diegosouzapw/OmniRoute v3.8.7

on GitHub

[3.8.7] — 2026-05-29

✨ New Features

• api (self-service): add GET /api/v1/me/status so a delegated API key can view its own usage (USD used, budget percent, token totals) and optional shared Codex account quota, backed by migration 075_api_key_self_service_usage_scopes (#2908 — thanks @guanbear).
• analytics: roll up usage logs to daily_usage_summary before raw log cleanup, and query a SQL UNION of raw and rolled-up data to prevent analytics history data loss (#2904 — thanks @unitythemaker).
• perf (RAM): reduce server memory footprint by capping 11 in-memory caches, limiting SQLite page cache, lazy-loading provider registries via Proxy, and optimizing Next.js startup database probes (#2903 — thanks @soyelmismo).

🔧 Bug Fixes

• sse: guard against numeric or non-string upstream error codes and malformed model strings to prevent runtime string-method crashes in proxyFetch, parseModel, and combo routing (#2463)

• docker: add dedicated runner-web Docker stage with Playwright + Chromium + system libs so web-cookie providers (Gemini Web, Claude Turnstile) work in container deployments without bloating the base image (#2832)

• token-accounting: prefer prompt_tokens over compatibility input_tokens for Anthropic Claude streams to avoid double-counting cached tokens (#2904 — thanks @unitythemaker).

• agy: add the Antigravity CLI (agy) as a standalone OAuth provider next to gemini-cli/antigravity. It reuses the antigravity inference backend (identical Google client, daily-cloudcode-pa.googleapis.com) but ships its own model catalog — notably the Claude models the backend exposes (claude-opus-4-6-thinking, claude-sonnet-4-6) — its own account pool, and connection methods: import the agy CLI token file (paste/upload), auto-detect a local CLI login (~/.gemini/antigravity-cli/antigravity-oauth-token), browser OAuth, and bulk/ZIP import. New routes: POST /api/providers/agy-auth/{import,import-bulk,zip-extract,apply-local}.

Breaking Changes

• proxy-logs: GET /api/usage/proxy-logs now returns clientIp instead of publicIp for each log entry. External consumers reading log.publicIp must update to log.clientIp. The underlying SQLite column (public_ip) is unchanged, so callers that query the database directly are unaffected (#2880 — thanks @rdself).

Known Inconsistency

• log-export: GET /api/logs/export?type=proxy-logs returns raw SQLite rows whose IP field is still named public_ip (the historical column name). This differs from the clientIp field exposed by GET /api/usage/proxy-logs. The two endpoints are intentionally inconsistent for now and will be aligned in a future migration (#2880).

✨ New Features

• usage: add per-API-key token limits scoped to model/provider/global with two-tier inline enforcement and in-memory cache accelerator (#2888 — thanks @mugnimaestra).
• providers: audit web cookie providers, fix 4 missing registry entries, and add DuckDuckGo AI Chat provider (#2862 — thanks @oyi77).
• compression: expand pt-BR pack with 34 new rules inspired by the troglodita project (#2818 — thanks @leninejunior).

🔧 Bug Fixes

• oauth: hotfix Windsurf login — drop dead PKCE flow, promote import-token, and resolve SQLite bind type errors (#2884 — thanks @yunaamelia).
• models: prune stale synced available models for inactive connections and dynamically map Antigravity MITM aliases loop-safely (#2886 — thanks @herjarsa).
• antigravity: harden signatureless tool history replay by making text representation inert (#2878 — thanks @dhaern).
• i18n: complete 144 missing Portuguese (pt-BR) locale keys and synchronize them with English (#2870 — thanks @alltomatos).
• opencode-go: add OpenCode Go provider limits quota fetcher to retrieve Z.AI quota windows (#2861 — thanks @RajvardhanPatil07).
• reasoning: gate reasoning trace replay injection on model interleaved capability metadata (#2843 — thanks @nickwizard).
• audio: construct multipart body manually for transcription form-data to prevent dropped boundary headers under Next.js fetch (#2842 — thanks @soyelmismo).
• gemini-cli: prefer real Google Cloud project IDs over default-project during model synchronization (#2841 — thanks @nickwizard).
• mcp: redirect console.log and console.warn startup messages to stderr in stdio MCP mode to prevent JSON-RPC parsing failures (#2840 — thanks @disonjer).
• antigravity: normalize unescaped tool calls and classify resource exhaustion 429 errors as lockout cooldowns (#2828 — thanks @Ardem2025).
• sse: repair RTK engine defaults to resolve consecutive-line deduplication and direct compression calls (#2825 — thanks @leninejunior).
• fix(usage): add opencode-go / opencode / opencode-zen quota fetcher so the provider limits page surfaces $12/5h, $30/wk, $60/mo windows alongside other quota-aware providers (#2852 — thanks @apoapostolov)

What's Changed

• fix(opencode-go): route qwen3.x via claude messages + repair fixMissingToolResponses for Claude-shape upstreams by @jeferssonlemes in #2791
• fix: resolve npm install warnings — remove dead deps, relax engine constraint by @oyi77 in #2792
• fix: register missing web-cookie validators (claude-web, gemini-web, copilot-web, t3-web) by @oyi77 in #2793
• fix: Error: Unable to inspect existing database #2771 by @hartmark in #2795
• fix(oauth): repair Google loopback callback flow by @akarray in #2796
• feat(logs): add clean history button by @apoapostolov in #2799
• [codex] home: restore settings-driven home layout and quota auto-refresh by @apoapostolov in #2800
• fix(gemini): emit signaturelessToolCallMode:text for GEMINI format models by @herjarsa in #2801
• feat(modelSpecs): align opencode-go family with upstream provider limits by @jeferssonlemes in #2802
• feat(build): nix multi-OS package manager install by @levonk in #2806
• fix(i18n): translate 144 new MISSING pt-BR strings by @leninejunior in #2816
• fix(cli): respect PORT env var in serve command by @gogones in #2845
• fix(deepseek-web): return 400 when client sends tools[] (closes #2848) by @Tushar49 in #2854
• fix(qoder): reject invalid/expired PATs returning Cosy 500 error by @herjarsa in #2860
• fix(cli): register openclaw in tool-detector (#2833) by @diegosouzapw in #2850
• fix(api): include noAuth providers in /v1/models catalog (#2798) by @diegosouzapw in #2814
• fix(combo): resolve custom provider targets via combo name (#2778) by @diegosouzapw in #2812
• fix(translator): strip safety_identifier in openai-responses cleanup (#2770) by @diegosouzapw in #2809
• fix(quota): honor explicit per-connection preflight opt-out (#2831) by @diegosouzapw in #2844
• fix(usage): un-invert GitHub Copilot Free quota — limited_user_quotas is remaining (#2876) by @diegosouzapw in #2881
• fix(nous-research): correct baseUrl to include /chat/completions (#2826) by @diegosouzapw in #2835
• fix(opencode): qwen3.x max/plus models lack vision support (#2822) by @diegosouzapw in #2836
• fix(translator): pass-through tool_search built-in tool type (#2766) by @diegosouzapw in #2811
• fix(github): route claude-opus-4.6 via chat completions by @marchlhw in #2821
• fix(cli): replace cli-table3 with hand-rolled formatter (#2752) by @diegosouzapw in #2813
• fix(skills): skip interception for unregistered client-native tools (#2815) by @jeferssonlemes in #2817
• feat(sse): add RTK filters for kubectl, docker-build, composer, gh by @leninejunior in #2824
• fix(geminiHelper): support rec.image content shape + warn on dropped remote URLs (refs #2807) by @Tushar49 in #2855
• fix(cli): allow nullable/optional apiKey in cliMitmStartSchema by @herjarsa in #2857
• fix(combo): preserve system messages during context handoff summary generation by @herjarsa in #2865
• fix: wire CLIProxyAPI fallback settings into chatCore routing engine by @oyi77 in #2866
• fix(usage): add opencode quota fetcher (#2852) by @diegosouzapw in #2867
• feat(claude): default xhigh support for newer Opus models by @rdself in #2874
• fix(cli): restore omniroute logs command stream (#2756) by @diegosouzapw in #2810
• fix(combo): normalize upstream Headers for Node 24 undici interop (#2751) by @diegosouzapw in #2823
• Rename proxy log Public IP to Client IP by @rdself in #2880
• fix(claude): preserve max effort for supported models by @rdself in #2875
• feat(compression): expand pt-BR pack with troglodita rules (15 → 49) by @leninejunior in #2818
• fix(sse): repair RTK engine defaults so dedup and direct calls work by @leninejunior in #2825
• fix(mcp): redirect console.log/warn to stderr in --mcp stdio mode by @disonjer in #2840
• fix(gemini-cli): prefer real project IDs over default-project by @nickwizard in #2841
• fix(opencode-go): add provider limits quota fetcher by @RajvardhanPatil07 in #2861
• Audit & add web cookie providers: fix 4 missing registry entries + DuckDuckGo by @oyi77 in #2862
• fix(antigravity): harden signatureless tool history by @dhaern in #2878
• fix: provider model sync pruning and dynamic antigravity MITM proxy mappings by @herjarsa in #2886
• feat(usage): per-API-key token limits scoped to model/provider/global by @mugnimaestra in #2888
• fix(audio): build multipart body manually to preserve Content-Type by @soyelmismo in #2842
• fix(oauth): hotfix Windsurf login — drop dead PKCE flow, promote import-token by @yunaamelia in #2884
• i18n(pt-BR): complete missing translations and sync with en.json by @alltomatos in #2870
• fix(reasoning): gate replay by interleaved field by @nickwizard in #2843
• fix(antigravity): normalize tool calls and classify resource exhaustion as lockout by @Ardem2025 in #2828
• fix(security): mitigate Socket.dev supply-chain findings + cloud-sync hardening + minimal build profile (#2863) by @diegosouzapw in #2871
• fix(security): redact public Firebase Web key (secret-scanning #7) + document SHA-256 cache-key (code-scanning #261) by @diegosouzapw in #2894
• fix(ci): resolve release/v3.8.6 gate failures (docs-sync, any-budget, pack-artifact) by @diegosouzapw in #2895
• feat(combo): Zero-Latency Combos (Hedging, Proactive Compression, Predictive TTFT) by @herjarsa in #2868
• feat(api,oauth): add agy (Antigravity CLI) standalone provider with CLI token import by @diegosouzapw in #2899
• fix(security): redact public Firebase Web key from windsurf spec by @diegosouzapw in #2896
• Pr 2871 by @diegosouzapw in #2897
• fix(gitlawb): add specialty validators for connection test — bypass /models probe by @oyi77 in #2837
• feat: Unlimited LLM Access — 7 new providers + research catalog + discovery tool by @oyi77 in #2887
• Add self-service API key usage status by @guanbear in #2908
• Fix analytics history and log token accounting by @unitythemaker in #2904
• perf(ram): reduce server memory footprint by @soyelmismo in #2903
• Release/v3.8.6 by @diegosouzapw in #2910
• Release/v3.8.7 by @diegosouzapw in #2909
• fix(dashboard): theme ReactFlow Controls +/- buttons for dark mode by @apoapostolov in #2914
• chore(deps): bump actions/download-artifact from 4 to 8 by @dependabot[bot] in #2922
• chore(deps): bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in #2921
• chore(deps): bump actions/setup-node from 4 to 6 by @dependabot[bot] in #2920
• Release v3.8.7 by @diegosouzapw in #2919
• docs(i18n): sync 41 llm.txt mirrors to v3.8.7 by @diegosouzapw in #2924
• URGENT: Fix Docker release build failure for v3.8.7 by @rdself in #2926

New Contributors

• @levonk made their first contribution in #2806
• @gogones made their first contribution in #2845
• @Tushar49 made their first contribution in #2854
• @marchlhw made their first contribution in #2821
• @RajvardhanPatil07 made their first contribution in #2861
• @mugnimaestra made their first contribution in #2888
• @yunaamelia made their first contribution in #2884
• @Ardem2025 made their first contribution in #2828

Full Changelog: v3.8.6...v3.8.7