🐛 Patch Changes
- b28f714: Docker hardening Phase 3 follow-ups: add a 64MB cap to the manifest container's
/tmptmpfs, raisepids_limitfrom 256 to 512, and switch the healthcheck from BusyBoxwgetto anode -e fetch(...)invocation that's guaranteed to exist in the runtime image. Narrow the Dockerfile'snode_modules*.mdcleanup toREADME*only so packages that read nested markdown at runtime (e.g.js-yamlschema docs) keep working. Gate/api/v1/public/{usage,free-models,provider-tokens}behindMANIFEST_PUBLIC_STATS=true(default off, returns 404) so self-hosted instances don't leak aggregate stats to unauthenticated callers. Detect non-chat callers in the proxy exception filter and thechat/completionscatch block viabody.stream === true/Accept: text/event-stream; non-chat clients now receive real401/400/500HTTP statuses with a structured error envelope while chat UIs continue to get the friendly HTTP-200 envelope. Rewriteog:url/og:imagein the SPA'sindex.htmlfromBETTER_AUTH_URLat boot so self-hosters' shared link previews show their own URL instead ofapp.manifest.build. Add astatusquery parameter to/api/v1/messages(ok,error,rate_limited,fallback_error, orerrorsfor the union of the three error variants) so the dashboard can offer an "errors only" toggle. Add.github/workflows/docker-smoke.ymlthat boots the production compose stack withread_only: true, waits for/api/v1/health, and tears down — guards against future code that silently writes to disk. - b9011ae: Fix deleted custom providers continuing to intercept every request (#1603). Specificity routing now validates that an override model is still available before using it, and deleting a custom provider now also clears orphan references in specificity assignments and fallback-model lists. A one-time migration cleans existing orphaned references from the database so previously affected agents recover automatically.