✨ New Features

• feat(docs): integrate multi-page documentation into OmniRoute dashboard (#1969)

• feat(settings): add request body limit setting (#1968)

• feat(auth): add Gemini CLI OAuth client secret default (#1974)

• feat(models): expose models.dev context windows in /v1/models (#1972)

• feat(compression): major upgrade to Caveman and RTK compression pipelines (#1876, #1889):

• Add RTK tool-output compression, stacked Caveman + RTK pipelines, compression combo assignments, dashboard context pages, MCP management tools, and language-aware Caveman rule packs.

• Expand RTK parity with a 39-filter catalog, RTK-style JSON DSL stages, inline verify/benchmark coverage, trust-gated custom filters, expanded command detection, and redacted raw-output recovery.

• Expose rule intensities, track USD savings, unify config validation, and persist MCP savings.

• Expand Caveman parity and MCP metadata compression.

• feat(provider): update Jina AI model catalog to support Embeddings and Rerank natively (#1874 — thanks @backryun)

• feat(provider): add NanoGPT image generation provider (#1899 — thanks @Aculeasis)

• feat(ui): move proxy configuration to dedicated System → Proxy page (#1907 — thanks @oyi77)

• feat(ui): add K/M/B/T cost shortener utility (#1902 — thanks @oyi77)

• feat(providers): implement bulk paste for extra API keys (#1916 — thanks @0xtbug)

• feat(analytics): usage history API key backfill + dark mode pricing (#1896 — thanks @Gi99lin)

• feat(logs): show RTK and Caveman compression token savings accurately in request log UI (#1923 — thanks @emdash)

• feat(routing): auto-skip exhausted quota accounts (Issue #1952)

• feat(docs): docs site overhaul (#1976 — thanks @oyi77)

• feat(db): consolidate all database settings into SystemStorageTab (closes #1935) (#1947 — thanks @oyi77)

• feat(sse): codex 429 mid-task failover with account rotation (#1888 — thanks @smartenok-ops)

• feat(auto-assessment): add auto-assessment engine for combo self-healing (#1918 — thanks @oyi77)

• feat(usage): DeepSeek V4 native cache token extraction (#1930 — thanks @smartenok-ops)

• feat(cost): enhance cost formatting and add Codex GPT-5.5 pricing support (#1944 — thanks @JxnLexn)

🐛 Bug Fixes

• fix(auth): implement session affinity sticky routing logic
• fix(dashboard): derive display base URL from origin instead of hardcoding localhost (#1960 — thanks @jeanfbrito)
• fix(proxy): use credentials.connectionId instead of non-existent credentials.id for image proxy resolution (#1929 — thanks @Aculeasis)
• fix(routing): codex bare-name disambiguation + family-native fallback (#1933 — thanks @smartenok-ops)
• fix(infrastructure): move wreq-js to optionalDependencies and add Node 25/26 to secure runtime policy (#1924)
• fix(providers): resolve ChatGPT Web authentication failure by aligning TLS fingerprint User-Agent strings (#1925)
• fix(mitm): support root user for MITM sudo handling (#1948 — thanks @NekoMonci12)
• fix(db): resolve legacy encryption fallback causing re-encryption loops (#1941, #1945)
• fix(auth): fix Codex assistant final_answer response sanitization (#1965)
• fix(mcp): reclassify MCP endpoints to ensure API key authentication works even when dashboard auth is enabled (#1970)
• fix(providers): allow local OpenAI-compatible endpoints (like Ollama) to be added without an API key (fixes #1893)
• fix(providers): bypass AgentRouter unauthorized_client_error by spoofing Claude CLI headers via Anthropic endpoints (fixes #1921)
• fix(copilot): emit compatible reasoning text deltas (#1919 — thanks @ivan-mezentsev)
• fix(api-manager): show validation errors inline in modals, not behind (#1920 — thanks @andrewmunsell)
• fix(compression): align seeded standard savings combo with stacked default, preserve stacked defaults, and secure metadata routes.
• fix(gemini-cli): separate Cloud Code transport from Antigravity (#1869 — thanks @dhaern)
• fix(codex): map prompt field to input array for Cursor compatibility (fixes #1872)
• fix(core): align stream parameter default to false per strict OpenAI spec (fixes #1873)
• fix(ui): restore Next.js CSP unsafe-eval in production script-src to fix unresponsive Onboarding button (fixes #1883)
• fix(proxy): globally strip prompt_cache_retention in BaseExecutor to prevent upstream 400 errors from strict endpoints like droid/gemini-2-pro (fixes #1884)
• fix(ui): include isOpen dependency in EditConnectionModal state sync to ensure maxConcurrent is properly hydrated when reopening the modal (fixes #1859)
• fix(security): remediate 4 polynomial-redos CodeQL alerts in compression regexes by bounding repetitions and removing overlapping quantifiers
• fix(codex): flatten Chat Completions tool format to Codex Responses format in normalizeCodexTools — prevents Missing required parameter: tools[0].name upstream errors (#1914 — thanks @tranduykhanh030)
• fix(proxy): add proxy-aware execution context to image generation route — proxy settings are now correctly applied for image providers behind restricted networks (#1904 — thanks @Aculeasis)
• fix(translator): inject properties: {} into zero-argument MCP tool schemas during Anthropic→OpenAI translation — prevents 400 errors from OpenAI strict schema validation (#1898 — thanks @bryceIT)
• fix(codex): sanitize raw responses input (#1895 — thanks @dhaern)
• fix(combos): align strategy contracts (#1892 — thanks @dhaern)
• fix(combos): fix combo provider breaker profile handling (#1891 — thanks @rdself)
• fix(migrations): duplicate-column no-op fix (#1886 — thanks @smartenok-ops)
• fix(auth): per-connection OAuth refresh mutex (#1885 — thanks @smartenok-ops)
• fix(auth): require dashboard management auth for compression preview

🔄 Updates

• chore(provider): Add reka models list (#1956 — thanks @backryun)
• chore(model): Update new models, Delete Deprecated models (#1949 — thanks @backryun)

📝 Documentation

• docs(compression): document RTK+Caveman stacked savings ranges

🏆 Release Attribution & Retroactive Credits

• @payne0420 (PR #1828 / #1839) — Implementation of the Rate Limit Watchdog and environment overrides. (This feature was manually backported to v3.7.8, causing the automatic GitHub Release notes to omit the author's credit).

What's Changed

• fix(gemini-cli): separate Cloud Code transport from Antigravity by @dhaern in #1869
• chore(provider): Update Jina AI model catalog by @backryun in #1874
• feat(compression): RTK compression roadmap by @diegosouzapw in #1889
• feat(compression): atualização Caveman by @diegosouzapw in #1876
• feat(image-gen): add NanoGPT image generation provider by @Aculeasis in #1899
• fix(codex): sanitize raw responses input by @dhaern in #1895
• Fix combo provider breaker profile handling by @rdself in #1891
• fix(combos): align strategy contracts by @dhaern in #1892
• feat(proxy): move proxy configuration to dedicated System → Proxy page by @oyi77 in #1907
• feat: add K/M/B/T cost shortener to prevent UI overflow by @oyi77 in #1902
• feat(providers): implement bulk paste for extra API keys by @0xtbug in #1916
• fix(migrations): treat duplicate-column ALTER as no-op by @smartenok-ops in #1886
• fix(analytics): robust model pricing resolution, dark mode charts and SQL aggregation fixes by @Gi99lin in #1896
• fix(oauth): per-connection mutex for rotating refresh tokens by @smartenok-ops in #1885
• fix(copilot): emit compatible reasoning text deltas by @ivan-mezentsev in #1919
• fix(api-manager): show validation errors inline in modals, not behind by @andrewmunsell in #1920
• Release v3.7.9 by @diegosouzapw in #1917
• feat(logs): show compression tokens in request log UI by @andrewmunsell in #1923
• feat: enhance cost formatting and add Codex GPT-5.5 pricing support by @JxnLexn in #1944
• fix(routing): codex bare-name disambiguation + family-native fallback by @smartenok-ops in #1933
• feat(usage): DeepSeek V4 native cache token extraction by @smartenok-ops in #1930
• feat: Auto-Assessment and Self-Healing Combo Engine by @oyi77 in #1918
• chore: update dependencies and sidebar i18n by @backryun in #1946
• chore(model): Update new models, Delete Deprecated models by @backryun in #1949
• chore(provider): Add reka models list by @backryun in #1956
• feat(sse): codex 429 mid-task failover with account rotation by @smartenok-ops in #1888
• fix(proxy): use credentials.connectionId instead of non-existent credentials.id for image proxy resolution by @Aculeasis in #1929
• feat(db): consolidate all database settings into SystemStorageTab (closes #1935) by @oyi77...

✨ New Features

• feat(providers): add Grok 4.3 and Xiaomi Mimo TTS provider (#1837)
• feat(core): implement Rate Limit Watchdog with environment override capability to detect and reset stalled queues (#1839)
• feat(providers): add muse-spark-web provider with multiple models and reasoning support (#1843)
• feat(1proxy): integrate 1proxy free proxy marketplace with dashboard management and new MCP tools (closes #1788) (#1847)

🐛 Bug Fixes

• fix(codex): sanitize Responses replay state to prevent internal assistant commentary from leaking (#1868 — thanks @dhaern)
• fix(cli): add capture-backed Gemini CLI fingerprint (#1866)
• fix(ui): hide combo compression controls when the global setting is disabled (#1840)
• fix(db): tolerate missing request_detail_logs table for legacy deployments (#1848)
• fix(core): remove unneeded `store` payload parameter for providers lacking support (closes #1841)
• fix(core): ensure safeOutboundFetch and A2A routers return 503 Service Unavailable when security guardrails are triggered
• fix(usage): correct Unix seconds vs milliseconds parsing logic for Kiro AI quota reset (closes #1849)
• fix(ui): apply robust NaN handling, ensure 24h consistency, and fix missing hour slots in Compression Analytics (closes #1844)
• fix(ui): implement short number formatting for token consumption metrics on cache pages to prevent overflow (closes #1842)
• fix(combo): stabilize provider routing at 500+ connections by bounding semaphore queues and adjusting circuit breaker tracking (closes #1846) (#1854)
• fix(maritalk): update Maritalk model list, use Authorization Key header, and align with latest API endpoints (#1856)
• fix(grok-web): stabilize tool calling (bash, readFile, webSearch) and response parsing by mapping native Grok intents to standard OpenAI payloads (#1857)
• fix(providers): correctly map and expose the Upstage embedding and chat model catalogs (#1855)
• fix(executor): apply proper urlSuffix and custom authHeaders for unknown registry-based providers in DefaultExecutor (closes #1846) (#1861)

🛠️ Maintenance

• fix(workflow): build docker images on version tags (#1838)

What's Changed

• fix: tolerate missing request detail logs table by @bambuvnn in #1848
• feat: integrate 1proxy free proxy marketplace by @oyi77 in #1847
• feat(registry): register muse-spark-web models in provider catalog by @janeza2 in #1843
• Hide combo compression controls when disabled by @rdself in #1840
• fix(workflow): build docker images on version tags by @rdself in #1838
• Add Grok 4.3 + Add Xiaomi Mimo TTS provider by @backryun in #1837
• fix(combo): stabilize provider routing at 500+ connections (Issue #1846) by @oyi77 in #1854
• fix(Upstage):Correcting the Upstage Model List by @backryun in #1855
• fix(maritalk):Update Model list & Implementation of the latest API by @backryun in #1856
• fix(grok-web): stabilize tool calling and response parsing by @dhaern in #1857
• fix(executor): fix urlSuffix and authHeader bugs causing auth failures (Issue #1846) by @oyi77 in #1861
• fix(settings): restore CLI fingerprint toggles by @dhaern in #1863
• feat(usage): add NanoGPT subscription quota tracking to Limits & Quotas dashboard by @Aculeasis in #1865
• build(deps): bump SonarSource/sonarqube-scan-action from 7 to 8 by @dependabot[bot] in #1864
• fix(cli): add capture-backed Gemini CLI fingerprint by @dhaern in #1866
• fix(codex): sanitize Responses replay state by @dhaern in #1868
• Release v3.7.8 by @diegosouzapw in #1851

New Contributors

• @bambuvnn made their first contribution in #1848
• @janeza2 made their first contribution in #1843
• @Aculeasis made their first contribution in #1865

Full Changelog: v3.7.7...v3.7.8

✨ New Features

• Prompt Compression Pipeline: Implemented a multi-phase prompt compression engine including lite (whitespace/duplication collapse), aggressive (summarization, tool compression), and ultra modes (heuristic pruning and SLM stub) (#1633, #1738, #1739, #1741)
• Compression Dashboard & Analytics: Added a compression settings UI, real-time log viewer, pipeline statistics tracking, and interactive playground preview (#1756)
• Compression Caching & MCP: Added caching-aware strategy adjustments to the compression pipeline, alongside new MCP tools for status and configuration (#1758)
• Analytics Custom Filters: Added custom date range selection, API key filtering, and NULL key analytics backfilling to the Costs Dashboard (#1830)

🐛 Bug Fixes

• Combo Routing: Fixed an issue where Gemini -preview models were incorrectly normalized to their canonical names, causing 404 errors during combo routing (#1834)
• Codex Native Passthrough: Added support for Cursor 5.5 sending messages arrays to the responses/compact endpoint, preventing upstream rejections with empty requests (#1832)
• Rate-limit Watchdog: Implemented a new rate-limit watchdog with environment override capabilities and Stage Tracing to prevent and diagnose silent wedges (#1828)
• Encryption Resiliency: Prevent sending encrypted tokens to providers by returning null on decryption failure (#763d353)
• i18n & Locales: Fixed OpenCode baseUrl locale placeholders and added compression keys across 32 languages
• Startup Stability: Hardened resilience integration server startup logic (#9aa89b17)

🛠️ Maintenance

• Tests & Docs: Expanded the test suite with 61 unit/integration tests for the compression pipeline and updated AGENTS.md
• Workflow: Fixed the changelog extraction logic to accurately capture GitHub release descriptions

[3.7.6] — 2026-04-30

✨ New Features

• feat(api-keys): add rename support in the permissions modal — editable key name field with validation (#1796)
• feat(chatgpt-web): support thinking_effort parameter (Standard/Extended) for thinking-capable models (#1821)
• feat(dashboard): implement remaining v3.7.6 dashboard features — Costs overview, Translator pipeline, and Endpoint tabs improvements
• feat(tools): inject fallback tool names to prevent upstream 400 errors on providers that require tool names (#1775)
• feat(db): auto-restore probe-failed database on startup to prevent data loss after failed upgrades (#1810)
• feat(analytics): add cost-based usage insights and activity streaks in the analytics dashboard

🔒 Security

• fix(security): resolve ReDoS vulnerability in Codex executor regex patterns (#1797, #1789)

🐛 Bug Fixes

• fix(stability): resolve codex input validation, enable combo circuit breaker, and fix broken unit tests (#1804, #1805)
• fix(stability): safely cast inputs to strings before calling .trim() to avoid crashes on numeric fields in proxy modal (#1825)
• fix(stability): clear active requests and recover providers after connection failures (#1824)
• fix(xiaomi-mimo): update models to V2.5, fix Token Plan validation and default region (#1823)
• fix(codex): omit compact client metadata to prevent upstream rejections (#1822)
• fix(dashboard): fix endpoint visibility, A2A status display, and API catalog consistency (#1806)
• fix(analytics): use pure SQL aggregations — no history rows loaded into memory (#1802)
• fix(dashboard): correct loadPresets ReferenceError in CostOverviewTab
• fix(mitm): enforce transparent interception on port 443 only

🧹 Chores

• chore(workflow): mandate implementation plan generation in /resolve-issues workflow before coding
• chore(release): expand contributor credits to 155 PRs across full project history

🏆 Community Contributors Acknowledgment

We identified that 155 community PRs across the entire project history (from inception through v3.7.5) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again.

The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:

✨ New Features

• feat(tunnels): integrate native ngrok tunnel support with dashboard UI parity (#1753)
• feat(api-keys): add rename support in the permissions modal — editable key name field with validation (#1796)

🐛 Bug Fixes

• fix(dashboard): add manual 'Clear All' button to terminate stalled long-running requests in Active Requests panel (#1799)
• fix(schema): remove empty string values from optional tool parameters to prevent upstream validation errors (#1674)
• fix(providers): ensure proper streaming cleanup and semaphore release to prevent stalls with nanoGPT (#1781)
• fix(db): wrap quota_snapshots access in try/catch to gracefully handle pending database migrations (#1784)
• feat(providers): add support for glm-cn (BigModel) provider (#1770)
• fix(grok-web): fix Grok validator and cookie parsing (#1793)
• fix(antigravity): scrub internal OmniRoute headers (#1794)
• fix(chatgpt-web): restore validator + expand model catalog to ChatGPT Plus tier (#1792)
• fix(codex): stabilize Copilot responses replay state (#1791)
• fix(antigravity): cap Claude bridge output tokens (#1785)
• fix(schema): strip default properties from tool-call JSON schemas during egress to prevent injection errors (#1782)
• fix(db): add quota_snapshots table to core DB schema initialization to prevent startup failures on fresh installs
• fix(models): apply blocked providers filter to non-chat catalog models (image, embedding, audio, etc.) (#1752)
• fix(antigravity): stabilize streaming payload parsing and deduplicate usage/model metadata refreshes (#1748)
• fix(antigravity): normalize Gemini bridge payloads — sanitize tool names, cap output tokens, and fix thinking budget (#1769)
• fix(sse): propagate AbortSignal to pre-fetch semaphore and rate-limit awaits to prevent memory leaks (#1771)
• fix(models): fix model sync import handling — separate synced models from custom models to prevent data loss (#1755)
• fix(codex): improve VS Code Copilot /responses reasoning and tool follow-ups (#1750)
• fix(memory): resolve build issues and implement memory UPSERT logic to prevent duplicate entries (#1763)
• fix(kiro): support organization IDC OAuth with regional endpoints and refresh (#1754)
• fix(combo): include 429 in provider circuit breaker to stop infinite retry loops on exhausted quotas (#1767)
• fix(claude): respect client-set thinking/effort params — only inject adaptive thinking and high effort when the client hasn't explicitly set them, preventing forced quota drain on Claude Max accounts (#1761)
• fix(blackbox-web): correct cookie name and populate session/subscription fields (#1776)
• fix(codex): align client identity metadata (#1778)
• fix(claude): fix support for claude-cli using Gemini provider (#1779)
• test(reasoning-cache): isolate DB state using mkdtempSync to prevent 401 middleware errors

🛠️ Maintenance

• chore(docs): add MseeP.ai security assessment badge to README (#1727)
• chore(xiaomi): update Xiaomi provider model list (#1759)
• chore(db): move DB health endpoint to management API (#1757)
• chore(ui): speed up endpoint initial render with background task loading (#1760)
• chore(workflows): add strict PR contributor credit policy to prevent future merge credit loss

🏆 Community Contributors Acknowledgment

We identified that 37 community PRs across past releases (v3.4.0 → v3.7.4) were manually integrated into release branches but closed instead of properly merged through GitHub, preventing contributors from receiving merge credit on their profiles. We sincerely apologize for this oversight and have since updated our workflows to ensure this never happens again.

The following contributors had their code and ideas integrated across multiple releases without proper merge credit. Thank you for your invaluable contributions to OmniRoute:

What's Changed

• fix(antigravity): stabilize streaming and usage refresh by @dhaern in #1748
• Release v3.7.5 by @diegosouzapw in #1753

Full Changelog: v3.7.4...v3.7.5

✨ New Features

• feat(ui): add endpoint tunnel visibility settings (#1743)
• feat(cli): refresh CLI fingerprint provider profiles (#1746)
• feat(proxy): implement bulk proxy import via pipe-delimited parser with update-or-create (upsert) logic and real-time preview table
• feat(pwa): add fullscreen installable PWA with manifest, service worker, and cross-platform app icons (#1728)

🔒 Security

• security: replace insecure Math.random with crypto.getRandomValues for fallback UUID generation to resolve CodeQL CWE-338 finding (#182)

🐛 Bug Fixes

• fix(cc-compatible): fix CC-compatible relay format and UI copy (#1742)

• fix(codex): normalize max reasoning effort for Codex routing (#1744)

• fix(claude-code): fix Claude Code gateway config helper (#1745)

• fix(db): reconcile legacy create_reasoning_cache migration tracking to prevent version shadowing on 032 and resolve startup warnings (#1734)

• fix(db): intercept 007 migration to use idempotent IF NOT EXISTS logic via PRAGMA table_info, preventing syntax crashes on fresh installs (#1733)

• fix(cc-compatible): preserve Claude Code system skeleton to prevent request rejection by strict compatible upstream providers (#1740)

• fix(providers): add API key validation for image-only providers and fix Stability AI requests to use multipart/form-data instead of JSON (#1726)

• fix(codex): preserve previous_response_id and conversation_id fields when input array is empty to prevent schema validation errors (#1729)

• fix(searxng): bypass UI validation block when apiKeyOptional is true and fix typing errors in provider dashboard to allow saving search providers without credentials (#1721)

• fix(proxy): disable HTTP keep-alive and pipelining in Undici proxy dispatcher to prevent "Socket hang up" rotation failures

• stream: correctly identify thought and error blocks in Antigravity/Gemini SSE streams to prevent premature 502 timeouts (#1725, #1705)

🛠️ Maintenance

• workflow: add phase 4 release monitoring instructions to /generate-release workflow
• test: fix typescript compilation errors in unit tests to keep CI typecheck pipeline fully green
• test: update responses store expectations for empty input arrays

What's Changed

• Fix image provider validation and Stability image requests by @backryun in #1726
• Release v3.7.4 by @diegosouzapw in #1730

Full Changelog: v3.7.3...v3.7.4

🐛 Bug Fixes

• fix(claude): strip existing billing headers from system array before injecting to prevent Anthropic prompt cache misses — stacked x-anthropic-billing-header blocks invalidated prefix matching, causing ~100% cache_create instead of cache_read (#1712)
• fix(claude): strip output_config.format for non-Anthropic Claude-compatible providers during passthrough — third-party Claude endpoints (MiniMax, DeepSeek via aggregators) reject structured output fields with 400 errors (#1719)
• fix(combo): set terminal error state on response quality validation failure — prevents misleading ALL_ACCOUNTS_INACTIVE 503 when the real issue is response quality validation (#1707, #1710)
• fix(combo): treat combo fallback as target-level orchestration — all non-ok responses (including generic 400s) now fall through to the next target instead of being terminal; removes complex bad-request allowlist regex (#1713)
• fix(codex): restore namespace MCP tools and hosted-tool whitelist — regression from #1581 that silently dropped all MCP tool groups and Responses-API hosted tools (#1715)
• fix(codex): add neutral instructions for bare chat requests — Codex Responses backend rejects requests without instructions, making Codex unusable for normal chat (#1709)
• fix(proxy): wrap proxy assignment queries in try-catch for missing proxy_assignments table — Electron installs where migration 004 hasn't run no longer crash with no such table error (#1706)
• fix(migration): improve Windows file URL path resolution in migration runner — adds direct URL path extraction and process.cwd() fallback for CI-built bundles with leaked build-time paths (#1704)
• fix(ui): fix light mode active request payload modal — add missing --color-card theme token, use opaque bg-surface instead of translucent bg-card/70, add backdrop blur (#1714)

🔄 Updates

• chore(image-models): refresh image generation model registry — replace stale FLUX aliases with FLUX Kontext / FLUX.2 mappings, remove deprecated FLUX Redux/Depth/Canny variants (#1722)

What's Changed

• fix(codex): restore namespace MCP tools + hosted-tool whitelist (regression from #1581) by @vanminhph in #1715
• [Urgent] fix: add neutral instructions for bare chat in Codex provider by @rdself in #1709
• fix(combo): fall back across targets on all 400 responses by @rdself in #1713
• fix(combo): avoid false ALL_ACCOUNTS_INACTIVE on quality failures by @CruxExperts in #1710
• Fix light mode active request payload modal by @rdself in #1714
• Release v3.7.3 by @diegosouzapw in #1724

Full Changelog: v3.7.2...v3.7.3

✨ New Features

• feat(authz): introduce centralized proxy-based authz pipeline and lifecycle policy (#1632)
• feat(logs): configure call log pipeline artifacts (#1650)
• feat(network): add guarded remote image fetch utility
• feat(codex): enable native Codex websocket responses on beta-gated models (#1658)
• feat(muse-spark-web): continue the same meta.ai conversation across turns (#1673)

🐛 Bug Fixes

• fix(responses): sanitize empty string placeholders from tool-call optional arguments in stream delta accumulation to avoid breaking strict clients (#1674)
• fix(codex): prevent unexpected protocol leakage and fabricated instructions on bare chat completion requests without tools (#1686)
• fix(executors): truncate tools array to 128 items max in GitHub Copilot and OpenCode executors to mitigate 400 Bad Request errors from upstream (#1687)
• fix: add body-read timeout to prevent stuck pending requests (#1680)
• fix(rate-limit): replace unsupported Bottleneck maxWait option with job-level expiration to prevent indefinite queue stalls (#1694)
• fix(sse): sanitize OpenAI tool schemas for strict upstream validators — strips null from enum arrays, normalizes tuple items, filters invalid required keys (#1692)
• fix(stream): fail zombie SSE streams before accepting response — returns 504 instead of hanging indefinitely, enables combo fallback (#1693)
• fix(combo): complete context truncation hotfix — cache getCombos() with 10s TTL, pass allCombosData to resolveComboTargets() for nested combo resolution, consolidate duplicated context overflow regex patterns (#1685)
• fix(codex): raise default quota threshold from 90% to 99% to avoid premature account blocking when usable quota remains (#1697)
• fix(memory): use user role for GLM/ZAI/Qianfan providers — providers with strict role constraints (no system role) now correctly receive memory context as a user message instead of a system message, preventing 422 validation errors (#1701)
• fix(oauth): target specific connection by ID on re-auth token exchange — prevents duplicate account creation when re-authenticating an existing OAuth connection (#1702 — thanks @namhhitvn)
• feat(email-privacy): integrate email visibility toggle in RequestLoggerV2 — log detail modal now respects global email privacy state, hiding email addresses by default (#1700 — thanks @namhhitvn)
• fix(combo): trigger fallback on Anthropic Invalid signature in thinking block errors instead of returning 400 directly (#1696)
• fix: combo retry loop stops immediately on client disconnect (499) (#1681)
• fix(search): support optional bearer auth for SearXNG (#1683)
• fix(vision): respect native GPT vision support — prevents VisionBridge from intercepting models that already handle images natively (#1678)
• fix(qwen): use security.auth format instead of modelProviders for Qwen Code config generation (#1677)
• fix(codex): remove stale websocket transport lookup that caused fallback errors (#1676)
• fix(chatgpt-web): bound tls-client native deadlocks so requests never hang forever (#1664)
• fix(codex): default gpt-5.5 to HTTP transport instead of WebSocket (#1660)
• fix(codex): [urgent] fix gpt-5.5 websocket transport and model labels (#1656)
• fix(grokweb): update Request and Response Specifications (#1655)
• fix(blackbox-web): set isPremium flag to true to enable premium model access (#1661)
• fix(core): avoid OpenAI stream options for Anthropic-compatible providers (#1654)
• fix(electron): resolve MCP server start failure on Windows (#1662)
• fix(electron): make Windows smoke test non-blocking (continue-on-error), pre-create userData dir for Windows + stream logs in CI, and add --no-sandbox and sandbox env for CI smoke tests
• fix(codex): fix getWreqWebsocket ReferenceError causing 502 on all Codex requests (#1652, #1653)
• fix(codex): default store to false — Codex OAuth backend rejects store=true (#1635)
• fix(db): add post-migration guards for missing batches table and combos.sort_order column on DB upgrades (#1648, #1657)
• fix(db): renumber duplicate migration 032 to prevent collision
• fix(perplexity-web): update API version and user-agent to match upstream requirements (#1666)
• fix(docker): copy SQLite migration files and explicitly trace in standalone build (#1665)
• fix(muse-spark-web): update to Meta's Ecto-era persisted query — fixes 502 Unknown type "RewriteOptionsInput" after Meta retired the Abra mutation (#1668)
• fix(dev): enable Turbopack by default and repair Codex CORS headers (#1669)
• fix(authz): restore REQUIRE_API_KEY support in clientApi policy
• fix(auth): align fallback API key format with test setup

🛠️ Maintenance

• build(prepublish): make Next.js build bundler configurable (webpack/turbopack)
• ci: align sonar analysis scope
• ci: stabilize release branch checks
• ci: remove expired advanced security scans job

🧪 Tests

• test: fix TypeScript configuration errors in plan3-p0.test.ts
• test: fix implicit any types across test suites
• test: disable type checking in flaky unit tests
• test: fix failing tests due to recent refactors
• fix(tests): align integration tests with authz pipeline refactor
• fix(tests): align test assertions with v3.7.2 source code changes
• fix(tests): CORS test now checks object body instead of entire file
• fix(e2e): fix E2E flakiness and implicit any type errors

What's Changed

• fix: resolve MCP server start failure on Windows by @t-way666 in #1662
• fix(blackbox-web): set isPremium flag to true by @hijak in #1661
• fix(codex): default gpt-5.5 to HTTP transport instead of WebSocket by @Gi99lin in #1660
• [codex] Enable Codex websocket beta header by @kfiramar in #1658
• [urgent] fix gpt-5.5 websocket transport and model labels by @rdself in #1656
• fix(grokweb):Update Request and Response Specifications by @backryun in #1655
• fix: avoid OpenAI stream options for Anthropic-compatible providers by @rdself in #1654
• Configure call log pipeline artifacts by @rdself in #1650
• fix(perplexity-web): update API version and user-agent by @hijak in #1666
• Fix Docker Not Copy SQLite by @NekoMonci12 in #1665
• fix(muse-spark-web): update to Meta's Ecto-era persisted query (fixes 502 "Unknown type RewriteOptionsInput") by @payne0420 in #1668
• [urgent] fix(dev): enable Turbopack and repair Codex CORS headers by @backryun in #1669
• fix(codex): remove stale websocket transport lookup by @yart in #1676
• fix(vision): respect native GPT vision support by @yart in #1678
• feat(muse-spark-web): continue the same meta.ai conversation across turns by @payne0420 in #1673
• fix(search): support optional bearer auth for SearXNG by @hijak in #1683
• fix: add body-read timeout to prevent stuck pending requests by @clousky2020 in #1680
• deps: bump the production group with 5 updates by @dependabot[bot] in #1690
• deps: bump the development group with 5 updates by @dependabot[bot] in #1691
• fix(sse): sanitize OpenAI tool schemas for strict upstream validators (kimi-k2.6 via opencode-go) by @payne0420 in #1692
• fix(stream): fail zombie streams before accepting response by @dhaern in #1693
• [HOTFIX] Complete context truncation fix (PR #1480 follow-up) by @herjarsa in #1685
• fix(oauth): target specific connection by id on re-auth token exchange by @namhhitvn in #1702
• feat(email-privacy): integrate email visibility toggle in RequestLoggerV2 by @namhhitvn in #1700
• fix(codex): avoid blocking quota with ten percent remaining by @dhaern in #1697
• fix(providers): refresh web client user agents by @backryun in #1699
• Release v3.7.2 by @diegosouzapw in #1672

New Contributors

• @t-way666 made their first contribution in #1662
• @NekoMonci12 made their first contribution in #1665
• @namhhitvn made their first contribution in #1702

Full Changelog: v3.7.1...v3.7.2

✨ New Features

• feat(providers): Add GPT-5.5 support to the Codex provider — includes 1.05M context window, tool calling, vision, and reasoning capabilities with proper pricing entries across cx and openai providers. Refactors splitCodexReasoningSuffix() into a shared helper for cleaner effort-level parsing (#1617 — thanks @Zhaba1337228).
• feat(cli): Add omniroute reset-encrypted-columns recovery command — nulls encrypted credential columns (api_key, access_token, refresh_token, id_token) in provider_connections while preserving provider metadata, giving users affected by #1622 a clean recovery path without losing configurations.
• feat(i18n): Expand locale coverage with nine new language packs (Bengali, Farsi, Gujarati, Indonesian, Marathi, Swahili, Tamil, Telugu, Urdu), bringing total language support from 32 to 41 locales.

🐛 Bug Fixes

• fix(rate-limit): Add per-model rate limiting for GitHub Copilot provider — a 429 on one model (e.g. gpt-5.1-codex-max) no longer locks the entire connection, matching the existing Gemini per-model quota pattern (#1624 — thanks @slewis3600).
• fix(cli-tools): Preserve existing OpenCode configuration (MCP servers, custom providers, comments) when saving OmniRoute settings — uses jsonc-parser for tree-preserving edits instead of destructive JSON roundtrip. Fix API key clipboard copy to use raw keys instead of masked placeholders. Add theme-aware OpenCode light/dark SVG logos (#1626 — thanks @JasonLandbridge).
• fix(cli-tools): Fix OpenCode guide step 3 {{baseUrl}} double-brace placeholder to use ICU-style {baseUrl} across all 41 locales, restoring next-intl interpolation (#1626).
• fix(codex): Make wreq-js native module import lazy and optional to prevent server crash on startup when the platform-specific binary is missing — affects pnpm installs, Docker Alpine, macOS ARM, and Windows (#1612, #1613, #1616).
• fix(i18n): Add 14 missing translation keys (logs.runningRequests, logs.model, logs.provider, logs.account, logs.elapsed, logs.count, logs.payloads, etc.) for the Active Requests panel across all locales. Replace 83 placeholder values in usage/evals namespace. Add 5 missing health namespace keys for rate limit status.
• fix(encryption): Prevent STORAGE_ENCRYPTION_KEY from being silently regenerated during npm install -g upgrades, which made all previously-encrypted provider credentials permanently unrecoverable due to AES-GCM auth-tag mismatch (#1622).
• fix(startup): Add decrypt-probe diagnostic at server bootstrap — if STORAGE_ENCRYPTION_KEY doesn't match encrypted credentials in the database, a prominent warning is logged directing users to restore the key or use the new recovery command.
• fix(cli-tools): Allow null API key values in cliModelConfigSchema to prevent 400 Bad Request errors when saving cloud-based CLI tool configurations. Fix error handling across all 10 ToolCard components to safely extract messages from structured error objects, preventing React Error #31 crashes.
• fix(docker): Set NPM_CONFIG_LEGACY_PEER_DEPS=true in the Docker builder layer before npm ci and remove duplicate postinstallSupport.mjs COPY instruction — fixes container image build failures introduced in v3.7.0 (#1630 — thanks @rdself).
• fix(antigravity): Hide deprecated Gemini-routed Claude 4.5 models from public catalogs and model lists. Legacy gemini-claude-* aliases now silently resolve to current Claude 4.6 equivalents. Replace dynamic reverse-alias generation with an explicit allowlist for predictable model visibility (#1631 — thanks @backryun).
• fix(types): Add explicit type annotations to sync-env test helpers and dynamic import casts to satisfy typecheck:noimplicit:core CI gate.
• fix(reasoning): Implement Reasoning Replay Cache — hybrid memory/SQLite persistence for reasoning_content in multi-turn tool-calling flows. Automatically captures reasoning from DeepSeek V4, Kimi K2, Qwen-Thinking, and GLM models and re-injects it on follow-up turns to prevent HTTP 400 errors from strict reasoning-content validation. Includes dashboard telemetry tab, REST API, and 21 unit tests (#1628 — thanks @JasonLandbridge).
• fix(postinstall): Extend postinstall native module repair to cover wreq-js — detects missing platform-specific .node binaries inside app/node_modules/wreq-js/rust/ and copies them from the root install. Fixes global pnpm installs on macOS arm64 where the standalone app directory only contained Linux binaries (#1634 — thanks @MarcosT96).
• fix(migration): Prevent compat-renamed migration slots from shadowing new migrations at the same version number. After rewriting 028_provider_connection_max_concurrent → 029, the runner now verifies the old version slot is clear, ensuring 028_create_files_and_batches runs on v3.6.x → v3.7.x upgrades. Adds batches table as a physical schema sentinel for upgrade recovery (#1637 — thanks @V8-Software).
• fix(registry): Route GitHub Copilot GPT 5.4/5.5 models through the Responses API (targetFormat: "openai-responses"). Fixes gpt-5.4-mini and gpt-5.4 being rejected on /chat/completions by GitHub (#1641 — thanks @dhaern).
• fix(usage): Correct MiniMax token plan quota display — the newer /v1/token_plan/remains endpoint reports used counts, not remaining counts. Rounds floating-point percentage artifacts in Provider Limits UI (#1642 — thanks @CruxExperts).
• fix(codex): Lazy-load wreq-js WebSocket transport via createRequire instead of top-level import. Server boots cleanly when native module is unavailable and returns 503 only when Codex WebSocket is actually requested. Fixes #1612 (#1640 — thanks @dendyadinirwana).
• fix(electron): Package Electron runtime dependencies into resources/app/node_modules/ via separate extraResources FileSet. Adds cross-platform packaged app smoke test script and CI integration to prevent future regressions. Closes #1636 (#1639 — thanks @prateek).
• feat(account-fallback): Add model-level daily quota lockout. When a provider returns 429 with quota_exhausted, cooldown is set to tomorrow 00:00 instead of exponential backoff. Detects daily quota patterns via isDailyQuotaExhausted() in chat handler (#1644 — thanks @clousky2020).
• fix(codex): Use per-conversation session_id/conversation_id from client body as prompt_cache_key instead of account-wide workspaceId. The official Codex CLI uses conversation_id (a unique UUID per session); using the shared workspaceId capped cache hit-rate at ~49%. Includes 10 unit tests (#1643).
• fix(claude): Stabilize billing header fingerprint to prevent Anthropic prompt-cache prefix invalidation. The fingerprint was derived from the first user message text, which changes every turn, mutating system[] and forcing ~100% cache_create. Now uses a stable per-day hash, preserving ~96% cache_read hit rate (#1638).
• fix(transport): Harden GitHub and Kiro streaming — thread clientHeaders through BaseExecutor.buildHeaders() to eliminate mutable singleton state race condition on concurrent requests. Remove redundant [DONE] stripping TransformStream from GitHub executor. Add defensive parseToolInput() for malformed Kiro tool call arguments. Hoist TextEncoder/TextDecoder to module singletons and use zero-copy subarray() (#1645 — thanks @dhaern).
• fix(transport): Prevent memory bloat and database exhaustion from large, fragmented streaming responses. Implemented ByteQueue in kiro.ts for zero-copy binary accumulation, refactored antigravity.ts for incremental SSE parsing, and enforced a strict 512KB tiered truncation limit (MAX_CALL_LOG_ARTIFACT_BYTES) on stream request logs and call artifacts (#1647).
• chore(ci): Update build environment dependencies — bump Node to 24.15.0, actions/checkout@v6, docker/build-push-action@v7, pin actions/setup-python to major tag (#1646 — thanks @backryun).

📝 Documentation

• docs(env): Add OMNIROUTE_ALLOW_PRIVATE_PROVIDER_URLS to .env.example with documentation for LM Studio and other local provider use cases (#1623).

What's Changed

• Add Codex GPT-5.5 support by @Zhaba1337228 in #1617
• [Urgent] fix: include npm config in Docker install layer by @rdself in #1630
• fix(antigravity): hide deprecated Gemini-Claude models by @backryun in #1631
• fix: route newer GitHub GPT models through Responses by @dhaern in #1641
• fix(usage): correct MiniMax token plan quota display by @CruxExperts in #1642
• fix(codex): avoid startup crash when wreq-js is unavailable by @dendyadinirwana in #1640
• fix: package Electron runtime deps by @prateek in #1639
• fix:Update Build env dependencies by @backryun in #1646
• fix(transport): harden GitHub and Kiro streaming by @dhaern in #1645
• Release v3.7.1 by @diegosouzapw in #1629

New Contributors

• @Zhaba1337228 made their first contribution in #1617
• @dhaern made their first contribution in #1641
• @CruxExperts made their first contribution in #1642
• @dendyadinirwana made their first contribution in #1640
• @prateek made their first contribution in #1639

Full Changelog: v3.7.0...v3.7.1

✨ New Features

• feat(providers): Implement Image Generation and Editing capabilities for ChatGPT Web, including in-band chat image generation and caching (#1606).

• feat(ui): Integrate OpenCode Zen/Go API tool logo SVG and polish API key copy-to-clipboard interactions (#1607).

• feat(providers): Add CrofAI as a built-in API-key provider with quota/usage monitoring wired into the dashboard Limits page (#1604, #1606).

• feat(skills): Add workspace-scoped built-in skills (file_read, file_write, http_request, eval_code, execute_command) with real sandbox execution via Docker, replacing stub responses. Browser skills now fail explicitly when runtime is not configured.

• feat(providers): Integrate AgentRouter as a new OpenAI-compatible passthrough provider with $200 free credits via sign-up (Issue #1572).

• feat(ui): Implement on-demand per-model testing in the provider dashboard, allowing single-token diagnostic checks without triggering rate-limits (Issue #1532).

• feat(provider): add ChatGPT Web (Plus/Pro) session provider (#1593)

• feat(provider): add Baidu Qianfan chat provider (#1582)

• feat(codex): support GPT-5.5 responses websocket (#1573)

• feat(sse): Codex CLI image_generation + DALL-E-style image route (#1544)

• feat(dashboard): Complete the reconciled v3.7.0 dashboard task set: MCP cache tools and count, video endpoint visibility, provider taxonomy, upstream proxy visibility, provider count badges, costs overview, eval suite management, Custom CLI builder, ACP-focused Agents copy, Translator stream transformer, logs convergence, learned rate-limit health cards, docs expansion, and active request payload inspection.

• feat(mcp): Register omniroute_cache_stats and omniroute_cache_flush across MCP schemas, server registration, handlers, docs, and tests.

• feat(providers): Complete the v3.7.0 provider onboarding wave with self-hosted/local providers (lm-studio, vllm, lemonade, llamafile, triton, docker-model-runner, xinference, oobabooga), OpenAI-compatible gateways (glhf, cablyai, thebai, fenayai, empower, poe), enterprise providers (datarobot, azure-openai, azure-ai, bedrock, watsonx, oci, sap), specialty providers (clarifai, modal, reka, nous-research, nlpcloud, petals, vertex-partner), amazon-q, GitLab/GitLab Duo, and Chutes.ai.

• feat(providers): Add Cloudflare Workers AI integration and UI support for robust backend execution.

• feat(telemetry): Implement proactive public IP capture from client headers (x-forwarded-for, x-real-ip, etc.) within safeLogEvents for accurate database observability.

• feat(audio): Add AWS Polly as an audio speech provider with SigV4 request signing, static engine catalog, provider validation, managed-provider UI coverage, and sanitization for AWS secret/session fields.

• feat(search): Add You.com search provider support with dashboard discovery, validation, livecrawl option handling, and search handler normalization.

• feat(video): Add RunwayML task-based video generation support, task polling, provider catalog metadata, validation, and dashboard/model-list coverage.

• feat(providers): Add search functionality to the providers dashboard with i18n support. (#1511 — thanks @th-ch)

• feat(providers): Register 6 new models in the opencode-go provider catalog. (#1510 — thanks @kang-heewon)

• feat(providers): Add ModelScope provider (Chinese AI marketplace) with Kimi K2.5, GLM-5, and Step-3.5-Flash integration. (#1430 — thanks @clousky2020)

• feat(providers): Add LM Studio as an OpenAI-compatible local provider for self-hosted model inference.

• feat(providers): Add Grok 4.3 thinking model support for xAI web executor requests.

• feat(core): Implement provider-level Circuit Breaker to prevent cascading failures across connections, enforcing a 10-minute cooldown after 5 consecutive transient failures. (#1430)

• feat(core): Add daily quota exhaustion lock to detect "quota exceeded" signals and lock the specific model until midnight. (#1430)

• feat(core): Auto-inject stream_options.include_usage = true for OpenAI format streams to guarantee token usage is reported correctly during streaming. (#1423)

• feat(core): Add OpenAI Batch Processing API support — submit, monitor, and manage batch jobs through the proxy with full lifecycle tracking.

• feat(vision-bridge): Add automatic image description fallback for non-vision models via VisionBridgeGuardrail (priority 5). Intercepts image-bearing requests to non-vision models, extracts descriptions via a configurable vision model (default: gpt-4o-mini), and replaces images with text before forwarding. Fails open on any error. (#1476)

• feat(dashboard): Introduce real-time model status badges with countdown timers in the provider detail and combo panel interfaces. (#1430)

• feat(dashboard): Add Batch/File management data grid with full i18n translations for batch processing workflows. (#1479)

• feat(usage): MiniMax + MiniMax-CN quota tracking in provider limits dashboard. (#1516)

• feat(providers): Fix OpenRouter remote discovery and unify managed model sync. (#1521)

• feat(providers): Implement provider and account-level concurrency cap enforcement (maxConcurrent) using robust semaphore mechanisms. (#1524)

• feat(core): Implement Hermes CLI config generation and message content stripping. (#1475)

• feat(combos): Add expert combo configuration mode for advanced routing controls. (#1547)

• feat(providers): Register Codex auto review and expand icon coverage.

• feat(tunnels): Add Tailscale tunnel management routes and runtime helpers for install, login, daemon start, enable/disable, and health checks.

🐛 Bug Fixes

• fix(mitm): Compile MITM utilities as NodeNext ESM during prepublish, copy the CommonJS MITM server into the standalone artifact, and resolve MITM data paths without relying on Next.js aliases in packaged runtime.

• fix(build): Move the local .tmp/wine32 Wine prefix out of the isolated Next.js build path so Windows Electron packaging artifacts cannot trigger EACCES scans during Node 24 builds.

• fix(build): Copy the wreq-js native runtime directory into the isolated Next.js standalone output so packaged Playwright/E2E starts can load the instrumentation hook on Linux.

• fix(api): Validate the Codex Responses websocket bridge and /v1/batches JSON payloads with Zod before use, keeping request.json() route validation green and returning explicit 400 responses for invalid bodies.

• fix(providers): Add explicit typing to provider alias and category helpers so the strict typecheck:noimplicit:core CI gate passes.

• fix(ui): Keep the upstream proxy provider detail page labeled with a fallback "Managed via Upstream Proxy Settings" management surface when translations are unavailable.

• fix(electron): Harden the production desktop CSP by removing unsafe-eval outside development and adding object, base URI, form action, frame ancestor, and worker restrictions.

• fix(cli): Replace shell-interpolated setup and privileged command execution paths with argument-based spawn/execFile helpers for database setup, Tailscale sudo commands, MITM DNS edits, and certificate install/uninstall flows.

• fix(ui): Keep provider icons resilient by using direct @lobehub/icons components first, then local PNG/SVG fallbacks, avoiding the @lobehub/ui peer runtime in the dashboard.

• fix(chatgpt-web): Fix empty-file race in tlsFetchStreaming where waitForFile accepted zero-byte files, silently degrading streaming requests to buffered mode. Replaced with waitForContent requiring file.size > 0 with early exit on request settlement. (#1597 — thanks @trader-payne)

• fix(chatgpt-web): Fix stale NextAuth session-token cookies surviving rotation shape changes (unchunked↔chunked). mergeRefreshedCookie now drops all session-token family members via SESSION_TOKEN_FAMILY_RE before appending the refreshed set, preventing auth failures from dual cookie submission. (#1597 — thanks @trader-payne)

• fix(codex): WebSocket memory retention and weekly limit handling (#1581)

• fix(providers): Default models list logic (#1577)

• fix(ui): Dashboard endpoint URL hydration respects NEXT_PUBLIC_BASE_URL when behind a reverse proxy (#1579)

• fix(providers): Restore strict PascalCase header masquerading for Claude Code to resolve HTTP 429 upstream errors (#1556)

• fix(sse): make Responses passthrough robust for size-sensitive clients (#1580)

• fix(codex): update client version for gpt-5.5 (#1578)

• fix(vision-bridge): force GPT-family image fallback (#1571)

• fix(claude): skip adaptive thinking defaults for unsupported models (#1563)

• fix(claude): preserve tool_result adjacency in native and CC-compatible paths (#1555)

• fix(reasoning): Preserve OpenAI Chat Completions reasoning_effort through assistant-prefill requests and label OpenAI request protocols explicitly as OpenAI-Chat or OpenAI-Responses. (#1550)

• fix(codex): Fix Codex auto-review model routing so review traffic resolves to the intended configured model. (#1551)

• fix(resilience): Route HTTP 429 cooldowns through runtime settings so cooldown behavior follows the configured resilience profile. (#1548)

• fix(providers): Normalize Anthropic header keys to lowercase in the provider registry to avoid duplicate or case-variant upstream headers. (#1527)

• fix(providers): Preserve audio, embedding, rerank, image, video, and OpenAI-compatible alias metadata when /v1/models merges static and discovered catalogs.

• fix(providers): Discover Azure OpenAI deployments from resource endpoints using api-key auth and configurable API versions.

• fix(providers): Keep local OpenAI-style providers authless when no API key is configured, including the Lemo...