq API Key 2 active · 1 error 63/590 reqs 11% ~828ms 4 models" [ref=e904] [cursor=pointer]: + - generic [ref=e905]: + - img "groq" [ref=e908] + - generic [ref=e910]: + - generic [ref=e911]: + - paragraph [ref=e912]: Groq + - generic "API Key" [ref=e913] + - paragraph [ref=e914]: 2 active · 1 error + - generic [ref=e915]: + - generic [ref=e916]: 63/590 reqs + - generic [ref=e917]: 11% + - generic [ref=e918]: ~828ms + - generic [ref=e919]: + - paragraph [ref=e920]: "4" + - paragraph [ref=e921]: models + - button "blackbox Blackbox AI API Key Not configured 0 models" [ref=e922] [cursor=pointer]: + - generic [ref=e923]: + - img "blackbox" [ref=e926] + - generic [ref=e927]: + - generic [ref=e928]: + - paragraph [ref=e929]: Blackbox AI + - generic "API Key" [ref=e930] + - paragraph [ref=e931]: Not configured + - generic [ref=e932]: + - paragraph [ref=e933]: "0" + - paragraph [ref=e934]: models + - button "xai xAI (Grok) API Key 1 active · 1 error 0/24 reqs 0% ~720ms 6 models" [ref=e935] [cursor=pointer]: + - generic [ref=e936]: + - img "xai" [ref=e939] + - generic [ref=e941]: + - generic [ref=e942]: + - paragraph [ref=e943]: xAI (Grok) + - generic "API Key" [ref=e944] + - paragraph [ref=e945]: 1 active · 1 error + - generic [ref=e946]: + - generic [ref=e947]: 0/24 reqs + - generic [ref=e948]: 0% + - generic [ref=e949]: ~720ms + - generic [ref=e950]: + - paragraph [ref=e951]: "6" + - paragraph [ref=e952]: models + - button "mistral Mistral API Key Not configured 0 models" [ref=e953] [cursor=pointer]: + - generic [ref=e954]: + - img "mistral" [ref=e957] + - generic [ref=e963]: + - generic [ref=e964]: + - paragraph [ref=e965]: Mistral + - generic "API Key" [ref=e966] + - paragraph [ref=e967]: Not configured + - generic [ref=e968]: + - paragraph [ref=e969]: "0" + - paragraph [ref=e970]: models + - button "perplexity Perplexity API Key Not configured 0 models" [ref=e971] [cursor=pointer]: + - generic [ref=e972]: + - img "perplexity" [ref=e975] + - generic [ref=e977]: + - generic [ref=e978]: + - paragraph [ref=e979]: Perplexity + - generic "API Key" [ref=e980] + - paragraph [ref=e981]: Not configured + - generic [ref=e982]: + - paragraph [ref=e983]: "0" + - paragraph [ref=e984]: models + - button "together Together AI API Key Not configured 0 models" [ref=e985] [cursor=pointer]: + - generic [ref=e986]: + - img "together" [ref=e989] + - generic [ref=e993]: + - generic [ref=e994]: + - paragraph [ref=e995]: Together AI + - generic "API Key" [ref=e996] + - paragraph [ref=e997]: Not configured + - generic [ref=e998]: + - paragraph [ref=e999]: "0" + - paragraph [ref=e1000]: models + - button "fireworks Fireworks AI API Key Not configured 0 models" [ref=e1001] [cursor=pointer]: + - generic [ref=e1002]: + - img "fireworks" [ref=e1005] + - generic [ref=e1007]: + - generic [ref=e1008]: + - paragraph [ref=e1009]: Fireworks AI + - generic "API Key" [ref=e1010] + - paragraph [ref=e1011]: Not configured + - generic [ref=e1012]: + - paragraph [ref=e1013]: "0" + - paragraph [ref=e1014]: models + - button "cerebras Cerebras API Key Not configured 0 models" [ref=e1015] [cursor=pointer]: + - generic [ref=e1016]: + - img "cerebras" [ref=e1019] + - generic [ref=e1022]: + - generic [ref=e1023]: + - paragraph [ref=e1024]: Cerebras + - generic "API Key" [ref=e1025] + - paragraph [ref=e1026]: Not configured + - generic [ref=e1027]: + - paragraph [ref=e1028]: "0" + - paragraph [ref=e1029]: models + - button "cohere Cohere API Key Not configured 0 models" [ref=e1030] [cursor=pointer]: + - generic [ref=e1031]: + - img "cohere" [ref=e1034] + - generic [ref=e1038]: + - generic [ref=e1039]: + - paragraph [ref=e1040]: Cohere + - generic "API Key" [ref=e1041] + - paragraph [ref=e1042]: Not configured + - generic [ref=e1043]: + - paragraph [ref=e1044]: "0" + - paragraph [ref=e1045]: models + - button "nvidia NVIDIA NIM API Key 0 active · 0 error 13 models" [ref=e1046] [cursor=pointer]: + - generic [ref=e1047]: + - img "nvidia" [ref=e1050] + - generic [ref=e1052]: + - generic [ref=e1053]: + - paragraph [ref=e1054]: NVIDIA NIM + - generic "API Key" [ref=e1055] + - paragraph [ref=e1056]: 0 active · 0 error + - generic [ref=e1057]: + - paragraph [ref=e1058]: "13" + - paragraph [ref=e1059]: models + - button "nebius Nebius AI API Key Not configured 0 models" [ref=e1060] [cursor=pointer]: + - generic [ref=e1061]: + - img "nebius" [ref=e1064] + - generic [ref=e1067]: + - generic [ref=e1068]: + - paragraph [ref=e1069]: Nebius AI + - generic "API Key" [ref=e1070] + - paragraph [ref=e1071]: Not configured + - generic [ref=e1072]: + - paragraph [ref=e1073]: "0" + - paragraph [ref=e1074]: models + - button "siliconflow SiliconFlow API Key 0 active · 0 error 10 models" [ref=e1075] [cursor=pointer]: + - generic [ref=e1076]: + - img "siliconflow" [ref=e1079] + - generic [ref=e1081]: + - generic [ref=e1082]: + - paragraph [ref=e1083]: SiliconFlow + - generic "API Key" [ref=e1084] + - paragraph [ref=e1085]: 0 active · 0 error + - generic [ref=e1086]: + - paragraph [ref=e1087]: "10" + - paragraph [ref=e1088]: models + - button "hyperbolic Hyperbolic API Key Not configured 0 models" [ref=e1089] [cursor=pointer]: + - generic [ref=e1090]: + - img "hyperbolic" [ref=e1093] + - generic [ref=e1095]: + - generic [ref=e1096]: + - paragraph [ref=e1097]: Hyperbolic + - generic "API Key" [ref=e1098] + - paragraph [ref=e1099]: Not configured + - generic [ref=e1100]: + - paragraph [ref=e1101]: "0" + - paragraph [ref=e1102]: models + - button "nanobanana NanoBanana API Key 0 active · 36 error 52/88 reqs 59% ~471ms 0 models" [ref=e1103] [cursor=pointer]: + - generic [ref=e1104]: + - img "nanobanana" [ref=e1107] + - generic [ref=e1114]: + - generic [ref=e1115]: + - paragraph [ref=e1116]: NanoBanana + - generic "API Key" [ref=e1117] + - paragraph [ref=e1118]: 0 active · 36 error + - generic [ref=e1119]: + - generic [ref=e1120]: 52/88 reqs + - generic [ref=e1121]: 59% + - generic [ref=e1122]: ~471ms + - generic [ref=e1123]: + - paragraph [ref=e1124]: "0" + - paragraph [ref=e1125]: models + - button "ollama-cloud Ollama Cloud API Key 0 active · 55 error 3534/8493 reqs 42% ~11029ms 7 models" [ref=e1126] [cursor=pointer]: + - generic [ref=e1127]: + - img "ollama-cloud" [ref=e1130] + - generic [ref=e1132]: + - generic [ref=e1133]: + - paragraph [ref=e1134]: Ollama Cloud + - generic "API Key" [ref=e1135] + - paragraph [ref=e1136]: 0 active · 55 error + - generic [ref=e1137]: + - generic [ref=e1138]: 3534/8493 reqs + - generic [ref=e1139]: 42% + - generic [ref=e1140]: ~11029ms + - generic [ref=e1141]: + - paragraph [ref=e1142]: "7" + - paragraph [ref=e1143]: models + - button "huggingface HuggingFace API Key Not configured 0 models" [ref=e1144] [cursor=pointer]: + - generic [ref=e1145]: + - img "huggingface" [ref=e1148] + - generic [ref=e1155]: + - generic [ref=e1156]: + - paragraph [ref=e1157]: HuggingFace + - generic "API Key" [ref=e1158] + - paragraph [ref=e1159]: Not configured + - generic [ref=e1160]: + - paragraph [ref=e1161]: "0" + - paragraph [ref=e1162]: models + - button "synthetic Synthetic API Key Not configured 0 models" [ref=e1163] [cursor=pointer]: + - generic [ref=e1164]: + - img "synthetic" [ref=e1167] + - generic [ref=e1168]: + - generic [ref=e1169]: + - paragraph [ref=e1170]: Synthetic + - generic "API Key" [ref=e1171] + - paragraph [ref=e1172]: Not configured + - generic [ref=e1173]: + - paragraph [ref=e1174]: "0" + - paragraph [ref=e1175]: models + - button "kilo-gateway Kilo Gateway API Key 2 active · 0 error 0/3 reqs 0% ~432ms 6 models" [ref=e1176] [cursor=pointer]: + - generic [ref=e1177]: + - img "kilo-gateway" [ref=e1180] + - generic [ref=e1181]: + - generic [ref=e1182]: + - paragraph [ref=e1183]: Kilo Gateway + - generic "API Key" [ref=e1184] + - paragraph [ref=e1185]: 2 active · 0 error + - generic [ref=e1186]: + - generic [ref=e1187]: 0/3 reqs + - generic [ref=e1188]: 0% + - generic [ref=e1189]: ~432ms + - generic [ref=e1190]: + - paragraph [ref=e1191]: "6" + - paragraph [ref=e1192]: models + - button "vertex Vertex AI API Key Not configured 0 models" [ref=e1193] [cursor=pointer]: + - generic [ref=e1194]: + - img "vertex" [ref=e1197] + - generic [ref=e1206]: + - generic [ref=e1207]: + - paragraph [ref=e1208]: Vertex AI + - generic "API Key" [ref=e1209] + - paragraph [ref=e1210]: Not configured + - generic [ref=e1211]: + - paragraph [ref=e1212]: "0" + - paragraph [ref=e1213]: models + - button "vertex-partner Vertex AI Partners API Key Not configured 0 models" [ref=e1214] [cursor=pointer]: + - generic [ref=e1215]: + - img "vertex-partner" [ref=e1218] + - generic [ref=e1227]: + - generic [ref=e1228]: + - paragraph [ref=e1229]: Vertex AI Partners + - generic "API Key" [ref=e1230] + - paragraph [ref=e1231]: Not configured + - generic [ref=e1232]: + - paragraph [ref=e1233]: "0" + - paragraph [ref=e1234]: models + - button "zai Z.AI API Key 2 active · 0 error 4/7727 reqs 0% ~866ms 3 models" [ref=e1235] [cursor=pointer]: + - generic [ref=e1236]: + - img "zai" [ref=e1239] + - generic [ref=e1241]: + - generic [ref=e1242]: + - paragraph [ref=e1243]: Z.AI + - generic "API Key" [ref=e1244] + - paragraph [ref=e1245]: 2 active · 0 error + - generic [ref=e1246]: + - generic [ref=e1247]: 4/7727 reqs + - generic [ref=e1248]: 0% + - generic [ref=e1249]: ~866ms + - generic [ref=e1250]: + - paragraph [ref=e1251]: "3" + - paragraph [ref=e1252]: models + - button "opencode-zen OpenCode Zen API Key 0 active · 1 error 0/1 reqs 0% ~3825ms 7 models" [ref=e1253] [cursor=pointer]: + - generic [ref=e1254]: + - img "opencode-zen" [ref=e1257] + - generic [ref=e1259]: + - generic [ref=e1260]: + - paragraph [ref=e1261]: OpenCode Zen + - generic "API Key" [ref=e1262] + - paragraph [ref=e1263]: 0 active · 1 error + - generic [ref=e1264]: + - generic [ref=e1265]: 0/1 reqs + - generic [ref=e1266]: 0% + - generic [ref=e1267]: ~3825ms + - generic [ref=e1268]: + - paragraph [ref=e1269]: "7" + - paragraph [ref=e1270]: models + - button "opencode-go OpenCode Go API Key 1 active · 1 error 2/8 reqs 25% ~2268ms 12 models" [ref=e1271] [cursor=pointer]: + - generic [ref=e1272]: + - img "opencode-go" [ref=e1275] + - generic [ref=e1277]: + - generic [ref=e1278]: + - paragraph [ref=e1279]: OpenCode Go + - generic "API Key" [ref=e1280] + - paragraph [ref=e1281]: 1 active · 1 error + - generic [ref=e1282]: + - generic [ref=e1283]: 2/8 reqs + - generic [ref=e1284]: 25% + - generic [ref=e1285]: ~2268ms + - generic [ref=e1286]: + - paragraph [ref=e1287]: "12" + - paragraph [ref=e1288]: models + - button "alibaba Alibaba Cloud (DashScope) API Key Not configured 0 models" [ref=e1289] [cursor=pointer]: + - generic [ref=e1290]: + - img "alibaba" [ref=e1293] + - generic [ref=e1295]: + - generic [ref=e1296]: + - paragraph [ref=e1297]: Alibaba Cloud (DashScope) + - generic "API Key" [ref=e1298] + - paragraph [ref=e1299]: Not configured + - generic [ref=e1300]: + - paragraph [ref=e1301]: "0" + - paragraph [ref=e1302]: models + - button "longcat LongCat AI API Key Not configured 0 models" [ref=e1303] [cursor=pointer]: + - generic [ref=e1304]: + - img "longcat" [ref=e1307] + - generic [ref=e1308]: + - generic [ref=e1309]: + - paragraph [ref=e1310]: LongCat AI + - generic "API Key" [ref=e1311] + - paragraph [ref=e1312]: Not configured + - generic [ref=e1313]: + - paragraph [ref=e1314]: "0" + - paragraph [ref=e1315]: models + - button "pollinations Pollinations AI API Key Not configured 0 models" [ref=e1316] [cursor=pointer]: + - generic [ref=e1317]: + - img "pollinations" [ref=e1320] + - generic [ref=e1321]: + - generic [ref=e1322]: + - paragraph [ref=e1323]: Pollinations AI + - generic "API Key" [ref=e1324] + - paragraph [ref=e1325]: Not configured + - generic [ref=e1326]: + - paragraph [ref=e1327]: "0" + - paragraph [ref=e1328]: models + - button "puter Puter AI API Key Not configured 0 models" [ref=e1329] [cursor=pointer]: + - generic [ref=e1330]: + - img "puter" [ref=e1333] + - generic [ref=e1334]: + - generic [ref=e1335]: + - paragraph [ref=e1336]: Puter AI + - generic "API Key" [ref=e1337] + - paragraph [ref=e1338]: Not configured + - generic [ref=e1339]: + - paragraph [ref=e1340]: "0" + - paragraph [ref=e1341]: models + - button "cloudflare-ai Cloudflare Workers AI API Key 0 active · 1 error 0/150 reqs 0% ~1330ms 6 models" [ref=e1342] [cursor=pointer]: + - generic [ref=e1343]: + - img "cloudflare-ai" [ref=e1346] + - generic [ref=e1348]: + - generic [ref=e1349]: + - paragraph [ref=e1350]: Cloudflare Workers AI + - generic "API Key" [ref=e1351] + - paragraph [ref=e1352]: 0 active · 1 error + - generic [ref=e1353]: + - generic [ref=e1354]: 0/150 reqs + - generic [ref=e1355]: 0% + - generic [ref=e1356]: ~1330ms + - generic [ref=e1357]: + - paragraph [ref=e1358]: "6" + - paragraph [ref=e1359]: models + - button "scaleway Scaleway AI API Key Not configured 0 models" [ref=e1360] [cursor=pointer]: + - generic [ref=e1361]: + - img "scaleway" [ref=e1364] + - generic [ref=e1365]: + - generic [ref=e1366]: + - paragraph [ref=e1367]: Scaleway AI + - generic "API Key" [ref=e1368] + - paragraph [ref=e1369]: Not configured + - generic [ref=e1370]: + - paragraph [ref=e1371]: "0" + - paragraph [ref=e1372]: models + - button "deepinfra DeepInfra API Key Not configured 0 models" [ref=e1373] [cursor=pointer]: + - generic [ref=e1374]: + - img "deepinfra" [ref=e1377] + - generic [ref=e1380]: + - generic [ref=e1381]: + - paragraph [ref=e1382]: DeepInfra + - generic "API Key" [ref=e1383] + - paragraph [ref=e1384]: Not configured + - generic [ref=e1385]: + - paragraph [ref=e1386]: "0" + - paragraph [ref=e1387]: models + - button "vercel-ai-gateway Vercel AI Gateway API Key Not configured 0 models" [ref=e1388] [cursor=pointer]: + - generic [ref=e1389]: + - img "vercel-ai-gateway" [ref=e1392] + - generic [ref=e1394]: + - generic [ref=e1395]: + - paragraph [ref=e1396]: Vercel AI Gateway + - generic "API Key" [ref=e1397] + - paragraph [ref=e1398]: Not configured + - generic [ref=e1399]: + - paragraph [ref=e1400]: "0" + - paragraph [ref=e1401]: models + - button "lambda-ai Lambda AI API Key Not configured 0 models" [ref=e1402] [cursor=pointer]: + - generic [ref=e1403]: + - img "lambda-ai" [ref=e1406] + - generic [ref=e1408]: + - generic [ref=e1409]: + - paragraph [ref=e1410]: Lambda AI + - generic "API Key" [ref=e1411] + - paragraph [ref=e1412]: Not configured + - generic [ref=e1413]: + - paragraph [ref=e1414]: "0" + - paragraph [ref=e1415]: models + - button "sambanova SambaNova API Key Not configured 0 models" [ref=e1416] [cursor=pointer]: + - generic [ref=e1417]: + - img "sambanova" [ref=e1420] + - generic [ref=e1424]: + - generic [ref=e1425]: + - paragraph [ref=e1426]: SambaNova + - generic "API Key" [ref=e1427] + - paragraph [ref=e1428]: Not configured + - generic [ref=e1429]: + - paragraph [ref=e1430]: "0" + - paragraph [ref=e1431]: models + - button "nscale nScale API Key Not configured 0 models" [ref=e1432] [cursor=pointer]: + - generic [ref=e1433]: + - img "nscale" [ref=e1436] + - generic [ref=e1437]: + - generic [ref=e1438]: + - paragraph [ref=e1439]: nScale + - generic "API Key" [ref=e1440] + - paragraph [ref=e1441]: Not configured + - generic [ref=e1442]: + - paragraph [ref=e1443]: "0" + - paragraph [ref=e1444]: models + - button "ovhcloud OVHcloud AI API Key Not configured 0 models" [ref=e1445] [cursor=pointer]: + - generic [ref=e1446]: + - img "ovhcloud" [ref=e1449] + - generic [ref=e1450]: + - generic [ref=e1451]: + - paragraph [ref=e1452]: OVHcloud AI + - generic "API Key" [ref=e1453] + - paragraph [ref=e1454]: Not configured + - generic [ref=e1455]: + - paragraph [ref=e1456]: "0" + - paragraph [ref=e1457]: models + - button "baseten Baseten API Key Not configured 0 models" [ref=e1458] [cursor=pointer]: + - generic [ref=e1459]: + - img "baseten" [ref=e1462] + - generic [ref=e1464]: + - generic [ref=e1465]: + - paragraph [ref=e1466]: Baseten + - generic "API Key" [ref=e1467] + - paragraph [ref=e1468]: Not configured + - generic [ref=e1469]: + - paragraph [ref=e1470]: "0" + - paragraph [ref=e1471]: models + - button "PublicAI API Key Not configured 0 models" [ref=e1472] [cursor=pointer]: + - generic [ref=e1473]: + - img [ref=e1476] + - generic [ref=e1479]: + - generic [ref=e1480]: + - paragraph [ref=e1481]: PublicAI + - generic "API Key" [ref=e1482] + - paragraph [ref=e1483]: Not configured + - generic [ref=e1484]: + - paragraph [ref=e1485]: "0" + - paragraph [ref=e1486]: models + - button "moonshot Moonshot AI API Key Not configured 0 models" [ref=e1487] [cursor=pointer]: + - generic [ref=e1488]: + - img "moonshot" [ref=e1491] + - generic [ref=e1493]: + - generic [ref=e1494]: + - paragraph [ref=e1495]: Moonshot AI + - generic "API Key" [ref=e1496] + - paragraph [ref=e1497]: Not configured + - generic [ref=e1498]: + - paragraph [ref=e1499]: "0" + - paragraph [ref=e1500]: models + - button "meta-llama Meta Llama API API Key Not configured 0 models" [ref=e1501] [cursor=pointer]: + - generic [ref=e1502]: + - img "meta-llama" [ref=e1505] + - generic [ref=e1521]: + - generic [ref=e1522]: + - paragraph [ref=e1523]: Meta Llama API + - generic "API Key" [ref=e1524] + - paragraph [ref=e1525]: Not configured + - generic [ref=e1526]: + - paragraph [ref=e1527]: "0" + - paragraph [ref=e1528]: models + - button "v0-vercel v0 (Vercel) API Key Not configured 0 models" [ref=e1529] [cursor=pointer]: + - generic [ref=e1530]: + - img "v0-vercel" [ref=e1533] + - generic [ref=e1535]: + - generic [ref=e1536]: + - paragraph [ref=e1537]: v0 (Vercel) + - generic "API Key" [ref=e1538] + - paragraph [ref=e1539]: Not configured + - generic [ref=e1540]: + - paragraph [ref=e1541]: "0" + - paragraph [ref=e1542]: models + - button "morph Morph API Key Not configured 0 models" [ref=e1543] [cursor=pointer]: + - generic [ref=e1544]: + - img "morph" [ref=e1547] + - generic [ref=e1549]: + - generic [ref=e1550]: + - paragraph [ref=e1551]: Morph + - generic "API Key" [ref=e1552] + - paragraph [ref=e1553]: Not configured + - generic [ref=e1554]: + - paragraph [ref=e1555]: "0" + - paragraph [ref=e1556]: models + - button "featherless-ai Featherless AI API Key Not configured 0 models" [ref=e1557] [cursor=pointer]: + - generic [ref=e1558]: + - img "featherless-ai" [ref=e1561] + - generic [ref=e1563]: + - generic [ref=e1564]: + - paragraph [ref=e1565]: Featherless AI + - generic "API Key" [ref=e1566] + - paragraph [ref=e1567]: Not configured + - generic [ref=e1568]: + - paragraph [ref=e1569]: "0" + - paragraph [ref=e1570]: models + - button "friendliai FriendliAI API Key Not configured 0 models" [ref=e1571] [cursor=pointer]: + - generic [ref=e1572]: + - img "friendliai" [ref=e1575] + - generic [ref=e1579]: + - generic [ref=e1580]: + - paragraph [ref=e1581]: FriendliAI + - generic "API Key" [ref=e1582] + - paragraph [ref=e1583]: Not configured + - generic [ref=e1584]: + - paragraph [ref=e1585]: "0" + - paragraph [ref=e1586]: models + - button "llamagate LlamaGate API Key Not configured 0 models" [ref=e1587] [cursor=pointer]: + - generic [ref=e1588]: + - img "llamagate" [ref=e1591] + - generic [ref=e1592]: + - generic [ref=e1593]: + - paragraph [ref=e1594]: LlamaGate + - generic "API Key" [ref=e1595] + - paragraph [ref=e1596]: Not configured + - generic [ref=e1597]: + - paragraph [ref=e1598]: "0" + - paragraph [ref=e1599]: models + - button "heroku Heroku AI API Key Not configured 0 models" [ref=e1600] [cursor=pointer]: + - generic [ref=e1601]: + - img "heroku" [ref=e1604] + - generic [ref=e1605]: + - generic [ref=e1606]: + - paragraph [ref=e1607]: Heroku AI + - generic "API Key" [ref=e1608] + - paragraph [ref=e1609]: Not configured + - generic [ref=e1610]: + - paragraph [ref=e1611]: "0" + - paragraph [ref=e1612]: models + - button "Galadriel API Key Not configured 0 models" [ref=e1613] [cursor=pointer]: + - generic [ref=e1614]: + - img [ref=e1617] + - generic [ref=e1620]: + - generic [ref=e1621]: + - paragraph [ref=e1622]: Galadriel + - generic "API Key" [ref=e1623] + - paragraph [ref=e1624]: Not configured + - generic [ref=e1625]: + - paragraph [ref=e1626]: "0" + - paragraph [ref=e1627]: models + - button "databricks Databricks API Key Not configured 0 models" [ref=e1628] [cursor=pointer]: + - generic [ref=e1629]: + - img "databricks" [ref=e1632] + - generic [ref=e1634]: + - generic [ref=e1635]: + - paragraph [ref=e1636]: Databricks + - generic "API Key" [ref=e1637] + - paragraph [ref=e1638]: Not configured + - generic [ref=e1639]: + - paragraph [ref=e1640]: "0" + - paragraph [ref=e1641]: models + - button "DataRobot API Key Not configured 0 models" [ref=e1642] [cursor=pointer]: + - generic [ref=e1643]: + - img [ref=e1646] + - generic [ref=e1649]: + - generic [ref=e1650]: + - paragraph [ref=e1651]: DataRobot + - generic "API Key" [ref=e1652] + - paragraph [ref=e1653]: Not configured + - generic [ref=e1654]: + - paragraph [ref=e1655]: "0" + - paragraph [ref=e1656]: models + - button "Clarifai API Key Not configured 0 models" [ref=e1657] [cursor=pointer]: + - generic [ref=e1658]: + - img [ref=e1661] + - generic [ref=e1664]: + - generic [ref=e1665]: + - paragraph [ref=e1666]: Clarifai + - generic "API Key" [ref=e1667] + - paragraph [ref=e1668]: Not configured + - generic [ref=e1669]: + - paragraph [ref=e1670]: "0" + - paragraph [ref=e1671]: models + - button "snowflake Snowflake Cortex API Key Not configured 0 models" [ref=e1672] [cursor=pointer]: + - generic [ref=e1673]: + - img "snowflake" [ref=e1676] + - generic [ref=e1678]: + - generic [ref=e1679]: + - paragraph [ref=e1680]: Snowflake Cortex + - generic "API Key" [ref=e1681] + - paragraph [ref=e1682]: Not configured + - generic [ref=e1683]: + - paragraph [ref=e1684]: "0" + - paragraph [ref=e1685]: models + - button "wandb Weights & Biases Inference API Key Not configured 0 models" [ref=e1686] [cursor=pointer]: + - generic [ref=e1687]: + - img "wandb" [ref=e1690] + - generic [ref=e1691]: + - generic [ref=e1692]: + - paragraph [ref=e1693]: Weights & Biases Inference + - generic "API Key" [ref=e1694] + - paragraph [ref=e1695]: Not configured + - generic [ref=e1696]: + - paragraph [ref=e1697]: "0" + - paragraph [ref=e1698]: models + - button "volcengine Volcengine API Key Not configured 0 models" [ref=e1699] [cursor=pointer]: + - generic [ref=e1700]: + - img "volcengine" [ref=e1703] + - generic [ref=e1708]: + - generic [ref=e1709]: + - paragraph [ref=e1710]: Volcengine + - generic "API Key" [ref=e1711] + - paragraph [ref=e1712]: Not configured + - generic [ref=e1713]: + - paragraph [ref=e1714]: "0" + - paragraph [ref=e1715]: models + - button "ai21 AI21 Labs API Key Not configured 0 models" [ref=e1716] [cursor=pointer]: + - generic [ref=e1717]: + - img "ai21" [ref=e1720] + - generic [ref=e1722]: + - generic [ref=e1723]: + - paragraph [ref=e1724]: AI21 Labs + - generic "API Key" [ref=e1725] + - paragraph [ref=e1726]: Not configured + - generic [ref=e1727]: + - paragraph [ref=e1728]: "0" + - paragraph [ref=e1729]: models + - button "gigachat GigaChat (Sber) API Key Not configured 0 models" [ref=e1730] [cursor=pointer]: + - generic [ref=e1731]: + - img "gigachat" [ref=e1734] + - generic [ref=e1735]: + - generic [ref=e1736]: + - paragraph [ref=e1737]: GigaChat (Sber) + - generic "API Key" [ref=e1738] + - paragraph [ref=e1739]: Not configured + - generic [ref=e1740]: + - paragraph [ref=e1741]: "0" + - paragraph [ref=e1742]: models + - button "venice Venice.ai API Key Not configured 0 models" [ref=e1743] [cursor=pointer]: + - generic [ref=e1744]: + - img "venice" [ref=e1747] + - generic [ref=e1750]: + - generic [ref=e1751]: + - paragraph [ref=e1752]: Venice.ai + - generic "API Key" [ref=e1753] + - paragraph [ref=e1754]: Not configured + - generic [ref=e1755]: + - paragraph [ref=e1756]: "0" + - paragraph [ref=e1757]: models + - button "codestral Codestral API Key Not configured 0 models" [ref=e1758] [cursor=pointer]: + - generic [ref=e1759]: + - img "codestral" [ref=e1762] + - generic [ref=e1768]: + - generic [ref=e1769]: + - paragraph [ref=e1770]: Codestral + - generic "API Key" [ref=e1771] + - paragraph [ref=e1772]: Not configured + - generic [ref=e1773]: + - paragraph [ref=e1774]: "0" + - paragraph [ref=e1775]: models + - button "upstage Upstage API Key Not configured 0 models" [ref=e1776] [cursor=pointer]: + - generic [ref=e1777]: + - img "upstage" [ref=e1780] + - generic [ref=e1782]: + - generic [ref=e1783]: + - paragraph [ref=e1784]: Upstage + - generic "API Key" [ref=e1785] + - paragraph [ref=e1786]: Not configured + - generic [ref=e1787]: + - paragraph [ref=e1788]: "0" + - paragraph [ref=e1789]: models + - button "maritalk Maritalk API Key Not configured 0 models" [ref=e1790] [cursor=pointer]: + - generic [ref=e1791]: + - img "maritalk" [ref=e1794] + - generic [ref=e1795]: + - generic [ref=e1796]: + - paragraph [ref=e1797]: Maritalk + - generic "API Key" [ref=e1798] + - paragraph [ref=e1799]: Not configured + - generic [ref=e1800]: + - paragraph [ref=e1801]: "0" + - paragraph [ref=e1802]: models + - button "xiaomi-mimo Xiaomi MiMo API Key Not configured 0 models" [ref=e1803] [cursor=pointer]: + - generic [ref=e1804]: + - img "xiaomi-mimo" [ref=e1807] + - generic [ref=e1809]: + - generic [ref=e1810]: + - paragraph [ref=e1811]: Xiaomi MiMo + - generic "API Key" [ref=e1812] + - paragraph [ref=e1813]: Not configured + - generic [ref=e1814]: + - paragraph [ref=e1815]: "0" + - paragraph [ref=e1816]: models + - button "inference-net Inference.net API Key Not configured 0 models" [ref=e1817] [cursor=pointer]: + - generic [ref=e1818]: + - img "inference-net" [ref=e1821] + - generic [ref=e1823]: + - generic [ref=e1824]: + - paragraph [ref=e1825]: Inference.net + - generic "API Key" [ref=e1826] + - paragraph [ref=e1827]: Not configured + - generic [ref=e1828]: + - paragraph [ref=e1829]: "0" + - paragraph [ref=e1830]: models + - button "nanogpt NanoGPT API Key Not configured 0 models" [ref=e1831] [cursor=pointer]: + - generic [ref=e1832]: + - img "nanogpt" [ref=e1835] + - generic [ref=e1836]: + - generic [ref=e1837]: + - paragraph [ref=e1838]: NanoGPT + - generic "API Key" [ref=e1839] + - paragraph [ref=e1840]: Not configured + - generic [ref=e1841]: + - paragraph [ref=e1842]: "0" + - paragraph [ref=e1843]: models + - button "predibase Predibase API Key Not configured 0 models" [ref=e1844] [cursor=pointer]: + - generic [ref=e1845]: + - img "predibase" [ref=e1848] + - generic [ref=e1849]: + - generic [ref=e1850]: + - paragraph [ref=e1851]: Predibase + - generic "API Key" [ref=e1852] + - paragraph [ref=e1853]: Not configured + - generic [ref=e1854]: + - paragraph [ref=e1855]: "0" + - paragraph [ref=e1856]: models + - button "Bytez API Key Not configured 0 models" [ref=e1857] [cursor=pointer]: + - generic [ref=e1858]: + - img [ref=e1861] + - generic [ref=e1864]: + - generic [ref=e1865]: + - paragraph [ref=e1866]: Bytez + - generic "API Key" [ref=e1867] + - paragraph [ref=e1868]: Not configured + - generic [ref=e1869]: + - paragraph [ref=e1870]: "0" + - paragraph [ref=e1871]: models + - button "aimlapi AI/ML API API Key Not configured 0 models" [ref=e1872] [cursor=pointer]: + - generic [ref=e1873]: + - img "aimlapi" [ref=e1876] + - generic [ref=e1877]: + - generic [ref=e1878]: + - paragraph [ref=e1879]: AI/ML API + - generic "API Key" [ref=e1880] + - paragraph [ref=e1881]: Not configured + - generic [ref=e1882]: + - paragraph [ref=e1883]: "0" + - paragraph [ref=e1884]: models + - button "novita Novita AI API Key Not configured 0 models" [ref=e1885] [cursor=pointer]: + - generic [ref=e1886]: + - img "novita" [ref=e1889] + - generic [ref=e1891]: + - generic [ref=e1892]: + - paragraph [ref=e1893]: Novita AI + - generic "API Key" [ref=e1894] + - paragraph [ref=e1895]: Not configured + - generic [ref=e1896]: + - paragraph [ref=e1897]: "0" + - paragraph [ref=e1898]: models + - button "piapi PiAPI API Key 0 active · 0 error 0 models" [ref=e1899] [cursor=pointer]: + - generic [ref=e1900]: + - img "piapi" [ref=e1903] + - generic [ref=e1904]: + - generic [ref=e1905]: + - paragraph [ref=e1906]: PiAPI + - generic "API Key" [ref=e1907] + - paragraph [ref=e1908]: 0 active · 0 error + - generic [ref=e1909]: + - paragraph [ref=e1910]: "0" + - paragraph [ref=e1911]: models + - button "GoAPI API Key Not configured 0 models" [ref=e1912] [cursor=pointer]: + - generic [ref=e1913]: + - img [ref=e1916] + - generic [ref=e1919]: + - generic [ref=e1920]: + - paragraph [ref=e1921]: GoAPI + - generic "API Key" [ref=e1922] + - paragraph [ref=e1923]: Not configured + - generic [ref=e1924]: + - paragraph [ref=e1925]: "0" + - paragraph [ref=e1926]: models + - button "LaoZhang AI API Key 0 active · 0 error 0 models" [ref=e1927] [cursor=pointer]: + - generic [ref=e1928]: + - img [ref=e1931] + - generic [ref=e1934]: + - generic [ref=e1935]: + - paragraph [ref=e1936]: LaoZhang AI + - generic "API Key" [ref=e1937] + - paragraph [ref=e1938]: 0 active · 0 error + - generic [ref=e1939]: + - paragraph [ref=e1940]: "0" + - paragraph [ref=e1941]: models + - button "GLHF Chat API Key Not configured 0 models" [ref=e1942] [cursor=pointer]: + - generic [ref=e1943]: + - img [ref=e1946] + - generic [ref=e1949]: + - generic [ref=e1950]: + - paragraph [ref=e1951]: GLHF Chat + - generic "API Key" [ref=e1952] + - paragraph [ref=e1953]: Not configured + - generic [ref=e1954]: + - paragraph [ref=e1955]: "0" + - paragraph [ref=e1956]: models + - button "CablyAI API Key Not configured 0 models" [ref=e1957] [cursor=pointer]: + - generic [ref=e1958]: + - img [ref=e1961] + - generic [ref=e1964]: + - generic [ref=e1965]: + - paragraph [ref=e1966]: CablyAI + - generic "API Key" [ref=e1967] + - paragraph [ref=e1968]: Not configured + - generic [ref=e1969]: + - paragraph [ref=e1970]: "0" + - paragraph [ref=e1971]: models + - button "TheB.AI API Key Not configured 0 models" [ref=e1972] [cursor=pointer]: + - generic [ref=e1973]: + - img [ref=e1976] + - generic [ref=e1979]: + - generic [ref=e1980]: + - paragraph [ref=e1981]: TheB.AI + - generic "API Key" [ref=e1982] + - paragraph [ref=e1983]: Not configured + - generic [ref=e1984]: + - paragraph [ref=e1985]: "0" + - paragraph [ref=e1986]: models + - button "FenayAI API Key Not configured 0 models" [ref=e1987] [cursor=pointer]: + - generic [ref=e1988]: + - img [ref=e1991] + - generic [ref=e1994]: + - generic [ref=e1995]: + - paragraph [ref=e1996]: FenayAI + - generic "API Key" [ref=e1997] + - paragraph [ref=e1998]: Not configured + - generic [ref=e1999]: + - paragraph [ref=e2000]: "0" + - paragraph [ref=e2001]: models + - button "empower Empower API Key Not configured 0 models" [ref=e2002] [cursor=pointer]: + - generic [ref=e2003]: + - img "empower" [ref=e2006] + - generic [ref=e2007]: + - generic [ref=e2008]: + - paragraph [ref=e2009]: Empower + - generic "API Key" [ref=e2010] + - paragraph [ref=e2011]: Not configured + - generic [ref=e2012]: + - paragraph [ref=e2013]: "0" + - paragraph [ref=e2014]: models + - button "nous-research Nous Research API Key Not configured 0 models" [ref=e2015] [cursor=pointer]: + - generic [ref=e2016]: + - img "nous-research" [ref=e2019] + - generic [ref=e2023]: + - generic [ref=e2024]: + - paragraph [ref=e2025]: Nous Research + - generic "API Key" [ref=e2026] + - paragraph [ref=e2027]: Not configured + - generic [ref=e2028]: + - paragraph [ref=e2029]: "0" + - paragraph [ref=e2030]: models + - button "Petals API Key Not configured 0 models" [ref=e2031] [cursor=pointer]: + - generic [ref=e2032]: + - img [ref=e2035] + - generic [ref=e2038]: + - generic [ref=e2039]: + - paragraph [ref=e2040]: Petals + - generic "API Key" [ref=e2041] + - paragraph [ref=e2042]: Not configured + - generic [ref=e2043]: + - paragraph [ref=e2044]: "0" + - paragraph [ref=e2045]: models + - button "poe Poe API Key Not configured 0 models" [ref=e2046] [cursor=pointer]: + - generic [ref=e2047]: + - img "poe" [ref=e2050] + - generic [ref=e2055]: + - generic [ref=e2056]: + - paragraph [ref=e2057]: Poe + - generic "API Key" [ref=e2058] + - paragraph [ref=e2059]: Not configured + - generic [ref=e2060]: + - paragraph [ref=e2061]: "0" + - paragraph [ref=e2062]: models + - button "gitlab GitLab Duo PAT API Key Not configured 0 models" [ref=e2063] [cursor=pointer]: + - generic [ref=e2064]: + - img "gitlab" [ref=e2067] + - generic [ref=e2068]: + - generic [ref=e2069]: + - paragraph [ref=e2070]: GitLab Duo PAT + - generic "API Key" [ref=e2071] + - paragraph [ref=e2072]: Not configured + - generic [ref=e2073]: + - paragraph [ref=e2074]: "0" + - paragraph [ref=e2075]: models + - button "Chutes.ai API Key Not configured 0 models" [ref=e2076] [cursor=pointer]: + - generic [ref=e2077]: + - img [ref=e2080] + - generic [ref=e2083]: + - generic [ref=e2084]: + - paragraph [ref=e2085]: Chutes.ai + - generic "API Key" [ref=e2086] + - paragraph [ref=e2087]: Not configured + - generic [ref=e2088]: + - paragraph [ref=e2089]: "0" + - paragraph [ref=e2090]: models + - button "voyage-ai Voyage AI API Key Not configured 0 models" [ref=e2091] [cursor=pointer]: + - generic [ref=e2092]: + - img "voyage-ai" [ref=e2095] + - generic [ref=e2097]: + - generic [ref=e2098]: + - paragraph [ref=e2099]: Voyage AI + - generic "API Key" [ref=e2100] + - paragraph [ref=e2101]: Not configured + - generic [ref=e2102]: + - paragraph [ref=e2103]: "0" + - paragraph [ref=e2104]: models + - button "jina-ai Jina AI API Key Not configured 0 models" [ref=e2105] [cursor=pointer]: + - generic [ref=e2106]: + - img "jina-ai" [ref=e2109] + - generic [ref=e2111]: + - generic [ref=e2112]: + - paragraph [ref=e2113]: Jina AI + - generic "API Key" [ref=e2114] + - paragraph [ref=e2115]: Not configured + - generic [ref=e2116]: + - paragraph [ref=e2117]: "0" + - paragraph [ref=e2118]: models + - button "fal-ai Fal.ai API Key Not configured 0 models" [ref=e2119] [cursor=pointer]: + - generic [ref=e2120]: + - img "fal-ai" [ref=e2123] + - generic [ref=e2125]: + - generic [ref=e2126]: + - paragraph [ref=e2127]: Fal.ai + - generic "API Key" [ref=e2128] + - paragraph [ref=e2129]: Not configured + - generic [ref=e2130]: + - paragraph [ref=e2131]: "0" + - paragraph [ref=e2132]: models + - button "stability-ai Stability AI API Key Not configured 0 models" [ref=e2133] [cursor=pointer]: + - generic [ref=e2134]: + - img "stability-ai" [ref=e2137] + - generic [ref=e2140]: + - generic [ref=e2141]: + - paragraph [ref=e2142]: Stability AI + - generic "API Key" [ref=e2143] + - paragraph [ref=e2144]: Not configured + - generic [ref=e2145]: + - paragraph [ref=e2146]: "0" + - paragraph [ref=e2147]: models + - button "black-forest-labs Black Forest Labs API Key Not configured 0 models" [ref=e2148] [cursor=pointer]: + - generic [ref=e2149]: + - img "black-forest-labs" [ref=e2152] + - generic [ref=e2154]: + - generic [ref=e2155]: + - paragraph [ref=e2156]: Black Forest Labs + - generic "API Key" [ref=e2157] + - paragraph [ref=e2158]: Not configured + - generic [ref=e2159]: + - paragraph [ref=e2160]: "0" + - paragraph [ref=e2161]: models + - button "recraft Recraft API Key Not configured 0 models" [ref=e2162] [cursor=pointer]: + - generic [ref=e2163]: + - img "recraft" [ref=e2166] + - generic [ref=e2169]: + - generic [ref=e2170]: + - paragraph [ref=e2171]: Recraft + - generic "API Key" [ref=e2172] + - paragraph [ref=e2173]: Not configured + - generic [ref=e2174]: + - paragraph [ref=e2175]: "0" + - paragraph [ref=e2176]: models + - button "topaz Topaz API Key Not configured 0 models" [ref=e2177] [cursor=pointer]: + - generic [ref=e2178]: + - img "topaz" [ref=e2181] + - generic [ref=e2183]: + - generic [ref=e2184]: + - paragraph [ref=e2185]: Topaz + - generic "API Key" [ref=e2186] + - paragraph [ref=e2187]: Not configured + - generic [ref=e2188]: + - paragraph [ref=e2189]: "0" + - paragraph [ref=e2190]: models + - button "ChatGPT Web (Plus/Pro) API Key Not configured 32/94 reqs 34% ~2ms 0 models" [ref=e2191] [cursor=pointer]: + - generic [ref=e2192]: + - img [ref=e2195] + - generic [ref=e2198]: + - generic [ref=e2199]: + - paragraph [ref=e2200]: ChatGPT Web (Plus/Pro) + - generic "API Key" [ref=e2201] + - paragraph [ref=e2202]: Not configured + - generic [ref=e2203]: + - generic [ref=e2204]: 32/94 reqs + - generic [ref=e2205]: 34% + - generic [ref=e2206]: ~2ms + - generic [ref=e2207]: + - paragraph [ref=e2208]: "0" + - paragraph [ref=e2209]: models + - button "grok-web Grok Web (Subscription) API Key Not configured 0 models" [ref=e2210] [cursor=pointer]: + - generic [ref=e2211]: + - img "grok-web" [ref=e2214] + - generic [ref=e2216]: + - generic [ref=e2217]: + - paragraph [ref=e2218]: Grok Web (Subscription) + - generic "API Key" [ref=e2219] + - paragraph [ref=e2220]: Not configured + - generic [ref=e2221]: + - paragraph [ref=e2222]: "0" + - paragraph [ref=e2223]: models + - button "perplexity-web Perplexity Web (Pro/Max) API Key Not configured 0 models" [ref=e2224] [cursor=pointer]: + - generic [ref=e2225]: + - img "perplexity-web" [ref=e2228] + - generic [ref=e2230]: + - generic [ref=e2231]: + - paragraph [ref=e2232]: Perplexity Web (Pro/Max) + - generic "API Key" [ref=e2233] + - paragraph [ref=e2234]: Not configured + - generic [ref=e2235]: + - paragraph [ref=e2236]: "0" + - paragraph [ref=e2237]: models + - button "blackbox-web Blackbox Web (Subscription) API Key Not configured 0 models" [ref=e2238] [cursor=pointer]: + - generic [ref=e2239]: + - img "blackbox-web" [ref=e2242] + - generic [ref=e2243]: + - generic [ref=e2244]: + - paragraph [ref=e2245]: Blackbox Web (Subscription) + - generic "API Key" [ref=e2246] + - paragraph [ref=e2247]: Not configured + - generic [ref=e2248]: + - paragraph [ref=e2249]: "0" + - paragraph [ref=e2250]: models + - button "muse-spark-web Muse Spark Web (Meta AI) API Key Not configured 0 models" [ref=e2251] [cursor=pointer]: + - generic [ref=e2252]: + - img "muse-spark-web" [ref=e2255] + - generic [ref=e2258]: + - generic [ref=e2259]: + - paragraph [ref=e2260]: Muse Spark Web (Meta AI) + - generic "API Key" [ref=e2261] + - paragraph [ref=e2262]: Not configured + - generic [ref=e2263]: + - paragraph [ref=e2264]: "0" + - paragraph [ref=e2265]: models + - button "lm-studio LM Studio API Key Not configured 0 models" [ref=e2266] [cursor=pointer]: + - generic [ref=e2267]: + - img "lm-studio" [ref=e2270] + - generic [ref=e2273]: + - generic [ref=e2274]: + - paragraph [ref=e2275]: LM Studio + - generic "API Key" [ref=e2276] + - paragraph [ref=e2277]: Not configured + - generic [ref=e2278]: + - paragraph [ref=e2279]: "0" + - paragraph [ref=e2280]: models + - button "vllm vLLM API Key Not configured 0 models" [ref=e2281] [cursor=pointer]: + - generic [ref=e2282]: + - img "vllm" [ref=e2285] + - generic [ref=e2288]: + - generic [ref=e2289]: + - paragraph [ref=e2290]: vLLM + - generic "API Key" [ref=e2291] + - paragraph [ref=e2292]: Not configured + - generic [ref=e2293]: + - paragraph [ref=e2294]: "0" + - paragraph [ref=e2295]: models + - button "Lemonade Server API Key Not configured 0 models" [ref=e2296] [cursor=pointer]: + - generic [ref=e2297]: + - img [ref=e2300] + - generic [ref=e2303]: + - generic [ref=e2304]: + - paragraph [ref=e2305]: Lemonade Server + - generic "API Key" [ref=e2306] + - paragraph [ref=e2307]: Not configured + - generic [ref=e2308]: + - paragraph [ref=e2309]: "0" + - paragraph [ref=e2310]: models + - button "Llamafile API Key Not configured 0 models" [ref=e2311] [cursor=pointer]: + - generic [ref=e2312]: + - img [ref=e2315] + - generic [ref=e2318]: + - generic [ref=e2319]: + - paragraph [ref=e2320]: Llamafile + - generic "API Key" [ref=e2321] + - paragraph [ref=e2322]: Not configured + - generic [ref=e2323]: + - paragraph [ref=e2324]: "0" + - paragraph [ref=e2325]: models + - button "triton NVIDIA Triton API Key Not configured 0 models" [ref=e2326] [cursor=pointer]: + - generic [ref=e2327]: + - img "triton" [ref=e2330] + - generic [ref=e2331]: + - generic [ref=e2332]: + - paragraph [ref=e2333]: NVIDIA Triton + - generic "API Key" [ref=e2334] + - paragraph [ref=e2335]: Not configured + - generic [ref=e2336]: + - paragraph [ref=e2337]: "0" + - paragraph [ref=e2338]: models + - button "Docker Model Runner API Key Not configured 0 models" [ref=e2339] [cursor=pointer]: + - generic [ref=e2340]: + - img [ref=e2343] + - generic [ref=e2346]: + - generic [ref=e2347]: + - paragraph [ref=e2348]: Docker Model Runner + - generic "API Key" [ref=e2349] + - paragraph [ref=e2350]: Not configured + - generic [ref=e2351]: + - paragraph [ref=e2352]: "0" + - paragraph [ref=e2353]: models + - button "xinference XInference API Key Not configured 0 models" [ref=e2354] [cursor=pointer]: + - generic [ref=e2355]: + - img "xinference" [ref=e2358] + - generic [ref=e2362]: + - generic [ref=e2363]: + - paragraph [ref=e2364]: XInference + - generic "API Key" [ref=e2365] + - paragraph [ref=e2366]: Not configured + - generic [ref=e2367]: + - paragraph [ref=e2368]: "0" + - paragraph [ref=e2369]: models + - button "oobabooga API Key Not configured 0 models" [ref=e2370] [cursor=pointer]: + - generic [ref=e2371]: + - img [ref=e2374] + - generic [ref=e2377]: + - generic [ref=e2378]: + - paragraph [ref=e2379]: oobabooga + - generic "API Key" [ref=e2380] + - paragraph [ref=e2381]: Not configured + - generic [ref=e2382]: + - paragraph [ref=e2383]: "0" + - paragraph [ref=e2384]: models + - button "sdwebui SD WebUI API Key Not configured 0 models" [ref=e2385] [cursor=pointer]: + - generic [ref=e2386]: + - img "sdwebui" [ref=e2389] + - generic [ref=e2395]: + - generic [ref=e2396]: + - paragraph [ref=e2397]: SD WebUI + - generic "API Key" [ref=e2398] + - paragraph [ref=e2399]: Not configured + - generic [ref=e2400]: + - paragraph [ref=e2401]: "0" + - paragraph [ref=e2402]: models + - button "comfyui ComfyUI API Key Not configured 0 models" [ref=e2403] [cursor=pointer]: + - generic [ref=e2404]: + - img "comfyui" [ref=e2407] + - generic [ref=e2409]: + - generic [ref=e2410]: + - paragraph [ref=e2411]: ComfyUI + - generic "API Key" [ref=e2412] + - paragraph [ref=e2413]: Not configured + - generic [ref=e2414]: + - paragraph [ref=e2415]: "0" + - paragraph [ref=e2416]: models + - button "perplexity-search Perplexity Search API Key Not configured 0 models" [ref=e2417] [cursor=pointer]: + - generic [ref=e2418]: + - img "perplexity-search" [ref=e2421] + - generic [ref=e2423]: + - generic [ref=e2424]: + - paragraph [ref=e2425]: Perplexity Search + - generic "API Key" [ref=e2426] + - paragraph [ref=e2427]: Not configured + - generic [ref=e2428]: + - paragraph [ref=e2429]: "0" + - paragraph [ref=e2430]: models + - button "serper-search Serper Search API Key Not configured 0 models" [ref=e2431] [cursor=pointer]: + - generic [ref=e2432]: + - img "serper-search" [ref=e2435] + - generic [ref=e2436]: + - generic [ref=e2437]: + - paragraph [ref=e2438]: Serper Search + - generic "API Key" [ref=e2439] + - paragraph [ref=e2440]: Not configured + - generic [ref=e2441]: + - paragraph [ref=e2442]: "0" + - paragraph [ref=e2443]: models + - button "brave-search Brave Search API Key 1 active · 0 error 0 models" [ref=e2444] [cursor=pointer]: + - generic [ref=e2445]: + - img "brave-search" [ref=e2448] + - generic [ref=e2449]: + - generic [ref=e2450]: + - paragraph [ref=e2451]: Brave Search + - generic "API Key" [ref=e2452] + - paragraph [ref=e2453]: 1 active · 0 error + - generic [ref=e2454]: + - paragraph [ref=e2455]: "0" + - paragraph [ref=e2456]: models + - button "exa-search Exa Search API Key 1 active · 0 error 0 models" [ref=e2457] [cursor=pointer]: + - generic [ref=e2458]: + - img "exa-search" [ref=e2461] + - generic [ref=e2463]: + - generic [ref=e2464]: + - paragraph [ref=e2465]: Exa Search + - generic "API Key" [ref=e2466] + - paragraph [ref=e2467]: 1 active · 0 error + - generic [ref=e2468]: + - paragraph [ref=e2469]: "0" + - paragraph [ref=e2470]: models + - button "tavily-search Tavily Search API Key 1 active · 0 error 0 models" [ref=e2471] [cursor=pointer]: + - generic [ref=e2472]: + - img "tavily-search" [ref=e2475] + - generic [ref=e2482]: + - generic [ref=e2483]: + - paragraph [ref=e2484]: Tavily Search + - generic "API Key" [ref=e2485] + - paragraph [ref=e2486]: 1 active · 0 error + - generic [ref=e2487]: + - paragraph [ref=e2488]: "0" + - paragraph [ref=e2489]: models + - button "google-pse-search Google Programmable Search API Key Not configured 0 models" [ref=e2490] [cursor=pointer]: + - generic [ref=e2491]: + - img "google-pse-search" [ref=e2494] + - generic [ref=e2499]: + - generic [ref=e2500]: + - paragraph [ref=e2501]: Google Programmable Search + - generic "API Key" [ref=e2502] + - paragraph [ref=e2503]: Not configured + - generic [ref=e2504]: + - paragraph [ref=e2505]: "0" + - paragraph [ref=e2506]: models + - button "linkup-search Linkup Search API Key Not configured 0 models" [ref=e2507] [cursor=pointer]: + - generic [ref=e2508]: + - img "linkup-search" [ref=e2511] + - generic [ref=e2512]: + - generic [ref=e2513]: + - paragraph [ref=e2514]: Linkup Search + - generic "API Key" [ref=e2515] + - paragraph [ref=e2516]: Not configured + - generic [ref=e2517]: + - paragraph [ref=e2518]: "0" + - paragraph [ref=e2519]: models + - button "searchapi-search SearchAPI API Key Not configured 0 models" [ref=e2520] [cursor=pointer]: + - generic [ref=e2521]: + - img "searchapi-search" [ref=e2524] + - generic [ref=e2526]: + - generic [ref=e2527]: + - paragraph [ref=e2528]: SearchAPI + - generic "API Key" [ref=e2529] + - paragraph [ref=e2530]: Not configured + - generic [ref=e2531]: + - paragraph [ref=e2532]: "0" + - paragraph [ref=e2533]: models + - button "youcom-search You.com Search API Key Not configured 0 models" [ref=e2534] [cursor=pointer]: + - generic [ref=e2535]: + - img "youcom-search" [ref=e2538] + - generic [ref=e2539]: + - generic [ref=e2540]: + - paragraph [ref=e2541]: You.com Search + - generic "API Key" [ref=e2542] + - paragraph [ref=e2543]: Not configured + - generic [ref=e2544]: + - paragraph [ref=e2545]: "0" + - paragraph [ref=e2546]: models + - button "SearXNG Search API Key Not configured 0 models" [ref=e2547] [cursor=pointer]: + - generic [ref=e2548]: + - img [ref=e2551] + - generic [ref=e2554]: + - generic [ref=e2555]: + - paragraph [ref=e2556]: SearXNG Search + - generic "API Key" [ref=e2557] + - paragraph [ref=e2558]: Not configured + - generic [ref=e2559]: + - paragraph [ref=e2560]: "0" + - paragraph [ref=e2561]: models + - button "deepgram Deepgram API Key Not configured 0 models" [ref=e2562] [cursor=pointer]: + - generic [ref=e2563]: + - img "deepgram" [ref=e2566] + - generic [ref=e2567]: + - generic [ref=e2568]: + - paragraph [ref=e2569]: Deepgram + - generic "API Key" [ref=e2570] + - paragraph [ref=e2571]: Not configured + - generic [ref=e2572]: + - paragraph [ref=e2573]: "0" + - paragraph [ref=e2574]: models + - button "assemblyai AssemblyAI API Key Not configured 0 models" [ref=e2575] [cursor=pointer]: + - generic [ref=e2576]: + - img "assemblyai" [ref=e2579] + - generic [ref=e2582]: + - generic [ref=e2583]: + - paragraph [ref=e2584]: AssemblyAI + - generic "API Key" [ref=e2585] + - paragraph [ref=e2586]: Not configured + - generic [ref=e2587]: + - paragraph [ref=e2588]: "0" + - paragraph [ref=e2589]: models + - button "elevenlabs ElevenLabs API Key Not configured 0 models" [ref=e2590] [cursor=pointer]: + - generic [ref=e2591]: + - img "elevenlabs" [ref=e2594] + - generic [ref=e2596]: + - generic [ref=e2597]: + - paragraph [ref=e2598]: ElevenLabs + - generic "API Key" [ref=e2599] + - paragraph [ref=e2600]: Not configured + - generic [ref=e2601]: + - paragraph [ref=e2602]: "0" + - paragraph [ref=e2603]: models + - button "cartesia Cartesia API Key Not configured 0 models" [ref=e2604] [cursor=pointer]: + - generic [ref=e2605]: + - img "cartesia" [ref=e2608] + - generic [ref=e2609]: + - generic [ref=e2610]: + - paragraph [ref=e2611]: Cartesia + - generic "API Key" [ref=e2612] + - paragraph [ref=e2613]: Not configured + - generic [ref=e2614]: + - paragraph [ref=e2615]: "0" + - paragraph [ref=e2616]: models + - button "playht PlayHT API Key Not configured 0 models" [ref=e2617] [cursor=pointer]: + - generic [ref=e2618]: + - img "playht" [ref=e2621] + - generic [ref=e2622]: + - generic [ref=e2623]: + - paragraph [ref=e2624]: PlayHT + - generic "API Key" [ref=e2625] + - paragraph [ref=e2626]: Not configured + - generic [ref=e2627]: + - paragraph [ref=e2628]: "0" + - paragraph [ref=e2629]: models + - button "inworld Inworld API Key Not configured 0 models" [ref=e2630] [cursor=pointer]: + - generic [ref=e2631]: + - img "inworld" [ref=e2634] + - generic [ref=e2635]: + - generic [ref=e2636]: + - paragraph [ref=e2637]: Inworld + - generic "API Key" [ref=e2638] + - paragraph [ref=e2639]: Not configured + - generic [ref=e2640]: + - paragraph [ref=e2641]: "0" + - paragraph [ref=e2642]: models + - button "aws-polly AWS Polly API Key Not configured 0 models" [ref=e2643] [cursor=pointer]: + - generic [ref=e2644]: + - img "aws-polly" [ref=e2647] + - generic [ref=e2650]: + - generic [ref=e2651]: + - paragraph [ref=e2652]: AWS Polly + - generic "API Key" [ref=e2653] + - paragraph [ref=e2654]: Not configured + - generic [ref=e2655]: + - paragraph [ref=e2656]: "0" + - paragraph [ref=e2657]: models + - button "cliproxyapi CLIProxyAPI API Key Not configured 0 models" [ref=e2658] [cursor=pointer]: + - generic [ref=e2659]: + - img "cliproxyapi" [ref=e2662] + - generic [ref=e2663]: + - generic [ref=e2664]: + - paragraph [ref=e2665]: CLIProxyAPI + - generic "API Key" [ref=e2666] + - paragraph [ref=e2667]: Not configured + - generic [ref=e2668]: + - paragraph [ref=e2669]: "0" + - paragraph [ref=e2670]: models diff --git a/.playwright-mcp/page-2026-05-08T21-50-50-813Z.yml b/.playwright-mcp/page-2026-05-08T21-50-50-813Z.yml new file mode 100644 index 0000000000..fba366c31f --- /dev/null +++ b/.playwright-mcp/page-2026-05-08T21-50-50-813Z.yml @@ -0,0 +1,158 @@ +- generic [active] [ref=e1]: + - link "Skip to content" [ref=e2] [cursor=pointer]: + - /url: "#main-content" + - generic [ref=e3]: + - complementary [ref=e5]: + - link "Skip to content" [ref=e6] [cursor=pointer]: + - /url: "#main-content" + - link "OmniRoute v3.7.9" [ref=e12] [cursor=pointer]: + - /url: /dashboard + - img [ref=e14] + - generic [ref=e26]: + - heading "OmniRoute" [level=1] [ref=e27] + - generic [ref=e28]: v3.7.9 + - navigation "Main navigation" [ref=e29]: + - generic [ref=e30]: + - link "home Home" [ref=e31] [cursor=pointer]: + - /url: /dashboard + - generic [ref=e32]: home + - generic [ref=e33]: Home + - link "api Endpoints" [ref=e34] [cursor=pointer]: + - /url: /dashboard/endpoint + - generic [ref=e35]: api + - generic [ref=e36]: Endpoints + - link "vpn_key API Manager" [ref=e37] [cursor=pointer]: + - /url: /dashboard/api-manager + - generic [ref=e38]: vpn_key + - generic [ref=e39]: API Manager + - link "dns Providers" [ref=e40] [cursor=pointer]: + - /url: /dashboard/providers + - generic [ref=e41]: dns + - generic [ref=e42]: Providers + - link "layers Combos" [ref=e43] [cursor=pointer]: + - /url: /dashboard/combos + - generic [ref=e44]: layers + - generic [ref=e45]: Combos + - link "view_list Batch Testing" [ref=e46] [cursor=pointer]: + - /url: /dashboard/batch + - generic [ref=e47]: view_list + - generic [ref=e48]: Batch Testing + - link "account_balance_wallet Costs" [ref=e49] [cursor=pointer]: + - /url: /dashboard/costs + - generic [ref=e50]: account_balance_wallet + - generic [ref=e51]: Costs + - link "analytics Analytics" [ref=e52] [cursor=pointer]: + - /url: /dashboard/analytics + - generic [ref=e53]: analytics + - generic [ref=e54]: Analytics + - link "cached Cache" [ref=e55] [cursor=pointer]: + - /url: /dashboard/cache + - generic [ref=e56]: cached + - generic [ref=e57]: Cache + - link "tune Limits & Quotas" [ref=e58] [cursor=pointer]: + - /url: /dashboard/limits + - generic [ref=e59]: tune + - generic [ref=e60]: Limits & Quotas + - link "perm_media Media" [ref=e61] [cursor=pointer]: + - /url: /dashboard/cache/media + - generic [ref=e62]: perm_media + - generic [ref=e63]: Media + - generic [ref=e64]: + - paragraph [ref=e65]: Context & Cache + - link "compress Caveman" [ref=e66] [cursor=pointer]: + - /url: /dashboard/context/caveman + - generic [ref=e67]: compress + - generic [ref=e68]: Caveman + - link "filter_alt RTK" [ref=e69] [cursor=pointer]: + - /url: /dashboard/context/rtk + - generic [ref=e70]: filter_alt + - generic [ref=e71]: RTK + - link "hub Compression Combos" [ref=e72] [cursor=pointer]: + - /url: /dashboard/context/combos + - generic [ref=e73]: hub + - generic [ref=e74]: Compression Combos + - generic [ref=e75]: + - paragraph [ref=e76]: CLI + - link "terminal Tools" [ref=e77] [cursor=pointer]: + - /url: /dashboard/cli-tools + - generic [ref=e78]: terminal + - generic [ref=e79]: Tools + - link "smart_toy Agents" [ref=e80] [cursor=pointer]: + - /url: /dashboard/agents + - generic [ref=e81]: smart_toy + - generic [ref=e82]: Agents + - link "psychology Memory" [ref=e83] [cursor=pointer]: + - /url: /dashboard/memory + - generic [ref=e84]: psychology + - generic [ref=e85]: Memory + - link "auto_fix_high Skills" [ref=e86] [cursor=pointer]: + - /url: /dashboard/skills + - generic [ref=e87]: auto_fix_high + - generic [ref=e88]: Skills + - generic [ref=e89]: + - paragraph [ref=e90]: System + - link "description Logs" [ref=e91] [cursor=pointer]: + - /url: /dashboard/logs + - generic [ref=e92]: description + - generic [ref=e93]: Logs + - link "policy Audit Log" [ref=e94] [cursor=pointer]: + - /url: /dashboard/audit + - generic [ref=e95]: policy + - generic [ref=e96]: Audit Log + - link "webhook Webhooks" [ref=e97] [cursor=pointer]: + - /url: /dashboard/webhooks + - generic [ref=e98]: webhook + - generic [ref=e99]: Webhooks + - link "health_and_safety Health" [ref=e100] [cursor=pointer]: + - /url: /dashboard/health + - generic [ref=e101]: health_and_safety + - generic [ref=e102]: Health + - link "dns Proxy" [ref=e103] [cursor=pointer]: + - /url: /dashboard/system/proxy + - generic [ref=e104]: dns + - generic [ref=e105]: Proxy + - link "settings Settings" [ref=e106] [cursor=pointer]: + - /url: /dashboard/settings + - generic [ref=e107]: settings + - generic [ref=e108]: Settings + - generic [ref=e109]: + - paragraph [ref=e110]: Help + - link "menu_book Docs" [ref=e111] [cursor=pointer]: + - /url: /docs + - generic [ref=e112]: menu_book + - generic [ref=e113]: Docs + - link "bug_report Issues" [ref=e114] [cursor=pointer]: + - /url: https://github.com/diegosouzapw/OmniRoute/issues + - generic [ref=e115]: bug_report + - generic [ref=e116]: Issues + - link "campaign Changelog" [ref=e117] [cursor=pointer]: + - /url: /dashboard/changelog + - generic [ref=e118]: campaign + - generic [ref=e119]: Changelog + - generic [ref=e120]: + - button "restart_alt Restart" [ref=e121]: + - generic: restart_alt + - text: Restart + - button "power_settings_new Shutdown" [ref=e122]: + - generic: power_settings_new + - text: Shutdown + - main [ref=e123]: + - generic [ref=e124]: + - button "menu" [ref=e126]: + - generic: menu + - generic [ref=e127]: + - button "🇺🇸 EN expand_more" [ref=e129]: + - generic [ref=e130]: 🇺🇸 + - generic [ref=e131]: EN + - generic: expand_more + - button "Switch to light mode" [ref=e132]: + - generic: light_mode + - button "logout" [ref=e133]: + - generic: logout + - navigation "Breadcrumb" [ref=e136]: + - link "Dashboard" [ref=e138] [cursor=pointer]: + - /url: /dashboard + - generic [ref=e139]: + - generic [ref=e140]: › + - generic [ref=e141]: Providers + - alert [ref=e155] diff --git a/.playwright-mcp/page-2026-05-08T21-50-54-493Z.yml b/.playwright-mcp/page-2026-05-08T21-50-54-493Z.yml new file mode 100644 index 0000000000..e8e7d3e6b5 --- /dev/null +++ b/.playwright-mcp/page-2026-05-08T21-50-54-493Z.yml @@ -0,0 +1,158 @@ +- generic [active] [ref=e1]: + - link "Skip to content" [ref=e2] [cursor=pointer]: + - /url: "#main-content" + - generic [ref=e3]: + - complementary [ref=e5]: + - link "Skip to content" [ref=e6] [cursor=pointer]: + - /url: "#main-content" + - link "OmniRoute v3.7.9" [ref=e12] [cursor=pointer]: + - /url: /dashboard + - img [ref=e14] + - generic [ref=e26]: + - heading "OmniRoute" [level=1] [ref=e27] + - generic [ref=e28]: v3.7.9 + - navigation "Main navigation" [ref=e29]: + - generic [ref=e30]: + - link "home Home" [ref=e31] [cursor=pointer]: + - /url: /dashboard + - generic [ref=e32]: home + - generic [ref=e33]: Home + - link "api Endpoints" [ref=e34] [cursor=pointer]: + - /url: /dashboard/endpoint + - generic [ref=e35]: api + - generic [ref=e36]: Endpoints + - link "vpn_key API Manager" [ref=e37] [cursor=pointer]: + - /url: /dashboard/api-manager + - generic [ref=e38]: vpn_key + - generic [ref=e39]: API Manager + - link "dns Providers" [ref=e40] [cursor=pointer]: + - /url: /dashboard/providers + - generic [ref=e41]: dns + - generic [ref=e42]: Providers + - link "layers Combos" [ref=e43] [cursor=pointer]: + - /url: /dashboard/combos + - generic [ref=e44]: layers + - generic [ref=e45]: Combos + - link "view_list Batch Testing" [ref=e46] [cursor=pointer]: + - /url: /dashboard/batch + - generic [ref=e47]: view_list + - generic [ref=e48]: Batch Testing + - link "account_balance_wallet Costs" [ref=e49] [cursor=pointer]: + - /url: /dashboard/costs + - generic [ref=e50]: account_balance_wallet + - generic [ref=e51]: Costs + - link "analytics Analytics" [ref=e52] [cursor=pointer]: + - /url: /dashboard/analytics + - generic [ref=e53]: analytics + - generic [ref=e54]: Analytics + - link "cached Cache" [ref=e55] [cursor=pointer]: + - /url: /dashboard/cache + - generic [ref=e56]: cached + - generic [ref=e57]: Cache + - link "tune Limits & Quotas" [ref=e58] [cursor=pointer]: + - /url: /dashboard/limits + - generic [ref=e59]: tune + - generic [ref=e60]: Limits & Quotas + - link "perm_media Media" [ref=e61] [cursor=pointer]: + - /url: /dashboard/cache/media + - generic [ref=e62]: perm_media + - generic [ref=e63]: Media + - generic [ref=e64]: + - paragraph [ref=e65]: Context & Cache + - link "compress Caveman" [ref=e66] [cursor=pointer]: + - /url: /dashboard/context/caveman + - generic [ref=e67]: compress + - generic [ref=e68]: Caveman + - link "filter_alt RTK" [ref=e69] [cursor=pointer]: + - /url: /dashboard/context/rtk + - generic [ref=e70]: filter_alt + - generic [ref=e71]: RTK + - link "hub Compression Combos" [ref=e72] [cursor=pointer]: + - /url: /dashboard/context/combos + - generic [ref=e73]: hub + - generic [ref=e74]: Compression Combos + - generic [ref=e75]: + - paragraph [ref=e76]: CLI + - link "terminal Tools" [ref=e77] [cursor=pointer]: + - /url: /dashboard/cli-tools + - generic [ref=e78]: terminal + - generic [ref=e79]: Tools + - link "smart_toy Agents" [ref=e80] [cursor=pointer]: + - /url: /dashboard/agents + - generic [ref=e81]: smart_toy + - generic [ref=e82]: Agents + - link "psychology Memory" [ref=e83] [cursor=pointer]: + - /url: /dashboard/memory + - generic [ref=e84]: psychology + - generic [ref=e85]: Memory + - link "auto_fix_high Skills" [ref=e86] [cursor=pointer]: + - /url: /dashboard/skills + - generic [ref=e87]: auto_fix_high + - generic [ref=e88]: Skills + - generic [ref=e89]: + - paragraph [ref=e90]: System + - link "description Logs" [ref=e91] [cursor=pointer]: + - /url: /dashboard/logs + - generic [ref=e92]: description + - generic [ref=e93]: Logs + - link "policy Audit Log" [ref=e94] [cursor=pointer]: + - /url: /dashboard/audit + - generic [ref=e95]: policy + - generic [ref=e96]: Audit Log + - link "webhook Webhooks" [ref=e97] [cursor=pointer]: + - /url: /dashboard/webhooks + - generic [ref=e98]: webhook + - generic [ref=e99]: Webhooks + - link "health_and_safety Health" [ref=e100] [cursor=pointer]: + - /url: /dashboard/health + - generic [ref=e101]: health_and_safety + - generic [ref=e102]: Health + - link "dns Proxy" [ref=e103] [cursor=pointer]: + - /url: /dashboard/system/proxy + - generic [ref=e104]: dns + - generic [ref=e105]: Proxy + - link "settings Settings" [ref=e106] [cursor=pointer]: + - /url: /dashboard/settings + - generic [ref=e107]: settings + - generic [ref=e108]: Settings + - generic [ref=e109]: + - paragraph [ref=e110]: Help + - link "menu_book Docs" [ref=e111] [cursor=pointer]: + - /url: /docs + - generic [ref=e112]: menu_book + - generic [ref=e113]: Docs + - link "bug_report Issues" [ref=e114] [cursor=pointer]: + - /url: https://github.com/diegosouzapw/OmniRoute/issues + - generic [ref=e115]: bug_report + - generic [ref=e116]: Issues + - link "campaign Changelog" [ref=e117] [cursor=pointer]: + - /url: /dashboard/changelog + - generic [ref=e118]: campaign + - generic [ref=e119]: Changelog + - generic [ref=e120]: + - button "restart_alt Restart" [ref=e121]: + - generic: restart_alt + - text: Restart + - button "power_settings_new Shutdown" [ref=e122]: + - generic: power_settings_new + - text: Shutdown + - main [ref=e123]: + - generic [ref=e124]: + - button "menu" [ref=e126]: + - generic: menu + - generic [ref=e127]: + - button "🇺🇸 EN expand_more" [ref=e129]: + - generic [ref=e130]: 🇺🇸 + - generic [ref=e131]: EN + - generic: expand_more + - button "Switch to light mode" [ref=e132]: + - generic: light_mode + - button "logout" [ref=e133]: + - generic: logout + - navigation "Breadcrumb" [ref=e136]: + - link "Dashboard" [ref=e138] [cursor=pointer]: + - /url: /dashboard + - generic [ref=e139]: + - generic [ref=e140]: › + - generic [ref=e141]: Combos + - alert [ref=e155] diff --git a/CHANGELOG.md b/CHANGELOG.md index bb34a7aef6..2f713a54e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,42 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(providers):** strip OpenAI-specific fields in Kiro translator to prevent 400 errors (#2037) +- **fix(ui):** resolve text contrast issues for zero-config warning banner in light mode (#2050) +- **fix(core):** inject global system prompt correctly into downstream chat completions pipeline (#2080) +- **fix(routing):** add missing v1beta rewrites to next.config to resolve 404 on Gemini models endpoint (#2102) +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + ## [3.7.9] — 2026-05-03 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -82,6 +115,7 @@ ## [3.7.8] — 2026-05-01 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -120,6 +154,7 @@ ## [3.7.7] — 2026-04-30 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -151,6 +186,7 @@ ## [3.7.6] — 2026-04-30 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -253,6 +289,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.7.5] — 2026-04-29 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -304,6 +341,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.7.4] — 2026-04-28 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -366,6 +404,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.7.2] — 2026-04-28 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -441,6 +480,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.7.1] — 2026-04-26 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -488,6 +528,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.7.0] — 2026-04-26 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -652,6 +693,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.6.9] — 2026-04-19 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -740,6 +782,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.6.8] — 2026-04-17 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -826,6 +869,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.6.6] — 2026-04-15 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -908,6 +952,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.6.5] — 2026-04-13 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -978,6 +1023,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.6.4] — 2026-04-12 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1084,6 +1130,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.6.3] — 2026-04-11 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1128,6 +1175,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.6.2] — 2026-04-11 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1166,6 +1214,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.6.1] — 2026-04-10 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1201,6 +1250,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.6.0] — 2026-04-10 ### ✨ New Features & Analytics + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1237,6 +1287,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.5.9] — 2026-04-09 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1276,6 +1327,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.5.8] — 2026-04-09 ### ✨ New Features & Analytics + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1334,6 +1386,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.5.6] — 2026-04-09 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1386,6 +1439,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.5.5] — 2026-04-08 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1439,6 +1493,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.5.4] — 2026-04-07 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1533,6 +1588,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.5.2] — 2026-04-05 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1571,6 +1627,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.5.1] — 2026-04-04 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1605,6 +1662,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.5.0] — 2026-04-03 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1715,6 +1773,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.4.6] - 2026-04-02 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1755,6 +1814,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.4.5] - 2026-04-02 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1823,6 +1883,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.4.3] - 2026-04-02 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -1889,6 +1950,7 @@ We identified that **155 community PRs** across the entire project history (from > On the first startup after upgrading, OmniRoute archives legacy request logs from `DATA_DIR/logs/`, legacy `DATA_DIR/call_logs/`, and `DATA_DIR/log.txt` into `DATA_DIR/log_archives/*.zip`, then removes the deprecated layout and switches to the new unified artifact format under `DATA_DIR/call_logs/`. ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2069,6 +2131,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.3.5] - 2026-03-30 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2105,6 +2168,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.3.4] - 2026-03-30 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2172,6 +2236,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.3.2] - 2026-03-29 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2388,6 +2453,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.2.2] — 2026-03-29 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2422,6 +2488,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.2.1] — 2026-03-29 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2460,6 +2527,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.2.0] — 2026-03-28 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2520,6 +2588,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.1.9] — 2026-03-28 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2721,6 +2790,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.1.1] — 2026-03-26 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2761,6 +2831,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.1.0] — 2026-03-26 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2875,6 +2946,7 @@ We identified that **155 community PRs** across the entire project history (from - **Proxy Test:** Test endpoint now resolves real credentials from DB via proxyId ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2917,6 +2989,7 @@ We identified that **155 community PRs** across the entire project history (from - **Settings:** Proxy test button now shows success/failure results immediately (previously hidden behind health data) ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2941,6 +3014,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.0.5] — 2026-03-25 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -2982,6 +3056,7 @@ We identified that **155 community PRs** across the entire project history (from ## [3.0.3] — 2026-03-25 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -3433,6 +3508,7 @@ docker pull diegosouzapw/omniroute:3.0.0 ## [3.0.0-rc.16] — 2026-03-24 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -3454,6 +3530,7 @@ docker pull diegosouzapw/omniroute:3.0.0 ## [3.0.0-rc.15] — 2026-03-24 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -3557,6 +3634,7 @@ docker pull diegosouzapw/omniroute:3.0.0 ## [3.0.0-rc.9] — 2026-03-23 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -3610,6 +3688,7 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ --- ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -3751,6 +3830,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [3.0.0-rc.5] - 2026-03-22 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -3780,6 +3860,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [3.0.0-rc.4] - 2026-03-22 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -3802,6 +3883,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [3.0.0-rc.3] - 2026-03-22 ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -4017,6 +4099,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Cross-platform machineId fix, per-API-key rate limits, streaming context cache, Alibaba DashScope, search analytics, ZWS v5, and 8 issues closed. ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -4490,6 +4573,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Unified web search routing (POST /v1/search) with 5 providers + Next.js 16.1.7 security fixes (6 CVEs). ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -4716,6 +4800,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: reasoning model param filtering, local provider 404 fix, Kilo Gateway provider, dependency bumps. ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -5001,6 +5086,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(electron) #379**: New `scripts/prepare-electron-standalone.mjs` stages a dedicated `/.next/electron-standalone` bundle before Electron packaging. Aborts with a clear error if `node_modules` is a symlink (electron-builder would ship a runtime dependency on the build machine). Cross-platform path sanitization via `path.basename`. By @kfiramar. ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -5072,6 +5158,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Codex account quota policy with auto-rotation, fast tier toggle, gpt-5.4 model, and analytics label fix. ### ✨ New Features (PRs #366, #367, #368) + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -5106,6 +5193,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Major release: strict-random routing strategy, API key access controls, connection groups, external pricing sync, and critical bug fixes for thinking models, combo testing, and tool name validation. ### ✨ New Features (PRs #363 & #365) + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -5148,6 +5236,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > API Key Round-Robin support for multi-key provider setups, and confirmation of wildcard routing and quota window rolling already in place. ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -5171,6 +5260,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > UI polish, routing strategy additions, and graceful error handling for usage limits. ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -5207,6 +5297,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Multiple improvements from community issue analysis, new provider support, bug fixes for token tracking, model routing, and streaming reliability. ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) @@ -5336,6 +5427,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **Tier Scoring (API + Validation)**: Added `tierPriority` (weight `0.05`) to the `ScoringWeights` Zod schema and the `combos/auto` API route — the 7th scoring factor is now fully accepted by the REST API and validated on input. `stability` weight adjusted from `0.10` to `0.05` to keep total sum = `1.0`. ### ✨ New Features + - **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) - **feat(settings):** add request body limit setting (#1968) - **feat(auth):** add Gemini CLI OAuth client secret default (#1974) diff --git a/CLAUDE.md b/CLAUDE.md index 9478629f7a..3859b9c779 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -76,6 +76,141 @@ API routes follow a consistent pattern: `Route → CORS preflight → Zod body v --- +## Resilience Runtime State + +OmniRoute has three related but distinct temporary-failure mechanisms. Keep their +scope separate when debugging routing behavior. + +### Provider Circuit Breaker + +**Scope**: whole provider, e.g. `glm`, `openai`, `anthropic`. + +**Purpose**: stop sending traffic to a provider that is repeatedly failing at the +upstream/service level, so one unhealthy provider does not slow down every request. + +**Implementation**: + +- Core class: `src/shared/utils/circuitBreaker.ts` +- Chat gate/execution wiring: `src/sse/handlers/chatHelpers.ts`, `src/sse/handlers/chat.ts` +- Runtime status API: `src/app/api/monitoring/health/route.ts` +- Shared wrappers: `open-sse/services/accountFallback.ts` +- Persisted state table: `domain_circuit_breakers` + +**States**: + +- `CLOSED`: normal traffic is allowed. +- `OPEN`: provider is temporarily blocked; callers get a provider-circuit-open response + or combo routing skips to another target. +- `HALF_OPEN`: reset timeout has elapsed; allow a probe request. Success closes the + breaker, failure opens it again. + +**Defaults** (`open-sse/config/constants.ts`): + +- OAuth providers: threshold `3`, reset timeout `60s`. +- API-key providers: threshold `5`, reset timeout `30s`. +- Local providers: threshold `2`, reset timeout `15s`. + +Only provider-level failure statuses should trip the provider breaker: + +```ts +(408, 500, 502, 503, 504); +``` + +Do not trip the whole-provider breaker for normal account/key/model errors like most +`401`, `403`, or `429` cases. Those usually belong to connection cooldown or model +lockout. A generic API-key provider `403` should be recoverable unless it is classified +as a terminal provider/account error. + +The breaker uses lazy recovery, not a background timer. When `OPEN` expires, reads such +as `getStatus()`, `canExecute()`, and `getRetryAfterMs()` refresh the state to +`HALF_OPEN`, so dashboards and combo candidate builders do not keep excluding an +expired provider forever. + +### Connection Cooldown + +**Scope**: one provider connection/account/key. + +**Purpose**: temporarily skip one bad key/account while allowing other connections for +the same provider to continue serving requests. + +**Implementation**: + +- Write/update path: `src/sse/services/auth.ts::markAccountUnavailable()` +- Account selection/filtering: `src/sse/services/auth.ts::getProviderCredentials...` +- Cooldown calculation: `open-sse/services/accountFallback.ts::checkFallbackError()` +- Settings: `src/lib/resilience/settings.ts` + +Important fields on provider connections: + +```ts +rateLimitedUntil; +testStatus: "unavailable"; +lastError; +lastErrorType; +errorCode; +backoffLevel; +``` + +During account selection, a connection is skipped while: + +```ts +new Date(rateLimitedUntil).getTime() > Date.now(); +``` + +Cooldowns are also lazy: when `rateLimitedUntil` is in the past, the connection becomes +eligible again. On successful use, `clearAccountError()` clears `testStatus`, +`rateLimitedUntil`, error fields, and `backoffLevel`. + +Default connection cooldown behavior: + +- OAuth base cooldown: `5s`. +- API-key base cooldown: `3s`. +- API-key `429` should prefer upstream retry hints (`Retry-After`, reset headers, or + parseable reset text) when available. +- Repeated recoverable failures use exponential backoff: + +```ts +baseCooldownMs * 2 ** failureIndex; +``` + +The anti-thundering-herd guard prevents concurrent failures on the same connection from +repeatedly extending the cooldown or double-incrementing `backoffLevel`. + +Terminal states are not cooldowns. `banned`, `expired`, and `credits_exhausted` are +intended to stay unavailable until credentials/settings change or an operator resets +them. Do not overwrite terminal states with transient cooldown state. + +### Model Lockout + +**Scope**: provider + connection + model. + +**Purpose**: avoid disabling a whole connection when only one model is unavailable or +quota-limited for that connection. + +Examples: + +- Per-model quota providers returning `429`. +- Local providers returning `404` for one missing model. +- Provider-specific mode/model permission failures such as selected Grok modes. + +Model lockout lives in `open-sse/services/accountFallback.ts` and lets the same +connection continue serving other models. + +### Debugging Guidance + +- If all keys for a provider are skipped, inspect both provider breaker state and each + connection's `rateLimitedUntil`/`testStatus`. +- If a provider appears permanently excluded after the reset window, check whether code + is reading raw `state` instead of using `getStatus()`/`canExecute()`. +- If one provider key fails but others should work, prefer connection cooldown over + provider breaker. +- If only one model fails, prefer model lockout over connection cooldown. +- If a state should self-recover, it should have a future timestamp/reset timeout and a + read path that refreshes expired state. Permanent statuses require manual credential + or config changes. + +--- + ## Key Conventions ### Code Style diff --git a/Dockerfile b/Dockerfile index 8ca152fb1c..ee090131d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,11 @@ COPY scripts/postinstall.mjs ./scripts/postinstall.mjs COPY scripts/postinstallSupport.mjs ./scripts/postinstallSupport.mjs COPY scripts/native-binary-compat.mjs ./scripts/native-binary-compat.mjs ENV NPM_CONFIG_LEGACY_PEER_DEPS=true -RUN if [ -f package-lock.json ]; then npm ci --no-audit --no-fund; else npm install --no-audit --no-fund; fi +RUN if [ -f package-lock.json ]; then \ + npm ci --no-audit --no-fund --legacy-peer-deps; \ + else \ + npm install --no-audit --no-fund --legacy-peer-deps; \ + fi COPY . ./ RUN mkdir -p /app/data && npm run build -- --webpack @@ -50,6 +54,11 @@ COPY --from=builder /app/node_modules/split2 ./node_modules/split2 # traced by Next.js standalone output — copy them explicitly. COPY --from=builder /app/src/lib/db/migrations ./migrations ENV OMNIROUTE_MIGRATIONS_DIR=/app/migrations +# MITM server.cjs is spawned at runtime via child_process — not traced by nft +COPY --from=builder /app/src/mitm/server.cjs ./src/mitm/server.cjs +# OpenAPI spec is read from disk by /api/openapi/spec at runtime for the +# Endpoints dashboard. Next.js standalone tracing does not include it. +COPY --from=builder /app/docs/openapi.yaml ./docs/openapi.yaml COPY --from=builder /app/scripts/run-standalone.mjs ./run-standalone.mjs COPY --from=builder /app/scripts/runtime-env.mjs ./runtime-env.mjs diff --git a/README.md b/README.md index db89bddd94..d1dca716b4 100644 --- a/README.md +++ b/README.md @@ -136,28 +136,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K @@ -665,7 +665,7 @@ PORT=20128 DASHBOARD_PORT=20129 NEXT_PUBLIC_BASE_URL=http://localhost:20129 npm **MCP:** `omniroute --mcp` (stdio transport) -**CLI options:** `omniroute --port 3000`, `omniroute --no-open`, `omniroute --help` +**CLI options:** `omniroute setup`, `omniroute doctor`, `omniroute providers available`, `omniroute providers list`, `omniroute --port 3000`, `omniroute --no-open`, `omniroute --help` **Split-port mode:** `PORT=20128 DASHBOARD_PORT=20129 omniroute` @@ -1519,4 +1519,3 @@ MIT License - see [LICENSE](LICENSE) for details. omniroute.online
- diff --git a/Tuto_Qdrant.MD b/Tuto_Qdrant.MD new file mode 100644 index 0000000000..d38abf1c47 --- /dev/null +++ b/Tuto_Qdrant.MD @@ -0,0 +1,138 @@ +# Tutorial Qdrant no OmniRoute (Guia para vídeo) + +## 1) O que é o Qdrant no OmniRoute +O Qdrant é o banco vetorial usado para memória semântica. + +No OmniRoute, ele ajuda a: +- Encontrar contexto por significado (não só palavra exata). +- Reaproveitar memórias antigas com mais precisão. +- Melhorar respostas com base em histórico relevante. +- Escalar melhor quando a base de memória cresce. + +--- + +## 2) Quando o OmniRoute envia dados para o Qdrant +Com Qdrant habilitado e modelo de embedding configurado, o sistema envia vetores quando: +- Memórias são salvas (upsert de memória). +- Fluxos de chat recuperam contexto semântico/híbrido. +- Testes de busca no painel geram embedding e consultam a coleção. + +Resumo prático: +- Sem Qdrant: busca mais limitada (texto/chave). +- Com Qdrant: busca por similaridade semântica (mais inteligente). + +--- + +## 3) Pré-requisitos +Você precisa de: +- Instância Qdrant acessível (porta 6333). +- Coleção criada (ex.: `omniroute_memory`). +- Modelo de embedding válido (ex.: OpenRouter). +- Credencial do provider do embedding configurada no OmniRoute. + +Exemplo de modelo OpenRouter: +- `openrouter/nvidia/llama-nemotron-embed-v1-1b-v2:free` + +Importante: +- O texto do modelo deve estar em formato `provider/model`. +- Se usar modelo com dimensão diferente da coleção, a busca falha. + +--- + +## 4) Como configurar no painel do OmniRoute +No menu: +- `Admin > Settings > Qdrant (Memória vetorial)` + +Preencha: +- `Ativar Qdrant`: ligado. +- `Host`: IP ou URL do servidor Qdrant (sem porta no campo Host). +- `Porta`: `6333`. +- `Collection`: `omniroute_memory` (ou nome que você criou). +- `Modelo de embedding`: selecione da lista ou digite manualmente. +- `API Key`: opcional (preencha se seu Qdrant exigir). + +Depois: +1. Clique em `Salvar`. +2. Clique em `Testar conexão`. +3. No `Teste de busca`, digite um texto e clique em `Buscar`. + +--- + +## 5) Como criar a coleção no Dashboard do Qdrant (sem comando) +No Qdrant Dashboard: +1. Clique em `Create collection`. +2. Escolha `Global search`. +3. Em tipo de busca, use `Custom`. +4. Configure vetor: + - Vector name: `omniao` (padrão esperado pelo OmniRoute atualmente). + - Size: dimensão do seu modelo de embedding (ex.: 2048 em alguns modelos NVIDIA). + - Distance: `Cosine`. +5. Salve a coleção com nome `omniroute_memory`. + +Se já tinha coleção com dimensão errada: +- Recrie a coleção com dimensão correta. + +--- + +## 6) Como validar se está funcionando +Checklist rápido: +1. `Testar conexão` no OmniRoute retorna OK. +2. Busca no painel retorna resultados (não “Sem resultados”). +3. No Qdrant Dashboard, aparecem pontos na coleção (payload + vector). +4. Resultados de chat passam a recuperar contexto mais relevante. + +Sinal clássico de problema: +- Dados entram no Qdrant, mas busca do painel não retorna nada. + +Causas comuns: +- Dimensão do vetor incompatível. +- Nome do vetor diferente do esperado (`omniao`). +- Modelo inválido/incompleto no campo de embedding. +- Provider sem credencial ativa. + +--- + +## 7) O que melhorou com esta atualização +Nesta melhoria do OmniRoute: +- Suporte a embeddings de qualquer provider compatível (não só OpenAI fixo). +- Endpoint para carregar modelos de embedding na tela de configurações. +- Campo manual para modelo custom quando não aparecer na lista. +- Ajuda visual (`?`) com passo rápido de configuração Qdrant + OpenRouter. + +--- + +## 8) Roteiro curto para seu vídeo +Sugestão de demo (3-5 minutos): +1. Mostrar problema sem Qdrant (busca simples). +2. Abrir Settings e habilitar Qdrant. +3. Configurar host/porta/collection/modelo. +4. Salvar + testar conexão. +5. Fazer `Teste de busca` no painel. +6. Abrir Qdrant Dashboard e mostrar ponto salvo + vetor. +7. Rodar um chat e mostrar melhoria de recuperação semântica. + +Mensagem final para a galera: +- "Qdrant no OmniRoute transforma memória de palavra-chave em memória por significado." + +--- + +## 9) Referências de código (para equipe técnica) +- UI de configuração Qdrant: + - `src/app/(dashboard)/dashboard/settings/components/MemorySkillsTab.tsx` +- Endpoint de modelos de embedding para Qdrant: + - `src/app/api/settings/qdrant/embedding-models/route.ts` +- Integração backend com Qdrant (health, upsert, search, cleanup): + - `src/lib/memory/qdrant.ts` +- Recuperação de memórias no fluxo de chat: + - `src/lib/memory/retrieval.ts` + - `open-sse/handlers/chatCore.ts` + +--- + +## 10) Observação importante de segurança +Nunca exponha em vídeo: +- API key completa do OpenRouter. +- Tokens reais de produção. +- Endpoints internos sem proteção. + +Use chaves mascaradas e ambiente de demonstração. diff --git a/bin/cli/args.mjs b/bin/cli/args.mjs new file mode 100644 index 0000000000..cbd7b652bf --- /dev/null +++ b/bin/cli/args.mjs @@ -0,0 +1,47 @@ +export function parseArgs(argv = []) { + const flags = {}; + const positionals = []; + + for (let i = 0; i < argv.length; i += 1) { + const arg = argv[i]; + + if (arg.startsWith("-") && !arg.startsWith("--") && arg.length > 1) { + for (const key of arg.slice(1)) { + flags[key] = true; + } + continue; + } + + if (!arg.startsWith("--")) { + positionals.push(arg); + continue; + } + + const eqIndex = arg.indexOf("="); + if (eqIndex !== -1) { + flags[arg.slice(2, eqIndex)] = arg.slice(eqIndex + 1); + continue; + } + + const key = arg.slice(2); + const next = argv[i + 1]; + if (next && !next.startsWith("--")) { + flags[key] = next; + i += 1; + } else { + flags[key] = true; + } + } + + return { flags, positionals }; +} + +export function getStringFlag(flags, name, envName = null) { + const value = flags[name] ?? (envName ? process.env[envName] : undefined); + if (typeof value !== "string") return ""; + return value.trim(); +} + +export function hasFlag(flags, name) { + return flags[name] === true; +} diff --git a/bin/cli/commands/doctor.mjs b/bin/cli/commands/doctor.mjs new file mode 100644 index 0000000000..b88f9faa0e --- /dev/null +++ b/bin/cli/commands/doctor.mjs @@ -0,0 +1,518 @@ +import fs from "node:fs"; +import net from "node:net"; +import os from "node:os"; +import path from "node:path"; +import { createDecipheriv, scryptSync } from "node:crypto"; +import { pathToFileURL } from "node:url"; +import { parseArgs, getStringFlag, hasFlag } from "../args.mjs"; +import { resolveDataDir, resolveStoragePath } from "../data-dir.mjs"; +import { printHeading } from "../io.mjs"; + +const STATIC_SALT = "omniroute-field-encryption-v1"; +const KEY_LENGTH = 32; +const CHECK_TIMEOUT_MS = 2000; + +function ok(name, message, details = {}) { + return { name, status: "ok", message, details }; +} + +function warn(name, message, details = {}) { + return { name, status: "warn", message, details }; +} + +function fail(name, message, details = {}) { + return { name, status: "fail", message, details }; +} + +function parsePort(value, fallback) { + const parsed = Number.parseInt(String(value ?? ""), 10); + return Number.isFinite(parsed) && parsed > 0 && parsed <= 65535 ? parsed : fallback; +} + +function parseConfiguredPort(value) { + if (value === undefined || value === null || value === "") return { valid: true, port: null }; + const parsed = Number.parseInt(String(value), 10); + return { + valid: Number.isFinite(parsed) && parsed > 0 && parsed <= 65535, + port: parsed, + }; +} + +function formatBytes(bytes) { + const gb = bytes / 1024 / 1024 / 1024; + return `${gb.toFixed(1)} GB`; +} + +function findEnvFileCandidates(dataDir) { + const candidates = []; + if (process.env.DATA_DIR) candidates.push(path.join(process.env.DATA_DIR, ".env")); + candidates.push(path.join(dataDir, ".env")); + candidates.push(path.join(process.cwd(), ".env")); + return [...new Set(candidates)]; +} + +function checkConfig(dataDir) { + const envCandidates = findEnvFileCandidates(dataDir); + const envFile = envCandidates.find((candidate) => fs.existsSync(candidate)); + const portChecks = [ + ["PORT", process.env.PORT], + ["API_PORT", process.env.API_PORT], + ["DASHBOARD_PORT", process.env.DASHBOARD_PORT], + ].map(([name, value]) => ({ name, value, ...parseConfiguredPort(value) })); + const invalidPorts = portChecks.filter((item) => !item.valid); + + if (invalidPorts.length > 0) { + return fail( + "Config", + `Invalid port setting: ${invalidPorts.map((item) => item.name).join(", ")}`, + { envFile: envFile || null, invalidPorts } + ); + } + + if (!envFile) { + return warn("Config", ".env file not found; using defaults and process environment", { + checked: envCandidates, + }); + } + + return ok("Config", `.env found at ${envFile}`, { envFile }); +} + +async function loadBetterSqlite() { + try { + return (await import("better-sqlite3")).default; + } catch (error) { + return { error }; + } +} + +function resolveMigrationsDir(rootDir) { + const configured = process.env.OMNIROUTE_MIGRATIONS_DIR; + const candidates = [ + configured, + path.join(rootDir, "src", "lib", "db", "migrations"), + path.join(rootDir, "app", "src", "lib", "db", "migrations"), + path.join(process.cwd(), "src", "lib", "db", "migrations"), + ].filter(Boolean); + + return candidates.find((candidate) => fs.existsSync(candidate)) || null; +} + +function readMigrationFiles(migrationsDir) { + if (!migrationsDir) return []; + return fs + .readdirSync(migrationsDir) + .filter((file) => /^\d+_.+\.sql$/.test(file)) + .sort() + .map((file) => { + const [, version, name] = file.match(/^(\d+)_(.+)\.sql$/) || []; + return { version, name, file }; + }); +} + +async function checkDatabase(dbPath, rootDir) { + if (!fs.existsSync(dbPath)) { + return warn("Database", `SQLite database not found at ${dbPath}`, { dbPath }); + } + + const Database = await loadBetterSqlite(); + if (Database.error) { + return fail("Database", "better-sqlite3 could not be loaded", { + error: Database.error instanceof Error ? Database.error.message : String(Database.error), + }); + } + + let db; + try { + db = new Database(dbPath, { readonly: true, fileMustExist: true }); + const quickCheck = db.prepare("PRAGMA quick_check").get(); + const quickCheckValue = Object.values(quickCheck || {})[0]; + if (quickCheckValue !== "ok") { + return fail("Database", `SQLite quick_check failed: ${quickCheckValue}`, { dbPath }); + } + + const migrationsDir = resolveMigrationsDir(rootDir); + const migrationFiles = readMigrationFiles(migrationsDir); + if (migrationFiles.length === 0) { + return ok("Database", "SQLite quick_check passed", { dbPath, migrations: "not_checked" }); + } + + const table = db + .prepare("SELECT name FROM sqlite_master WHERE type = 'table' AND name = ?") + .get("_omniroute_migrations"); + if (!table) { + return warn("Database", "SQLite is readable, but migration table is missing", { dbPath }); + } + + const appliedRows = db + .prepare("SELECT version FROM _omniroute_migrations") + .all() + .map((row) => row.version); + const applied = new Set(appliedRows); + const pending = migrationFiles.filter((migration) => !applied.has(migration.version)); + + if (pending.length > 0) { + return warn("Database", `${pending.length} migration(s) appear pending`, { + dbPath, + pending: pending.map((migration) => migration.file), + }); + } + + return ok("Database", "SQLite quick_check passed and migrations look current", { dbPath }); + } catch (error) { + return fail("Database", "SQLite database could not be read", { + dbPath, + error: error instanceof Error ? error.message : String(error), + }); + } finally { + if (db) db.close(); + } +} + +function deriveStorageKey() { + const secret = process.env.STORAGE_ENCRYPTION_KEY; + if (!secret) return null; + return scryptSync(secret, STATIC_SALT, KEY_LENGTH); +} + +function decryptCredentialSample(value, key) { + const prefix = "enc:v1:"; + const body = value.slice(prefix.length); + const [ivHex, encryptedHex, authTagHex] = body.split(":"); + if (!ivHex || !encryptedHex || !authTagHex) throw new Error("Malformed encrypted value"); + + const decipher = createDecipheriv("aes-256-gcm", key, Buffer.from(ivHex, "hex")); + decipher.setAuthTag(Buffer.from(authTagHex, "hex")); + let decrypted = decipher.update(encryptedHex, "hex", "utf8"); + decrypted += decipher.final("utf8"); + return decrypted; +} + +async function checkStorageEncryption(dbPath) { + const secret = process.env.STORAGE_ENCRYPTION_KEY; + if (secret !== undefined && String(secret).trim() === "") { + return fail("Storage/encryption", "STORAGE_ENCRYPTION_KEY is set but empty"); + } + + if (!fs.existsSync(dbPath)) { + return secret + ? ok("Storage/encryption", "Encryption key is configured; database not initialized yet") + : warn("Storage/encryption", "No STORAGE_ENCRYPTION_KEY configured; passthrough mode"); + } + + const Database = await loadBetterSqlite(); + if (Database.error) { + return fail("Storage/encryption", "Could not inspect encrypted credentials", { + error: Database.error instanceof Error ? Database.error.message : String(Database.error), + }); + } + + let db; + try { + db = new Database(dbPath, { readonly: true, fileMustExist: true }); + const hasProviderTable = db + .prepare("SELECT name FROM sqlite_master WHERE type = 'table' AND name = ?") + .get("provider_connections"); + if (!hasProviderTable) { + return secret + ? ok("Storage/encryption", "Encryption key is configured; provider table not initialized") + : warn("Storage/encryption", "No STORAGE_ENCRYPTION_KEY configured; passthrough mode"); + } + + const rows = db + .prepare( + `SELECT api_key, access_token, refresh_token, id_token + FROM provider_connections + WHERE api_key LIKE 'enc:v1:%' + OR access_token LIKE 'enc:v1:%' + OR refresh_token LIKE 'enc:v1:%' + OR id_token LIKE 'enc:v1:%' + LIMIT 20` + ) + .all(); + const encryptedValues = rows.flatMap((row) => + ["api_key", "access_token", "refresh_token", "id_token"] + .filter((key) => typeof row[key] === "string" && row[key].startsWith("enc:v1:")) + .map((key) => row[key]) + ); + + if (encryptedValues.length === 0) { + return secret + ? ok("Storage/encryption", "Encryption key is configured; no encrypted samples found") + : warn( + "Storage/encryption", + "No STORAGE_ENCRYPTION_KEY configured; credentials are plaintext" + ); + } + + if (!secret) { + return fail( + "Storage/encryption", + "Encrypted credentials exist but STORAGE_ENCRYPTION_KEY is missing", + { encryptedSamples: encryptedValues.length } + ); + } + + const key = deriveStorageKey(); + for (const value of encryptedValues) { + decryptCredentialSample(value, key); + } + + return ok("Storage/encryption", "Encrypted credential samples decrypt successfully", { + encryptedSamples: encryptedValues.length, + }); + } catch (error) { + return fail("Storage/encryption", "Encrypted credential check failed", { + error: error instanceof Error ? error.message : String(error), + }); + } finally { + if (db) db.close(); + } +} + +function checkPort(port, label) { + return new Promise((resolve) => { + const server = net.createServer(); + + server.once("error", (error) => { + if (error.code === "EADDRINUSE") { + resolve(warn("Port availability", `${label} port ${port} is already in use`, { port })); + } else { + resolve( + warn("Port availability", `${label} port ${port} could not be checked`, { + port, + error: error.message, + }) + ); + } + }); + + server.once("listening", () => { + server.close(() => { + resolve(ok("Port availability", `${label} port ${port} is available`, { port })); + }); + }); + + server.listen(port, "127.0.0.1"); + }); +} + +async function checkPorts() { + const port = parsePort(process.env.PORT || "20128", 20128); + const apiPort = parsePort(process.env.API_PORT || String(port), port); + const dashboardPort = parsePort(process.env.DASHBOARD_PORT || String(port), port); + const checks = await Promise.all([ + checkPort(dashboardPort, "Dashboard"), + apiPort === dashboardPort ? Promise.resolve(null) : checkPort(apiPort, "API"), + ]); + const results = checks.filter(Boolean); + const failResult = results.find((result) => result.status === "fail"); + if (failResult) return failResult; + const warnResults = results.filter((result) => result.status === "warn"); + if (warnResults.length > 0) { + return warn("Port availability", warnResults.map((result) => result.message).join("; "), { + ports: { apiPort, dashboardPort }, + }); + } + return ok("Port availability", "Configured port(s) are available", { + ports: { apiPort, dashboardPort }, + }); +} + +async function checkNodeRuntime(rootDir) { + const { getNodeRuntimeSupport } = await import( + pathToFileURL(path.join(rootDir, "bin", "nodeRuntimeSupport.mjs")).href + ); + const support = getNodeRuntimeSupport(); + if (!support.nodeCompatible) { + return fail("Node runtime", `${support.nodeVersion} is outside supported policy`, support); + } + return ok("Node runtime", `${support.nodeVersion} is supported`, support); +} + +async function checkNativeBinary(rootDir) { + const candidates = [ + path.join( + rootDir, + "app", + "node_modules", + "better-sqlite3", + "build", + "Release", + "better_sqlite3.node" + ), + path.join(rootDir, "node_modules", "better-sqlite3", "build", "Release", "better_sqlite3.node"), + ]; + const binaryPath = candidates.find((candidate) => fs.existsSync(candidate)); + if (!binaryPath) { + return warn("Native binary", "better-sqlite3 native binary was not found", { candidates }); + } + + const { isNativeBinaryCompatible } = await import( + pathToFileURL(path.join(rootDir, "scripts", "native-binary-compat.mjs")).href + ); + const compatible = isNativeBinaryCompatible(binaryPath); + if (!compatible) { + return fail("Native binary", "better-sqlite3 native binary is incompatible", { binaryPath }); + } + return ok("Native binary", "better-sqlite3 native binary is compatible", { binaryPath }); +} + +function checkMemory() { + const configured = process.env.OMNIROUTE_MEMORY_MB || "512"; + const memoryMb = Number.parseInt(configured, 10); + if (!Number.isFinite(memoryMb) || memoryMb < 64 || memoryMb > 16384) { + return fail("Memory", `Invalid OMNIROUTE_MEMORY_MB: ${configured}`, { configured }); + } + + const total = os.totalmem(); + const free = os.freemem(); + const requestedBytes = memoryMb * 1024 * 1024; + if (requestedBytes > total) { + return warn( + "Memory", + `Requested memory ${memoryMb} MB exceeds total RAM ${formatBytes(total)}`, + { + memoryMb, + totalBytes: total, + freeBytes: free, + } + ); + } + + return ok("Memory", `${memoryMb} MB limit configured; ${formatBytes(free)} free`, { + memoryMb, + totalBytes: total, + freeBytes: free, + }); +} + +async function fetchWithTimeout(url) { + const controller = new AbortController(); + const timeout = setTimeout(() => controller.abort(), CHECK_TIMEOUT_MS); + try { + return await fetch(url, { signal: controller.signal }); + } finally { + clearTimeout(timeout); + } +} + +function formatHostForUrl(host) { + return host.includes(":") && !host.startsWith("[") ? `[${host}]` : host; +} + +function resolveLivenessUrl(options = {}) { + const explicitUrl = options.livenessUrl || process.env.OMNIROUTE_DOCTOR_LIVENESS_URL; + if (explicitUrl) return explicitUrl; + + const port = parsePort(process.env.PORT || "20128", 20128); + const dashboardPort = parsePort(process.env.DASHBOARD_PORT || String(port), port); + const host = String(options.livenessHost || process.env.OMNIROUTE_DOCTOR_HOST || "127.0.0.1") + .trim() + .replace(/^https?:\/\//, "") + .replace(/\/.*$/, ""); + + return `http://${formatHostForUrl(host || "127.0.0.1")}:${dashboardPort}/api/health/degradation`; +} + +async function checkServerLiveness(options = {}) { + const url = resolveLivenessUrl(options); + + try { + const response = await fetchWithTimeout(url); + if (!response.ok) { + return warn("Server liveness", `Server responded with HTTP ${response.status}`, { url }); + } + return ok("Server liveness", "Server health endpoint is reachable", { url }); + } catch { + return warn("Server liveness", "Server health endpoint is not reachable", { url }); + } +} + +export async function collectDoctorChecks(context = {}, options = {}) { + const rootDir = + context.rootDir || + path.resolve(path.dirname(new URL(import.meta.url).pathname), "..", "..", ".."); + const dataDir = resolveDataDir(); + const dbPath = resolveStoragePath(dataDir); + + const checks = []; + checks.push(checkConfig(dataDir)); + checks.push(await checkDatabase(dbPath, rootDir)); + checks.push(await checkStorageEncryption(dbPath)); + checks.push(await checkPorts()); + checks.push(await checkNodeRuntime(rootDir)); + checks.push(await checkNativeBinary(rootDir)); + checks.push(checkMemory()); + + if (!options.skipLiveness) { + checks.push(await checkServerLiveness(options)); + } + + return { + dataDir, + dbPath, + checks, + summary: { + ok: checks.filter((check) => check.status === "ok").length, + warn: checks.filter((check) => check.status === "warn").length, + fail: checks.filter((check) => check.status === "fail").length, + }, + }; +} + +function printDoctorHelp() { + console.log(` +Usage: + omniroute doctor + omniroute doctor --json + omniroute doctor --no-liveness + omniroute doctor --host 0.0.0.0 + +Options: + --json Print machine-readable JSON + --no-liveness Skip HTTP health endpoint probing + --host Host for server liveness probing (default: 127.0.0.1) + --liveness-url Full health endpoint URL override + +Checks: + config, database, storage/encryption, ports, Node runtime, native binary, memory, server liveness +`); +} + +function printCheck(check) { + const label = check.status.toUpperCase().padEnd(4); + const color = + check.status === "ok" ? "\x1b[32m" : check.status === "warn" ? "\x1b[33m" : "\x1b[31m"; + console.log(`${color}${label}\x1b[0m ${check.name}: ${check.message}`); +} + +export async function runDoctorCommand(argv, context = {}) { + const { flags } = parseArgs(argv); + if (hasFlag(flags, "help") || hasFlag(flags, "h")) { + printDoctorHelp(); + return 0; + } + + const result = await collectDoctorChecks(context, { + skipLiveness: hasFlag(flags, "no-liveness"), + livenessHost: getStringFlag(flags, "host"), + livenessUrl: getStringFlag(flags, "liveness-url"), + }); + + if (hasFlag(flags, "json")) { + console.log(JSON.stringify(result, null, 2)); + } else { + printHeading("OmniRoute Doctor"); + console.log(`Data dir: ${result.dataDir}`); + console.log(`Database: ${result.dbPath}\n`); + for (const check of result.checks) { + printCheck(check); + } + console.log( + `\nSummary: ${result.summary.ok} ok, ${result.summary.warn} warning(s), ${result.summary.fail} failure(s)` + ); + } + + return result.summary.fail > 0 ? 1 : 0; +} diff --git a/bin/cli/commands/providers.mjs b/bin/cli/commands/providers.mjs new file mode 100644 index 0000000000..8401a34f6d --- /dev/null +++ b/bin/cli/commands/providers.mjs @@ -0,0 +1,428 @@ +import { parseArgs, getStringFlag, hasFlag } from "../args.mjs"; +import { printHeading } from "../io.mjs"; +import { getAvailableProviderCategories, loadAvailableProviders } from "../provider-catalog.mjs"; +import { testProviderApiKey } from "../provider-test.mjs"; +import { + findProviderConnection, + getProviderApiKey, + listProviderConnections, + updateProviderTestResult, +} from "../provider-store.mjs"; +import { openOmniRouteDb } from "../sqlite.mjs"; + +function publicConnection(connection) { + return { + id: connection.id, + provider: connection.provider, + name: connection.name, + authType: connection.authType, + isActive: connection.isActive, + testStatus: connection.testStatus, + lastTested: connection.lastTested, + lastError: connection.lastError, + defaultModel: connection.defaultModel, + }; +} + +function printProvidersHelp() { + console.log(` +Usage: + omniroute providers available + omniroute providers available --search openai + omniroute providers available --category api-key + omniroute providers list + omniroute providers test + omniroute providers test-all + omniroute providers validate + +Options: + --json Print machine-readable JSON + --search, --q Filter available providers by id, name, alias, or category + --category Filter available providers by category + +Notes: + "available" shows the OmniRoute provider catalog. + "list" shows provider connections already configured in local SQLite. + Provider commands read local SQLite directly and do not require the server to be running. + API-key provider tests update test_status, last_tested, and error fields in SQLite. +`); +} + +function printAvailableHelp() { + console.log(` +Usage: + omniroute providers available + omniroute providers available --search openai + omniroute providers available --category api-key + omniroute providers available --json + +Options: + --json Print machine-readable JSON + --search, --q Filter by id, name, alias, or category + --category Filter by category, for example api-key, oauth, free + +Notes: + Shows the OmniRoute provider catalog, not locally configured provider connections. +`); +} + +function printListHelp() { + console.log(` +Usage: + omniroute providers list + omniroute providers list --json + +Options: + --json Print machine-readable JSON + +Notes: + Lists provider connections already configured in local SQLite. +`); +} + +function printTestHelp() { + console.log(` +Usage: + omniroute providers test + omniroute providers test --json + +Options: + --json Print machine-readable JSON + +Notes: + Tests one configured provider connection and updates test status in local SQLite. +`); +} + +function printTestAllHelp() { + console.log(` +Usage: + omniroute providers test-all + omniroute providers test-all --json + +Options: + --json Print machine-readable JSON + +Notes: + Tests every active configured provider connection and updates test status in local SQLite. +`); +} + +function printValidateHelp() { + console.log(` +Usage: + omniroute providers validate + omniroute providers validate --json + +Options: + --json Print machine-readable JSON + +Notes: + Validates local provider configuration without calling upstream providers. +`); +} + +function printProvidersSubcommandHelp(subcommand) { + if (subcommand === "available") printAvailableHelp(); + else if (subcommand === "list") printListHelp(); + else if (subcommand === "test") printTestHelp(); + else if (subcommand === "test-all") printTestAllHelp(); + else if (subcommand === "validate") printValidateHelp(); + else printProvidersHelp(); +} + +function statusColor(status) { + if (status === "active" || status === "success") return "\x1b[32m"; + if (status === "error" || status === "expired" || status === "unavailable") return "\x1b[31m"; + return "\x1b[33m"; +} + +function printProviderTable(connections) { + if (connections.length === 0) { + console.log("No providers configured."); + return; + } + + for (const connection of connections) { + const shortId = connection.id.slice(0, 8); + const status = connection.testStatus || "unknown"; + const color = statusColor(status); + console.log( + `${shortId.padEnd(10)} ${connection.provider.padEnd(14)} ${String(connection.name).padEnd( + 24 + )} ${color}${status}\x1b[0m` + ); + } +} + +function normalizeCategoryFilter(category) { + const normalized = String(category || "") + .trim() + .toLowerCase() + .replaceAll("_", "-"); + if (normalized === "apikey") return "api-key"; + return normalized; +} + +function availableProviderNotes(provider) { + const notes = []; + if (provider.alias) notes.push(`alias:${provider.alias}`); + if (provider.hasFree) notes.push("free"); + if (provider.passthroughModels) notes.push("passthrough"); + if (provider.deprecated) notes.push("deprecated"); + return notes.join(", "); +} + +function publicAvailableProvider(provider) { + return { + id: provider.id, + name: provider.name, + category: provider.category, + alias: provider.alias, + website: provider.website, + deprecated: provider.deprecated, + hasFree: provider.hasFree, + passthroughModels: provider.passthroughModels, + }; +} + +function filterAvailableProviders(providers, flags) { + const search = String(getStringFlag(flags, "search") || getStringFlag(flags, "q") || "") + .trim() + .toLowerCase(); + const category = normalizeCategoryFilter(getStringFlag(flags, "category")); + + return providers.filter((provider) => { + if (category && provider.category !== category) return false; + if (!search) return true; + + return [provider.id, provider.name, provider.category, provider.alias] + .filter(Boolean) + .some((value) => String(value).toLowerCase().includes(search)); + }); +} + +function printAvailableProviderTable(providers, categories) { + if (providers.length === 0) { + console.log("No available providers matched the filters."); + return; + } + + console.log(`${providers.length} providers available.`); + console.log(`Categories: ${categories.join(", ")}`); + console.log("Use --search or --category to filter.\n"); + console.log(`${"ID".padEnd(24)} ${"Category".padEnd(14)} ${"Name".padEnd(28)} Notes`); + + for (const provider of providers) { + console.log( + `${provider.id.padEnd(24)} ${provider.category.padEnd(14)} ${String(provider.name).padEnd( + 28 + )} ${availableProviderNotes(provider)}` + ); + } +} + +function buildTestInput(connection, apiKey) { + return { + provider: connection.provider, + apiKey, + defaultModel: connection.defaultModel, + baseUrl: connection.providerSpecificData?.baseUrl || null, + }; +} + +async function runProviderTest(db, connection) { + try { + const apiKey = getProviderApiKey(connection); + const result = await testProviderApiKey(buildTestInput(connection, apiKey)); + updateProviderTestResult(db, connection.id, result); + return { + connection: publicConnection(connection), + ...result, + }; + } catch (error) { + const result = { + valid: false, + error: error instanceof Error ? error.message : String(error), + statusCode: null, + }; + updateProviderTestResult(db, connection.id, result); + return { + connection: publicConnection(connection), + ...result, + }; + } +} + +function validateConnection(connection) { + const issues = []; + const warnings = []; + + if (!connection.id) issues.push("Missing id"); + if (!connection.provider) issues.push("Missing provider"); + if (!connection.authType) warnings.push("Missing auth type"); + + if (connection.authType === "apikey") { + try { + getProviderApiKey(connection); + } catch (error) { + issues.push(error instanceof Error ? error.message : String(error)); + } + } else if (!connection.accessToken && !connection.refreshToken) { + warnings.push("OAuth connection has no access or refresh token visible locally"); + } + + if (connection.providerSpecificData === null && connection.providerSpecificData !== undefined) { + warnings.push("provider_specific_data is absent or not an object"); + } + + return { + connection: publicConnection(connection), + valid: issues.length === 0, + issues, + warnings, + }; +} + +async function availableCommand(flags) { + const allProviders = loadAvailableProviders(); + const providers = filterAvailableProviders(allProviders, flags).map(publicAvailableProvider); + const categories = getAvailableProviderCategories(allProviders); + + if (hasFlag(flags, "json")) { + console.log(JSON.stringify({ count: providers.length, categories, providers }, null, 2)); + } else { + printHeading("OmniRoute Available Providers"); + printAvailableProviderTable(providers, categories); + } + + return 0; +} + +async function listCommand(flags) { + const { db } = await openOmniRouteDb(); + try { + const connections = listProviderConnections(db).map(publicConnection); + if (hasFlag(flags, "json")) { + console.log(JSON.stringify({ providers: connections }, null, 2)); + } else { + printHeading("OmniRoute Providers"); + printProviderTable(connections); + } + return 0; + } finally { + db.close(); + } +} + +async function testCommand(flags, selector) { + if (!selector) { + console.error("Provider id or name is required."); + return 1; + } + + const { db } = await openOmniRouteDb(); + try { + const connection = findProviderConnection(db, selector); + if (!connection) { + console.error(`Provider connection not found: ${selector}`); + return 1; + } + + const result = await runProviderTest(db, connection); + if (hasFlag(flags, "json")) { + console.log(JSON.stringify(result, null, 2)); + } else if (result.valid) { + console.log(`\x1b[32mOK\x1b[0m ${connection.name}: provider test passed`); + } else { + console.log(`\x1b[31mFAIL\x1b[0m ${connection.name}: ${result.error}`); + } + return result.valid ? 0 : 1; + } finally { + db.close(); + } +} + +async function testAllCommand(flags) { + const { db } = await openOmniRouteDb(); + try { + const connections = listProviderConnections(db); + const results = []; + for (const connection of connections) { + if (!connection.isActive) { + results.push({ + connection: publicConnection(connection), + valid: false, + skipped: true, + error: "Connection is inactive", + }); + continue; + } + results.push(await runProviderTest(db, connection)); + } + + if (hasFlag(flags, "json")) { + console.log(JSON.stringify({ results }, null, 2)); + } else { + printHeading("OmniRoute Provider Tests"); + for (const result of results) { + const label = result.valid + ? "\x1b[32mOK\x1b[0m" + : result.skipped + ? "\x1b[33mSKIP\x1b[0m" + : "\x1b[31mFAIL\x1b[0m"; + console.log( + `${label} ${result.connection.name}: ${result.valid ? "provider test passed" : result.error}` + ); + } + } + + return results.some((result) => !result.valid && !result.skipped) ? 1 : 0; + } finally { + db.close(); + } +} + +async function validateCommand(flags) { + const { db } = await openOmniRouteDb(); + try { + const results = listProviderConnections(db).map(validateConnection); + if (hasFlag(flags, "json")) { + console.log(JSON.stringify({ results }, null, 2)); + } else { + printHeading("OmniRoute Provider Validation"); + if (results.length === 0) { + console.log("No providers configured."); + } + for (const result of results) { + const label = result.valid ? "\x1b[32mOK\x1b[0m" : "\x1b[31mFAIL\x1b[0m"; + const messages = [...result.issues, ...result.warnings].join("; "); + console.log(`${label} ${result.connection.name}${messages ? `: ${messages}` : ""}`); + } + } + return results.some((result) => !result.valid) ? 1 : 0; + } finally { + db.close(); + } +} + +export async function runProvidersCommand(argv) { + const { flags, positionals } = parseArgs(argv); + const requestedSubcommand = positionals[0]; + const subcommand = requestedSubcommand || "list"; + + if (hasFlag(flags, "help") || hasFlag(flags, "h")) { + printProvidersSubcommandHelp(requestedSubcommand); + return 0; + } + + if (subcommand === "available") return availableCommand(flags); + if (subcommand === "list") return listCommand(flags); + if (subcommand === "test") return testCommand(flags, positionals[1]); + if (subcommand === "test-all") return testAllCommand(flags); + if (subcommand === "validate") return validateCommand(flags); + + console.error(`Unknown providers subcommand: ${subcommand}`); + printProvidersHelp(); + return 1; +} diff --git a/bin/cli/commands/setup.mjs b/bin/cli/commands/setup.mjs new file mode 100644 index 0000000000..be298ed5a5 --- /dev/null +++ b/bin/cli/commands/setup.mjs @@ -0,0 +1,200 @@ +import { parseArgs, getStringFlag, hasFlag } from "../args.mjs"; +import { createPrompt, printHeading, printInfo, printSuccess } from "../io.mjs"; +import { openOmniRouteDb } from "../sqlite.mjs"; +import { getSettings, hashManagementPassword, updateSettings } from "../settings-store.mjs"; +import { testProviderApiKey } from "../provider-test.mjs"; +import { updateProviderTestResult, upsertApiKeyProviderConnection } from "../provider-store.mjs"; +import { + formatProviderChoices, + getProviderDisplayName, + resolveProviderChoice, +} from "../provider-catalog.mjs"; + +function wantsProviderSetup(flags) { + return ( + hasFlag(flags, "add-provider") || + Boolean(getStringFlag(flags, "provider", "OMNIROUTE_PROVIDER")) || + Boolean(getStringFlag(flags, "api-key", "OMNIROUTE_API_KEY")) + ); +} + +async function resolvePassword(flags, prompt, nonInteractive) { + const flagPassword = getStringFlag(flags, "password", "OMNIROUTE_SETUP_PASSWORD"); + if (flagPassword) return flagPassword; + if (nonInteractive) return ""; + + const answer = await prompt.ask("Set an admin password now? [y/N]", "N"); + if (!/^y(es)?$/i.test(answer)) return ""; + + const password = await prompt.ask("Admin password"); + const confirm = await prompt.ask("Confirm password"); + if (password !== confirm) { + throw new Error("Passwords do not match."); + } + return password; +} + +async function setupPassword(db, flags, prompt, nonInteractive) { + const password = await resolvePassword(flags, prompt, nonInteractive); + if (!password) { + const settings = getSettings(db); + if (!settings.password) { + updateSettings(db, { requireLogin: false }); + } + if (!nonInteractive) { + printInfo("Password setup skipped. Dashboard login remains disabled."); + } + return false; + } + + if (password.length < 8) { + throw new Error("Password must be at least 8 characters."); + } + + const hashedPassword = await hashManagementPassword(password); + updateSettings(db, { + password: hashedPassword, + requireLogin: true, + }); + printSuccess("Admin password configured"); + return true; +} + +async function resolveProviderInput(flags, prompt, nonInteractive) { + let provider = getStringFlag(flags, "provider", "OMNIROUTE_PROVIDER"); + let apiKey = getStringFlag(flags, "api-key", "OMNIROUTE_API_KEY"); + let name = getStringFlag(flags, "provider-name", "OMNIROUTE_PROVIDER_NAME"); + const defaultModel = getStringFlag(flags, "default-model", "OMNIROUTE_DEFAULT_MODEL"); + const baseUrl = getStringFlag(flags, "provider-base-url", "OMNIROUTE_PROVIDER_BASE_URL"); + + if (!provider && !nonInteractive) { + console.log("Choose a provider:"); + console.log(formatProviderChoices()); + provider = resolveProviderChoice(await prompt.ask("Provider", "1")); + } + + provider = provider || "openai"; + if (!apiKey && !nonInteractive) { + apiKey = await prompt.ask(`${getProviderDisplayName(provider)} API key`); + } + + if (!apiKey) { + throw new Error("Provider API key is required. Pass --api-key or OMNIROUTE_API_KEY."); + } + + if (!name) { + name = getProviderDisplayName(provider); + } + + return { + provider, + apiKey, + name, + defaultModel: defaultModel || null, + providerSpecificData: baseUrl ? { baseUrl } : null, + }; +} + +async function setupProvider(db, flags, prompt, nonInteractive) { + if (!wantsProviderSetup(flags) && nonInteractive) return null; + + if (!wantsProviderSetup(flags)) { + const answer = await prompt.ask("Add your first provider now? [Y/n]", "Y"); + if (/^n(o)?$/i.test(answer)) return null; + } + + const input = await resolveProviderInput(flags, prompt, nonInteractive); + const connection = upsertApiKeyProviderConnection(db, input); + printSuccess(`Provider configured: ${connection.name}`); + + if (hasFlag(flags, "test-provider")) { + printInfo(`Testing provider connection: ${connection.provider}`); + const result = await testProviderApiKey({ + provider: input.provider, + apiKey: input.apiKey, + defaultModel: input.defaultModel, + baseUrl: input.providerSpecificData?.baseUrl || null, + }); + updateProviderTestResult(db, connection.id, result); + + if (result.valid) { + printSuccess("Provider test passed"); + } else { + printInfo(`Provider test failed: ${result.error || "unknown error"}`); + } + } + + return connection; +} + +function printSetupHelp() { + console.log(` +Usage: + omniroute setup + omniroute setup --password + omniroute setup --add-provider --provider openai --api-key + omniroute setup --non-interactive + +Options: + --password Set admin password + --add-provider Add an API-key provider connection + --provider Provider id, for example openai or anthropic + --provider-name Display name for the connection + --api-key Provider API key + --default-model Optional default model + --provider-base-url Optional OpenAI-compatible base URL override + --test-provider Test the provider after saving it + --non-interactive Read all inputs from flags/env and do not prompt + +Environment: + OMNIROUTE_SETUP_PASSWORD + OMNIROUTE_PROVIDER + OMNIROUTE_PROVIDER_NAME + OMNIROUTE_PROVIDER_BASE_URL + OMNIROUTE_API_KEY + OMNIROUTE_DEFAULT_MODEL + DATA_DIR +`); +} + +export async function runSetupCommand(argv) { + const { flags } = parseArgs(argv); + if (hasFlag(flags, "help") || hasFlag(flags, "h")) { + printSetupHelp(); + return 0; + } + + const nonInteractive = hasFlag(flags, "non-interactive"); + const prompt = createPrompt(); + + try { + printHeading("OmniRoute Setup"); + const { db, dbPath } = await openOmniRouteDb(); + printInfo(`Database: ${dbPath}`); + + const before = getSettings(db); + const passwordChanged = await setupPassword(db, flags, prompt, nonInteractive); + const providerConnection = await setupProvider(db, flags, prompt, nonInteractive); + + updateSettings(db, { setupComplete: true }); + const after = getSettings(db); + db.close(); + + console.log(""); + printSuccess("Setup complete"); + printInfo( + `Login: ${after.requireLogin === true ? "enabled" : "disabled"}${ + passwordChanged ? " (password updated)" : "" + }` + ); + if (providerConnection) { + printInfo(`Provider: ${providerConnection.provider} (${providerConnection.name})`); + } else if (!before.setupComplete) { + printInfo("Provider: skipped"); + } + + return 0; + } finally { + prompt.close(); + } +} diff --git a/bin/cli/data-dir.mjs b/bin/cli/data-dir.mjs new file mode 100644 index 0000000000..ed9264dd90 --- /dev/null +++ b/bin/cli/data-dir.mjs @@ -0,0 +1,38 @@ +import os from "node:os"; +import path from "node:path"; + +const APP_NAME = "omniroute"; + +function normalizeConfiguredPath(value) { + if (typeof value !== "string") return null; + const trimmed = value.trim(); + return trimmed ? path.resolve(trimmed) : null; +} + +function safeHomeDir() { + try { + return os.homedir(); + } catch { + return process.env.HOME || process.env.USERPROFILE || os.tmpdir(); + } +} + +export function resolveDataDir() { + const configured = normalizeConfiguredPath(process.env.DATA_DIR); + if (configured) return configured; + + const homeDir = safeHomeDir(); + if (process.platform === "win32") { + const appData = process.env.APPDATA || path.join(homeDir, "AppData", "Roaming"); + return path.join(appData, APP_NAME); + } + + const xdgConfigHome = normalizeConfiguredPath(process.env.XDG_CONFIG_HOME); + if (xdgConfigHome) return path.join(xdgConfigHome, APP_NAME); + + return path.join(homeDir, `.${APP_NAME}`); +} + +export function resolveStoragePath(dataDir = resolveDataDir()) { + return path.join(dataDir, "storage.sqlite"); +} diff --git a/bin/cli/encryption.mjs b/bin/cli/encryption.mjs new file mode 100644 index 0000000000..3011941232 --- /dev/null +++ b/bin/cli/encryption.mjs @@ -0,0 +1,62 @@ +import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from "node:crypto"; + +const ALGORITHM = "aes-256-gcm"; +const IV_LENGTH = 16; +const KEY_LENGTH = 32; +const PREFIX = "enc:v1:"; +// Keep this salt in sync with the app-side field encryption format so credentials written by +// CLI setup remain decryptable by the dashboard/server and vice versa. +const STATIC_SALT = "omniroute-field-encryption-v1"; + +let cachedKey = null; + +function getEncryptionKey() { + if (cachedKey !== null) return cachedKey; + + const secret = process.env.STORAGE_ENCRYPTION_KEY; + if (!secret || typeof secret !== "string" || secret.trim().length === 0) { + return null; + } + + cachedKey = scryptSync(secret, STATIC_SALT, KEY_LENGTH); + return cachedKey; +} + +export function encryptCredential(value) { + if (!value || typeof value !== "string" || value.startsWith(PREFIX)) return value || null; + + const key = getEncryptionKey(); + if (!key) return value; + + const iv = randomBytes(IV_LENGTH); + const cipher = createCipheriv(ALGORITHM, key, iv); + let encrypted = cipher.update(value, "utf8", "hex"); + encrypted += cipher.final("hex"); + const authTag = cipher.getAuthTag().toString("hex"); + + return `${PREFIX}${iv.toString("hex")}:${encrypted}:${authTag}`; +} + +export function decryptCredential(value) { + if (!value || typeof value !== "string") return value || null; + if (!value.startsWith(PREFIX)) return value; + + const key = getEncryptionKey(); + if (!key) { + throw new Error("STORAGE_ENCRYPTION_KEY is required to decrypt this provider credential."); + } + + const body = value.slice(PREFIX.length); + const parts = body.split(":"); + if (parts.length !== 3) { + throw new Error("Malformed encrypted provider credential."); + } + + const [ivHex, encryptedHex, authTagHex] = parts; + const decipher = createDecipheriv(ALGORITHM, key, Buffer.from(ivHex, "hex")); + decipher.setAuthTag(Buffer.from(authTagHex, "hex")); + + let decrypted = decipher.update(encryptedHex, "hex", "utf8"); + decrypted += decipher.final("utf8"); + return decrypted; +} diff --git a/bin/cli/index.mjs b/bin/cli/index.mjs new file mode 100644 index 0000000000..c9c8683016 --- /dev/null +++ b/bin/cli/index.mjs @@ -0,0 +1,19 @@ +import { runDoctorCommand } from "./commands/doctor.mjs"; +import { runProvidersCommand } from "./commands/providers.mjs"; +import { runSetupCommand } from "./commands/setup.mjs"; + +export async function runCliCommand(command, argv, context = {}) { + if (command === "doctor") { + return runDoctorCommand(argv, context); + } + + if (command === "providers") { + return runProvidersCommand(argv, context); + } + + if (command === "setup") { + return runSetupCommand(argv, context); + } + + throw new Error(`Unknown CLI command: ${command}`); +} diff --git a/bin/cli/io.mjs b/bin/cli/io.mjs new file mode 100644 index 0000000000..ee200b4921 --- /dev/null +++ b/bin/cli/io.mjs @@ -0,0 +1,36 @@ +import readline from "node:readline"; + +export function createPrompt() { + const rl = readline.createInterface({ + input: process.stdin, + output: process.stdout, + }); + + function ask(question, defaultValue = "") { + const suffix = defaultValue ? ` (${defaultValue})` : ""; + return new Promise((resolve) => { + rl.question(`${question}${suffix}: `, (answer) => { + const trimmed = answer.trim(); + resolve(trimmed || defaultValue); + }); + }); + } + + function close() { + rl.close(); + } + + return { ask, close }; +} + +export function printHeading(title) { + console.log(`\n\x1b[1m\x1b[36m${title}\x1b[0m\n`); +} + +export function printSuccess(message) { + console.log(`\x1b[32m✔ ${message}\x1b[0m`); +} + +export function printInfo(message) { + console.log(`\x1b[2m${message}\x1b[0m`); +} diff --git a/bin/cli/provider-catalog.mjs b/bin/cli/provider-catalog.mjs new file mode 100644 index 0000000000..873f933d18 --- /dev/null +++ b/bin/cli/provider-catalog.mjs @@ -0,0 +1,175 @@ +import { existsSync, readFileSync } from "node:fs"; +import { createRequire } from "node:module"; +import { dirname, isAbsolute, join, resolve } from "node:path"; +import { fileURLToPath } from "node:url"; + +const CLI_DIR = dirname(fileURLToPath(import.meta.url)); +const DEFAULT_ROOT_DIR = join(CLI_DIR, "..", ".."); +const require = createRequire(import.meta.url); + +export const COMMON_PROVIDERS = [ + { id: "openai", name: "OpenAI" }, + { id: "anthropic", name: "Anthropic" }, + { id: "google", name: "Google AI" }, + { id: "openrouter", name: "OpenRouter" }, + { id: "groq", name: "Groq" }, + { id: "mistral", name: "Mistral" }, +]; + +function normalizeCatalogCategory(exportName) { + const raw = exportName + .replace(/_PROVIDERS$/, "") + .toLowerCase() + .replaceAll("_", "-"); + if (raw === "apikey") return "api-key"; + return raw; +} + +function loadTypeScript() { + try { + return require("typescript"); + } catch { + return null; + } +} + +function getPropertyName(ts, name) { + if (ts.isIdentifier(name) || ts.isStringLiteral(name) || ts.isNumericLiteral(name)) { + return name.text; + } + return null; +} + +function getObjectProperty(ts, objectLiteral, propertyName) { + return objectLiteral.properties.find( + (property) => + ts.isPropertyAssignment(property) && getPropertyName(ts, property.name) === propertyName + ); +} + +function getStringProperty(ts, objectLiteral, propertyName) { + const property = getObjectProperty(ts, objectLiteral, propertyName); + const initializer = property?.initializer; + if (!initializer) return null; + if (ts.isStringLiteral(initializer) || ts.isNoSubstitutionTemplateLiteral(initializer)) { + return initializer.text; + } + return null; +} + +function getBooleanProperty(ts, objectLiteral, propertyName) { + const property = getObjectProperty(ts, objectLiteral, propertyName); + const initializer = property?.initializer; + return initializer?.kind === ts.SyntaxKind.TrueKeyword; +} + +function extractProviderBlocks(source, filePath) { + const ts = loadTypeScript(); + if (!ts) return []; + + const providers = []; + const sourceFile = ts.createSourceFile(filePath, source, ts.ScriptTarget.Latest, true); + + sourceFile.forEachChild((node) => { + if (!ts.isVariableStatement(node)) return; + + for (const declaration of node.declarationList.declarations) { + if (!ts.isIdentifier(declaration.name)) continue; + const exportName = declaration.name.text; + if (!exportName.endsWith("_PROVIDERS")) continue; + if (!declaration.initializer || !ts.isObjectLiteralExpression(declaration.initializer)) { + continue; + } + + const category = normalizeCatalogCategory(exportName); + for (const property of declaration.initializer.properties) { + if (!ts.isPropertyAssignment(property)) continue; + if (!ts.isObjectLiteralExpression(property.initializer)) continue; + + const key = getPropertyName(ts, property.name); + if (!key) continue; + + const id = getStringProperty(ts, property.initializer, "id") || key; + const name = getStringProperty(ts, property.initializer, "name") || id; + + providers.push({ + id, + name, + category, + alias: getStringProperty(ts, property.initializer, "alias"), + website: getStringProperty(ts, property.initializer, "website"), + deprecated: getBooleanProperty(ts, property.initializer, "deprecated"), + hasFree: getBooleanProperty(ts, property.initializer, "hasFree"), + passthroughModels: getBooleanProperty(ts, property.initializer, "passthroughModels"), + }); + } + } + }); + + return providers; +} + +function fallbackAvailableProviders() { + return COMMON_PROVIDERS.map((provider) => ({ + ...provider, + category: "api-key", + alias: null, + website: null, + deprecated: false, + hasFree: false, + passthroughModels: false, + })); +} + +function resolveProviderCatalogPath(rootDir, options = {}) { + const configuredPath = options.catalogPath || process.env.OMNIROUTE_PROVIDER_CATALOG_PATH; + if (configuredPath) { + return isAbsolute(configuredPath) ? configuredPath : resolve(rootDir, configuredPath); + } + return join(rootDir, "src", "shared", "constants", "providers.ts"); +} + +export function loadAvailableProviders(options = {}) { + const rootDir = typeof options === "string" ? options : options.rootDir || DEFAULT_ROOT_DIR; + const providersPath = resolveProviderCatalogPath(rootDir, options); + + if (!existsSync(providersPath)) { + return fallbackAvailableProviders(); + } + + try { + const source = readFileSync(providersPath, "utf-8"); + const providers = extractProviderBlocks(source, providersPath); + if (providers.length === 0) return fallbackAvailableProviders(); + + const seen = new Set(); + return providers.filter((provider) => { + if (seen.has(provider.id)) return false; + seen.add(provider.id); + return true; + }); + } catch { + return fallbackAvailableProviders(); + } +} + +export function getAvailableProviderCategories(providers = loadAvailableProviders()) { + return [...new Set(providers.map((provider) => provider.category))].sort(); +} + +export function getProviderDisplayName(providerId) { + return COMMON_PROVIDERS.find((provider) => provider.id === providerId)?.name || providerId; +} + +export function formatProviderChoices() { + return COMMON_PROVIDERS.map((provider, index) => `${index + 1}. ${provider.name}`).join("\n"); +} + +export function resolveProviderChoice(value) { + const trimmed = String(value || "").trim(); + const numeric = Number.parseInt(trimmed, 10); + if (Number.isInteger(numeric) && numeric >= 1 && numeric <= COMMON_PROVIDERS.length) { + return COMMON_PROVIDERS[numeric - 1].id; + } + return trimmed || "openai"; +} diff --git a/bin/cli/provider-store.mjs b/bin/cli/provider-store.mjs new file mode 100644 index 0000000000..219861d45e --- /dev/null +++ b/bin/cli/provider-store.mjs @@ -0,0 +1,276 @@ +import { randomUUID } from "node:crypto"; +import { decryptCredential, encryptCredential } from "./encryption.mjs"; + +const REQUIRED_PROVIDER_COLUMNS = [ + ["auth_type", "TEXT"], + ["name", "TEXT"], + ["email", "TEXT"], + ["priority", "INTEGER DEFAULT 0"], + ["is_active", "INTEGER DEFAULT 1"], + ["access_token", "TEXT"], + ["refresh_token", "TEXT"], + ["expires_at", "TEXT"], + ["token_expires_at", "TEXT"], + ["scope", "TEXT"], + ["project_id", "TEXT"], + ["test_status", "TEXT"], + ["error_code", "TEXT"], + ["last_error", "TEXT"], + ["last_error_at", "TEXT"], + ["last_error_type", "TEXT"], + ["last_error_source", "TEXT"], + ["backoff_level", "INTEGER DEFAULT 0"], + ["rate_limited_until", "TEXT"], + ["health_check_interval", "INTEGER"], + ["last_health_check_at", "TEXT"], + ["last_tested", "TEXT"], + ["api_key", "TEXT"], + ["id_token", "TEXT"], + ["provider_specific_data", "TEXT"], + ["expires_in", "INTEGER"], + ["display_name", "TEXT"], + ["global_priority", "INTEGER"], + ["default_model", "TEXT"], + ["token_type", "TEXT"], + ["consecutive_use_count", "INTEGER DEFAULT 0"], + ["rate_limit_protection", "INTEGER DEFAULT 0"], + ["last_used_at", "TEXT"], + ['"group"', "TEXT"], + ["max_concurrent", "INTEGER"], + ["created_at", "TEXT"], + ["updated_at", "TEXT"], +]; + +function ensureProviderColumns(db) { + const existingColumns = new Set( + db + .prepare("PRAGMA table_info(provider_connections)") + .all() + .map((column) => column.name) + ); + + const missingColumns = REQUIRED_PROVIDER_COLUMNS.filter(([name]) => { + const normalizedName = name.replaceAll('"', ""); + return !existingColumns.has(normalizedName); + }); + + if (missingColumns.length === 0) return; + + db.transaction(() => { + for (const [name, type] of missingColumns) { + db.prepare(`ALTER TABLE provider_connections ADD COLUMN ${name} ${type}`).run(); + } + })(); +} + +export function ensureProviderSchema(db) { + db.prepare( + `CREATE TABLE IF NOT EXISTS provider_connections ( + id TEXT PRIMARY KEY, + provider TEXT NOT NULL, + auth_type TEXT, + name TEXT, + email TEXT, + priority INTEGER DEFAULT 0, + is_active INTEGER DEFAULT 1, + access_token TEXT, + refresh_token TEXT, + expires_at TEXT, + token_expires_at TEXT, + scope TEXT, + project_id TEXT, + test_status TEXT, + error_code TEXT, + last_error TEXT, + last_error_at TEXT, + last_error_type TEXT, + last_error_source TEXT, + backoff_level INTEGER DEFAULT 0, + rate_limited_until TEXT, + health_check_interval INTEGER, + last_health_check_at TEXT, + last_tested TEXT, + api_key TEXT, + id_token TEXT, + provider_specific_data TEXT, + expires_in INTEGER, + display_name TEXT, + global_priority INTEGER, + default_model TEXT, + token_type TEXT, + consecutive_use_count INTEGER DEFAULT 0, + rate_limit_protection INTEGER DEFAULT 0, + last_used_at TEXT, + "group" TEXT, + max_concurrent INTEGER, + created_at TEXT NOT NULL, + updated_at TEXT NOT NULL + )` + ).run(); + ensureProviderColumns(db); + db.prepare("CREATE INDEX IF NOT EXISTS idx_pc_provider ON provider_connections(provider)").run(); + db.prepare("CREATE INDEX IF NOT EXISTS idx_pc_active ON provider_connections(is_active)").run(); + db.prepare( + "CREATE INDEX IF NOT EXISTS idx_pc_priority ON provider_connections(provider, priority)" + ).run(); +} + +function nextPriority(db, provider) { + const row = db + .prepare("SELECT MAX(priority) as max_priority FROM provider_connections WHERE provider = ?") + .get(provider); + return Number(row?.max_priority || 0) + 1; +} + +function parseJsonObject(value) { + if (!value || typeof value !== "string") return undefined; + try { + const parsed = JSON.parse(value); + return parsed && typeof parsed === "object" ? parsed : null; + } catch { + return null; + } +} + +function rowToConnection(row) { + return { + id: row.id, + provider: row.provider, + authType: row.auth_type || "oauth", + name: row.name || row.display_name || row.email || row.provider, + email: row.email || null, + priority: row.priority || 0, + isActive: row.is_active !== 0, + apiKey: row.api_key || null, + accessToken: row.access_token || null, + refreshToken: row.refresh_token || null, + idToken: row.id_token || null, + providerSpecificData: parseJsonObject(row.provider_specific_data), + testStatus: row.test_status || "unknown", + defaultModel: row.default_model || null, + lastTested: row.last_tested || null, + lastError: row.last_error || null, + updatedAt: row.updated_at || null, + createdAt: row.created_at || null, + }; +} + +export function listProviderConnections(db) { + ensureProviderSchema(db); + return db + .prepare( + `SELECT * FROM provider_connections + ORDER BY provider ASC, priority ASC, updated_at DESC` + ) + .all() + .map(rowToConnection); +} + +export function findProviderConnection(db, selector) { + const normalized = String(selector || "") + .trim() + .toLowerCase(); + if (!normalized) return null; + + const connections = listProviderConnections(db); + return ( + connections.find((connection) => connection.id.toLowerCase() === normalized) || + connections.find((connection) => connection.id.toLowerCase().startsWith(normalized)) || + connections.find((connection) => String(connection.name || "").toLowerCase() === normalized) || + connections.find((connection) => connection.provider.toLowerCase() === normalized) || + null + ); +} + +export function getProviderApiKey(connection) { + if (connection.authType !== "apikey") { + throw new Error(`Connection ${connection.name} is not an API-key provider.`); + } + if (!connection.apiKey) { + throw new Error(`Connection ${connection.name} has no API key configured.`); + } + return decryptCredential(connection.apiKey); +} + +export function upsertApiKeyProviderConnection(db, input) { + ensureProviderSchema(db); + + const provider = input.provider; + const name = input.name || provider; + const now = new Date().toISOString(); + const existing = db + .prepare( + "SELECT id, priority FROM provider_connections WHERE provider = ? AND auth_type = 'apikey' AND name = ?" + ) + .get(provider, name); + + const connection = { + id: existing?.id || randomUUID(), + provider, + authType: "apikey", + name, + priority: existing?.priority || nextPriority(db, provider), + isActive: 1, + apiKey: encryptCredential(input.apiKey), + testStatus: input.testStatus || "unknown", + defaultModel: input.defaultModel || null, + providerSpecificData: input.providerSpecificData + ? JSON.stringify(input.providerSpecificData) + : null, + createdAt: input.createdAt || now, + updatedAt: now, + }; + + db.prepare( + `INSERT INTO provider_connections ( + id, provider, auth_type, name, priority, is_active, api_key, provider_specific_data, + test_status, default_model, created_at, updated_at + ) VALUES ( + @id, @provider, @authType, @name, @priority, @isActive, @apiKey, @providerSpecificData, + @testStatus, @defaultModel, @createdAt, @updatedAt + ) + ON CONFLICT(id) DO UPDATE SET + api_key = excluded.api_key, + provider_specific_data = excluded.provider_specific_data, + test_status = excluded.test_status, + default_model = excluded.default_model, + is_active = excluded.is_active, + updated_at = excluded.updated_at` + ).run(connection); + + return connection; +} + +export function updateProviderTestResult(db, connectionId, result) { + ensureProviderSchema(db); + const now = new Date().toISOString(); + const valid = result?.valid === true; + + db.prepare( + `UPDATE provider_connections SET + test_status = @testStatus, + last_error = @lastError, + last_error_at = @lastErrorAt, + last_error_type = @lastErrorType, + last_error_source = @lastErrorSource, + error_code = @errorCode, + last_tested = @lastTested, + updated_at = @updatedAt + WHERE id = @id` + ).run({ + id: connectionId, + testStatus: valid ? "active" : "error", + lastError: valid ? null : result?.error || "Provider test failed", + lastErrorAt: valid ? null : now, + lastErrorType: valid ? null : "connection_test_failed", + lastErrorSource: valid ? null : "upstream", + errorCode: valid ? null : result?.statusCode || null, + lastTested: now, + updatedAt: now, + }); + + return { + ...result, + testedAt: now, + }; +} diff --git a/bin/cli/provider-test.mjs b/bin/cli/provider-test.mjs new file mode 100644 index 0000000000..4ab68bcde0 --- /dev/null +++ b/bin/cli/provider-test.mjs @@ -0,0 +1,181 @@ +const DEFAULT_TIMEOUT_MS = 15000; + +const PROVIDER_TEST_CONFIGS = { + openai: { + format: "openai", + baseUrl: "https://api.openai.com/v1", + model: "gpt-4o-mini", + }, + openrouter: { + format: "openai", + baseUrl: "https://openrouter.ai/api/v1", + model: "openai/gpt-4o-mini", + }, + groq: { + format: "openai", + baseUrl: "https://api.groq.com/openai/v1", + model: "llama-3.1-8b-instant", + }, + mistral: { + format: "openai", + baseUrl: "https://api.mistral.ai/v1", + model: "mistral-small-latest", + }, + anthropic: { + format: "anthropic", + baseUrl: "https://api.anthropic.com/v1", + model: "claude-3-5-haiku-latest", + }, + google: { + format: "google", + baseUrl: "https://generativelanguage.googleapis.com/v1beta", + model: "gemini-1.5-flash", + }, +}; + +function joinUrl(baseUrl, suffix) { + return `${baseUrl.replace(/\/+$/, "")}/${suffix.replace(/^\/+/, "")}`; +} + +function providerEnvName(provider, suffix) { + const normalizedProvider = String(provider || "") + .toUpperCase() + .replace(/[^A-Z0-9]/g, "_"); + return `OMNIROUTE_PROVIDER_TEST_${normalizedProvider}_${suffix}`; +} + +function resolveTestModel(input, config) { + const providerOverride = process.env[providerEnvName(input.provider, "MODEL")]; + return ( + input.defaultModel || + providerOverride || + process.env.OMNIROUTE_PROVIDER_TEST_MODEL || + config.model + ); +} + +function resolveProviderConfig(input) { + const config = PROVIDER_TEST_CONFIGS[input.provider]; + if (!config) return null; + + return { + ...config, + baseUrl: input.baseUrl || config.baseUrl, + model: resolveTestModel(input, config), + }; +} + +async function fetchWithTimeout(url, init = {}, timeoutMs = DEFAULT_TIMEOUT_MS) { + const controller = new AbortController(); + const timeout = setTimeout(() => controller.abort(), timeoutMs); + + try { + return await fetch(url, { + ...init, + signal: controller.signal, + }); + } finally { + clearTimeout(timeout); + } +} + +function classifyResponse(response) { + if (response.ok) return { valid: true, error: null, statusCode: response.status }; + if (response.status === 401 || response.status === 403) { + return { valid: false, error: "Invalid API key", statusCode: response.status }; + } + if (response.status >= 500) { + return { + valid: false, + error: `Provider unavailable (${response.status})`, + statusCode: response.status, + }; + } + + return { valid: true, error: null, statusCode: response.status }; +} + +async function testOpenAILikeProvider(input, config) { + const headers = { + Authorization: `Bearer ${input.apiKey}`, + "Content-Type": "application/json", + }; + + const modelsRes = await fetchWithTimeout(joinUrl(config.baseUrl, "/models"), { + method: "GET", + headers, + }); + + if (modelsRes.ok || modelsRes.status === 401 || modelsRes.status === 403) { + return classifyResponse(modelsRes); + } + + const chatRes = await fetchWithTimeout(joinUrl(config.baseUrl, "/chat/completions"), { + method: "POST", + headers, + body: JSON.stringify({ + model: config.model, + messages: [{ role: "user", content: "test" }], + max_tokens: 1, + }), + }); + + return classifyResponse(chatRes); +} + +async function testAnthropicProvider(input, config) { + const response = await fetchWithTimeout(joinUrl(config.baseUrl, "/messages"), { + method: "POST", + headers: { + "x-api-key": input.apiKey, + "anthropic-version": "2023-06-01", + "Content-Type": "application/json", + }, + body: JSON.stringify({ + model: config.model, + messages: [{ role: "user", content: "test" }], + max_tokens: 1, + }), + }); + + return classifyResponse(response); +} + +async function testGoogleProvider(input, config) { + const url = new URL(joinUrl(config.baseUrl, "/models")); + url.searchParams.set("key", input.apiKey); + + const response = await fetchWithTimeout(url.toString(), { + method: "GET", + }); + + return classifyResponse(response); +} + +export async function testProviderApiKey(input) { + if (!input.apiKey) { + return { valid: false, error: "Missing API key", statusCode: null }; + } + + const config = resolveProviderConfig(input); + if (!config) { + return { valid: false, error: "Provider test not supported", unsupported: true }; + } + + try { + if (config.format === "openai") { + return await testOpenAILikeProvider(input, config); + } + if (config.format === "anthropic") { + return await testAnthropicProvider(input, config); + } + if (config.format === "google") { + return await testGoogleProvider(input, config); + } + + return { valid: false, error: "Provider test not supported", unsupported: true }; + } catch (error) { + const message = error instanceof Error ? error.message : String(error); + return { valid: false, error: message || "Provider test failed", statusCode: null }; + } +} diff --git a/bin/cli/settings-store.mjs b/bin/cli/settings-store.mjs new file mode 100644 index 0000000000..dc780d2046 --- /dev/null +++ b/bin/cli/settings-store.mjs @@ -0,0 +1,45 @@ +import bcrypt from "bcryptjs"; + +const MANAGEMENT_PASSWORD_SALT_ROUNDS = 12; + +export async function hashManagementPassword(password) { + return bcrypt.hash(password, MANAGEMENT_PASSWORD_SALT_ROUNDS); +} + +export function ensureSettingsSchema(db) { + db.prepare( + `CREATE TABLE IF NOT EXISTS key_value ( + namespace TEXT NOT NULL, + key TEXT NOT NULL, + value TEXT NOT NULL, + PRIMARY KEY (namespace, key) + )` + ).run(); +} + +export function updateSettings(db, updates) { + ensureSettingsSchema(db); + const insert = db.prepare( + "INSERT OR REPLACE INTO key_value (namespace, key, value) VALUES ('settings', ?, ?)" + ); + const tx = db.transaction(() => { + for (const [key, value] of Object.entries(updates)) { + insert.run(key, JSON.stringify(value)); + } + }); + tx(); +} + +export function getSettings(db) { + ensureSettingsSchema(db); + const rows = db.prepare("SELECT key, value FROM key_value WHERE namespace = 'settings'").all(); + const settings = {}; + for (const row of rows) { + try { + settings[row.key] = JSON.parse(row.value); + } catch { + settings[row.key] = row.value; + } + } + return settings; +} diff --git a/bin/cli/sqlite.mjs b/bin/cli/sqlite.mjs new file mode 100644 index 0000000000..cb7eaed351 --- /dev/null +++ b/bin/cli/sqlite.mjs @@ -0,0 +1,37 @@ +import fs from "node:fs"; +import { resolveDataDir, resolveStoragePath } from "./data-dir.mjs"; +import { ensureProviderSchema } from "./provider-store.mjs"; +import { ensureSettingsSchema } from "./settings-store.mjs"; + +export async function openOmniRouteDb() { + const dataDir = resolveDataDir(); + const dbPath = resolveStoragePath(dataDir); + fs.mkdirSync(dataDir, { recursive: true }); + + let Database; + try { + Database = (await import("better-sqlite3")).default; + } catch { + throw new Error("better-sqlite3 is not installed. Run npm install before using setup."); + } + + let db; + try { + db = new Database(dbPath); + } catch (error) { + const message = error instanceof Error ? error.message : String(error); + if (message.includes("NODE_MODULE_VERSION") || message.includes("ERR_DLOPEN_FAILED")) { + throw new Error( + "better-sqlite3 native binding is incompatible with this Node.js runtime. " + + "Run `npm rebuild better-sqlite3` in the OmniRoute project and try again." + ); + } + throw error; + } + + db.pragma("journal_mode = WAL"); + ensureSettingsSchema(db); + ensureProviderSchema(db); + + return { db, dataDir, dbPath }; +} diff --git a/bin/omniroute.mjs b/bin/omniroute.mjs index f0c5bcec44..8202818956 100644 --- a/bin/omniroute.mjs +++ b/bin/omniroute.mjs @@ -8,6 +8,10 @@ * omniroute --port 3000 Start on custom port * omniroute --no-open Start without opening browser * omniroute --mcp Start MCP server (stdio transport for IDEs) + * omniroute setup Interactive guided setup + * omniroute doctor Run local health checks + * omniroute providers available List supported providers + * omniroute providers list List configured providers * omniroute reset-encrypted-columns Reset broken encrypted credentials * omniroute --help Show help * omniroute --version Show version @@ -44,6 +48,7 @@ function loadEnvFile() { } envPaths.push(join(process.cwd(), ".env")); + envPaths.push(join(ROOT, ".env")); for (const envPath of envPaths) { try { @@ -73,6 +78,19 @@ function loadEnvFile() { loadEnvFile(); const args = process.argv.slice(2); +const command = args[0]; +const CLI_COMMANDS = new Set(["doctor", "providers", "setup"]); + +if (CLI_COMMANDS.has(command)) { + try { + const { runCliCommand } = await import(pathToFileURL(join(ROOT, "bin", "cli", "index.mjs")).href); + const exitCode = await runCliCommand(command, args.slice(1), { rootDir: ROOT }); + process.exit(exitCode ?? 0); + } catch (err) { + console.error("\x1b[31m✖ CLI command failed:\x1b[0m", err.message || err); + process.exit(1); + } +} if (args.includes("--help") || args.includes("-h")) { console.log(` @@ -80,6 +98,10 @@ if (args.includes("--help") || args.includes("-h")) { \x1b[1mUsage:\x1b[0m omniroute Start the server + omniroute setup Interactive guided setup + omniroute doctor Run local health checks + omniroute providers available List supported providers + omniroute providers list List configured providers omniroute --port Use custom API port (default: 20128) omniroute --no-open Don't open browser automatically omniroute --mcp Start MCP server (stdio transport for IDEs) @@ -98,6 +120,25 @@ if (args.includes("--help") || args.includes("-h")) { Loads .env from: ~/.omniroute/.env or ./.env Memory limit: OMNIROUTE_MEMORY_MB (default: 512) + \x1b[1mSetup:\x1b[0m + omniroute setup --password + omniroute setup --add-provider --provider openai --api-key + omniroute setup --non-interactive + + \x1b[1mDoctor:\x1b[0m + omniroute doctor + omniroute doctor --json + omniroute doctor --no-liveness + + \x1b[1mProviders:\x1b[0m + omniroute providers available + omniroute providers available --search openai + omniroute providers available --category api-key + omniroute providers list + omniroute providers test + omniroute providers test-all + omniroute providers validate + \x1b[1mAfter starting:\x1b[0m Dashboard: http://localhost: API: http://localhost:/v1 diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index cb86dc5706..7f58e614b0 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -12,8 +12,25 @@ # ────────────────────────────────────────────────────────────────────── services: + # ── Redis (Rate Limiter Backend) ────────────────────────────────── + redis: + image: redis:8.6.2 + container_name: omniroute-redis-prod + restart: unless-stopped + volumes: + - redis-prod-data:/data + command: redis-server --save 60 1 --loglevel warning + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 10s + timeout: 5s + retries: 3 + omniroute-prod: container_name: omniroute-prod + depends_on: + redis: + condition: service_healthy build: context: . target: runner-cli @@ -44,3 +61,5 @@ services: volumes: omniroute-prod-data: name: omniroute-prod-data + redis-prod-data: + name: redis-prod-data diff --git a/docker-compose.yml b/docker-compose.yml index 7e24dbce84..8c53d290c5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,6 +28,7 @@ x-common: &common - DASHBOARD_PORT=${DASHBOARD_PORT:-${PORT:-20128}} - API_PORT=${API_PORT:-20129} - API_HOST=${API_HOST:-0.0.0.0} + - REDIS_URL=${REDIS_URL:-redis://redis:6379} volumes: - ./data:/app/data healthcheck: @@ -38,6 +39,22 @@ x-common: &common start_period: 15s services: + # ── Redis (Rate Limiter Backend) ────────────────────────────────── + redis: + image: redis:8.6.2 + container_name: omniroute-redis + restart: unless-stopped + ports: + - "${REDIS_PORT:-6379}:6379" + volumes: + - redis-data:/data + command: redis-server --save 60 1 --loglevel warning + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 10s + timeout: 5s + retries: 3 + # ── Profile: base (minimal, no CLI tools) ────────────────────────── omniroute-base: <<: *common @@ -138,3 +155,5 @@ services: volumes: cliproxyapi-data: name: cliproxyapi-data + redis-data: + name: omniroute-redis-data diff --git a/docs/API_REFERENCE.md b/docs/API_REFERENCE.md index dfec7d1198..ea93b8c320 100644 --- a/docs/API_REFERENCE.md +++ b/docs/API_REFERENCE.md @@ -85,13 +85,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/CLI-TOOLS.md b/docs/CLI-TOOLS.md index f263563759..ad17ee2a89 100644 --- a/docs/CLI-TOOLS.md +++ b/docs/CLI-TOOLS.md @@ -347,7 +347,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/RFC-AUTO-ASSESSMENT.md b/docs/RFC-AUTO-ASSESSMENT.md index 3d9558aeae..604fb9501d 100644 --- a/docs/RFC-AUTO-ASSESSMENT.md +++ b/docs/RFC-AUTO-ASSESSMENT.md @@ -29,11 +29,11 @@ While configuring omniroute for production use, we discovered: ``` User adds providers → Manually creates combos → Manually assigns models → ??? - ↓ - Some models work, - some return errors, - some timeout... - BUT routing doesn't know! + ↓ + Some models work, + some return errors, + some timeout... + BUT routing doesn't know! ``` ### Proposed flow (self-healing) @@ -55,43 +55,43 @@ User adds providers → Auto-Assessment runs → Working models discovered ### New Components ``` -┌─────────────────────────────────────────────────────────┐ -│ Auto-Assessment Engine │ -├─────────────────────────────────────────────────────────┤ -│ │ +┌────────────────────────────────────────────────────────┐ +│ Auto-Assessment Engine │ +├────────────────────────────────────────────────────────┤ +│ │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ Assessor │ │ Categorizer │ │ Self-Healer │ │ │ │ │ │ │ │ │ │ -│ │ • Probe all │ │ • Classify │ │ • Remove │ │ +│ │ • Probe all │ │ • Classify │ │ • Remove │ │ │ │ models │ │ models by │ │ dead │ │ -│ │ • Measure │ │ capability │ │ models │ │ -│ │ latency │ │ • Assign │ │ • Promote │ │ +│ │ • Measure │ │ capability │ │ models │ │ +│ │ latency │ │ • Assign │ │ • Promote │ │ │ │ • Track │ │ tier tags │ │ working │ │ -│ │ success │ │ • Build │ │ models │ │ +│ │ success │ │ • Build │ │ models │ │ │ │ rates │ │ fitness │ │ • Re-weight │ │ -│ │ │ │ scores │ │ combos │ │ +│ │ │ │ scores │ │ combos │ │ │ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │ -│ │ │ │ │ -│ ▼ ▼ ▼ │ +│ │ │ │ │ +│ ▼ ▼ ▼ │ │ ┌──────────────────────────────────────────────────┐ │ -│ │ Assessment Database │ │ -│ │ │ │ -│ │ model_assessments: │ │ -│ │ model_id | provider | status | latency_p50 │ │ +│ │ Assessment Database │ │ +│ │ │ │ +│ │ model_assessments: │ │ +│ │ model_id | provider | status | latency_p50 │ │ │ │ latency_p95 | success_rate | last_tested │ │ -│ │ error_type | tier | categories[] | fitness │ │ -│ │ context_window | output_tokens | vision | tbc │ │ -│ │ │ │ -│ │ assessment_runs: │ │ -│ │ run_id | started_at | completed_at │ │ -│ │ models_tested | models_passed | models_failed │ │ -│ │ │ │ -│ │ combo_health: │ │ -│ │ combo_id | healthy_models | dead_models │ │ -│ │ last_auto_fix | auto_fix_count │ │ +│ │ error_type | tier | categories[] | fitness │ │ +│ │ context_window | output_tokens | vision | tbc │ │ +│ │ │ │ +│ │ assessment_runs: │ │ +│ │ run_id | started_at | completed_at │ │ +│ │ models_tested | models_passed | models_failed │ │ +│ │ │ │ +│ │ combo_health: │ │ +│ │ combo_id | healthy_models | dead_models │ │ +│ │ last_auto_fix | auto_fix_count │ │ │ └──────────────────────────────────────────────────┘ │ -│ │ -└──────────────────────────────┬──────────────────────────┘ +│ │ +└──────────────────────────────┬─────────────────────────┘ │ ▼ Existing combo system (weighted-fallback, priority, etc.) diff --git a/docs/SETUP_GUIDE.md b/docs/SETUP_GUIDE.md index 26c332a5ab..b4f20d7213 100644 --- a/docs/SETUP_GUIDE.md +++ b/docs/SETUP_GUIDE.md @@ -61,11 +61,42 @@ See the [Docker Guide](DOCKER_GUIDE.md) for complete Docker setup including Comp | Command | Description | | ----------------------- | ----------------------------------------------------------- | | `omniroute` | Start server (`PORT=20128`, API and dashboard on same port) | +| `omniroute setup` | Guided CLI onboarding for password and first provider | +| `omniroute doctor` | Run local health checks without starting the server | +| `omniroute providers` | Discover, list, validate, and test providers from CLI | | `omniroute --port 3000` | Set canonical/API port to 3000 | | `omniroute --mcp` | Start MCP server (stdio transport) | | `omniroute --no-open` | Don't auto-open browser | | `omniroute --help` | Show help | +Headless setup can be scripted with flags or environment variables: + +```bash +omniroute setup --non-interactive --password "$OMNIROUTE_PASSWORD" +omniroute setup --non-interactive --add-provider --provider openai --api-key "$OPENAI_API_KEY" +omniroute setup --non-interactive --add-provider --provider openai --api-key "$OPENAI_API_KEY" --test-provider +``` + +Run local diagnostics without opening the dashboard: + +```bash +omniroute doctor +omniroute doctor --json +omniroute doctor --no-liveness +``` + +Manage providers from SSH or scripts without opening the dashboard: + +```bash +omniroute providers available +omniroute providers available --search openai +omniroute providers available --category api-key +omniroute providers list +omniroute providers test +omniroute providers test-all +omniroute providers validate +``` + --- ## CLI Tool Configuration diff --git a/docs/USER_GUIDE.md b/docs/USER_GUIDE.md index e1c3348a8b..3a24e323c7 100644 --- a/docs/USER_GUIDE.md +++ b/docs/USER_GUIDE.md @@ -85,7 +85,7 @@ Quality: Production-ready models ``` Combo: "always-on" 1. cc/claude-opus-4-7 (best quality) - 2. cx/gpt-5.2-codex (second subscription) + 2. cx/gpt-5.5 (second subscription) 3. glm/glm-4.7 (cheap, resets daily) 4. minimax/MiniMax-M2.1 (cheapest, 5h reset) 5. if/kimi-k2-thinking (free unlimited) @@ -123,7 +123,7 @@ Dashboard → Providers → Connect Claude Code Models: cc/claude-opus-4-7 - cc/claude-sonnet-4-5-20250929 + cc/claude-sonnet-4-6 cc/claude-haiku-4-5-20251001 ``` @@ -137,8 +137,8 @@ Dashboard → Providers → Connect Codex → 5-hour + weekly reset Models: - cx/gpt-5.2-codex - cx/gpt-5.1-codex-max + cx/gpt-5-5 + cx/gpt-5-3-codex-spark ``` #### Gemini CLI (FREE 180K/month!) @@ -149,8 +149,8 @@ Dashboard → Providers → Connect Gemini CLI → 180K completions/month + 1K/day Models: - gc/gemini-3-flash-preview - gc/gemini-2.5-pro + gc/gemini-3-flash + gc/gemini-3.1-flash-lite-preview ``` **Best Value:** Huge free tier! Use this before paid tiers. @@ -163,8 +163,8 @@ Dashboard → Providers → Connect GitHub → Monthly reset (1st of month) Models: - gh/gpt-5 - gh/claude-4.5-sonnet + gh/gpt-5.4 + gh/claude-4.6-sonnet gh/gemini-3.1-pro-preview ``` @@ -172,7 +172,7 @@ Models: #### GLM-4.7 (Daily reset, $0.6/1M) -1. Sign up: [Zhipu AI](https://open.bigmodel.cn/) +1. Sign up: [Zhipu AI](https://open.bigmodel.cn) 2. Get API key from Coding Plan 3. Dashboard → Add API Key: Provider: `glm`, API Key: `your-key` @@ -180,24 +180,24 @@ Models: #### MiniMax M2.1 (5h reset, $0.20/1M) -1. Sign up: [MiniMax](https://www.minimax.io/) +1. Sign up: [MiniMax](https://www.minimax.io) 2. Get API key → Dashboard → Add API Key **Use:** `minimax/MiniMax-M2.1` — **Pro Tip:** Cheapest option for long context (1M tokens)! #### Kimi K2 ($9/month flat) -1. Subscribe: [Moonshot AI](https://platform.moonshot.ai/) +1. Subscribe: [Moonshot AI](https://platform.moonshot.ai) 2. Get API key → Dashboard → Add API Key -**Use:** `kimi/kimi-latest` — **Pro Tip:** Fixed $9/month for 10M tokens = $0.90/1M effective cost! +**Use:** `kimi/kimi-k2.5` — **Pro Tip:** Fixed $9/month for 10M tokens = $0.90/1M effective cost! #### Baidu Qianfan / ERNIE 1. Sign up: [Baidu AI Cloud Qianfan](https://cloud.baidu.com/product/wenxinworkshop) 2. Create a Qianfan API key → Dashboard → Add API Key: Provider: `qianfan` -**Use:** `qianfan/ernie-4.5-turbo-128k`, `qianfan/ernie-x1-turbo-32k`, or another Qianfan OpenAI-compatible model ID. +**Use:** `qianfan/ernie-5.1`, `qianfan/ernie-x1.1`, or another Qianfan OpenAI-compatible model ID. ### 🆓 FREE Providers @@ -209,14 +209,6 @@ Dashboard → Connect Qoder → OAuth login → Unlimited usage Models: if/kimi-k2-thinking, if/qwen3-coder-plus, if/glm-4.7, if/minimax-m2, if/deepseek-r1 ``` -#### Qwen (3 FREE models) - -```bash -Dashboard → Connect Qwen → Device code auth → Unlimited usage - -Models: qw/qwen3-coder-plus, qw/qwen3-coder-flash -``` - #### Kiro (Claude FREE) ```bash @@ -240,7 +232,7 @@ Name: premium-coding Models: 1. cc/claude-opus-4-7 (Subscription primary) 2. glm/glm-4.7 (Cheap backup, $0.6/1M) - 3. minimax/MiniMax-M2.1 (Cheapest fallback, $0.20/1M) + 3. minimax/MiniMax-M2.7 (Cheapest fallback, $0.3/1M) Use in CLI: premium-coding ``` @@ -535,7 +527,7 @@ post_install() { | Variable | Default | Description | | --------------------------------------- | ------------------------------------ | --------------------------------------------------------------------------------------------------------- | | `JWT_SECRET` | `omniroute-default-secret-change-me` | JWT signing secret (**change in production**) | -| `INITIAL_PASSWORD` | `123456` | First login password | +| `INITIAL_PASSWORD` | `CHANGEME` | First login password | | `DATA_DIR` | `~/.omniroute` | Data directory (db, usage, logs) | | `PORT` | framework default | Service port (`20128` in examples) | | `HOSTNAME` | framework default | Bind host (Docker defaults to `0.0.0.0`) | @@ -564,45 +556,45 @@ For the full environment variable reference, see the [README](../README.md).
View all available models -**Claude Code (`cc/`)** — Pro/Max: `cc/claude-opus-4-7`, `cc/claude-sonnet-4-5-20250929`, `cc/claude-haiku-4-5-20251001` +**Claude Code (`cc/`)** — Pro/Max: `cc/claude-opus-4-7`, `cc/claude-sonnet-4-6`, `cc/claude-haiku-4-5-20251001` -**Codex (`cx/`)** — Plus/Pro: `cx/gpt-5.2-codex`, `cx/gpt-5.1-codex-max` +**Codex (`cx/`)** — Plus/Pro: `cx/gpt-5.5`, `cx/gpt-5.4`, `cx/gpt-5.3-codex-spark`, `cx/gpt-5.3-codex` -**Gemini CLI (`gc/`)** — FREE: `gc/gemini-3-flash-preview`, `gc/gemini-2.5-pro` +**Gemini CLI (`gc/`)** — FREE: `gc/gemini-3-flash-preview`, `gc/gemini-3.1-flash-lite-preview` -**GitHub Copilot (`gh/`)**: `gh/gpt-5`, `gh/claude-4.5-sonnet` +**GitHub Copilot (`gh/`)**: `gh/gpt-5-5`, `gh/gpt-5-4`, `gh/claude-opus-4.7`, `gh/claude-sonnet-4.6`, `gh/claude-haiku-4.5` -**GLM (`glm/`)** — $0.6/1M: `glm/glm-4.7` +**GLM (`glm/`)** — $0.6/1M: `glm/glm-5.1` -**MiniMax (`minimax/`)** — $0.2/1M: `minimax/MiniMax-M2.1` +**MiniMax (`minimax/`)** — $0.2/1M: `minimax/MiniMax-M2.7`, `minimax/MiniMax-M2.5` **Qoder (`if/`)** — FREE: `if/kimi-k2-thinking`, `if/qwen3-coder-plus`, `if/deepseek-r1` -**Qwen (`qw/`)** — FREE: `qw/qwen3-coder-plus`, `qw/qwen3-coder-flash` +**Qwen (`qw/`)**: `qw/qwen3-coder-plus`, `qw/qwen3-coder-flash` **Kiro (`kr/`)** — FREE: `kr/claude-sonnet-4.5`, `kr/claude-haiku-4.5` -**DeepSeek (`ds/`)**: `ds/deepseek-chat`, `ds/deepseek-reasoner` +**DeepSeek (`ds/`)**: `ds/deepseek-v4-pro`, `ds/deepseek-v4-flash` **Groq (`groq/`)**: `groq/llama-3.3-70b-versatile`, `groq/llama-4-maverick-17b-128e-instruct` -**xAI (`xai/`)**: `xai/grok-4`, `xai/grok-4-0709-fast-reasoning`, `xai/grok-code-mini` +**xAI (`xai/`)**: `xai/grok-4.3`, `xai/grok-4.20-0309-reasoning`, `xai/grok-4.20-0309-non-reasoning` -**Mistral (`mistral/`)**: `mistral/mistral-large-2501`, `mistral/codestral-2501` +**Mistral (`mistral/`)**: `mistral/mistral-large-latest`, `mistral/mistral-medium-3-5`, `mistral/mistral-small-latest`, `mistral/devstral-latest`, `mistral/codestral-latest` -**Perplexity (`pplx/`)**: `pplx/sonar-pro`, `pplx/sonar` +**Perplexity (`pplx/`)**: `pplx/sonar-deep-research`, `pplx/sonar-reasoning-pro`, `pplx/sonar-pro`, `pplx/sonar` **Together AI (`together/`)**: `together/meta-llama/Llama-3.3-70B-Instruct-Turbo` **Fireworks AI (`fireworks/`)**: `fireworks/accounts/fireworks/models/deepseek-v3p1` -**Cerebras (`cerebras/`)**: `cerebras/llama-3.3-70b` +**Cerebras (`cerebras/`)**: `cerebras/zai-glm-4.7`, `cerebras/gpt-oss-120b` **Cohere (`cohere/`)**: `cohere/command-r-plus-08-2024` **NVIDIA NIM (`nvidia/`)**: `nvidia/nvidia/llama-3.3-70b-instruct` -**Baidu Qianfan (`qianfan/`)**: `qianfan/ernie-4.5-turbo-128k`, `qianfan/ernie-x1-turbo-32k` +**Baidu Qianfan (`qianfan/`)**: `qianfan/ernie-5.1`, `qianfan/ernie-5.0-thinking-latest`, `qianfan/ernie-x1.1`
@@ -618,10 +610,10 @@ Add any model ID to any provider without waiting for an app update: # Via API curl -X POST http://localhost:20128/api/provider-models \ -H "Content-Type: application/json" \ - -d '{"provider": "openai", "modelId": "gpt-4.5-preview", "modelName": "GPT-4.5 Preview"}' + -d '{"provider": "openai", "modelId": "gpt-5.2", "modelName": "GPT-5.2"}' # List: curl http://localhost:20128/api/provider-models?provider=openai -# Remove: curl -X DELETE "http://localhost:20128/api/provider-models?provider=openai&model=gpt-4.5-preview" +# Remove: curl -X DELETE "http://localhost:20128/api/provider-models?provider=openai&model=gpt-5.2" ``` Or use Dashboard: **Providers → [Provider] → Custom Models**. @@ -748,8 +740,8 @@ underscores_in_headers on; Create wildcard patterns to remap model names: ``` -Pattern: claude-sonnet-* → Target: cc/claude-sonnet-4-5-20250929 -Pattern: gpt-* → Target: gh/gpt-5.1-codex +Pattern: claude-sonnet-* → Target: cc/claude-sonnet-4-6 +Pattern: gpt-* → Target: gh/gpt-5.3-codex ``` Wildcards support `*` (any characters) and `?` (single character). @@ -761,7 +753,7 @@ Define global fallback chains that apply across all requests: ``` Chain: production-fallback 1. cc/claude-opus-4-7 - 2. gh/gpt-5.1-codex + 2. gh/gpt-5.3-codex 3. glm/glm-4.7 ``` diff --git a/docs/i18n/ar/CHANGELOG.md b/docs/i18n/ar/CHANGELOG.md index b44a7d0b90..a5a4011886 100644 --- a/docs/i18n/ar/CHANGELOG.md +++ b/docs/i18n/ar/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### الأمان +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### التوثيق +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### التوثيق +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### الأمان +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### الأمان +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### التوثيق +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### الأمان +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### التوثيق +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### الأمان +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### الميزات +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### الأمان +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### الميزات +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### الميزات +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### الأمان +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### الأمان +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### التوثيق +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### التوثيق +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### الميزات +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### الميزات +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### الميزات +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### الأمان +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### الميزات +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### الميزات +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### الميزات +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### الميزات +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### الميزات +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### الميزات +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### الميزات +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### الميزات +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### الأمان +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### الميزات +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### الميزات +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### الميزات +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### الميزات +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### الميزات +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### الميزات +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### التوثيق +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### الميزات +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/ar/README.md b/docs/i18n/ar/README.md index 2211b7667c..2979af725a 100644 --- a/docs/i18n/ar/README.md +++ b/docs/i18n/ar/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/ar/docs/API_REFERENCE.md b/docs/i18n/ar/docs/API_REFERENCE.md index 320afc5eca..51d641c5a8 100644 --- a/docs/i18n/ar/docs/API_REFERENCE.md +++ b/docs/i18n/ar/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/ar/docs/CLI-TOOLS.md b/docs/i18n/ar/docs/CLI-TOOLS.md index ca9419ab68..d8af95bac9 100644 --- a/docs/i18n/ar/docs/CLI-TOOLS.md +++ b/docs/i18n/ar/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/ar/llm.txt b/docs/i18n/ar/llm.txt index e9a26be0e3..1821dc6b05 100644 --- a/docs/i18n/ar/llm.txt +++ b/docs/i18n/ar/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (العربية) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## نظرة عامة +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### الأمان +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/bg/CHANGELOG.md b/docs/i18n/bg/CHANGELOG.md index 60afd17be3..733161f130 100644 --- a/docs/i18n/bg/CHANGELOG.md +++ b/docs/i18n/bg/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Сигурност +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Документация +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Документация +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Сигурност +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Сигурност +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Документация +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Сигурност +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Документация +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Сигурност +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Функции +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Сигурност +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Функции +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Функции +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Сигурност +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Сигурност +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Документация +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Документация +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Функции +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Функции +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Функции +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Сигурност +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Функции +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Функции +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Функции +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Функции +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Функции +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Функции +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Функции +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Функции +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Сигурност +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Функции +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Функции +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Функции +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Функции +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Функции +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Функции +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Документация +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Функции +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/bg/README.md b/docs/i18n/bg/README.md index a0a3ef15ea..e8812921d9 100644 --- a/docs/i18n/bg/README.md +++ b/docs/i18n/bg/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/bg/docs/API_REFERENCE.md b/docs/i18n/bg/docs/API_REFERENCE.md index 30cdf41bad..2b0049efc4 100644 --- a/docs/i18n/bg/docs/API_REFERENCE.md +++ b/docs/i18n/bg/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/bg/docs/CLI-TOOLS.md b/docs/i18n/bg/docs/CLI-TOOLS.md index 4bc221e5ea..b81828ce0f 100644 --- a/docs/i18n/bg/docs/CLI-TOOLS.md +++ b/docs/i18n/bg/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/bg/llm.txt b/docs/i18n/bg/llm.txt index fe9a151253..b8d82e19d9 100644 --- a/docs/i18n/bg/llm.txt +++ b/docs/i18n/bg/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (Български) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## Преглед +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### Сигурност +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/bn/CHANGELOG.md b/docs/i18n/bn/CHANGELOG.md index 19b1510b9a..dabaada362 100644 --- a/docs/i18n/bn/CHANGELOG.md +++ b/docs/i18n/bn/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Seguridad +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Documentación +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Documentación +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Seguridad +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Seguridad +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Documentación +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Seguridad +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Documentación +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Seguridad +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Funcionalidades +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Seguridad +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Funcionalidades +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Funcionalidades +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Seguridad +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Seguridad +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Documentación +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Documentación +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Funcionalidades +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Funcionalidades +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Funcionalidades +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Seguridad +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Funcionalidades +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Funcionalidades +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Funcionalidades +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Funcionalidades +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Funcionalidades +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Funcionalidades +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Funcionalidades +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Funcionalidades +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Seguridad +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Funcionalidades +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Funcionalidades +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Funcionalidades +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Funcionalidades +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Funcionalidades +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Funcionalidades +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Documentación +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Funcionalidades +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/bn/README.md b/docs/i18n/bn/README.md index 1a470699f2..bc77d9bbcf 100644 --- a/docs/i18n/bn/README.md +++ b/docs/i18n/bn/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/bn/docs/API_REFERENCE.md b/docs/i18n/bn/docs/API_REFERENCE.md index 7542b430db..e2b4973621 100644 --- a/docs/i18n/bn/docs/API_REFERENCE.md +++ b/docs/i18n/bn/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/bn/docs/CLI-TOOLS.md b/docs/i18n/bn/docs/CLI-TOOLS.md index a95075adcc..9ad3071a37 100644 --- a/docs/i18n/bn/docs/CLI-TOOLS.md +++ b/docs/i18n/bn/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/bn/llm.txt b/docs/i18n/bn/llm.txt new file mode 100644 index 0000000000..c6c2ed17f2 --- /dev/null +++ b/docs/i18n/bn/llm.txt @@ -0,0 +1,477 @@ +# OmniRoute (বাংলা) + +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) + +--- + +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. + +## Overview + +OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. + +**Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. + +**Current version:** 3.8.0 + +## Tech Stack + +- **Runtime:** Node.js >= 18 < 24, ES Modules (`"type": "module"`) +- **Framework:** Next.js 16 (App Router) with TypeScript 5.9 +- **Database:** SQLite via better-sqlite3 (local, zero-config, 16 migrations) +- **State management:** Zustand (client), SQLite (server persistence) +- **UI:** React 19, Tailwind CSS 4, Recharts for analytics, @lobehub/icons for 130+ provider SVG icons +- **Auth:** OAuth 2.0 (PKCE) for providers, bcrypt for local user auth +- **Schemas:** Zod v4 for all API / MCP input validation +- **Background jobs:** Custom token health check scheduler, 24h model auto-sync +- **Streaming:** Server-Sent Events (SSE) for real-time proxy responses +- **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine +- **i18n:** next-intl with 40+ languages +- **Desktop:** Electron (cross-platform: Windows, macOS, Linux) +- **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) + +## Project Structure + +``` +/ +├── src/ # Main application source +│ ├── app/ # Next.js App Router pages and API routes +│ │ ├── (dashboard)/ # Dashboard UI pages +│ │ │ └── dashboard/ +│ │ │ ├── agents/ # ACP Agents dashboard (CLI agent detection + custom agents) +│ │ │ ├── analytics/ # Usage analytics and charts +│ │ │ ├── api-manager/ # API key management +│ │ │ ├── audit/ # Audit logs +│ │ │ ├── auto-combo/ # Auto-combo engine dashboard +│ │ │ ├── cache/ # Cache dashboard (semantic cache stats) +│ │ │ ├── cli-tools/ # CLI tool configuration (Claude Code, Codex, Gemini CLI, etc.) +│ │ │ ├── combos/ # Model combo management (13 strategies + 4 templates) +│ │ │ ├── costs/ # Cost tracking per provider/model +│ │ │ ├── endpoint/ # Unified: Endpoint Proxy, MCP, A2A, API Endpoints tabs +│ │ │ ├── health/ # System health (uptime, circuit breakers, latency) +│ │ │ ├── limits/ # Rate limits dashboard +│ │ │ ├── logs/ # Request, Proxy, Audit, Console logs (tabbed) +│ │ │ ├── media/ # Image/video/music generation + transcription +│ │ │ ├── memory/ # Memory system dashboard +│ │ │ ├── onboarding/ # Onboarding wizard +│ │ │ ├── playground/ # Model playground (Monaco editor, streaming) +│ │ │ ├── providers/ # Provider management (OAuth + API key + free) +│ │ │ ├── search-tools/ # Search tools configuration +│ │ │ ├── settings/ # Settings tabs (General, Appearance, Security, Routing, Resilience, Advanced) +│ │ │ ├── skills/ # Skills system dashboard +│ │ │ ├── translator/ # Format translator + debug tools +│ │ │ └── usage/ # Usage history +│ │ ├── api/ # REST API endpoints (51 route directories) +│ │ │ ├── v1/ # OpenAI-compatible API (chat, completions, models, embeddings, +│ │ │ │ # images, audio, videos, music, moderations, rerank, search, +│ │ │ │ # responses, messages, registered-keys, quotas, accounts) +│ │ │ ├── v1beta/ # Gemini-compatible API +│ │ │ ├── a2a/ # A2A agent management API +│ │ │ ├── acp/ # ACP agent management API +│ │ │ ├── oauth/ # OAuth flows per provider +│ │ │ ├── providers/ # Provider CRUD and batch testing +│ │ │ ├── models/ # Dashboard model listing and aliases +│ │ │ ├── combos/ # Combo CRUD (multi-model fallback chains) +│ │ │ ├── memory/ # Memory system API +│ │ │ ├── skills/ # Skills system API +│ │ │ ├── evals/ # Eval runner API +│ │ │ ├── mcp/ # MCP HTTP transport API +│ │ │ ├── search/ # Search provider API +│ │ │ ├── webhooks/ # Webhook management +│ │ │ ├── tunnels/ # Cloudflare tunnel management +│ │ │ └── ... # Other endpoints (usage, logs, health, settings, pricing, etc.) +│ │ ├── landing/ # Landing page +│ │ ├── login/ # Login page +│ │ ├── forgot-password/ # Password recovery +│ │ ├── status/ # Status page +│ │ └── docs/ # In-app documentation +│ ├── domain/ # Domain types and policy engine +│ │ ├── policyEngine.ts # Central policy engine +│ │ ├── comboResolver.ts # Combo resolution logic +│ │ ├── costRules.ts # Cost calculation rules +│ │ ├── degradation.ts # Graceful degradation +│ │ ├── fallbackPolicy.ts # Fallback behavior +│ │ ├── lockoutPolicy.ts # Account lockout logic +│ │ ├── modelAvailability.ts # Model availability checks +│ │ ├── providerExpiration.ts # Provider credential expiration +│ │ ├── quotaCache.ts # Quota caching layer +│ │ ├── configAudit.ts # Configuration auditing +│ │ └── responses.ts # Domain response types +│ ├── i18n/ # Internationalization +│ │ └── messages/ # 40+ language JSON files +│ ├── lib/ # Core libraries +│ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server +│ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) +│ │ │ ├── taskManager.ts # Task lifecycle with TTL cleanup +│ │ │ └── streaming.ts # SSE streaming for A2A +│ │ ├── acp/ # Agent Communication Protocol registry and manager +│ │ ├── compliance/ # Compliance policy engine +│ │ ├── db/ # SQLite database layer (21 modules + migrations) +│ │ │ ├── core.ts # Database initialization, connection, schema +│ │ │ ├── providers.ts # Provider connection CRUD +│ │ │ ├── models.ts # Model catalog management +│ │ │ ├── combos.ts # Combo configuration +│ │ │ ├── apiKeys.ts # API key management +│ │ │ ├── settings.ts # Settings persistence +│ │ │ ├── backup.ts # Database backup/restore +│ │ │ ├── proxies.ts # Proxy registry +│ │ │ ├── prompts.ts # Prompt templates +│ │ │ ├── webhooks.ts # Webhook subscriptions +│ │ │ ├── detailedLogs.ts # Detailed request logging +│ │ │ ├── domainState.ts # Domain state persistence +│ │ │ ├── registeredKeys.ts # Registered API keys with quotas +│ │ │ ├── quotaSnapshots.ts # Quota snapshot history +│ │ │ ├── modelComboMappings.ts # Model-to-combo mappings +│ │ │ ├── cliToolState.ts # CLI tool state tracking +│ │ │ ├── encryption.ts # Data encryption +│ │ │ ├── readCache.ts # Read-through cache layer +│ │ │ ├── secrets.ts # Secrets management +│ │ │ ├── stateReset.ts # State reset utilities +│ │ │ ├── migrationRunner.ts # Schema migration runner +│ │ │ └── migrations/ # 16 SQL migration files +│ │ ├── evals/ # Eval runner and scheduler +│ │ ├── memory/ # Persistent conversational memory +│ │ │ ├── extraction.ts # Memory extraction from conversations +│ │ │ ├── injection.ts # Memory injection into context +│ │ │ ├── retrieval.ts # Memory retrieval/search +│ │ │ ├── store.ts # Memory persistence layer +│ │ │ └── summarization.ts # Memory summarization +│ │ ├── oauth/ # OAuth providers, services, and utilities +│ │ │ ├── constants/ # Default OAuth credentials (overridable via env) +│ │ │ ├── providers/ # Provider-specific OAuth configs +│ │ │ ├── services/ # Provider-specific token exchange logic +│ │ │ └── utils/ # PKCE, callback server, token helpers +│ │ ├── plugins/ # Plugin system +│ │ ├── skills/ # Extensible skill framework +│ │ │ ├── registry.ts # Skill registration +│ │ │ ├── executor.ts # Skill execution engine +│ │ │ ├── sandbox.ts # Skill sandbox environment +│ │ │ ├── builtin/ # Built-in skills +│ │ │ ├── interception.ts # Skill request interception +│ │ │ └── injection.ts # Skill context injection +│ │ ├── usage/ # Usage tracking system +│ │ │ ├── callLogs.ts # Call log persistence +│ │ │ ├── costCalculator.ts # Cost calculation engine +│ │ │ └── usageHistory.ts # Usage history queries +│ │ ├── cloudSync.ts # Cloud sync via Cloudflare Workers +│ │ ├── cloudflaredTunnel.ts # Cloudflare tunnel management +│ │ ├── pricingSync.ts # LiteLLM pricing data sync +│ │ ├── semanticCache.ts # Semantic caching layer +│ │ ├── tokenHealthCheck.ts # Background OAuth token refresh scheduler +│ │ ├── webhookDispatcher.ts # Webhook event dispatcher +│ │ └── localDb.ts # Unified re-export layer for all DB modules +│ ├── middleware/ # Request middleware +│ │ └── promptInjectionGuard.ts # Prompt injection detection +│ ├── mitm/ # MITM proxy capability +│ │ ├── cert/ # Certificate management +│ │ ├── dns/ # DNS handling +│ │ ├── targets/ # Target routing +│ │ └── manager.ts # MITM proxy manager +│ ├── shared/ # Shared utilities, components, and constants +│ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── contracts/ # Shared API contracts +│ │ ├── hooks/ # React hooks +│ │ ├── middleware/ # Shared middleware utilities +│ │ ├── schemas/ # Shared Zod schemas +│ │ ├── services/ # Shared services +│ │ ├── types/ # Shared TypeScript types +│ │ ├── validation/ # Zod schemas (settings, providers, routes) +│ │ └── utils/ # Helpers (auth, CORS, error codes, machine ID) +│ ├── sse/ # SSE proxy pipeline +│ │ ├── services/ # Auth resolution, format translation, response handling +│ │ └── middleware/ # Rate limiting, circuit breaker, caching, idempotency +│ ├── store/ # Zustand client-side stores (theme, providers, etc.) +│ └── types/ # TypeScript type definitions +├── open-sse/ # Standalone SSE server (npm workspace) +│ ├── config/ # Model registries (providerRegistry, embedding, image, audio, video, +│ │ # music, rerank, moderation, search, CLI fingerprints, Ollama models) +│ ├── executors/ # Provider-specific request executors (14 executors) +│ │ ├── base.ts # Base executor with shared logic +│ │ ├── default.ts # Default OpenAI-compatible executor +│ │ ├── cursor.ts # Cursor IDE (protobuf + checksum) +│ │ ├── codex.ts # OpenAI Codex CLI +│ │ ├── antigravity.ts # Antigravity IDE +│ │ ├── github.ts # GitHub Copilot +│ │ ├── gemini-cli.ts # Gemini CLI +│ │ ├── kiro.ts # Kiro AI +│ │ ├── qoder.ts # Qoder AI +│ │ ├── vertex.ts # Vertex AI (Service Account JSON) +│ │ ├── cloudflare-ai.ts # Cloudflare Workers AI +│ │ ├── opencode.ts # OpenCode Zen/Go +│ │ ├── pollinations.ts # Pollinations AI +│ │ └── puter.ts # Puter AI +│ ├── handlers/ # Request handlers per API type (11 handlers) +│ │ ├── chatCore.ts # Main chat completions handler +│ │ ├── responsesHandler.ts # OpenAI Responses API handler +│ │ ├── embeddings.ts # Embedding generation +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) +│ │ ├── videoGeneration.ts # Video generation +│ │ ├── musicGeneration.ts # Music generation +│ │ ├── audioSpeech.ts # Text-to-speech +│ │ ├── audioTranscription.ts # Speech-to-text (Whisper, Deepgram, AssemblyAI) +│ │ ├── moderations.ts # Content moderation +│ │ ├── rerank.ts # Reranking API +│ │ └── search.ts # Web search API +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ │ ├── server.ts # MCP server core (tool registration, scope enforcement) +│ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) +│ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) +│ │ ├── scopeEnforcement.ts # Scope-based access control (10 scopes) +│ │ ├── audit.ts # Tool call audit logging +│ │ ├── runtimeHeartbeat.ts # MCP runtime heartbeat +│ │ └── httpTransport.ts # HTTP transport handler +│ ├── services/ # 36+ service modules +│ │ ├── combo.ts # Core routing engine +│ │ ├── usage.ts # Usage tracking +│ │ ├── tokenRefresh.ts # OAuth token refresh +│ │ ├── rateLimitManager.ts # Rate limit management +│ │ ├── accountFallback.ts # Multi-account fallback +│ │ ├── sessionManager.ts # Session management +│ │ ├── wildcardRouter.ts # Wildcard model routing +│ │ ├── autoCombo/ # Auto-combo engine (6-factor scoring, bandit exploration) +│ │ ├── intentClassifier.ts # Request intent classification +│ │ ├── taskAwareRouter.ts # Task-aware routing +│ │ ├── thinkingBudget.ts # Thinking budget management +│ │ ├── contextManager.ts # Context window management +│ │ ├── modelDeprecation.ts # Model deprecation handling +│ │ ├── modelFamilyFallback.ts # Intra-family model fallback +│ │ ├── emergencyFallback.ts # Emergency fallback +│ │ ├── workflowFSM.ts # Workflow state machine +│ │ ├── backgroundTaskDetector.ts # Background task detection +│ │ ├── ipFilter.ts # IP-based access control +│ │ ├── signatureCache.ts # CLI signature caching +│ │ ├── volumeDetector.ts # Request volume detection +│ │ ├── contextHandoff.ts # Context relay handoff generation and injection +│ │ ├── codexQuotaFetcher.ts # Codex quota fetching for context-relay +│ │ └── ... # Additional services (14 more modules) +│ ├── transformer/ # Responses API transformer +│ │ └── responsesTransformer.ts +│ ├── translator/ # Format translators (OpenAI ↔ Claude ↔ Gemini ↔ Responses ↔ Ollama ↔ DeepSeek) +│ │ ├── request/ # Request translators per provider +│ │ ├── response/ # Response translators per provider +│ │ ├── helpers/ # Translation helpers +│ │ └── image/ # Image format translation +│ └── utils/ # 22 utility modules (stream, TLS, proxy, logging, etc.) +├── electron/ # Electron desktop app (cross-platform) +│ ├── main.js # Electron main process +│ ├── preload.js # Preload script (IPC bridge) +│ └── assets/ # App icons and assets +├── tests/ # Test suites +│ ├── unit/ # 122 unit test files +│ ├── integration/ # Integration tests +│ ├── e2e/ # Playwright E2E tests +│ ├── security/ # Security tests +│ ├── translator/ # Translator-specific tests +│ └── load/ # Load tests +├── docs/ # Documentation +│ ├── i18n/ # 30-language translated docs +│ ├── ARCHITECTURE.md # Full architecture documentation +│ ├── API_REFERENCE.md # API reference +│ ├── USER_GUIDE.md # User guide +│ ├── CODEBASE_DOCUMENTATION.md # Codebase overview +│ ├── CLI-TOOLS.md # CLI tools integration guide +│ ├── A2A-SERVER.md # A2A agent protocol documentation +│ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) +│ ├── MCP-SERVER.md # MCP server (29 tools) +│ ├── TROUBLESHOOTING.md # Troubleshooting guide +│ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide +│ ├── openapi.yaml # OpenAPI specification +│ └── screenshots/ # Dashboard screenshots +├── bin/ # CLI entry points (omniroute, reset-password) +├── scripts/ # Build and utility scripts +└── .env.example # Environment variable template +``` + +## Key Features (v3.8.0) + +### Core Proxy +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) +- **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay +- **4-tier fallback**: Subscription → API Key → Cheap → Free +- **Context Relay strategy**: Session handoff summaries on account rotation for continuity +- **Auto-combo engine**: Self-healing routing optimization with 6-factor scoring, bandit exploration, progressive cooldown +- **Semantic caching** with cache hit/miss headers +- **Idempotency** with configurable dedup window +- **Circuit breaker** per provider with configurable thresholds +- **Provider Icons**: 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback +- **Model Auto-Sync**: 24h scheduler refreshes model lists for 16 providers +- **Registered Keys API**: Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement +- **Memory System**: Persistent conversational memory with extraction, injection, retrieval, and summarization +- **Skills System**: Extensible skill framework with registry, executor, sandbox, built-in and custom skills +- **Prompt Injection Guard**: Middleware-level prompt injection detection +- **MITM Proxy**: Certificate management, DNS handling, and target routing +- **Cloudflare Tunnels**: Managed tunnel creation for remote access +- **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) + +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. +- **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) +- **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` +- **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` +- **omniModel tag sanitization**: Internal `` tags never leak to clients in SSE streams +- **TLS Fingerprint Spoofing** — Browser-like TLS fingerprint to reduce bot detection +- **CLI Fingerprint Matching** — Per-provider request signature matching +- **Prompt injection guard** — Request middleware detection +- **Provider constants validated at module load** via Zod (`src/shared/validation/providerSchema.ts`) +- **PII sanitizer** — Sensitive data scrubbing in logs + +### Dashboard Pages (23 sections) +- **Providers** — OAuth, API key, and free provider management with ProviderIcon SVG icons +- **Combos** — Multi-model combo builder with 4 templates (Free Stack, High Availability, Cost Saver, Balanced) + 13 strategies +- **Auto-Combo** — Auto-combo engine dashboard with scoring metrics +- **Analytics** — Token consumption, cost, heatmaps, distributions +- **Health** — Uptime, memory, latency percentiles, circuit breakers +- **Logs** — Request, Proxy, Audit, Console (tabbed) +- **Audit** — Audit trail and compliance logging +- **Costs** — Cost tracking per provider/model +- **Limits** — Rate limit monitoring +- **Cache** — Semantic cache statistics and management +- **CLI Tools** — One-click configuration for 10+ AI CLI tools +- **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration +- **Playground** — Test any model with Monaco editor, streaming responses +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) +- **Search Tools** — Search provider configuration and testing +- **Memory** — Memory system management and visualization +- **Skills** — Skills framework management and execution +- **Translator** — Format debugging: playground, chat tester, test bench, live monitor +- **Settings** — General, Appearance (7 color themes), Security (TLS/CLI fingerprint, IP filter), Routing, Resilience, Advanced +- **Endpoint** — Unified: Endpoint Proxy, MCP Server, A2A Server, API Endpoints (tabbed) +- **Onboarding** — Setup wizard for new users +- **Usage** — Usage history and analytics +- **API Manager** — API key management with scoped permissions + +### Protocol Support +- **OpenAI-compatible** — `/v1/chat/completions`, `/v1/models`, `/v1/embeddings`, `/v1/images/generations`, `/v1/audio/transcriptions`, `/v1/audio/speech`, `/v1/moderations`, `/v1/rerank`, `/v1/videos/generations`, `/v1/music/generations` +- **Anthropic** — `/v1/messages`, `/v1/messages/count_tokens` +- **OpenAI Responses** — `/v1/responses` +- **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` +- **Ollama** — `/v1/api/chat`, `/api/tags` +- **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) +- **ACP** — Agent Communication Protocol registry and manager + +### MCP Server (29 Tools) +| Category | Tools | +|-----------|-------| +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | +| Memory (3) | `memory_search`, `memory_add`, `memory_clear` | +| Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | + +**MCP Auth Scopes (10):** `read:health`, `read:combos`, `write:combos`, `read:quota`, `read:usage`, `read:models`, `execute:completions`, `execute:search`, `write:budget`, `write:resilience` + +### Provider Categories + +**Free Providers (4):** Qoder AI, Qwen Code, Gemini CLI (deprecated), Kiro AI + +**OAuth Providers (8):** Claude Code, Antigravity, OpenAI Codex, GitHub Copilot, Cursor IDE, Kimi Coding, Kilo Code, Cline + +**API Key Providers (48+):** OpenAI, Anthropic, Gemini (Google AI Studio), DeepSeek, Groq, xAI (Grok), Mistral, Perplexity, Together AI, Fireworks AI, Cerebras, Cohere, NVIDIA NIM, Nebius AI, SiliconFlow, Hyperbolic, HuggingFace, OpenRouter, Vertex AI, Cloudflare Workers AI, Scaleway AI, AI/ML API, Pollinations AI, Puter AI, LongCat AI, Alibaba Cloud (DashScope), Alibaba Intl, Alibaba (AliCode), Kimi, Kimi Coding (API Key), Minimax, Minimax (China), Blackbox AI, Synthetic, Kilo Gateway, Z.AI, GLM Coding, Deepgram, AssemblyAI, ElevenLabs, Cartesia, PlayHT, Inworld, NanoBanana, SD WebUI, ComfyUI, Ollama Cloud, Perplexity Search, Serper Search, Brave Search, Exa Search, Tavily Search, OpenCode Zen, OpenCode Go, Bailian Coding Plan + +**Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs + +### Internationalization +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ +- Language switcher in documentation + +## Key Architectural Decisions + +1. **OpenAI-compatible API surface:** All incoming requests follow the OpenAI API format. This makes OmniRoute a drop-in replacement for any tool that supports custom OpenAI endpoints. + +2. **Provider abstraction via format translators:** Each AI provider has a translator in `open-sse/translator/` that converts between OpenAI format and the provider's native format transparently. + +3. **Connection-based provider model:** Providers are stored as "connections" in SQLite. Each connection has an `id`, `provider`, `authType` (oauth/apikey/free), `isActive` flag, and credentials. Multiple connections per provider for multi-account rotation. + +4. **Combo system for fallback:** Users create "combos" — ordered lists of `provider/model` pairs. The proxy tries each in order until one succeeds. Supports 13 strategies including auto-combo with self-healing and context-relay for session continuity. + +5. **SSE proxy pipeline:** The proxy pipeline is middleware-based: request → auth resolution → rate limiting → circuit breaker → format translation → upstream call → response translation → SSE streaming back to client. + +6. **SQLite for persistence:** All state (providers, combos, logs, settings, API keys, memory, skills) stored in a single SQLite database via 21 domain-specific modules. All DB operations go through `src/lib/db/` modules, never raw SQL in routes. + +7. **OAuth with PKCE:** OAuth flows use PKCE for security. Token refresh handled by background job (`tokenHealthCheck.ts`). + +8. **ProviderIcon component:** Unified icon system using `@lobehub/icons` (130+ SVG) with PNG fallback and generic icon fallback chain. Used on providers, dashboard, and agents pages. + +9. **DB architecture:** `localDb.ts` is a re-export layer only — real logic lives in 21 `src/lib/db/` modules with 16 SQL migrations. + +10. **Upstream headers:** Custom headers merged in executors after default auth; same header name replaces executor value. Forbidden header names in `src/shared/constants/upstreamHeaders.ts`. + +11. **Memory/Skills cross-cutting systems:** Memory and Skills affect the MCP tools, request pipeline, and A2A skills. Memory provides persistent context across sessions; Skills provide extensible tool execution with sandbox isolation. + +12. **Domain policy engine:** `src/domain/` contains policy engine modules (policyEngine, comboResolver, costRules, degradation, fallbackPolicy, lockoutPolicy, modelAvailability, providerExpiration, quotaCache, configAudit) that govern routing decisions independently from the pipeline. + +13. **Provider constants validated at load:** All provider definitions validated via Zod schemas at module load time (`src/shared/validation/providerSchema.ts`). Invalid providers fail fast. + +## Main Flows + +### Proxy Request Flow +1. Client sends OpenAI-format request to `/v1/chat/completions` +2. API key validation +3. Model resolution: direct model or combo lookup +4. For combos: iterate through models with selected strategy +5. Auth resolution: get credentials for the target provider +6. Format translation: OpenAI → provider native format +7. CLI fingerprint matching (if enabled for provider) +8. Upstream request with circuit breaker and rate limiting +9. Response translation: provider → OpenAI format +10. omniModel tag sanitization (strip internal tags) +11. SSE streaming back to client +12. Memory extraction (if memory system enabled) +13. Usage logging and cost calculation + +### OAuth Flow +1. Dashboard initiates `/api/oauth/[provider]/authorize` +2. User completes OAuth login in browser +3. Callback hits `/api/oauth/[provider]/exchange` +4. Tokens stored as a provider connection in SQLite +5. Background job refreshes tokens before expiry + +## Important Notes for LLMs + +1. **Two model endpoints exist:** `/api/models` (dashboard, all models) and `/v1/models` (OpenAI-compatible, active only). + +2. **Provider IDs vs aliases:** Providers have both an ID (`claude`, `github`) and a short alias (`cc`, `gh`). Models are referenced as `alias/model-name` (e.g., `cc/claude-opus-4-6`). + +3. **The `open-sse/` directory is a separate npm workspace** with its own config, handlers, executors, translators, and services. + +4. **Environment variables:** All configuration is in `.env` (from `.env.example`). Key vars: `PORT`, `NEXT_PUBLIC_BASE_URL`, `API_KEY`, `ADMIN_PASSWORD`. + +5. **Database layer:** Operations go through `src/lib/db/` modules (21 domain-specific files). `localDb.ts` is re-exports only — add new functions to the proper `db/*.ts` module. + +6. **Tests use Node.js built-in test runner:** 122 unit test files. Run `npm test`. Vitest for MCP/autoCombo (`npm run test:vitest`). Playwright for E2E (`npm run test:e2e`). + +7. **MCP and A2A pages are embedded as tabs inside `/dashboard/endpoint`**, not standalone routes. + +8. **ACP agents** are in `src/lib/acp/registry.ts` with detection cache. Custom agents stored via settings DB. + +9. **Auto-combo engine** in `open-sse/services/autoCombo/` — 6-factor scoring, 4 mode packs, bandit exploration, progressive cooldown. + +10. **Docker:** Dockerfile has two targets: `runner-base` and `runner-cli`. `docker-compose.yml` for dev (3 profiles), `docker-compose.prod.yml` for production (port 20130). + +11. **Electron desktop app** in `electron/` with main.js and preload.js. Build with `npm run electron:build` (supports Windows, macOS, Linux). + +12. **Pricing data** syncs from LiteLLM via `src/lib/pricingSync.ts`. Use `sync_pricing` MCP tool or API endpoint. + +13. **Memory system** in `src/lib/memory/` provides extraction, injection, retrieval, summarization, and persistent store. Exposed via MCP memory tools and `/api/memory/ API. + +14. **Skills system** in `src/lib/skills/` provides registry, executor, sandbox isolation, built-in skills, custom skill support, request interception, and context injection. Exposed via MCP skill tools and `/api/skills/` API. + +15. **Zod v4** is used for all validation. Import from `zod` package. Provider schemas validated at module load time. + +16. **Context Relay** strategy (`context-relay`) is split across two layers: `combo.ts` decides if a handoff should be generated after a successful turn; `chat.ts` injects the handoff only after account resolution. Handoff data lives in `context_handoffs` SQLite table. Config: `handoffThreshold`, `handoffModel`, `handoffProviders`. + +17. **Proxy enforcement** is now comprehensive: token health checks resolve proxy per connection, provider validation wraps in `runWithProxyContext`, and proxy dispatchers use `undici.fetch()` instead of the Node built-in `fetch()` to avoid dispatcher incompatibilities on Node 22. + +18. **Node.js 24+ compatibility**: The login page (`/api/settings/require-login`) detects the Node.js version and sends `nodeVersion`/`nodeCompatible` fields. The login UI renders a warning banner when `nodeCompatible` is false. + +## Links + +- Repository: https://github.com/diegosouzapw/OmniRoute +- Website: https://omniroute.online +- npm: https://www.npmjs.com/package/omniroute +- Docker Hub: https://hub.docker.com/r/diegosouzapw/omniroute +- Documentation: See `/docs/` directory diff --git a/docs/i18n/cs/CHANGELOG.md b/docs/i18n/cs/CHANGELOG.md index 3e9a40f561..4c54214645 100644 --- a/docs/i18n/cs/CHANGELOG.md +++ b/docs/i18n/cs/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Bezpečnost +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Dokumentace +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Dokumentace +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Bezpečnost +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Bezpečnost +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Dokumentace +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Bezpečnost +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Dokumentace +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Bezpečnost +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Funkce +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Bezpečnost +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Funkce +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Funkce +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Bezpečnost +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Bezpečnost +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Dokumentace +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Dokumentace +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Funkce +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Funkce +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Funkce +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Bezpečnost +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Funkce +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Funkce +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Funkce +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Funkce +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Funkce +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Funkce +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Funkce +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Funkce +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Bezpečnost +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Funkce +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Funkce +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Funkce +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Funkce +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Funkce +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Funkce +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Dokumentace +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Funkce +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/cs/README.md b/docs/i18n/cs/README.md index 5772362c7e..50f1ba2567 100644 --- a/docs/i18n/cs/README.md +++ b/docs/i18n/cs/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/cs/docs/API_REFERENCE.md b/docs/i18n/cs/docs/API_REFERENCE.md index ffd0f15526..1ca8c724e0 100644 --- a/docs/i18n/cs/docs/API_REFERENCE.md +++ b/docs/i18n/cs/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/cs/docs/CLI-TOOLS.md b/docs/i18n/cs/docs/CLI-TOOLS.md index 6c45eb902b..ee4e6f52ae 100644 --- a/docs/i18n/cs/docs/CLI-TOOLS.md +++ b/docs/i18n/cs/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/cs/llm.txt b/docs/i18n/cs/llm.txt index 79760c56fd..5706410a70 100644 --- a/docs/i18n/cs/llm.txt +++ b/docs/i18n/cs/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (Čeština) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## Přehled +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### Bezpečnost +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/da/CHANGELOG.md b/docs/i18n/da/CHANGELOG.md index cfeb78306b..1ee699b1e4 100644 --- a/docs/i18n/da/CHANGELOG.md +++ b/docs/i18n/da/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Sikkerhed +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Dokumentation +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Dokumentation +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Sikkerhed +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Sikkerhed +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Dokumentation +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Sikkerhed +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Dokumentation +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Sikkerhed +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Funktioner +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Sikkerhed +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Funktioner +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Funktioner +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Sikkerhed +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Sikkerhed +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Dokumentation +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Dokumentation +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Funktioner +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Funktioner +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Funktioner +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Sikkerhed +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Funktioner +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Funktioner +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Funktioner +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Funktioner +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Funktioner +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Funktioner +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Funktioner +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Funktioner +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Sikkerhed +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Funktioner +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Funktioner +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Funktioner +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Funktioner +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Funktioner +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Funktioner +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Dokumentation +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Funktioner +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/da/README.md b/docs/i18n/da/README.md index 7c91da93a1..9a88f9af24 100644 --- a/docs/i18n/da/README.md +++ b/docs/i18n/da/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/da/docs/API_REFERENCE.md b/docs/i18n/da/docs/API_REFERENCE.md index 426bb858cc..9f93e1dfa9 100644 --- a/docs/i18n/da/docs/API_REFERENCE.md +++ b/docs/i18n/da/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/da/docs/CLI-TOOLS.md b/docs/i18n/da/docs/CLI-TOOLS.md index e847abce46..44904650a0 100644 --- a/docs/i18n/da/docs/CLI-TOOLS.md +++ b/docs/i18n/da/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/da/llm.txt b/docs/i18n/da/llm.txt index e245fa1d2d..51dd797797 100644 --- a/docs/i18n/da/llm.txt +++ b/docs/i18n/da/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (Dansk) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## Overblik +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### Sikkerhed +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/de/CHANGELOG.md b/docs/i18n/de/CHANGELOG.md index 6ec201bb96..ae57bf3ab3 100644 --- a/docs/i18n/de/CHANGELOG.md +++ b/docs/i18n/de/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Sicherheit +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Dokumentation +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Dokumentation +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Sicherheit +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Sicherheit +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Dokumentation +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Sicherheit +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Dokumentation +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Sicherheit +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Funktionen +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Sicherheit +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Funktionen +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Funktionen +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Sicherheit +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Sicherheit +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Dokumentation +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Dokumentation +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Funktionen +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Funktionen +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Funktionen +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Sicherheit +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Funktionen +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Funktionen +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Funktionen +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Funktionen +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Funktionen +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Funktionen +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Funktionen +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Funktionen +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Sicherheit +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Funktionen +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Funktionen +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Funktionen +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Funktionen +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Funktionen +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Funktionen +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Dokumentation +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Funktionen +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/de/README.md b/docs/i18n/de/README.md index 070d1ee611..2db62bf6c2 100644 --- a/docs/i18n/de/README.md +++ b/docs/i18n/de/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/de/docs/API_REFERENCE.md b/docs/i18n/de/docs/API_REFERENCE.md index dd41627b69..b113ae437d 100644 --- a/docs/i18n/de/docs/API_REFERENCE.md +++ b/docs/i18n/de/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/de/docs/CLI-TOOLS.md b/docs/i18n/de/docs/CLI-TOOLS.md index 057ed421b2..d59d63f10c 100644 --- a/docs/i18n/de/docs/CLI-TOOLS.md +++ b/docs/i18n/de/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/de/llm.txt b/docs/i18n/de/llm.txt index 82c5317d30..dc75ee0ef2 100644 --- a/docs/i18n/de/llm.txt +++ b/docs/i18n/de/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (Deutsch) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## Übersicht +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### Sicherheit +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/es/CHANGELOG.md b/docs/i18n/es/CHANGELOG.md index 777e606501..584b0b0711 100644 --- a/docs/i18n/es/CHANGELOG.md +++ b/docs/i18n/es/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Seguridad +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Documentación +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Documentación +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Seguridad +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Seguridad +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Documentación +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Seguridad +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Documentación +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Seguridad +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Funcionalidades +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Seguridad +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Funcionalidades +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Funcionalidades +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Seguridad +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Seguridad +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Documentación +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Documentación +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Funcionalidades +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Funcionalidades +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Funcionalidades +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Seguridad +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Funcionalidades +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Funcionalidades +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Funcionalidades +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Funcionalidades +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Funcionalidades +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Funcionalidades +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Funcionalidades +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Funcionalidades +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Seguridad +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Funcionalidades +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Funcionalidades +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Funcionalidades +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Funcionalidades +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Funcionalidades +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Funcionalidades +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Documentación +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Funcionalidades +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/es/README.md b/docs/i18n/es/README.md index 83c53d250a..6ecc419bbd 100644 --- a/docs/i18n/es/README.md +++ b/docs/i18n/es/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/es/docs/API_REFERENCE.md b/docs/i18n/es/docs/API_REFERENCE.md index b693529fd8..b9ad5bf4e4 100644 --- a/docs/i18n/es/docs/API_REFERENCE.md +++ b/docs/i18n/es/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/es/docs/CLI-TOOLS.md b/docs/i18n/es/docs/CLI-TOOLS.md index 422bf13f48..90c55da56c 100644 --- a/docs/i18n/es/docs/CLI-TOOLS.md +++ b/docs/i18n/es/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/es/llm.txt b/docs/i18n/es/llm.txt index d07f7bfa97..cd810711d3 100644 --- a/docs/i18n/es/llm.txt +++ b/docs/i18n/es/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (Español) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## Resumen +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### Seguridad +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/fa/CHANGELOG.md b/docs/i18n/fa/CHANGELOG.md index 73421e1abf..057c405923 100644 --- a/docs/i18n/fa/CHANGELOG.md +++ b/docs/i18n/fa/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Seguridad +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Documentación +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Documentación +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Seguridad +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Seguridad +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Documentación +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Seguridad +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Documentación +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Seguridad +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Funcionalidades +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Seguridad +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Funcionalidades +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Funcionalidades +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Seguridad +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Seguridad +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Documentación +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Documentación +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Funcionalidades +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Funcionalidades +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Funcionalidades +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Seguridad +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Funcionalidades +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Funcionalidades +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Funcionalidades +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Funcionalidades +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Funcionalidades +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Funcionalidades +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Funcionalidades +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Funcionalidades +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Seguridad +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Funcionalidades +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Funcionalidades +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Funcionalidades +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Funcionalidades +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Funcionalidades +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Funcionalidades +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Documentación +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Funcionalidades +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/fa/README.md b/docs/i18n/fa/README.md index 4fa551cc07..57b1f66938 100644 --- a/docs/i18n/fa/README.md +++ b/docs/i18n/fa/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/fa/docs/API_REFERENCE.md b/docs/i18n/fa/docs/API_REFERENCE.md index 359ea6097b..0f590ad6dd 100644 --- a/docs/i18n/fa/docs/API_REFERENCE.md +++ b/docs/i18n/fa/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/fa/docs/CLI-TOOLS.md b/docs/i18n/fa/docs/CLI-TOOLS.md index 3b0ef80c21..2db0711bff 100644 --- a/docs/i18n/fa/docs/CLI-TOOLS.md +++ b/docs/i18n/fa/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/fa/llm.txt b/docs/i18n/fa/llm.txt new file mode 100644 index 0000000000..9ee7d22c20 --- /dev/null +++ b/docs/i18n/fa/llm.txt @@ -0,0 +1,477 @@ +# OmniRoute (فارسی) + +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) + +--- + +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. + +## Overview + +OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. + +**Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. + +**Current version:** 3.8.0 + +## Tech Stack + +- **Runtime:** Node.js >= 18 < 24, ES Modules (`"type": "module"`) +- **Framework:** Next.js 16 (App Router) with TypeScript 5.9 +- **Database:** SQLite via better-sqlite3 (local, zero-config, 16 migrations) +- **State management:** Zustand (client), SQLite (server persistence) +- **UI:** React 19, Tailwind CSS 4, Recharts for analytics, @lobehub/icons for 130+ provider SVG icons +- **Auth:** OAuth 2.0 (PKCE) for providers, bcrypt for local user auth +- **Schemas:** Zod v4 for all API / MCP input validation +- **Background jobs:** Custom token health check scheduler, 24h model auto-sync +- **Streaming:** Server-Sent Events (SSE) for real-time proxy responses +- **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine +- **i18n:** next-intl with 40+ languages +- **Desktop:** Electron (cross-platform: Windows, macOS, Linux) +- **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) + +## Project Structure + +``` +/ +├── src/ # Main application source +│ ├── app/ # Next.js App Router pages and API routes +│ │ ├── (dashboard)/ # Dashboard UI pages +│ │ │ └── dashboard/ +│ │ │ ├── agents/ # ACP Agents dashboard (CLI agent detection + custom agents) +│ │ │ ├── analytics/ # Usage analytics and charts +│ │ │ ├── api-manager/ # API key management +│ │ │ ├── audit/ # Audit logs +│ │ │ ├── auto-combo/ # Auto-combo engine dashboard +│ │ │ ├── cache/ # Cache dashboard (semantic cache stats) +│ │ │ ├── cli-tools/ # CLI tool configuration (Claude Code, Codex, Gemini CLI, etc.) +│ │ │ ├── combos/ # Model combo management (13 strategies + 4 templates) +│ │ │ ├── costs/ # Cost tracking per provider/model +│ │ │ ├── endpoint/ # Unified: Endpoint Proxy, MCP, A2A, API Endpoints tabs +│ │ │ ├── health/ # System health (uptime, circuit breakers, latency) +│ │ │ ├── limits/ # Rate limits dashboard +│ │ │ ├── logs/ # Request, Proxy, Audit, Console logs (tabbed) +│ │ │ ├── media/ # Image/video/music generation + transcription +│ │ │ ├── memory/ # Memory system dashboard +│ │ │ ├── onboarding/ # Onboarding wizard +│ │ │ ├── playground/ # Model playground (Monaco editor, streaming) +│ │ │ ├── providers/ # Provider management (OAuth + API key + free) +│ │ │ ├── search-tools/ # Search tools configuration +│ │ │ ├── settings/ # Settings tabs (General, Appearance, Security, Routing, Resilience, Advanced) +│ │ │ ├── skills/ # Skills system dashboard +│ │ │ ├── translator/ # Format translator + debug tools +│ │ │ └── usage/ # Usage history +│ │ ├── api/ # REST API endpoints (51 route directories) +│ │ │ ├── v1/ # OpenAI-compatible API (chat, completions, models, embeddings, +│ │ │ │ # images, audio, videos, music, moderations, rerank, search, +│ │ │ │ # responses, messages, registered-keys, quotas, accounts) +│ │ │ ├── v1beta/ # Gemini-compatible API +│ │ │ ├── a2a/ # A2A agent management API +│ │ │ ├── acp/ # ACP agent management API +│ │ │ ├── oauth/ # OAuth flows per provider +│ │ │ ├── providers/ # Provider CRUD and batch testing +│ │ │ ├── models/ # Dashboard model listing and aliases +│ │ │ ├── combos/ # Combo CRUD (multi-model fallback chains) +│ │ │ ├── memory/ # Memory system API +│ │ │ ├── skills/ # Skills system API +│ │ │ ├── evals/ # Eval runner API +│ │ │ ├── mcp/ # MCP HTTP transport API +│ │ │ ├── search/ # Search provider API +│ │ │ ├── webhooks/ # Webhook management +│ │ │ ├── tunnels/ # Cloudflare tunnel management +│ │ │ └── ... # Other endpoints (usage, logs, health, settings, pricing, etc.) +│ │ ├── landing/ # Landing page +│ │ ├── login/ # Login page +│ │ ├── forgot-password/ # Password recovery +│ │ ├── status/ # Status page +│ │ └── docs/ # In-app documentation +│ ├── domain/ # Domain types and policy engine +│ │ ├── policyEngine.ts # Central policy engine +│ │ ├── comboResolver.ts # Combo resolution logic +│ │ ├── costRules.ts # Cost calculation rules +│ │ ├── degradation.ts # Graceful degradation +│ │ ├── fallbackPolicy.ts # Fallback behavior +│ │ ├── lockoutPolicy.ts # Account lockout logic +│ │ ├── modelAvailability.ts # Model availability checks +│ │ ├── providerExpiration.ts # Provider credential expiration +│ │ ├── quotaCache.ts # Quota caching layer +│ │ ├── configAudit.ts # Configuration auditing +│ │ └── responses.ts # Domain response types +│ ├── i18n/ # Internationalization +│ │ └── messages/ # 40+ language JSON files +│ ├── lib/ # Core libraries +│ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server +│ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) +│ │ │ ├── taskManager.ts # Task lifecycle with TTL cleanup +│ │ │ └── streaming.ts # SSE streaming for A2A +│ │ ├── acp/ # Agent Communication Protocol registry and manager +│ │ ├── compliance/ # Compliance policy engine +│ │ ├── db/ # SQLite database layer (21 modules + migrations) +│ │ │ ├── core.ts # Database initialization, connection, schema +│ │ │ ├── providers.ts # Provider connection CRUD +│ │ │ ├── models.ts # Model catalog management +│ │ │ ├── combos.ts # Combo configuration +│ │ │ ├── apiKeys.ts # API key management +│ │ │ ├── settings.ts # Settings persistence +│ │ │ ├── backup.ts # Database backup/restore +│ │ │ ├── proxies.ts # Proxy registry +│ │ │ ├── prompts.ts # Prompt templates +│ │ │ ├── webhooks.ts # Webhook subscriptions +│ │ │ ├── detailedLogs.ts # Detailed request logging +│ │ │ ├── domainState.ts # Domain state persistence +│ │ │ ├── registeredKeys.ts # Registered API keys with quotas +│ │ │ ├── quotaSnapshots.ts # Quota snapshot history +│ │ │ ├── modelComboMappings.ts # Model-to-combo mappings +│ │ │ ├── cliToolState.ts # CLI tool state tracking +│ │ │ ├── encryption.ts # Data encryption +│ │ │ ├── readCache.ts # Read-through cache layer +│ │ │ ├── secrets.ts # Secrets management +│ │ │ ├── stateReset.ts # State reset utilities +│ │ │ ├── migrationRunner.ts # Schema migration runner +│ │ │ └── migrations/ # 16 SQL migration files +│ │ ├── evals/ # Eval runner and scheduler +│ │ ├── memory/ # Persistent conversational memory +│ │ │ ├── extraction.ts # Memory extraction from conversations +│ │ │ ├── injection.ts # Memory injection into context +│ │ │ ├── retrieval.ts # Memory retrieval/search +│ │ │ ├── store.ts # Memory persistence layer +│ │ │ └── summarization.ts # Memory summarization +│ │ ├── oauth/ # OAuth providers, services, and utilities +│ │ │ ├── constants/ # Default OAuth credentials (overridable via env) +│ │ │ ├── providers/ # Provider-specific OAuth configs +│ │ │ ├── services/ # Provider-specific token exchange logic +│ │ │ └── utils/ # PKCE, callback server, token helpers +│ │ ├── plugins/ # Plugin system +│ │ ├── skills/ # Extensible skill framework +│ │ │ ├── registry.ts # Skill registration +│ │ │ ├── executor.ts # Skill execution engine +│ │ │ ├── sandbox.ts # Skill sandbox environment +│ │ │ ├── builtin/ # Built-in skills +│ │ │ ├── interception.ts # Skill request interception +│ │ │ └── injection.ts # Skill context injection +│ │ ├── usage/ # Usage tracking system +│ │ │ ├── callLogs.ts # Call log persistence +│ │ │ ├── costCalculator.ts # Cost calculation engine +│ │ │ └── usageHistory.ts # Usage history queries +│ │ ├── cloudSync.ts # Cloud sync via Cloudflare Workers +│ │ ├── cloudflaredTunnel.ts # Cloudflare tunnel management +│ │ ├── pricingSync.ts # LiteLLM pricing data sync +│ │ ├── semanticCache.ts # Semantic caching layer +│ │ ├── tokenHealthCheck.ts # Background OAuth token refresh scheduler +│ │ ├── webhookDispatcher.ts # Webhook event dispatcher +│ │ └── localDb.ts # Unified re-export layer for all DB modules +│ ├── middleware/ # Request middleware +│ │ └── promptInjectionGuard.ts # Prompt injection detection +│ ├── mitm/ # MITM proxy capability +│ │ ├── cert/ # Certificate management +│ │ ├── dns/ # DNS handling +│ │ ├── targets/ # Target routing +│ │ └── manager.ts # MITM proxy manager +│ ├── shared/ # Shared utilities, components, and constants +│ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── contracts/ # Shared API contracts +│ │ ├── hooks/ # React hooks +│ │ ├── middleware/ # Shared middleware utilities +│ │ ├── schemas/ # Shared Zod schemas +│ │ ├── services/ # Shared services +│ │ ├── types/ # Shared TypeScript types +│ │ ├── validation/ # Zod schemas (settings, providers, routes) +│ │ └── utils/ # Helpers (auth, CORS, error codes, machine ID) +│ ├── sse/ # SSE proxy pipeline +│ │ ├── services/ # Auth resolution, format translation, response handling +│ │ └── middleware/ # Rate limiting, circuit breaker, caching, idempotency +│ ├── store/ # Zustand client-side stores (theme, providers, etc.) +│ └── types/ # TypeScript type definitions +├── open-sse/ # Standalone SSE server (npm workspace) +│ ├── config/ # Model registries (providerRegistry, embedding, image, audio, video, +│ │ # music, rerank, moderation, search, CLI fingerprints, Ollama models) +│ ├── executors/ # Provider-specific request executors (14 executors) +│ │ ├── base.ts # Base executor with shared logic +│ │ ├── default.ts # Default OpenAI-compatible executor +│ │ ├── cursor.ts # Cursor IDE (protobuf + checksum) +│ │ ├── codex.ts # OpenAI Codex CLI +│ │ ├── antigravity.ts # Antigravity IDE +│ │ ├── github.ts # GitHub Copilot +│ │ ├── gemini-cli.ts # Gemini CLI +│ │ ├── kiro.ts # Kiro AI +│ │ ├── qoder.ts # Qoder AI +│ │ ├── vertex.ts # Vertex AI (Service Account JSON) +│ │ ├── cloudflare-ai.ts # Cloudflare Workers AI +│ │ ├── opencode.ts # OpenCode Zen/Go +│ │ ├── pollinations.ts # Pollinations AI +│ │ └── puter.ts # Puter AI +│ ├── handlers/ # Request handlers per API type (11 handlers) +│ │ ├── chatCore.ts # Main chat completions handler +│ │ ├── responsesHandler.ts # OpenAI Responses API handler +│ │ ├── embeddings.ts # Embedding generation +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) +│ │ ├── videoGeneration.ts # Video generation +│ │ ├── musicGeneration.ts # Music generation +│ │ ├── audioSpeech.ts # Text-to-speech +│ │ ├── audioTranscription.ts # Speech-to-text (Whisper, Deepgram, AssemblyAI) +│ │ ├── moderations.ts # Content moderation +│ │ ├── rerank.ts # Reranking API +│ │ └── search.ts # Web search API +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ │ ├── server.ts # MCP server core (tool registration, scope enforcement) +│ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) +│ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) +│ │ ├── scopeEnforcement.ts # Scope-based access control (10 scopes) +│ │ ├── audit.ts # Tool call audit logging +│ │ ├── runtimeHeartbeat.ts # MCP runtime heartbeat +│ │ └── httpTransport.ts # HTTP transport handler +│ ├── services/ # 36+ service modules +│ │ ├── combo.ts # Core routing engine +│ │ ├── usage.ts # Usage tracking +│ │ ├── tokenRefresh.ts # OAuth token refresh +│ │ ├── rateLimitManager.ts # Rate limit management +│ │ ├── accountFallback.ts # Multi-account fallback +│ │ ├── sessionManager.ts # Session management +│ │ ├── wildcardRouter.ts # Wildcard model routing +│ │ ├── autoCombo/ # Auto-combo engine (6-factor scoring, bandit exploration) +│ │ ├── intentClassifier.ts # Request intent classification +│ │ ├── taskAwareRouter.ts # Task-aware routing +│ │ ├── thinkingBudget.ts # Thinking budget management +│ │ ├── contextManager.ts # Context window management +│ │ ├── modelDeprecation.ts # Model deprecation handling +│ │ ├── modelFamilyFallback.ts # Intra-family model fallback +│ │ ├── emergencyFallback.ts # Emergency fallback +│ │ ├── workflowFSM.ts # Workflow state machine +│ │ ├── backgroundTaskDetector.ts # Background task detection +│ │ ├── ipFilter.ts # IP-based access control +│ │ ├── signatureCache.ts # CLI signature caching +│ │ ├── volumeDetector.ts # Request volume detection +│ │ ├── contextHandoff.ts # Context relay handoff generation and injection +│ │ ├── codexQuotaFetcher.ts # Codex quota fetching for context-relay +│ │ └── ... # Additional services (14 more modules) +│ ├── transformer/ # Responses API transformer +│ │ └── responsesTransformer.ts +│ ├── translator/ # Format translators (OpenAI ↔ Claude ↔ Gemini ↔ Responses ↔ Ollama ↔ DeepSeek) +│ │ ├── request/ # Request translators per provider +│ │ ├── response/ # Response translators per provider +│ │ ├── helpers/ # Translation helpers +│ │ └── image/ # Image format translation +│ └── utils/ # 22 utility modules (stream, TLS, proxy, logging, etc.) +├── electron/ # Electron desktop app (cross-platform) +│ ├── main.js # Electron main process +│ ├── preload.js # Preload script (IPC bridge) +│ └── assets/ # App icons and assets +├── tests/ # Test suites +│ ├── unit/ # 122 unit test files +│ ├── integration/ # Integration tests +│ ├── e2e/ # Playwright E2E tests +│ ├── security/ # Security tests +│ ├── translator/ # Translator-specific tests +│ └── load/ # Load tests +├── docs/ # Documentation +│ ├── i18n/ # 30-language translated docs +│ ├── ARCHITECTURE.md # Full architecture documentation +│ ├── API_REFERENCE.md # API reference +│ ├── USER_GUIDE.md # User guide +│ ├── CODEBASE_DOCUMENTATION.md # Codebase overview +│ ├── CLI-TOOLS.md # CLI tools integration guide +│ ├── A2A-SERVER.md # A2A agent protocol documentation +│ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) +│ ├── MCP-SERVER.md # MCP server (29 tools) +│ ├── TROUBLESHOOTING.md # Troubleshooting guide +│ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide +│ ├── openapi.yaml # OpenAPI specification +│ └── screenshots/ # Dashboard screenshots +├── bin/ # CLI entry points (omniroute, reset-password) +├── scripts/ # Build and utility scripts +└── .env.example # Environment variable template +``` + +## Key Features (v3.8.0) + +### Core Proxy +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) +- **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay +- **4-tier fallback**: Subscription → API Key → Cheap → Free +- **Context Relay strategy**: Session handoff summaries on account rotation for continuity +- **Auto-combo engine**: Self-healing routing optimization with 6-factor scoring, bandit exploration, progressive cooldown +- **Semantic caching** with cache hit/miss headers +- **Idempotency** with configurable dedup window +- **Circuit breaker** per provider with configurable thresholds +- **Provider Icons**: 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback +- **Model Auto-Sync**: 24h scheduler refreshes model lists for 16 providers +- **Registered Keys API**: Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement +- **Memory System**: Persistent conversational memory with extraction, injection, retrieval, and summarization +- **Skills System**: Extensible skill framework with registry, executor, sandbox, built-in and custom skills +- **Prompt Injection Guard**: Middleware-level prompt injection detection +- **MITM Proxy**: Certificate management, DNS handling, and target routing +- **Cloudflare Tunnels**: Managed tunnel creation for remote access +- **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) + +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. +- **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) +- **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` +- **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` +- **omniModel tag sanitization**: Internal `` tags never leak to clients in SSE streams +- **TLS Fingerprint Spoofing** — Browser-like TLS fingerprint to reduce bot detection +- **CLI Fingerprint Matching** — Per-provider request signature matching +- **Prompt injection guard** — Request middleware detection +- **Provider constants validated at module load** via Zod (`src/shared/validation/providerSchema.ts`) +- **PII sanitizer** — Sensitive data scrubbing in logs + +### Dashboard Pages (23 sections) +- **Providers** — OAuth, API key, and free provider management with ProviderIcon SVG icons +- **Combos** — Multi-model combo builder with 4 templates (Free Stack, High Availability, Cost Saver, Balanced) + 13 strategies +- **Auto-Combo** — Auto-combo engine dashboard with scoring metrics +- **Analytics** — Token consumption, cost, heatmaps, distributions +- **Health** — Uptime, memory, latency percentiles, circuit breakers +- **Logs** — Request, Proxy, Audit, Console (tabbed) +- **Audit** — Audit trail and compliance logging +- **Costs** — Cost tracking per provider/model +- **Limits** — Rate limit monitoring +- **Cache** — Semantic cache statistics and management +- **CLI Tools** — One-click configuration for 10+ AI CLI tools +- **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration +- **Playground** — Test any model with Monaco editor, streaming responses +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) +- **Search Tools** — Search provider configuration and testing +- **Memory** — Memory system management and visualization +- **Skills** — Skills framework management and execution +- **Translator** — Format debugging: playground, chat tester, test bench, live monitor +- **Settings** — General, Appearance (7 color themes), Security (TLS/CLI fingerprint, IP filter), Routing, Resilience, Advanced +- **Endpoint** — Unified: Endpoint Proxy, MCP Server, A2A Server, API Endpoints (tabbed) +- **Onboarding** — Setup wizard for new users +- **Usage** — Usage history and analytics +- **API Manager** — API key management with scoped permissions + +### Protocol Support +- **OpenAI-compatible** — `/v1/chat/completions`, `/v1/models`, `/v1/embeddings`, `/v1/images/generations`, `/v1/audio/transcriptions`, `/v1/audio/speech`, `/v1/moderations`, `/v1/rerank`, `/v1/videos/generations`, `/v1/music/generations` +- **Anthropic** — `/v1/messages`, `/v1/messages/count_tokens` +- **OpenAI Responses** — `/v1/responses` +- **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` +- **Ollama** — `/v1/api/chat`, `/api/tags` +- **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) +- **ACP** — Agent Communication Protocol registry and manager + +### MCP Server (29 Tools) +| Category | Tools | +|-----------|-------| +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | +| Memory (3) | `memory_search`, `memory_add`, `memory_clear` | +| Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | + +**MCP Auth Scopes (10):** `read:health`, `read:combos`, `write:combos`, `read:quota`, `read:usage`, `read:models`, `execute:completions`, `execute:search`, `write:budget`, `write:resilience` + +### Provider Categories + +**Free Providers (4):** Qoder AI, Qwen Code, Gemini CLI (deprecated), Kiro AI + +**OAuth Providers (8):** Claude Code, Antigravity, OpenAI Codex, GitHub Copilot, Cursor IDE, Kimi Coding, Kilo Code, Cline + +**API Key Providers (48+):** OpenAI, Anthropic, Gemini (Google AI Studio), DeepSeek, Groq, xAI (Grok), Mistral, Perplexity, Together AI, Fireworks AI, Cerebras, Cohere, NVIDIA NIM, Nebius AI, SiliconFlow, Hyperbolic, HuggingFace, OpenRouter, Vertex AI, Cloudflare Workers AI, Scaleway AI, AI/ML API, Pollinations AI, Puter AI, LongCat AI, Alibaba Cloud (DashScope), Alibaba Intl, Alibaba (AliCode), Kimi, Kimi Coding (API Key), Minimax, Minimax (China), Blackbox AI, Synthetic, Kilo Gateway, Z.AI, GLM Coding, Deepgram, AssemblyAI, ElevenLabs, Cartesia, PlayHT, Inworld, NanoBanana, SD WebUI, ComfyUI, Ollama Cloud, Perplexity Search, Serper Search, Brave Search, Exa Search, Tavily Search, OpenCode Zen, OpenCode Go, Bailian Coding Plan + +**Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs + +### Internationalization +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ +- Language switcher in documentation + +## Key Architectural Decisions + +1. **OpenAI-compatible API surface:** All incoming requests follow the OpenAI API format. This makes OmniRoute a drop-in replacement for any tool that supports custom OpenAI endpoints. + +2. **Provider abstraction via format translators:** Each AI provider has a translator in `open-sse/translator/` that converts between OpenAI format and the provider's native format transparently. + +3. **Connection-based provider model:** Providers are stored as "connections" in SQLite. Each connection has an `id`, `provider`, `authType` (oauth/apikey/free), `isActive` flag, and credentials. Multiple connections per provider for multi-account rotation. + +4. **Combo system for fallback:** Users create "combos" — ordered lists of `provider/model` pairs. The proxy tries each in order until one succeeds. Supports 13 strategies including auto-combo with self-healing and context-relay for session continuity. + +5. **SSE proxy pipeline:** The proxy pipeline is middleware-based: request → auth resolution → rate limiting → circuit breaker → format translation → upstream call → response translation → SSE streaming back to client. + +6. **SQLite for persistence:** All state (providers, combos, logs, settings, API keys, memory, skills) stored in a single SQLite database via 21 domain-specific modules. All DB operations go through `src/lib/db/` modules, never raw SQL in routes. + +7. **OAuth with PKCE:** OAuth flows use PKCE for security. Token refresh handled by background job (`tokenHealthCheck.ts`). + +8. **ProviderIcon component:** Unified icon system using `@lobehub/icons` (130+ SVG) with PNG fallback and generic icon fallback chain. Used on providers, dashboard, and agents pages. + +9. **DB architecture:** `localDb.ts` is a re-export layer only — real logic lives in 21 `src/lib/db/` modules with 16 SQL migrations. + +10. **Upstream headers:** Custom headers merged in executors after default auth; same header name replaces executor value. Forbidden header names in `src/shared/constants/upstreamHeaders.ts`. + +11. **Memory/Skills cross-cutting systems:** Memory and Skills affect the MCP tools, request pipeline, and A2A skills. Memory provides persistent context across sessions; Skills provide extensible tool execution with sandbox isolation. + +12. **Domain policy engine:** `src/domain/` contains policy engine modules (policyEngine, comboResolver, costRules, degradation, fallbackPolicy, lockoutPolicy, modelAvailability, providerExpiration, quotaCache, configAudit) that govern routing decisions independently from the pipeline. + +13. **Provider constants validated at load:** All provider definitions validated via Zod schemas at module load time (`src/shared/validation/providerSchema.ts`). Invalid providers fail fast. + +## Main Flows + +### Proxy Request Flow +1. Client sends OpenAI-format request to `/v1/chat/completions` +2. API key validation +3. Model resolution: direct model or combo lookup +4. For combos: iterate through models with selected strategy +5. Auth resolution: get credentials for the target provider +6. Format translation: OpenAI → provider native format +7. CLI fingerprint matching (if enabled for provider) +8. Upstream request with circuit breaker and rate limiting +9. Response translation: provider → OpenAI format +10. omniModel tag sanitization (strip internal tags) +11. SSE streaming back to client +12. Memory extraction (if memory system enabled) +13. Usage logging and cost calculation + +### OAuth Flow +1. Dashboard initiates `/api/oauth/[provider]/authorize` +2. User completes OAuth login in browser +3. Callback hits `/api/oauth/[provider]/exchange` +4. Tokens stored as a provider connection in SQLite +5. Background job refreshes tokens before expiry + +## Important Notes for LLMs + +1. **Two model endpoints exist:** `/api/models` (dashboard, all models) and `/v1/models` (OpenAI-compatible, active only). + +2. **Provider IDs vs aliases:** Providers have both an ID (`claude`, `github`) and a short alias (`cc`, `gh`). Models are referenced as `alias/model-name` (e.g., `cc/claude-opus-4-6`). + +3. **The `open-sse/` directory is a separate npm workspace** with its own config, handlers, executors, translators, and services. + +4. **Environment variables:** All configuration is in `.env` (from `.env.example`). Key vars: `PORT`, `NEXT_PUBLIC_BASE_URL`, `API_KEY`, `ADMIN_PASSWORD`. + +5. **Database layer:** Operations go through `src/lib/db/` modules (21 domain-specific files). `localDb.ts` is re-exports only — add new functions to the proper `db/*.ts` module. + +6. **Tests use Node.js built-in test runner:** 122 unit test files. Run `npm test`. Vitest for MCP/autoCombo (`npm run test:vitest`). Playwright for E2E (`npm run test:e2e`). + +7. **MCP and A2A pages are embedded as tabs inside `/dashboard/endpoint`**, not standalone routes. + +8. **ACP agents** are in `src/lib/acp/registry.ts` with detection cache. Custom agents stored via settings DB. + +9. **Auto-combo engine** in `open-sse/services/autoCombo/` — 6-factor scoring, 4 mode packs, bandit exploration, progressive cooldown. + +10. **Docker:** Dockerfile has two targets: `runner-base` and `runner-cli`. `docker-compose.yml` for dev (3 profiles), `docker-compose.prod.yml` for production (port 20130). + +11. **Electron desktop app** in `electron/` with main.js and preload.js. Build with `npm run electron:build` (supports Windows, macOS, Linux). + +12. **Pricing data** syncs from LiteLLM via `src/lib/pricingSync.ts`. Use `sync_pricing` MCP tool or API endpoint. + +13. **Memory system** in `src/lib/memory/` provides extraction, injection, retrieval, summarization, and persistent store. Exposed via MCP memory tools and `/api/memory/ API. + +14. **Skills system** in `src/lib/skills/` provides registry, executor, sandbox isolation, built-in skills, custom skill support, request interception, and context injection. Exposed via MCP skill tools and `/api/skills/` API. + +15. **Zod v4** is used for all validation. Import from `zod` package. Provider schemas validated at module load time. + +16. **Context Relay** strategy (`context-relay`) is split across two layers: `combo.ts` decides if a handoff should be generated after a successful turn; `chat.ts` injects the handoff only after account resolution. Handoff data lives in `context_handoffs` SQLite table. Config: `handoffThreshold`, `handoffModel`, `handoffProviders`. + +17. **Proxy enforcement** is now comprehensive: token health checks resolve proxy per connection, provider validation wraps in `runWithProxyContext`, and proxy dispatchers use `undici.fetch()` instead of the Node built-in `fetch()` to avoid dispatcher incompatibilities on Node 22. + +18. **Node.js 24+ compatibility**: The login page (`/api/settings/require-login`) detects the Node.js version and sends `nodeVersion`/`nodeCompatible` fields. The login UI renders a warning banner when `nodeCompatible` is false. + +## Links + +- Repository: https://github.com/diegosouzapw/OmniRoute +- Website: https://omniroute.online +- npm: https://www.npmjs.com/package/omniroute +- Docker Hub: https://hub.docker.com/r/diegosouzapw/omniroute +- Documentation: See `/docs/` directory diff --git a/docs/i18n/fi/CHANGELOG.md b/docs/i18n/fi/CHANGELOG.md index f7e6fafca4..d7fe8b9116 100644 --- a/docs/i18n/fi/CHANGELOG.md +++ b/docs/i18n/fi/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Turvallisuus +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Dokumentaatio +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Dokumentaatio +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Turvallisuus +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Turvallisuus +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Dokumentaatio +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Turvallisuus +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Dokumentaatio +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Turvallisuus +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Ominaisuudet +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Turvallisuus +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Ominaisuudet +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Ominaisuudet +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Turvallisuus +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Turvallisuus +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Dokumentaatio +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Dokumentaatio +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Ominaisuudet +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Ominaisuudet +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Ominaisuudet +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Turvallisuus +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Ominaisuudet +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Ominaisuudet +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Ominaisuudet +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Ominaisuudet +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Ominaisuudet +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Ominaisuudet +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Ominaisuudet +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Ominaisuudet +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Turvallisuus +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Ominaisuudet +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Ominaisuudet +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Ominaisuudet +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Ominaisuudet +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Ominaisuudet +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Ominaisuudet +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Dokumentaatio +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Ominaisuudet +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/fi/README.md b/docs/i18n/fi/README.md index dee8811990..c74cafde9a 100644 --- a/docs/i18n/fi/README.md +++ b/docs/i18n/fi/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/fi/docs/API_REFERENCE.md b/docs/i18n/fi/docs/API_REFERENCE.md index acc3b65643..cf86d70c68 100644 --- a/docs/i18n/fi/docs/API_REFERENCE.md +++ b/docs/i18n/fi/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/fi/docs/CLI-TOOLS.md b/docs/i18n/fi/docs/CLI-TOOLS.md index 9c17bc61b8..62115d6260 100644 --- a/docs/i18n/fi/docs/CLI-TOOLS.md +++ b/docs/i18n/fi/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/fi/llm.txt b/docs/i18n/fi/llm.txt index e0b98c94a8..c720e29c48 100644 --- a/docs/i18n/fi/llm.txt +++ b/docs/i18n/fi/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (Suomi) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## Yleiskatsaus +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### Turvallisuus +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/fr/CHANGELOG.md b/docs/i18n/fr/CHANGELOG.md index dbd9b620a5..97d2de860a 100644 --- a/docs/i18n/fr/CHANGELOG.md +++ b/docs/i18n/fr/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Sécurité +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Documentation +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Documentation +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Sécurité +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Sécurité +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Documentation +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Sécurité +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Sécurité +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Fonctionnalités +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Sécurité +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Fonctionnalités +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Fonctionnalités +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Sécurité +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Sécurité +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Documentation +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Documentation +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Fonctionnalités +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Fonctionnalités +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Fonctionnalités +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Sécurité +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Fonctionnalités +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Fonctionnalités +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Fonctionnalités +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Fonctionnalités +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Fonctionnalités +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Fonctionnalités +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Fonctionnalités +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Fonctionnalités +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Sécurité +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Fonctionnalités +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Fonctionnalités +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Fonctionnalités +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Fonctionnalités +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Fonctionnalités +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Fonctionnalités +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Documentation +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Fonctionnalités +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/fr/README.md b/docs/i18n/fr/README.md index 02505e8fc1..8648ea364e 100644 --- a/docs/i18n/fr/README.md +++ b/docs/i18n/fr/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/fr/docs/API_REFERENCE.md b/docs/i18n/fr/docs/API_REFERENCE.md index 8fce9ce5ce..8a67fbc810 100644 --- a/docs/i18n/fr/docs/API_REFERENCE.md +++ b/docs/i18n/fr/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/fr/docs/CLI-TOOLS.md b/docs/i18n/fr/docs/CLI-TOOLS.md index c5422d96fd..01062f94cd 100644 --- a/docs/i18n/fr/docs/CLI-TOOLS.md +++ b/docs/i18n/fr/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/fr/llm.txt b/docs/i18n/fr/llm.txt index d6223886bf..91c42a60a4 100644 --- a/docs/i18n/fr/llm.txt +++ b/docs/i18n/fr/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (Français) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## Aperçu +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### Sécurité +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/gu/CHANGELOG.md b/docs/i18n/gu/CHANGELOG.md index 484de2b0d6..8c33126af4 100644 --- a/docs/i18n/gu/CHANGELOG.md +++ b/docs/i18n/gu/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Seguridad +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Documentación +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Documentación +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Seguridad +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Seguridad +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Documentación +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Seguridad +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Documentación +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Seguridad +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Funcionalidades +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Seguridad +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Funcionalidades +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Funcionalidades +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Seguridad +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Seguridad +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Documentación +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Documentación +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Funcionalidades +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Funcionalidades +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Funcionalidades +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Seguridad +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Funcionalidades +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Funcionalidades +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Funcionalidades +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Funcionalidades +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Funcionalidades +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Funcionalidades +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Funcionalidades +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Funcionalidades +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Seguridad +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Funcionalidades +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Funcionalidades +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Funcionalidades +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Funcionalidades +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Funcionalidades +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Funcionalidades +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Documentación +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Funcionalidades +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/gu/README.md b/docs/i18n/gu/README.md index bec532d2de..000aa2895c 100644 --- a/docs/i18n/gu/README.md +++ b/docs/i18n/gu/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/gu/docs/API_REFERENCE.md b/docs/i18n/gu/docs/API_REFERENCE.md index a5c4f3cc4f..2b810899c6 100644 --- a/docs/i18n/gu/docs/API_REFERENCE.md +++ b/docs/i18n/gu/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/gu/docs/CLI-TOOLS.md b/docs/i18n/gu/docs/CLI-TOOLS.md index 6bbc3c0eb4..020f948286 100644 --- a/docs/i18n/gu/docs/CLI-TOOLS.md +++ b/docs/i18n/gu/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/gu/llm.txt b/docs/i18n/gu/llm.txt new file mode 100644 index 0000000000..93ba32e2f9 --- /dev/null +++ b/docs/i18n/gu/llm.txt @@ -0,0 +1,477 @@ +# OmniRoute (ગુજરાતી) + +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) + +--- + +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. + +## Overview + +OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. + +**Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. + +**Current version:** 3.8.0 + +## Tech Stack + +- **Runtime:** Node.js >= 18 < 24, ES Modules (`"type": "module"`) +- **Framework:** Next.js 16 (App Router) with TypeScript 5.9 +- **Database:** SQLite via better-sqlite3 (local, zero-config, 16 migrations) +- **State management:** Zustand (client), SQLite (server persistence) +- **UI:** React 19, Tailwind CSS 4, Recharts for analytics, @lobehub/icons for 130+ provider SVG icons +- **Auth:** OAuth 2.0 (PKCE) for providers, bcrypt for local user auth +- **Schemas:** Zod v4 for all API / MCP input validation +- **Background jobs:** Custom token health check scheduler, 24h model auto-sync +- **Streaming:** Server-Sent Events (SSE) for real-time proxy responses +- **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine +- **i18n:** next-intl with 40+ languages +- **Desktop:** Electron (cross-platform: Windows, macOS, Linux) +- **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) + +## Project Structure + +``` +/ +├── src/ # Main application source +│ ├── app/ # Next.js App Router pages and API routes +│ │ ├── (dashboard)/ # Dashboard UI pages +│ │ │ └── dashboard/ +│ │ │ ├── agents/ # ACP Agents dashboard (CLI agent detection + custom agents) +│ │ │ ├── analytics/ # Usage analytics and charts +│ │ │ ├── api-manager/ # API key management +│ │ │ ├── audit/ # Audit logs +│ │ │ ├── auto-combo/ # Auto-combo engine dashboard +│ │ │ ├── cache/ # Cache dashboard (semantic cache stats) +│ │ │ ├── cli-tools/ # CLI tool configuration (Claude Code, Codex, Gemini CLI, etc.) +│ │ │ ├── combos/ # Model combo management (13 strategies + 4 templates) +│ │ │ ├── costs/ # Cost tracking per provider/model +│ │ │ ├── endpoint/ # Unified: Endpoint Proxy, MCP, A2A, API Endpoints tabs +│ │ │ ├── health/ # System health (uptime, circuit breakers, latency) +│ │ │ ├── limits/ # Rate limits dashboard +│ │ │ ├── logs/ # Request, Proxy, Audit, Console logs (tabbed) +│ │ │ ├── media/ # Image/video/music generation + transcription +│ │ │ ├── memory/ # Memory system dashboard +│ │ │ ├── onboarding/ # Onboarding wizard +│ │ │ ├── playground/ # Model playground (Monaco editor, streaming) +│ │ │ ├── providers/ # Provider management (OAuth + API key + free) +│ │ │ ├── search-tools/ # Search tools configuration +│ │ │ ├── settings/ # Settings tabs (General, Appearance, Security, Routing, Resilience, Advanced) +│ │ │ ├── skills/ # Skills system dashboard +│ │ │ ├── translator/ # Format translator + debug tools +│ │ │ └── usage/ # Usage history +│ │ ├── api/ # REST API endpoints (51 route directories) +│ │ │ ├── v1/ # OpenAI-compatible API (chat, completions, models, embeddings, +│ │ │ │ # images, audio, videos, music, moderations, rerank, search, +│ │ │ │ # responses, messages, registered-keys, quotas, accounts) +│ │ │ ├── v1beta/ # Gemini-compatible API +│ │ │ ├── a2a/ # A2A agent management API +│ │ │ ├── acp/ # ACP agent management API +│ │ │ ├── oauth/ # OAuth flows per provider +│ │ │ ├── providers/ # Provider CRUD and batch testing +│ │ │ ├── models/ # Dashboard model listing and aliases +│ │ │ ├── combos/ # Combo CRUD (multi-model fallback chains) +│ │ │ ├── memory/ # Memory system API +│ │ │ ├── skills/ # Skills system API +│ │ │ ├── evals/ # Eval runner API +│ │ │ ├── mcp/ # MCP HTTP transport API +│ │ │ ├── search/ # Search provider API +│ │ │ ├── webhooks/ # Webhook management +│ │ │ ├── tunnels/ # Cloudflare tunnel management +│ │ │ └── ... # Other endpoints (usage, logs, health, settings, pricing, etc.) +│ │ ├── landing/ # Landing page +│ │ ├── login/ # Login page +│ │ ├── forgot-password/ # Password recovery +│ │ ├── status/ # Status page +│ │ └── docs/ # In-app documentation +│ ├── domain/ # Domain types and policy engine +│ │ ├── policyEngine.ts # Central policy engine +│ │ ├── comboResolver.ts # Combo resolution logic +│ │ ├── costRules.ts # Cost calculation rules +│ │ ├── degradation.ts # Graceful degradation +│ │ ├── fallbackPolicy.ts # Fallback behavior +│ │ ├── lockoutPolicy.ts # Account lockout logic +│ │ ├── modelAvailability.ts # Model availability checks +│ │ ├── providerExpiration.ts # Provider credential expiration +│ │ ├── quotaCache.ts # Quota caching layer +│ │ ├── configAudit.ts # Configuration auditing +│ │ └── responses.ts # Domain response types +│ ├── i18n/ # Internationalization +│ │ └── messages/ # 40+ language JSON files +│ ├── lib/ # Core libraries +│ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server +│ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) +│ │ │ ├── taskManager.ts # Task lifecycle with TTL cleanup +│ │ │ └── streaming.ts # SSE streaming for A2A +│ │ ├── acp/ # Agent Communication Protocol registry and manager +│ │ ├── compliance/ # Compliance policy engine +│ │ ├── db/ # SQLite database layer (21 modules + migrations) +│ │ │ ├── core.ts # Database initialization, connection, schema +│ │ │ ├── providers.ts # Provider connection CRUD +│ │ │ ├── models.ts # Model catalog management +│ │ │ ├── combos.ts # Combo configuration +│ │ │ ├── apiKeys.ts # API key management +│ │ │ ├── settings.ts # Settings persistence +│ │ │ ├── backup.ts # Database backup/restore +│ │ │ ├── proxies.ts # Proxy registry +│ │ │ ├── prompts.ts # Prompt templates +│ │ │ ├── webhooks.ts # Webhook subscriptions +│ │ │ ├── detailedLogs.ts # Detailed request logging +│ │ │ ├── domainState.ts # Domain state persistence +│ │ │ ├── registeredKeys.ts # Registered API keys with quotas +│ │ │ ├── quotaSnapshots.ts # Quota snapshot history +│ │ │ ├── modelComboMappings.ts # Model-to-combo mappings +│ │ │ ├── cliToolState.ts # CLI tool state tracking +│ │ │ ├── encryption.ts # Data encryption +│ │ │ ├── readCache.ts # Read-through cache layer +│ │ │ ├── secrets.ts # Secrets management +│ │ │ ├── stateReset.ts # State reset utilities +│ │ │ ├── migrationRunner.ts # Schema migration runner +│ │ │ └── migrations/ # 16 SQL migration files +│ │ ├── evals/ # Eval runner and scheduler +│ │ ├── memory/ # Persistent conversational memory +│ │ │ ├── extraction.ts # Memory extraction from conversations +│ │ │ ├── injection.ts # Memory injection into context +│ │ │ ├── retrieval.ts # Memory retrieval/search +│ │ │ ├── store.ts # Memory persistence layer +│ │ │ └── summarization.ts # Memory summarization +│ │ ├── oauth/ # OAuth providers, services, and utilities +│ │ │ ├── constants/ # Default OAuth credentials (overridable via env) +│ │ │ ├── providers/ # Provider-specific OAuth configs +│ │ │ ├── services/ # Provider-specific token exchange logic +│ │ │ └── utils/ # PKCE, callback server, token helpers +│ │ ├── plugins/ # Plugin system +│ │ ├── skills/ # Extensible skill framework +│ │ │ ├── registry.ts # Skill registration +│ │ │ ├── executor.ts # Skill execution engine +│ │ │ ├── sandbox.ts # Skill sandbox environment +│ │ │ ├── builtin/ # Built-in skills +│ │ │ ├── interception.ts # Skill request interception +│ │ │ └── injection.ts # Skill context injection +│ │ ├── usage/ # Usage tracking system +│ │ │ ├── callLogs.ts # Call log persistence +│ │ │ ├── costCalculator.ts # Cost calculation engine +│ │ │ └── usageHistory.ts # Usage history queries +│ │ ├── cloudSync.ts # Cloud sync via Cloudflare Workers +│ │ ├── cloudflaredTunnel.ts # Cloudflare tunnel management +│ │ ├── pricingSync.ts # LiteLLM pricing data sync +│ │ ├── semanticCache.ts # Semantic caching layer +│ │ ├── tokenHealthCheck.ts # Background OAuth token refresh scheduler +│ │ ├── webhookDispatcher.ts # Webhook event dispatcher +│ │ └── localDb.ts # Unified re-export layer for all DB modules +│ ├── middleware/ # Request middleware +│ │ └── promptInjectionGuard.ts # Prompt injection detection +│ ├── mitm/ # MITM proxy capability +│ │ ├── cert/ # Certificate management +│ │ ├── dns/ # DNS handling +│ │ ├── targets/ # Target routing +│ │ └── manager.ts # MITM proxy manager +│ ├── shared/ # Shared utilities, components, and constants +│ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── contracts/ # Shared API contracts +│ │ ├── hooks/ # React hooks +│ │ ├── middleware/ # Shared middleware utilities +│ │ ├── schemas/ # Shared Zod schemas +│ │ ├── services/ # Shared services +│ │ ├── types/ # Shared TypeScript types +│ │ ├── validation/ # Zod schemas (settings, providers, routes) +│ │ └── utils/ # Helpers (auth, CORS, error codes, machine ID) +│ ├── sse/ # SSE proxy pipeline +│ │ ├── services/ # Auth resolution, format translation, response handling +│ │ └── middleware/ # Rate limiting, circuit breaker, caching, idempotency +│ ├── store/ # Zustand client-side stores (theme, providers, etc.) +│ └── types/ # TypeScript type definitions +├── open-sse/ # Standalone SSE server (npm workspace) +│ ├── config/ # Model registries (providerRegistry, embedding, image, audio, video, +│ │ # music, rerank, moderation, search, CLI fingerprints, Ollama models) +│ ├── executors/ # Provider-specific request executors (14 executors) +│ │ ├── base.ts # Base executor with shared logic +│ │ ├── default.ts # Default OpenAI-compatible executor +│ │ ├── cursor.ts # Cursor IDE (protobuf + checksum) +│ │ ├── codex.ts # OpenAI Codex CLI +│ │ ├── antigravity.ts # Antigravity IDE +│ │ ├── github.ts # GitHub Copilot +│ │ ├── gemini-cli.ts # Gemini CLI +│ │ ├── kiro.ts # Kiro AI +│ │ ├── qoder.ts # Qoder AI +│ │ ├── vertex.ts # Vertex AI (Service Account JSON) +│ │ ├── cloudflare-ai.ts # Cloudflare Workers AI +│ │ ├── opencode.ts # OpenCode Zen/Go +│ │ ├── pollinations.ts # Pollinations AI +│ │ └── puter.ts # Puter AI +│ ├── handlers/ # Request handlers per API type (11 handlers) +│ │ ├── chatCore.ts # Main chat completions handler +│ │ ├── responsesHandler.ts # OpenAI Responses API handler +│ │ ├── embeddings.ts # Embedding generation +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) +│ │ ├── videoGeneration.ts # Video generation +│ │ ├── musicGeneration.ts # Music generation +│ │ ├── audioSpeech.ts # Text-to-speech +│ │ ├── audioTranscription.ts # Speech-to-text (Whisper, Deepgram, AssemblyAI) +│ │ ├── moderations.ts # Content moderation +│ │ ├── rerank.ts # Reranking API +│ │ └── search.ts # Web search API +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ │ ├── server.ts # MCP server core (tool registration, scope enforcement) +│ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) +│ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) +│ │ ├── scopeEnforcement.ts # Scope-based access control (10 scopes) +│ │ ├── audit.ts # Tool call audit logging +│ │ ├── runtimeHeartbeat.ts # MCP runtime heartbeat +│ │ └── httpTransport.ts # HTTP transport handler +│ ├── services/ # 36+ service modules +│ │ ├── combo.ts # Core routing engine +│ │ ├── usage.ts # Usage tracking +│ │ ├── tokenRefresh.ts # OAuth token refresh +│ │ ├── rateLimitManager.ts # Rate limit management +│ │ ├── accountFallback.ts # Multi-account fallback +│ │ ├── sessionManager.ts # Session management +│ │ ├── wildcardRouter.ts # Wildcard model routing +│ │ ├── autoCombo/ # Auto-combo engine (6-factor scoring, bandit exploration) +│ │ ├── intentClassifier.ts # Request intent classification +│ │ ├── taskAwareRouter.ts # Task-aware routing +│ │ ├── thinkingBudget.ts # Thinking budget management +│ │ ├── contextManager.ts # Context window management +│ │ ├── modelDeprecation.ts # Model deprecation handling +│ │ ├── modelFamilyFallback.ts # Intra-family model fallback +│ │ ├── emergencyFallback.ts # Emergency fallback +│ │ ├── workflowFSM.ts # Workflow state machine +│ │ ├── backgroundTaskDetector.ts # Background task detection +│ │ ├── ipFilter.ts # IP-based access control +│ │ ├── signatureCache.ts # CLI signature caching +│ │ ├── volumeDetector.ts # Request volume detection +│ │ ├── contextHandoff.ts # Context relay handoff generation and injection +│ │ ├── codexQuotaFetcher.ts # Codex quota fetching for context-relay +│ │ └── ... # Additional services (14 more modules) +│ ├── transformer/ # Responses API transformer +│ │ └── responsesTransformer.ts +│ ├── translator/ # Format translators (OpenAI ↔ Claude ↔ Gemini ↔ Responses ↔ Ollama ↔ DeepSeek) +│ │ ├── request/ # Request translators per provider +│ │ ├── response/ # Response translators per provider +│ │ ├── helpers/ # Translation helpers +│ │ └── image/ # Image format translation +│ └── utils/ # 22 utility modules (stream, TLS, proxy, logging, etc.) +├── electron/ # Electron desktop app (cross-platform) +│ ├── main.js # Electron main process +│ ├── preload.js # Preload script (IPC bridge) +│ └── assets/ # App icons and assets +├── tests/ # Test suites +│ ├── unit/ # 122 unit test files +│ ├── integration/ # Integration tests +│ ├── e2e/ # Playwright E2E tests +│ ├── security/ # Security tests +│ ├── translator/ # Translator-specific tests +│ └── load/ # Load tests +├── docs/ # Documentation +│ ├── i18n/ # 30-language translated docs +│ ├── ARCHITECTURE.md # Full architecture documentation +│ ├── API_REFERENCE.md # API reference +│ ├── USER_GUIDE.md # User guide +│ ├── CODEBASE_DOCUMENTATION.md # Codebase overview +│ ├── CLI-TOOLS.md # CLI tools integration guide +│ ├── A2A-SERVER.md # A2A agent protocol documentation +│ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) +│ ├── MCP-SERVER.md # MCP server (29 tools) +│ ├── TROUBLESHOOTING.md # Troubleshooting guide +│ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide +│ ├── openapi.yaml # OpenAPI specification +│ └── screenshots/ # Dashboard screenshots +├── bin/ # CLI entry points (omniroute, reset-password) +├── scripts/ # Build and utility scripts +└── .env.example # Environment variable template +``` + +## Key Features (v3.8.0) + +### Core Proxy +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) +- **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay +- **4-tier fallback**: Subscription → API Key → Cheap → Free +- **Context Relay strategy**: Session handoff summaries on account rotation for continuity +- **Auto-combo engine**: Self-healing routing optimization with 6-factor scoring, bandit exploration, progressive cooldown +- **Semantic caching** with cache hit/miss headers +- **Idempotency** with configurable dedup window +- **Circuit breaker** per provider with configurable thresholds +- **Provider Icons**: 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback +- **Model Auto-Sync**: 24h scheduler refreshes model lists for 16 providers +- **Registered Keys API**: Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement +- **Memory System**: Persistent conversational memory with extraction, injection, retrieval, and summarization +- **Skills System**: Extensible skill framework with registry, executor, sandbox, built-in and custom skills +- **Prompt Injection Guard**: Middleware-level prompt injection detection +- **MITM Proxy**: Certificate management, DNS handling, and target routing +- **Cloudflare Tunnels**: Managed tunnel creation for remote access +- **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) + +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. +- **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) +- **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` +- **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` +- **omniModel tag sanitization**: Internal `` tags never leak to clients in SSE streams +- **TLS Fingerprint Spoofing** — Browser-like TLS fingerprint to reduce bot detection +- **CLI Fingerprint Matching** — Per-provider request signature matching +- **Prompt injection guard** — Request middleware detection +- **Provider constants validated at module load** via Zod (`src/shared/validation/providerSchema.ts`) +- **PII sanitizer** — Sensitive data scrubbing in logs + +### Dashboard Pages (23 sections) +- **Providers** — OAuth, API key, and free provider management with ProviderIcon SVG icons +- **Combos** — Multi-model combo builder with 4 templates (Free Stack, High Availability, Cost Saver, Balanced) + 13 strategies +- **Auto-Combo** — Auto-combo engine dashboard with scoring metrics +- **Analytics** — Token consumption, cost, heatmaps, distributions +- **Health** — Uptime, memory, latency percentiles, circuit breakers +- **Logs** — Request, Proxy, Audit, Console (tabbed) +- **Audit** — Audit trail and compliance logging +- **Costs** — Cost tracking per provider/model +- **Limits** — Rate limit monitoring +- **Cache** — Semantic cache statistics and management +- **CLI Tools** — One-click configuration for 10+ AI CLI tools +- **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration +- **Playground** — Test any model with Monaco editor, streaming responses +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) +- **Search Tools** — Search provider configuration and testing +- **Memory** — Memory system management and visualization +- **Skills** — Skills framework management and execution +- **Translator** — Format debugging: playground, chat tester, test bench, live monitor +- **Settings** — General, Appearance (7 color themes), Security (TLS/CLI fingerprint, IP filter), Routing, Resilience, Advanced +- **Endpoint** — Unified: Endpoint Proxy, MCP Server, A2A Server, API Endpoints (tabbed) +- **Onboarding** — Setup wizard for new users +- **Usage** — Usage history and analytics +- **API Manager** — API key management with scoped permissions + +### Protocol Support +- **OpenAI-compatible** — `/v1/chat/completions`, `/v1/models`, `/v1/embeddings`, `/v1/images/generations`, `/v1/audio/transcriptions`, `/v1/audio/speech`, `/v1/moderations`, `/v1/rerank`, `/v1/videos/generations`, `/v1/music/generations` +- **Anthropic** — `/v1/messages`, `/v1/messages/count_tokens` +- **OpenAI Responses** — `/v1/responses` +- **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` +- **Ollama** — `/v1/api/chat`, `/api/tags` +- **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) +- **ACP** — Agent Communication Protocol registry and manager + +### MCP Server (29 Tools) +| Category | Tools | +|-----------|-------| +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | +| Memory (3) | `memory_search`, `memory_add`, `memory_clear` | +| Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | + +**MCP Auth Scopes (10):** `read:health`, `read:combos`, `write:combos`, `read:quota`, `read:usage`, `read:models`, `execute:completions`, `execute:search`, `write:budget`, `write:resilience` + +### Provider Categories + +**Free Providers (4):** Qoder AI, Qwen Code, Gemini CLI (deprecated), Kiro AI + +**OAuth Providers (8):** Claude Code, Antigravity, OpenAI Codex, GitHub Copilot, Cursor IDE, Kimi Coding, Kilo Code, Cline + +**API Key Providers (48+):** OpenAI, Anthropic, Gemini (Google AI Studio), DeepSeek, Groq, xAI (Grok), Mistral, Perplexity, Together AI, Fireworks AI, Cerebras, Cohere, NVIDIA NIM, Nebius AI, SiliconFlow, Hyperbolic, HuggingFace, OpenRouter, Vertex AI, Cloudflare Workers AI, Scaleway AI, AI/ML API, Pollinations AI, Puter AI, LongCat AI, Alibaba Cloud (DashScope), Alibaba Intl, Alibaba (AliCode), Kimi, Kimi Coding (API Key), Minimax, Minimax (China), Blackbox AI, Synthetic, Kilo Gateway, Z.AI, GLM Coding, Deepgram, AssemblyAI, ElevenLabs, Cartesia, PlayHT, Inworld, NanoBanana, SD WebUI, ComfyUI, Ollama Cloud, Perplexity Search, Serper Search, Brave Search, Exa Search, Tavily Search, OpenCode Zen, OpenCode Go, Bailian Coding Plan + +**Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs + +### Internationalization +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ +- Language switcher in documentation + +## Key Architectural Decisions + +1. **OpenAI-compatible API surface:** All incoming requests follow the OpenAI API format. This makes OmniRoute a drop-in replacement for any tool that supports custom OpenAI endpoints. + +2. **Provider abstraction via format translators:** Each AI provider has a translator in `open-sse/translator/` that converts between OpenAI format and the provider's native format transparently. + +3. **Connection-based provider model:** Providers are stored as "connections" in SQLite. Each connection has an `id`, `provider`, `authType` (oauth/apikey/free), `isActive` flag, and credentials. Multiple connections per provider for multi-account rotation. + +4. **Combo system for fallback:** Users create "combos" — ordered lists of `provider/model` pairs. The proxy tries each in order until one succeeds. Supports 13 strategies including auto-combo with self-healing and context-relay for session continuity. + +5. **SSE proxy pipeline:** The proxy pipeline is middleware-based: request → auth resolution → rate limiting → circuit breaker → format translation → upstream call → response translation → SSE streaming back to client. + +6. **SQLite for persistence:** All state (providers, combos, logs, settings, API keys, memory, skills) stored in a single SQLite database via 21 domain-specific modules. All DB operations go through `src/lib/db/` modules, never raw SQL in routes. + +7. **OAuth with PKCE:** OAuth flows use PKCE for security. Token refresh handled by background job (`tokenHealthCheck.ts`). + +8. **ProviderIcon component:** Unified icon system using `@lobehub/icons` (130+ SVG) with PNG fallback and generic icon fallback chain. Used on providers, dashboard, and agents pages. + +9. **DB architecture:** `localDb.ts` is a re-export layer only — real logic lives in 21 `src/lib/db/` modules with 16 SQL migrations. + +10. **Upstream headers:** Custom headers merged in executors after default auth; same header name replaces executor value. Forbidden header names in `src/shared/constants/upstreamHeaders.ts`. + +11. **Memory/Skills cross-cutting systems:** Memory and Skills affect the MCP tools, request pipeline, and A2A skills. Memory provides persistent context across sessions; Skills provide extensible tool execution with sandbox isolation. + +12. **Domain policy engine:** `src/domain/` contains policy engine modules (policyEngine, comboResolver, costRules, degradation, fallbackPolicy, lockoutPolicy, modelAvailability, providerExpiration, quotaCache, configAudit) that govern routing decisions independently from the pipeline. + +13. **Provider constants validated at load:** All provider definitions validated via Zod schemas at module load time (`src/shared/validation/providerSchema.ts`). Invalid providers fail fast. + +## Main Flows + +### Proxy Request Flow +1. Client sends OpenAI-format request to `/v1/chat/completions` +2. API key validation +3. Model resolution: direct model or combo lookup +4. For combos: iterate through models with selected strategy +5. Auth resolution: get credentials for the target provider +6. Format translation: OpenAI → provider native format +7. CLI fingerprint matching (if enabled for provider) +8. Upstream request with circuit breaker and rate limiting +9. Response translation: provider → OpenAI format +10. omniModel tag sanitization (strip internal tags) +11. SSE streaming back to client +12. Memory extraction (if memory system enabled) +13. Usage logging and cost calculation + +### OAuth Flow +1. Dashboard initiates `/api/oauth/[provider]/authorize` +2. User completes OAuth login in browser +3. Callback hits `/api/oauth/[provider]/exchange` +4. Tokens stored as a provider connection in SQLite +5. Background job refreshes tokens before expiry + +## Important Notes for LLMs + +1. **Two model endpoints exist:** `/api/models` (dashboard, all models) and `/v1/models` (OpenAI-compatible, active only). + +2. **Provider IDs vs aliases:** Providers have both an ID (`claude`, `github`) and a short alias (`cc`, `gh`). Models are referenced as `alias/model-name` (e.g., `cc/claude-opus-4-6`). + +3. **The `open-sse/` directory is a separate npm workspace** with its own config, handlers, executors, translators, and services. + +4. **Environment variables:** All configuration is in `.env` (from `.env.example`). Key vars: `PORT`, `NEXT_PUBLIC_BASE_URL`, `API_KEY`, `ADMIN_PASSWORD`. + +5. **Database layer:** Operations go through `src/lib/db/` modules (21 domain-specific files). `localDb.ts` is re-exports only — add new functions to the proper `db/*.ts` module. + +6. **Tests use Node.js built-in test runner:** 122 unit test files. Run `npm test`. Vitest for MCP/autoCombo (`npm run test:vitest`). Playwright for E2E (`npm run test:e2e`). + +7. **MCP and A2A pages are embedded as tabs inside `/dashboard/endpoint`**, not standalone routes. + +8. **ACP agents** are in `src/lib/acp/registry.ts` with detection cache. Custom agents stored via settings DB. + +9. **Auto-combo engine** in `open-sse/services/autoCombo/` — 6-factor scoring, 4 mode packs, bandit exploration, progressive cooldown. + +10. **Docker:** Dockerfile has two targets: `runner-base` and `runner-cli`. `docker-compose.yml` for dev (3 profiles), `docker-compose.prod.yml` for production (port 20130). + +11. **Electron desktop app** in `electron/` with main.js and preload.js. Build with `npm run electron:build` (supports Windows, macOS, Linux). + +12. **Pricing data** syncs from LiteLLM via `src/lib/pricingSync.ts`. Use `sync_pricing` MCP tool or API endpoint. + +13. **Memory system** in `src/lib/memory/` provides extraction, injection, retrieval, summarization, and persistent store. Exposed via MCP memory tools and `/api/memory/ API. + +14. **Skills system** in `src/lib/skills/` provides registry, executor, sandbox isolation, built-in skills, custom skill support, request interception, and context injection. Exposed via MCP skill tools and `/api/skills/` API. + +15. **Zod v4** is used for all validation. Import from `zod` package. Provider schemas validated at module load time. + +16. **Context Relay** strategy (`context-relay`) is split across two layers: `combo.ts` decides if a handoff should be generated after a successful turn; `chat.ts` injects the handoff only after account resolution. Handoff data lives in `context_handoffs` SQLite table. Config: `handoffThreshold`, `handoffModel`, `handoffProviders`. + +17. **Proxy enforcement** is now comprehensive: token health checks resolve proxy per connection, provider validation wraps in `runWithProxyContext`, and proxy dispatchers use `undici.fetch()` instead of the Node built-in `fetch()` to avoid dispatcher incompatibilities on Node 22. + +18. **Node.js 24+ compatibility**: The login page (`/api/settings/require-login`) detects the Node.js version and sends `nodeVersion`/`nodeCompatible` fields. The login UI renders a warning banner when `nodeCompatible` is false. + +## Links + +- Repository: https://github.com/diegosouzapw/OmniRoute +- Website: https://omniroute.online +- npm: https://www.npmjs.com/package/omniroute +- Docker Hub: https://hub.docker.com/r/diegosouzapw/omniroute +- Documentation: See `/docs/` directory diff --git a/docs/i18n/he/CHANGELOG.md b/docs/i18n/he/CHANGELOG.md index c73723829a..06e11b13ba 100644 --- a/docs/i18n/he/CHANGELOG.md +++ b/docs/i18n/he/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### אבטחה +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### תיעוד +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### תיעוד +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### אבטחה +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### אבטחה +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### תיעוד +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### אבטחה +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### תיעוד +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### אבטחה +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### תכונות +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### אבטחה +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### תכונות +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### תכונות +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### אבטחה +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### אבטחה +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### תיעוד +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### תיעוד +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### תכונות +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### תכונות +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### תכונות +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### אבטחה +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### תכונות +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### תכונות +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### תכונות +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### תכונות +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### תכונות +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### תכונות +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### תכונות +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### תכונות +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### אבטחה +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### תכונות +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### תכונות +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### תכונות +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### תכונות +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### תכונות +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### תכונות +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### תיעוד +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### תכונות +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/he/README.md b/docs/i18n/he/README.md index 0588889edd..a3f9901683 100644 --- a/docs/i18n/he/README.md +++ b/docs/i18n/he/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/he/docs/API_REFERENCE.md b/docs/i18n/he/docs/API_REFERENCE.md index d26f7021f5..14d8b8cd52 100644 --- a/docs/i18n/he/docs/API_REFERENCE.md +++ b/docs/i18n/he/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/he/docs/CLI-TOOLS.md b/docs/i18n/he/docs/CLI-TOOLS.md index bd301df0b0..e6a56c9731 100644 --- a/docs/i18n/he/docs/CLI-TOOLS.md +++ b/docs/i18n/he/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/he/llm.txt b/docs/i18n/he/llm.txt index 1eec894ae5..47ade9e353 100644 --- a/docs/i18n/he/llm.txt +++ b/docs/i18n/he/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (עברית) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## סקירה כללית +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### אבטחה +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/hi/CHANGELOG.md b/docs/i18n/hi/CHANGELOG.md index 07ed812121..89c19e40ae 100644 --- a/docs/i18n/hi/CHANGELOG.md +++ b/docs/i18n/hi/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### सुरक्षा +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### दस्तावेज़ +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### दस्तावेज़ +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### सुरक्षा +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### सुरक्षा +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### दस्तावेज़ +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### सुरक्षा +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### दस्तावेज़ +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### सुरक्षा +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### विशेषताएं +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### सुरक्षा +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### विशेषताएं +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### विशेषताएं +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### सुरक्षा +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### सुरक्षा +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### दस्तावेज़ +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### दस्तावेज़ +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### विशेषताएं +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### विशेषताएं +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### विशेषताएं +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### सुरक्षा +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### विशेषताएं +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### विशेषताएं +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### विशेषताएं +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### विशेषताएं +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### विशेषताएं +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### विशेषताएं +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### विशेषताएं +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### विशेषताएं +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### सुरक्षा +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### विशेषताएं +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### विशेषताएं +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### विशेषताएं +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### विशेषताएं +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### विशेषताएं +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### विशेषताएं +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### दस्तावेज़ +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### विशेषताएं +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/hi/README.md b/docs/i18n/hi/README.md index 5fd3946044..be8b2e4647 100644 --- a/docs/i18n/hi/README.md +++ b/docs/i18n/hi/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/hi/docs/API_REFERENCE.md b/docs/i18n/hi/docs/API_REFERENCE.md index 3fab33e4bf..99afbc3e5b 100644 --- a/docs/i18n/hi/docs/API_REFERENCE.md +++ b/docs/i18n/hi/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/hi/docs/CLI-TOOLS.md b/docs/i18n/hi/docs/CLI-TOOLS.md index 96b6262c13..1d34fe2484 100644 --- a/docs/i18n/hi/docs/CLI-TOOLS.md +++ b/docs/i18n/hi/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/hi/llm.txt b/docs/i18n/hi/llm.txt index 7a4c81f081..1cb382da90 100644 --- a/docs/i18n/hi/llm.txt +++ b/docs/i18n/hi/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (हिन्दी) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## अवलोकन +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### सुरक्षा +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/hu/CHANGELOG.md b/docs/i18n/hu/CHANGELOG.md index 4ccbe4a816..79f97153c7 100644 --- a/docs/i18n/hu/CHANGELOG.md +++ b/docs/i18n/hu/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Biztonság +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Dokumentáció +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Dokumentáció +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Biztonság +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Biztonság +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Dokumentáció +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Biztonság +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Dokumentáció +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Biztonság +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Funkciók +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Biztonság +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Funkciók +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Funkciók +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Biztonság +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Biztonság +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Dokumentáció +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Dokumentáció +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Funkciók +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Funkciók +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Funkciók +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Biztonság +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Funkciók +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Funkciók +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Funkciók +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Funkciók +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Funkciók +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Funkciók +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Funkciók +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Funkciók +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Biztonság +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Funkciók +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Funkciók +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Funkciók +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Funkciók +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Funkciók +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Funkciók +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Dokumentáció +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Funkciók +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/hu/README.md b/docs/i18n/hu/README.md index df6dfead53..97ffb36ab0 100644 --- a/docs/i18n/hu/README.md +++ b/docs/i18n/hu/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/hu/docs/API_REFERENCE.md b/docs/i18n/hu/docs/API_REFERENCE.md index 292f87d25c..112c2872b1 100644 --- a/docs/i18n/hu/docs/API_REFERENCE.md +++ b/docs/i18n/hu/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/hu/docs/CLI-TOOLS.md b/docs/i18n/hu/docs/CLI-TOOLS.md index d276a0e882..0ca07b4fbd 100644 --- a/docs/i18n/hu/docs/CLI-TOOLS.md +++ b/docs/i18n/hu/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/hu/llm.txt b/docs/i18n/hu/llm.txt index 39c9afd320..0b6577ac44 100644 --- a/docs/i18n/hu/llm.txt +++ b/docs/i18n/hu/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (Magyar) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## Áttekintés +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### Biztonság +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/id/CHANGELOG.md b/docs/i18n/id/CHANGELOG.md index 5e47c1e5ca..25687c52f7 100644 --- a/docs/i18n/id/CHANGELOG.md +++ b/docs/i18n/id/CHANGELOG.md @@ -6,9 +6,283 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + ### ✨ New Features -- **feat:** ongoing development +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | --- @@ -16,8 +290,14 @@ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) -- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) ### 🐛 Bug Fixes @@ -56,56 +336,25 @@ - **chore(ui):** speed up endpoint initial render with background task loading (#1760) - **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss -### 🏆 Community Contributors Acknowledgment - -We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. - -**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** - -| Contributor | Contributions (PRs) | -| :----------------------------------------------------- | :----------------------------------------------------------------------- | -| [@rdself](https://github.com/rdself) | #1742, #1357, #1356, #1089, #1069, #904, #880, #875, #853, #851, #974 | -| [@oyi77](https://github.com/oyi77) | #1411, #1021, #990, #926, #908, #883, #881, #868, #862, #859, #850, #983 | -| [@benzntech](https://github.com/benzntech) | #1677, #1444, #1440, #1437, #1435 | -| [@clousky2020](https://github.com/clousky2020) | #1644, #1408 | -| [@christopher-s](https://github.com/christopher-s) | #885, #868, #992 | -| [@kang-heewon](https://github.com/kang-heewon) | #1235, #884 | -| [@backryun](https://github.com/backryun) | #1627, #1358, #1722 | -| [@tombii](https://github.com/tombii) | #900, #856 | -| [@slewis3600](https://github.com/slewis3600) | #1624 | -| [@dhaern](https://github.com/dhaern) | #1647 | -| [@JasonLandbridge](https://github.com/JasonLandbridge) | #1626 | -| [@hartmark](https://github.com/hartmark) | #1500 | -| [@herjarsa](https://github.com/herjarsa) | #1480 | -| [@andruwa13](https://github.com/andruwa13) | #1457 | -| [@i1hwan](https://github.com/i1hwan) | #1386 | -| [@xandr0s](https://github.com/xandr0s) | #1376 | -| [@RaviTharuma](https://github.com/RaviTharuma) | #1188 | -| [@wlfonseca](https://github.com/wlfonseca) | #1016 | -| [@only4copilot](https://github.com/only4copilot) | #1039, #855 | -| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | #898 | -| [@dt418](https://github.com/dt418) | #896 | -| [@willbnu](https://github.com/willbnu) | #882 | -| [@defhouse](https://github.com/defhouse) | #906 | -| [@mercs2910](https://github.com/mercs2910) | #1001 | -| [@zen0bit](https://github.com/zen0bit) | #912 | -| [@razllivan](https://github.com/razllivan) | #987 | -| [@foxy1402](https://github.com/foxy1402) | #934 | -| [@knopki](https://github.com/knopki) | #1434 | -| [@dail45](https://github.com/dail45) | #1413 | - --- ## [3.7.4] — 2026-04-28 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(ui):** add endpoint tunnel visibility settings (#1743) - **feat(cli):** refresh CLI fingerprint provider profiles (#1746) - **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table - **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) -### Keamanan +### 🔒 Security - **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) @@ -156,6 +405,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) - **feat(logs):** configure call log pipeline artifacts (#1650) - **feat(network):** add guarded remote image fetch utility @@ -225,6 +481,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). - **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. - **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. @@ -256,7 +519,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). - **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). -### Dokumentasi +### 📝 Documentation - **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). @@ -266,6 +529,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). - **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). @@ -399,7 +669,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **test(next):** Align transpile package expectations for the Next.js standalone build. - **test(ci):** Fix CI-only test failures from environment differences — clear `INITIAL_PASSWORD` and `JWT_SECRET` in integration tests, handle `XDG_CONFIG_HOME` for guide-settings tests. -### Dokumentasi +### 📚 Documentation - **docs:** Update the root changelog with all release-branch changes through 2026-04-24, including PRs #1544, #1555, #1551, #1550, #1548, #1547, #1541, #1538, #1536, and #1527. - **docs:** Fix broken README and localized documentation links. (#1536) @@ -424,6 +694,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -506,6 +783,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -527,7 +811,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **feat(providers):** Expand image provider registry with extended model support including SD3.5, FLUX, and DALL-E 3 HD configurations - **feat(combos):** Add new routing strategies and full i18n support for agent features section across 31 languages -### Keamanan +### 🔒 Security - **security:** Resolve 18 GitHub CodeQL scan alerts including ReDoS, incomplete sanitization, and bad HTML filtering regexp patterns - **fix(auth):** Seal privilege escalation vector by enforcing JWT session checking exclusively on `/api/keys` management endpoints (#1353) @@ -586,6 +870,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -662,6 +953,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -726,6 +1024,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -773,7 +1078,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Duplicate `auto` in Combo Strategy Schema:** Removed duplicate `"auto"` entry from `comboStrategySchema` (was listed on both line 104 and 108). Harmless to Zod runtime but cleaned up to avoid confusion. Schema now has exactly 13 unique strategy values - **Legacy Combo Refs Normalization:** Fixed combo step normalization to preserve legacy string combo references during CRUD operations, preventing data loss when editing combos created before the v2 step architecture -### Keamanan +### 🔒 Security - **Auth Bypass on Backup Routes (Critical):** Added `isAuthenticated` guards to `/api/db-backups/exportAll` (full database export) and `/api/db-backups` (list, create, and restore backups) — both were previously accessible without authentication - **Auth Guard on Translator Save:** Added `isAuthenticated` guard to `/api/translator/save` for defense-in-depth consistency @@ -826,6 +1131,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -864,6 +1176,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -896,6 +1215,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -925,6 +1251,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -955,6 +1288,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -988,6 +1328,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features & Analytics +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1040,6 +1387,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1086,6 +1440,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1122,7 +1483,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **Updated Sub-dependencies:** Bumped `hono` to `4.12.12` and `@hono/node-server` to `1.19.13` to patch critical security gaps (#1063, #1064, #1067, #1068). -### Dokumentasi +### 📚 Documentation - **Documentation Synchronization:** Updated system documentation (README, Architecture, Features, Tools, Troubleshooting) and synced `i18n` configurations to match the v3.5.5 context relay patterns and proxy troubleshooting steps. - **Context Relay Delivery Notes:** Documented the current architecture, runtime flow, and Codex-focused scope in the feature docs, changelog, and agent guidance. @@ -1133,6 +1494,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1191,7 +1559,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.5.3] - 2026-04-07 -### Keamanan +### Security - **Vulnerabilities:** Fully remediated 12 High-Severity CodeQL vulnerabilities by migrating from Math.random to `crypto.randomUUID()`, wrapping SSE injection points with aggressive backslash escaping, sanitizing trailing HTTP fragments, and enforcing rigid SSRF HTTP verification schemes across internal routes. - **Dependencies:** Upgraded Next.js to `^16.2.2` and Vite to `>=8.0.5` resolving critical DoS, arbitrary file reads and CSRF vectors in the build/server environments. @@ -1207,7 +1575,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **CI/CD Stabilization:** Prevented random GitHub Runner freezes by decoupling sharded processes, adjusting test concurrencies, unref-ing active connections on server teardown, and strictly capping job timeout durations. -### Dokumentasi +### Documentation - **I18n Engine:** Synchronized and pushed deep Machine Translation updates across all 32 natively-supported languages (682 translation nodes aligned). @@ -1221,6 +1589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1253,6 +1628,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1281,6 +1663,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1347,7 +1736,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.8] — 2026-04-03 -### Keamanan +### Security - Fully remediated all outstanding Github Advanced Security (CodeQL) findings and Dependabot alerts. - Fixed insecure randomness vulnerabilities by migrating from `Math.random` to `crypto.randomUUID()`. @@ -1359,7 +1748,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.7] — 2026-04-03 -### Fitur +### Features - Added `Cryptography` node to Monitoring and MCP health checks (#798) - Hardened model-catalog route permissions mapping (`/models`) (#781) @@ -1375,7 +1764,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - Fixed MCP standalone module-resolution (`ERR_MODULE_NOT_FOUND`) via `esbuild` (#936) - Fixed NVIDIA NIM routing credential resolution alias mismatch (#931) -### Keamanan +### Security - Added safe strict input boundary protection against raw `shell: true` remote-code execution injections. @@ -1385,6 +1774,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1419,6 +1815,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1481,6 +1884,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1541,6 +1951,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1594,7 +2011,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.4.0] - 2026-03-31 -### Fitur +### 🚀 Features - **Subscription Utilization Analytics:** Added quota snapshot time-series tracking, Provider Utilization and Combo Health tabs with recharts visualizations, and corresponding API endpoints (#847) - **SQLite Backup Control:** New `OMNIROUTE_DISABLE_AUTO_BACKUP` env flag to disable automatic SQLite backups (#846) @@ -1646,7 +2063,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ## [3.3.8] - 2026-03-30 -### Fitur +### 🚀 Features - **Models API Filtering:** Endpoint `/v1/models` now dynamically filters its list based on the permissions tied to the `Authorization: Bearer ` when restricted access is on (#781) - **Qoder Integration:** Native integration for Qoder AI natively replacing the legacy iFlow platform mappings (#660) @@ -1715,6 +2132,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1745,6 +2169,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -1806,6 +2237,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2016,6 +2454,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2044,6 +2489,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2076,6 +2528,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2130,6 +2589,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2325,6 +2791,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2359,6 +2832,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2409,7 +2889,7 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) - **NaN tokens in Claude Code / client responses (#617):** - `sanitizeUsage()` now cross-maps `input_tokens`→`prompt_tokens` and `output_tokens`→`completion_tokens` before the whitelist filter, fixing responses showing NaN/0 token counts when providers return Claude-style usage field names -### Keamanan +### 🔒 Security - Updated `yaml` package to fix stack overflow vulnerability (GHSA-48c2-rrv3-qjmp) @@ -2467,6 +2947,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2503,6 +2990,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2521,6 +3015,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -2556,6 +3057,13 @@ We identified that **37 community PRs** across past releases (v3.4.0 → v3.7.4) ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3001,6 +3509,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3016,6 +3531,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3043,7 +3565,7 @@ docker pull diegosouzapw/omniroute:3.0.0 - **SVG fallback**: `ProviderIcon` component updated with 4-tier strategy: Lobehub → PNG → SVG → Generic icon - **Agents fingerprinting**: Synced with CLI tools — added droid, openclaw, copilot, opencode to fingerprint list (14 total) -### Keamanan +### 🔒 Security - **CVE fix**: Resolved dompurify XSS vulnerability (GHSA-v2wj-7wpq-c8vv) via npm overrides forcing `dompurify@^3.3.2` - `npm audit` now reports **0 vulnerabilities** @@ -3113,6 +3635,13 @@ docker pull diegosouzapw/omniroute:3.0.0 ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3160,6 +3689,13 @@ Both providers use the new `OpencodeExecutor` with multi-format routing (`/chat/ ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3295,6 +3831,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3318,6 +3861,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3334,6 +3884,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3371,7 +3928,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **#510** — Windows: MSYS2/Git-Bash paths (`/c/Program Files/...`) are now normalized to `C:\Program Files\...` - **#492** — `omniroute` CLI now detects `mise`/`nvm` when `app/server.js` is missing and shows targeted fix -### Dokumentasi +### 📖 Documentation - **#513** — Docker password reset: `INITIAL_PASSWORD` env var workaround documented - **#520** — pnpm: `pnpm approve-builds better-sqlite3` documented @@ -3468,7 +4025,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **feat(executors/cloudflare-ai)**: New `CloudflareAIExecutor` — dynamic URL construction requires `accountId` in provider credentials - **feat(executors)**: Register `pollinations`, `pol`, `cloudflare-ai`, `cf` executor mappings -### Dokumentasi +### 📝 Documentation - **docs(readme)**: Expanded free combo stack to 11 providers ($0 forever) - **docs(readme)**: Added 4 new free provider sections (LongCat, Pollinations, Cloudflare AI, Scaleway) with model tables @@ -3543,6 +4100,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -3613,7 +4177,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **OAuth batch test crash** (ERR_CONNECTION_REFUSED): Replaced sequential for-loop with 5-connection concurrency limit + 30s per-connection timeout via `Promise.race()` + `Promise.allSettled()`. Prevents server crash when testing large OAuth provider groups (~30+ connections). -### Fitur +### Features - **"Test All" button on provider pages**: Individual provider pages (e.g., `/providers/codex`) now show a "Test All" button in the Connections header when there are 2+ connections. Uses `POST /api/providers/test-batch` with `{mode: "provider", providerId}`. Results displayed in a modal with pass/fail summary and per-connection diagnosis. @@ -3641,7 +4205,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Merge PR #494 (MiniMax role fix), fix KIRO MITM dashboard, triage 8 issues. -### Fitur +### Features - **MiniMax developer→system role fix** (PR #494 by @zhangqiang8vip): Per-model `preserveDeveloperRole` toggle. Adds "Compatibility" UI in providers page. Fixes 422 "role param error" for MiniMax and similar gateways. - **roleNormalizer**: `normalizeDeveloperRole()` now accepts `preserveDeveloperRole` parameter with tri-state behavior (undefined=keep, true=keep, false=convert). @@ -3697,7 +4261,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Gemini CLI deprecation, VM guide i18n fix, dependabot security fix, provider schema expansion. -### Fitur +### Features - **Gemini CLI Deprecation** (#462): Mark `gemini-cli` provider as deprecated with warning — Google restricts third-party OAuth usage from March 2026 - **Provider Schema** (#462): Expand Zod validation with `deprecated`, `deprecationReason`, `hasFree`, `freeNote`, `authHint`, `apiHint` optional fields @@ -3706,7 +4270,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **VM Guide i18n** (#471): Add `VM_DEPLOYMENT_GUIDE.md` to i18n translation pipeline, regenerate all 30 locale translations from English source (were stuck in Portuguese) -### Keamanan +### Security - **deps**: Bump `flatted` 3.3.3 → 3.4.2 — fixes CWE-1321 prototype pollution (#484, @dependabot) @@ -3726,7 +4290,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Czech i18n, SSE protocol fix, VM guide translation. -### Fitur +### Features - **Czech Language** (#482): Full Czech (cs) i18n — 22 docs, 2606 UI strings, language switcher updates (@zen0bit) - **VM Deployment Guide**: Translated from Portuguese to English as the source document (@zen0bit) @@ -3745,7 +4309,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: 2 merged PRs, model aliases routing fix, log export, and issue triage. -### Fitur +### Features - **Log Export**: New Export button on `/dashboard/logs` with time range dropdown (1h, 6h, 12h, 24h). Downloads JSON of request/proxy/call logs via `/api/logs/export` API (#user-request) @@ -3765,7 +4329,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Five community PRs — streaming call log fixes, Kiro compatibility, cache token analytics, Chinese translation, and configurable tool call IDs. -### Fitur +### ✨ Features - **feat(logs)**: Call log response content now correctly accumulated from raw provider chunks (OpenAI/Claude/Gemini) before translation, fixing empty response payloads in streaming mode (#470, @zhangqiang8vip) - **feat(providers)**: Per-model configurable 9-char tool call ID normalization (Mistral-style) — only models with the option enabled get truncated IDs (#470) @@ -3795,7 +4359,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Bailian Coding Plan provider with editable base URLs, plus community contributions for Alibaba Cloud and Kimi Coding. -### Fitur +### ✨ Features - **feat(providers)**: Added Bailian Coding Plan (`bailian-coding-plan`) — Alibaba Model Studio with Anthropic-compatible API. Static catalog of 8 models including Qwen3.5 Plus, Qwen3 Coder, MiniMax M2.5, GLM 5, and Kimi K2.5. Includes custom auth validation (400=valid, 401/403=invalid) (#467, @Mind-Dragon) - **feat(admin)**: Editable default URL in Provider Admin create/edit flows — users can configure custom base URLs per connection. Persisted in `providerSpecificData.baseUrl` with Zod schema validation rejecting non-http(s) schemes (#467) @@ -3810,7 +4374,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Two new community-contributed providers (Alibaba Cloud Coding, Kimi Coding API-key) and Docker pino fix. -### Fitur +### ✨ Features - **feat(providers)**: Added Alibaba Cloud Coding Plan support with two OpenAI-compatible endpoints — `alicode` (China) and `alicode-intl` (International), each with 8 models (#465, @dtk1985) - **feat(providers)**: Added dedicated `kimi-coding-apikey` provider path — API-key-based Kimi Coding access is no longer forced through OAuth-only `kimi-coding` route. Includes registry, constants, models API, config, and validation test (#463, @Mind-Dragon) @@ -3835,7 +4399,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Codex responses subpath passthrough natively supported, Windows MITM crash fixed, and Combos agent schemas adjusted. -### Fitur +### ✨ Features - **feat(codex)**: Native responses subpath passthrough for Codex — natively routes `POST /v1/responses/compact` to Codex upstream, maintaining Claude Code compatibility without stripping the `/compact` suffix (#457) @@ -3875,7 +4439,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(budget)**: "Save Limits" no longer returns 422 — `warningThreshold` is now correctly sent as fraction (0–1) instead of percentage (0–100) (#451) - **fix(combos)**: `` internal cache tag is now stripped before forwarding requests to providers, preventing cache session breaks (#454) -### Fitur +### ✨ Features - **feat(combos)**: Agent Features section added to combo create/edit modal — expose `system_message` override, `tool_filter_regex`, and `context_cache_protection` directly from the dashboard (#454) @@ -3931,7 +4495,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: Search Tools dashboard, i18n fixes, Copilot limits, Serper validation fix. -### Fitur +### 🚀 Features - **feat(search)**: Add Search Playground (10th endpoint), Search Tools page with Compare Providers/Rerank Pipeline/Search History, local rerank routing, auth guards on search API (#443 by @Regis-RCR) - New route: `/dashboard/search-tools` @@ -4010,6 +4574,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4024,7 +4595,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - DB migration: `request_type` column on `call_logs` for non-chat request tracking - Zod validation (`v1SearchSchema`), auth-gated, cost recorded via `recordCost()` -### Keamanan +### 🔒 Security - **deps**: Next.js 16.1.6 → 16.1.7 — fixes 6 CVEs: - **Critical**: CVE-2026-29057 (HTTP request smuggling via http-proxy) @@ -4154,7 +4725,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **005_combo_agent_fields.sql**: `ALTER TABLE combos ADD COLUMN system_message TEXT DEFAULT NULL`, `tool_filter_regex TEXT DEFAULT NULL`, `context_cache_protection INTEGER DEFAULT 0` - **006_detailed_request_logs.sql**: New `request_detail_logs` table with 500-entry ring-buffer trigger, opt-in via settings toggle -### Fitur +### ✨ Features - **feat(combo)**: System Message Override per Combo (#399 — `system_message` field replaces or injects system prompt before forwarding to provider) - **feat(combo)**: Tool Filter Regex per Combo (#399 — `tool_filter_regex` keeps only tools matching pattern; supports OpenAI + Anthropic formats) @@ -4169,7 +4740,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > Sprint: SSE improvements, local provider_nodes extensions, proxy registry, Claude passthrough fixes. -### Fitur +### ✨ Features - **feat(health)**: Background health check for local `provider_nodes` with exponential backoff (30s→300s) and `Promise.allSettled` to avoid blocking (#423, @Regis-RCR) - **feat(embeddings)**: Route `/v1/embeddings` to local `provider_nodes` — `buildDynamicEmbeddingProvider()` with hostname validation (#422, @Regis-RCR) @@ -4230,6 +4801,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4304,7 +4882,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Turbopack hash-strip now runs at **compile time** for ALL packages — not just `better-sqlite3`. Step 5.6 in `prepublish.mjs` walks every `.js` in `app/.next/server/` and strips the 16-char hex suffix from any hashed `require()`. Fixes `zod-dcb22c...`, `pino-...`, etc. MODULE_NOT_FOUND on global npm installs. Closes #398 - **fix(deploy)**: PM2 on both VPS was pointing to stale git-clone directories. Reconfigured to `app/server.js` in the npm global package. Updated `/deploy-vps` workflow to use `npm pack + scp` (npm registry rejects 299MB packages). -### Fitur +### ✨ Features - **feat(provider)**: Synthetic ([synthetic.new](https://synthetic.new)) — privacy-focused OpenAI-compatible inference. `passthroughModels: true` for dynamic HuggingFace model catalog. Initial models: Kimi K2.5, MiniMax M2.5, GLM 4.7, DeepSeek V3.2. (PR #404 by @Regis-RCR) @@ -4334,7 +4912,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(build)**: Extended webpack `externals` hash-strip to cover ALL `serverExternalPackages`, not just `better-sqlite3`. Next.js 16 Turbopack hashes `zod`, `pino`, and every other server-external package into names like `zod-dcb22c6336e0bc69` that don't exist in `node_modules` at runtime. A HASH_PATTERN regex catch-all now strips the 16-char suffix and falls back to the base package name. Also added `NEXT_PRIVATE_BUILD_WORKER=0` in `prepublish.mjs` to reinforce webpack mode, plus a post-build scan that reports any remaining hashed refs. (#396, #398, PR #403) - **fix(chat)**: Anthropic-format tool names (`tool.name` without `.function` wrapper) were silently dropped by the empty-name filter introduced in #346. LiteLLM proxies requests with `anthropic/` prefix in Anthropic Messages API format, causing all tools to be filtered and Anthropic to return `400: tool_choice.any may only be specified while providing tools`. Fixed by falling back to `tool.name` when `tool.function.name` is absent. Added 8 regression unit tests. (PR #397) -### Fitur +### ✨ Features - **feat(api)**: Custom endpoint paths for OpenAI-compatible provider nodes — configure `chatPath` and `modelsPath` per node (e.g. `/v4/chat/completions`) in the provider connection UI. Includes a DB migration (`003_provider_node_custom_paths.sql`) and URL path sanitization (no `..` traversal, must start with `/`). (PR #400) - **feat(provider)**: Alibaba Cloud DashScope added as OpenAI-compatible provider. International endpoint: `dashscope-intl.aliyuncs.com/compatible-mode/v1`. 12 models: `qwen-max`, `qwen-plus`, `qwen-turbo`, `qwen3-coder-plus/flash`, `qwq-plus`, `qwq-32b`, `qwen3-32b`, `qwen3-235b-a22b`. Auth: Bearer API key. @@ -4393,7 +4971,7 @@ OmniRoute now automatically refreshes model lists for connected providers every - **fix(oauth)**: Qoder (and other providers that redirect to their own UI) no longer leave the OAuth modal stuck at "Waiting for Authorization" — popup-closed detector auto-transitions to manual URL input mode (#344) - **fix(logs)**: Request log table is now readable in light mode — status badges, token counts, and combo tags use adaptive `dark:` color classes (#378) -### Fitur +### ✨ Features - **feat(kiro)**: Kiro credit tracking added to usage fetcher — queries `getUserCredits` from AWS CodeWhisperer endpoint (#337) @@ -4509,6 +5087,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4574,6 +5159,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #366, #367, #368) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4602,6 +5194,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features (PRs #363 & #365) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4638,6 +5237,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4655,6 +5261,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4685,6 +5298,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). @@ -4752,7 +5372,7 @@ OmniRoute now automatically refreshes model lists for connected providers every > **Major release** — Free Stack ecosystem, transcription playground overhaul, 44+ providers, comprehensive free tier documentation, and UI improvements across the board. -### Fitur +### ✨ Features - **Combos: Free Stack template** — New 4th template "Free Stack ($0)" using round-robin across Kiro + Qoder + Qwen + Gemini CLI. Suggests the pre-built zero-cost combo on first use. - **Media/Transcription: Deepgram as default** — Deepgram (Nova 3, $200 free) is now the default transcription provider. AssemblyAI ($50 free) and Groq Whisper (free forever) shown with free credit badges. @@ -4763,7 +5383,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.16] - 2026-03-13 -### Dokumentasi +### 📖 Documentation - **README: 44+ Providers** — Updated all 3 occurrences of "36+ providers" to "44+" reflecting the actual codebase count (44 providers in providers.ts) - **README: New Section "🆓 Free Models — What You Actually Get"** — Added 7-provider table with per-model rate limits for: Kiro (Claude unlimited via AWS Builder ID), Qoder (5 models unlimited), Qwen (4 models unlimited), Gemini CLI (180K/mo), NVIDIA NIM (~40 RPM dev-forever), Cerebras (1M tok/day / 60K TPM), Groq (30 RPM / 14.4K RPD). Includes the \/usr/bin/bash Ultimate Free Stack combo recommendation. @@ -4773,7 +5393,7 @@ OmniRoute now automatically refreshes model lists for connected providers every ## [2.3.15] - 2026-03-13 -### Fitur +### ✨ Features - **Auto-Combo Dashboard (Tier Priority)**: Added `🏷️ Tier` as the 7th scoring factor label in the `/dashboard/auto-combo` factor breakdown display — all 7 Auto-Combo scoring factors are now visible. - **i18n — autoCombo section**: Added 20 new translation keys for the Auto-Combo dashboard (`title`, `status`, `modePack`, `providerScores`, `factorTierPriority`, etc.) to all 30 language files. @@ -4808,6 +5428,13 @@ OmniRoute now automatically refreshes model lists for connected providers every ### ✨ New Features +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + - **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). - **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). diff --git a/docs/i18n/id/README.md b/docs/i18n/id/README.md index 3ea46706a9..e308128367 100644 --- a/docs/i18n/id/README.md +++ b/docs/i18n/id/README.md @@ -130,28 +130,28 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f - Codex CLI
+ Codex CLI
Codex CLI
⭐ 60.8K - Claude Code
+ Claude Code
Claude Code
⭐ 67.3K - Gemini CLI
+ Gemini CLI
Gemini CLI
⭐ 94.7K - Kilo Code
+ Kilo Code
Kilo Code
⭐ 15.5K diff --git a/docs/i18n/id/docs/API_REFERENCE.md b/docs/i18n/id/docs/API_REFERENCE.md index 73977d0a7e..595d5731fb 100644 --- a/docs/i18n/id/docs/API_REFERENCE.md +++ b/docs/i18n/id/docs/API_REFERENCE.md @@ -87,13 +87,13 @@ Authorization: Bearer your-api-key Content-Type: application/json { - "model": "openai/dall-e-3", + "model": "openai/gpt-image-2", "prompt": "A beautiful sunset over mountains", "size": "1024x1024" } ``` -Available providers: OpenAI (DALL-E, GPT Image 1), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). +Available providers: OpenAI (GPT Image 2), xAI (Grok Image), Together AI (FLUX), Fireworks AI, Nebius (FLUX), Hyperbolic, NanoBanana, **OpenRouter**, SD WebUI (local), ComfyUI (local). ```bash # List all image models diff --git a/docs/i18n/id/docs/CLI-TOOLS.md b/docs/i18n/id/docs/CLI-TOOLS.md index 44fa7817f7..bb3b80fb0f 100644 --- a/docs/i18n/id/docs/CLI-TOOLS.md +++ b/docs/i18n/id/docs/CLI-TOOLS.md @@ -350,7 +350,7 @@ They run as internal routes and use OmniRoute's model routing automatically. | `/v1/responses` | Responses API (OpenAI format) | Codex, agentic workflows | | `/v1/completions` | Legacy text completions | Older tools using `prompt:` | | `/v1/embeddings` | Text embeddings | RAG, search | -| `/v1/images/generations` | Image generation | DALL-E, Flux, etc. | +| `/v1/images/generations` | Image generation | GPT-Image, Flux, etc. | | `/v1/audio/speech` | Text-to-speech | ElevenLabs, OpenAI TTS | | `/v1/audio/transcriptions` | Speech-to-text | Deepgram, AssemblyAI | diff --git a/docs/i18n/id/llm.txt b/docs/i18n/id/llm.txt index 28f28cd8d5..05336cecdb 100644 --- a/docs/i18n/id/llm.txt +++ b/docs/i18n/id/llm.txt @@ -1,19 +1,18 @@ # OmniRoute (Bahasa Indonesia) -🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) +🌐 **Languages:** 🇺🇸 [English](../../../llm.txt) · 🇸🇦 [ar](../ar/llm.txt) · 🇧🇬 [bg](../bg/llm.txt) · 🇧🇩 [bn](../bn/llm.txt) · 🇨🇿 [cs](../cs/llm.txt) · 🇩🇰 [da](../da/llm.txt) · 🇩🇪 [de](../de/llm.txt) · 🇪🇸 [es](../es/llm.txt) · 🇮🇷 [fa](../fa/llm.txt) · 🇫🇮 [fi](../fi/llm.txt) · 🇫🇷 [fr](../fr/llm.txt) · 🇮🇳 [gu](../gu/llm.txt) · 🇮🇱 [he](../he/llm.txt) · 🇮🇳 [hi](../hi/llm.txt) · 🇭🇺 [hu](../hu/llm.txt) · 🇮🇩 [id](../id/llm.txt) · 🇮🇳 [in](../in/llm.txt) · 🇮🇹 [it](../it/llm.txt) · 🇯🇵 [ja](../ja/llm.txt) · 🇰🇷 [ko](../ko/llm.txt) · 🇮🇳 [mr](../mr/llm.txt) · 🇲🇾 [ms](../ms/llm.txt) · 🇳🇱 [nl](../nl/llm.txt) · 🇳🇴 [no](../no/llm.txt) · 🇵🇭 [phi](../phi/llm.txt) · 🇵🇱 [pl](../pl/llm.txt) · 🇵🇹 [pt](../pt/llm.txt) · 🇧🇷 [pt-BR](../pt-BR/llm.txt) · 🇷🇴 [ro](../ro/llm.txt) · 🇷🇺 [ru](../ru/llm.txt) · 🇸🇰 [sk](../sk/llm.txt) · 🇸🇪 [sv](../sv/llm.txt) · 🇰🇪 [sw](../sw/llm.txt) · 🇮🇳 [ta](../ta/llm.txt) · 🇮🇳 [te](../te/llm.txt) · 🇹🇭 [th](../th/llm.txt) · 🇹🇷 [tr](../tr/llm.txt) · 🇺🇦 [uk-UA](../uk-UA/llm.txt) · 🇵🇰 [ur](../ur/llm.txt) · 🇻🇳 [vi](../vi/llm.txt) · 🇨🇳 [zh-CN](../zh-CN/llm.txt) --- +> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 160+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (29 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. -> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 60+ AI providers — all through a single OpenAI-compatible endpoint. Includes a built-in MCP Server (25 tools), A2A v0.3 protocol, Memory/Skills systems, and an Electron desktop app. - -## Ikhtisar +## Overview OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free. **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost. -**Current version:** 3.5.5 +**Current version:** 3.8.0 ## Tech Stack @@ -27,7 +26,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Background jobs:** Custom token health check scheduler, 24h model auto-sync - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses - **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine -- **i18n:** next-intl with 30 languages +- **i18n:** next-intl with 40+ languages - **Desktop:** Electron (cross-platform: Windows, macOS, Linux) - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`) @@ -99,7 +98,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── configAudit.ts # Configuration auditing │ │ └── responses.ts # Domain response types │ ├── i18n/ # Internationalization -│ │ └── messages/ # 30 language JSON files +│ │ └── messages/ # 40+ language JSON files │ ├── lib/ # Core libraries │ │ ├── a2a/ # Agent-to-Agent v0.3 protocol server │ │ │ ├── skills/ # A2A skills (quotaManagement, smartRouting) @@ -170,7 +169,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ └── manager.ts # MITM proxy manager │ ├── shared/ # Shared utilities, components, and constants │ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.) -│ │ ├── constants/ # Provider definitions (60+), model lists, pricing, routing strategies, MCP scopes +│ │ ├── constants/ # Provider definitions (160+), model lists, pricing, routing strategies, MCP scopes │ │ ├── contracts/ # Shared API contracts │ │ ├── hooks/ # React hooks │ │ ├── middleware/ # Shared middleware utilities @@ -206,7 +205,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── chatCore.ts # Main chat completions handler │ │ ├── responsesHandler.ts # OpenAI Responses API handler │ │ ├── embeddings.ts # Embedding generation -│ │ ├── imageGeneration.ts # Image generation (DALL-E, FLUX, SD, etc.) +│ │ ├── imageGeneration.ts # Image generation (GPT-Image, FLUX, SD, etc.) │ │ ├── videoGeneration.ts # Video generation │ │ ├── musicGeneration.ts # Music generation │ │ ├── audioSpeech.ts # Text-to-speech @@ -214,7 +213,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ │ ├── moderations.ts # Content moderation │ │ ├── rerank.ts # Reranking API │ │ └── search.ts # Web search API -│ ├── mcp-server/ # Built-in MCP server (25 tools, 3 transports: stdio/SSE/streamable-HTTP) +│ ├── mcp-server/ # Built-in MCP server (29 tools, 3 transports: stdio/SSE/streamable-HTTP) │ │ ├── server.ts # MCP server core (tool registration, scope enforcement) │ │ ├── tools/ # Tool implementations (advancedTools, memoryTools, skillTools) │ │ ├── schemas/ # Zod input schemas (tools, audit, a2a) @@ -274,7 +273,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo │ ├── CLI-TOOLS.md # CLI tools integration guide │ ├── A2A-SERVER.md # A2A agent protocol documentation │ ├── AUTO-COMBO.md # Auto-combo engine (6-factor scoring) -│ ├── MCP-SERVER.md # MCP server (25 tools) +│ ├── MCP-SERVER.md # MCP server (29 tools) │ ├── TROUBLESHOOTING.md # Troubleshooting guide │ ├── VM_DEPLOYMENT_GUIDE.md # VPS deployment guide │ ├── openapi.yaml # OpenAPI specification @@ -284,11 +283,11 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo └── .env.example # Environment variable template ``` -## Key Features (v3.5.5) +## Key Features (v3.8.0) ### Core Proxy -- **60+ AI providers** with automatic format translation -- **4 provider categories**: Free (4), OAuth (8), API Key (48+), Custom (OpenAI/Anthropic-compatible) +- **160+ AI providers** with automatic format translation +- **4 provider categories**: Free (4), OAuth (8), API Key (120+), Self-Hosted (8+), Custom (OpenAI/Anthropic-compatible) - **13 routing strategies**: priority, weighted, round-robin, fill-first, p2c, random, least-used, cost-optimized, strict-random, auto, lkgp, context-optimized, context-relay - **4-tier fallback**: Subscription → API Key → Cheap → Free - **Context Relay strategy**: Session handoff summaries on account rotation for continuity @@ -306,7 +305,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Cloudflare Tunnels**: Managed tunnel creation for remote access - **122 unit test files** with comprehensive coverage (55% statements/lines/functions, 60% branches) -### Keamanan +### Security +- **Data Loss Prevention**: SQLite migration safety bounds abort startup on dangerous massive schema overrides. Pre-migration `VACUUM INTO` backups isolate rollback snapshots. - **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection, SSRF, incomplete URLs) - **Web Crypto session IDs**: `generateSessionId` uses `crypto.getRandomValues()` instead of `Math.random()` - **Route validation**: All API routes validated with Zod v4 schemas + `validateBody()` @@ -331,7 +331,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **CLI Tools** — One-click configuration for 10+ AI CLI tools - **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration - **Playground** — Test any model with Monaco editor, streaming responses -- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files) +- **Media** — Image/video/music generation (GPT-Image, FLUX, etc.) + audio transcription (up to 2GB files) - **Search Tools** — Search provider configuration and testing - **Memory** — Memory system management and visualization - **Skills** — Skills framework management and execution @@ -349,14 +349,15 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}` - **Ollama** — `/v1/api/chat`, `/api/tags` - **Search** — `/v1/search` (Perplexity, Serper, Brave, Exa, Tavily) -- **MCP** — 25-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) +- **MCP** — 29-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP) - **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills) - **ACP** — Agent Communication Protocol registry and manager -### MCP Server (25 Tools) +### MCP Server (29 Tools) | Category | Tools | |-----------|-------| -| Core (18) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `sync_pricing` | +| Core (20) | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`, `web_search`, `simulate_route`, `set_budget_guard`, `set_routing_strategy`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot`, `db_health_check`, `sync_pricing` | +| Cache (2) | `cache_stats`, `cache_flush` | | Memory (3) | `memory_search`, `memory_add`, `memory_clear` | | Skills (4) | `skills_list`, `skills_enable`, `skills_execute`, `skills_executions` | @@ -373,8 +374,8 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo **Custom Providers:** OpenAI-compatible (`openai-compatible-*`) and Anthropic-compatible (`anthropic-compatible-*`) with custom base URLs ### Internationalization -- 30 languages for UI (all dashboard pages) -- 30 translated documentation sets in docs/i18n/ +- 40+ languages for UI (all dashboard pages) +- 40 translated documentation sets in docs/i18n/ - Language switcher in documentation ## Key Architectural Decisions diff --git a/docs/i18n/in/CHANGELOG.md b/docs/i18n/in/CHANGELOG.md index ff7d835e62..4dc68a146c 100644 --- a/docs/i18n/in/CHANGELOG.md +++ b/docs/i18n/in/CHANGELOG.md @@ -6,21 +6,687 @@ ## [Unreleased] +## [3.8.0] — 2026-05-06 + +### ✨ New Features + +- **feat(antigravity):** integrate Antigravity provider with dynamic `maxOutputTokens` calculation (bumping to `thinkingBudget + 1`) and standard Cloud Code envelope payload sanitization (#2055, #2063) +- **feat(gemini-cli):** add custom projectId support for Gemini CLI transport (UI, DB, executor) (#1991) + +### 🐛 Bug Fixes + +- **fix(cache):** optimize cache_control preservation logic and explicitly align tool schema with upstream Claude Code expectations +- **fix(db):** preserve legacy SQLite database path on Windows to prevent data loss (#1973) +- **fix(settings):** resolve model alias persistence double stringification preventing UI updates (#2018) +- **fix(routing):** dynamically filter bare model auto-resolution by active provider connections to prevent dead-routing (#2029) +- **fix(embeddings):** add Google Gemini embeddings compatibility via OpenAI-compatible endpoint mapping (#2006) +- **fix:** remove Anthropic-Beta header from non-Anthropic providers to fix identity contamination (#1989) +- **fix(cli):** resolve .env loading failure for global npm installations + +### 🔒 Security + +- **fix(security):** remediate regex validation backtracking path in core compression cleanup (#1990) +- **fix(core):** harden input handling and stabilization for prompt compression edge cases + +### 🧹 Chores & Maintenance + +- **chore(providers):** prune redundant local provider icon assets in favor of `@lobehub/icons` web fonts (#1992) +- **ci:** skip SonarCloud scan on main pushes to optimize CI time +- **test:** stabilize cooldown abort coverage case in integration testing + +## [3.7.9] — 2026-05-03 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) + +- **feat(compression):** major upgrade to Caveman and RTK compression pipelines (#1876, #1889): + - Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs. + - Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery. + - Expose rule intensities, track USD savings, unify config validation, and persist MCP savings. + - Expand Caveman parity and MCP metadata compression. +- **feat(provider):** update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun) +- **feat(provider):** add NanoGPT image generation provider (#1899 — thanks @Aculeasis) +- **feat(ui):** move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77) +- **feat(ui):** add K/M/B/T cost shortener utility (#1902 — thanks @oyi77) +- **feat(providers):** implement bulk paste for extra API keys (#1916 — thanks @0xtbug) +- **feat(analytics):** usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin) +- **feat(logs):** show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash) +- **feat(routing):** auto-skip exhausted quota accounts (Issue #1952) +- **feat(docs):** docs site overhaul (#1976 — thanks @oyi77) +- **feat(db):** consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77) +- **feat(sse):** codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops) +- **feat(auto-assessment):** add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77) +- **feat(usage):** DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops) +- **feat(cost):** enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn) + +### 🐛 Bug Fixes + +- **fix(auth):** implement session affinity sticky routing logic +- **fix(dashboard):** derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito) +- **fix(proxy):** use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis) +- **fix(routing):** codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops) +- **fix(infrastructure):** move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924) +- **fix(providers):** resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925) +- **fix(mitm):** support root user for MITM sudo handling (#1948 — thanks @NekoMonci12) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941, #1945) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) +- **fix(mcp):** reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970) +- **fix(providers):** allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893) +- **fix(providers):** bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921) +- **fix(copilot):** emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev) +- **fix(api-manager):** show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell) +- **fix(compression):** align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes. +- **fix(gemini-cli):** separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern) +- **fix(codex):** map prompt field to input array for Cursor compatibility (fixes #1872) +- **fix(core):** align stream parameter default to false per strict OpenAI spec (fixes #1873) +- **fix(ui):** restore Next.js CSP `unsafe-eval` in production `script-src` to fix unresponsive Onboarding button (fixes #1883) +- **fix(proxy):** globally strip `prompt_cache_retention` in `BaseExecutor` to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884) +- **fix(ui):** include `isOpen` dependency in `EditConnectionModal` state sync to ensure `maxConcurrent` is properly hydrated when reopening the modal (fixes #1859) +- **fix(security):** remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers +- **fix(codex):** flatten Chat Completions tool format to Codex Responses format in `normalizeCodexTools` — prevents `Missing required parameter: tools[0].name` upstream errors (#1914 — thanks @tranduykhanh030) +- **fix(proxy):** add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis) +- **fix(translator):** inject `properties: {}` into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT) +- **fix(codex):** sanitize raw responses input (#1895 — thanks @dhaern) +- **fix(combos):** align strategy contracts (#1892 — thanks @dhaern) +- **fix(combos):** fix combo provider breaker profile handling (#1891 — thanks @rdself) +- **fix(migrations):** duplicate-column no-op fix (#1886 — thanks @smartenok-ops) +- **fix(auth):** per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops) +- **fix(auth):** require dashboard management auth for compression preview + +### 🔄 Updates + +- **chore(provider):** Add reka models list (#1956 — thanks @backryun) +- **chore(model):** Update new models, Delete Deprecated models (#1949 — thanks @backryun) + +### 📝 Documentation + +- **docs(compression):** document RTK+Caveman stacked savings ranges + +### 🏆 Release Attribution & Retroactive Credits + +- **@payne0420** (PR #1828 / #1839) — Implementation of the **Rate Limit Watchdog** and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit). + +--- + +## [3.7.8] — 2026-05-01 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** add Grok 4.3 and Xiaomi Mimo TTS provider (#1837) +- **feat(core):** implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839) +- **feat(providers):** add muse-spark-web provider with multiple models and reasoning support (#1843) +- **feat(1proxy):** integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847) + +### 🐛 Bug Fixes + +- **fix(codex):** sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern) +- **fix(cli):** add capture-backed Gemini CLI fingerprint (#1866) +- **fix(ui):** hide combo compression controls when the global setting is disabled (#1840) +- **fix(db):** tolerate missing request_detail_logs table for legacy deployments (#1848) +- **fix(core):** remove unneeded \`store\` payload parameter for providers lacking support (closes #1841) +- **fix(core):** ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered +- **fix(usage):** correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849) +- **fix(ui):** apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844) +- **fix(ui):** implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842) +- **fix(combo):** stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854) +- **fix(maritalk):** update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856) +- **fix(grok-web):** stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857) +- **fix(providers):** correctly map and expose the Upstage embedding and chat model catalogs (#1855) +- **fix(executor):** apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861) + +### 🛠️ Maintenance + +- **fix(workflow):** build docker images on version tags (#1838) + +--- + +## [3.7.7] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **Prompt Compression Pipeline:** Implemented a multi-phase prompt compression engine including `lite` (whitespace/duplication collapse), `aggressive` (summarization, tool compression), and `ultra` modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741) +- **Compression Dashboard & Analytics:** Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756) +- **Compression Caching & MCP:** Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758) +- **Analytics Custom Filters:** Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830) + +### 🐛 Bug Fixes + +- **Combo Routing:** Fixed an issue where Gemini `-preview` models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834) +- **Codex Native Passthrough:** Added support for Cursor 5.5 sending `messages` arrays to the `responses/compact` endpoint, preventing upstream rejections with empty requests (#1832) +- **Rate-limit Watchdog:** Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828) +- **Encryption Resiliency:** Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353) +- **i18n & Locales:** Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages +- **Startup Stability:** Hardened resilience integration server startup logic (#9aa89b17) + +### 🛠️ Maintenance + +- **Tests & Docs:** Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated `AGENTS.md` +- **Workflow:** Fixed the changelog extraction logic to accurately capture GitHub release descriptions + +--- + +## [3.7.6] — 2026-04-30 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(api-keys):** add rename support in the permissions modal — editable key name field with validation (#1796) +- **feat(chatgpt-web):** support `thinking_effort` parameter (Standard/Extended) for thinking-capable models (#1821) +- **feat(dashboard):** implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements +- **feat(tools):** inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775) +- **feat(db):** auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810) +- **feat(analytics):** add cost-based usage insights and activity streaks in the analytics dashboard + +### 🔒 Security + +- **fix(security):** resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789) + +### 🐛 Bug Fixes + +- **fix(stability):** resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805) +- **fix(stability):** safely cast inputs to strings before calling `.trim()` to avoid crashes on numeric fields in proxy modal (#1825) +- **fix(stability):** clear active requests and recover providers after connection failures (#1824) +- **fix(xiaomi-mimo):** update models to V2.5, fix Token Plan validation and default region (#1823) +- **fix(codex):** omit compact client metadata to prevent upstream rejections (#1822) +- **fix(dashboard):** fix endpoint visibility, A2A status display, and API catalog consistency (#1806) +- **fix(analytics):** use pure SQL aggregations — no history rows loaded into memory (#1802) +- **fix(dashboard):** correct `loadPresets` ReferenceError in CostOverviewTab +- **fix(mitm):** enforce transparent interception on port 443 only + +### 🧹 Chores + +- **chore(workflow):** mandate implementation plan generation in `/resolve-issues` workflow before coding +- **chore(release):** expand contributor credits to 155 PRs across full project history + +### 🏆 Community Contributors Acknowledgment + +We identified that **155 community PRs** across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again. + +**The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:** + +| Contributor | PRs (Total) | All Contributions | +| :----------------------------------------------------------- | :---------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [@rdself](https://github.com/rdself) | 28 | #542, #705, #717, #737, #738, #841, #851, #853, #875, #880, #888, #891, #903, #904, #974, #1069, #1089, #1196, #1267, #1272, #1299, #1300, #1356, #1357, #1441, #1443, #1549, #1742 | +| [@oyi77](https://github.com/oyi77) | 27 | #644, #672, #700, #850, #859, #862, #868, #874, #881, #883, #908, #926, #931, #983, #990, #1019, #1020, #1021, #1103, #1281, #1286, #1363, #1368, #1377, #1411, #1689, #1717 | +| [@clousky2020](https://github.com/clousky2020) | 15 | #1244, #1323, #1365, #1366, #1408, #1442, #1484, #1595, #1598, #1599, #1611, #1618, #1620, #1621, #1644 | +| [@benzntech](https://github.com/benzntech) | 8 | #158, #1264, #1435, #1436, #1437, #1440, #1444, #1677 | +| [@kang-heewon](https://github.com/kang-heewon) | 5 | #530, #854, #884, #1235, #1574 | +| [@herjarsa](https://github.com/herjarsa) | 4 | #1472, #1474, #1477, #1480 | +| [@backryun](https://github.com/backryun) | 4 | #1358, #1609, #1627, #1722 | +| [@tombii](https://github.com/tombii) | 4 | #708, #856, #900, #1013 | +| [@christopher-s](https://github.com/christopher-s) | 3 | #868, #885, #992 | +| [@zen0bit](https://github.com/zen0bit) | 3 | #561, #650, #912 | +| [@k0valik](https://github.com/k0valik) | 3 | #554, #587, #596 | +| [@zhangqiang8vip](https://github.com/zhangqiang8vip) | 2 | #470, #575 | +| [@wlfonseca](https://github.com/wlfonseca) | 2 | #997, #1016 | +| [@RaviTharuma](https://github.com/RaviTharuma) | 2 | #1188, #1277 | +| [@prakersh](https://github.com/prakersh) | 2 | #419, #480 | +| [@payne0420](https://github.com/payne0420) | 2 | #1593, #1670 | +| [@only4copilot](https://github.com/only4copilot) | 2 | #855, #1039 | +| [@jay77721](https://github.com/jay77721) | 2 | #581, #582 | +| [@hijak](https://github.com/hijak) | 2 | #295, #578 | +| [@hartmark](https://github.com/hartmark) | 2 | #1494, #1500 | +| [@defhouse](https://github.com/defhouse) | 2 | #906, #946 | +| [@xiaoge1688](https://github.com/xiaoge1688) | 1 | #1304 | +| [@xandr0s](https://github.com/xandr0s) | 1 | #1376 | +| [@willbnu](https://github.com/willbnu) | 1 | #882 | +| [@slewis3600](https://github.com/slewis3600) | 1 | #1624 | +| [@sergey-v9](https://github.com/sergey-v9) | 1 | #594 | +| [@razllivan](https://github.com/razllivan) | 1 | #987 | +| [@nmime](https://github.com/nmime) | 1 | #1271 | +| [@Moutia-Ben-Yahia](https://github.com/Moutia-Ben-Yahia) | 1 | #1663 | +| [@Mind-Dragon](https://github.com/Mind-Dragon) | 1 | #467 | +| [@mercs2910](https://github.com/mercs2910) | 1 | #1001 | +| [@MAINER4IK](https://github.com/MAINER4IK) | 1 | #196 | +| [@luandiasrj](https://github.com/luandiasrj) | 1 | #996 | +| [@knopki](https://github.com/knopki) | 1 | #1434 | +| [@kfiramar](https://github.com/kfiramar) | 1 | #389 | +| [@ken2190](https://github.com/ken2190) | 1 | #166 | +| [@keith8496](https://github.com/keith8496) | 1 | #569 | +| [@jonesfernandess](https://github.com/jonesfernandess) | 1 | #1118 | +| [@JasonLandbridge](https://github.com/JasonLandbridge) | 1 | #1626 | +| [@i1hwan](https://github.com/i1hwan) | 1 | #1386 | +| [@Gorchakov-Pressure](https://github.com/Gorchakov-Pressure) | 1 | #754 | +| [@foxy1402](https://github.com/foxy1402) | 1 | #934 | +| [@dt418](https://github.com/dt418) | 1 | #896 | +| [@dhaern](https://github.com/dhaern) | 1 | #1647 | +| [@DavyMassoneto](https://github.com/DavyMassoneto) | 1 | #211 | +| [@dail45](https://github.com/dail45) | 1 | #1413 | +| [@congvc-dev](https://github.com/congvc-dev) | 1 | #1569 | +| [@be0hhh](https://github.com/be0hhh) | 1 | #1581 | +| [@andruwa13](https://github.com/andruwa13) | 1 | #1457 | +| [@AndrewDragonIV](https://github.com/AndrewDragonIV) | 1 | #898 | +| [@AndersonFirmino](https://github.com/AndersonFirmino) | 1 | #362 | +| [@alexsvdk](https://github.com/alexsvdk) | 1 | #1280 | +| [@abhinavjnu](https://github.com/abhinavjnu) | 1 | #550 | + +--- + +## [3.7.5] — 2026-04-29 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(tunnels):** integrate native ngrok tunnel support with dashboard UI parity (#1753) + +### 🐛 Bug Fixes + +- **fix(dashboard):** add manual 'Clear All' button to terminate stalled long-running requests in Active Requests panel (#1799) +- **fix(schema):** remove empty string values from optional tool parameters to prevent upstream validation errors (#1674) +- **fix(providers):** ensure proper streaming cleanup and semaphore release to prevent stalls with nanoGPT (#1781) +- **fix(db):** wrap quota_snapshots access in try/catch to gracefully handle pending database migrations (#1784) +- **feat(providers):** add support for glm-cn (BigModel) provider (#1770) +- **fix(grok-web):** fix Grok validator and cookie parsing (#1793) +- **fix(antigravity):** scrub internal OmniRoute headers (#1794) +- **fix(chatgpt-web):** restore validator + expand model catalog to ChatGPT Plus tier (#1792) +- **fix(codex):** stabilize Copilot responses replay state (#1791) +- **fix(antigravity):** cap Claude bridge output tokens (#1785) +- **fix(schema):** strip `default` properties from tool-call JSON schemas during egress to prevent injection errors (#1782) +- **fix(db):** add `quota_snapshots` table to core DB schema initialization to prevent startup failures on fresh installs +- **fix(models):** apply blocked providers filter to non-chat catalog models (image, embedding, audio, etc.) (#1752) +- **fix(antigravity):** stabilize streaming payload parsing and deduplicate usage/model metadata refreshes (#1748) +- **fix(antigravity):** normalize Gemini bridge payloads — sanitize tool names, cap output tokens, and fix thinking budget (#1769) +- **fix(sse):** propagate AbortSignal to pre-fetch semaphore and rate-limit awaits to prevent memory leaks (#1771) +- **fix(models):** fix model sync import handling — separate synced models from custom models to prevent data loss (#1755) +- **fix(codex):** improve VS Code Copilot /responses reasoning and tool follow-ups (#1750) +- **fix(memory):** resolve build issues and implement memory UPSERT logic to prevent duplicate entries (#1763) +- **fix(kiro):** support organization IDC OAuth with regional endpoints and refresh (#1754) +- **fix(combo):** include 429 in provider circuit breaker to stop infinite retry loops on exhausted quotas (#1767) +- **fix(claude):** respect client-set thinking/effort params — only inject adaptive thinking and high effort when the client hasn't explicitly set them, preventing forced quota drain on Claude Max accounts (#1761) +- **fix(blackbox-web):** correct cookie name and populate session/subscription fields (#1776) +- **fix(codex):** align client identity metadata (#1778) +- **fix(claude):** fix support for claude-cli using Gemini provider (#1779) +- **test(reasoning-cache):** isolate DB state using mkdtempSync to prevent 401 middleware errors + +### 🛠️ Maintenance + +- **chore(docs):** add MseeP.ai security assessment badge to README (#1727) +- **chore(xiaomi):** update Xiaomi provider model list (#1759) +- **chore(db):** move DB health endpoint to management API (#1757) +- **chore(ui):** speed up endpoint initial render with background task loading (#1760) +- **chore(workflows):** add strict PR contributor credit policy to prevent future merge credit loss + +--- + +## [3.7.4] — 2026-04-28 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(ui):** add endpoint tunnel visibility settings (#1743) +- **feat(cli):** refresh CLI fingerprint provider profiles (#1746) +- **feat(proxy):** implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table +- **feat(pwa):** add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728) + +### 🔒 Security + +- **security:** replace insecure `Math.random` with `crypto.getRandomValues` for fallback UUID generation to resolve CodeQL CWE-338 finding (#182) + +### 🐛 Bug Fixes + +- **fix(cc-compatible):** fix CC-compatible relay format and UI copy (#1742) +- **fix(codex):** normalize max reasoning effort for Codex routing (#1744) +- **fix(claude-code):** fix Claude Code gateway config helper (#1745) +- **fix(db):** reconcile legacy `create_reasoning_cache` migration tracking to prevent version shadowing on `032` and resolve startup warnings (#1734) +- **fix(db):** intercept `007` migration to use idempotent `IF NOT EXISTS` logic via `PRAGMA table_info`, preventing syntax crashes on fresh installs (#1733) +- **fix(cc-compatible):** preserve Claude Code system skeleton to prevent request rejection by strict compatible upstream providers (#1740) + +- **fix(providers):** add API key validation for image-only providers and fix Stability AI requests to use `multipart/form-data` instead of JSON (#1726) +- **fix(codex):** preserve `previous_response_id` and `conversation_id` fields when input array is empty to prevent schema validation errors (#1729) +- **fix(searxng):** bypass UI validation block when `apiKeyOptional` is true and fix typing errors in provider dashboard to allow saving search providers without credentials (#1721) +- **fix(proxy):** disable HTTP keep-alive and pipelining in Undici proxy dispatcher to prevent "Socket hang up" rotation failures +- **stream:** correctly identify `thought` and `error` blocks in Antigravity/Gemini SSE streams to prevent premature 502 timeouts (#1725, #1705) + +### 🛠️ Maintenance + +- **workflow:** add phase 4 release monitoring instructions to `/generate-release` workflow +- **test:** fix typescript compilation errors in unit tests to keep CI typecheck pipeline fully green +- **test:** update responses store expectations for empty input arrays + +--- + +## [3.7.3] — 2026-04-28 + +### 🐛 Bug Fixes + +- **fix(claude):** strip existing billing headers from system array before injecting to prevent Anthropic prompt cache misses — stacked `x-anthropic-billing-header` blocks invalidated prefix matching, causing ~100% cache_create instead of cache_read (#1712) +- **fix(claude):** strip `output_config.format` for non-Anthropic Claude-compatible providers during passthrough — third-party Claude endpoints (MiniMax, DeepSeek via aggregators) reject structured output fields with 400 errors (#1719) +- **fix(combo):** set terminal error state on response quality validation failure — prevents misleading `ALL_ACCOUNTS_INACTIVE` 503 when the real issue is response quality validation (#1707, #1710) +- **fix(combo):** treat combo fallback as target-level orchestration — all non-ok responses (including generic 400s) now fall through to the next target instead of being terminal; removes complex bad-request allowlist regex (#1713) +- **fix(codex):** restore namespace MCP tools and hosted-tool whitelist — regression from #1581 that silently dropped all MCP tool groups and Responses-API hosted tools (#1715) +- **fix(codex):** add neutral instructions for bare chat requests — Codex Responses backend rejects requests without `instructions`, making Codex unusable for normal chat (#1709) +- **fix(proxy):** wrap proxy assignment queries in try-catch for missing `proxy_assignments` table — Electron installs where migration 004 hasn't run no longer crash with `no such table` error (#1706) +- **fix(migration):** improve Windows file URL path resolution in migration runner — adds direct URL path extraction and `process.cwd()` fallback for CI-built bundles with leaked build-time paths (#1704) +- **fix(ui):** fix light mode active request payload modal — add missing `--color-card` theme token, use opaque `bg-surface` instead of translucent `bg-card/70`, add backdrop blur (#1714) + +### 🔄 Updates + +- **chore(image-models):** refresh image generation model registry — replace stale FLUX aliases with FLUX Kontext / FLUX.2 mappings, remove deprecated FLUX Redux/Depth/Canny variants (#1722) + +--- + +## [3.7.2] — 2026-04-28 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(authz):** introduce centralized proxy-based authz pipeline and lifecycle policy (#1632) +- **feat(logs):** configure call log pipeline artifacts (#1650) +- **feat(network):** add guarded remote image fetch utility +- **feat(codex):** enable native Codex websocket responses on beta-gated models (#1658) +- **feat(muse-spark-web):** continue the same meta.ai conversation across turns (#1673) + +### 🐛 Bug Fixes + +- **fix(responses):** sanitize empty string placeholders from tool-call optional arguments in stream delta accumulation to avoid breaking strict clients (#1674) +- **fix(codex):** prevent unexpected protocol leakage and fabricated instructions on bare chat completion requests without tools (#1686) +- **fix(executors):** truncate tools array to 128 items max in GitHub Copilot and OpenCode executors to mitigate 400 Bad Request errors from upstream (#1687) +- **fix:** add body-read timeout to prevent stuck pending requests (#1680) +- **fix(rate-limit):** replace unsupported Bottleneck `maxWait` option with job-level `expiration` to prevent indefinite queue stalls (#1694) +- **fix(sse):** sanitize OpenAI tool schemas for strict upstream validators — strips null from enum arrays, normalizes tuple items, filters invalid required keys (#1692) +- **fix(stream):** fail zombie SSE streams before accepting response — returns 504 instead of hanging indefinitely, enables combo fallback (#1693) +- **fix(combo):** complete context truncation hotfix — cache getCombos() with 10s TTL, pass allCombosData to resolveComboTargets() for nested combo resolution, consolidate duplicated context overflow regex patterns (#1685) +- **fix(codex):** raise default quota threshold from 90% to 99% to avoid premature account blocking when usable quota remains (#1697) +- **fix(memory):** use `user` role for GLM/ZAI/Qianfan providers — providers with strict role constraints (no `system` role) now correctly receive memory context as a `user` message instead of a `system` message, preventing 422 validation errors (#1701) +- **fix(oauth):** target specific connection by ID on re-auth token exchange — prevents duplicate account creation when re-authenticating an existing OAuth connection (#1702 — thanks @namhhitvn) +- **feat(email-privacy):** integrate email visibility toggle in RequestLoggerV2 — log detail modal now respects global email privacy state, hiding email addresses by default (#1700 — thanks @namhhitvn) +- **fix(combo):** trigger fallback on Anthropic `Invalid signature in thinking block` errors instead of returning 400 directly (#1696) +- **fix:** combo retry loop stops immediately on client disconnect (499) (#1681) +- **fix(search):** support optional bearer auth for SearXNG (#1683) +- **fix(vision):** respect native GPT vision support — prevents VisionBridge from intercepting models that already handle images natively (#1678) +- **fix(qwen):** use `security.auth` format instead of `modelProviders` for Qwen Code config generation (#1677) +- **fix(codex):** remove stale websocket transport lookup that caused fallback errors (#1676) +- **fix(chatgpt-web):** bound tls-client native deadlocks so requests never hang forever (#1664) +- **fix(codex):** default gpt-5.5 to HTTP transport instead of WebSocket (#1660) +- **fix(codex):** [urgent] fix gpt-5.5 websocket transport and model labels (#1656) +- **fix(grokweb):** update Request and Response Specifications (#1655) +- **fix(blackbox-web):** set isPremium flag to true to enable premium model access (#1661) +- **fix(core):** avoid OpenAI stream options for Anthropic-compatible providers (#1654) +- **fix(electron):** resolve MCP server start failure on Windows (#1662) +- **fix(electron):** make Windows smoke test non-blocking (continue-on-error), pre-create userData dir for Windows + stream logs in CI, and add --no-sandbox and sandbox env for CI smoke tests +- **fix(codex):** fix `getWreqWebsocket` ReferenceError causing 502 on all Codex requests (#1652, #1653) +- **fix(codex):** default `store` to `false` — Codex OAuth backend rejects `store=true` (#1635) +- **fix(db):** add post-migration guards for missing `batches` table and `combos.sort_order` column on DB upgrades (#1648, #1657) +- **fix(db):** renumber duplicate migration `032` to prevent collision +- **fix(perplexity-web):** update API version and user-agent to match upstream requirements (#1666) +- **fix(docker):** copy SQLite migration files and explicitly trace in standalone build (#1665) +- **fix(muse-spark-web):** update to Meta's Ecto-era persisted query — fixes 502 `Unknown type "RewriteOptionsInput"` after Meta retired the Abra mutation (#1668) +- **fix(dev):** enable Turbopack by default and repair Codex CORS headers (#1669) +- **fix(authz):** restore `REQUIRE_API_KEY` support in clientApi policy +- **fix(auth):** align fallback API key format with test setup + +### 🛠️ Maintenance + +- **build(prepublish):** make Next.js build bundler configurable (webpack/turbopack) +- **ci:** align sonar analysis scope +- **ci:** stabilize release branch checks +- **ci:** remove expired advanced security scans job + +### 🧪 Tests + +- **test:** fix TypeScript configuration errors in plan3-p0.test.ts +- **test:** fix implicit any types across test suites +- **test:** disable type checking in flaky unit tests +- **test:** fix failing tests due to recent refactors +- **fix(tests):** align integration tests with authz pipeline refactor +- **fix(tests):** align test assertions with v3.7.2 source code changes +- **fix(tests):** CORS test now checks object body instead of entire file +- **fix(e2e):** fix E2E flakiness and implicit any type errors + --- -## [3.7.0] — 2026-04-19 +## [3.7.1] — 2026-04-26 + +### ✨ New Features + +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across `cx` and `openai` providers. Refactors `splitCodexReasoningSuffix()` into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228). +- **feat(cli):** Add `omniroute reset-encrypted-columns` recovery command — nulls encrypted credential columns (`api_key`, `access_token`, `refresh_token`, `id_token`) in `provider_connections` while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations. +- **feat(i18n):** Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales. + +### 🐛 Bug Fixes + +- **fix(rate-limit):** Add per-model rate limiting for GitHub Copilot provider — a 429 on one model (e.g. `gpt-5.1-codex-max`) no longer locks the entire connection, matching the existing Gemini per-model quota pattern (#1624 — thanks @slewis3600). +- **fix(cli-tools):** Preserve existing OpenCode configuration (MCP servers, custom providers, comments) when saving OmniRoute settings — uses `jsonc-parser` for tree-preserving edits instead of destructive JSON roundtrip. Fix API key clipboard copy to use raw keys instead of masked placeholders. Add theme-aware OpenCode light/dark SVG logos (#1626 — thanks @JasonLandbridge). +- **fix(cli-tools):** Fix OpenCode guide step 3 `{{baseUrl}}` double-brace placeholder to use ICU-style `{baseUrl}` across all 41 locales, restoring next-intl interpolation (#1626). +- **fix(codex):** Make `wreq-js` native module import lazy and optional to prevent server crash on startup when the platform-specific binary is missing — affects pnpm installs, Docker Alpine, macOS ARM, and Windows (#1612, #1613, #1616). +- **fix(i18n):** Add 14 missing translation keys (`logs.runningRequests`, `logs.model`, `logs.provider`, `logs.account`, `logs.elapsed`, `logs.count`, `logs.payloads`, etc.) for the Active Requests panel across all locales. Replace 83 placeholder values in usage/evals namespace. Add 5 missing health namespace keys for rate limit status. +- **fix(encryption):** Prevent `STORAGE_ENCRYPTION_KEY` from being silently regenerated during `npm install -g` upgrades, which made all previously-encrypted provider credentials permanently unrecoverable due to AES-GCM auth-tag mismatch (#1622). +- **fix(startup):** Add decrypt-probe diagnostic at server bootstrap — if `STORAGE_ENCRYPTION_KEY` doesn't match encrypted credentials in the database, a prominent warning is logged directing users to restore the key or use the new recovery command. +- **fix(cli-tools):** Allow `null` API key values in `cliModelConfigSchema` to prevent 400 Bad Request errors when saving cloud-based CLI tool configurations. Fix error handling across all 10 ToolCard components to safely extract messages from structured error objects, preventing React Error #31 crashes. +- **fix(docker):** Set `NPM_CONFIG_LEGACY_PEER_DEPS=true` in the Docker builder layer before `npm ci` and remove duplicate `postinstallSupport.mjs` COPY instruction — fixes container image build failures introduced in v3.7.0 (#1630 — thanks @rdself). +- **fix(antigravity):** Hide deprecated Gemini-routed Claude 4.5 models from public catalogs and model lists. Legacy `gemini-claude-*` aliases now silently resolve to current Claude 4.6 equivalents. Replace dynamic reverse-alias generation with an explicit allowlist for predictable model visibility (#1631 — thanks @backryun). +- **fix(types):** Add explicit type annotations to sync-env test helpers and dynamic import casts to satisfy `typecheck:noimplicit:core` CI gate. +- **fix(reasoning):** Implement Reasoning Replay Cache — hybrid memory/SQLite persistence for `reasoning_content` in multi-turn tool-calling flows. Automatically captures reasoning from DeepSeek V4, Kimi K2, Qwen-Thinking, and GLM models and re-injects it on follow-up turns to prevent HTTP 400 errors from strict reasoning-content validation. Includes dashboard telemetry tab, REST API, and 21 unit tests (#1628 — thanks @JasonLandbridge). +- **fix(postinstall):** Extend postinstall native module repair to cover `wreq-js` — detects missing platform-specific `.node` binaries inside `app/node_modules/wreq-js/rust/` and copies them from the root install. Fixes global `pnpm` installs on macOS arm64 where the standalone app directory only contained Linux binaries (#1634 — thanks @MarcosT96). +- **fix(migration):** Prevent compat-renamed migration slots from shadowing new migrations at the same version number. After rewriting `028_provider_connection_max_concurrent` → `029`, the runner now verifies the old version slot is clear, ensuring `028_create_files_and_batches` runs on v3.6.x → v3.7.x upgrades. Adds `batches` table as a physical schema sentinel for upgrade recovery (#1637 — thanks @V8-Software). +- **fix(registry):** Route GitHub Copilot GPT 5.4/5.5 models through the Responses API (`targetFormat: "openai-responses"`). Fixes `gpt-5.4-mini` and `gpt-5.4` being rejected on `/chat/completions` by GitHub (#1641 — thanks @dhaern). +- **fix(usage):** Correct MiniMax token plan quota display — the newer `/v1/token_plan/remains` endpoint reports used counts, not remaining counts. Rounds floating-point percentage artifacts in Provider Limits UI (#1642 — thanks @CruxExperts). +- **fix(codex):** Lazy-load `wreq-js` WebSocket transport via `createRequire` instead of top-level import. Server boots cleanly when native module is unavailable and returns 503 only when Codex WebSocket is actually requested. Fixes #1612 (#1640 — thanks @dendyadinirwana). +- **fix(electron):** Package Electron runtime dependencies into `resources/app/node_modules/` via separate `extraResources` FileSet. Adds cross-platform packaged app smoke test script and CI integration to prevent future regressions. Closes #1636 (#1639 — thanks @prateek). +- **feat(account-fallback):** Add model-level daily quota lockout. When a provider returns 429 with `quota_exhausted`, cooldown is set to tomorrow 00:00 instead of exponential backoff. Detects daily quota patterns via `isDailyQuotaExhausted()` in chat handler (#1644 — thanks @clousky2020). +- **fix(codex):** Use per-conversation `session_id`/`conversation_id` from client body as `prompt_cache_key` instead of account-wide `workspaceId`. The official Codex CLI uses `conversation_id` (a unique UUID per session); using the shared `workspaceId` capped cache hit-rate at ~49%. Includes 10 unit tests (#1643). +- **fix(claude):** Stabilize billing header fingerprint to prevent Anthropic prompt-cache prefix invalidation. The fingerprint was derived from the first user message text, which changes every turn, mutating `system[]` and forcing ~100% `cache_create`. Now uses a stable per-day hash, preserving ~96% `cache_read` hit rate (#1638). +- **fix(transport):** Harden GitHub and Kiro streaming — thread `clientHeaders` through `BaseExecutor.buildHeaders()` to eliminate mutable singleton state race condition on concurrent requests. Remove redundant `[DONE]` stripping TransformStream from GitHub executor. Add defensive `parseToolInput()` for malformed Kiro tool call arguments. Hoist `TextEncoder`/`TextDecoder` to module singletons and use zero-copy `subarray()` (#1645 — thanks @dhaern). +- **fix(transport):** Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented `ByteQueue` in `kiro.ts` for zero-copy binary accumulation, refactored `antigravity.ts` for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (`MAX_CALL_LOG_ARTIFACT_BYTES`) on stream request logs and call artifacts (#1647). +- **chore(ci):** Update build environment dependencies — bump Node to `24.15.0`, `actions/checkout@v6`, `docker/build-push-action@v7`, pin `actions/setup-python` to major tag (#1646 — thanks @backryun). + +### 📝 Documentation + +- **docs(env):** Add `OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS` to `.env.example` with documentation for LM Studio and other local provider use cases (#1623). + +--- + +## [3.7.0] — 2026-04-26 ### ✨ New Features -- **feat(providers):** Add ModelScope provider (Chinese AI marketplace) with Kimi K2.5, GLM-5, and Step-3.5-Flash integration. (#1430) +- **feat(docs):** integrate multi-page documentation into OmniRoute dashboard (#1969) +- **feat(settings):** add request body limit setting (#1968) +- **feat(auth):** add Gemini CLI OAuth client secret default (#1974) +- **feat(models):** expose models.dev context windows in /v1/models (#1972) +- **fix(db):** resolve legacy encryption fallback causing re-encryption loops (#1941) +- **fix(auth):** fix Codex assistant final_answer response sanitization (#1965) + +- **feat(providers):** Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606). +- **feat(ui):** Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607). +- **feat(providers):** Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606). +- **feat(skills):** Add workspace-scoped built-in skills (`file_read`, `file_write`, `http_request`, `eval_code`, `execute_command`) with real sandbox execution via Docker, replacing stub responses. Browser skills now fail explicitly when runtime is not configured. + +- **feat(providers):** Integrate AgentRouter as a new OpenAI-compatible passthrough provider with $200 free credits via sign-up (Issue #1572). +- **feat(ui):** Implement on-demand per-model testing in the provider dashboard, allowing single-token diagnostic checks without triggering rate-limits (Issue #1532). + +- **feat(provider):** add ChatGPT Web (Plus/Pro) session provider (#1593) +- **feat(provider):** add Baidu Qianfan chat provider (#1582) +- **feat(codex):** support GPT-5.5 responses websocket (#1573) +- **feat(sse):** Codex CLI image_generation + DALL-E-style image route (#1544) +- **feat(dashboard):** Complete the reconciled v3.7.0 dashboard task set: MCP cache tools and count, video endpoint visibility, provider taxonomy, upstream proxy visibility, provider count badges, costs overview, eval suite management, Custom CLI builder, ACP-focused Agents copy, Translator stream transformer, logs convergence, learned rate-limit health cards, docs expansion, and active request payload inspection. +- **feat(mcp):** Register `omniroute_cache_stats` and `omniroute_cache_flush` across MCP schemas, server registration, handlers, docs, and tests. +- **feat(providers):** Complete the v3.7.0 provider onboarding wave with self-hosted/local providers (`lm-studio`, `vllm`, `lemonade`, `llamafile`, `triton`, `docker-model-runner`, `xinference`, `oobabooga`), OpenAI-compatible gateways (`glhf`, `cablyai`, `thebai`, `fenayai`, `empower`, `poe`), enterprise providers (`datarobot`, `azure-openai`, `azure-ai`, `bedrock`, `watsonx`, `oci`, `sap`), specialty providers (`clarifai`, `modal`, `reka`, `nous-research`, `nlpcloud`, `petals`, `vertex-partner`), `amazon-q`, GitLab/GitLab Duo, and Chutes.ai. +- **feat(providers):** Add Cloudflare Workers AI integration and UI support for robust backend execution. +- **feat(telemetry):** Implement proactive public IP capture from client headers (`x-forwarded-for`, `x-real-ip`, etc.) within `safeLogEvents` for accurate database observability. +- **feat(audio):** Add AWS Polly as an audio speech provider with SigV4 request signing, static engine catalog, provider validation, managed-provider UI coverage, and sanitization for AWS secret/session fields. +- **feat(search):** Add You.com search provider support with dashboard discovery, validation, livecrawl option handling, and search handler normalization. +- **feat(video):** Add RunwayML task-based video generation support, task polling, provider catalog metadata, validation, and dashboard/model-list coverage. +- **feat(providers):** Add search functionality to the providers dashboard with i18n support. (#1511 — thanks @th-ch) +- **feat(providers):** Register 6 new models in the opencode-go provider catalog. (#1510 — thanks @kang-heewon) +- **feat(providers):** Add ModelScope provider (Chinese AI marketplace) with Kimi K2.5, GLM-5, and Step-3.5-Flash integration. (#1430 — thanks @clousky2020) +- **feat(providers):** Add LM Studio as an OpenAI-compatible local provider for self-hosted model inference. +- **feat(providers):** Add Grok 4.3 thinking model support for xAI web executor requests. - **feat(core):** Implement provider-level Circuit Breaker to prevent cascading failures across connections, enforcing a 10-minute cooldown after 5 consecutive transient failures. (#1430) - **feat(core):** Add daily quota exhaustion lock to detect "quota exceeded" signals and lock the specific model until midnight. (#1430) +- **feat(core):** Auto-inject `stream_options.include_usage = true` for OpenAI format streams to guarantee token usage is reported correctly during streaming. (#1423) +- **feat(core):** Add OpenAI Batch Processing API support — submit, monitor, and manage batch jobs through the proxy with full lifecycle tracking. +- **feat(vision-bridge):** Add automatic image description fallback for non-vision models via `VisionBridgeGuardrail` (priority 5). Intercepts image-bearing requests to non-vision models, extracts descriptions via a configurable vision model (default: gpt-4o-mini), and replaces images with text before forwarding. Fails open on any error. (#1476) - **feat(dashboard):** Introduce real-time model status badges with countdown timers in the provider detail and combo panel interfaces. (#1430) +- **feat(dashboard):** Add Batch/File management data grid with full i18n translations for batch processing workflows. (#1479) +- **feat(usage):** MiniMax + MiniMax-CN quota tracking in provider limits dashboard. (#1516) +- **feat(providers):** Fix OpenRouter remote discovery and unify managed model sync. (#1521) +- **feat(providers):** Implement provider and account-level concurrency cap enforcement (`maxConcurrent`) using robust semaphore mechanisms. (#1524) +- **feat(core):** Implement Hermes CLI config generation and message content stripping. (#1475) +- **feat(combos):** Add expert combo configuration mode for advanced routing controls. (#1547) +- **feat(providers):** Register Codex auto review and expand icon coverage. +- **feat(tunnels):** Add Tailscale tunnel management routes and runtime helpers for install, login, daemon start, enable/disable, and health checks. ### 🐛 Bug Fixes -- **fix(dashboard):** Correct TOML round-trip corruption in Codex config serializer by dequoting keys and preserving array/boolean structures properly. (#1438) -- **fix(security):** Resolve CodeQL alert 164 (ReDoS in extraction) and 163 (incomplete URL sanitization) (#163, #164) +- **fix(mitm):** Compile MITM utilities as NodeNext ESM during prepublish, copy the CommonJS MITM server into the standalone artifact, and resolve MITM data paths without relying on Next.js aliases in packaged runtime. +- **fix(build):** Move the local `.tmp/wine32` Wine prefix out of the isolated Next.js build path so Windows Electron packaging artifacts cannot trigger `EACCES` scans during Node 24 builds. +- **fix(build):** Copy the `wreq-js` native runtime directory into the isolated Next.js standalone output so packaged Playwright/E2E starts can load the instrumentation hook on Linux. +- **fix(api):** Validate the Codex Responses websocket bridge and `/v1/batches` JSON payloads with Zod before use, keeping `request.json()` route validation green and returning explicit 400 responses for invalid bodies. +- **fix(providers):** Add explicit typing to provider alias and category helpers so the strict `typecheck:noimplicit:core` CI gate passes. +- **fix(ui):** Keep the upstream proxy provider detail page labeled with a fallback "Managed via Upstream Proxy Settings" management surface when translations are unavailable. +- **fix(electron):** Harden the production desktop CSP by removing `unsafe-eval` outside development and adding object, base URI, form action, frame ancestor, and worker restrictions. +- **fix(cli):** Replace shell-interpolated setup and privileged command execution paths with argument-based `spawn`/`execFile` helpers for database setup, Tailscale sudo commands, MITM DNS edits, and certificate install/uninstall flows. +- **fix(ui):** Keep provider icons resilient by using direct `@lobehub/icons` components first, then local PNG/SVG fallbacks, avoiding the `@lobehub/ui` peer runtime in the dashboard. + +- **fix(chatgpt-web):** Fix empty-file race in `tlsFetchStreaming` where `waitForFile` accepted zero-byte files, silently degrading streaming requests to buffered mode. Replaced with `waitForContent` requiring `file.size > 0` with early exit on request settlement. (#1597 — thanks @trader-payne) +- **fix(chatgpt-web):** Fix stale NextAuth session-token cookies surviving rotation shape changes (unchunked↔chunked). `mergeRefreshedCookie` now drops all session-token family members via `SESSION_TOKEN_FAMILY_RE` before appending the refreshed set, preventing auth failures from dual cookie submission. (#1597 — thanks @trader-payne) +- **fix(codex):** WebSocket memory retention and weekly limit handling (#1581) +- **fix(providers):** Default models list logic (#1577) +- **fix(ui):** Dashboard endpoint URL hydration respects `NEXT_PUBLIC_BASE_URL` when behind a reverse proxy (#1579) +- **fix(providers):** Restore strict PascalCase header masquerading for Claude Code to resolve HTTP 429 upstream errors (#1556) +- **fix(sse):** make Responses passthrough robust for size-sensitive clients (#1580) +- **fix(codex):** update client version for gpt-5.5 (#1578) +- **fix(vision-bridge):** force GPT-family image fallback (#1571) +- **fix(claude):** skip adaptive thinking defaults for unsupported models (#1563) +- **fix(claude):** preserve tool_result adjacency in native and CC-compatible paths (#1555) +- **fix(reasoning):** Preserve OpenAI Chat Completions `reasoning_effort` through assistant-prefill requests and label OpenAI request protocols explicitly as `OpenAI-Chat` or `OpenAI-Responses`. (#1550) +- **fix(codex):** Fix Codex auto-review model routing so review traffic resolves to the intended configured model. (#1551) +- **fix(resilience):** Route HTTP 429 cooldowns through runtime settings so cooldown behavior follows the configured resilience profile. (#1548) +- **fix(providers):** Normalize Anthropic header keys to lowercase in the provider registry to avoid duplicate or case-variant upstream headers. (#1527) +- **fix(providers):** Preserve audio, embedding, rerank, image, video, and OpenAI-compatible alias metadata when `/v1/models` merges static and discovered catalogs. +- **fix(providers):** Discover Azure OpenAI deployments from resource endpoints using `api-key` auth and configurable API versions. +- **fix(providers):** Keep local OpenAI-style providers authless when no API key is configured, including the Lemonade Server default endpoint. +- **fix(translator):** Preserve Antigravity default system instructions and caller-provided system prompts as separate Gemini `systemInstruction` parts instead of concatenating them. +- **fix(security):** Sanitize provider-specific AWS secrets and session tokens from provider management API responses. +- **fix(release):** Resolve combo prefixing, Electron packaging, CLI auth, and release-branch integration regressions. (#1471, #1492, #1496, #1497, #1486) +- **fix(providers):** Resolve 400 errors for GLM and Antigravity Claude adapter during request translation by scoping prompt caching to compatible Anthropic endpoints and flattening system instructions. (#1514, #1520, #1522) +- **fix(core):** Strip `reasoning_content` from OpenAI format messages for non-reasoning models to prevent upstream HTTP 400 validation errors. (#1505) +- **fix(sse):** Map Claude `output_config/thinking` to OpenAI `reasoning_effort` for proper Antigravity tool translation. (#1528) +- **fix(combo):** Fallback to next model on all-accounts-rate-limited (HTTP 503/429) to maintain high availability. (#1523) +- **fix(api):** Harden batch and file endpoints for auth and recovery to prevent schema state collisions. +- **fix(ui):** Add missing UI wiring for "Add Memory" and "Import" buttons on the `/dashboard/memory` page. (#1506) +- **fix(ui):** Prevent Dark Mode FOUC (Flash of Unstyled Content) by injecting a synchronous theme initialization script into the root `layout.tsx`. +- **fix(ui):** Fix mobile layout text overflow in provider and combo cards, and enable touch-friendly reordering arrows across all combo strategies. +- **fix(core):** Add periodic runtime log rotation checks to prevent disk exhaustion in long-running instances. (#1504 — thanks @ether-btc) +- **fix(build):** Resolve missing `process` module in webpack client build for pino-abstract-transport. (#1509 — thanks @hartmark) +- **fix(ui):** Add dark mode support for native dropdown `