- Replace BaseHTTPMiddleware with pure ASGI implementation in plugin middleware for better streaming response handling
- Add trusted proxy count configuration for client IP extraction in reverse proxy environments
- Implement audit log cleanup scheduler with configurable retention period
- Replace plaintext token logging with SHA256 hash fingerprints for security
- Fix database session lifecycle management in middleware
- Improve request tracing and error logging throughout the system
- Add comprehensive tests for pipeline architecture
- Add 'enabled' field to ProxyConfig for preserving config when disabled
- Mask proxy password in API responses (return '***' instead of actual password)
- Preserve existing password on update when new password not provided
- Add URL encoding for proxy credentials (handle special chars like @, :, /)
- Enhanced URL validation: block SOCKS4, require valid host, forbid embedded auth
- UI improvements: use Switch component, dynamic password placeholder
- Add confirmation dialog for orphaned credentials (URL empty but has username/password)
- Prevent browser password autofill with randomized IDs and CSS text-security
- Unify ProxyConfig type definition in types.ts
- Add proxy field to ProviderEndpoint database model with migration
- Add ProxyConfig Pydantic model for proxy URL validation
- Extend HTTP client pool with create_client_with_proxy method
- Integrate proxy configuration in chat_handler_base.py and cli_handler_base.py
- Update admin API endpoints to support proxy configuration CRUD
- Add proxy configuration UI in frontend EndpointFormDialog
Fixes#28
- Enhance error classifier to properly handle API key failures with fallback support
- Add error reason/code parsing for better AWS and multi-provider compatibility
- Improve error message structure detection for non-standard formats
- Refactor file logging with size-based rotation (100MB) instead of daily
- Optimize production logging by disabling backtrace and diagnose
- Clean up model validation and remove redundant configurations
- Remove unused context.py module (replaced by request.state)
- Remove provider_cache.py (no longer needed)
- Unify environment loading in config/settings.py instead of __init__.py
- Add deprecation warning for get_async_db() (consolidating on sync Session)
- Enhance database.py documentation with comprehensive transaction strategy
- Simplify audit logging to reuse request-level Session (no separate connections)
- Extract UsageService._build_usage_params() helper to reduce code duplication
- Update model and user cache implementations with refined transaction handling
- Remove unnecessary sessionmaker from pipeline
- Clean up audit service exception handling
- Replace user cache queries with direct database queries to ensure data consistency
- Fix token_type parameter in verify_token calls (access token verification)
- Fix role-based permission check using dictionary ranking instead of string comparison
- Fix logout operation to use correct JWT claim name (user_id instead of sub)
- Simplify user authentication flow by removing unnecessary cache layer
- Optimize session initialization in main.py using create_session helper
- Remove unused imports and exception variables
- Improve database pool capacity logging with detailed configuration parameters
- Optimize database session dependency injection with middleware-managed lifecycle
- Simplify plugin middleware by delegating session creation to FastAPI dependencies
- Fix import path in auth routes (relative to absolute)
- Add safety checks for database session management across middleware exception handlers
- Ensure session cleanup only when not managed by middleware (avoid premature cleanup)
Add comprehensive import/export endpoints for:
- Provider and model configuration (with key decryption for export)
- User data and API keys (preserving encrypted data)
Includes merge modes (skip/overwrite/error) for conflict handling,
10MB size limit for imports, and automatic cache invalidation.
Also fix optional field in GlobalModelResponse tiered_pricing.
- Add OFFICIAL_PROVIDERS set to mark first-party vendors in models.dev
- Implement official provider marking function with cache compatibility
- Extend model metadata with family, context_limit, output_limit fields
- Improve frontend model selection UI with wider panel and better search
- Add dark mode support for provider logos
- Optimize scrollbar styling for model lists
- Update deployment documentation with clearer migration steps
- Add extract_cache_creation_tokens utility to handle new/old cache creation token formats
- Implement defensive update strategy in StreamContext to prevent zero values overwriting valid data
- Simplify cache creation token parsing in Claude handler using new utility
- Add comprehensive test suite for cache creation token extraction
- Improve type hints in handler classes
- Handle both old and new aliases when invalidating cache during model updates
- Preserve cache info before deletion to properly invalidate after deletion
- Clear both Redis and in-memory caches on model changes
- Pass provider_model_name to invalidate_model_cache() when creating models
- Pass provider_model_aliases to invalidate_model_cache() when updating models
- Ensures alias-based resolve cache keys are properly cleared on model changes
- Use 'is not None' instead of truthiness check for allowed_api_formats
- Use 'is not None' instead of truthiness check for allowed_models
- Use 'is not None' instead of truthiness check for allowed_providers
- Use 'is not None' check for allowed_endpoints to distinguish empty list from None
- Fixes issue where empty whitelist (empty list) was incorrectly treated as no restriction
- Add provider_model_name and provider_model_aliases to invalidate_model_cache()
- Clear resolve cache keys for both model name and aliases when invalidating
- Also clear resolve cache in invalidate_global_model_cache() for GlobalModel names
- Handle SQLite gracefully by catching OperationalError and ProgrammingError
- Optimize fallback query to pre-filter by provider_model_name when JSONB fails
- Replace direct GlobalModel.name lookup with ModelCacheService.resolve_global_model_by_name_or_alias()
- Support model aliases in source_model parameter
- Leverage model resolution caching for better performance
- Use ModelCacheService.resolve_global_model_by_name_or_alias() for model lookups
- Support both requested model name and resolved GlobalModel name in validation
- Track resolved_model_name for proper allow_models checking
- Improve model availability checks to handle alias resolution
- Fix transient/detached object handling in global_model merge
- Add more descriptive debug logs for alias resolution mismatches
- Clean up code formatting (line length, imports organization)
- Add resolve_global_model_by_name_or_alias() supporting direct match and alias lookup
- Support both provider_model_name and provider_model_aliases matching
- Implement caching for resolved models with TTL
- Add conflict detection when alias maps to multiple GlobalModels
- Record resolution metrics: method, cache hits, duration, conflicts
- Fallback to Python-level filtering for non-PostgreSQL databases
- Add cache invalidation methods for GlobalModel
- Add models_service.py with model query logic and caching
- Add models.py unified endpoint supporting Claude/OpenAI/Gemini formats
- Auto-detect API format based on request headers
- Support /v1/models and /v1beta/models (Gemini) paths
- Update route registration and comments
- Configure hatch-vcs for automatic version generation from git tags
- Update pyproject.toml to use dynamic versioning
- Add src/_version.py for runtime version access
- Update src/__init__.py to import version from _version
- Add __APP_VERSION__ to frontend vite config
- Add version script to frontend package.json
- Update CI workflows to trigger on version tags instead of branches
- Use app timezone instead of UTC for date calculations in dashboard routes
- Ensure consistency between stats_daily.date and timezone-aware comparisons
- Fix date calculations in cleanup scheduler to handle DST correctly
- Update log message in stats aggregator to use business date
