diegosouzapw/OmniRoute v3.8.11

on GitHub

✨ New Features

• theoldllm: add The Old LLM — a free, Playwright-backed provider with dual-mode operation (cached browser token + direct fetch) bridged through a Vercel relay (#3217 — thanks @oyi77)
• codex: add Codex login via OpenAI's browser-driven device authorization flow, exposed as a shareable "Adicionar Externo" public link (/connect/codex/{token}) so a third party can complete the OpenAI device login without dashboard access (#3195 — thanks @zhiru)
• proxy: per-connection proxy distribution — proxy_enabled DB schema + Zod-validated resolution backend, automatic proxy-fallback selection when provider validation hits a network error, and a dashboard UI with per-connection toggles and a tag-filtered "Distribute Proxies" button (#3170, #3171, #3172 — thanks @pizzav-xyz)
• api: /v1/images/generations and /v1/images/edits now resolve a bare combo/alias model name (e.g. image) to its single image target, and /v1/images/edits forwards multipart edits to custom OpenAI-compatible providers' {base_url}/images/edits (also accepting JSON/data-URL edit input) instead of rejecting everything but chatgpt-web (#3214, #3215 — thanks @ngocquynh85)

🔧 Bug Fixes

• api: combo names sent to /v1/responses are no longer force-rewritten to codex/<name> — the Codex CLI WS→HTTP fallback rewrite now skips bare names that are combos, so combos (e.g. n8n-text, paid-premium) route correctly again instead of failing with "No credentials for provider: codex" (regression since v3.8.9) (#3227, #3233 — thanks @Marcus1Pierce, @Dima-Kal)
• antigravity: the agy gemini-3.1-pro-high/-low models now alias to the plain gemini-3.1-pro upstream id (the -high/-low suffix is rejected for gemini-3.x), and non-streaming upstream 4xx/5xx errors surface as real error bodies instead of being masked as an empty chat.completion envelope (#3229)
• auth: honor the effective REQUIRE_API_KEY feature flag (DB override > env > default) in client API auth instead of reading process.env directly, and align the route-local optional-auth checks (/v1/embeddings, /v1/web/fetch, /v1/combos, playground) with it (#3188 — thanks @xz-dev)
• oauth: use api.anthropic.com for the Claude OAuth token exchange so self-hosted VPS deployments are no longer blocked by Cloudflare Bot Management on console.anthropic.com (#3203, fixes #3192 — thanks @wilsonicdev)
• oauth: validate OAuth client IDs against resolvePublicCred so adding an Antigravity / Gemini CLI / AGY connection with the built-in public client no longer fails with a Google redirect_uri_mismatch (#3206 — thanks @juandisay)
• auto-combo: include zero-config OpenCode Free in auto/* virtual combos even with no provider_connections row, reusing the synthetic noauth connection id and routing through the oc/ prefix (#3189, fixes #3155 — thanks @wilsonicdev)
• sse: refine Kimi thinking-block handling and add regression tests for assistant tool-call replay (#3191 — thanks @bypanghu)
• openrouter: report the true upstream context_length for passthrough models instead of the 128K default — normalizeDiscoveredModels now reads context_length/top_provider.context_length (and max_completion_tokens for output) when inputTokenLimit is absent (#3202 — thanks @pulyankote)
• images: custom image-generation providers now use the provider node's base URL (providerSpecificData.baseUrl) and resolve the prefix/model form, instead of silently falling back to the Gemini endpoint (#3205 — thanks @ngocquynh85)
• docker: the container healthcheck now probes 127.0.0.1/localhost/::1 and prints the failure to stderr instead of swallowing it, fixing false "unhealthy" status when the server binds to a non-loopback address (#3151 — thanks @naimo84)
• docker: copy scripts/dev/healthcheck.mjs into the runner-base image — the Next.js standalone output doesn't trace it, so the HEALTHCHECK CMD ["node", "healthcheck.mjs"] probe silently exited 1 (#3201 — thanks @wilsonicdev)
• llama-cpp: fall back to the provider's local default base URL (127.0.0.1:8080/v1) when a local connection has no base URL set, instead of silently routing to OpenAI (residual of #3136) (#3197 — thanks @tjengbudi)
• provider-models: allow deleting synced/fetched models (e.g. llama-cpp) via DELETE /api/provider-models — the handler now clears the syncedAvailableModels namespace, not just customModels (#3204, fixes #3199 — thanks @wilsonicdev); and a deleted synced model now stays deleted across an auto-fetch re-import (the DELETE marks it hidden and the re-import skips hidden ids) (#3199 — thanks @tjengbudi)
• db/electron: fix Cannot find module 'better-sqlite3' crash when importing a database backup in the packaged Electron app (Windows installer) — the db-backups/import route now opens its integrity-check DB through the resilient driver factory (better-sqlite3 → node:sqlite → sql.js) instead of a static native import that is stripped from the standalone server bundle; a guard test prevents any API route from reintroducing a direct native import (#3025 — thanks @yeardie)
• dashboard: the home provider-topology graph now shows the friendly provider name instead of the internal UUID for custom providers — the label precedence let getProviderConfig's { name: providerId } fallback shadow the pre-resolved name (#3198 — thanks @tjengbudi)
• providers: NVIDIA key validation now probes the universally-available meta/llama-3.1-8b-instruct instead of the catalog's first model (z-ai/glm-5.1), which requires the "Public API Endpoints" account permission and could hang/be DEGRADED — making a valid key fail with a misleading "Upstream Error" (#3116 — thanks @miracuves)
• providers: NVIDIA NIM key validation no longer times out (504) — the probe bypasses the global undici fetch proxy patch (open-sse/utils/proxyFetch.ts) that is incompatible with NVIDIA's endpoint and made the request hang silently (#3226 — thanks @miracuves)
• dashboard: corrected two misleading provider credential hints — Grok Web now states both sso and sso-rw cookies are required (was just sso), and the Vertex AI Service Account field shows real instructional placeholder text instead of an untranslated stub across 40 locales (#3180, #3091 — thanks @YoursSweetDom, @Guru01100101)
• i18n: normalize dotted compliance.eventTypes keys into nested objects at load time so next-intl no longer throws INVALID_KEY: Namespace keys cannot contain "." (the same PR also corrects the Codex import-auth provider hint) (#3185 — thanks @zhiru; the same i18n bug was independently fixed by @androw in #3167, credited here as co-author)
• usage: route the agy provider's quota through the existing Antigravity usage implementation (register agy in USAGE_FETCHER_PROVIDERS, all four getUsageForProvider call sites + parseQuotaData + syncAntigravitySubscriptionIfNeeded) so it no longer falls through to "Usage API not implemented" (#3232, fixes #3230 — thanks @wilsonicdev)
• cli: show OpenCode Free in the Hermes Agent model picker even with no active connection — new optional alwaysIncludeProviders prop on ModelSelectModal (defaults to [], so other callers are unaffected) lets zero-config providers like opencode surface in the grouped list (#3240 — thanks @wilsonicdev)
• gemini: refresh the Gemini (AI Studio) static fallback so the provider tab exposes current 3.x / 2.5 models on first run, preserving the gemini-2.0-flash default ordering; the full catalog still comes from API sync once a key is added (#3241, fixes #3231 — thanks @wilsonicdev)

📝 Maintenance

• build: finish the build-output-isolation cleanup — assembleStandalone.mjs now derives both its async (syncStandalone*) and sync copy paths from a single NATIVE_ASSET_ENTRIES/EXTRA_MODULE_ENTRIES source of truth (previously two hand-maintained lists that could silently drift), guarded by a new parity test; and the Dockerfile drops 5 redundant per-module COPY overrides (@swc/helpers, pino-abstract-transport, pino-pretty, split2, migrations) now that assembleStandalone bundles them into the standalone regardless of NFT/Turbopack tracing (validated with a real Turbopack docker build + boot → /api/monitoring/health 200; better-sqlite3 stays explicit since only its native build/ is synced) (#3187 — thanks @diegosouzapw)
• combo: add a regression guard asserting the same-provider cascade is short-circuited by the connection-cooldown layer (#3200 — thanks @diegosouzapw)
• repo: housekeeping — ignore the generated coverage/ output dir and prune deprecated .agents/skills/* SKILL definitions superseded by the current workflow skills (thanks @diegosouzapw)

🙌 Contributors

Thanks to everyone whose work landed in v3.8.11:

What's Changed

• Fix/codex import auth by @zhiru in #3185
• refactor(build): single-source sidecar list + drop redundant Dockerfile COPYs by @diegosouzapw in #3187
• fix(auto-combo): include no-auth OpenCode Free by @wilsonicdev in #3189
• fix(auth): honor REQUIRE_API_KEY feature flag by @xz-dev in #3188
• feat(proxy): per-key proxy toggle backend with DB schema by @pizzav-xyz in #3170
• feat(proxy): auto-fallback proxy selection when validation fails by @pizzav-xyz in #3171
• feat(proxy): proxy toggle switches and distribute button UI by @pizzav-xyz in #3172
• fix(Oauth): validate client IDs against resolvePublicCred to correctly togg… by @juandisay in #3206
• fix(models): allow deleting synced/fetched models (e.g. llamacpp) via DELETE /api/provider-models by @wilsonicdev in #3204
• fix(oauth): use api.anthropic.com for Claude token exchange to avoid Cloudflare bot block on VPS by @wilsonicdev in #3203
• test(combo): guard same-provider cascade is handled by connection cooldown (#3200) by @diegosouzapw in #3194
• fix(openrouter): true context_length for passthrough models (#3202) by @diegosouzapw in #3207
• fix(images): use node base_url + resolve prefix for custom image providers (#3205) by @diegosouzapw in #3208
• fix(docker): healthcheck multi-host probe + surface errors (#3151) by @diegosouzapw in #3209
• fix(llama-cpp): local-default base URL fallback when none set (#3197) by @diegosouzapw in #3210
• fix(provider-models): keep a deleted synced model deleted across re-fetch (#3199) by @diegosouzapw in #3212
• docs(changelog): record the v3.8.11 issue-fix batch by @diegosouzapw in #3213
• fix(db): resolve better-sqlite3 import crash in packaged Electron app (#3025) by @diegosouzapw in #3218
• feat(api): combo/alias resolution + OpenAI-compatible edits for image routes (#3214, #3215) by @diegosouzapw in #3219
• docs(changelog): v3.8.11 issue-fix batch 2 (#3025, #3214/#3215) by @diegosouzapw in #3220
• fix(dashboard): home topology shows provider UUID instead of friendly name (#3198) by @diegosouzapw in #3222
• fix(providers): reliable NVIDIA key-validation probe model (#3116) by @diegosouzapw in #3223
• fix(dashboard): correct misleading grok/vertex credential hints (#3180, #3091) by @diegosouzapw in #3224
• docs(changelog): v3.8.11 deep-triage fixes (#3198/#3116/#3180/#3091) by @diegosouzapw in #3225
• feat(theoldllm): free provider with dual-mode (cached token + direct fetch) by @oyi77 in #3217
• fix(sse): refine kimi thinking handling and add unit tests by @bypanghu in #3191
• fix: NVIDIA NIM API key validation timeout (bypass proxy fetch patch) by @miracuves in #3226
• Feat/codex device flow by @zhiru in #3195
• fix(usage): route agy quota through Antigravity usage by @wilsonicdev in #3232
• fix(cli): show OpenCode Free in Hermes Agent picker by @wilsonicdev in #3240
• fix(gemini): refresh AI Studio model fallback by @wilsonicdev in #3241
• fix(api): combo names misrouted to codex/ on /v1/responses (#3227, #3233) by @diegosouzapw in #3244
• fix(antigravity): agy gemini-3.1-pro -high/-low 400 + masked-error (#3229) by @diegosouzapw in #3245
• docs(changelog): #3227/#3233 + #3229 by @diegosouzapw in #3246
• Release v3.8.11 by @diegosouzapw in #3190

New Contributors

• @zhiru made their first contribution in #3185
• @miracuves made their first contribution in #3226

Full Changelog: v3.8.10...v3.8.11