diegosouzapw/OmniRoute v3.8.0 on GitHub

OmniRoute v3.8.0

Unified AI proxy/router — route any LLM through one endpoint.
160+ providers | MCP Server (37 tools) | A2A v0.3 Protocol | Electron Desktop App

🚀 Highlights

160+ providers supported — OpenAI, Anthropic, Gemini, DeepSeek, Groq, xAI, Mistral, Fireworks, Cohere, NVIDIA, Cerebras, Pollinations, Puter, Cloudflare AI, HuggingFace, DeepInfra, SambaNova, Meta Llama API, Moonshot AI, AI21 Labs, Databricks, Snowflake, and many more
14 combo routing strategies including new reset-aware, context-relay, and falloverBeforeRetry
MCP Server with 37 tools, 3 transports (stdio / SSE / Streamable HTTP)
A2A v0.3 Protocol with 5 skills
Electron desktop app for Windows, macOS, and Linux
Prompt compression pipeline with 7 modes (off/lite/standard/aggressive/ultra/rtk/stacked)
CLI v4 — Commander.js architecture, 50+ commands, interactive TUI, full i18n (42 locales)
Gamification & Leaderboard system with XP, badges, streaks, and federation
Dashboard i18n coverage increased from ~20% to ~88% (420+ new keys, 42 languages)
BREAKING: dropped Node 20.x support — minimum Node version is now 22.22.2 (or 24.0.0+)

✨ New Features & Fixes by Date

2026-05-20

feat(batch): 10 feature requests — T3 Chat Web executor (cookie-based), per-request exhausted-provider tracking (#1731), Zed Docker detection, API key rotator health, Kiro multi-account isolation, context-window model filtering, cost blending, combo config tests (#2414)
feat(combos): falloverBeforeRetry strategy — combo routing now falls over to the next target before retrying the same model (#2417 — thanks @hartmark)
fix(gamification): resolve 6 implementation gaps — missing SELECT in SQL, federation leaderboard auth, pagination offset, z-scores, initial level, barrel file. 72-test suite (#2421 — thanks @oyi77)
docs: AgentRouter provider setup guide (#2422 — thanks @leninejunior)
fix(claude): drop orphan tool_result blocks after fixToolAdjacency — resolves HTTP 400 from Anthropic API (#2410)
fix(playground): guard against null/non-string model IDs in Playground dropdowns
fix(storage): persist STORAGE_ENCRYPTION_KEY across upgrades (#2428 — thanks @Chewji9875)
fix(auth): auto-reset credential apiKeyHealth status on successful connection test (#2427 — thanks @clousky2020)
fix(mitm): MITM runtime manager re-export fixes (#2425 — thanks @NomenAK)
fix(image): support Antigravity image generation + Gemini 3.5 Flash (#2423 — thanks @backryun)

2026-05-19

chore(i18n): comprehensive dashboard i18n coverage — 6 rounds of refactoring, 420+ new keys, 57+ pages (~88% coverage)
feat(gamification): implement Gamification & Leaderboard System (#2405 — thanks @oyi77)
feat(providers): support Gemini API keys for Gemini CLI executor (#2408 — thanks @benzntech)
feat(providers): Gemini Web cookie-based provider (#2380 — thanks @oyi77)
fix(resilience): API Key health tracking with automatic rotation and UI alerts (#2412 — thanks @clousky2020)
fix(providers): Kilo Code provider no longer blocks on missing local CLI binary (#2404 — thanks @Flexible78)
fix(db): bun add -g omniroute no longer surfaces generic 500 (#2358 — thanks @yamansin)
fix(kiro): enable Google OAuth login option in auth modal (#2392 — thanks @congvc-dev)
model: add Composer 2.5 to Cursor provider catalog (#2381 — thanks @backryun)
fix: tool_use without adjacent tool_result causes Claude 400 (#2383 — thanks @oyi77)

2026-05-18

refactor(dashboard): comprehensive nav, providers, endpoint, runtime, quota, pricing, budget redesign + quota sharing preview (sidebar → 12 sections, 22 new routes) (#2384)
feat(content): add Haiper, Leonardo, Ideogram, Suno, Udio as media providers (#2377 — thanks @oyi77)
feat(@omniroute/opencode-provider): expand config helpers, MCP entry, live model fetch (#2375 — thanks @mrmm)
feat(content): extend providers with video, audio, TTS, music capabilities (#2369 — thanks @oyi77)
feat(providers): add Veo AI Free as web-wrapper provider (#2366 — thanks @oyi77)
feat(providers): add Replicate as free provider (#2364 — thanks @oyi77)
feat(providers): add GitHub Models as free provider (#2344 — thanks @oyi77)
feat(providers): add Hackclub AI as free provider (#2339 — thanks @oyi77)
feat(providers): add Microsoft Copilot Web executor (#2340 — thanks @oyi77)
fix(claude-oauth): enable system-transforms pipeline for native Claude executor (#2370 — thanks @thepigdestroyer)
fix(claude): semantic passthrough — preserve Claude Code messages[] structure (#2351 — thanks @terence71-glitch)
fix(streaming): emit protocol-aware stream errors (#2355 — thanks @dhaern)
fix(combos): allow bracketed combo names (e.g. Claude [1m]) (#2354 — thanks @congvc-dev)
fix(rate-limiter): Redis is now opt-in — silent fallback to in-memory store (#2357)
fix(security): resolve CodeQL alerts #243/#244/#245/#246 (#2391, #2394)

2026-05-17

feat(codex): bulk import Codex auth.json — multi-file upload, clipboard, ZIP support (#2343)
feat(codex): import single Codex auth.json as OAuth connection (#2336)
feat(ui): comprehensive dashboard UX rework — simple/advanced modes, InfoTooltip, PresetSlider (#2315, #2316 — thanks @dhaern, @oyi77)
feat(provider): add Gitlawb Opengateway provider (#2314 — thanks @oyi77)
fix(providers): providers page empty-state and first provider setup (#2333 — thanks @slider23)

2026-05-16

feat(deepseek-web): full DeepSeek web API executor with Keccak PoW solver (#2295 — thanks @oyi77)
feat(cc-bridge): config-driven per-provider system-block transform DSL (#2286 — thanks @mrmm)
feat(skills): add 5 CLI skill manifests + AgentSkills dashboard pages (#2284)
fix(translator): map developer → system by default for non-OpenAI providers (#2281)
fix(api/combos): add API-key-safe GET /v1/combos endpoint (#2300)

2026-05-15

feat(cli): CLI v4 — Commander.js, 50+ commands, interactive TUI, full i18n (42 locales), plugin system (#2280)
feat(termux): Android/Termux headless support (#2273 — thanks @t-way666)
feat(limits): per-window quota cutoffs with cascading resolver (#2267 — thanks @payne0420)
feat(api-keys): configurable default rate limits via DEFAULT_RATE_LIMIT_PER_DAY (#2266 — thanks @gleber)
feat(authz): managementPolicy accepts API keys with manage scope (#2265 — thanks @gleber)
feat(mcp): MCP accessibility-tree smart filter engine — 60-80% token savings
feat(runtime): dynamic SQLite 5-step fallback chain
feat(cli): standalone system tray with PowerShell fallback on Windows (omniroute --tray)

2026-05-08 a 2026-05-14

feat(auto): zero-config auto-routing with auto/ prefix — 6 variant profiles (#2131 — thanks @oyi77)
feat(kiro): headless auth, image support, tool overflow handling (#2129 — thanks @christlau)
feat(cursor): surface Cursor Pro plan usage on dashboard (#2128 — thanks @payne0420)
feat(mitm): dynamic Linux certificate path detection (#2134 — thanks @flyingmongoose)
feat(oauth): complete Windsurf and Devin CLI OAuth flows (#2168 — thanks @Zhaba1337228)
feat(antigravity): support custom Google Cloud project ID (#2227 — thanks @nickwizard)
feat(resilience): useUpstream429BreakerHints toggle (#2133 — thanks @eleata)
feat(claude-web): session-based Claude Web executor (#2283 — thanks @oyi77)
feat(providers): add llama.cpp as local provider (#1980)
fix(auth): accept x-api-key header for Anthropic-native clients (#2225)
fix(translator/claude-to-openai): stop inflating prompt_tokens with cache_creation_input_tokens (#2215)
fix(security): remediate CodeQL vulnerabilities — ReDoS, crypto bias, stack traces, weak hashing
fix(kiro): harden OpenAI-to-Kiro translator (#2251 — thanks @8mbe)

2026-05-06 a 2026-05-07 (initial release)

feat(zed): Zed IDE Docker support with Manual Token Import panel (#2306)
feat(routing): LKGP stores last known good account connectionId (#2338 — thanks @oyi77)
feat(responses): degrade background: true to synchronous execution (#2164 — thanks @Yosee11)
feat(api): aggregate combo model metadata in catalog endpoint (#2166 — thanks @faisalill)
feat(cli): CLI Integration Suite — 5 management commands, 3 API endpoints, config generators (#2240 — thanks @oyi77)

🔒 Security

Resolve CodeQL ReDoS, URL sanitization, weak crypto, and stack trace exposure alerts
Session pool key derivation switched to HMAC-SHA256
Windsurf Firebase token refresh reads from config instead of env
Error sanitization through sanitizeErrorMessage() across all executors
Route protection tiers (5 levels: public/read-only/protected/always/local-only)

⚠️ Breaking Changes

Dropped Node 20.x support — minimum Node version is now >=22.22.2 or >=24.0.0
CLI architecture — bin/cli-commands.mjs replaced by modular bin/cli/commands/

📦 Installation

npm install -g omniroute
# or
docker pull diegosouzapw/omniroute:latest

🏆 v3.8.0 Contributors Hall of Fame

Thank you to all 55+ contributors who made this release possible!

Contributor	PRs
@oyi77	#2010, #2014, #2041, #2052, #2061, #2074, #2091, #2094, #2096, #2131, #2135, #2240, #2283, #2295, #2338, #2339, #2340, #2344, #2364, #2366, #2369, #2377, #2380, #2383, #2405, #2421
@backryun	#1992, #2033, #2088, #2123, #2138, #2141, #2150, #2177, #2269, #2279, #2313, #2318, #2319, #2381, #2423
@thepigdestroyer	#2290, #2291, #2326, #2327, #2370
@mrmm	#2286, #2305, #2308, #2312, #2375
@dhaern	#2028, #2039, #2087, #2090, #2315, #2316, #2317, #2355
@hartmark	#2045, #2137, #2294, #2299, #2309, #2417
@gleber	#2103, #2264, #2265, #2266
@clousky2020	#2119, #2412, #2427
@terence71-glitch	#2335, #2351, #2362
@congvc-dev	#2004, #2354, #2392
@herjarsa	#2030, #2136, #2152, #2349
@slider23	#2329, #2352
@Rikonorus	#2253, #2254
@InkshadeWoods	#2202, #2250, #2261
@payne0420	#2082, #2128, #2267
@benzntech	#2408
@christlau	#2129
@flyingmongoose	#2134
@Zhaba1337228	#2168
@nickwizard	#2227
@eleata	#2133
@t-way666	#2273
@8mbe	#2251
@ddarkr	#2271
@TF0rd	#2350
@Flexible78	#2404
@yamansin	#2358
@Chewji9875	#2428
@NomenAK	#2224, #2228, #2425
@leninejunior	#2422
@josephvoxone	#2289
@rdself	#2118
@Brkic-Nikola	#2165
@DavyMassoneto	#2140
@kang-heewon	#2231
@boa-z	#2115
@faisalill	#2166
@Yosee11	#2164

Thanks also to @dependabot for keeping dependencies current via #2178, #2228, #2288, #2397, #2398, #2399.

See full CHANGELOG.md for complete details.