chore(release): v3.2.2 — Four-Stage Request Logs & Bugfixes

Merge branch 'codex/request-log-pipeline-json'
test: align pipeline integration assertions
2026-03-28 22:11:22 -03:00 · 2026-03-28 22:09:34 -03:00 · 2026-03-28 22:09:27 -03:00 · 2026-03-28 22:09:27 -03:00 · 2026-03-28 22:09:27 -03:00 · 2026-03-28 22:07:20 -03:00
427 changed files with 98435 additions and 6733 deletions
@@ -0,0 +1,39 @@
+---
+description: Deploy the latest OmniRoute code to the Akamai VPS (69.164.221.35)
+---
+
+# Deploy to Akamai VPS Workflow
+
+Deploy OmniRoute to the Akamai VPS using `npm pack + scp` + PM2.
+
+**Akamai VPS:** `69.164.221.35`
+**Process manager:** PM2 (`omniroute`)
+**Port:** `20128`
+
+## Steps
+
+### 1. Build + pack locally
+
+// turbo
+
+```bash
+cd /home/diegosouzapw/dev/proxys/9router && npm run build:cli && npm pack --ignore-scripts
+```
+
+### 2. Copy to Akamai VPS and install
+
+// turbo-all
+
+```bash
+scp omniroute-*.tgz root@69.164.221.35:/tmp/
+```
+
+```bash
+ssh root@69.164.221.35 "npm install -g /tmp/omniroute-*.tgz --ignore-scripts && cd /usr/lib/node_modules/omniroute/app && npm rebuild better-sqlite3 && pm2 delete omniroute 2>/dev/null; pm2 start /root/.omniroute/ecosystem.config.cjs --update-env && pm2 save && echo '✅ Akamai done'"
+```
+
+### 3. Verify the deployment
+
+```bash
+curl -s -o /dev/null -w 'AKAMAI HTTP %{http_code}\n' http://69.164.221.35:20128/
+```
@@ -0,0 +1,49 @@
+---
+description: Deploy the latest OmniRoute code to BOTH the Akamai VPS and the Local VPS
+---
+
+# Deploy to VPS (Both) Workflow
+
+Deploy OmniRoute to the production VPSs using `npm pack + scp` + PM2.
+
+**Akamai VPS:** `69.164.221.35`
+**Local VPS:** `192.168.0.15`
+**Process manager:** PM2 (`omniroute`)
+**Port:** `20128`
+**PM2 entry:** `/usr/lib/node_modules/omniroute/app/server.js`
+
+> [!IMPORTANT]
+> The npm registry rejects packages > 100MB, so deployment uses **npm pack + scp**.
+
+## Steps
+
+### 1. Build + pack locally
+
+// turbo
+
+```bash
+cd /home/diegosouzapw/dev/proxys/9router && npm run build:cli && npm pack --ignore-scripts
+```
+
+### 2. Copy to both VPS and install
+
+// turbo-all
+
+```bash
+scp omniroute-*.tgz root@69.164.221.35:/tmp/ && scp omniroute-*.tgz root@192.168.0.15:/tmp/
+```
+
+```bash
+ssh root@69.164.221.35 "npm install -g /tmp/omniroute-*.tgz --ignore-scripts && cd /usr/lib/node_modules/omniroute/app && npm rebuild better-sqlite3 && pm2 delete omniroute 2>/dev/null; pm2 start /root/.omniroute/ecosystem.config.cjs --update-env && pm2 save && echo '✅ Akamai done'"
+```
+
+```bash
+ssh root@192.168.0.15 "npm install -g /tmp/omniroute-*.tgz --ignore-scripts && cd /usr/lib/node_modules/omniroute/app && npm rebuild better-sqlite3 && pm2 delete omniroute 2>/dev/null; pm2 start /root/.omniroute/ecosystem.config.cjs --update-env && pm2 save && echo '✅ Local done'"
+```
+
+### 3. Verify the deployment
+
+```bash
+curl -s -o /dev/null -w 'AKAMAI HTTP %{http_code}\n' http://69.164.221.35:20128/
+curl -s -o /dev/null -w 'LOCAL HTTP %{http_code}\n' http://192.168.0.15:20128/
+```
@@ -0,0 +1,39 @@
+---
+description: Deploy the latest OmniRoute code to the Local VPS (192.168.0.15)
+---
+
+# Deploy to Local VPS Workflow
+
+Deploy OmniRoute to the Local VPS using `npm pack + scp` + PM2.
+
+**Local VPS:** `192.168.0.15`
+**Process manager:** PM2 (`omniroute`)
+**Port:** `20128`
+
+## Steps
+
+### 1. Build + pack locally
+
+// turbo
+
+```bash
+cd /home/diegosouzapw/dev/proxys/9router && npm run build:cli && npm pack --ignore-scripts
+```
+
+### 2. Copy to Local VPS and install
+
+// turbo-all
+
+```bash
+scp omniroute-*.tgz root@192.168.0.15:/tmp/
+```
+
+```bash
+ssh root@192.168.0.15 "npm install -g /tmp/omniroute-*.tgz --ignore-scripts && cd /usr/lib/node_modules/omniroute/app && npm rebuild better-sqlite3 && pm2 delete omniroute 2>/dev/null; pm2 start /root/.omniroute/ecosystem.config.cjs --update-env && pm2 save && echo '✅ Local done'"
+```
+
+### 3. Verify the deployment
+
+```bash
+curl -s -o /dev/null -w 'LOCAL HTTP %{http_code}\n' http://192.168.0.15:20128/
+```
@@ -1,102 +0,0 @@
---
-description: Deploy the latest OmniRoute code to the Akamai VPS (69.164.221.35) via npm
---
-
-# Deploy to VPS Workflow
-
-Deploy OmniRoute to the production VPS using `npm pack + scp` + PM2.
-
-**VPS:** `69.164.221.35` (Akamai, Ubuntu 24.04, 1GB RAM + 2.5GB swap)
-**Local VPS:** `192.168.0.15` (same setup)
-**Process manager:** PM2 (`omniroute`)
-**Port:** `20128`
-**PM2 entry:** `/usr/lib/node_modules/omniroute/app/server.js`
-
-> [!IMPORTANT]
-> PM2 runs from the global npm package at `/usr/lib/node_modules/omniroute`.
-> The Next.js standalone build is at `app/server.js` inside that directory.
-> The npm registry rejects packages > 100MB, so deployment uses **npm pack + scp**.
-
-> [!CAUTION]
-> **NEVER** use `pm2 restart omniroute` after `npm install -g`. This drops env vars.
-> Always use `pm2 delete omniroute && pm2 start <ecosystem.config.cjs> --update-env`.
-> After `npm install -g`, always rebuild better-sqlite3: `cd .../app && npm rebuild better-sqlite3`
-
-## Steps
-
-### 1. Build + pack locally
-
-Run the full build (includes hash-strip patch) and create the .tgz:
-
-// turbo
-
-```bash
-cd /home/diegosouzapw/dev/proxys/9router && npm run build:cli && npm pack --ignore-scripts
-```
-
-### 2. Copy to both VPS and install
-
-// turbo-all
-
-```bash
-scp omniroute-*.tgz root@69.164.221.35:/tmp/ && scp omniroute-*.tgz root@192.168.0.15:/tmp/
-```
-
-```bash
-ssh root@69.164.221.35 "npm install -g /tmp/omniroute-*.tgz --ignore-scripts && cd /usr/lib/node_modules/omniroute/app && npm rebuild better-sqlite3 && pm2 delete omniroute 2>/dev/null; pm2 start /root/.omniroute/ecosystem.config.cjs --update-env && pm2 save && echo '✅ Akamai done'"
-```
-
-```bash
-ssh root@192.168.0.15 "npm install -g /tmp/omniroute-*.tgz --ignore-scripts && cd /usr/lib/node_modules/omniroute/app && npm rebuild better-sqlite3 && pm2 delete omniroute 2>/dev/null; pm2 start /root/.omniroute/ecosystem.config.cjs --update-env && pm2 save && echo '✅ Local done'"
-```
-
-### 3. Verify the deployment
-
-```bash
-ssh root@69.164.221.35 "pm2 list && cat \$(npm root -g)/omniroute/app/package.json | grep version | head -1 && curl -s -o /dev/null -w 'HTTP %{http_code}' http://localhost:20128/"
-```
-
-```bash
-ssh root@192.168.0.15 "pm2 list && cat \$(npm root -g)/omniroute/app/package.json | grep version | head -1 && curl -s -X POST http://localhost:20128/api/auth/login -H 'Content-Type: application/json' -d '{\"password\":\"123456\"}'"
-```
-
-Expected: PM2 shows `online`, version matches, login returns `{"success":true}`.
-
-## How it works
-
-1. `npm run build:cli` builds Next.js standalone → `app/` and strips Turbopack hashed require() calls from chunks
-2. `npm pack --ignore-scripts` packages without re-running the build
-3. `scp` transfers the .tgz to each VPS (~286MB)
-4. `npm install -g /tmp/omniroute-*.tgz --ignore-scripts` installs pre-built package
-5. `npm rebuild better-sqlite3` recompiles native bindings for the VPS Node.js version
-6. `pm2 delete` + `pm2 start ecosystem.config.cjs --update-env` restarts with env vars
-7. `pm2 save` persists the process list for reboot survival
-
-## Ecosystem Config
-
-Both VPSs have `ecosystem.config.cjs` at `/root/.omniroute/ecosystem.config.cjs`.
-This file defines env vars (PORT, DATA_DIR, INITIAL_PASSWORD, OAuth secrets, etc.)
-that `pm2 restart` does NOT inject — only `pm2 start --update-env` does.
-
-## PM2 Setup (one-time — if reconfiguring from scratch)
-
-```bash
-ssh root@<VPS> "
-  pm2 delete omniroute 2>/dev/null;
-  cd /usr/lib/node_modules/omniroute/app && npm rebuild better-sqlite3 &&
-  pm2 start /root/.omniroute/ecosystem.config.cjs --update-env &&
-  pm2 save && pm2 startup
-"
-```
-
-> [!NOTE]
-> Ensure `/root/.omniroute/ecosystem.config.cjs` exists with all required env vars.
-> For fresh installs, copy from the existing VPS or create from the template in `.env`.
-
-## Notes
-
- Env vars are in `/root/.omniroute/ecosystem.config.cjs` (NOT `.env` in app dir)
- PM2 is configured with `pm2 startup` to auto-restart on reboot
- Nginx proxies `omniroute.online` → `localhost:20128`
- The VPS has only 1GB RAM — builds happen locally, never on the VPS
- After `npm install -g`, `better-sqlite3` MUST be rebuilt in the `app/` subdir
@@ -0,0 +1,118 @@
+---
+description: Read all open GitHub Discussions, summarize them, respond to pending ones, and create issues from actionable feature requests
+---
+
+# /review-discussions — GitHub Discussions Review & Response Workflow
+
+## Overview
+
+This workflow reads all open GitHub Discussions, generates a categorized summary, identifies which ones need a response, drafts and posts replies, and optionally creates issues from actionable feature requests. It follows the same flow used for Issues but adapted for the Discussions forum.
+
+// turbo-all
+
+## Steps
+
+### 1. Identify the GitHub Repository
+
+- Run: `git -C <project_root> remote get-url origin` to extract the owner/repo
+- Parse the owner and repo name from the URL
+
+### 2. Fetch All Open Discussions
+
+- Use `read_url_content` to fetch `https://github.com/<owner>/<repo>/discussions`
+- Parse the discussion list to get all discussion titles, IDs, authors, categories, and dates
+- For each discussion, fetch the individual page to read the full content and all comments/replies
+
+### 3. Summarize All Discussions
+
+For each discussion, extract:
+
+- **Title** and **#Number**
+- **Author** (GitHub username)
+- **Category** (Announcements, General, Ideas, Q&A, Show and tell)
+- **Date** created
+- **Summary** of the original post (1-2 sentences)
+- **Comments count** and key participants
+- **Your previous response** (if any)
+- **Pending action** — whether a response or follow-up is needed
+
+### 4. Present Summary Report to User
+
+Present the full summary to the user organized by category, using a table:
+
+| #   | Category | Title | Author | Date   | Status            |
+| --- | -------- | ----- | ------ | ------ | ----------------- |
+| #N  | Ideas    | Title | @user  | Mar 23 | ⚠️ Needs response |
+| #N  | Q&A      | Title | @user  | Mar 9  | ✅ Answered       |
+| #N  | General  | Title | @user  | Mar 19 | ⚠️ Needs response |
+
+Highlight:
+
+- **⚠️ Needs response** — No reply from maintainer, or a follow-up comment was left unanswered
+- **✅ Answered** — Maintainer already responded
+- **🐛 Bug reported** — A bug was mentioned that needs tracking
+- **💡 Actionable** — Contains a concrete feature request that could become an issue
+
+### 5. Draft & Post Responses
+
+For each discussion that needs a response, draft a reply following these guidelines:
+
+#### Response Style
+
+- **Friendly and professional** — Start with "Hey @username!"
+- **Acknowledge the contribution** — Thank the user for their input
+- **Be specific** — Reference existing features, settings, or dashboard pages if the feature already exists
+- **Provide workarounds** — If the request isn't implemented yet, suggest current alternatives
+- **Commit to action** — If the request is valid, state that you'll open an issue or add it to the roadmap
+- **Keep it concise** — 3-5 paragraphs max
+
+#### Posting via Browser
+
+- Use `browser_subagent` to navigate to each discussion and post the comment
+- **IMPORTANT**: When typing text in GitHub comment boxes via the browser, use only plain ASCII characters:
+  - Use regular hyphens `-` instead of em-dashes
+  - Use `->` instead of arrow symbols
+  - Do NOT use emoji Unicode characters (the browser keyboard may fail on them)
+  - Use `**bold**` and `\`code\`` markdown formatting
+- Click the green "Comment" button (or "Reply" for threaded replies) after typing
+- Verify the comment was posted by checking the page shows the new comment
+
+### 6. Create Issues from Actionable Feature Requests
+
+For discussions that contain concrete, actionable feature requests:
+
+1. Ask the user which ones should become issues
+2. For each approved request, create a GitHub issue via `browser_subagent`:
+   - Navigate to `https://github.com/<owner>/<repo>/issues/new`
+   - **Title**: `<Feature Name> - <Short description>`
+   - **Body** should include:
+     - `## Feature Request` header
+     - `**Source:** Discussion #N by @author`
+     - `## Problem` — What limitation the user hit
+     - `## Proposed Solution` — How it could work
+     - `### Implementation Ideas` — Technical approach
+     - `### Current Workarounds` — What users can do today
+     - `## Additional Context` — Links to related issues/discussions
+   - Add `enhancement` label
+   - Click "Submit new issue" / "Create"
+3. After creation, go back to the original discussion and post a comment linking to the new issue:
+   - "I've opened Issue #N to track this feature request. Follow along there for updates!"
+
+### 7. Final Report
+
+Present a final summary to the user:
+
+| Discussion | Action Taken                       |
+| ---------- | ---------------------------------- |
+| #N — Title | Responded with workarounds         |
+| #N — Title | Responded + created Issue #N       |
+| #N — Title | Already answered, no action needed |
+| #N — Title | Responded to follow-up comment     |
+
+## Notes
+
+- This workflow is **interactive** — always present the summary and wait for user approval before posting responses or creating issues
+- If the user says "pode responder" (or similar approval), proceed with posting all drafted responses
+- For discussions in non-English languages, respond in the same language as the original post
+- Always reference specific dashboard paths, config options, or code files when explaining existing features
+- When a discussion reveals a bug, note it separately from feature requests
@@ -0,0 +1,145 @@
+name: Bug Report
+description: Report a bug or unexpected behavior in OmniRoute
+title: "[BUG] "
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to report a bug. Please fill out the sections below so we can reproduce and fix the issue.
+
+  - type: input
+    id: version
+    attributes:
+      label: OmniRoute Version
+      description: "Run `omniroute --version` or check the left sidebar in the dashboard."
+      placeholder: "e.g. 3.0.9"
+    validations:
+      required: true
+
+  - type: dropdown
+    id: install-method
+    attributes:
+      label: Installation Method
+      options:
+        - npm (global)
+        - Docker / Docker Compose
+        - Electron desktop app
+        - Built from source
+    validations:
+      required: true
+
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      options:
+        - Windows
+        - macOS
+        - Linux
+    validations:
+      required: true
+
+  - type: input
+    id: os-version
+    attributes:
+      label: OS Version
+      placeholder: "e.g. Windows 11 23H2, macOS 15.3, Ubuntu 24.04"
+    validations:
+      required: false
+
+  - type: input
+    id: node-version
+    attributes:
+      label: Node.js Version
+      description: "Run `node --version`. Skip if using Docker."
+      placeholder: "e.g. 22.12.0"
+    validations:
+      required: false
+
+  - type: input
+    id: provider
+    attributes:
+      label: Provider(s) Involved
+      description: "Which AI provider(s) does this affect?"
+      placeholder: "e.g. Antigravity, OpenRouter, Ollama, Qwen"
+    validations:
+      required: false
+
+  - type: input
+    id: model
+    attributes:
+      label: Model(s) Involved
+      placeholder: "e.g. claude-sonnet-4-20250514, gpt-4o, gemini-2.5-pro"
+    validations:
+      required: false
+
+  - type: input
+    id: client-tool
+    attributes:
+      label: Client Tool
+      description: "Which tool are you using OmniRoute with?"
+      placeholder: "e.g. Claude Code, Cursor, Roo Code, OpenClaw, Gemini CLI, cURL"
+    validations:
+      required: false
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: "A clear description of what the bug is."
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to Reproduce
+      description: "Step-by-step instructions to reproduce the behavior."
+      placeholder: |
+        1. Go to '...'
+        2. Click on '...'
+        3. See error
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+      description: "What did you expect to happen?"
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Behavior
+      description: "What actually happened?"
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Error Logs / Output
+      description: "Paste any relevant error messages, logs, or terminal output. This will be automatically formatted as code."
+      render: shell
+    validations:
+      required: false
+
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots
+      description: "If applicable, add screenshots to help explain the problem. Please also include the text of any error messages above — screenshots alone are not searchable."
+    validations:
+      required: false
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: "Any other context about the problem (e.g. proxy config, number of accounts, network setup)."
+    validations:
+      required: false
@@ -0,0 +1,5 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Question / Help
+    url: https://github.com/diegosouzapw/OmniRoute/discussions
+    about: For questions or help with setup, please use GitHub Discussions instead of opening an issue.
@@ -0,0 +1,70 @@
+name: Feature Request
+description: Suggest a new feature or improvement for OmniRoute
+title: "[Feature] "
+labels: ["enhancement"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for suggesting a feature! Please describe the problem you're trying to solve and how you'd like it to work.
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem / Use Case
+      description: "What problem does this feature solve? Why do you need it?"
+      placeholder: "I'm trying to ... but currently ..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: Proposed Solution
+      description: "How would you like this to work?"
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+      description: "Have you considered any workarounds or alternative approaches?"
+    validations:
+      required: false
+
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      description: "Which part of OmniRoute does this relate to?"
+      multiple: true
+      options:
+        - Dashboard / UI
+        - Proxy / Routing
+        - Provider Support
+        - CLI Tools Integration
+        - OAuth / Authentication
+        - Analytics / Usage Tracking
+        - Docker / Deployment
+        - Documentation
+        - Other
+    validations:
+      required: true
+
+  - type: input
+    id: provider
+    attributes:
+      label: Related Provider(s)
+      description: "If this relates to specific providers, list them."
+      placeholder: "e.g. Antigravity, OpenRouter, Ollama"
+    validations:
+      required: false
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: "Any other context, mockups, or references."
+    validations:
+      required: false
@@ -29,7 +29,7 @@ jobs:
        uses: docker/setup-qemu-action@v4

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4

      - name: Login to Docker Hub
        uses: docker/login-action@v4
@@ -37,6 +37,13 @@ jobs:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
      - name: Extract version from release tag or input
        id: version
        run: |
@@ -59,6 +66,8 @@ jobs:
          tags: |
            ${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}
            ${{ env.IMAGE_NAME }}:latest
+            ghcr.io/diegosouzapw/omniroute:${{ steps.version.outputs.version }}
+            ghcr.io/diegosouzapw/omniroute:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max
          no-cache: false
@@ -201,3 +201,13 @@ jobs:
            release-assets/*.source.zip
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  publish-npm:
+    name: Publish to npm
+    needs: [validate, release]
+    uses: ./.github/workflows/npm-publish.yml
+    with:
+      version: ${{ needs.validate.outputs.version }}
+      tag: latest
+    secrets:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -6,9 +6,31 @@ on:
  workflow_dispatch:
    inputs:
      version:
-        description: "Version tag to publish (e.g. 2.6.0)"
+        description: "Version to publish (e.g. 2.9.5 or 3.0.0-rc.15)"
        required: true
        type: string
+      tag:
+        description: "npm dist-tag (latest / next)"
+        required: false
+        default: "latest"
+        type: choice
+        options:
+          - latest
+          - next
+  workflow_call:
+    inputs:
+      version:
+        description: "Version to publish (without v prefix)"
+        required: true
+        type: string
+      tag:
+        description: "npm dist-tag (latest / next)"
+        required: false
+        default: "latest"
+        type: string
+    secrets:
+      NPM_TOKEN:
+        required: true

 permissions:
  contents: read
@@ -31,16 +53,35 @@ jobs:
      - name: Install dependencies (skip scripts to avoid heavy build)
        run: npm install --ignore-scripts --no-audit --no-fund

-      - name: Sync version from release tag or input
+      - name: Resolve version and dist-tag
+        id: resolve
        run: |
-          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
-            VERSION="${{ inputs.version }}"
-          else
-            VERSION="${GITHUB_REF_NAME}"
-            VERSION="${VERSION#v}"
+          case "${{ github.event_name }}" in
+            workflow_dispatch|workflow_call)
+              VERSION="${{ inputs.version }}"
+              TAG="${{ inputs.tag }}"
+              ;;
+            release)
+              VERSION="${GITHUB_REF_NAME}"
+              ;;
+          esac
+          # Strip v prefix if present
+          VERSION="${VERSION#v}"
+          # Default dist-tag logic
+          if [ -z "$TAG" ]; then
+            if [[ "$VERSION" == *-* ]]; then
+              TAG="next"
+            else
+              TAG="latest"
+            fi
          fi
-          npm version "$VERSION" --no-git-tag-version --allow-same-version
-          echo "Publishing version: $VERSION"
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+          echo "📦 Publishing omniroute@$VERSION with tag=$TAG"
+
+      - name: Sync package.json version
+        run: |
+          npm version "${{ steps.resolve.outputs.version }}" --no-git-tag-version --allow-same-version

      - name: Build CLI bundle (standalone app)
        env:
@@ -49,12 +90,36 @@ jobs:

      - name: Publish to npm
        run: |
-          VERSION=$(node -p "require('./package.json').version")
+          VERSION="${{ steps.resolve.outputs.version }}"
+          TAG="${{ steps.resolve.outputs.tag }}"
          # Check if this version is already published — skip instead of failing with E403
          if npm view "omniroute@${VERSION}" version --silent 2>/dev/null | grep -q "^${VERSION}$"; then
-            echo "️⚠️ Version ${VERSION} is already published on npm — skipping."
+            echo "⚠️ Version ${VERSION} is already published on npm — skipping."
            exit 0
          fi
-          npm publish --access public
+          if [ "$TAG" = "latest" ]; then
+            npm publish --access public
+          else
+            npm publish --access public --tag "$TAG"
+          fi
+          echo "✅ Published omniroute@$VERSION (tag: $TAG)"
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Publish to GitHub Packages
+        run: |
+          VERSION="${{ steps.resolve.outputs.version }}"
+          TAG="${{ steps.resolve.outputs.tag }}"
+          
+          echo "Configuring for GitHub Packages..."
+          echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > .npmrc
+          npm pkg set name="@diegosouzapw/omniroute"
+          
+          if [ "$TAG" = "latest" ]; then
+            npm publish --registry=https://npm.pkg.github.com || echo "⚠️ Version ${VERSION} might already be published on GitHub."
+          else
+            npm publish --registry=https://npm.pkg.github.com --tag "$TAG" || echo "⚠️ Version ${VERSION} might already be published on GitHub."
+          fi
+          echo "✅ Action finished for GitHub Packages"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -89,6 +89,7 @@ docs/*
 !docs/MCP-SERVER.md
 !docs/CLI-TOOLS.md

+
 # open-sse tests
 open-sse/test/*

@@ -111,6 +112,7 @@ app.log

 # Backup directories
 app.__qa_backup/
+.app-build-backup-*/

 # Production standalone build (created by scripts/prepublish.mjs)
 # Conflicts with Next.js App Router detection in dev (root app/ shadows src/app/)
@@ -130,3 +132,6 @@ vscode-extension/
 *.sqlite-shm
 *.sqlite-wal
 *.sqlite-journal
+
+# Compiled npm-package build artifact (not source, should not be in git)
+/app
@@ -49,19 +49,22 @@ but the real logic lives in `src/lib/db/`.

 Translation between provider formats: `open-sse/translator/`

+**Upstream model extra headers** (`compatByProtocol` / custom models): merged in executors after default auth; **same header name replaces** the executor value (e.g. custom `Authorization` overrides Bearer). In `open-sse/handlers/chatCore.ts`, the primary request merges headers for **both** the client model id and `resolveModelAlias(clientModel)` (resolved id wins on key conflicts). **T5 intra-family fallback** recomputes headers using only the fallback model id and `resolveModelAlias(fallback)` so sibling models do not inherit another model’s headers. Forbidden header names live in `src/shared/constants/upstreamHeaders.ts` — keep sanitize (`models.ts`), Zod (`schemas.ts`), and unit tests aligned when editing that list.
+
 ### MCP Server (`open-sse/mcp-server/`)

 16 tools for AI agent control via **3 transport modes**:
+
 - **stdio** — Local IDE integration (Claude Desktop, Cursor, VS Code)
 - **SSE** — Remote Server-Sent Events at `/api/mcp/sse`
 - **Streamable HTTP** — Modern bidirectional HTTP at `/api/mcp/stream`

 HTTP transports run in-process via `httpTransport.ts` singleton using `WebStandardStreamableHTTPServerTransport`.

-| Category   | Tools                                                                                                                     |
-| ---------- | ------------------------------------------------------------------------------------------------------------------------- |
-| Essential  | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog` |
-| Advanced   | `simulate_route`, `set_budget_guard`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot` |
+| Category  | Tools                                                                                                                                                                |
+| --------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Essential | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog`                               |
+| Advanced  | `simulate_route`, `set_budget_guard`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot` |

 - Scoped authorization (9 scopes), audit logging, Zod schemas
 - IDE configs for Claude Desktop, Cursor, VS Code Copilot
@@ -79,25 +82,26 @@ Agent-to-Agent v0.3 protocol:
 ### Auto-Combo Engine (`open-sse/services/autoCombo/`)

 Self-healing routing optimization:
+
 - 6-factor scoring, 4 mode packs, bandit exploration
 - Progressive cooldown, probe-based re-admission

 ### Dashboard (`src/app/(dashboard)/`)

-| Page                         | Description                                                    |
-| ---------------------------- | -------------------------------------------------------------- |
-| `/dashboard`                 | Home with quick start, provider overview                       |
-| `/dashboard/endpoint`        | **Endpoints** (tabbed): Endpoint Proxy, MCP, A2A, API Endpoints |
-| `/dashboard/providers`       | Provider management and connections                            |
-| `/dashboard/combos`          | Combo configurations with routing strategies                   |
-| `/dashboard/logs`            | Request, Proxy, Audit, Console logs (tabbed)                   |
-| `/dashboard/analytics`       | Usage analytics and evaluations                                |
-| `/dashboard/costs`           | Cost tracking and breakdown                                    |
-| `/dashboard/health`          | Uptime, circuit breakers, latency                              |
-| `/dashboard/cli-tools`       | CLI tool integrations (Claude, Codex, Antigravity, etc.)       |
-| `/dashboard/media`           | Image, Video, Music generation playground                      |
-| `/dashboard/settings`        | System settings with multiple tabs                             |
-| `/dashboard/api-manager`     | API key management with model permissions                      |
+| Page                     | Description                                                     |
+| ------------------------ | --------------------------------------------------------------- |
+| `/dashboard`             | Home with quick start, provider overview                        |
+| `/dashboard/endpoint`    | **Endpoints** (tabbed): Endpoint Proxy, MCP, A2A, API Endpoints |
+| `/dashboard/providers`   | Provider management and connections                             |
+| `/dashboard/combos`      | Combo configurations with routing strategies                    |
+| `/dashboard/logs`        | Request, Proxy, Audit, Console logs (tabbed)                    |
+| `/dashboard/analytics`   | Usage analytics and evaluations                                 |
+| `/dashboard/costs`       | Cost tracking and breakdown                                     |
+| `/dashboard/health`      | Uptime, circuit breakers, latency                               |
+| `/dashboard/cli-tools`   | CLI tool integrations (Claude, Codex, Antigravity, etc.)        |
+| `/dashboard/media`       | Image, Video, Music generation playground                       |
+| `/dashboard/settings`    | System settings with multiple tabs                              |
+| `/dashboard/api-manager` | API key management with model permissions                       |

 ### OAuth & Tokens (`src/lib/oauth/`)

@@ -114,6 +114,7 @@ npm run test:fixes        # Fix verification tests

 # With coverage
 npm run test:coverage
+npm run coverage:report

 # E2E tests (requires Playwright)
 npm run test:e2e
@@ -123,7 +124,13 @@ npm run lint
 npm run check
 ```

-Current test status: **368+ unit tests** covering:
+Coverage notes:
+
+- `npm run test:coverage` measures source coverage for the main unit test suite, excludes `tests/**`, and includes `open-sse/**`
+- `npm run coverage:report` prints the detailed file-by-file report from the latest coverage run
+- `npm run test:coverage:legacy` preserves the older metric for historical comparison
+
+Current test status: **968+ unit tests** covering:

 - Provider translators and format conversion
 - Rate limiting, circuit breaker, and resilience
@@ -0,0 +1,166 @@
+# Test Coverage Plan
+
+Last updated: 2026-03-28
+
+## Baseline
+
+There are multiple coverage numbers depending on how the report is computed. For planning, only one of them is useful.
+
+| Metric               | Scope                                                 | Statements / Lines | Branches | Functions | Notes                                               |
+| -------------------- | ----------------------------------------------------- | -----------------: | -------: | --------: | --------------------------------------------------- |
+| Legacy               | Old `npm run test:coverage`                           |             79.42% |   75.15% |    67.94% | Inflated: counts test files and excludes `open-sse` |
+| Diagnostic           | Source-only, excluding tests and excluding `open-sse` |             68.16% |   63.55% |    64.06% | Useful only to isolate `src/**`                     |
+| Recommended baseline | Source-only, excluding tests and including `open-sse` |             56.95% |   66.05% |    57.80% | This is the project-wide baseline to improve        |
+
+The recommended baseline is the number to optimize against.
+
+## Rules
+
+- Coverage targets apply to source files, not to `tests/**`.
+- `open-sse/**` is part of the product and must remain in scope.
+- New code should not reduce coverage in touched areas.
+- Prefer testing behavior and branch outcomes over implementation details.
+- Prefer temp SQLite databases and small fixtures over broad mocks for `src/lib/db/**`.
+
+## Current command set
+
+- `npm run test:coverage`
+  - Main source coverage gate for the unit test suite
+  - Generates `text-summary`, `html`, `json-summary`, and `lcov`
+- `npm run coverage:report`
+  - Detailed file-by-file report from the latest run
+- `npm run test:coverage:legacy`
+  - Historical comparison only
+
+## Milestones
+
+| Phase   |                 Target | Focus                                             |
+| ------- | ---------------------: | ------------------------------------------------- |
+| Phase 1 | 60% statements / lines | Quick wins and low-risk utility coverage          |
+| Phase 2 | 65% statements / lines | DB and route foundations                          |
+| Phase 3 | 70% statements / lines | Provider validation and usage analytics           |
+| Phase 4 | 75% statements / lines | `open-sse` translators and helpers                |
+| Phase 5 | 80% statements / lines | `open-sse` handlers and executor branches         |
+| Phase 6 | 85% statements / lines | Harder edge cases, branch debt, regression suites |
+| Phase 7 | 90% statements / lines | Final sweep, gap closure, strict ratchet          |
+
+Branches and functions should ratchet upward with each phase, but the primary hard target is statements / lines.
+
+## Priority hotspots
+
+These files or areas offer the best return for the next phases:
+
+1. `open-sse/handlers`
+   - `chatCore.ts` at 7.57%
+   - Overall directory at 29.07%
+2. `open-sse/translator/request`
+   - Overall directory at 36.39%
+   - Many translators are still near single-digit coverage
+3. `open-sse/translator/response`
+   - Overall directory at 8.07%
+4. `open-sse/executors`
+   - Overall directory at 36.62%
+5. `src/lib/db`
+   - `models.ts` at 20.66%
+   - `registeredKeys.ts` at 34.46%
+   - `modelComboMappings.ts` at 36.25%
+   - `settings.ts` at 46.40%
+   - `webhooks.ts` at 33.33%
+6. `src/lib/usage`
+   - `usageHistory.ts` at 21.12%
+   - `usageStats.ts` at 9.56%
+   - `costCalculator.ts` at 30.00%
+7. `src/lib/providers`
+   - `validation.ts` at 41.16%
+8. Low-risk utility and API files for early gains
+   - `src/shared/utils/upstreamError.ts`
+   - `src/shared/utils/apiAuth.ts`
+   - `src/lib/api/errorResponse.ts`
+   - `src/app/api/settings/require-login/route.ts`
+   - `src/app/api/providers/[id]/models/route.ts`
+
+## Execution checklist
+
+### Phase 1: 56.95% -> 60%
+
+- [x] Fix coverage metric so it reflects source code instead of test files
+- [x] Keep a legacy coverage script for comparison
+- [x] Record the baseline and hotspots in-repo
+- [ ] Add focused tests for low-risk utilities:
+  - `src/shared/utils/upstreamError.ts`
+  - `src/shared/utils/fetchTimeout.ts`
+  - `src/lib/api/errorResponse.ts`
+  - `src/shared/utils/apiAuth.ts`
+  - `src/lib/display/names.ts`
+- [ ] Add route tests for:
+  - `src/app/api/settings/require-login/route.ts`
+  - `src/app/api/providers/[id]/models/route.ts`
+
+### Phase 2: 60% -> 65%
+
+- [ ] Add DB-backed tests for:
+  - `src/lib/db/modelComboMappings.ts`
+  - `src/lib/db/settings.ts`
+  - `src/lib/db/registeredKeys.ts`
+- [ ] Cover branch behavior in:
+  - `src/lib/providers/validation.ts`
+  - `src/app/api/v1/embeddings/route.ts`
+  - `src/app/api/v1/moderations/route.ts`
+
+### Phase 3: 65% -> 70%
+
+- [ ] Add usage analytics tests for:
+  - `src/lib/usage/usageHistory.ts`
+  - `src/lib/usage/usageStats.ts`
+  - `src/lib/usage/costCalculator.ts`
+- [ ] Expand route coverage for proxy management and settings branches
+
+### Phase 4: 70% -> 75%
+
+- [ ] Cover translator helpers and central translation paths:
+  - `open-sse/translator/index.ts`
+  - `open-sse/translator/helpers/*`
+  - `open-sse/translator/request/*`
+  - `open-sse/translator/response/*`
+
+### Phase 5: 75% -> 80%
+
+- [ ] Add handler-level tests for:
+  - `open-sse/handlers/chatCore.ts`
+  - `open-sse/handlers/responsesHandler.js`
+  - `open-sse/handlers/imageGeneration.js`
+  - `open-sse/handlers/embeddings.js`
+- [ ] Add executor branch coverage for provider-specific auth, retries, and endpoint overrides
+
+### Phase 6: 80% -> 85%
+
+- [ ] Merge more edge-case suites into the main coverage path
+- [ ] Increase function coverage for DB modules with weak constructor/helper coverage
+- [ ] Close branch gaps in `settings.ts`, `registeredKeys.ts`, `validation.ts`, and translator helpers
+
+### Phase 7: 85% -> 90%
+
+- [ ] Treat the remaining low-coverage files as blockers
+- [ ] Add regression tests for every uncovered production bug fixed during the push to 90%
+- [ ] Raise the coverage gate in CI only after the local baseline is stable for at least two consecutive runs
+
+## Ratchet policy
+
+Update `npm run test:coverage` thresholds only after the project actually exceeds the next milestone with a comfortable buffer.
+
+Recommended ratchet sequence:
+
+1. 55/60/55
+2. 60/62/58
+3. 65/64/62
+4. 70/66/66
+5. 75/70/72
+6. 80/75/78
+7. 85/80/84
+8. 90/85/88
+
+Order is `statements-lines / branches / functions`.
+
+## Known gap
+
+The current coverage command measures the main Node unit suite and includes source reached from it, including `open-sse`. It does not yet merge Vitest coverage into a single unified report. That merge is worth doing later, but it is not a blocker for starting the 60% -> 80% climb.
@@ -1,13 +1,17 @@
 FROM node:22-bookworm-slim AS builder
 WORKDIR /app

+RUN apt-get update \
+  && apt-get install -y --no-install-recommends libsecret-1-0 \
+  && rm -rf /var/lib/apt/lists/*
+
 COPY package*.json ./
 COPY scripts/postinstall.mjs ./scripts/postinstall.mjs
 COPY scripts/native-binary-compat.mjs ./scripts/native-binary-compat.mjs
 RUN if [ -f package-lock.json ]; then npm ci --no-audit --no-fund; else npm install --no-audit --no-fund; fi

 COPY . ./
-RUN mkdir -p /app/data && npm run build
+RUN mkdir -p /app/data && npm run build -- --webpack

 FROM node:22-bookworm-slim AS runner-base
 WORKDIR /app
@@ -25,6 +29,9 @@ ENV NODE_OPTIONS="--max-old-space-size=256"

 # Data directory inside Docker — must match the volume mount in docker-compose.yml
 ENV DATA_DIR=/app/data
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends libsecret-1-0 \
+  && rm -rf /var/lib/apt/lists/*
 RUN mkdir -p /app/data

 COPY --from=builder /app/public ./public
@@ -2,7 +2,7 @@

 ### Never stop coding. Smart routing to **FREE & low-cost AI models** with automatic fallback.

-_Your universal API proxy — one endpoint, 44+ providers, zero downtime. Now with **MCP & A2A** agent orchestration._
+_Your universal API proxy — one endpoint, 67+ providers, zero downtime. Now with **MCP & A2A** agent orchestration._

 **Chat Completions • Embeddings • Image Generation • Video • Music • Audio • Reranking • **Web Search** • MCP Server • A2A Protocol • 100% TypeScript**

@@ -11,7 +11,9 @@ _Your universal API proxy — one endpoint, 44+ providers, zero downtime. Now wi
 <div align="center">

 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
+[![npm downloads](https://img.shields.io/npm/dm/omniroute?color=cb3837&logo=npm&label=npm%20downloads)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
+[![Docker Pulls](https://img.shields.io/docker/pulls/diegosouzapw/omniroute?logo=docker&color=2496ED&label=docker%20pulls)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
 [![Website](https://img.shields.io/badge/Website-omniroute.online-blue?logo=google-chrome&logoColor=white)](https://omniroute.online)
 [![WhatsApp](https://img.shields.io/badge/WhatsApp-Community-25D366?logo=whatsapp&logoColor=white)](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
@@ -24,6 +26,28 @@ _Your universal API proxy — one endpoint, 44+ providers, zero downtime. Now wi

 ---

+## 🆕 What's New in v3.0.0
+
+> **Upgrading from v2.9.5?** — See the [full CHANGELOG](CHANGELOG.md#300--2026-03-22-release-candidate--not-yet-merged-to-main) for all changes.
+
+| Area                         | Change                                                                                                                                                                    |
+| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**       | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection remediation                                                                               |
+| ✅ **Route Validation**      | All 176 API routes now validated with Zod schemas + `validateBody()` — CI `check:route-validation:t06` passes                                                             |
+| 🐛 **omniModel Tag Leak**    | Internal `<omniModel>` tags no longer leak to clients in SSE streaming responses (#585)                                                                                   |
+| 🔑 **Registered Keys API**   | Auto-provision API keys via `POST /api/v1/registered-keys` with per-provider/account quota enforcement, idempotency, SHA-256 storage, and optional GitHub issue reporting |
+| 🎨 **Provider Icons**        | 130+ provider logos via `@lobehub/icons` (SVG) with PNG → generic fallback chain                                                                                          |
+| 🔄 **Model Auto-Sync**       | 24h scheduler and manual UI toggle to sync model lists for built-in and custom OpenAI-compatible providers                                                                |
+| 🌐 **OpenCode Zen/Go**       | Two new providers from @kang-heewon via PR #530: free tier + subscription tier via `OpencodeExecutor`                                                                     |
+| 🐛 **Gemini CLI OAuth**      | Actionable error when `GEMINI_OAUTH_CLIENT_SECRET` is missing in Docker (was cryptic Google error)                                                                        |
+| 🐛 **OpenCode config**       | `saveOpenCodeConfig()` now correctly writes TOML to `XDG_CONFIG_HOME`                                                                                                     |
+| 🐛 **Pinned model override** | `body.model` correctly set to `pinnedModel` on context-cache protection                                                                                                   |
+| 🐛 **Codex/Claude loop**     | `tool_result` blocks now converted to text to stop infinite loops                                                                                                         |
+| 🐛 **Login redirect**        | Login no longer freezes after skipping password setup                                                                                                                     |
+| 🐛 **Windows paths**         | MSYS2/Git-Bash paths (`/c/...`) normalized to `C:\...` automatically                                                                                                      |
+
+---
+
 ## 🖼️ Main Dashboard

 <div align="center">
@@ -234,7 +258,7 @@ OpenAI uses one format, Claude (Anthropic) uses another, Gemini yet another. If

 **How OmniRoute solves it:**

- **Unified Endpoint** — A single `http://localhost:20128/v1` serves as proxy for all 44+ providers
+- **Unified Endpoint** — A single `http://localhost:20128/v1` serves as proxy for all 67+ providers
 - **Format Translation** — Automatic and transparent: OpenAI ↔ Claude ↔ Gemini ↔ Responses API
 - **Response Sanitization** — Strips non-standard fields (`x_groq`, `usage_breakdown`, `service_tier`) that break OpenAI SDK v1.83+
 - **Role Normalization** — Converts `developer` → `system` for non-OpenAI providers; `system` → `user` for GLM/ERNIE
@@ -320,7 +344,7 @@ Developers use Cursor, Claude Code, Codex CLI, OpenClaw, Gemini CLI, Kilo Code..
 - **CLI Tools Dashboard** — Dedicated page with one-click setup for Claude Code, Codex CLI, OpenClaw, Kilo Code, Antigravity, Cline
 - **GitHub Copilot Config Generator** — Generates `chatLanguageModels.json` for VS Code with bulk model selection
 - **Onboarding Wizard** — Guided 4-step setup for first-time users
- **One endpoint, all models** — Configure `http://localhost:20128/v1` once, access 44+ providers
+- **One endpoint, all models** — Configure `http://localhost:20128/v1` once, access 67+ providers

 </details>

@@ -716,7 +740,7 @@ Outcome: deep fallback depth for deadline-critical workloads

 **Point any IDE/CLI to:** `http://localhost:20128/v1` · API Key: `any-string` · Done.

-> **Optional extra coverage (also free):** Groq API key (30 RPM free), NVIDIA NIM (40 RPM free, 70+ models), Cerebras (1M tok/day).
+> **Optional extra coverage (also free):** Groq API key (30 RPM free), NVIDIA NIM (40 RPM free, 70+ models), Cerebras (1M tok/day), LongCat API key (50M tokens/day!), Cloudflare Workers AI (10K Neurons/day, 50+ models).

 ## ⚡ Quick Start

@@ -852,6 +876,35 @@ docker compose --profile base up -d
 docker compose --profile cli up -d
 ```

+**Using Docker Compose with Caddy (HTTPS Auto-TLS):**
+
+OmniRoute can be securely exposed using Caddy's automatic SSL provisioning. Ensure your domain's DNS A record points to your server's IP.
+
+```yaml
+services:
+  omniroute:
+    image: diegosouzapw/omniroute:latest
+    container_name: omniroute
+    restart: unless-stopped
+    volumes:
+      - omniroute-data:/app/data
+    environment:
+      - PORT=20128
+      - NEXT_PUBLIC_BASE_URL=https://your-domain.com
+
+  caddy:
+    image: caddy:latest
+    container_name: caddy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    command: caddy reverse-proxy --from https://your-domain.com --to http://omniroute:20128
+
+volumes:
+  omniroute-data:
+```
+
 | Image                    | Tag      | Size   | Description           |
 | ------------------------ | -------- | ------ | --------------------- |
 | `diegosouzapw/omniroute` | `latest` | ~250MB | Latest stable release |
@@ -921,18 +974,28 @@ When minimized, OmniRoute lives in your system tray with quick actions:
 | **🆓 FREE**         | iFlow                       | **$0**                    | Unlimited        | 5 models unlimited                |
 |                     | Qwen                        | **$0**                    | Unlimited        | 4 models unlimited                |
 |                     | Kiro                        | **$0**                    | Unlimited        | Claude Sonnet/Haiku (AWS Builder) |
+|                     | LongCat Flash-Lite 🆕       | **$0** (50M tok/day 🔥)   | 1 RPS            | Largest free quota on Earth       |
+|                     | Pollinations AI 🆕          | **$0** (no key needed)    | 1 req/15s        | GPT-5, Claude, DeepSeek, Llama 4  |
+|                     | Cloudflare Workers AI 🆕    | **$0** (10K Neurons/day)  | ~150 resp/day    | 50+ models, global edge           |
+|                     | Scaleway AI 🆕              | **$0** (1M tokens total)  | Rate limited     | EU/GDPR, Qwen3 235B, Llama 70B    |

 > 🆕 **New models added (Mar 2026):** Grok-4 Fast family at $0.20/$0.50/M (benchmarked at 1143ms — 30% faster than Gemini 2.5 Flash), GLM-5 via Z.AI with 128K output, MiniMax M2.5 reasoning, DeepSeek V3.2 updated pricing, Kimi K2.5 via Moonshot direct API.

 **💡 $0 Combo Stack — The Complete Free Setup:**

 ```
-Gemini CLI (180K/mo free)
-  → iFlow (unlimited: kimi-k2-thinking, qwen3-coder-plus, deepseek-r1)
-  → Kiro (Claude Sonnet 4.5 + Haiku — unlimited, via AWS Builder ID)
-  → Qwen (4 models — unlimited)
-  → Groq (14.4K req/day — ultra-fast)
-  → NVIDIA NIM (70+ models — 40 RPM forever)
+# 🆓 Ultimate Free Stack 2026 — 11 Providers, $0 Forever
+Kiro (kr/)             → Claude Sonnet/Haiku UNLIMITED
+iFlow (if/)            → kimi-k2-thinking, qwen3-coder-plus, deepseek-r1 UNLIMITED
+LongCat Lite (lc/)     → LongCat-Flash-Lite — 50M tokens/day 🔥
+Pollinations (pol/)    → GPT-5, Claude, DeepSeek, Llama 4 — no key needed
+Qwen (qw/)             → qwen3-coder-plus, qwen3-coder-flash, qwen3-coder-next UNLIMITED
+Gemini (gemini/)       → Gemini 2.5 Flash — 1,500 req/day free API key
+Cloudflare AI (cf/)    → Llama 70B, Gemma 3, Mistral — 10K Neurons/day
+Scaleway (scw/)        → Qwen3 235B, Llama 70B — 1M free tokens (EU)
+Groq (groq/)           → Llama/Gemma ultra-fast — 14.4K req/day
+NVIDIA NIM (nvidia/)   → 70+ open models — 40 RPM forever
+Cerebras (cerebras/)   → Llama/Qwen world-fastest — 1M tok/day
 ```

 **Zero cost. Never stops coding.** Configure this as one OmniRoute combo and all fallbacks happen automatically — no manual switching ever.
@@ -1003,19 +1066,66 @@ Available free: `llama-3.3-70b`, `llama-3.1-8b`, `deepseek-r1-distill-llama-70b`

 Available free: `llama-3.3-70b-versatile`, `gemma2-9b-it`, `mixtral-8x7b`, `whisper-large-v3`

-> **💡 The Ultimate Free Stack:**
+### 🔴 LONGCAT AI (Free API Key — longcat.chat) 🆕
+
+| Model                         | Prefix | Daily Free Quota  | Notes                   |
+| ----------------------------- | ------ | ----------------- | ----------------------- |
+| `LongCat-Flash-Lite`          | `lc/`  | **50M tokens** 💥 | Largest free quota ever |
+| `LongCat-Flash-Chat`          | `lc/`  | 500K tokens       | Multi-turn chat         |
+| `LongCat-Flash-Thinking`      | `lc/`  | 500K tokens       | Reasoning / CoT         |
+| `LongCat-Flash-Thinking-2601` | `lc/`  | 500K tokens       | Jan 2026 version        |
+| `LongCat-Flash-Omni-2603`     | `lc/`  | 500K tokens       | Multimodal              |
+
+> 100% free while in public beta. Sign up at [longcat.chat](https://longcat.chat) with email or phone. Resets daily 00:00 UTC.
+
+### 🟢 POLLINATIONS AI (No API Key Required) 🆕
+
+| Model      | Prefix | Rate Limit | Provider Behind    |
+| ---------- | ------ | ---------- | ------------------ |
+| `openai`   | `pol/` | 1 req/15s  | GPT-5              |
+| `claude`   | `pol/` | 1 req/15s  | Anthropic Claude   |
+| `gemini`   | `pol/` | 1 req/15s  | Google Gemini      |
+| `deepseek` | `pol/` | 1 req/15s  | DeepSeek V3        |
+| `llama`    | `pol/` | 1 req/15s  | Meta Llama 4 Scout |
+| `mistral`  | `pol/` | 1 req/15s  | Mistral AI         |
+
+> ✨ **Zero friction:** No signup, no API key. Add the Pollinations provider with an empty key field and it works immediately.
+
+### 🟠 CLOUDFLARE WORKERS AI (Free API Key — cloudflare.com) 🆕
+
+| Tier | Daily Neurons | Equivalent Usage                        | Notes                   |
+| ---- | ------------- | --------------------------------------- | ----------------------- |
+| Free | **10,000**    | ~150 LLM resp / 500s audio / 15K embeds | Global edge, 50+ models |
+
+Popular free models: `@cf/meta/llama-3.3-70b-instruct`, `@cf/google/gemma-3-12b-it`, `@cf/openai/whisper-large-v3-turbo` (free audio!), `@cf/qwen/qwen2.5-coder-15b-instruct`
+
+> Requires API Token + Account ID from [dash.cloudflare.com](https://dash.cloudflare.com). Store Account ID in provider settings.
+
+### 🟣 SCALEWAY AI (1M Free Tokens — scaleway.com) 🆕
+
+| Tier | Free Quota    | Location     | Notes                               |
+| ---- | ------------- | ------------ | ----------------------------------- |
+| Free | **1M tokens** | 🇫🇷 Paris, EU | No credit card needed within limits |
+
+Available free: `qwen3-235b-a22b-instruct-2507` (Qwen3 235B!), `llama-3.1-70b-instruct`, `mistral-small-3.2-24b-instruct-2506`, `deepseek-v3-0324`
+
+> EU/GDPR compliant. Get API key at [console.scaleway.com](https://console.scaleway.com).
+
+> **💡 The Ultimate Free Stack (11 Providers, $0 Forever):**
 >
 > ```
-> Kiro (Claude, unlimited)
->  → iFlow (5 models, unlimited)
->  → Qwen (4 models, unlimited)
->  → Gemini CLI (180K/mo)
->  → Cerebras (1M tok/day)
->  → Groq (14.4K req/day)
->  → NVIDIA NIM (40 RPM, 70+ models)
+> Kiro (kr/)             → Claude Sonnet/Haiku UNLIMITED
+> iFlow (if/)            → kimi-k2-thinking, qwen3-coder-plus, deepseek-r1 UNLIMITED
+> LongCat Lite (lc/)     → LongCat-Flash-Lite — 50M tokens/day 🔥
+> Pollinations (pol/)    → GPT-5, Claude, DeepSeek, Llama 4 — no key needed
+> Qwen (qw/)             → qwen3-coder models UNLIMITED
+> Gemini (gemini/)       → Gemini 2.5 Flash — 1,500 req/day free
+> Cloudflare AI (cf/)    → 50+ models — 10K Neurons/day
+> Scaleway (scw/)        → Qwen3 235B, Llama 70B — 1M free tokens (EU)
+> Groq (groq/)           → Llama/Gemma — 14.4K req/day ultra-fast
+> NVIDIA NIM (nvidia/)   → 70+ open models — 40 RPM forever
+> Cerebras (cerebras/)   → Llama/Qwen world-fastest — 1M tok/day
 > ```
->
-> Configure this as an OmniRoute combo and you'll never pay for AI again.

 ## 🎙️ Free Transcription Combo

@@ -1157,6 +1267,8 @@ OmniRoute v2.0 is built as an operational platform, not just a relay proxy.
 | 🎮 **Model Playground**       | Test any provider/model/endpoint from the dashboard      |
 | 🔏 **CLI Fingerprint Toggle** | Per-provider fingerprint matching in Settings > Security |
 | 🌐 **i18n (30 languages)**    | Full dashboard + docs language support with RTL coverage |
+| 🧹 **Clear All Models**       | One-click model list clearing in provider details        |
+| 📋 **Issue Templates**        | Standardized GitHub templates for bugs and features      |
 | 📂 **Custom Data Directory**  | `DATA_DIR` override for storage location                 |

 ### Feature Deep Dive
@@ -1,374 +0,0 @@
-# ZWS_README_V4 — 启动性能优化：HMR 泄漏修复与 Turbopack 迁移
-
-## 一、如何发现问题
-
-### 现象
-
- `npm run dev` 后，首次打开浏览器白屏等待 **5-22 秒**不等。
- 运行一段时间后 Node 进程内存飙升至 **2.4 GB**，触发 Next.js 内存阈值保护强制重启。
- 重启后 `Ready in 82.6s`（正常冷启动仅 3.4s），之后每个页面首次编译需 **7-28 秒**。
- 日志中大量重复输出，单次会话内：
-  - `[DB] SQLite database ready` 出现 **485 次**
-  - `[HealthCheck] Starting proactive token health-check` 出现 **586 次**
-  - `[CREDENTIALS] No external credentials file found` 出现 **432 次**
-
-### 排查过程
-
-1. **Terminal 日志分析**：统计关键日志出现次数，发现 DB 连接和 HealthCheck 定时器被反复创建。
-2. **代码审计**：追踪到所有受影响模块使用 `let initialized = false` 作为单例守卫——这在 Next.js dev 模式的 Webpack HMR 下会被重置。
-3. **对比**：`apiBridgeServer.ts` 使用了 `globalThis.__omnirouteApiBridgeStarted`，在日志中无重复初始化，验证了 `globalThis` 方案的有效性。
-4. **内存快照**：通过 `Get-Process node` 观察到两个 node 进程分别占用 1.7GB 和 1.0GB。
-5. **编译时间分析**：日志中 `compile:` 字段显示 Webpack 编译每个路由需 2-26 秒，对比 Turbopack 应在 0.5-3 秒。
-
---
-
-## 二、根因分析
-
-### 根因 1（P0）：模块级单例在 HMR 中丢失
-
-Next.js dev 模式下，Webpack HMR 会重新执行被修改（或依赖链变化）的模块。模块级 `let` 变量在每次重新执行时被重置为初始值。
-
-```typescript
-// 修复前 — 每次 HMR 重新执行时 _db 重置为 null
-let _db: SqliteDatabase | null = null;
-
-export function getDbInstance() {
-  if (_db) return _db; // HMR 后这里永远 false
-  // ... 重新打开一个新的 DB 连接（旧连接泄漏）
-}
-```
-
-**受影响的模块与泄漏类型：**
-
-| 模块                    | 泄漏资源               | 累计次数 | 后果                    |
-| ----------------------- | ---------------------- | -------- | ----------------------- |
-| `db/core.ts`            | SQLite 连接            | 485      | 文件句柄泄漏 + 内存占用 |
-| `tokenHealthCheck.ts`   | `setInterval` 定时器   | 586      | CPU 空转 + DB 查询风暴  |
-| `localHealthCheck.ts`   | `setTimeout` 定时器链  | ~400     | 重复 HTTP 请求 + CPU    |
-| `consoleInterceptor.ts` | console 方法包装       | ~400     | 日志 double-write       |
-| `gracefulShutdown.ts`   | SIGTERM/SIGINT handler | ~400     | 信号处理器堆叠          |
-
-**级联效应**：泄漏的资源持续消耗内存和 CPU → 触发 Next.js 内存阈值保护 → 进程重启 → Webpack 从零重建模块图 → **Ready in 82.6s**。
-
-### 根因 2（P0）：强制使用 Webpack 而非 Turbopack
-
-`scripts/run-next.mjs` 中硬编码了 `--webpack` 标志：
-
-```javascript
-if (mode === "dev") {
-  args.splice(2, 0, "--webpack");
-}
-```
-
-Next.js 16 默认使用 Turbopack（Rust 编写的增量打包器），dev 编译速度是 Webpack 的 5-10 倍。强制回退到 Webpack 导致：
-
-| 指标                    | Webpack | Turbopack（预期） |
-| ----------------------- | ------- | ----------------- |
-| 首页编译                | 3.7s    | ~0.5s             |
-| Provider 详情页首次编译 | 22s     | ~2-3s             |
-| API route 首次编译      | 2-7s    | ~0.3-1s           |
-| 内存重启后 Ready        | 82.6s   | 不会触发          |
-
-### 根因 3（P1）：`node:crypto` 被拉入客户端 bundle
-
-`src/lib/db/proxies.ts` 使用了 `import { randomUUID } from "node:crypto"`。通过 `localDb.ts` 的 re-export 链，这个 Node.js 原生模块被间接拉入客户端组件的 bundle，导致 Webpack 报错：
-
-```
-UnhandledSchemeError: Reading from "node:crypto" is not handled by plugins
-Import trace: node:crypto → ./src/lib/db/proxies.ts → ./src/lib/localDb.ts → page.tsx
-```
-
-Webpack 无法处理 `node:` URI scheme 前缀。`crypto`（不带 `node:` 前缀）已在 `next.config.mjs` 的 `serverExternalPackages` 中声明为服务端外部包。
-
-### 根因 4（P1）：Edge Runtime 编译警告刷屏
-
-Next.js 16 会同时为 **Node.js** 和 **Edge** 两种运行时编译 `instrumentation.ts`。虽然 `register()` 函数内有 `process.env.NEXT_RUNTIME === "nodejs"` 的运行时守卫，但 Turbopack 在打包 Edge 版本时仍会**静态追踪**所有动态 `import()` 的依赖链：
-
-```
-instrumentation.ts
-  → import("@/lib/db/secrets")
-    → @/lib/db/core.ts  →  fs, path, better-sqlite3
-    → @/lib/dataPaths.ts →  path, os
-    → @/lib/db/migrationRunner.ts → fs, path, url
-```
-
-对每个 Node.js 原生模块，Turbopack 都输出一条 "not supported in Edge Runtime" 警告。每次有新请求触发热编译时，这组 **10+ 条警告重复刷一遍**，严重污染终端输出，干扰开发调试。
-
-### 根因 5（P2）：启动 import 完全串行
-
-`instrumentation.ts` 中 9 个 `await import()` 完全串行执行，每个都可能触发 Webpack 编译其依赖树：
-
-```typescript
-await ensureSecrets();                              // 串行 1
-const { initConsoleInterceptor } = await import(...); // 串行 2
-const { initGracefulShutdown } = await import(...);   // 串行 3
-const { initApiBridgeServer } = await import(...);    // 串行 4
-const { startBackgroundRefresh } = await import(...); // 串行 5
-const { getSettings } = await import(...);            // 串行 6
-const { setCustomAliases } = await import(...);       // 串行 7
-const { setDefaultFastServiceTierEnabled } = await import(...); // 串行 8
-const { initAuditLog, cleanupExpiredLogs } = await import(...); // 串行 9
-```
-
-其中 4-6 互不依赖，7-8 互不依赖，完全可以并行。
-
---
-
-## 三、修复方案
-
-### 修复 1：globalThis 单例守卫（core.ts, tokenHealthCheck.ts, localHealthCheck.ts, consoleInterceptor.ts, gracefulShutdown.ts）
-
-**原理**：`globalThis` 对象在 Node.js 进程生命周期内全局唯一，不受 Webpack 模块重新执行的影响。
-
-```typescript
-// 修复后 — globalThis 在 HMR 后依然保留
-declare global {
-  var __omnirouteDb: import("better-sqlite3").Database | undefined;
-}
-
-function getDb() {
-  return globalThis.__omnirouteDb ?? null;
-}
-function setDb(db) {
-  /* ... */
-}
-
-export function getDbInstance() {
-  const existing = getDb();
-  if (existing) return existing; // HMR 后命中缓存
-  // ...
-}
-```
-
-**每个模块的具体改动：**
-
-| 模块                    | globalThis key                      | 守卫内容                                                    |
-| ----------------------- | ----------------------------------- | ----------------------------------------------------------- |
-| `db/core.ts`            | `__omnirouteDb`                     | SQLite 连接实例                                             |
-| `tokenHealthCheck.ts`   | `__omnirouteTokenHC`                | `{ initialized, interval }`                                 |
-| `localHealthCheck.ts`   | `__omnirouteLocalHC`                | `{ initialized, sweepTimer, healthCache, sweepInProgress }` |
-| `consoleInterceptor.ts` | `__omnirouteConsoleInterceptorInit` | `boolean`                                                   |
-| `gracefulShutdown.ts`   | `__omnirouteShutdownInit`           | `boolean`                                                   |
-
-**优点**：
-
- 零依赖，无需额外库。
- 与 `apiBridgeServer.ts` 已有模式一致。
- 对生产环境零影响（非 HMR 场景下行为完全相同）。
-
-**缺点/注意**：
-
- `globalThis` 键名需全局唯一，使用 `__omniroute` 前缀避免冲突。
- 需要 `declare global` 类型声明以保持 TypeScript 类型安全。
- 生产构建中 `globalThis` 存储略冗余（但仅是一个对象引用，几乎零开销）。
-
-### 修复 2：支持通过环境变量切换 Turbopack（run-next.mjs）
-
-```javascript
-// 修复后 — 默认仍用 webpack（保持原有行为），设置环境变量可启用 Turbopack
-if (mode === "dev" && process.env.OMNIROUTE_USE_TURBOPACK !== "1") {
-  args.splice(2, 0, "--webpack");
-}
-```
-
-**默认行为不变**：dev 模式仍使用 Webpack，与修复前完全一致。设置 `OMNIROUTE_USE_TURBOPACK=1` 可切换到 Turbopack 以获得更快的 dev 编译速度。
-
-**优点**：
-
- 零风险：不改变任何人的现有体验。
- 需要时设置 `OMNIROUTE_USE_TURBOPACK=1` 即可获得 5-10 倍编译加速。
- `next.config.mjs` 中已有 `turbopack.resolveAlias` 配置，说明项目已在准备 Turbopack 迁移。
-
-**缺点/注意**：
-
- Turbopack 对某些 Webpack 特定配置（如自定义 externals 函数）的支持方式不同，启用前需测试兼容性。
- 默认走 Webpack 意味着不主动启用 Turbopack 的用户无法享受编译加速。
-
-### 修复 3：`node:crypto` → `crypto`（proxies.ts, errorResponse.ts）
-
-```typescript
-// 修复前
-import { randomUUID } from "node:crypto";
-
-// 修复后
-import { randomUUID } from "crypto";
-```
-
-**优点**：
-
- `crypto`（无 `node:` 前缀）已在 `next.config.mjs` 的 `serverExternalPackages` 列表中，Webpack/Turbopack 会正确将其标记为外部包。
- 消除 `UnhandledSchemeError` 构建失败。
- Node.js 中 `crypto` 和 `node:crypto` 解析到同一模块。
-
-**缺点**：
-
- 无。`crypto` 是 Node.js 内建模块，两种写法功能完全等价。
-
-### 修复 4：分离 Edge/Node.js Instrumentation（instrumentation.ts → instrumentation-node.ts）
-
-**问题**：`instrumentation.ts` 中所有 Node.js 逻辑（`ensureSecrets`、DB 初始化、审计日志等）虽然只在 `NEXT_RUNTIME === "nodejs"` 时执行，但 Turbopack 编译 Edge 版本时仍静态追踪其 import 链，对每个 `fs`/`path`/`os`/`better-sqlite3` 等原生模块输出警告。
-
-**方案**：将所有 Node.js 专属逻辑提取到 `src/instrumentation-node.ts`，主文件通过**计算的 import 路径**引入，阻止 Turbopack 静态解析：
-
-```typescript
-// src/instrumentation.ts — 精简后仅 ~20 行
-export async function register() {
-  if (process.env.NEXT_RUNTIME === "nodejs") {
-    // 拼接路径阻止 Turbopack 在 Edge 编译时静态解析模块依赖
-    const nodeMod = "./instrumentation-" + "node";
-    const { registerNodejs } = await import(nodeMod);
-    await registerNodejs();
-  }
-}
-```
-
-```typescript
-// src/instrumentation-node.ts — 包含全部 Node.js 启动逻辑
-export async function registerNodejs(): Promise<void> {
-  await ensureSecrets();
-  // initConsoleInterceptor, initGracefulShutdown, initApiBridgeServer, ...
-  // （原 instrumentation.ts 的完整 Node.js 逻辑）
-}
-```
-
-**关键技术**：`"./instrumentation-" + "node"` 是运行时拼接的字符串，Turbopack 无法在编译期确定其值，因此**不会追踪**该 import 的依赖树。Node.js 运行时则正常解析该路径并执行。
-
-**优点**：
-
- Edge 编译时完全跳过 Node.js 模块追踪，**10+ 条重复警告全部消除**。
- Node.js 运行时行为与修复前完全一致。
- 启动时间从 **13.9s → 1.25s**（Turbopack 不再在 Edge 编译中处理 Node.js 模块图）。
-
-**缺点/注意**：
-
- 新增一个文件 `instrumentation-node.ts`，需同步维护。
- 计算 import 路径是有意为之的 bundler 逃逸技巧，需加注释说明原因防止后续重构时被"优化"回静态字符串。
-
-### 修复 5：并行化 instrumentation.ts 中的启动 import
-
-```typescript
-// 修复后 — 4 个独立模块并行导入
-const [
-  { initGracefulShutdown },
-  { initApiBridgeServer },
-  { startBackgroundRefresh },
-  { getSettings },
-] = await Promise.all([
-  import("@/lib/gracefulShutdown"),
-  import("@/lib/apiBridgeServer"),
-  import("@/domain/quotaCache"),
-  import("@/lib/db/settings"),
-]);
-
-// 2 个 open-sse 模块也并行导入
-const [{ setCustomAliases }, { setDefaultFastServiceTierEnabled }] = await Promise.all([
-  import("@omniroute/open-sse/services/modelDeprecation.ts"),
-  import("@omniroute/open-sse/executors/codex.ts"),
-]);
-```
-
-**优点**：
-
- `consoleInterceptor` 仍保持第一个（必须在任何日志前初始化）。
- 后续 4 个无依赖模块并行加载，节省 3 次串行等待。
- open-sse 的 2 个模块也并行加载。
-
-**缺点**：
-
- 并行 import 的错误堆栈略复杂（Promise.all 中某一个失败会 reject 整个组）。
- 这里的 compliance 模块仍保持独立 try/catch 串行，因为它有自己的错误处理逻辑。
-
---
-
-## 四、预期效果
-
-| 指标                          | 修复前                    | 修复后（预期）           |
-| ----------------------------- | ------------------------- | ------------------------ |
-| DB 连接创建次数               | 485 次/会话               | 1 次                     |
-| HealthCheck 定时器            | 586 个泄漏                | 1 个                     |
-| 信号处理器注册                | ~400 次重复               | 1 次                     |
-| Console 拦截层数              | ~400 层嵌套               | 1 层                     |
-| 内存使用峰值                  | 2.4 GB → OOM 重启         | 预期 < 500 MB            |
-| 冷启动 Ready                  | 3.4s                      | ~3s（略快）              |
-| 内存重启 Ready                | 82.6s                     | 不再触发内存重启         |
-| Login 页首次编译              | 3.7s                      | ~0.5s (需启用 Turbopack) |
-| Provider 详情页首次编译       | 22s                       | ~2-3s (需启用 Turbopack) |
-| `node:crypto` 构建错误        | 反复出现                  | 消除                     |
-| Edge Runtime 编译警告         | 每次热编译刷出 10+ 条     | **0 条**                 |
-| instrumentation 启动耗时      | 13.9s（含 Edge 模块追踪） | **1.25s**                |
-| instrumentation import 并行度 | 9 次串行 import           | 3 批并行 import          |
-
---
-
-## 五、涉及文件清单
-
-| 区域                | 文件                            | 改动类型                                                           |
-| ------------------- | ------------------------------- | ------------------------------------------------------------------ |
-| DB 单例             | `src/lib/db/core.ts`            | `let _db` → `globalThis.__omnirouteDb`                             |
-| Token 健康检查      | `src/lib/tokenHealthCheck.ts`   | `let initialized` → `globalThis.__omnirouteTokenHC`                |
-| 本地节点健康检查    | `src/lib/localHealthCheck.ts`   | `let initialized` → `globalThis.__omnirouteLocalHC`                |
-| Console 拦截        | `src/lib/consoleInterceptor.ts` | `let initialized` → `globalThis.__omnirouteConsoleInterceptorInit` |
-| 优雅关停            | `src/lib/gracefulShutdown.ts`   | 新增 `globalThis.__omnirouteShutdownInit` 守卫                     |
-| Dev 启动脚本        | `scripts/run-next.mjs`          | 新增 `OMNIROUTE_USE_TURBOPACK=1` 开关                              |
-| Proxy 注册表        | `src/lib/db/proxies.ts`         | `node:crypto` → `crypto`                                           |
-| API 错误响应        | `src/lib/api/errorResponse.ts`  | `node:crypto` → `crypto`                                           |
-| 启动钩子（主入口）  | `src/instrumentation.ts`        | 精简为 ~20 行，计算 import 路径阻止 Edge 追踪                      |
-| 启动钩子（Node.js） | `src/instrumentation-node.ts`   | 新文件，承载全部 Node.js 启动逻辑 + `Promise.all` 并行             |
-
---
-
-## 六、回退方案
-
- **启用 Turbopack**：设置 `OMNIROUTE_USE_TURBOPACK=1` 环境变量；不设置则默认使用 Webpack（原有行为不变）。
- **globalThis 方案异常**：所有 globalThis key 都以 `__omniroute` 为前缀，可通过 `delete globalThis.__omnirouteDb` 等方式手动重置。
- **Edge 警告回退**：若 `instrumentation-node.ts` 拆分导致问题，可将其内容合并回 `instrumentation.ts`，恢复为直接 `import()` 调用（警告会重新出现但不影响功能）。
- **生产环境**：以上修复对生产构建无负面影响——生产环境不存在 HMR，globalThis 单例仅在首次调用时初始化一次。计算 import 路径在 `next build` 时由 Node.js 正常解析，不影响打包产物。
-
---
-
-## 七、单元测试与备份恢复（pre-commit 验证通过）
-
-为保证提交前必须通过验证（不再使用 `--no-verify`），对以下失败用例与生产逻辑做了修复与加固。
-
-### 问题与根因
-
-| 失败项                                | 根因                                                                                                                                    |
-| ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
-| bootstrap-env 4 个用例                | Windows 上 DATA_DIR 解析用 `APPDATA`/`homedir()`，测试只设了 `HOME`，脚本读不到测试用的 `.env`。                                        |
-| domain-persistence costRules 2 个用例 | `core` 在首次 import 时缓存 `DATA_DIR`；测试每测一个 tmpDir 并在 afterEach 删目录，导致后续 describe 使用的 DB 路径已被删，读写得到 0。 |
-| fixes-p1 restoreDbBackup              | 测试在 DB 仍打开时写 stale 侧文件；`restoreDbBackup` 内 pre-restore 备份未 await 就关库，Windows 上句柄未及时释放，unlink 报 EBUSY。    |
-| fixes-p1 resetStorage 及后续用例      | 上一测留下 DB 打开，下一测 `resetStorage()` 删目录时文件仍被占用，EBUSY。                                                               |
-
-### 修复 6：bootstrap-env 测试（tests/unit/bootstrap-env.test.mjs）
-
-在每个用例的 `withTempEnv` 回调开头增加 `process.env.DATA_DIR = dataDir`，使脚本在任意平台（含 Windows）都使用测试临时目录，而不是依赖 `HOME`/`APPDATA`。
-
-### 修复 7：domain-persistence 测试（tests/unit/domain-persistence.test.mjs）
-
- **单例 tmpDir**：全文件共用一个 `fileTmpDir`，在模块加载时创建并设置 `process.env.DATA_DIR`，与 `core` 首次加载时缓存的路径一致。
- **每测清 DB 不清目录**：`beforeEach` 中 `resetDbInstance()` 后删除 `storage.sqlite` 及其 `-wal`/`-shm`/`-journal`，保证每测干净 DB，不在 afterEach 删目录，避免路径失效。
- **收尾**：`after()` 中恢复 `DATA_DIR` 并删除 `fileTmpDir`。
- **costRules 断言**：改为小容差精确校验（`assertAlmostEqual`），继续验证 `4.5` / `4.0` 这类业务关键值，避免把真实累计错误放过去。
-
-### 修复 8：fixes-p1 测试（tests/unit/fixes-p1.test.mjs）
-
- **restoreDbBackup 用例**：在写入 stale 侧文件前调用 `core.resetDbInstance()`，避免 DB 仍打开时写 `-wal`/`-shm` 触发 Windows 锁错误。
- **Windows 跳过**：该用例在 Windows 上仍使用 `test(..., { skip: isWindows })`。原因不是业务逻辑不支持 Windows，而是 better-sqlite3 关闭后底层句柄释放存在时序抖动，这条真实 sidecar 集成测试容易退化成不稳定的文件锁测试；Linux/macOS 上照常运行。
- **核心兜底测试**：新增平台无关的 `unlinkFileWithRetry` 单测，直接模拟 `EBUSY` / `EPERM` 后重试并最终成功，确保 Windows 相关的重试删除逻辑被稳定覆盖，而不是完全依赖 flaky 的真实文件锁时序。
- **resetStorage**：改为 async，对 `rmSync(TEST_DATA_DIR)` 做最多 10 次、间隔 100ms 的 EBUSY/EPERM 重试，避免下一测因上一测句柄未释放而失败。
-
-### 修复 9：备份恢复逻辑（src/lib/db/backup.ts）
-
- **pre-restore 备份改为同步等待**：在 `restoreDbBackup` 内用内联逻辑做 pre-restore 备份并 `await` 完成，再调用 `resetDbInstance()`，避免异步 backup 未结束就关库导致后续 unlink 失败。
- **节流语义保持一致**：pre-restore 备份成功后补回 `_lastBackupAt = Date.now()`，避免恢复后紧接着又触发一轮额外自动备份。
- **关库后短延迟**：`resetDbInstance()` 后 `await new Promise(r => setTimeout(r, 500))`，再执行 unlink，给 Windows 等平台释放句柄留时间。
- **unlink 重试**：将主库及 `-wal`/`-shm`/`-journal` 的删除提取为 `unlinkFileWithRetry`，统一做最多 10 次、间隔 100ms 的 EBUSY/EPERM 重试，提高恢复流程在锁释放较慢环境下的成功率，也便于单测直接覆盖重试逻辑。
-
-### 涉及文件（本节）
-
-| 区域     | 文件                                     | 改动类型                                                                                                        |
-| -------- | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------- |
-| 单元测试 | `tests/unit/bootstrap-env.test.mjs`      | 各用例内设置 `process.env.DATA_DIR = dataDir`                                                                   |
-| 单元测试 | `tests/unit/domain-persistence.test.mjs` | 单例 tmpDir、beforeEach 清 DB 文件、after 删目录；costRules 改为小容差精确断言                                  |
-| 单元测试 | `tests/unit/fixes-p1.test.mjs`           | restoreDbBackup 前 resetDbInstance、Windows skip 说明、resetStorage 重试、`unlinkFileWithRetry` 核心单测        |
-| 备份恢复 | `src/lib/db/backup.ts`                   | pre-restore 内联并 await、恢复 `_lastBackupAt` 节流语义、关库后 500ms 延迟、抽取 `unlinkFileWithRetry` 重试删除 |
@@ -1,332 +0,0 @@
-# ZWS_README_V5 — 按协议配置模型兼容性 + 前端性能优化
-
-V4 内容（HMR 泄漏修复、Edge 警告消除、测试稳定性）已完成；V5 在 V4 基础上实现**按协议维度配置模型兼容性**，新增前端查找性能优化与类型安全改进。
-
---
-
-## 一、如何发现问题
-
-### 现象
-
- 同一模型被 **OpenAI Chat Completions**、**OpenAI Responses API**、**Anthropic Messages** 三种客户端请求形态调用时，V2 的兼容性开关（工具 ID 9 位、不保留 developer 角色）是**全局生效**的——无法为不同协议设置不同的兼容策略。
- 例如：用户希望 OpenAI Responses API 请求时不保留 developer 角色（MiniMax 422 修复），但 OpenAI Chat Completions 请求时保留。V2 下只能二选一。
- 前端兼容性弹层未标明当前配置对应哪种协议，容易误导。
- 前端组件中 `Array.find()` 在每次渲染时对 customModels 和 modelCompatOverrides 做 O(n) 线性扫描，模型数量多时存在不必要的性能开销。
- `ModelCompatPatch` 类型定义与运行时逻辑不一致：`preserveOpenAIDeveloperRole` 字段需要支持 `null`（表示取消设置/恢复默认），但类型仅允许 `boolean`。
-
-### 排查过程
-
-1. **需求分析**：梳理 `detectFormat(body)` 返回的三种协议键（`openai`、`openai-responses`、`claude`），确认每种协议对 developer 角色和 tool call ID 的需求不同。
-2. **数据模型设计**：在现有 `normalizeToolCallId` / `preserveOpenAIDeveloperRole` 顶层字段基础上，设计 `compatByProtocol` 嵌套结构，按协议键细分。
-3. **构建问题**：客户端 `"use client"` 组件直接从 `@/lib/localDb` 引入常量时，间接拉入了 `node:crypto`（经由 `db/proxies.ts`），触发 Webpack `UnhandledSchemeError`。需将常量拆到 `shared/` 层。
-4. **前端性能**：通过 React DevTools 和代码审计发现 `effectiveNormalizeForProtocol` 等函数每次调用都对数组做 `find()`，在渲染列表时存在 O(n²) 的隐患。
-
---
-
-## 二、根因分析
-
-### 根因 1（P0）：兼容选项无协议维度
-
-V2 的 `normalizeToolCallId` / `preserveOpenAIDeveloperRole` 存储在模型级别的顶层字段，无法区分请求来源协议。`chatCore.ts` 中的 getter 函数只接收 `(providerId, modelId)` 两个参数，不感知当前请求的 `sourceFormat`。
-
-**影响**：跨协议场景下用户只能设置一个全局值，无法精确控制。
-
-### 根因 2（P1）：客户端构建拉入 Node.js 模块
-
-`page.tsx`（"use client"）→ `@/lib/localDb` → `db/proxies.ts` → `import { randomUUID } from "node:crypto"`
-
-Webpack 无法处理 `node:` URI scheme，报 `UnhandledSchemeError`。虽然 V4 已将 `node:crypto` → `crypto` 修复了 `proxies.ts`，但 `localDb.ts` 的 barrel export 链仍然存在风险——客户端组件不应引入任何可能传递到 Node.js 模块的路径。
-
-### 根因 3（P2）：前端查找性能
-
-`effectiveNormalizeForProtocol`、`effectivePreserveForProtocol`、`anyNormalizeCompatBadge`、`anyNoPreserveCompatBadge` 四个函数每次调用都使用 `Array.find()` 在 `customModels` 和 `modelCompatOverrides` 数组中查找目标模型。在模型列表渲染时，每个模型行会调用多次这些函数，导致 O(n × m) 的查找开销（n = 模型数，m = 每行调用次数）。
-
-### 根因 4（P2）：类型定义与运行时不一致
-
-```typescript
-// V3 暂存区版本（有问题）
-export type ModelCompatPatch = Partial<
-  Pick<
-    ModelCompatOverride,
-    "normalizeToolCallId" | "preserveOpenAIDeveloperRole" | "compatByProtocol"
-  >
->;
-```
-
-`ModelCompatOverride.preserveOpenAIDeveloperRole` 类型为 `boolean | undefined`，但 `mergeModelCompatOverride()` 内部有 `=== null` 判断（用于取消设置/恢复默认），类型层面无法覆盖。
-
---
-
-## 三、修复方案
-
-### 修复 1：`compatByProtocol` 存储与读取（models.ts）
-
-**新增数据结构**：
-
-```typescript
-type CompatByProtocolMap = Partial<Record<ModelCompatProtocolKey, ModelCompatPerProtocol>>;
-
-export type ModelCompatOverride = {
-  id: string;
-  normalizeToolCallId?: boolean;
-  preserveOpenAIDeveloperRole?: boolean;
-  compatByProtocol?: CompatByProtocolMap; // 新增
-};
-```
-
-**读取优先级链**（适用于 `getModelNormalizeToolCallId` 和 `getModelPreserveOpenAIDeveloperRole`）：
-
-```
-compatByProtocol[sourceFormat].field  →  顶层 field  →  默认值
-```
-
-1. 若 `sourceFormat` 属于已知协议键（`openai` / `openai-responses` / `claude`），且 `compatByProtocol[sourceFormat]` 中存在目标字段，使用该值。
-2. 否则回退到顶层字段。
-3. 顶层字段也不存在时使用默认值（normalizeToolCallId=false，preserveOpenAIDeveloperRole=undefined）。
-
-**深度合并逻辑** `deepMergeCompatByProtocol()`：
-
- 对每个协议键，逐字段合并而非覆盖。
- `normalizeToolCallId=false` 时删除该字段（不存储 false，减少冗余）。
- 合并后若整个协议条目为空对象，删除该协议条目。
- 协议键通过 `isCompatProtocolKey()` 白名单校验，拒绝未知键。
-
-**Getter 签名扩展**（向后兼容，第三参数可选）：
-
-```typescript
-export function getModelNormalizeToolCallId(
-  providerId: string,
-  modelId: string,
-  sourceFormat?: string | null
-): boolean;
-
-export function getModelPreserveOpenAIDeveloperRole(
-  providerId: string,
-  modelId: string,
-  sourceFormat?: string | null
-): boolean | undefined;
-```
-
-**优点**：
-
- 完全向后兼容：无 `sourceFormat` 参数时行为与 V2 完全一致。
- 协议键白名单校验防止存储污染。
- 深度合并保留未变更协议的配置。
-
-**缺点/注意**：
-
- JSON 存储体积略增（每个模型最多增加 3 个协议条目）。
- 新增 ~80 行 TypeScript 代码。
-
-### 修复 2：请求管线传入 sourceFormat（chatCore.ts）
-
-```typescript
-const normalizeToolCallId = getModelNormalizeToolCallId(
-  provider || "",
-  model || "",
-  sourceFormat // 新增第三参
-);
-const preserveDeveloperRole = getModelPreserveOpenAIDeveloperRole(
-  provider || "",
-  model || "",
-  sourceFormat // 新增第三参
-);
-```
-
-`sourceFormat` 由已有的 `detectFormat(body)` 返回，无需新增检测逻辑。
-
-**优点**：
-
- 改动仅 2 行，精准传参。
- 不影响其他 handler（embeddings、imageGeneration 等不涉及 developer 角色和 tool call ID）。
-
-### 修复 3：API 路由支持 compatByProtocol（route.ts）
-
-**PUT 请求体扩展**：
-
- 解构 `compatByProtocol` 并传入 `updateCustomModel()`。
- `compatOnly` 判断扩展：仅含 `provider` + `modelId` + 兼容字段时，走 `mergeModelCompatOverride()` 路径。
- 使用 `ModelCompatPatch` 类型替代行内类型定义，统一类型来源。
-
-**Zod 校验 schema**：
-
-```typescript
-const modelCompatPerProtocolSchema = z.object({
-  normalizeToolCallId: z.boolean().optional(),
-  preserveOpenAIDeveloperRole: z.boolean().optional(),
-}).strict();  // strict: 拒绝额外字段
-
-compatByProtocol: z
-  .record(z.enum(["openai", "openai-responses", "claude"]), modelCompatPerProtocolSchema)
-  .optional(),
-```
-
-**优点**：
-
- `.strict()` 防止客户端注入额外字段。
- `z.enum()` 限定协议键，与后端白名单一致。
- 仅传 `compatByProtocol` 即可更新，前端无需拼装完整模型对象。
-
-### 修复 4：客户端安全常量拆分（modelCompat.ts）
-
-**新增** `src/shared/constants/modelCompat.ts`：
-
-```typescript
-export const MODEL_COMPAT_PROTOCOL_KEYS = ["openai", "openai-responses", "claude"] as const;
-export type ModelCompatProtocolKey = (typeof MODEL_COMPAT_PROTOCOL_KEYS)[number];
-```
-
- 不依赖 Node.js / DB 代码，客户端组件可安全引入。
- `models.ts` 从此模块引入并再导出。
- `localDb.ts` 新增 `ModelCompatPatch` 类型导出（供 route.ts 使用），不导出协议常量。
- `page.tsx` 改为从 `@/shared/constants/modelCompat` 引入。
-
-**优点**：
-
- 彻底切断客户端 → localDb → db → proxies → node:crypto 的依赖链。
- 协议键定义单一来源（Single Source of Truth）。
-
-### 修复 5：前端协议选择器与按协议解析（page.tsx）
-
-**ModelCompatPopover 重构**：
-
- 新增协议下拉选择器（`<select>`），可选 OpenAI Chat / OpenAI Responses / Anthropic Messages。
- 两个开关（工具 ID 9 位、不保留 developer）**针对选中协议**生效。
- 选择 Claude 协议时隐藏 developer 角色开关（developer 仅对 OpenAI 系有意义）。
- 保存时以 `{ compatByProtocol: { [protocol]: payload } }` 形式提交，后端按协议合并。
- 深色模式适配：下拉框使用 `bg-white dark:bg-zinc-800`、`text-zinc-900 dark:text-zinc-100`。
-
-**Props 接口重构**：
-
-旧接口（4 个独立值/回调）：
-
-```typescript
-(normalizeToolCallId, preserveDeveloperRole, onNormalizeChange, onPreserveChange);
-```
-
-新接口（3 个函数式 props）：
-
-```typescript
-effectiveModelNormalize: (protocol: string) => boolean
-effectiveModelPreserveDeveloper: (protocol: string) => boolean
-onCompatPatch: (protocol: string, payload: {...}) => void
-```
-
-所有消费方（`ModelRow`、`PassthroughModelRow`、`CustomModelsSection`、`CompatibleModelsSection`）已同步更新。
-
-**角标显示逻辑**：
-
- `anyNormalizeCompatBadge()`：任意协议或顶层存在 `normalizeToolCallId=true` 即显示「ID×9」角标。
- `anyNoPreserveCompatBadge()`：任意协议或顶层存在 `preserveOpenAIDeveloperRole=false` 即显示「不保留」角标。
-
-**CustomModelsSection 增强**：
-
- 新增 `modelCompatOverrides` 状态，从 API 响应中获取。
- 新增 `saveCustomCompat()` 函数，支持仅传 `compatByProtocol` 的独立保存。
-
-### 修复 6：前端 Map 查找性能优化（page.tsx）
-
-**问题**：`effectiveNormalizeForProtocol` 等函数对 `customModels` 和 `modelCompatOverrides` 用 `Array.find()` 做 O(n) 查找，在列表渲染时每个模型行多次调用。
-
-**方案**：使用 `useMemo` + `Map` 将数组预建为 O(1) 查找表。
-
-```typescript
-type CompatModelMap = Map<string, CompatModelRow>;
-
-function buildCompatMap(rows: CompatModelRow[]): CompatModelMap {
-  const m = new Map<string, CompatModelRow>();
-  for (const r of rows) if (r.id) m.set(r.id, r);
-  return m;
-}
-
-// 在组件内
-const customMap = useMemo(() => buildCompatMap(modelMeta.customModels), [modelMeta.customModels]);
-const overrideMap = useMemo(
-  () => buildCompatMap(modelMeta.modelCompatOverrides),
-  [modelMeta.modelCompatOverrides]
-);
-```
-
-所有查找函数签名从 `(modelId, protocol, customModels[], overrides[])` 改为 `(modelId, protocol, customMap, overrideMap)`，内部使用 `Map.get()` 替代 `Array.find()`。
-
-**优点**：
-
- 查找从 O(n) 降为 O(1)。
- `useMemo` 依赖项正确，仅在数据变化时重建 Map。
- `CustomModelsSection` 内部也独立构建 Map，不依赖父组件。
-
-### 修复 7：ModelCompatPatch 类型修正（models.ts）
-
-```typescript
-// 修复后 — 显式允许 null
-export type ModelCompatPatch = {
-  normalizeToolCallId?: boolean;
-  preserveOpenAIDeveloperRole?: boolean | null; // null = 取消设置/恢复默认
-  compatByProtocol?: CompatByProtocolMap;
-};
-```
-
-与 `mergeModelCompatOverride()` 内的 `=== null` 判断逻辑一致，类型安全。
-
-### 修复 8：CompatByProtocolMap 类型收紧（page.tsx）
-
-客户端 `CompatByProtocolMap` 从 `Record<string, ...>` 改为 `Record<ModelCompatProtocolKey, ...>`，增强类型安全，防止传入未知协议键。
-
-### 修复 9：i18n 文案新增
-
-| 键名                            | 中文                                          | 英文                                                           |
-| ------------------------------- | --------------------------------------------- | -------------------------------------------------------------- |
-| `compatProtocolLabel`           | 客户端请求协议                                | Client request protocol                                        |
-| `compatProtocolHint`            | 以下选项在 OmniRoute 识别到该请求形态时生效。 | These options apply when OmniRoute detects this request shape. |
-| `compatProtocolOpenAI`          | OpenAI Chat Completions                       | OpenAI Chat Completions                                        |
-| `compatProtocolOpenAIResponses` | OpenAI Responses API                          | OpenAI Responses API                                           |
-| `compatProtocolClaude`          | Anthropic Messages                            | Anthropic Messages                                             |
-
---
-
-## 四、使用方式
-
-1. 点击模型行的 **「兼容性」** 按钮。
-2. 在弹层内先选择 **「客户端请求协议」**（OpenAI Chat / OpenAI Responses / Anthropic Messages）。
-3. 勾选该协议下的「工具 ID 9 位」或「不保留 developer 角色」。
-4. 保存后，仅在该协议形态的请求下生效。
-5. 未配置某协议时，该协议下行为回退到顶层兼容字段（若存在），再回退到默认值（保留 developer、不规范化 tool id）。
-6. 角标「ID×9」「不保留」在任意协议存在对应配置时显示。
-
---
-
-## 五、预期效果
-
-| 指标                      | 修复前                | 修复后                                     |
-| ------------------------- | --------------------- | ------------------------------------------ |
-| 兼容性配置维度            | 全局（模型级）        | 按协议（OpenAI Chat / Responses / Claude） |
-| developer 角色精确控制    | 不支持                | 支持（如：仅 Responses API 不保留）        |
-| 前端兼容性查找性能        | O(n) Array.find       | O(1) Map.get（useMemo 缓存）               |
-| ModelCompatPatch 类型安全 | null 值无类型覆盖     | 显式 `boolean \| null`                     |
-| 客户端构建风险            | 可能引入 Node.js 模块 | 已隔离（shared/constants 层）              |
-| API 验证                  | 无 compatByProtocol   | Zod strict schema 校验                     |
-| 深色模式                  | 协议选择器不可读      | bg/text 适配 dark 主题                     |
-
---
-
-## 六、涉及文件清单
-
-| 区域       | 文件                                                        | 改动类型                                                                                         |
-| ---------- | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------ |
-| 协议常量   | `src/shared/constants/modelCompat.ts`                       | **新建**，客户端安全的协议键与类型                                                               |
-| 存储与读写 | `src/lib/db/models.ts`                                      | `compatByProtocol` 数据结构、深度合并、getter 第三参 `sourceFormat`、`ModelCompatPatch` 类型修正 |
-| 再导出层   | `src/lib/localDb.ts`                                        | 新增 `ModelCompatPatch` 类型导出                                                                 |
-| API 路由   | `src/app/api/provider-models/route.ts`                      | PUT 支持 `compatByProtocol`，使用 `ModelCompatPatch` 类型                                        |
-| 输入校验   | `src/shared/validation/schemas.ts`                          | `modelCompatPerProtocolSchema`（strict）+ `compatByProtocol` 记录校验                            |
-| 请求管线   | `open-sse/handlers/chatCore.ts`                             | `getModelNormalizeToolCallId` / `getModelPreserveOpenAIDeveloperRole` 传入 `sourceFormat`        |
-| 前端 UI    | `src/app/(dashboard)/dashboard/providers/[id]/page.tsx`     | 协议选择器、按协议解析/保存、角标逻辑、Map 性能优化、类型收紧                                    |
-| i18n       | `src/i18n/messages/en.json`，`src/i18n/messages/zh-CN.json` | 5 条新文案                                                                                       |
-
---
-
-## 七、回退方案
-
- **禁用按协议配置**：删除 `compatByProtocol` 字段后，getter 自动回退到顶层字段，行为与 V2 一致。
- **前端 Map 优化回退**：将 `Map.get()` 改回 `Array.find()` 即可，纯性能优化无功能耦合。
- **客户端常量回退**：将 `MODEL_COMPAT_PROTOCOL_KEYS` 定义移回 `models.ts` 并从 `localDb.ts` 导出（需同时确保 `node:crypto` 问题不再存在）。
- **生产环境**：以上修复对生产构建无负面影响。`compatByProtocol` 为可选字段，未配置时默认行为不变。API Zod 校验确保不会接受畸形数据。
@@ -116,10 +116,8 @@ if (args.includes("--help") || args.includes("-h")) {

 if (args.includes("--version") || args.includes("-v")) {
  try {
-    const pkg = await import(join(ROOT, "package.json"), {
-      with: { type: "json" },
-    });
-    console.log(pkg.default.version);
+    const { version } = JSON.parse(readFileSync(join(ROOT, "package.json"), "utf8"));
+    console.log(version);
  } catch {
    console.log("unknown");
  }
@@ -189,8 +187,27 @@ const serverJs = join(APP_DIR, "server.js");

 if (!existsSync(serverJs)) {
  console.error("\x1b[31m✖ Server not found at:\x1b[0m", serverJs);
-  console.error("  This usually means the package was not built correctly.");
-  console.error("  Try reinstalling: npm install -g omniroute");
+  console.error("  The package may not have been built correctly.");
+  console.error("");
+  // (#492) Detect common non-standard Node managers that cause this issue
+  const nodeExec = process.execPath || "";
+  const isMise = nodeExec.includes("mise") || nodeExec.includes(".local/share/mise");
+  const isNvm = nodeExec.includes(".nvm") || nodeExec.includes("nvm");
+  if (isMise) {
+    console.error(
+      "  \x1b[33m⚠ mise detected:\x1b[0m If you installed via `npm install -g omniroute`,"
+    );
+    console.error("    try: \x1b[36mnpx omniroute@latest\x1b[0m  (downloads a fresh copy)");
+    console.error("    or:  \x1b[36mmise exec -- npx omniroute\x1b[0m");
+  } else if (isNvm) {
+    console.error(
+      "  \x1b[33m⚠ nvm detected:\x1b[0m Try reinstalling after loading the correct Node version:"
+    );
+    console.error("    \x1b[36mnvm use --lts && npm install -g omniroute\x1b[0m");
+  } else {
+    console.error("  Try: \x1b[36mnpm install -g omniroute\x1b[0m  (reinstall)");
+    console.error("  Or:  \x1b[36mnpx omniroute@latest\x1b[0m");
+  }
  process.exit(1);
 }

@@ -16,7 +16,7 @@ services:
    container_name: omniroute-prod
    build:
      context: .
-      target: runner-base
+      target: runner-cli
    image: omniroute:prod
    restart: unless-stopped
    env_file: .env
@@ -38,15 +38,20 @@ Content-Type: application/json

 ### Custom Headers

-| Header                   | Direction | Description                       |
-| ------------------------ | --------- | --------------------------------- |
-| `X-OmniRoute-No-Cache`   | Request   | Set to `true` to bypass cache     |
-| `X-OmniRoute-Progress`   | Request   | Set to `true` for progress events |
-| `Idempotency-Key`        | Request   | Dedup key (5s window)             |
-| `X-Request-Id`           | Request   | Alternative dedup key             |
-| `X-OmniRoute-Cache`      | Response  | `HIT` or `MISS` (non-streaming)   |
-| `X-OmniRoute-Idempotent` | Response  | `true` if deduplicated            |
-| `X-OmniRoute-Progress`   | Response  | `enabled` if progress tracking on |
+| Header                   | Direction | Description                                      |
+| ------------------------ | --------- | ------------------------------------------------ |
+| `X-OmniRoute-No-Cache`   | Request   | Set to `true` to bypass cache                    |
+| `X-OmniRoute-Progress`   | Request   | Set to `true` for progress events                |
+| `X-Session-Id`           | Request   | Sticky session key for external session affinity |
+| `x_session_id`           | Request   | Underscore variant also accepted (direct HTTP)   |
+| `Idempotency-Key`        | Request   | Dedup key (5s window)                            |
+| `X-Request-Id`           | Request   | Alternative dedup key                            |
+| `X-OmniRoute-Cache`      | Response  | `HIT` or `MISS` (non-streaming)                  |
+| `X-OmniRoute-Idempotent` | Response  | `true` if deduplicated                           |
+| `X-OmniRoute-Progress`   | Response  | `enabled` if progress tracking on                |
+| `X-OmniRoute-Session-Id` | Response  | Effective session ID used by OmniRoute           |
+
+> Nginx note: if you rely on underscore headers (for example `x_session_id`), enable `underscores_in_headers on;`.

 ---

@@ -137,10 +142,10 @@ The provider prefix is auto-added if missing. Mismatched models return `400`.

 ```bash
 # Get cache stats
-GET /api/cache
+GET /api/cache/stats

 # Clear all caches
-DELETE /api/cache
+DELETE /api/cache/stats
 ```

 Response example:
@@ -213,7 +218,7 @@ Response example:

 | Endpoint                        | Method  | Description            |
 | ------------------------------- | ------- | ---------------------- |
-| `/api/settings`                 | GET/PUT | General settings       |
+| `/api/settings`                 | GET/PUT/PATCH | General settings  |
 | `/api/settings/proxy`           | GET/PUT | Network proxy config   |
 | `/api/settings/proxy/test`      | POST    | Test proxy connection  |
 | `/api/settings/ip-filter`       | GET/PUT | IP allowlist/blocklist |
@@ -226,8 +231,8 @@ Response example:
 | ------------------------ | ---------- | ----------------------- |
 | `/api/sessions`          | GET        | Active session tracking |
 | `/api/rate-limits`       | GET        | Per-account rate limits |
-| `/api/monitoring/health` | GET        | Health check            |
-| `/api/cache`             | GET/DELETE | Cache stats / clear     |
+| `/api/monitoring/health` | GET        | Health check + provider summary (`catalogCount`, `configuredCount`, `activeCount`, `monitoredCount`) |
+| `/api/cache/stats`       | GET/DELETE | Cache stats / clear     |

 ### Backup & Export/Import

@@ -274,7 +279,7 @@ GET response includes `agents[]` (id, name, binary, version, installed, protocol

 | Endpoint                | Method  | Description                     |
 | ----------------------- | ------- | ------------------------------- |
-| `/api/resilience`       | GET/PUT | Get/update resilience profiles  |
+| `/api/resilience`       | GET/PATCH | Get/update resilience profiles |
 | `/api/resilience/reset` | POST    | Reset circuit breakers          |
 | `/api/rate-limits`      | GET     | Per-account rate limit status   |
 | `/api/rate-limit`       | GET     | Global rate limit configuration |
@@ -2,7 +2,7 @@

 🌐 **Languages:** 🇺🇸 [English](ARCHITECTURE.md) | 🇧🇷 [Português (Brasil)](i18n/pt-BR/ARCHITECTURE.md) | 🇪🇸 [Español](i18n/es/ARCHITECTURE.md) | 🇫🇷 [Français](i18n/fr/ARCHITECTURE.md) | 🇮🇹 [Italiano](i18n/it/ARCHITECTURE.md) | 🇷🇺 [Русский](i18n/ru/ARCHITECTURE.md) | 🇨🇳 [中文 (简体)](i18n/zh-CN/ARCHITECTURE.md) | 🇩🇪 [Deutsch](i18n/de/ARCHITECTURE.md) | 🇮🇳 [हिन्दी](i18n/in/ARCHITECTURE.md) | 🇹🇭 [ไทย](i18n/th/ARCHITECTURE.md) | 🇺🇦 [Українська](i18n/uk-UA/ARCHITECTURE.md) | 🇸🇦 [العربية](i18n/ar/ARCHITECTURE.md) | 🇯🇵 [日本語](i18n/ja/ARCHITECTURE.md) | 🇻🇳 [Tiếng Việt](i18n/vi/ARCHITECTURE.md) | 🇧🇬 [Български](i18n/bg/ARCHITECTURE.md) | 🇩🇰 [Dansk](i18n/da/ARCHITECTURE.md) | 🇫🇮 [Suomi](i18n/fi/ARCHITECTURE.md) | 🇮🇱 [עברית](i18n/he/ARCHITECTURE.md) | 🇭🇺 [Magyar](i18n/hu/ARCHITECTURE.md) | 🇮🇩 [Bahasa Indonesia](i18n/id/ARCHITECTURE.md) | 🇰🇷 [한국어](i18n/ko/ARCHITECTURE.md) | 🇲🇾 [Bahasa Melayu](i18n/ms/ARCHITECTURE.md) | 🇳🇱 [Nederlands](i18n/nl/ARCHITECTURE.md) | 🇳🇴 [Norsk](i18n/no/ARCHITECTURE.md) | 🇵🇹 [Português (Portugal)](i18n/pt/ARCHITECTURE.md) | 🇷🇴 [Română](i18n/ro/ARCHITECTURE.md) | 🇵🇱 [Polski](i18n/pl/ARCHITECTURE.md) | 🇸🇰 [Slovenčina](i18n/sk/ARCHITECTURE.md) | 🇸🇪 [Svenska](i18n/sv/ARCHITECTURE.md) | 🇵🇭 [Filipino](i18n/phi/ARCHITECTURE.md) | 🇨🇿 [Čeština](i18n/cs/ARCHITECTURE.md)

-_Last updated: 2026-03-04_
+_Last updated: 2026-03-28_

 ## Executive Summary

@@ -65,6 +65,26 @@ Primary runtime model:
 - Provider SLA/control plane outside local process
 - External CLI binaries themselves (Claude CLI, Codex CLI, etc.)

+## Dashboard Surface (Current)
+
+Main pages under `src/app/(dashboard)/dashboard/`:
+
+- `/dashboard` — quick start + provider overview
+- `/dashboard/endpoint` — endpoint proxy + MCP + A2A + API endpoint tabs
+- `/dashboard/providers` — provider connections and credentials
+- `/dashboard/combos` — combo strategies, templates, model routing rules
+- `/dashboard/costs` — cost aggregation and pricing visibility
+- `/dashboard/analytics` — usage analytics and evaluations
+- `/dashboard/limits` — quota/rate controls
+- `/dashboard/cli-tools` — CLI onboarding, runtime detection, config generation
+- `/dashboard/agents` — detected ACP agents + custom agent registration
+- `/dashboard/media` — image/video/music playground
+- `/dashboard/search-tools` — search provider testing and history
+- `/dashboard/health` — uptime, circuit breakers, rate limits
+- `/dashboard/logs` — request/proxy/audit/console logs
+- `/dashboard/settings` — system settings tabs (general, routing, combo defaults, etc.)
+- `/dashboard/api-manager` — API key lifecycle and model permissions
+
 ## High-Level System Context

 ```mermaid
@@ -254,8 +274,9 @@ Domain State DB (SQLite):

 ## 5) Cloud Sync

- Scheduler init: `src/lib/initCloudSync.ts`, `src/shared/services/initializeCloudSync.ts`
+- Scheduler init: `src/lib/initCloudSync.ts`, `src/shared/services/initializeCloudSync.ts`, `src/shared/services/modelSyncScheduler.ts`
 - Periodic task: `src/shared/services/cloudSyncScheduler.ts`
+- Periodic task: `src/shared/services/modelSyncScheduler.ts`
 - Control route: `src/app/api/sync/cloud/route.ts`

 ## Request Lifecycle (`/v1/chat/completions`)
@@ -335,7 +356,7 @@ flowchart TD
    Q -- No --> R[Return all unavailable]
 ```

-Fallback decisions are driven by `open-sse/services/accountFallback.ts` using status codes and error-message heuristics.
+Fallback decisions are driven by `open-sse/services/accountFallback.ts` using status codes and error-message heuristics. Combo routing adds one extra guard: provider-scoped 400s such as upstream content-block and role-validation failures are treated as model-local failures so later combo targets can still run.

 ## OAuth Onboarding and Token Refresh Lifecycle

@@ -735,10 +756,18 @@ Runtime visibility sources:

 - console logs from `src/sse/utils/logger.ts`
 - per-request usage aggregates in SQLite (`usage_history`, `call_logs`, `proxy_logs`)
+- four-stage detailed payload captures in SQLite (`request_detail_logs`) when `settings.detailed_logs_enabled=true`
 - textual request status log in `log.txt` (optional/compat)
 - optional deep request/translation logs under `logs/` when `ENABLE_REQUEST_LOGS=true`
 - dashboard usage endpoints (`/api/usage/*`) for UI consumption

+Detailed request payload capture stores up to four JSON payload stages per routed call:
+
+- raw request received from the client
+- translated request actually sent upstream
+- provider response reconstructed as JSON (including streamed event sequences when applicable)
+- final client response returned by OmniRoute
+
 ## Security-Sensitive Boundaries

 - JWT secret (`JWT_SECRET`) secures dashboard session cookie verification/signing
@@ -9,7 +9,7 @@ cost tracking, model switching, and request logging across every tool.
 ## How It Works

 ```
-Claude / Codex / Gemini CLI / OpenCode / Cline / KiloCode / Continue / Kiro CLI
+Claude / Codex / OpenCode / Cline / KiloCode / Continue / Kiro / Cursor / Copilot
           │
           ▼  (all point to OmniRoute)
    http://YOUR_SERVER:20128/v1
@@ -27,21 +27,38 @@ Claude / Codex / Gemini CLI / OpenCode / Cline / KiloCode / Continue / Kiro CLI

 ---

-## Supported Tools
+## Supported Tools (Dashboard Source of Truth)

-| Tool             | Command             | Type              | Install Method |
-| ---------------- | ------------------- | ----------------- | -------------- |
-| **Claude Code**  | `claude`            | CLI               | npm            |
-| **OpenAI Codex** | `codex`             | CLI               | npm            |
-| **Gemini CLI**   | `gemini`            | CLI               | npm            |
-| **OpenCode**     | `opencode`          | CLI               | npm            |
-| **Cline**        | `cline`             | CLI + VS Code ext | npm            |
-| **KiloCode**     | `kilocode` / `kilo` | CLI + VS Code ext | npm            |
-| **Continue**     | guide-based         | VS Code ext       | VS Code        |
-| **Kiro CLI**     | `kiro-cli`          | CLI               | curl installer |
-| **Cursor**       | `cursor`            | Desktop app       | Download       |
-| **Droid**        | web-based           | Built-in agent    | OmniRoute      |
-| **OpenClaw**     | web-based           | Built-in agent    | OmniRoute      |
+The dashboard cards in `/dashboard/cli-tools` are generated from `src/shared/constants/cliTools.ts`.
+Current list (v3.0.0-rc.16):
+
+| Tool             | ID            | Command      | Setup Mode | Install Method |
+| ---------------- | ------------- | ------------ | ---------- | -------------- |
+| **Claude Code**  | `claude`      | `claude`     | env        | npm            |
+| **OpenAI Codex** | `codex`       | `codex`      | custom     | npm            |
+| **Factory Droid**| `droid`       | `droid`      | custom     | bundled/CLI    |
+| **OpenClaw**     | `openclaw`    | `openclaw`   | custom     | bundled/CLI    |
+| **Cursor**       | `cursor`      | app          | guide      | desktop app    |
+| **Cline**        | `cline`       | `cline`      | custom     | npm            |
+| **Kilo Code**    | `kilo`        | `kilocode`   | custom     | npm            |
+| **Continue**     | `continue`    | extension    | guide      | VS Code        |
+| **Antigravity**  | `antigravity` | internal     | mitm       | OmniRoute      |
+| **GitHub Copilot**| `copilot`    | extension    | custom     | VS Code        |
+| **OpenCode**     | `opencode`    | `opencode`   | guide      | npm            |
+| **Kiro AI**      | `kiro`        | app/cli      | mitm       | desktop/CLI    |
+
+### CLI fingerprint sync (Agents + Settings)
+
+`/dashboard/agents` and `Settings > CLI Fingerprint` use `src/shared/constants/cliCompatProviders.ts`.
+This keeps provider IDs aligned with CLI cards and legacy IDs.
+
+| CLI ID | Fingerprint Provider ID |
+| ------ | ----------------------- |
+| `kilo` | `kilocode`              |
+| `copilot` | `github`             |
+| `claude` / `codex` / `antigravity` / `kiro` / `cursor` / `cline` / `opencode` / `droid` / `openclaw` | same ID |
+
+Legacy IDs still accepted for compatibility: `copilot`, `kimi-coding`, `qwen`.

 ---

@@ -67,9 +84,6 @@ npm install -g @anthropic-ai/claude-code
 # OpenAI Codex
 npm install -g @openai/codex

-# Gemini CLI (Google)
-npm install -g @google/gemini-cli
-
 # OpenCode
 npm install -g opencode-ai

@@ -77,7 +91,7 @@ npm install -g opencode-ai
 npm install -g cline

 # KiloCode
-npm install -g kilecode
+npm install -g kilocode

 # Kiro CLI (Amazon — requires curl + unzip)
 apt-get install -y unzip   # on Debian/Ubuntu
@@ -90,7 +104,6 @@ export PATH="$HOME/.local/bin:$PATH"   # add to ~/.bashrc
 ```bash
 claude --version     # 2.x.x
 codex --version      # 0.x.x
-gemini --version     # 0.x.x
 opencode --version   # x.x.x
 cline --version      # 2.x.x
 kilocode --version   # x.x.x (or: kilo --version)
@@ -153,21 +166,6 @@ EOF

 ---

-### Gemini CLI
-
-```bash
-mkdir -p ~/.gemini && cat > ~/.gemini/settings.json << EOF
-{
-  "apiKey": "sk-your-omniroute-key",
-  "baseUrl": "http://localhost:20128/v1"
-}
-EOF
-```
-
-**Test:** `gemini "hello"`
-
---
-
 ### OpenCode

 ```bash
@@ -324,17 +322,16 @@ They run as internal routes and use OmniRoute's model routing automatically.
 OMNIROUTE_URL="http://localhost:20128/v1"
 OMNIROUTE_KEY="sk-your-omniroute-key"

-npm install -g @anthropic-ai/claude-code @openai/codex @google/gemini-cli opencode-ai cline kilecode
+npm install -g @anthropic-ai/claude-code @openai/codex opencode-ai cline kilocode

 # Kiro CLI
 apt-get install -y unzip 2>/dev/null; curl -fsSL https://cli.kiro.dev/install | bash

 # Write configs
-mkdir -p ~/.claude ~/.codex ~/.gemini ~/.config/opencode ~/.continue
+mkdir -p ~/.claude ~/.codex ~/.config/opencode ~/.continue

 cat > ~/.claude/settings.json   <<< "{\"apiBaseUrl\":\"$OMNIROUTE_URL\",\"apiKey\":\"$OMNIROUTE_KEY\"}"
 cat > ~/.codex/config.yaml      <<< "model: auto\napiKey: $OMNIROUTE_KEY\napiBaseUrl: $OMNIROUTE_URL"
-cat > ~/.gemini/settings.json   <<< "{\"apiKey\":\"$OMNIROUTE_KEY\",\"baseUrl\":\"$OMNIROUTE_URL\"}"
 cat >> ~/.bashrc << EOF
 export OPENAI_BASE_URL="$OMNIROUTE_URL"
 export OPENAI_API_KEY="$OMNIROUTE_KEY"
@@ -578,6 +578,22 @@ Configure via **Dashboard → Settings → Routing**.
 | **Least Used**                 | Routes to the account with the oldest `lastUsedAt` timestamp, distributing traffic evenly        |
 | **Cost Optimized**             | Routes to the account with the lowest priority value, optimizing for lowest-cost providers       |

+#### External Sticky Session Header
+
+For external session affinity (for example, Claude Code/Codex agents behind reverse proxies), send:
+
+```http
+X-Session-Id: your-session-key
+```
+
+OmniRoute also accepts `x_session_id` and returns the effective session key in `X-OmniRoute-Session-Id`.
+
+If you use Nginx and send underscore-form headers, enable:
+
+```nginx
+underscores_in_headers on;
+```
+
 #### Wildcard Model Aliases

 Create wildcard patterns to remap model names:
@@ -8,73 +8,6 @@ _وكيل API العالمي الخاص بك - نقطة نهاية واحدة،

 ---

-### 🆕 الجديد في v2.7.0
-
- **RouterStrategy قابل للتوصيل** — استراتيجيات القواعد والتكلفة والكمون
- **كشف النية متعدد اللغات** — تسجيل التوجيه بأكثر من 30 لغة
- **إلغاء تكرار الطلبات** — تجنب مكالمات API المكررة عبر تجزئة المحتوى
- **مزودون جدد:** Grok-4 Fast (xAI) وGLM-5 / Z.AI وMiniMax M2.5 وKimi K2.5
- **أسعار محدثة:** Grok-4 Fast $0.20/$0.50/M، GLM-5 $0.50/M، MiniMax M2.5 $0.30/M
-
---
-
-<div align="center">
-
-[![إصدار npm](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
-[![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
-[![الترخيص](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
-[![موقع الويب](https://img.shields.io/badge/Website-omniroute.online-blue?logo=google-chrome&logoColor=white)](https://omniroute.online)
-[![WhatsApp](https://img.shields.io/badge/WhatsApp-Community-25D366?logo=whatsapp&logoColor=white)](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
-
-[🌐 الموقع الإلكتروني](https://omniroute.online) • [🚀 البداية السريعة](#-quick-start) • [💡 الميزات](#-key-features) • [📖 المستندات](#-documentation) • [💰 التسعير](#-pricing-at-a-glance) • [💬 واتساب](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
-
-</div>
-
-🌐 **متوفر باللغة:** 🇺🇸 [الإنجليزية](../../README.md) | 🇧🇷 [البرتغالية (البرازيل)](../pt-BR/README.md) | 🇪🇸 [الإسبانية](../es/README.md) | 🇫🇷 [Français](../fr/README.md) | 🇮🇹 [الإيطالية](../it/README.md) | 🇷🇺 [Русский](../ru/README.md) | 🇨🇳 [中文 (简体)](../zh-CN/README.md) | 🇩🇪 [الألمانية](../de/README.md) | 🇮🇳 [هندي](../in/README.md) | 🇹🇭 [ไทย](../th/README.md) | 🇺🇦 [أوكرانيا](../uk-UA/README.md) | 🇸🇦 [العربية](../ar/README.md) | 🇯🇵 [日本語](../ja/README.md) | 🇻🇳 [تيانج فيت](../vi/README.md) | 🇧🇬 [بلغارسكي](../bg/README.md) | 🇩🇰 [الدانسك](../da/README.md) | 🇫🇮 [سومي](../fi/README.md) | 🇮🇱 [العربية](../he/README.md) | 🇭🇺 [المجرية](../hu/README.md) | 🇮🇩 [البهاسا الإندونيسية](../id/README.md) | 🇰🇷 [한국어](../ko/README.md) | 🇲🇾 [البهاسا ملايو](../ms/README.md) | 🇳🇱 [هولندا](../nl/README.md) | 🇳🇴 [نورسك](../no/README.md) | 🇵🇹 [البرتغالية (البرتغال)](../pt/README.md) | 🇷🇴 [روماني](../ro/README.md) | 🇵🇱 [بولسكي](../pl/README.md) | 🇸🇰 [سلوفينسينا](../sk/README.md) | 🇸🇪 [سفينسكا](../sv/README.md) | 🇵🇭 [فلبينية](../phi/README.md)
-
---
-
-## 🖼️ لوحة التحكم الرئيسية
-
-<div align="center">
-  <img src="./docs/screenshots/MainOmniRoute.png" alt="OmniRoute Dashboard" width="800"/>
-</div>
-
---
-
-## 📸 معاينة لوحة التحكم
-
-<details>
-<summary><b>انقر لرؤية لقطات شاشة لوحة القيادة</b></summary>
-
-| صفحة                  | لقطة شاشة                                          |
-| --------------------- | -------------------------------------------------- |
-| ** مقدمو الخدمة **    | ![مقدمو الخدمة](docs/screenshots/01-providers.png) |
-| **المجموعات**         | ![المجموعات](docs/screenshots/02-combos.png)       |
-| **تحليلات**           | ![تحليلات](docs/screenshots/03-analytics.png)      |
-| **الصحة**             | ![الصحة](docs/screenshots/04-health.png)           |
-| **مترجم**             | ![مترجم](docs/screenshots/05-translator.png)       |
-| **الإعدادات**         | ![الإعدادات](docs/screenshots/06-settings.png)     |
-| **أدوات سطر الأوامر** | ![أدوات CLI](docs/screenshots/07-cli-tools.png)    |
-| **سجلات الاستخدام**   | ![الاستخدام](docs/screenshots/08-usage.png)        |
-| **نقطة النهاية**      | ![نقطة النهاية](docs/screenshots/09-endpoint.png)  |
-
-</details>
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 موفر الذكاء الاصطناعي المجاني لوكلاء البرمجة المفضلين لديك

 _قم بتوصيل أي أداة IDE أو CLI مدعومة بالذكاء الاصطناعي من خلال OmniRoute - بوابة واجهة برمجة التطبيقات المجانية للترميز غير المحدود._
@@ -159,6 +92,34 @@ _قم بتوصيل أي أداة IDE أو CLI مدعومة بالذكاء الا

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 ## 🤔 لماذا OmniRoute؟

 **توقف عن إهدار المال وضرب الحدود:**
@@ -967,14 +928,16 @@ npm run electron:build:linux   # Linux (.AppImage)

 ### ☁️ النشر والمنصة

-| ميزة                             | ماذا يفعل                                        |
-| -------------------------------- | ------------------------------------------------ | --- | ------------------------ | ------------------------------- |
-| 🌐 **النشر في أي مكان**          | المضيف المحلي، VPS، Docker، البيئات السحابية     |     | 💾 **المزامنة السحابية** | مزامنة التكوين عبر عامل السحابة |
-| 🔄 **النسخ الاحتياطي/الاستعادة** | تدفقات التصدير/الاستيراد والتعافي من الكوارث     |
-| 🧙 **معالج الإعداد**             | الإعداد الموجه لأول مرة                          |
-| 🔧 **لوحة تحكم أدوات CLI**       | إعداد بنقرة واحدة لأدوات الترميز الشائعة         |
-| 🌐 **i18n (30 لغة)**             | لوحة تحكم كاملة + دعم لغة المستندات مع تغطية RTL |
-| 📂 **دليل البيانات المخصصة**     | تجاوز `DATA_DIR` لموقع التخزين                   |
+| ميزة                             | ماذا يفعل                                           |
+| -------------------------------- | --------------------------------------------------- | --- | ------------------------ | ------------------------------- |
+| 🌐 **النشر في أي مكان**          | المضيف المحلي، VPS، Docker، البيئات السحابية        |     | 💾 **المزامنة السحابية** | مزامنة التكوين عبر عامل السحابة |
+| 🔄 **النسخ الاحتياطي/الاستعادة** | تدفقات التصدير/الاستيراد والتعافي من الكوارث        |
+| 🧙 **معالج الإعداد**             | الإعداد الموجه لأول مرة                             |
+| 🔧 **لوحة تحكم أدوات CLI**       | إعداد بنقرة واحدة لأدوات الترميز الشائعة            |
+| 🌐 **i18n (30 لغة)**             | لوحة تحكم كاملة + دعم لغة المستندات مع تغطية RTL    |
+| 🧹 **Clear All Models**          | One-click model list clearing in provider details   |
+| 📋 **Issue Templates**           | Standardized GitHub templates for bugs and features |
+| 📂 **دليل البيانات المخصصة**     | تجاوز `DATA_DIR` لموقع التخزين                      |

 ### ميزة الغوص العميق

@@ -8,73 +8,6 @@ _Вашият универсален API прокси — една крайна

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-<div align="center">
-
-[![npm версия](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
-[![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
-[![Лиценз](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
-[![Уебсайт](https://img.shields.io/badge/Website-omniroute.online-blue?logo=google-chrome&logoColor=white)](https://omniroute.online)
-[![WhatsApp](https://img.shields.io/badge/WhatsApp-Community-25D366?logo=whatsapp&logoColor=white)](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
-
-[🌐 Уебсайт](https://omniroute.online) • [🚀 Бърз старт](#-quick-start) • [💡 Функции](#-key-features) • [📖 Документи](#-documentation) • [💰 Ценообразуване](#-pricing-at-a-glance) • [💬 WhatsApp](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
-
-</div>
-
-🌐 **Налично на:** 🇺🇸 [английски](../../README.md) | 🇧🇷 [Португалски (Бразилия)](../pt-BR/README.md) | 🇪🇸 [Испански] (../es/README.md) | 🇫🇷 [Français](../fr/README.md) | 🇮🇹 [италиански] (../it/README.md) | 🇷🇺 [Русский](../ru/README.md) | 🇨🇳 [中文 (简体)](../zh-CN/README.md) | 🇩🇪 [Deutsch](../de/README.md) | 🇮🇳 [हिन्दी] (../in/README.md) | 🇹🇭 [ไทย](../th/README.md) | 🇺🇦 [Українська](../uk-UA/README.md) | 🇸🇦 [العربية](../ar/README.md) | 🇯🇵 [日本語](../ja/README.md) | 🇻🇳 [Tiếng Việt](../vi/README.md) | 🇧🇬 [Български](../bg/README.md) | 🇩🇰 [Dansk](../da/README.md) | 🇫🇮 [Suomi](../fi/README.md) | 🇮🇱 [עברית](../he/README.md) | 🇭🇺 [маджарски] (../hu/README.md) | 🇮🇩 [бахаса Индонезия](../id/README.md) | 🇰🇷 [한국어](../ko/README.md) | 🇲🇾 [Bahasa Melayu](../ms/README.md) | 🇳🇱 [Нидерландия](../nl/README.md) | 🇳🇴 [Norsk](../no/README.md) | 🇵🇹 [Português (Португалия)](../pt/README.md) | 🇷🇴 [Română](../ro/README.md) | 🇵🇱 [Полски](../pl/README.md) | 🇸🇰 [Slovenčina](../sk/README.md) | 🇸🇪 [Svenska](../sv/README.md) | 🇵🇭 [филипински] (../phi/README.md)
-
---
-
-## 🖼️ Главно табло за управление
-
-<div align="center">
-  <img src="./docs/screenshots/MainOmniRoute.png" alt="OmniRoute Dashboard" width="800"/>
-</div>
-
---
-
-## 📸 Визуализация на таблото за управление
-
-<details>
-<summary><b>Щракнете, за да видите екранни снимки на таблото </b></summary>
-
-| Страница                   | Екранна снимка                                        |
-| -------------------------- | ----------------------------------------------------- |
-| **Доставчици**             | ![Доставчици](docs/screenshots/01-providers.png)      |
-| **Комбота**                | ![Комбота](docs/screenshots/02-combos.png)            |
-| **Анализ**                 | ![Анализ](docs/screenshots/03-analytics.png)          |
-| **Здраве**                 | ![Здраве](docs/screenshots/04-health.png)             |
-| **Преводач**               | ![Преводач](docs/screenshots/05-translator.png)       |
-| **Настройки**              | ![Настройки](docs/screenshots/06-settings.png)        |
-| **CLI инструменти**        | ![CLI инструменти](docs/screenshots/07-cli-tools.png) |
-| **Регистри за използване** | ![Използване](docs/screenshots/08-usage.png)          |
-| **Крайна точка**           | ![Крайна точка](docs/screenshots/09-endpoint.png)     |
-
-</details>
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Безплатен доставчик на AI за вашите любими кодиращи агенти

 _Свържете всеки базиран на AI IDE или CLI инструмент чрез OmniRoute — безплатен API шлюз за неограничено кодиране._
@@ -159,6 +92,34 @@ _Свържете всеки базиран на AI IDE или CLI инстру

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 ## 🤔 Защо OmniRoute?

 **Спрете да пилеете пари и да достигате лимити:**
@@ -976,6 +937,8 @@ OmniRoute v2.0 е създаден като операционна платфо
 | 🧙 **Съветник за присъединяване**         | Насочвана настройка при първо стартиране                                  |
 | 🔧 **CLI Tools Dashboard**                | Настройка с едно щракване за популярни инструменти за кодиране            |
 | 🌐 **i18n (30 езика)**                    | Пълно табло за управление + езикова поддръжка на документи с RTL покритие |
+| 🧹 **Clear All Models**                   | One-click model list clearing in provider details                         |
+| 📋 **Issue Templates**                    | Standardized GitHub templates for bugs and features                       |
 | 📂 **Директория с персонализирани данни** | `DATA_DIR` отмяна за място за съхранение                                  |

 ### Функция Deep Dive
@@ -38,15 +38,17 @@ Content-Type: application/json

 ### Vlastní záhlaví

-Záhlaví | Směr | Popis
--- | --- | ---
-`X-OmniRoute-No-Cache` | Žádost | Nastavením na `true` se vynechá mezipaměť
-`X-OmniRoute-Progress` | Žádost | Nastaveno na `true` pro události průběhu
-`Idempotency-Key` | Žádost | Klíč pro deduplikaci (okno 5 s)
-`X-Request-Id` | Žádost | Alternativní klíč pro odstranění duplicitních dat
-`X-OmniRoute-Cache` | Odpověď | `HIT` or `MISS` (nestreamované)
-`X-OmniRoute-Idempotent` | Odpověď | `true` , pokud je odstraněna duplikace
-`X-OmniRoute-Progress` | Odpověď | `enabled` pokud je zapnuto sledování průběhu
+| Záhlaví                  | Směr    | Popis                                             |
+| ------------------------ | ------- | ------------------------------------------------- |
+| `X-OmniRoute-No-Cache`   | Žádost  | Nastavením na `true` se vynechá mezipaměť         |
+| `X-OmniRoute-Progress`   | Žádost  | Nastaveno na `true` pro události průběhu          |
+| `Idempotency-Key`        | Žádost  | Klíč pro deduplikaci (okno 5 s)                   |
+| `X-Request-Id`           | Žádost  | Alternativní klíč pro odstranění duplicitních dat |
+| `X-OmniRoute-Cache`      | Odpověď | `HIT` or `MISS` (nestreamované)                   |
+| `X-OmniRoute-Idempotent` | Odpověď | `true` , pokud je odstraněna duplikace            |
+| `X-OmniRoute-Progress`   | Odpověď | `enabled` pokud je zapnuto sledování průběhu      |
+
+> Poznámka Nginx: pokud spoléháte na hlavičky s podtržítkem (například `x_session_id`), povolte `underscores_in_headers on;`.

 ---

@@ -108,18 +110,18 @@ Authorization: Bearer your-api-key

 ## Koncové body kompatibility

-Metoda | Cesta | Formát
--- | --- | ---
-ZVEŘEJNIT | `/v1/chat/completions` | OpenAI
-ZVEŘEJNIT | `/v1/messages` | Antropický
-ZVEŘEJNIT | `/v1/responses` | Reakce OpenAI
-ZVEŘEJNIT | `/v1/embeddings` | OpenAI
-ZVEŘEJNIT | `/v1/images/generations` | OpenAI
-ZÍSKAT | `/v1/models` | OpenAI
-ZVEŘEJNIT | `/v1/messages/count_tokens` | Antropický
-ZÍSKAT | `/v1beta/models` | Blíženci
-ZVEŘEJNIT | `/v1beta/models/{...path}` | Gemini generuje obsah
-ZVEŘEJNIT | `/v1/api/chat` | Ollama
+| Metoda | Cesta                       | Formát                |
+| ------ | --------------------------- | --------------------- |
+| POST   | `/v1/chat/completions`      | OpenAI                |
+| POST   | `/v1/messages`              | Anthropic             |
+| POST   | `/v1/responses`             | Reakce OpenAI         |
+| POST   | `/v1/embeddings`            | OpenAI                |
+| POST   | `/v1/images/generations`    | OpenAI                |
+| GET    | `/v1/models`                | OpenAI                |
+| POST   | `/v1/messages/count_tokens` | Anthropic             |
+| GET    | `/v1beta/models`            | Blíženci              |
+| POST   | `/v1beta/models/{...path}`  | Gemini generuje obsah |
+| POST   | `/v1/api/chat`              | Ollama                |

 ### Vyhrazené trasy poskytovatelů

@@ -166,154 +168,154 @@ Příklad odpovědi:

 ### Ověřování

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/auth/login` | ZVEŘEJNIT | Přihlášení
-`/api/auth/logout` | ZVEŘEJNIT | Odhlásit se
-`/api/settings/require-login` | ZÍSKAT/VLOŽIT | Vyžaduje se přepnutí přihlášení
+| Koncový bod                   | Metoda  | Popis                           |
+| ----------------------------- | ------- | ------------------------------- |
+| `/api/auth/login`             | POST    | Přihlášení                      |
+| `/api/auth/logout`            | POST    | Odhlásit se                     |
+| `/api/settings/require-login` | GET/PUT | Vyžaduje se přepnutí přihlášení |

 ### Správa poskytovatelů

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/providers` | ZÍSKAT/ODESLAT | Seznam / vytvoření poskytovatelů
-`/api/providers/[id]` | ZÍSKAT/VLOŽIT/ODSTRANIT | Správa poskytovatele
-`/api/providers/[id]/test` | ZVEŘEJNIT | Testovací připojení poskytovatele
-`/api/providers/[id]/models` | ZÍSKAT | Seznam modelů poskytovatelů
-`/api/providers/validate` | ZVEŘEJNIT | Ověření konfigurace poskytovatele
-`/api/provider-nodes*` | Různé | Správa uzlů poskytovatelů
-`/api/provider-models` | ZÍSKAT/ODESLAT/SMAZAT | Vlastní modely
+| Koncový bod                  | Metoda          | Popis                             |
+| ---------------------------- | --------------- | --------------------------------- |
+| `/api/providers`             | GET/POST        | Seznam / vytvoření poskytovatelů  |
+| `/api/providers/[id]`        | GET/PUT/DELETE  | Správa poskytovatele              |
+| `/api/providers/[id]/test`   | POST            | Testovací připojení poskytovatele |
+| `/api/providers/[id]/models` | GET             | Seznam modelů poskytovatelů       |
+| `/api/providers/validate`    | POST            | Ověření konfigurace poskytovatele |
+| `/api/provider-nodes*`       | Různé           | Správa uzlů poskytovatelů         |
+| `/api/provider-models`       | GET/POST/DELETE | Vlastní modely                    |

 ### Toky OAuth

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/oauth/[provider]/[action]` | Různé | OAuth specifický pro poskytovatele
+| Koncový bod                      | Metoda | Popis                              |
+| -------------------------------- | ------ | ---------------------------------- |
+| `/api/oauth/[provider]/[action]` | Různé  | OAuth specifický pro poskytovatele |

 ### Směrování a konfigurace

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/models/alias` | ZÍSKAT/ODESLAT | Aliasy modelů
-`/api/models/catalog` | ZÍSKAT | Všechny modely podle poskytovatele + typu
-`/api/combos*` | Různé | Správa kombinací
-`/api/keys*` | Různé | Správa klíčů API
-`/api/pricing` | ZÍSKAT | Cena modelu
+| Koncový bod           | Metoda   | Popis                                     |
+| --------------------- | -------- | ----------------------------------------- |
+| `/api/models/alias`   | GET/POST | Aliasy modelů                             |
+| `/api/models/catalog` | GET      | Všechny modely podle poskytovatele + typu |
+| `/api/combos*`        | Různé    | Správa kombinací                          |
+| `/api/keys*`          | Různé    | Správa klíčů API                          |
+| `/api/pricing`        | GET      | Cena modelu                               |

 ### Využití a analýzy

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/usage/history` | ZÍSKAT | Historie používání
-`/api/usage/logs` | ZÍSKAT | Protokoly používání
-`/api/usage/request-logs` | ZÍSKAT | Protokoly na úrovni požadavků
-`/api/usage/[connectionId]` | ZÍSKAT | Využití na připojení
+| Koncový bod                 | Metoda | Popis                         |
+| --------------------------- | ------ | ----------------------------- |
+| `/api/usage/history`        | GET    | Historie používání            |
+| `/api/usage/logs`           | GET    | Protokoly používání           |
+| `/api/usage/request-logs`   | GET    | Protokoly na úrovni požadavků |
+| `/api/usage/[connectionId]` | GET    | Využití na připojení          |

 ### Nastavení

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/settings` | ZÍSKAT/VLOŽIT | Obecná nastavení
-`/api/settings/proxy` | ZÍSKAT/VLOŽIT | Konfigurace síťového proxy serveru
-`/api/settings/proxy/test` | ZVEŘEJNIT | Testovací připojení k proxy serveru
-`/api/settings/ip-filter` | ZÍSKAT/VLOŽIT | Seznam povolených/blokovaných IP adres
-`/api/settings/thinking-budget` | ZÍSKAT/VLOŽIT | Zdůvodnění rozpočtu tokenů
-`/api/settings/system-prompt` | ZÍSKAT/VLOŽIT | Globální systémový výzva
+| Koncový bod                     | Metoda  | Popis                                  |
+| ------------------------------- | ------- | -------------------------------------- |
+| `/api/settings`                 | GET/PUT | Obecná nastavení                       |
+| `/api/settings/proxy`           | GET/PUT | Konfigurace síťového proxy serveru     |
+| `/api/settings/proxy/test`      | POST    | Testovací připojení k proxy serveru    |
+| `/api/settings/ip-filter`       | GET/PUT | Seznam povolených/blokovaných IP adres |
+| `/api/settings/thinking-budget` | GET/PUT | Zdůvodnění rozpočtu tokenů             |
+| `/api/settings/system-prompt`   | GET/PUT | Globální systémový výzva               |

 ### Monitorování

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/sessions` | ZÍSKAT | Sledování aktivních relací
-`/api/rate-limits` | ZÍSKAT | Limity sazeb na účet
-`/api/monitoring/health` | ZÍSKAT | Kontrola stavu
-`/api/cache` | ZÍSKAT/SMAZAT | Statistiky mezipaměti / vymazat
+| Koncový bod              | Metoda     | Popis                           |
+| ------------------------ | ---------- | ------------------------------- |
+| `/api/sessions`          | GET        | Sledování aktivních relací      |
+| `/api/rate-limits`       | GET        | Limity sazeb na účet            |
+| `/api/monitoring/health` | GET        | Kontrola stavu                  |
+| `/api/cache`             | GET/DELETE | Statistiky mezipaměti / vymazat |

 ### Zálohování a export/import

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/db-backups` | ZÍSKAT | Seznam dostupných záloh
-`/api/db-backups` | DÁT | Vytvořte ruční zálohu
-`/api/db-backups` | ZVEŘEJNIT | Obnovení z konkrétní zálohy
-`/api/db-backups/export` | ZÍSKAT | Stáhnout databázi jako soubor .sqlite
-`/api/db-backups/import` | ZVEŘEJNIT | Nahrajte soubor .sqlite pro nahrazení databáze
-`/api/db-backups/exportAll` | ZÍSKAT | Stáhnout plnou zálohu jako archiv .tar.gz
+| Koncový bod                 | Metoda | Popis                                          |
+| --------------------------- | ------ | ---------------------------------------------- |
+| `/api/db-backups`           | GET    | Seznam dostupných záloh                        |
+| `/api/db-backups`           | DÁT    | Vytvořte ruční zálohu                          |
+| `/api/db-backups`           | POST   | Obnovení z konkrétní zálohy                    |
+| `/api/db-backups/export`    | GET    | Stáhnout databázi jako soubor .sqlite          |
+| `/api/db-backups/import`    | POST   | Nahrajte soubor .sqlite pro nahrazení databáze |
+| `/api/db-backups/exportAll` | GET    | Stáhnout plnou zálohu jako archiv .tar.gz      |

 ### Synchronizace s cloudem

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/sync/cloud` | Různé | Operace synchronizace s cloudem
-`/api/sync/initialize` | ZVEŘEJNIT | Inicializovat synchronizaci
-`/api/cloud/*` | Různé | Správa cloudu
+| Koncový bod            | Metoda | Popis                           |
+| ---------------------- | ------ | ------------------------------- |
+| `/api/sync/cloud`      | Různé  | Operace synchronizace s cloudem |
+| `/api/sync/initialize` | POST   | Inicializovat synchronizaci     |
+| `/api/cloud/*`         | Různé  | Správa cloudu                   |

 ### Nástroje CLI

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/cli-tools/claude-settings` | ZÍSKAT | Stav Clauda CLI
-`/api/cli-tools/codex-settings` | ZÍSKAT | Stav příkazového řádku Codexu
-`/api/cli-tools/droid-settings` | ZÍSKAT | Stav příkazového řádku Droidu
-`/api/cli-tools/openclaw-settings` | ZÍSKAT | Stav rozhraní příkazového řádku OpenClaw
-`/api/cli-tools/runtime/[toolId]` | ZÍSKAT | Generické běhové prostředí CLI
+| Koncový bod                        | Metoda | Popis                                    |
+| ---------------------------------- | ------ | ---------------------------------------- |
+| `/api/cli-tools/claude-settings`   | GET    | Stav Clauda CLI                          |
+| `/api/cli-tools/codex-settings`    | GET    | Stav příkazového řádku Codexu            |
+| `/api/cli-tools/droid-settings`    | GET    | Stav příkazového řádku Droidu            |
+| `/api/cli-tools/openclaw-settings` | GET    | Stav rozhraní příkazového řádku OpenClaw |
+| `/api/cli-tools/runtime/[toolId]`  | GET    | Generické běhové prostředí CLI           |

 Mezi odpovědi CLI patří: `installed` , `runnable` , `command` , `commandPath` , `runtimeMode` , `reason` .

 ### Agenti ACP

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/acp/agents` | ZÍSKAT | Zobrazit seznam všech detekovaných agentů (vestavěných + vlastních) se stavem
-`/api/acp/agents` | ZVEŘEJNIT | Přidat vlastního agenta nebo obnovit mezipaměť detekce
-`/api/acp/agents` | VYMAZAT | Odebrání vlastního agenta podle parametru dotazu `id`
+| Koncový bod       | Metoda  | Popis                                                                         |
+| ----------------- | ------- | ----------------------------------------------------------------------------- |
+| `/api/acp/agents` | GET     | Zobrazit seznam všech detekovaných agentů (vestavěných + vlastních) se stavem |
+| `/api/acp/agents` | POST    | Přidat vlastního agenta nebo obnovit mezipaměť detekce                        |
+| `/api/acp/agents` | VYMAZAT | Odebrání vlastního agenta podle parametru dotazu `id`                         |

 Odpověď GET obsahuje `agents[]` (id, name, binary, version, installed, protocol, isCustom) a `summary` (total, installed, notFound, builtIn, custom).

 ### Odolnost a limity rychlosti

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/resilience` | ZÍSKAT/VLOŽIT | Získání/aktualizace profilů odolnosti
-`/api/resilience/reset` | ZVEŘEJNIT | Resetujte jističe
-`/api/rate-limits` | ZÍSKAT | Stav limitu sazby na účet
-`/api/rate-limit` | ZÍSKAT | Konfigurace globálního limitu rychlosti
+| Koncový bod             | Metoda  | Popis                                   |
+| ----------------------- | ------- | --------------------------------------- |
+| `/api/resilience`       | GET/PUT | Získání/aktualizace profilů odolnosti   |
+| `/api/resilience/reset` | POST    | Resetujte jističe                       |
+| `/api/rate-limits`      | GET     | Stav limitu sazby na účet               |
+| `/api/rate-limit`       | GET     | Konfigurace globálního limitu rychlosti |

 ### Evals

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/evals` | ZÍSKAT/ODESLAT | Vypsat eval sady / spustit vyhodnocení
+| Koncový bod  | Metoda   | Popis                                  |
+| ------------ | -------- | -------------------------------------- |
+| `/api/evals` | GET/POST | Vypsat eval sady / spustit vyhodnocení |

 ### Zásady

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/policies` | ZÍSKAT/ODESLAT/SMAZAT | Správa směrovacích zásad
+| Koncový bod     | Metoda          | Popis                    |
+| --------------- | --------------- | ------------------------ |
+| `/api/policies` | GET/POST/DELETE | Správa směrovacích zásad |

 ### Dodržování

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/compliance/audit-log` | ZÍSKAT | Protokol auditu shody (poslední N)
+| Koncový bod                 | Metoda | Popis                              |
+| --------------------------- | ------ | ---------------------------------- |
+| `/api/compliance/audit-log` | GET    | Protokol auditu shody (poslední N) |

 ### v1beta (kompatibilní s Gemini)

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/v1beta/models` | ZÍSKAT | Seznam modelů ve formátu Gemini
-`/v1beta/models/{...path}` | ZVEŘEJNIT | Koncový bod Gemini `generateContent`
+| Koncový bod                | Metoda | Popis                                |
+| -------------------------- | ------ | ------------------------------------ |
+| `/v1beta/models`           | GET    | Seznam modelů ve formátu Gemini      |
+| `/v1beta/models/{...path}` | POST   | Koncový bod Gemini `generateContent` |

 Tyto koncové body zrcadlí formát API Gemini pro klienty, kteří očekávají nativní kompatibilitu sady Gemini SDK.

 ### Interní / systémová API

-Koncový bod | Metoda | Popis
--- | --- | ---
-`/api/init` | ZÍSKAT | Kontrola inicializace aplikace (používá se při prvním spuštění)
-`/api/tags` | ZÍSKAT | Tagy modelů kompatibilní s Ollamou (pro klienty Ollamy)
-`/api/restart` | ZVEŘEJNIT | Spustit řádný restart serveru
-`/api/shutdown` | ZVEŘEJNIT | Spustit řádné vypnutí serveru
+| Koncový bod     | Metoda | Popis                                                           |
+| --------------- | ------ | --------------------------------------------------------------- |
+| `/api/init`     | GET    | Kontrola inicializace aplikace (používá se při prvním spuštění) |
+| `/api/tags`     | GET    | Tagy modelů kompatibilní s Ollamou (pro klienty Ollamy)         |
+| `/api/restart`  | POST   | Spustit řádný restart serveru                                   |
+| `/api/shutdown` | POST   | Spustit řádné vypnutí serveru                                   |

 > **Poznámka:** Tyto koncové body používá interně systém nebo pro kompatibilitu s klienty Ollama. Koncoví uživatelé je obvykle nevolají.

@@ -2,7 +2,7 @@

 🌐 **Jazyky:** 🇺🇸 [angličtina](ARCHITECTURE.md) | 🇧🇷 [Português (Brazílie)](i18n/pt-BR/ARCHITECTURE.md) | 🇪🇸 [Español](i18n/es/ARCHITECTURE.md) | 🇫🇷 [Français](i18n/fr/ARCHITECTURE.md) | 🇮🇹 [Italiano](i18n/it/ARCHITECTURE.md) | 🇷🇺 [Русский](i18n/ru/ARCHITECTURE.md) | 🇨🇳[中文 (简体)](i18n/zh-CN/ARCHITECTURE.md) | 🇩🇪 [Deutsch](i18n/de/ARCHITECTURE.md) | 🇮🇳 [हिन्दी](i18n/in/ARCHITECTURE.md) | 🇹🇭 [ไทย](i18n/th/ARCHITECTURE.md) | 🇺🇦 [Українська](i18n/uk-UA/ARCHITECTURE.md) | 🇸🇦 [العربية](i18n/ar/ARCHITECTURE.md) | 🇯🇵[日本語](i18n/ja/ARCHITECTURE.md)| 🇻🇳 [Tiếng Việt](i18n/vi/ARCHITECTURE.md) | 🇧🇬 [Български](i18n/bg/ARCHITECTURE.md) | 🇩🇰 [Dánsko](i18n/da/ARCHITECTURE.md) | 🇫🇮 [Suomi](i18n/fi/ARCHITECTURE.md) | 🇮🇱 [עברית](i18n/he/ARCHITECTURE.md) | 🇭🇺 [maďarština](i18n/hu/ARCHITECTURE.md) | 🇮🇩 [Bahasa Indonésie](i18n/id/ARCHITECTURE.md) | 🇰🇷 [한국어](i18n/ko/ARCHITECTURE.md) | 🇲🇾 [Bahasa Melayu](i18n/ms/ARCHITECTURE.md) | 🇳🇱 [Nizozemsko](i18n/nl/ARCHITECTURE.md) | 🇳🇴 [Norsk](i18n/no/ARCHITECTURE.md) | 🇵🇹 [Português (Portugalsko)](i18n/pt/ARCHITECTURE.md) | 🇷🇴 [Română](i18n/ro/ARCHITECTURE.md) | 🇵🇱 [Polski](i18n/pl/ARCHITECTURE.md) | 🇸🇰 [Slovenčina](i18n/sk/ARCHITECTURE.md) | 🇸🇪 [Svenska](i18n/sv/ARCHITECTURE.md) | 🇵🇭 [Filipínec](i18n/phi/ARCHITECTURE.md) | 🇨🇿 [Čeština](i18n/cs/ARCHITECTURE.md)

-*Poslední aktualizace: 2026-03-04*
+_Poslední aktualizace: 2026-03-04_

 ## Shrnutí pro manažery

@@ -590,45 +590,45 @@ flowchart LR

 Každý poskytovatel má specializovaný exekutor rozšiřující `BaseExecutor` (v `open-sse/executors/base.ts` ), který zajišťuje vytváření URL adres, konstrukci hlaviček, opakování s exponenciálním odkladem, hooky pro obnovení pověření a orchestrační metodu `execute()` .

-Vykonavatel | Poskytovatel(é) | Speciální manipulace
--- | --- | ---
-`DefaultExecutor` | OpenAI, Claude, Gemini, Qwen, iFlow, OpenRouter, GLM, Kimi, MiniMax, DeepSeek, Groq, xAI, Mistral, Perplexity, Together, Fireworks, Cerebras, Cohere, NVIDIA | Konfigurace dynamické adresy URL/záhlaví pro každého poskytovatele
-`AntigravityExecutor` | Google Antigravitace | Vlastní ID projektů/relací, analýza Opakování po
-`CodexExecutor` | Kodex OpenAI | Vkládá systémové instrukce, vynucuje úsilí k uvažování
-`CursorExecutor` | IDE kurzoru | Protokol ConnectRPC, kódování Protobuf, podepisování požadavků pomocí kontrolního součtu
-`GithubExecutor` | GitHub Copilot | Aktualizace tokenu Copilot, hlavičky napodobující VSCode
-`KiroExecutor` | AWS CodeWhisperer/Kiro | Binární formát AWS EventStream → konverze SSE
-`GeminiCLIExecutor` | Rozhraní příkazového řádku Gemini | Cyklus obnovy tokenu Google OAuth
+| Vykonavatel           | Poskytovatel(é)                                                                                                                                              | Speciální manipulace                                                                     |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------- |
+| `DefaultExecutor`     | OpenAI, Claude, Gemini, Qwen, iFlow, OpenRouter, GLM, Kimi, MiniMax, DeepSeek, Groq, xAI, Mistral, Perplexity, Together, Fireworks, Cerebras, Cohere, NVIDIA | Konfigurace dynamické adresy URL/záhlaví pro každého poskytovatele                       |
+| `AntigravityExecutor` | Google Antigravity                                                                                                                                           | Vlastní ID projektů/relací, analýza Opakování po                                         |
+| `CodexExecutor`       | OpenAI Codex                                                                                                                                                 | Vkládá systémové instrukce, vynucuje úsilí k uvažování                                   |
+| `CursorExecutor`      | IDE kurzoru                                                                                                                                                  | Protokol ConnectRPC, kódování Protobuf, podepisování požadavků pomocí kontrolního součtu |
+| `GithubExecutor`      | GitHub Copilot                                                                                                                                               | Aktualizace tokenu Copilot, hlavičky napodobující VSCode                                 |
+| `KiroExecutor`        | AWS CodeWhisperer/Kiro                                                                                                                                       | Binární formát AWS EventStream → konverze SSE                                            |
+| `GeminiCLIExecutor`   | Gemini CLI                                                                                                                                                   | Cyklus obnovy tokenu Google OAuth                                                        |

 Všichni ostatní poskytovatelé (včetně uzlů kompatibilních s vlastními funkcemi) používají `DefaultExecutor` .

 ## Matice kompatibility poskytovatelů

-Poskytovatel | Formát | Autorizace | Proud | Nestreamované | Obnovení tokenu | API pro použití
--- | --- | --- | --- | --- | --- | ---
-Claude | Claude | Klíč API / OAuth | ✅ | ✅ | ✅ | ⚠️ Pouze pro administrátory
-Blíženci | Blíženci | Klíč API / OAuth | ✅ | ✅ | ✅ | ⚠️ Cloudová konzole
-Rozhraní příkazového řádku Gemini | gemini-cli | OAuth | ✅ | ✅ | ✅ | ⚠️ Cloudová konzole
-Antigravitace | antigravitace | OAuth | ✅ | ✅ | ✅ | ✅ Plná kvóta API
-OpenAI | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-Kodex | openai-odpovědi | OAuth | ✅ vynucený | ❌ | ✅ | ✅ Limity sazeb
-GitHub Copilot | otevřeno | OAuth + token Copilota | ✅ | ✅ | ✅ | ✅ Snímky kvót
-Kurzor | kurzor | Vlastní kontrolní součet | ✅ | ✅ | ❌ | ❌
-Kiro | Kiro | OIDC pro jednotné přihlašování AWS | ✅ (Stream událostí) | ❌ | ✅ | ✅ Limity použití
-Qwen | otevřeno | OAuth | ✅ | ✅ | ✅ | ⚠️ Na vyžádání
-iFlow | otevřeno | OAuth (základní) | ✅ | ✅ | ✅ | ⚠️ Na vyžádání
-OpenRouter | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-GLM/Kimi/MiniMax | Claude | Klíč API | ✅ | ✅ | ❌ | ❌
-Hluboké vyhledávání | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-Groq | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-xAI (Grok) | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-Mistral | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-Zmatek | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-Společně s umělou inteligencí | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-Ohňostroj s umělou inteligencí | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-Mozky | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-Soudržný | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
-NVIDIA NIM | otevřeno | Klíč API | ✅ | ✅ | ❌ | ❌
+| Poskytovatel                   | Formát          | Autorizace                         | Proud                | Nestreamované | Obnovení tokenu | API pro použití             |
+| ------------------------------ | --------------- | ---------------------------------- | -------------------- | ------------- | --------------- | --------------------------- |
+| Claude                         | Claude          | Klíč API / OAuth                   | ✅                   | ✅            | ✅              | ⚠️ Pouze pro administrátory |
+| Blíženci                       | Blíženci        | Klíč API / OAuth                   | ✅                   | ✅            | ✅              | ⚠️ Cloudová konzole         |
+| Gemini CLI                     | gemini-cli      | OAuth                              | ✅                   | ✅            | ✅              | ⚠️ Cloudová konzole         |
+| Antigravity                    | antigravitace   | OAuth                              | ✅                   | ✅            | ✅              | ✅ Plná kvóta API           |
+| OpenAI                         | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| Kodex                          | openai-odpovědi | OAuth                              | ✅ vynucený          | ❌            | ✅              | ✅ Limity sazeb             |
+| GitHub Copilot                 | otevřeno        | OAuth + token Copilota             | ✅                   | ✅            | ✅              | ✅ Snímky kvót              |
+| Kurzor                         | kurzor          | Vlastní kontrolní součet           | ✅                   | ✅            | ❌              | ❌                          |
+| Kiro                           | Kiro            | OIDC pro jednotné přihlašování AWS | ✅ (Stream událostí) | ❌            | ✅              | ✅ Limity použití           |
+| Qwen                           | otevřeno        | OAuth                              | ✅                   | ✅            | ✅              | ⚠️ Na vyžádání              |
+| iFlow                          | otevřeno        | OAuth (základní)                   | ✅                   | ✅            | ✅              | ⚠️ Na vyžádání              |
+| OpenRouter                     | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| GLM/Kimi/MiniMax               | Claude          | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| Hluboké vyhledávání            | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| Groq                           | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| xAI (Grok)                     | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| Mistral                        | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| Zmatek                         | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| Společně s umělou inteligencí  | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| Ohňostroj s umělou inteligencí | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| Mozky                          | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| Soudržný                       | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |
+| NVIDIA NIM                     | otevřeno        | Klíč API                           | ✅                   | ✅            | ❌              | ❌                          |

 ## Pokrytí překladů formátů

@@ -643,7 +643,7 @@ Cílové formáty zahrnují:

 - Chat/Odpovědi v OpenAI
 - Claude
- Obálka Gemini/Gemini-CLI/Antigravitace
+- Obálka Gemini/Gemini-CLI/Antigravity
 - Kiro
 - Kurzor

@@ -664,25 +664,25 @@ Další vrstvy zpracování v překladovém kanálu:

 ## Podporované koncové body API

-Koncový bod | Formát | Psovod
--- | --- | ---
-`POST /v1/chat/completions` | Chat s OpenAI | `src/sse/handlers/chat.ts`
-`POST /v1/messages` | Claude Messages | Stejný obslužný program (automaticky detekováno)
-`POST /v1/responses` | Reakce OpenAI | `open-sse/handlers/responsesHandler.ts`
-`POST /v1/embeddings` | Vkládání OpenAI | `open-sse/handlers/embeddings.ts`
-`GET /v1/embeddings` | Seznam modelů | Trasa API
-`POST /v1/images/generations` | Obrázky OpenAI | `open-sse/handlers/imageGeneration.ts`
-`GET /v1/images/generations` | Seznam modelů | Trasa API
-`POST /v1/providers/{provider}/chat/completions` | Chat s OpenAI | Vyhrazené pro každého poskytovatele s ověřováním modelu
-`POST /v1/providers/{provider}/embeddings` | Vkládání OpenAI | Vyhrazené pro každého poskytovatele s ověřováním modelu
-`POST /v1/providers/{provider}/images/generations` | Obrázky OpenAI | Vyhrazené pro každého poskytovatele s ověřováním modelu
-`POST /v1/messages/count_tokens` | Počet žetonů Claude | Trasa API
-`GET /v1/models` | Seznam modelů OpenAI | Trasa API (chat + vkládání + obrázek + vlastní modely)
-`GET /api/models/catalog` | Katalog | Všechny modely seskupené podle poskytovatele + typu
-`POST /v1beta/models/*:streamGenerateContent` | Rodák z Blíženců | Trasa API
-`GET/PUT/DELETE /api/settings/proxy` | Konfigurace proxy serveru | Konfigurace síťového proxy serveru
-`POST /api/settings/proxy/test` | Připojení proxy serveru | Koncový bod testu stavu/připojení proxy serveru
-`GET/POST/DELETE /api/provider-models` | Vlastní modely | Správa vlastních modelů pro každého poskytovatele
+| Koncový bod                                        | Formát                    | Psovod                                                  |
+| -------------------------------------------------- | ------------------------- | ------------------------------------------------------- |
+| `POST /v1/chat/completions`                        | Chat s OpenAI             | `src/sse/handlers/chat.ts`                              |
+| `POST /v1/messages`                                | Claude Messages           | Stejný obslužný program (automaticky detekováno)        |
+| `POST /v1/responses`                               | Reakce OpenAI             | `open-sse/handlers/responsesHandler.ts`                 |
+| `POST /v1/embeddings`                              | Vkládání OpenAI           | `open-sse/handlers/embeddings.ts`                       |
+| `GET /v1/embeddings`                               | Seznam modelů             | Trasa API                                               |
+| `POST /v1/images/generations`                      | Obrázky OpenAI            | `open-sse/handlers/imageGeneration.ts`                  |
+| `GET /v1/images/generations`                       | Seznam modelů             | Trasa API                                               |
+| `POST /v1/providers/{provider}/chat/completions`   | Chat s OpenAI             | Vyhrazené pro každého poskytovatele s ověřováním modelu |
+| `POST /v1/providers/{provider}/embeddings`         | Vkládání OpenAI           | Vyhrazené pro každého poskytovatele s ověřováním modelu |
+| `POST /v1/providers/{provider}/images/generations` | Obrázky OpenAI            | Vyhrazené pro každého poskytovatele s ověřováním modelu |
+| `POST /v1/messages/count_tokens`                   | Počet žetonů Claude       | Trasa API                                               |
+| `GET /v1/models`                                   | Seznam modelů OpenAI      | Trasa API (chat + vkládání + obrázek + vlastní modely)  |
+| `GET /api/models/catalog`                          | Katalog                   | Všechny modely seskupené podle poskytovatele + typu     |
+| `POST /v1beta/models/*:streamGenerateContent`      | Rodák z Blíženců          | Trasa API                                               |
+| `GET/PUT/DELETE /api/settings/proxy`               | Konfigurace proxy serveru | Konfigurace síťového proxy serveru                      |
+| `POST /api/settings/proxy/test`                    | Připojení proxy serveru   | Koncový bod testu stavu/připojení proxy serveru         |
+| `GET/POST/DELETE /api/provider-models`             | Vlastní modely            | Správa vlastních modelů pro každého poskytovatele       |

 ## Obejít obslužnou rutinu

@@ -1,60 +1,79 @@
 # Průvodce nastavením nástrojů CLI — OmniRoute

-Tato příručka vysvětluje, jak nainstalovat a nakonfigurovat všechny podporované nástroje CLI pro kódování umělé inteligence tak, aby **OmniRoute** fungoval jako jednotný backend, což vám umožní centralizovanou správu klíčů, sledování nákladů, přepínání modelů a protokolování požadavků napříč všemi nástroji.
+Tato příručka vysvětluje, jak nainstalovat a nakonfigurovat všechny podporované nástroje CLI pro kódování umělé inteligence
+tak, aby **OmniRoute** fungoval jako jednotný backend, což vám umožní centralizovanou správu klíčů,
+sledování nákladů, přepínání modelů a protokolování požadavků napříč všemi nástroji.

 ---

 ## Jak to funguje

 ```
-Claude / Codex / Gemini CLI / OpenCode / Cline / KiloCode / Continue / Kiro CLI
-           │
-           ▼  (all point to OmniRoute)
-    http://YOUR_SERVER:20128/v1
-           │
-           ▼  (OmniRoute routes to the right provider)
-    Anthropic / OpenAI / Gemini / DeepSeek / Groq / Mistral / ...
+Claude / Codex / OpenCode / Cline / KiloCode / Continue / Kiro / Cursor / Copilot
+            │
+            ▼  (všechny ukazují na OmniRoute)
+    http://VASE_SERVER:20128/v1
+            │
+            ▼  (OmniRoute směruje ke správnému poskytovateli)
+     Anthropic / OpenAI / Gemini / DeepSeek / Groq / Mistral / ...
 ```

 **Výhody:**

- Jeden klíč API pro správu všech nástrojů
- Sledování nákladů napříč všemi rozhraními příkazového řádku v dashboardu
+- Jeden API klíč pro správu všech nástrojů
+- Sledování nákladů napříč všemi CLI v dashboardu
 - Přepínání modelů bez nutnosti překonfigurování každého nástroje
 - Funguje lokálně i na vzdálených serverech (VPS)

 ---

-## Podporované nástroje
+## Podporované nástroje (Zdroj pravdy v dashboardu)

-Nástroj | Příkaz | Typ | Metoda instalace
--- | --- | --- | ---
-**Claude Code** | `claude` | Rozhraní příkazového řádku | npm
-**Kodex OpenAI** | `codex` | Rozhraní příkazového řádku | npm
-**Rozhraní příkazového řádku Gemini** | `gemini` | Rozhraní příkazového řádku | npm
-**OpenCode** | `opencode` | Rozhraní příkazového řádku | npm
-**Cline** | `cline` | Rozšíření CLI + VS kódu | npm
-**KiloCode** | `kilocode` / `kilo` | Rozšíření CLI + VS kódu | npm
-**Pokračovat** | průvodce | VS Code ext | VS kód
-**Kiro CLI** | `kiro-cli` | Rozhraní příkazového řádku | instalační program Curl
-**Kurzor** | `cursor` | Aplikace pro stolní počítače | Stáhnout
-**Droid** | webový | Vestavěný agent | OmniRoute
-**OpenClaw** | webový | Vestavěný agent | OmniRoute
+Karty dashboardu v `/dashboard/cli-tools` jsou generovány z `src/shared/constants/cliTools.ts`.
+Aktuální seznam (v3.0.0-rc.16):
+
+| Nástroj            | ID            | Příkaz       | Režim nastavení | Metoda instalace |
+| ------------------ | ------------- | ------------ | --------------- | ---------------- |
+| **Claude Code**    | `claude`      | `claude`     | env             | npm              |
+| **OpenAI Codex**   | `codex`       | `codex`      | custom          | npm              |
+| **Factory Droid**  | `droid`       | `droid`      | custom          | bundled/CLI      |
+| **OpenClaw**       | `openclaw`    | `openclaw`   | custom          | bundled/CLI      |
+| **Cursor**         | `cursor`      | aplikace     | guide           | desktop app      |
+| **Cline**          | `cline`       | `cline`      | custom          | npm              |
+| **Kilo Code**      | `kilo`        | `kilocode`   | custom          | npm              |
+| **Continue**       | `continue`    | rozšíření    | guide           | VS Code          |
+| **Antigravity**    | `antigravity` | interní      | mitm            | OmniRoute        |
+| **GitHub Copilot** | `copilot`     | rozšíření    | custom          | VS Code          |
+| **OpenCode**       | `opencode`    | `opencode`   | guide           | npm              |
+| **Kiro AI**        | `kiro`        | aplikace/CLI | mitm            | desktop/CLI      |
+
+### Synchronizace otisků CLI (Agenti + Nastavení)
+
+`/dashboard/agents` a `Nastavení > CLI Otisk` používají `src/shared/constants/cliCompatProviders.ts`.
+To udržuje ID poskytovatelů v souladu s kartami CLI a staršími ID.
+
+| CLI ID                                                                                               | ID poskytovatele otisku |
+| ---------------------------------------------------------------------------------------------------- | ----------------------- |
+| `kilo`                                                                                               | `kilocode`              |
+| `copilot`                                                                                            | `github`                |
+| `claude` / `codex` / `antigravity` / `kiro` / `cursor` / `cline` / `opencode` / `droid` / `openclaw` | stejné ID               |
+
+Starší ID jsou stále přijímána pro kompatibilitu: `copilot`, `kimi-coding`, `qwen`.

 ---

-## Krok 1 – Získejte klíč OmniRoute API
+## Krok 1 — Získejte OmniRoute API klíč

-1. Otevřete dashboard OmniRoute → **Správce API** ( `/dashboard/api-manager` )
-2. Klikněte na **Vytvořit klíč API**
-3. Pojmenujte to (např. `cli-tools` ) a vyberte všechna oprávnění.
-4. Zkopírujte klíč – budete ho potřebovat pro každé níže uvedené rozhraní příkazového řádku.
+1. Otevřete OmniRoute dashboard → **Správce API** (`/dashboard/api-manager`)
+2. Klikněte na **Vytvořit API klíč**
+3. Dejte mu název (např. `cli-tools`) a vyberte všechna oprávnění
+4. Zkopírujte klíč — budete ho potřebovat pro každý CLI níže

 > Váš klíč vypadá takto: `sk-xxxxxxxxxxxxxxxx-xxxxxxxxx`

 ---

-## Krok 2 – Instalace nástrojů CLI
+## Krok 2 — Nainstalujte nástroje CLI

 Všechny nástroje založené na npm vyžadují Node.js 18+:

@@ -65,9 +84,6 @@ npm install -g @anthropic-ai/claude-code
 # OpenAI Codex
 npm install -g @openai/codex

-# Gemini CLI (Google)
-npm install -g @google/gemini-cli
-
 # OpenCode
 npm install -g opencode-ai

@@ -75,47 +91,47 @@ npm install -g opencode-ai
 npm install -g cline

 # KiloCode
-npm install -g kilecode
+npm install -g kilocode

-# Kiro CLI (Amazon — requires curl + unzip)
-apt-get install -y unzip   # on Debian/Ubuntu
+# Kiro CLI (Amazon — vyžaduje curl + unzip)
+apt-get install -y unzip   # na Debian/Ubuntu
 curl -fsSL https://cli.kiro.dev/install | bash
-export PATH="$HOME/.local/bin:$PATH"   # add to ~/.bashrc
+export PATH="$HOME/.local/bin:$PATH"   # přidat do ~/.bashrc
 ```

-**Ověřit:**
+**Ověření:**

 ```bash
 claude --version     # 2.x.x
 codex --version      # 0.x.x
-gemini --version     # 0.x.x
 opencode --version   # x.x.x
 cline --version      # 2.x.x
-kilocode --version   # x.x.x (or: kilo --version)
+kilocode --version   # x.x.x (nebo: kilo --version)
 kiro-cli --version   # 1.x.x
 ```

 ---

-## Krok 3 – Nastavení globálních proměnných prostředí
+## Krok 3 — Nastavte globální proměnné prostředí

-Přidejte do `~/.bashrc` (nebo `~/.zshrc` ) a poté spusťte `source ~/.bashrc` :
+Přidejte do `~/.bashrc` (nebo `~/.zshrc`), pak spusťte `source ~/.bashrc`:

 ```bash
-# OmniRoute Universal Endpoint
+# OmniRoute Univerzální koncový bod
 export OPENAI_BASE_URL="http://localhost:20128/v1"
-export OPENAI_API_KEY="sk-your-omniroute-key"
+export OPENAI_API_KEY="sk-vase-omniroute-klic"
 export ANTHROPIC_BASE_URL="http://localhost:20128/v1"
-export ANTHROPIC_API_KEY="sk-your-omniroute-key"
+export ANTHROPIC_API_KEY="sk-vase-omniroute-klic"
 export GEMINI_BASE_URL="http://localhost:20128/v1"
-export GEMINI_API_KEY="sk-your-omniroute-key"
+export GEMINI_API_KEY="sk-vase-omniroute-klic"
 ```

-> Pro **vzdálený server** nahraďte `localhost:20128` IP adresou nebo doménou serveru, např. `http://192.168.0.15:20128` .
+> Pro **vzdálený server** nahraďte `localhost:20128` IP adresou nebo doménou serveru,
+> např. `http://192.168.0.15:20128`.

 ---

-## Krok 4 – Konfigurace jednotlivých nástrojů
+## Krok 4 — Nakonfigurujte každý nástroj

 ### Claude Code

@@ -123,11 +139,11 @@ export GEMINI_API_KEY="sk-your-omniroute-key"
 # Via CLI:
 claude config set --global api-base-url http://localhost:20128/v1

-# Or create ~/.claude/settings.json:
+# Nebo vytvořte ~/.claude/settings.json:
 mkdir -p ~/.claude && cat > ~/.claude/settings.json << EOF
 {
  "apiBaseUrl": "http://localhost:20128/v1",
-  "apiKey": "sk-your-omniroute-key"
+  "apiKey": "sk-vase-omniroute-klic"
 }
 EOF
 ```
@@ -136,12 +152,12 @@ EOF

 ---

-### Kodex OpenAI
+### OpenAI Codex

 ```bash
 mkdir -p ~/.codex && cat > ~/.codex/config.yaml << EOF
 model: auto
-apiKey: sk-your-omniroute-key
+apiKey: sk-vase-omniroute-klic
 apiBaseUrl: http://localhost:20128/v1
 EOF
 ```
@@ -150,28 +166,13 @@ EOF

 ---

-### Rozhraní příkazového řádku Gemini
-
-```bash
-mkdir -p ~/.gemini && cat > ~/.gemini/settings.json << EOF
-{
-  "apiKey": "sk-your-omniroute-key",
-  "baseUrl": "http://localhost:20128/v1"
-}
-EOF
-```
-
-**Test:** `gemini "hello"`
-
---
-
 ### OpenCode

 ```bash
 mkdir -p ~/.config/opencode && cat > ~/.config/opencode/config.toml << EOF
 [provider.openai]
 base_url = "http://localhost:20128/v1"
-api_key = "sk-your-omniroute-key"
+api_key = "sk-vase-omniroute-klic"
 EOF
 ```

@@ -179,7 +180,7 @@ EOF

 ---

-### Cline (CLI nebo VS kód)
+### Cline (CLI nebo VS Code)

 **Režim CLI:**

@@ -188,41 +189,42 @@ mkdir -p ~/.cline/data && cat > ~/.cline/data/globalState.json << EOF
 {
  "apiProvider": "openai",
  "openAiBaseUrl": "http://localhost:20128/v1",
-  "openAiApiKey": "sk-your-omniroute-key"
+  "openAiApiKey": "sk-vase-omniroute-klic"
 }
 EOF
 ```

-**Režim VS Code:** Nastavení rozšíření Cline → Poskytovatel API: `OpenAI Compatible` → Základní URL: `http://localhost:20128/v1`
+**Režim VS Code:**
+Nastavení rozšíření Cline → API Provider: `OpenAI Compatible` → Base URL: `http://localhost:20128/v1`

-Nebo použijte dashboard OmniRoute → **CLI Tools → Cline → Apply Config** .
+Nebo použijte OmniRoute dashboard → **CLI Nástroje → Cline → Použít konfiguraci**.

 ---

-### KiloCode (CLI nebo VS kód)
+### KiloCode (CLI nebo VS Code)

 **Režim CLI:**

 ```bash
-kilocode --api-base http://localhost:20128/v1 --api-key sk-your-omniroute-key
+kilocode --api-base http://localhost:20128/v1 --api-key sk-vase-omniroute-klic
 ```

-**Nastavení VS kódu:**
+**Nastavení VS Code:**

 ```json
 {
  "kilo-code.openAiBaseUrl": "http://localhost:20128/v1",
-  "kilo-code.apiKey": "sk-your-omniroute-key"
+  "kilo-code.apiKey": "sk-vase-omniroute-klic"
 }
 ```

-Nebo použijte dashboard OmniRoute → **CLI Tools → KiloCode → Apply Config** .
+Nebo použijte OmniRoute dashboard → **CLI Nástroje → KiloCode → Použít konfiguraci**.

 ---

-### Pokračovat (rozšíření kódu VS)
+### Continue (Rozšíření VS Code)

-Upravit `~/.continue/config.yaml` :
+Upravte `~/.continue/config.yaml`:

 ```yaml
 models:
@@ -230,7 +232,7 @@ models:
    provider: openai
    model: auto
    apiBase: http://localhost:20128/v1
-    apiKey: sk-your-omniroute-key
+    apiKey: sk-vase-omniroute-klic
    default: true
 ```

@@ -241,94 +243,95 @@ Po úpravě restartujte VS Code.
 ### Kiro CLI (Amazon)

 ```bash
-# Login to your AWS/Kiro account:
+# Přihlaste se ke svému AWS/Kiro účtu:
 kiro-cli login

-# The CLI uses its own auth — OmniRoute is not needed as backend for Kiro CLI itself.
-# Use kiro-cli alongside OmniRoute for other tools.
+# CLI používá vlastní autentifikaci — OmniRoute není potřeba jako backend pro samotný Kiro CLI.
+# Používejte kiro-cli společně s OmniRoute pro ostatní nástroje.
 kiro-cli status
 ```

 ---

-### Kurzor (aplikace pro stolní počítače)
+### Cursor (Desktop aplikace)

-> **Poznámka:** Cursor směruje požadavky přes svůj cloud. Pro integraci OmniRoute povolte **cloudový koncový bod** v nastavení OmniRoute a použijte URL adresu vaší veřejné domény.
+> **Poznámka:** Cursor směruje požadavky přes svůj cloud. Pro integraci s OmniRoute,
+> povolte **Cloud Endpoint** v nastavení OmniRoute a použijte vaši veřejnou doménu.

-Přes GUI: **Nastavení → Modely → Klíč OpenAI API**
+Via GUI: **Settings → Models → OpenAI API Key**

- Základní URL: `https://your-domain.com/v1`
- Klíč API: váš klíč OmniRoute
+- Base URL: `https://vase-domena.com/v1`
+- API Key: váš OmniRoute klíč

 ---

-## Automatická konfigurace řídicího panelu
+## Automatická konfigurace v dashboardu

-Ovládací panel OmniRoute automatizuje konfiguraci většiny nástrojů:
+OmniRoute dashboard automatizuje konfiguraci většiny nástrojů:

-1. Přejděte na `http://localhost:20128/dashboard/cli-tools`
-2. Rozbalit libovolnou kartu nástroje
-3. Vyberte klíč API z rozbalovací nabídky
-4. Klikněte **na Použít konfiguraci** (pokud je nástroj detekován jako nainstalovaný)
-5. Nebo zkopírujte vygenerovaný konfigurační úryvek ručně
+1. Jděte na `http://localhost:20128/dashboard/cli-tools`
+2. Rozbalte libovolnou kartu nástroje
+3. Vyberte svůj API klíč z rozbalovacího seznamu
+4. Klikněte na **Použít konfiguraci** (pokud je nástroj detekován jako nainstalovaný)
+5. Nebo ručně zkopírujte vygenerovaný konfigurační snippet

 ---

-## Vestavění agenti: Droid a OpenClaw
+## Vestavěný agenti: Droid & OpenClaw

-**Droid** a **OpenClaw** jsou agenti umělé inteligence zabudovaní přímo do OmniRoute – není nutná žádná instalace. Běží jako interní trasy a automaticky používají modelové směrování OmniRoute.
+**Droid** a **OpenClaw** jsou AI agenti vestavění přímo do OmniRoute — není potřeba žádná instalace.
+Běží jako interní trasy a automaticky používají směrování modelů OmniRoute.

 - Přístup: `http://localhost:20128/dashboard/agents`
- Konfigurace: stejné kombinace a poskytovatelé jako u všech ostatních nástrojů
- Není vyžadována instalace klíče API ani příkazového řádku
+- Konfigurace: stejné kombinace a poskytovatelé jako všechny ostatní nástroje
+- Není potřeba API klíč ani instalace CLI

 ---

-## Dostupné koncové body API
+## Dostupné API koncové body

-Koncový bod | Popis | Použití pro
--- | --- | ---
-`/v1/chat/completions` | Standardní chat (všichni poskytovatelé) | Všechny moderní nástroje
-`/v1/responses` | API pro odpovědi (formát OpenAI) | Kodex, agentické pracovní postupy
-`/v1/completions` | Doplňování starších textů | Starší nástroje používající `prompt:`
-`/v1/embeddings` | Vkládání textu | RAG, vyhledávání
-`/v1/images/generations` | Generování obrázků | DALL-E, Flux atd.
-`/v1/audio/speech` | Převod textu na řeč | ElevenLabs, OpenAI TTS
-`/v1/audio/transcriptions` | Převod řeči na text | Deepgram, AssemblyAI
+| Koncový bod                | Popis                                   | Použití pro                           |
+| -------------------------- | --------------------------------------- | ------------------------------------- |
+| `/v1/chat/completions`     | Standardní chat (všichni poskytovatelé) | Všechny moderní nástroje              |
+| `/v1/responses`            | Responses API (formát OpenAI)           | Codex, agentní workflowy              |
+| `/v1/completions`          | Legacy textové dokončení                | Starší nástroje používající `prompt:` |
+| `/v1/embeddings`           | Textové vložení                         | RAG, vyhledávání                      |
+| `/v1/images/generations`   | Generování obrázků                      | DALL-E, Flux, atd.                    |
+| `/v1/audio/speech`         | Text-to-speech                          | ElevenLabs, OpenAI TTS                |
+| `/v1/audio/transcriptions` | Speech-to-text                          | Deepgram, AssemblyAI                  |

 ---

-## Odstraňování problémů
+## Řešení problémů

-Chyba | Příčina | Opravit
--- | --- | ---
-`Connection refused` | OmniRoute neběží | `pm2 start omniroute`
-`401 Unauthorized` | Chybný klíč API | Zkontrolovat `/dashboard/api-manager`
-`No combo configured` | Žádná aktivní routingová kombinace | Nastavení v `/dashboard/combos`
-`invalid model` | Model není v katalogu | Použijte `auto` nebo zkontrolujte `/dashboard/providers`
-CLI zobrazuje „není nainstalováno“ | Binární soubor není v cestě PATH | Zkontrolujte, `which <command>`
-`kiro-cli: not found` | Není v PATH | `export PATH="$HOME/.local/bin:$PATH"`
+| Chyba                         | Příčina                 | Oprava                                                   |
+| ----------------------------- | ----------------------- | -------------------------------------------------------- |
+| `Connection refused`          | OmniRoute neběží        | `pm2 start omniroute`                                    |
+| `401 Unauthorized`            | Špatný API klíč         | Zkontrolujte v `/dashboard/api-manager`                  |
+| `No combo configured`         | Žádná aktivní kombinace | Nastavte v `/dashboard/combos`                           |
+| `invalid model`               | Model není v katalogu   | Použijte `auto` nebo zkontrolujte `/dashboard/providers` |
+| CLI zobrazuje "not installed" | Binárka není v PATH     | Zkontrolujte `which <příkaz>`                            |
+| `kiro-cli: not found`         | Není v PATH             | `export PATH="$HOME/.local/bin:$PATH"`                   |

 ---

-## Skript pro rychlé nastavení (jeden příkaz)
+## Rychlý skript pro nastavení (jeden příkaz)

 ```bash
-# Install all CLIs and configure for OmniRoute (replace with your key and server URL)
+# Nainstalujte všechny CLI a nakonfigurujte pro OmniRoute (nahraďte svým klíčem a URL serveru)
 OMNIROUTE_URL="http://localhost:20128/v1"
-OMNIROUTE_KEY="sk-your-omniroute-key"
+OMNIROUTE_KEY="sk-vase-omniroute-klic"

-npm install -g @anthropic-ai/claude-code @openai/codex @google/gemini-cli opencode-ai cline kilecode
+npm install -g @anthropic-ai/claude-code @openai/codex opencode-ai cline kilocode

 # Kiro CLI
 apt-get install -y unzip 2>/dev/null; curl -fsSL https://cli.kiro.dev/install | bash

-# Write configs
-mkdir -p ~/.claude ~/.codex ~/.gemini ~/.config/opencode ~/.continue
+# Zápis konfigurací
+mkdir -p ~/.claude ~/.codex ~/.config/opencode ~/.continue

 cat > ~/.claude/settings.json   <<< "{\"apiBaseUrl\":\"$OMNIROUTE_URL\",\"apiKey\":\"$OMNIROUTE_KEY\"}"
 cat > ~/.codex/config.yaml      <<< "model: auto\napiKey: $OMNIROUTE_KEY\napiBaseUrl: $OMNIROUTE_URL"
-cat > ~/.gemini/settings.json   <<< "{\"apiKey\":\"$OMNIROUTE_KEY\",\"baseUrl\":\"$OMNIROUTE_URL\"}"
 cat >> ~/.bashrc << EOF
 export OPENAI_BASE_URL="$OMNIROUTE_URL"
 export OPENAI_API_KEY="$OMNIROUTE_KEY"
@@ -337,5 +340,5 @@ export ANTHROPIC_API_KEY="$OMNIROUTE_KEY"
 EOF

 source ~/.bashrc
-echo "✅ All CLIs installed and configured for OmniRoute"
+echo "✅ Všechny CLI nainstalovány a nakonfigurovány pro OmniRoute"
 ```
@@ -110,14 +110,14 @@ omniroute/

 Jediný **zdroj pravdivých informací** pro všechny konfigurace poskytovatelů.

-Soubor | Účel
--- | ---
-`constants.ts` | Objekt `PROVIDERS` se základními URL adresami, přihlašovacími údaji OAuth (výchozí), záhlavími a výchozími systémovými výzvami pro každého poskytovatele. Definuje také `HTTP_STATUS` , `ERROR_TYPES` , `COOLDOWN_MS` , `BACKOFF_CONFIG` a `SKIP_PATTERNS` .
-`credentialLoader.ts` | Načte externí přihlašovací údaje z `data/provider-credentials.json` a sloučí je s pevně zakódovanými výchozími hodnotami v `PROVIDERS` . Uchovává tajné údaje mimo kontrolu zdrojového kódu a zároveň zachovává zpětnou kompatibilitu.
-`providerModels.ts` | Centrální registr modelů: mapuje aliasy poskytovatelů → ID modelů. Funkce jako `getModels()` , `getProviderByAlias()` .
-`codexInstructions.ts` | Systémové instrukce vložené do požadavků Codexu (omezení úprav, pravidla sandboxu, zásady schvalování).
-`defaultThinkingSignature.ts` | Výchozí „myšlenkové“ podpisy pro modely Claude a Gemini.
-`ollamaModels.ts` | Definice schématu pro lokální Ollama modely (název, velikost, rodina, kvantizace).
+| Soubor                        | Účel                                                                                                                                                                                                                                                         |
+| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `constants.ts`                | Objekt `PROVIDERS` se základními URL adresami, přihlašovacími údaji OAuth (výchozí), záhlavími a výchozími systémovými výzvami pro každého poskytovatele. Definuje také `HTTP_STATUS` , `ERROR_TYPES` , `COOLDOWN_MS` , `BACKOFF_CONFIG` a `SKIP_PATTERNS` . |
+| `credentialLoader.ts`         | Načte externí přihlašovací údaje z `data/provider-credentials.json` a sloučí je s pevně zakódovanými výchozími hodnotami v `PROVIDERS` . Uchovává tajné údaje mimo kontrolu zdrojového kódu a zároveň zachovává zpětnou kompatibilitu.                       |
+| `providerModels.ts`           | Centrální registr modelů: mapuje aliasy poskytovatelů → ID modelů. Funkce jako `getModels()` , `getProviderByAlias()` .                                                                                                                                      |
+| `codexInstructions.ts`        | Systémové instrukce vložené do požadavků Codexu (omezení úprav, pravidla sandboxu, zásady schvalování).                                                                                                                                                      |
+| `defaultThinkingSignature.ts` | Výchozí „myšlenkové“ podpisy pro modely Claude a Gemini.                                                                                                                                                                                                     |
+| `ollamaModels.ts`             | Definice schématu pro lokální Ollama modely (název, velikost, rodina, kvantizace).                                                                                                                                                                           |

 #### Postup načítání přihlašovacích údajů

@@ -194,17 +194,17 @@ classDiagram
    BaseExecutor <|-- GithubExecutor
 ```

-Vykonavatel | Poskytovatel | Klíčové specializace
--- | --- | ---
-`base.ts` | — | Abstraktní základ: tvorba URL adres, hlavičky, logika opakování, aktualizace přihlašovacích údajů
-`default.ts` | Claude, Gemini, OpenAI, GLM, Kimi, MiniMax | Aktualizace generického tokenu OAuth pro standardní poskytovatele
-`antigravity.ts` | Kód Google Cloud | Generování ID projektu/relace, záložní více URL adres, vlastní analýza opakovaných pokusů z chybových zpráv („reset po 2h7m23s“)
-`cursor.ts` | IDE kurzoru | **Nejsložitější** : autorizace kontrolního součtu SHA-256, kódování požadavků Protobuf, analýza binárních EventStream → SSE odpovědí
-`codex.ts` | Kodex OpenAI | Vkládá systémové instrukce, spravuje úrovně myšlení, odstraňuje nepodporované parametry
-`gemini-cli.ts` | Rozhraní příkazového řádku Google Gemini | Vytvoření vlastní URL adresy ( `streamGenerateContent` ), aktualizace tokenu Google OAuth
-`github.ts` | GitHub Copilot | Systém duálních tokenů (GitHub OAuth + Copilot token), napodobování hlaviček VSCode
-`kiro.ts` | AWS CodeWhisperer | Binární parsování AWS EventStream, rámce událostí AMZN, odhad tokenů
-`index.ts` | — | Továrna: název poskytovatele map → třída exekutoru s výchozím záložním nastavením
+| Vykonavatel      | Poskytovatel                               | Klíčové specializace                                                                                                                 |
+| ---------------- | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ |
+| `base.ts`        | —                                          | Abstraktní základ: tvorba URL adres, hlavičky, logika opakování, aktualizace přihlašovacích údajů                                    |
+| `default.ts`     | Claude, Gemini, OpenAI, GLM, Kimi, MiniMax | Aktualizace generického tokenu OAuth pro standardní poskytovatele                                                                    |
+| `antigravity.ts` | Kód Google Cloud                           | Generování ID projektu/relace, záložní více URL adres, vlastní analýza opakovaných pokusů z chybových zpráv („reset po 2h7m23s“)     |
+| `cursor.ts`      | IDE kurzoru                                | **Nejsložitější** : autorizace kontrolního součtu SHA-256, kódování požadavků Protobuf, analýza binárních EventStream → SSE odpovědí |
+| `codex.ts`       | OpenAI Codex                               | Vkládá systémové instrukce, spravuje úrovně myšlení, odstraňuje nepodporované parametry                                              |
+| `gemini-cli.ts`  | Google Gemini CLI                          | Vytvoření vlastní URL adresy ( `streamGenerateContent` ), aktualizace tokenu Google OAuth                                            |
+| `github.ts`      | GitHub Copilot                             | Systém duálních tokenů (GitHub OAuth + Copilot token), napodobování hlaviček VSCode                                                  |
+| `kiro.ts`        | AWS CodeWhisperer                          | Binární parsování AWS EventStream, rámce událostí AMZN, odhad tokenů                                                                 |
+| `index.ts`       | —                                          | Továrna: název poskytovatele map → třída exekutoru s výchozím záložním nastavením                                                    |

 ---

@@ -212,12 +212,12 @@ Vykonavatel | Poskytovatel | Klíčové specializace

 **Orchestrační vrstva** – koordinuje překlad, provádění, streamování a zpracování chyb.

-Soubor | Účel
--- | ---
-`chatCore.ts` | **Centrální orchestrátor** (~600 řádků). Zvládá kompletní životní cyklus požadavku: detekce formátu → překlad → odeslání exekutoru → streamovaná/nestreamovaná odpověď → aktualizace tokenu → zpracování chyb → protokolování využití.
-`responsesHandler.ts` | Adaptér pro OpenAI Responses API: převádí formát odpovědí → Dokončení chatu → odesílá do `chatCore` → převádí SSE zpět do formátu odpovědí.
-`embeddings.ts` | Obslužná rutina generování embeddingu: řeší model embeddingu → poskytovatele, odesílá do API poskytovatele, vrací odpověď na embedding kompatibilní s OpenAI. Podporuje 6+ poskytovatelů.
-`imageGeneration.ts` | Obslužná rutina generování obrázků: řeší model obrázku → poskytovatele, podporuje režimy kompatibilní s OpenAI, Gemini-image (Antigravity) a fallback (Nebius). Vrací obrázky v base64 nebo URL.
+| Soubor                | Účel                                                                                                                                                                                                                                   |
+| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `chatCore.ts`         | **Centrální orchestrátor** (~600 řádků). Zvládá kompletní životní cyklus požadavku: detekce formátu → překlad → odeslání exekutoru → streamovaná/nestreamovaná odpověď → aktualizace tokenu → zpracování chyb → protokolování využití. |
+| `responsesHandler.ts` | Adaptér pro OpenAI Responses API: převádí formát odpovědí → Dokončení chatu → odesílá do `chatCore` → převádí SSE zpět do formátu odpovědí.                                                                                            |
+| `embeddings.ts`       | Obslužná rutina generování embeddingu: řeší model embeddingu → poskytovatele, odesílá do API poskytovatele, vrací odpověď na embedding kompatibilní s OpenAI. Podporuje 6+ poskytovatelů.                                              |
+| `imageGeneration.ts`  | Obslužná rutina generování obrázků: řeší model obrázku → poskytovatele, podporuje režimy kompatibilní s OpenAI, Gemini-image (Antigravity) a fallback (Nebius). Vrací obrázky v base64 nebo URL.                                       |

 #### Životní cyklus požadavku (chatCore.ts)

@@ -262,22 +262,22 @@ sequenceDiagram

 Obchodní logika, která podporuje obslužné rutiny a vykonavatele.

-Soubor | Účel
--- | ---
-`provider.ts` | **Detekce formátu** ( `detectFormat` ): analyzuje strukturu těla požadavku a identifikuje formáty Claude/OpenAI/Gemini/Antigravity/Responses (včetně heuristiky `max_tokens` pro Claude). Dále: tvorba URL, tvorba hlaviček, normalizace konfigurace thinking. Podporuje dynamické poskytovatele kompatibilní `openai-compatible-*` a `anthropic-compatible-*` .
-`model.ts` | Analýza řetězců modelu ( `claude/model-name` → `{provider: "claude", model: "model-name"}` ), rozlišení aliasů s detekcí kolizí, sanitizace vstupu (odmítá průchod cestou/řídicí znaky) a rozlišení informací o modelu s podporou asynchronních metod pro získávání aliasů.
-`accountFallback.ts` | Ovládání limitů rychlosti: exponenciální upomínka (1 s → 2 s → 4 s → max. 2 min), správa doby zpoždění účtu, klasifikace chyb (které chyby spouštějí fallback a které ne).
-`tokenRefresh.ts` | Aktualizace tokenu OAuth pro **všechny poskytovatele** : Google (Gemini, Antigravity), Claude, Codex, Qwen, iFlow, GitHub (duální token OAuth + Copilot), Kiro (AWS SSO OIDC + sociální ověřování). Zahrnuje mezipaměť deduplikace promise za provozu a opakování s exponenciálním zpožděním.
-`combo.ts` | **Kombinované modely** : řetězce záložních modelů. Pokud model A selže s chybou způsobilou pro záložní model, zkuste model B, poté C atd. Vrací skutečné stavové kódy upstreamu.
-`usage.ts` | Načítá data o kvótách/využití z API poskytovatelů (kvóty GitHub Copilot, kvóty modelu Antigravity, limity rychlosti Codexu, rozpisy využití Kiro, nastavení Claude).
-`accountSelector.ts` | Inteligentní výběr účtu s algoritmem bodování: pro výběr optimálního účtu pro každý požadavek se zohledňuje priorita, zdravotní stav, pozice v systému round robin a stav ochlazování.
-`contextManager.ts` | Správa životního cyklu kontextu požadavku: vytváří a sleduje objekty kontextu pro každý požadavek s metadaty (ID požadavku, časová razítka, informace o poskytovateli) pro ladění a protokolování.
-`ipFilter.ts` | Řízení přístupu založené na IP adrese: podporuje režimy povolených seznamů a blokovaných seznamů. Před zpracováním požadavků API ověřuje IP adresu klienta podle nakonfigurovaných pravidel.
-`sessionManager.ts` | Sledování relací s otisky prstů klientů: sleduje aktivní relace pomocí hašovaných identifikátorů klientů, monitoruje počty požadavků a poskytuje metriky relací.
-`signatureCache.ts` | Mezipaměť deduplikace na základě signatur požadavků: zabraňuje duplicitním požadavkům ukládáním nedávných signatur požadavků do mezipaměti a vrácením odpovědí z mezipaměti pro identické požadavky v rámci časového okna.
-`systemPrompt.ts` | Globální vložení systémového výzvy: přidá konfigurovatelnou systémovou výzvu ke všem požadavkům s možností kompatibility pro jednotlivé poskytovatele.
-`thinkingBudget.ts` | Správa rozpočtu tokenů uvažování: podporuje režimy průchodu, automatický (konfigurace strip thinking), vlastní (pevný rozpočet) a adaptivní (měřítko složitosti) pro řízení tokenů myšlení/uvažování.
-`wildcardRouter.ts` | Směrování podle vzorů zástupných znaků: rozpoznává vzory zástupných znaků (např. `*/claude-*` ) na konkrétní páry poskytovatel/model na základě dostupnosti a priority.
+| Soubor               | Účel                                                                                                                                                                                                                                                                                                                                                             |
+| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `provider.ts`        | **Detekce formátu** ( `detectFormat` ): analyzuje strukturu těla požadavku a identifikuje formáty Claude/OpenAI/Gemini/Antigravity/Responses (včetně heuristiky `max_tokens` pro Claude). Dále: tvorba URL, tvorba hlaviček, normalizace konfigurace thinking. Podporuje dynamické poskytovatele kompatibilní `openai-compatible-*` a `anthropic-compatible-*` . |
+| `model.ts`           | Analýza řetězců modelu ( `claude/model-name` → `{provider: "claude", model: "model-name"}` ), rozlišení aliasů s detekcí kolizí, sanitizace vstupu (odmítá průchod cestou/řídicí znaky) a rozlišení informací o modelu s podporou asynchronních metod pro získávání aliasů.                                                                                      |
+| `accountFallback.ts` | Ovládání limitů rychlosti: exponenciální upomínka (1 s → 2 s → 4 s → max. 2 min), správa doby zpoždění účtu, klasifikace chyb (které chyby spouštějí fallback a které ne).                                                                                                                                                                                       |
+| `tokenRefresh.ts`    | Aktualizace tokenu OAuth pro **všechny poskytovatele** : Google (Gemini, Antigravity), Claude, Codex, Qwen, iFlow, GitHub (duální token OAuth + Copilot), Kiro (AWS SSO OIDC + sociální ověřování). Zahrnuje mezipaměť deduplikace promise za provozu a opakování s exponenciálním zpožděním.                                                                    |
+| `combo.ts`           | **Kombinované modely** : řetězce záložních modelů. Pokud model A selže s chybou způsobilou pro záložní model, zkuste model B, poté C atd. Vrací skutečné stavové kódy upstreamu.                                                                                                                                                                                 |
+| `usage.ts`           | Načítá data o kvótách/využití z API poskytovatelů (kvóty GitHub Copilot, kvóty modelu Antigravity, limity rychlosti Codexu, rozpisy využití Kiro, nastavení Claude).                                                                                                                                                                                             |
+| `accountSelector.ts` | Inteligentní výběr účtu s algoritmem bodování: pro výběr optimálního účtu pro každý požadavek se zohledňuje priorita, zdravotní stav, pozice v systému round robin a stav ochlazování.                                                                                                                                                                           |
+| `contextManager.ts`  | Správa životního cyklu kontextu požadavku: vytváří a sleduje objekty kontextu pro každý požadavek s metadaty (ID požadavku, časová razítka, informace o poskytovateli) pro ladění a protokolování.                                                                                                                                                               |
+| `ipFilter.ts`        | Řízení přístupu založené na IP adrese: podporuje režimy povolených seznamů a blokovaných seznamů. Před zpracováním požadavků API ověřuje IP adresu klienta podle nakonfigurovaných pravidel.                                                                                                                                                                     |
+| `sessionManager.ts`  | Sledování relací s otisky prstů klientů: sleduje aktivní relace pomocí hašovaných identifikátorů klientů, monitoruje počty požadavků a poskytuje metriky relací.                                                                                                                                                                                                 |
+| `signatureCache.ts`  | Mezipaměť deduplikace na základě signatur požadavků: zabraňuje duplicitním požadavkům ukládáním nedávných signatur požadavků do mezipaměti a vrácením odpovědí z mezipaměti pro identické požadavky v rámci časového okna.                                                                                                                                       |
+| `systemPrompt.ts`    | Globální vložení systémového výzvy: přidá konfigurovatelnou systémovou výzvu ke všem požadavkům s možností kompatibility pro jednotlivé poskytovatele.                                                                                                                                                                                                           |
+| `thinkingBudget.ts`  | Správa rozpočtu tokenů uvažování: podporuje režimy průchodu, automatický (konfigurace strip thinking), vlastní (pevný rozpočet) a adaptivní (měřítko složitosti) pro řízení tokenů myšlení/uvažování.                                                                                                                                                            |
+| `wildcardRouter.ts`  | Směrování podle vzorů zástupných znaků: rozpoznává vzory zástupných znaků (např. `*/claude-*` ) na konkrétní páry poskytovatel/model na základě dostupnosti a priority.                                                                                                                                                                                          |

 #### Deduplikace obnovení tokenů

@@ -374,13 +374,13 @@ graph TD
    end
 ```

-Adresář | Soubory | Popis
--- | --- | ---
-`request/` | 8 překladatelů | Převod těl požadavků mezi formáty. Každý soubor se při importu sám zaregistruje pomocí `register(from, to, fn)` .
-`response/` | 7 překladatelů | Převádí bloky odpovědí streamovaných dat mezi formáty. Zpracovává typy událostí SSE, myšlenkové bloky a volání nástrojů.
-`helpers/` | 6 pomocníků | Sdílené utility: `claudeHelper` (extrakce systémových prompts, thinking config), `geminiHelper` (mapování částí/obsahu), `openaiHelper` (filtrování formátů), `toolCallHelper` (generování ID, vkládání chybějících odpovědí), `maxTokensHelper` , `responsesApiHelper` .
-`index.ts` | — | Překladový engine: `translateRequest()` , `translateResponse()` , správa stavu, registr.
-`formats.ts` | — | Formátovací konstanty: `OPENAI` , `CLAUDE` , `GEMINI` , `ANTIGRAVITY` , `KIRO` , `CURSOR` , `OPENAI_RESPONSES` .
+| Adresář      | Soubory        | Popis                                                                                                                                                                                                                                                                     |
+| ------------ | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `request/`   | 8 překladatelů | Převod těl požadavků mezi formáty. Každý soubor se při importu sám zaregistruje pomocí `register(from, to, fn)` .                                                                                                                                                         |
+| `response/`  | 7 překladatelů | Převádí bloky odpovědí streamovaných dat mezi formáty. Zpracovává typy událostí SSE, myšlenkové bloky a volání nástrojů.                                                                                                                                                  |
+| `helpers/`   | 6 pomocníků    | Sdílené utility: `claudeHelper` (extrakce systémových prompts, thinking config), `geminiHelper` (mapování částí/obsahu), `openaiHelper` (filtrování formátů), `toolCallHelper` (generování ID, vkládání chybějících odpovědí), `maxTokensHelper` , `responsesApiHelper` . |
+| `index.ts`   | —              | Překladový engine: `translateRequest()` , `translateResponse()` , správa stavu, registr.                                                                                                                                                                                  |
+| `formats.ts` | —              | Formátovací konstanty: `OPENAI` , `CLAUDE` , `GEMINI` , `ANTIGRAVITY` , `KIRO` , `CURSOR` , `OPENAI_RESPONSES` .                                                                                                                                                          |

 #### Klíčový design: Samoregistrující se pluginy

@@ -397,15 +397,15 @@ import "./request/claude-to-openai.js"; // ← self-registers

 ### 4.6 Nástroje ( `open-sse/utils/` )

-Soubor | Účel
--- | ---
-`error.ts` | Vytváření chybové odezvy (formát kompatibilní s OpenAI), parsování chyb v upstreamu, extrakce doby opakování Antigravity z chybových zpráv, streamování chyb SSE.
-`stream.ts` | **SSE Transform Stream** — základní streamovací kanál. Dva režimy: `TRANSLATE` (plný překlad formátu) a `PASSTHROUGH` (normalizace + extrakce využití). Zpracovává ukládání bloků do vyrovnávací paměti, odhad využití a sledování délky obsahu. Instance kodéru/dekodéru pro každý stream se vyhýbají sdílenému stavu.
-`streamHelpers.ts` | Nízkoúrovňové utility SSE: `parseSSELine` (tolerantní k bílým znakům), `hasValuableContent` (filtruje prázdné segmenty pro OpenAI/Claude/Gemini), `fixInvalidId` , `formatSSE` (serializace SSE s ohledem na formát s čištěním `perf_metrics` ).
-`usageTracking.ts` | Extrakce využití tokenů z libovolného formátu (Claude/OpenAI/Gemini/Responses), odhad s oddělenými poměry znaků na token pro jednotlivé nástroje/zprávy, přidání vyrovnávací paměti (bezpečnostní rezerva 2000 tokenů), filtrování polí specifických pro formát, protokolování konzole s barvami ANSI.
-`requestLogger.ts` | Protokolování požadavků na základě souborů (přihlášení pomocí `ENABLE_REQUEST_LOGS=true` ). Vytváří složky relací s očíslovanými soubory: `1_req_client.json` → `7_res_client.txt` . Veškeré I/O operace jsou asynchronní (aktivní a zapomenutý). Maskuje citlivé hlavičky.
-`bypassHandler.ts` | Zachycuje specifické vzory z Claude CLI (extrakce názvu, zahřívání, počet) a vrací falešné odpovědi bez volání jakéhokoli poskytovatele. Podporuje streamování i nestreamování. Záměrně omezeno na rozsah Claude CLI.
-`networkProxy.ts` | Rozpozná URL odchozí proxy pro daného poskytovatele s prioritou: konfigurace specifická pro poskytovatele → globální konfigurace → proměnné prostředí ( `HTTPS_PROXY` / `HTTP_PROXY` / `ALL_PROXY` ). Podporuje výjimky `NO_PROXY` . Ukládá konfiguraci do mezipaměti po dobu 30 sekund.
+| Soubor             | Účel                                                                                                                                                                                                                                                                                                                    |
+| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `error.ts`         | Vytváření chybové odezvy (formát kompatibilní s OpenAI), parsování chyb v upstreamu, extrakce doby opakování Antigravity z chybových zpráv, streamování chyb SSE.                                                                                                                                                       |
+| `stream.ts`        | **SSE Transform Stream** — základní streamovací kanál. Dva režimy: `TRANSLATE` (plný překlad formátu) a `PASSTHROUGH` (normalizace + extrakce využití). Zpracovává ukládání bloků do vyrovnávací paměti, odhad využití a sledování délky obsahu. Instance kodéru/dekodéru pro každý stream se vyhýbají sdílenému stavu. |
+| `streamHelpers.ts` | Nízkoúrovňové utility SSE: `parseSSELine` (tolerantní k bílým znakům), `hasValuableContent` (filtruje prázdné segmenty pro OpenAI/Claude/Gemini), `fixInvalidId` , `formatSSE` (serializace SSE s ohledem na formát s čištěním `perf_metrics` ).                                                                        |
+| `usageTracking.ts` | Extrakce využití tokenů z libovolného formátu (Claude/OpenAI/Gemini/Responses), odhad s oddělenými poměry znaků na token pro jednotlivé nástroje/zprávy, přidání vyrovnávací paměti (bezpečnostní rezerva 2000 tokenů), filtrování polí specifických pro formát, protokolování konzole s barvami ANSI.                  |
+| `requestLogger.ts` | Protokolování požadavků na základě souborů (přihlášení pomocí `ENABLE_REQUEST_LOGS=true` ). Vytváří složky relací s očíslovanými soubory: `1_req_client.json` → `7_res_client.txt` . Veškeré I/O operace jsou asynchronní (aktivní a zapomenutý). Maskuje citlivé hlavičky.                                             |
+| `bypassHandler.ts` | Zachycuje specifické vzory z Claude CLI (extrakce názvu, zahřívání, počet) a vrací falešné odpovědi bez volání jakéhokoli poskytovatele. Podporuje streamování i nestreamování. Záměrně omezeno na rozsah Claude CLI.                                                                                                   |
+| `networkProxy.ts`  | Rozpozná URL odchozí proxy pro daného poskytovatele s prioritou: konfigurace specifická pro poskytovatele → globální konfigurace → proměnné prostředí ( `HTTPS_PROXY` / `HTTP_PROXY` / `ALL_PROXY` ). Podporuje výjimky `NO_PROXY` . Ukládá konfiguraci do mezipaměti po dobu 30 sekund.                                |

 #### Streamovací kanál SSE

@@ -449,32 +449,32 @@ logs/

 ### 4.7 Aplikační vrstva ( `src/` )

-Adresář | Účel
--- | ---
-`src/app/` | Webové uživatelské rozhraní, trasy API, middleware Express, obslužné rutiny zpětných volání OAuth
-`src/lib/` | Přístup k databázi ( `localDb.ts` , `usageDb.ts` ), ověřování, sdílení
-`src/mitm/` | Nástroje proxy typu „man-in-the-middle“ pro zachycení provozu poskytovatelů
-`src/models/` | Definice modelů databáze
-`src/shared/` | Obálky kolem funkcí open-sse (provider, stream, error atd.)
-`src/sse/` | Obslužné rutiny koncových bodů SSE, které propojují knihovnu open-sse s trasami Express
-`src/store/` | Správa stavu aplikací
+| Adresář       | Účel                                                                                              |
+| ------------- | ------------------------------------------------------------------------------------------------- |
+| `src/app/`    | Webové uživatelské rozhraní, trasy API, middleware Express, obslužné rutiny zpětných volání OAuth |
+| `src/lib/`    | Přístup k databázi ( `localDb.ts` , `usageDb.ts` ), ověřování, sdílení                            |
+| `src/mitm/`   | Nástroje proxy typu „man-in-the-middle“ pro zachycení provozu poskytovatelů                       |
+| `src/models/` | Definice modelů databáze                                                                          |
+| `src/shared/` | Obálky kolem funkcí open-sse (provider, stream, error atd.)                                       |
+| `src/sse/`    | Obslužné rutiny koncových bodů SSE, které propojují knihovnu open-sse s trasami Express           |
+| `src/store/`  | Správa stavu aplikací                                                                             |

 #### Významné trasy API

-Trasa | Metody | Účel
--- | --- | ---
-`/api/provider-models` | ZÍSKAT/ODESLAT/SMAZAT | CRUD pro vlastní modely na poskytovatele
-`/api/models/catalog` | ZÍSKAT | Agregovaný katalog všech modelů (chat, embedding, image, custom) seskupených podle poskytovatele
-`/api/settings/proxy` | ZÍSKAT/VLOŽIT/ODSTRANIT | Konfigurace hierarchické odchozí proxy ( `global/providers/combos/keys` )
-`/api/settings/proxy/test` | ZVEŘEJNIT | Ověřuje připojení proxy a vrací veřejnou IP adresu/latenci
-`/v1/providers/[provider]/chat/completions` | ZVEŘEJNIT | Vyhrazené dokončování chatu pro jednotlivé poskytovatele s ověřováním modelu
-`/v1/providers/[provider]/embeddings` | ZVEŘEJNIT | Vyhrazené vkládání pro jednotlivé poskytovatele s ověřováním modelu
-`/v1/providers/[provider]/images/generations` | ZVEŘEJNIT | Vyhrazené generování obrázků pro každého poskytovatele s ověřováním modelu
-`/api/settings/ip-filter` | ZÍSKAT/VLOŽIT | Správa povolených/blokovaných IP adres
-`/api/settings/thinking-budget` | ZÍSKAT/VLOŽIT | Konfigurace rozpočtu tokenů zdůvodnění (průchozí/automatická/vlastní/adaptivní)
-`/api/settings/system-prompt` | ZÍSKAT/VLOŽIT | Globální vložení systémového promptu pro všechny požadavky
-`/api/sessions` | ZÍSKAT | Sledování a metriky aktivních relací
-`/api/rate-limits` | ZÍSKAT | Stav limitu sazby na účet
+| Trasa                                         | Metody          | Účel                                                                                             |
+| --------------------------------------------- | --------------- | ------------------------------------------------------------------------------------------------ |
+| `/api/provider-models`                        | GET/POST/DELETE | CRUD pro vlastní modely na poskytovatele                                                         |
+| `/api/models/catalog`                         | GET             | Agregovaný katalog všech modelů (chat, embedding, image, custom) seskupených podle poskytovatele |
+| `/api/settings/proxy`                         | GET/PUT/DELETE  | Konfigurace hierarchické odchozí proxy ( `global/providers/combos/keys` )                        |
+| `/api/settings/proxy/test`                    | POST            | Ověřuje připojení proxy a vrací veřejnou IP adresu/latenci                                       |
+| `/v1/providers/[provider]/chat/completions`   | POST            | Vyhrazené dokončování chatu pro jednotlivé poskytovatele s ověřováním modelu                     |
+| `/v1/providers/[provider]/embeddings`         | POST            | Vyhrazené vkládání pro jednotlivé poskytovatele s ověřováním modelu                              |
+| `/v1/providers/[provider]/images/generations` | POST            | Vyhrazené generování obrázků pro každého poskytovatele s ověřováním modelu                       |
+| `/api/settings/ip-filter`                     | GET/PUT         | Správa povolených/blokovaných IP adres                                                           |
+| `/api/settings/thinking-budget`               | GET/PUT         | Konfigurace rozpočtu tokenů zdůvodnění (průchozí/automatická/vlastní/adaptivní)                  |
+| `/api/settings/system-prompt`                 | GET/PUT         | Globální vložení systémového promptu pro všechny požadavky                                       |
+| `/api/sessions`                               | GET             | Sledování a metriky aktivních relací                                                             |
+| `/api/rate-limits`                            | GET             | Stav limitu sazby na účet                                                                        |

 ---

@@ -512,38 +512,38 @@ K hlášenému využití je přidána vyrovnávací paměť o kapacitě 2000 tok

 ## 6. Podporované formáty

-Formát | Směr | Identifikátor
--- | --- | ---
-Dokončení chatu OpenAI | zdroj + cíl | `openai`
-API pro odpovědi OpenAI | zdroj + cíl | `openai-responses`
-Antropický Claude | zdroj + cíl | `claude`
-Google Gemini | zdroj + cíl | `gemini`
-Rozhraní příkazového řádku Google Gemini | pouze cíl | `gemini-cli`
-Antigravitace | zdroj + cíl | `antigravity`
-AWS Kiro | pouze cíl | `kiro`
-Kurzor | pouze cíl | `cursor`
+| Formát                  | Směr        | Identifikátor      |
+| ----------------------- | ----------- | ------------------ |
+| OpenAI Chat Completions | zdroj + cíl | `openai`           |
+| OpenAI Responses API    | zdroj + cíl | `openai-responses` |
+| Anthropic Claude        | zdroj + cíl | `claude`           |
+| Google Gemini           | zdroj + cíl | `gemini`           |
+| Google Gemini CLI       | jen cíl     | `gemini-cli`       |
+| Antigravity             | zdroj + cíl | `antigravity`      |
+| AWS Kiro                | jen cíl     | `kiro`             |
+| Cursor                  | jen cíl     | `cursor`           |

 ---

 ## 7. Podporovaní poskytovatelé

-Poskytovatel | Metoda ověřování | Vykonavatel | Klíčové poznámky
--- | --- | --- | ---
-Antropický Claude | Klíč API nebo OAuth | Výchozí | Používá hlavičku `x-api-key`
-Google Gemini | Klíč API nebo OAuth | Výchozí | Používá hlavičku `x-goog-api-key`
-Rozhraní příkazového řádku Google Gemini | OAuth | GeminiCLI | Používá koncový bod `streamGenerateContent`
-Antigravitace | OAuth | Antigravitace | Záložní více URL adres, vlastní analýza opakovaných pokusů
-OpenAI | Klíč API | Výchozí | Autorizace standardního nosiče
-Kodex | OAuth | Kodex | Vkládá systémové instrukce, řídí myšlení
-GitHub Copilot | OAuth + token Copilot | Github | Duální token, napodobování záhlaví VSCode
-Kiro (AWS) | AWS SSO OIDC nebo sociální sítě | Kiro | Analýza binárního EventStreamu
-IDE kurzoru | Autorizace kontrolního součtu | Kurzor | Kódování Protobuf, kontrolní součty SHA-256
-Qwen | OAuth | Výchozí | Standardní ověřování
-iFlow | OAuth (základní + nosič) | Výchozí | Duální hlavička pro autorizaci
-OpenRouter | Klíč API | Výchozí | Autorizace standardního nosiče
-GLM, Kimi, MiniMax | Klíč API | Výchozí | Kompatibilní s Claude, použijte `x-api-key`
-`openai-compatible-*` | Klíč API | Výchozí | Dynamické: jakýkoli koncový bod kompatibilní s OpenAI
-`anthropic-compatible-*` | Klíč API | Výchozí | Dynamický: jakýkoli koncový bod kompatibilní s Claude
+| Poskytovatel             | Metoda ověřování         | Vykonavatel | Klíčové poznámky                             |
+| ------------------------ | ------------------------ | ----------- | -------------------------------------------- |
+| Anthropic Claude         | API klíč nebo OAuth      | Výchozí     | Používá hlavičku `x-api-key`                 |
+| Google Gemini            | API klíč nebo OAuth      | Výchozí     | Používá hlavičku `x-goog-api-key`            |
+| Google Gemini CLI        | OAuth                    | GeminiCLI   | Používá koncový bod `streamGenerateContent`  |
+| Antigravity              | OAuth                    | Antigravity | Záložní více URL, analýza opakovaných pokusů |
+| OpenAI                   | API klíč                 | Výchozí     | Autorizace standardního nosiče               |
+| Codex                    | OAuth                    | Codex       | Vkládá systémové instrukce, řídí myšlení     |
+| GitHub Copilot           | OAuth + Copilot token    | Github      | Duální token, napodobování záhlaví VSCode    |
+| Kiro (AWS)               | AWS SSO OIDC nebo Social | Kiro        | Analýza binárního EventStreamu               |
+| Cursor IDE               | Checksum auth            | Cursor      | Kódování Protobuf, kontrolní součty SHA-256  |
+| Qwen                     | OAuth                    | Výchozí     | Standardní ověřování                         |
+| iFlow                    | OAuth (Basic + Bearer)   | Výchozí     | Duální hlavička pro autorizaci               |
+| OpenRouter               | API klíč                 | Výchozí     | Autorizace standardního nosiče               |
+| GLM, Kimi, MiniMax       | API klíč                 | Výchozí     | Kompatibilní s Claude, použijte `x-api-key`  |
+| `openai-compatible-*`    | API klíč                 | Výchozí     | Dynamické: jakýkoli OpenAI kompatibilní      |
+| `anthropic-compatible-*` | API klíč                 | Výchozí     | Dynamické: jakýkoli Claude kompatibilní      |

 ---

@@ -20,30 +20,30 @@ Kompletní průvodce konfigurací poskytovatelů, vytvářením kombinací, inte

 ## 💰 Přehled cen

-Úroveň | Poskytovatel | Náklady | Obnovení kvóty | Nejlepší pro
--- | --- | --- | --- | ---
-**💳 PŘEDPLATNÉ** | Claude Code (profesionál) | 20 dolarů měsíčně | 5 hodin + týdně | Již přihlášen/a k odběru
- | Kodex (Plus/Pro) | 20–200 USD/měsíc | 5 hodin + týdně | Uživatelé OpenAI
- | Rozhraní příkazového řádku Gemini | **UVOLNIT** | 180 tisíc měsíčně + 1 tisíc denně | Každý!
- | GitHub Copilot | 10–19 USD/měsíc | Měsíční | Uživatelé GitHubu
-**🔑 KLÍČ API** | Hluboké vyhledávání | Platba za použití | Žádný | Laciné uvažování
- | Groq | Platba za použití | Žádný | Ultrarychlá inference
- | xAI (Grok) | Platba za použití | Žádný | Grok 4 uvažování
- | Mistral | Platba za použití | Žádný | Modely hostované v EU
- | Zmatek | Platba za použití | Žádný | Rozšířené vyhledávání
- | Společně s umělou inteligencí | Platba za použití | Žádný | Modely s otevřeným zdrojovým kódem
- | Ohňostroj s umělou inteligencí | Platba za použití | Žádný | Rychlé snímky FLUX
- | Mozky | Platba za použití | Žádný | Rychlost v měřítku destičky
- | Soudržný | Platba za použití | Žádný | Příkaz R+ RAG
- | NVIDIA NIM | Platba za použití | Žádný | Podnikové modely
-**💰 LEVNÉ** | GLM-4.7 | 0,6 USD/1 milion | Denně v 10:00 | Záloha rozpočtu
- | MiniMax M2.1 | 0,2 USD/1 milion | 5hodinové válcování | Nejlevnější varianta
- | Kimi K2 | 9 dolarů měsíčně bez závazků | 10 milionů tokenů/měsíc | Předvídatelné náklady
-**🆓 ZDARMA** | iFlow | 0 dolarů | Neomezený | 8 modelů zdarma
- | Qwen | 0 dolarů | Neomezený | 3 modely zdarma
- | Kiro | 0 dolarů | Neomezený | Claude zdarma
+| Úroveň            | Poskytovatel      | Náklady          | Obnovení kvóty      | Nejlepší pro               |
+| ----------------- | ----------------- | ---------------- | ------------------- | -------------------------- |
+| **💳 PŘEDPLATNÉ** | Claude Code (pro) | 20 USD měsíc     | 5h + týdně          | Již přihlášené             |
+|                   | Kodex (Plus/Pro)  | 20–200 USD/měsíc | 5h + týdně          | Uživatele OpenAI           |
+|                   | Gemini CLI        | **ZDARMA**       | 180K/mo + 1K/den    | Každého!                   |
+|                   | GitHub Copilot    | 10–19 USD/měsíc  | Měsíční             | Uživatele GitHubu          |
+| **🔑 KLÍČ API**   | DeepSeek          | Dle užití        | Žádné               | Laciné uvažování           |
+|                   | Groq              | Dle užití        | Žádné               | Ultrarychlá inference      |
+|                   | xAI (Grok)        | Dle užití        | Žádné               | Grok 4 uvažování           |
+|                   | Mistral           | Dle užití        | Žádné               | Modely hostované v EU      |
+|                   | Perplexity        | Dle užití        | Žádné               | Rozšířené vyhledávání      |
+|                   | Together AI       | Dle užití        | Žádné               | Open Source modely         |
+|                   | Fireworks AI      | Dle užití        | Žádné               | Rychlé FLUX obrázky        |
+|                   | Cerebras          | Dle užití        | Žádné               | Rychlost destičkového čipu |
+|                   | Cohere            | Dle užití        | Žádné               | Command R+ RAG             |
+|                   | NVIDIA NIM        | Dle užití        | Žádné               | Podnikové modely           |
+| **💰 LEVNÉ**      | GLM-4.7           | $0.6/1M          | Denně 10:00         | Levná záloha               |
+|                   | MiniMax M2.1      | $0.2/1M          | 5hodinové válcování | Nejlevnější varianta       |
+|                   | Kimi K2           | 9 USD měsíc      | 10M tokens/měsíc    | Předvídatelné náklady      |
+| **🆓 ZDARMA**     | iFlow             | $0               | Neomezený           | 8 modelů zdarma            |
+|                   | Qwen              | $0               | Neomezený           | 3 modely zdarma            |
+|                   | Kiro              | $0               | Neomezený           | Claude zdarma              |

-**💡 Tip pro profesionály:** Začněte s kombinací Gemini CLI (180 tisíc zdarma/měsíc) + iFlow (neomezeně zdarma) = 0 dolarů!
+**💡 Pro Tip:** Začněte s kombinací Gemini CLI (180K zdarma/měsíc) + iFlow (neomezeně zdarma) = $0!

 ---

@@ -271,7 +271,7 @@ Upravit `~/.claude/config.json` :
 }
 ```

-### CLI Codexu
+### Codex CLI

 ```bash
 export OPENAI_BASE_URL="http://localhost:20128"
@@ -335,7 +335,7 @@ omniroute
 omniroute --port 3000
 ```

-Rozhraní příkazového řádku automaticky načte `.env` z adresáře `~/.omniroute/.env` nebo `./.env` .
+CLI automaticky načte `.env` z adresáře `~/.omniroute/.env` nebo `./.env` .

 ### Nasazení VPS

@@ -407,23 +407,23 @@ Informace o režimu integrovaném s hostitelem s binárními soubory CLI nalezne

 ### Proměnné prostředí

-Proměnná | Výchozí | Popis
--- | --- | ---
-`JWT_SECRET` | `omniroute-default-secret-change-me` | Tajný klíč podpisu JWT ( **změna v produkčním prostředí** )
-`INITIAL_PASSWORD` | `123456` | První přihlašovací heslo
-`DATA_DIR` | `~/.omniroute` | Datový adresář (db, využití, protokoly)
-`PORT` | výchozí nastavení rámce | Servisní port ( `20128` v příkladech)
-`HOSTNAME` | výchozí nastavení rámce | Vázat hostitele (Docker má výchozí hodnotu `0.0.0.0` )
-`NODE_ENV` | výchozí nastavení za běhu | Nastavení `production` pro nasazení
-`BASE_URL` | `http://localhost:20128` | Interní základní URL na straně serveru
-`CLOUD_URL` | `https://omniroute.dev` | Základní adresa URL koncového bodu synchronizace s cloudem
-`API_KEY_SECRET` | `endpoint-proxy-api-key-secret` | Tajný klíč HMAC pro generované klíče API
-`REQUIRE_API_KEY` | `false` | Vynutit klíč rozhraní Bearer API na `/v1/*`
-`ENABLE_REQUEST_LOGS` | `false` | Povoluje protokolování požadavků/odpovědí
-`AUTH_COOKIE_SECURE` | `false` | Vynutit soubor cookie `Secure` ověřování (za reverzní proxy HTTPS)
-`OMNIROUTE_MEMORY_MB` | `512` | Limit haldy Node.js v MB
-`PROMPT_CACHE_MAX_SIZE` | `50` | Maximální počet položek mezipaměti výzev
-`SEMANTIC_CACHE_MAX_SIZE` | `100` | Maximální počet položek sémantické mezipaměti
+| Proměnná                  | Výchozí                              | Popis                                                              |
+| ------------------------- | ------------------------------------ | ------------------------------------------------------------------ |
+| `JWT_SECRET`              | `omniroute-default-secret-change-me` | Tajný klíč podpisu JWT ( **změna v produkčním prostředí** )        |
+| `INITIAL_PASSWORD`        | `123456`                             | První přihlašovací heslo                                           |
+| `DATA_DIR`                | `~/.omniroute`                       | Datový adresář (db, využití, protokoly)                            |
+| `PORT`                    | výchozí nastavení rámce              | Servisní port ( `20128` v příkladech)                              |
+| `HOSTNAME`                | výchozí nastavení rámce              | Vázat hostitele (Docker má výchozí hodnotu `0.0.0.0` )             |
+| `NODE_ENV`                | výchozí nastavení za běhu            | Nastavení `production` pro nasazení                                |
+| `BASE_URL`                | `http://localhost:20128`             | Interní základní URL na straně serveru                             |
+| `CLOUD_URL`               | `https://omniroute.dev`              | Základní adresa URL koncového bodu synchronizace s cloudem         |
+| `API_KEY_SECRET`          | `endpoint-proxy-api-key-secret`      | Tajný klíč HMAC pro generované klíče API                           |
+| `REQUIRE_API_KEY`         | `false`                              | Vynutit klíč rozhraní Bearer API na `/v1/*`                        |
+| `ENABLE_REQUEST_LOGS`     | `false`                              | Povoluje protokolování požadavků/odpovědí                          |
+| `AUTH_COOKIE_SECURE`      | `false`                              | Vynutit soubor cookie `Secure` ověřování (za reverzní proxy HTTPS) |
+| `OMNIROUTE_MEMORY_MB`     | `512`                                | Limit haldy Node.js v MB                                           |
+| `PROMPT_CACHE_MAX_SIZE`   | `50`                                 | Maximální počet položek mezipaměti výzev                           |
+| `SEMANTIC_CACHE_MAX_SIZE` | `100`                                | Maximální počet položek sémantické mezipaměti                      |

 Úplný přehled proměnných prostředí naleznete v souboru [README](../README.md) .

@@ -439,7 +439,7 @@ Proměnná | Výchozí | Popis

 **Codex ( `cx/` )** — Plus/Pro: `cx/gpt-5.2-codex` , `cx/gpt-5.1-codex-max`

-**Rozhraní příkazového řádku Gemini ( `gc/` )** — ZDARMA: `gc/gemini-3-flash-preview` , `gc/gemini-2.5-pro`
+**Gemini CLI ( `gc/` )** — ZDARMA: `gc/gemini-3-flash-preview` , `gc/gemini-2.5-pro`

 **GitHub Copilot ( `gh/` )** : `gh/gpt-5` , `gh/claude-4.5-sonnet`

@@ -473,9 +473,6 @@ Proměnná | Výchozí | Popis

 **NVIDIA NIM ( `nvidia/` )** : `nvidia/nvidia/llama-3.3-70b-instruct`

-
-
-
 ---

 ## 🧩 Pokročilé funkce
@@ -552,12 +549,12 @@ Vrátí modely seskupené podle poskytovatele s typy ( `chat` , `embedding` , `i

 Přístup přes **Dashboard → Translator** . Ladění a vizualizace toho, jak OmniRoute překládá požadavky API mezi poskytovateli.

-Režim | Účel
--- | ---
-**Dětské hřiště** | Vyberte zdrojový/cílový formát, vložte požadavek a okamžitě si prohlédněte přeložený výstup
-**Tester chatu** | Odesílejte zprávy živého chatu přes proxy a kontrolujte celý cyklus požadavku/odpovědi
-**Zkušební stolice** | Spusťte dávkové testy napříč různými kombinacemi formátů pro ověření správnosti překladu
-**Živý monitor** | Sledujte překlady v reálném čase, jak požadavky procházejí proxy serverem
+| Režim                | Účel                                                                                        |
+| -------------------- | ------------------------------------------------------------------------------------------- |
+| **Dětské hřiště**    | Vyberte zdrojový/cílový formát, vložte požadavek a okamžitě si prohlédněte přeložený výstup |
+| **Tester chatu**     | Odesílejte zprávy živého chatu přes proxy a kontrolujte celý cyklus požadavku/odpovědi      |
+| **Zkušební stolice** | Spusťte dávkové testy napříč různými kombinacemi formátů pro ověření správnosti překladu    |
+| **Živý monitor**     | Sledujte překlady v reálném čase, jak požadavky procházejí proxy serverem                   |

 **Případy použití:**

@@ -571,14 +568,14 @@ Režim | Účel

 Konfigurace přes **Dashboard → Nastavení → Routing** .

-Strategie | Popis
--- | ---
-**Nejprve vyplňte** | Používá účty podle priority – primární účet zpracovává všechny požadavky, dokud není k dispozici.
-**Round Robin** | Cykluje mezi všemi účty s nastavitelným trvalým limitem (výchozí: 3 volání na účet)
-**P2C (Síla dvou možností)** | Vybere 2 náhodné účty a nasměruje je k tomu zdravějšímu – vyvažuje zátěž s povědomím o zdraví
-**Náhodný** | Náhodně vybere účet pro každý požadavek pomocí Fisher-Yatesova náhodného výběru.
-**Nejméně používané** | Směruje k účtu s nejstarším časovým razítkem `lastUsedAt` a rovnoměrně rozděluje provoz.
-**Optimalizované náklady** | Směruje k účtu s nejnižší prioritou a optimalizuje pro poskytovatele s nejnižšími náklady.
+| Strategie                    | Popis                                                                                             |
+| ---------------------------- | ------------------------------------------------------------------------------------------------- |
+| **Nejprve vyplňte**          | Používá účty podle priority – primární účet zpracovává všechny požadavky, dokud není k dispozici. |
+| **Round Robin**              | Cykluje mezi všemi účty s nastavitelným trvalým limitem (výchozí: 3 volání na účet)               |
+| **P2C (Síla dvou možností)** | Vybere 2 náhodné účty a nasměruje je k tomu zdravějšímu – vyvažuje zátěž s povědomím o zdraví     |
+| **Náhodný**                  | Náhodně vybere účet pro každý požadavek pomocí Fisher-Yatesova náhodného výběru.                  |
+| **Nejméně používané**        | Směruje k účtu s nejstarším časovým razítkem `lastUsedAt` a rovnoměrně rozděluje provoz.          |
+| **Optimalizované náklady**   | Směruje k účtu s nejnižší prioritou a optimalizuje pro poskytovatele s nejnižšími náklady.        |

 #### Aliasy zástupných znaků modelů

@@ -611,24 +608,21 @@ Konfigurace přes **Dashboard → Settings → Resilience** .
 OmniRoute implementuje odolnost na úrovni poskytovatele se čtyřmi komponentami:

 1. **Profily poskytovatelů** – Konfigurace pro jednotlivé poskytovatele pro:
-
-    - Práh selhání (počet selhání před otevřením)
-    - Doba zchlazení
-    - Citlivost detekce limitu frekvence
-    - Exponenciální backoff parametry
+   - Práh selhání (počet selhání před otevřením)
+   - Doba zchlazení
+   - Citlivost detekce limitu frekvence
+   - Exponenciální backoff parametry

 2. **Upravitelné limity rychlosti** – Výchozí nastavení na úrovni systému konfigurovatelná na řídicím panelu:
-
-    - **Požadavky za minutu (RPM)** — Maximální počet požadavků za minutu na účet
-    - **Minimální doba mezi požadavky** — Minimální mezera v milisekundách mezi požadavky
-    - **Max. počet souběžných požadavků** — Maximální počet souběžných požadavků na účet
-    - Klikněte na **Upravit** pro úpravu a poté **na Uložit** nebo **Zrušit** . Hodnoty se ukládají prostřednictvím rozhraní API pro odolnost.
+   - **Požadavky za minutu (RPM)** — Maximální počet požadavků za minutu na účet
+   - **Minimální doba mezi požadavky** — Minimální mezera v milisekundách mezi požadavky
+   - **Max. počet souběžných požadavků** — Maximální počet souběžných požadavků na účet
+   - Klikněte na **Upravit** pro úpravu a poté **na Uložit** nebo **Zrušit** . Hodnoty se ukládají prostřednictvím rozhraní API pro odolnost.

 3. **Jistič** – Sleduje poruchy u jednotlivých poskytovatelů a automaticky rozpojuje obvod, když je dosaženo prahové hodnoty:
-
-    - **ZAVŘENO** (v pořádku) – Požadavky probíhají normálně.
-    - **OTEVŘENO** — Poskytovatel je dočasně zablokován po opakovaných selháních
-    - **HALF_OPEN** — Testování, zda se poskytovatel zotavil
+   - **ZAVŘENO** (v pořádku) – Požadavky probíhají normálně.
+   - **OTEVŘENO** — Poskytovatel je dočasně zablokován po opakovaných selháních
+   - **HALF_OPEN** — Testování, zda se poskytovatel zotavil

 4. **Zásady a uzamčené identifikátory** – Zobrazuje stav jističe a uzamčené identifikátory s možností vynuceného odemčení.

@@ -642,11 +636,11 @@ OmniRoute implementuje odolnost na úrovni poskytovatele se čtyřmi komponentam

 Správa záloh databáze se provádí v **nabídce Ovládací panel → Nastavení → Systém a úložiště** .

-Akce | Popis
--- | ---
-**Exportovat databázi** | Stáhne aktuální databázi SQLite jako soubor `.sqlite`
-**Exportovat vše (.tar.gz)** | Stáhne kompletní zálohu včetně: databáze, nastavení, kombinací, připojení k poskytovatelům (bez přihlašovacích údajů) a metadat klíče API.
-**Importovat databázi** | Nahrajte soubor `.sqlite` , který nahradí aktuální databázi. Záloha před importem se vytvoří automaticky.
+| Akce                         | Popis                                                                                                                                      |
+| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
+| **Exportovat databázi**      | Stáhne aktuální databázi SQLite jako soubor `.sqlite`                                                                                      |
+| **Exportovat vše (.tar.gz)** | Stáhne kompletní zálohu včetně: databáze, nastavení, kombinací, připojení k poskytovatelům (bez přihlašovacích údajů) a metadat klíče API. |
+| **Importovat databázi**      | Nahrajte soubor `.sqlite` , který nahradí aktuální databázi. Záloha před importem se vytvoří automaticky.                                  |

 ```bash
 # API: Export database
@@ -674,13 +668,13 @@ curl -X POST http://localhost:20128/api/db-backups/import \

 Stránka nastavení je pro snadnou navigaci uspořádána do 5 záložek:

-Záložka | Obsah
--- | ---
-**Zabezpečení** | Nastavení přihlášení/hesla, řízení přístupu k IP adrese, autorizace API pro `/models` a blokování poskytovatelů
-**Směrování** | Globální strategie směrování (6 možností), aliasy zástupných znaků, záložní řetězce, kombinované výchozí hodnoty
-**Odolnost** | Profily poskytovatelů, upravitelné limity sazeb, stav jističů, zásady a uzamčené identifikátory
-**Umělá inteligence** | Konfigurace rozpočtu promyšleného projektu, globální vkládání promptu do systému, statistiky mezipaměti promptu
-**Moderní** | Globální konfigurace proxy (HTTP/SOCKS5)
+| Záložka               | Obsah                                                                                                            |
+| --------------------- | ---------------------------------------------------------------------------------------------------------------- |
+| **Zabezpečení**       | Nastavení přihlášení/hesla, řízení přístupu k IP adrese, autorizace API pro `/models` a blokování poskytovatelů  |
+| **Směrování**         | Globální strategie směrování (6 možností), aliasy zástupných znaků, záložní řetězce, kombinované výchozí hodnoty |
+| **Odolnost**          | Profily poskytovatelů, upravitelné limity sazeb, stav jističů, zásady a uzamčené identifikátory                  |
+| **Umělá inteligence** | Konfigurace rozpočtu promyšleného projektu, globální vkládání promptu do systému, statistiky mezipaměti promptu  |
+| **Moderní**           | Globální konfigurace proxy (HTTP/SOCKS5)                                                                         |

 ---

@@ -688,10 +682,10 @@ Záložka | Obsah

 Přístup přes **Dashboard → Náklady** .

-Záložka | Účel
--- | ---
-**Rozpočet** | Nastavte limity útrat pro každý klíč API s denními/týdenními/měsíčními rozpočty a sledováním v reálném čase
-**Ceny** | Zobrazení a úprava cenových položek modelu – cena za 1000 vstupních/výstupních tokenů na poskytovatele
+| Záložka      | Účel                                                                                                        |
+| ------------ | ----------------------------------------------------------------------------------------------------------- |
+| **Rozpočet** | Nastavte limity útrat pro každý klíč API s denními/týdenními/měsíčními rozpočty a sledováním v reálném čase |
+| **Ceny**     | Zobrazení a úprava cenových položek modelu – cena za 1000 vstupních/výstupních tokenů na poskytovatele      |

 ```bash
 # API: Set a budget
@@ -733,14 +727,14 @@ Podporované zvukové formáty: `mp3` , `wav` , `m4a` , `flac` , `ogg` , `webm`

 Nastavte vyvažování jednotlivých kombinací v **nabídce Dashboard → Kombinace → Vytvořit/Upravit → Strategie** .

-Strategie | Popis
--- | ---
-**Round-Robin** | Postupně prochází modely
-**Přednost** | Vždy se pokusí o první model; vrací se pouze v případě chyby.
-**Náhodný** | Pro každý požadavek vybere náhodný model z komba
-**Vážené** | Trasy proporcionálně na základě přiřazených vah pro každý model
-**Nejméně používané** | Směruje k modelu s nejmenším počtem nedávných požadavků (používá kombinované metriky)
-**Optimalizované z hlediska nákladů** | Trasy k nejlevnějšímu dostupnému modelu (používá ceník)
+| Strategie                             | Popis                                                                                 |
+| ------------------------------------- | ------------------------------------------------------------------------------------- |
+| **Round-Robin**                       | Postupně prochází modely                                                              |
+| **Přednost**                          | Vždy se pokusí o první model; vrací se pouze v případě chyby.                         |
+| **Náhodný**                           | Pro každý požadavek vybere náhodný model z komba                                      |
+| **Vážené**                            | Trasy proporcionálně na základě přiřazených vah pro každý model                       |
+| **Nejméně používané**                 | Směruje k modelu s nejmenším počtem nedávných požadavků (používá kombinované metriky) |
+| **Optimalizované z hlediska nákladů** | Trasy k nejlevnějšímu dostupnému modelu (používá ceník)                               |

 Globální výchozí hodnoty kombinací lze nastavit v **nabídce Dashboard → Settings → Routing → Combo Defaults** .

@@ -750,14 +744,14 @@ Globální výchozí hodnoty kombinací lze nastavit v **nabídce Dashboard →

 Přístup přes **Dashboard → Stav** . Přehled stavu systému v reálném čase se 6 kartami:

-Karta | Co to ukazuje
--- | ---
-**Stav systému** | Doba provozuschopnosti, verze, využití paměti, datový adresář
-**Zdraví poskytovatelů** | Stav jističe podle dodavatele (Zapnuto/Vypnuto/Napůl vypnuto)
-**Limity sazeb** | Aktivní limit rychlosti cooldownů na účet se zbývajícím časem
-**Aktivní výluky** | Poskytovatelé dočasně blokovaní politikou uzamčení
-**Mezipaměť podpisů** | Statistiky mezipaměti pro deduplikaci (aktivní klíče, míra zásahů)
-**Telemetrie latence** | Agregace latence p50/p95/p99 na poskytovatele
+| Karta                    | Co to ukazuje                                                      |
+| ------------------------ | ------------------------------------------------------------------ |
+| **Stav systému**         | Doba provozuschopnosti, verze, využití paměti, datový adresář      |
+| **Zdraví poskytovatelů** | Stav jističe podle dodavatele (Zapnuto/Vypnuto/Napůl vypnuto)      |
+| **Limity sazeb**         | Aktivní limit rychlosti cooldownů na účet se zbývajícím časem      |
+| **Aktivní výluky**       | Poskytovatelé dočasně blokovaní politikou uzamčení                 |
+| **Mezipaměť podpisů**    | Statistiky mezipaměti pro deduplikaci (aktivní klíče, míra zásahů) |
+| **Telemetrie latence**   | Agregace latence p50/p95/p99 na poskytovatele                      |

 **Tip pro profesionály:** Stránka Zdraví se automaticky obnovuje každých 10 sekund. Pomocí karty jističe můžete zjistit, kteří poskytovatelé mají problémy.

@@ -795,20 +789,20 @@ Výstup → `electron/dist-electron/`

 ### Klíčové vlastnosti

-Funkce | Popis
--- | ---
-**Připravenost serveru** | Před zobrazením okna se dotazuje server (žádná prázdná obrazovka)
-**Systémový zásobník** | Minimalizovat do zásobníku, změnit port, ukončit menu v zásobníku
-**Správa přístavů** | Změna portu serveru z panelu úloh (automatické restartování serveru)
-**Zásady zabezpečení obsahu** | Omezující CSP prostřednictvím záhlaví relace
-**Jedna instance** | V daném okamžiku může běžet pouze jedna instance aplikace
-**Offline režim** | Dodávaný server Next.js funguje bez internetu
+| Funkce                        | Popis                                                                |
+| ----------------------------- | -------------------------------------------------------------------- |
+| **Připravenost serveru**      | Před zobrazením okna se dotazuje server (žádná prázdná obrazovka)    |
+| **Systémový zásobník**        | Minimalizovat do zásobníku, změnit port, ukončit menu v zásobníku    |
+| **Správa přístavů**           | Změna portu serveru z panelu úloh (automatické restartování serveru) |
+| **Zásady zabezpečení obsahu** | Omezující CSP prostřednictvím záhlaví relace                         |
+| **Jedna instance**            | V daném okamžiku může běžet pouze jedna instance aplikace            |
+| **Offline režim**             | Dodávaný server Next.js funguje bez internetu                        |

 ### Proměnné prostředí

-Proměnná | Výchozí | Popis
--- | --- | ---
-`OMNIROUTE_PORT` | `20128` | Port serveru
-`OMNIROUTE_MEMORY_MB` | `512` | Limit haldy Node.js (64–16384 MB)
+| Proměnná              | Výchozí | Popis                             |
+| --------------------- | ------- | --------------------------------- |
+| `OMNIROUTE_PORT`      | `20128` | Port serveru                      |
+| `OMNIROUTE_MEMORY_MB` | `512`   | Limit haldy Node.js (64–16384 MB) |

 📖 Úplná dokumentace: [`electron/README.md`](../electron/README.md)
@@ -1,21 +1,23 @@
-# OmniRoute — Guia de Deploy em VM com Cloudflare
+# Průvodce nasazením OmniRoute na VM s Cloudflare

-Kompletní instalace a konfigurace OmniRoute u VM (VPS) s gerenciou přes Cloudflare.
+🌐 **Jazyky:** 🇺🇸 [English](VM_DEPLOYMENT_GUIDE.md) | 🇧🇷 [Português (Brasil)](i18n/pt-BR/VM_DEPLOYMENT_GUIDE.md) | 🇪🇸 [Español](i18n/es/VM_DEPLOYMENT_GUIDE.md) | 🇫🇷 [Français](i18n/fr/VM_DEPLOYMENT_GUIDE.md) | 🇮🇹 [Italiano](i18n/it/VM_DEPLOYMENT_GUIDE.md) | 🇷🇺 [Русский](i18n/ru/VM_DEPLOYMENT_GUIDE.md) | 🇨🇳 [中文 (简体)](i18n/zh-CN/VM_DEPLOYMENT_GUIDE.md) | 🇩🇪 [Deutsch](i18n/de/VM_DEPLOYMENT_GUIDE.md) | 🇮🇳 [हिन्दी](i18n/in/VM_DEPLOYMENT_GUIDE.md) | 🇹🇭 [ไทย](i18n/th/VM_DEPLOYMENT_GUIDE.md) | 🇺🇦 [Українська](i18n/uk-UA/VM_DEPLOYMENT_GUIDE.md) | 🇸🇦 [العربية](i18n/ar/VM_DEPLOYMENT_GUIDE.md) | 🇯🇵 [日本語](i18n/ja/VM_DEPLOYMENT_GUIDE.md) | 🇻🇳 [Tiếng Việt](i18n/vi/VM_DEPLOYMENT_GUIDE.md) | 🇧🇬 [Български](i18n/bg/VM_DEPLOYMENT_GUIDE.md) | 🇩🇰 [Dansk](i18n/da/VM_DEPLOYMENT_GUIDE.md) | 🇫🇮 [Suomi](i18n/fi/VM_DEPLOYMENT_GUIDE.md) | 🇮🇱 [עברית](i18n/he/VM_DEPLOYMENT_GUIDE.md) | 🇭🇺 [Magyar](i18n/hu/VM_DEPLOYMENT_GUIDE.md) | 🇮🇩 [Bahasa Indonesia](i18n/id/VM_DEPLOYMENT_GUIDE.md) | 🇰🇷 [한국어](i18n/ko/VM_DEPLOYMENT_GUIDE.md) | 🇲🇾 [Bahasa Melayu](i18n/ms/VM_DEPLOYMENT_GUIDE.md) | 🇳🇱 [Nederlands](i18n/nl/VM_DEPLOYMENT_GUIDE.md) | 🇳🇴 [Norsk](i18n/no/VM_DEPLOYMENT_GUIDE.md) | 🇵🇹 [Português (Portugal)](i18n/pt/VM_DEPLOYMENT_GUIDE.md) | 🇷🇴 [Română](i18n/ro/VM_DEPLOYMENT_GUIDE.md) | 🇵🇱 [Polski](i18n/pl/VM_DEPLOYMENT_GUIDE.md) | 🇸🇰 [Slovenčina](i18n/sk/VM_DEPLOYMENT_GUIDE.md) | 🇸🇪 [Svenska](i18n/sv/VM_DEPLOYMENT_GUIDE.md) | 🇵🇭 [Filipino](i18n/phi/VM_DEPLOYMENT_GUIDE.md) | 🇨🇿 [Čeština](i18n/cs/VM_DEPLOYMENT_GUIDE.md)
+
+Kompletní průvodce instalací a konfigurací OmniRoute na virtuálním stroji (VPS) se správou domény prostřednictvím Cloudflare.

 ---

 ## Předpoklady

-Položka | Mínimo | Doporučeno
--- | --- | ---
-**Procesor** | 1 virtuální procesor | 2 vCPU
-**BERAN** | 1 GB | 2 GB
-**Disko** | 10GB SSD | 25GB SSD
-**TAK** | Ubuntu 22.04 LTS | Ubuntu 24.04 LTS
-**Domínio** | Registrován v Cloudflare | —
-**Přístavní dělník** | Docker Engine 24+ | Docker 27+
+| Položka      | Minimální                   | Doporučeno       |
+| ------------ | --------------------------- | ---------------- |
+| **Procesor** | 1 virtuální procesor        | 2 vCPU           |
+| **RAM**      | 1 GB                        | 2 GB             |
+| **Disk**     | 10GB SSD                    | 25GB SSD         |
+| **CPU**      | Ubuntu 22.04 LTS            | Ubuntu 24.04 LTS |
+| **Doména**   | Zaregistrována v Cloudflare | —                |
+| **Docker**   | Docker Engine 24+           | Docker 27+       |

-**Testados poskytovatelů** : Akamai (Linode), DigitalOcean, Vultr, Hetzner, AWS Lightsail.
+**Testovaní poskytovatelé**: Akamai (Linode), DigitalOcean, Vultr, Hetzner, AWS Lightsail.

 ---

@@ -23,12 +25,12 @@ Položka | Mínimo | Doporučeno

 ### 1.1 Vytvořit ihned

-Žádný preferovaný poskytovatel seu VPS:
+Žádný preferovaný poskytovatel VPS:

 - Vyberte si Ubuntu 24.04 LTS
- Výběr nebo plano minimo (1 vCPU / 1 GB RAM)
- Definujte sílu pro root nebo konfiguraci klíče SSH
- Anote o **IP público** (např.: `203.0.113.10` )
+- Vyberte minimální plán (1 vCPU / 1 GB RAM)
+- Nastavte silné heslo pro root nebo konfiguraci SSH klíče
+- Poznamenejte si **veřejnou IP** (např.: `203.0.113.10`)

 ### 1.2 Připojení přes SSH

@@ -45,10 +47,10 @@ apt update && apt upgrade -y
 ### 1.4 Instalace Dockeru

 ```bash
-# Instalar dependências
+# Nainstalovat závislosti
 apt install -y ca-certificates curl gnupg

-# Adicionar repositório oficial do Docker
+# Přidat oficiální Docker repository
 install -m 0755 -d /etc/apt/keyrings
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
 chmod a+r /etc/apt/keyrings/docker.gpg
@@ -74,29 +76,29 @@ ufw allow 443/tcp   # HTTPS
 ufw enable
 ```

-> **Dica** : Maximální zabezpečení, omezení jako porty 80 a 443 přístupů pro IP Cloudflare. Veja a seção [Segurança Avançada](#seguran%C3%A7a-avan%C3%A7ada) .
+> **Tip**: Pro maximální zabezpečení omezte porty 80 a 443 pouze na IP Cloudflare. Viz sekce [Pokročilé zabezpečení](#pokrocilé-zabezpečení).

 ---

 ## 2. Instalace OmniRoute

-### 2.1 Criar diretório de configuração
+### 2.1 Vytvořit konfigurační adresář

 ```bash
 mkdir -p /opt/omniroute
 ```

-### 2.2 Criar arquivo de variáveis de ambiente
+### 2.2 Vytvořit soubor s proměnnými prostředí

 ```bash
 cat > /opt/omniroute/.env << 'EOF'
-# === Segurança ===
-JWT_SECRET=ALTERE-PARA-CHAVE-SECRETA-UNICA-64-CHARS
-INITIAL_PASSWORD=SuaSenhaSegura123!
-API_KEY_SECRET=ALTERE-PARA-OUTRA-CHAVE-SECRETA
-STORAGE_ENCRYPTION_KEY=ALTERE-PARA-TERCEIRA-CHAVE-SECRETA
+# === Bezpečnost ===
+JWT_SECRET=CHANGE-TO-A-UNIQUE-64-CHAR-SECRET-KEY
+INITIAL_PASSWORD=YourSecurePassword123!
+API_KEY_SECRET=REPLACE-WITH-ANOTHER-SECRET-KEY
+STORAGE_ENCRYPTION_KEY=REPLACE-WITH-THIRD-SECRET-KEY
 STORAGE_ENCRYPTION_KEY_VERSION=v1
-MACHINE_ID_SALT=ALTERE-PARA-SALT-UNICO
+MACHINE_ID_SALT=CHANGE-TO-A-UNIQUE-SALT

 # === App ===
 PORT=20128
@@ -108,9 +110,9 @@ ENABLE_REQUEST_LOGS=true
 AUTH_COOKIE_SECURE=false
 REQUIRE_API_KEY=false

-# === Domain (altere para seu domínio) ===
-BASE_URL=https://llms.seudominio.com
-NEXT_PUBLIC_BASE_URL=https://llms.seudominio.com
+# === Doména (změňte na vaši doménu) ===
+BASE_URL=https://llms.vasedomena.com
+NEXT_PUBLIC_BASE_URL=https://llms.vasedomena.com

 # === Cloud Sync (opcional) ===
 # CLOUD_URL=https://cloud.omniroute.online
@@ -118,7 +120,7 @@ NEXT_PUBLIC_BASE_URL=https://llms.seudominio.com
 EOF
 ```

-> ⚠️ **DŮLEŽITÉ** : Gere chaves secretas únicas! Použijte `openssl rand -hex 32` para cada chave.
+> ⚠️ **DŮLEŽITÉ**: Vygenerujte jedinečné tajné klíče! Použijte `openssl rand -hex 32` pro každý klíč.

 ### 2.3 Spuštění kontejneru

@@ -147,19 +149,19 @@ Vývojový příklad: `[DB] SQLite database ready` a `listening on port 20128` .

 ## 3. Konfigurace nginx (reverzní proxy)

-### 3.1 Gerar Certificado SSL (Cloudflare Origin)
+### 3.1 Vygenerovat SSL certifikát (Cloudflare Origin)

 Cloudflare nic neřeší:

 1. Používá **SSL/TLS → Origin Server**
-2. **Certifikát Clique Create**
-3. Deixe os padrões (15 ano, *.seudominio.com)
+2. Klikněte na **Vytvořit certifikát**
+3. Ponechte výchozí nastavení (15 let, \*.vasedomena.com)
 4. Zkopírujte nebo zkopírujte **certifikát původu** a **soukromý klíč**

 ```bash
 mkdir -p /etc/nginx/ssl

-# Colar o certificado
+# Vložit certifikát
 nano /etc/nginx/ssl/origin.crt

 # Colar a chave privada
@@ -188,7 +190,7 @@ server {
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
-    server_name llms.seudominio.com;  # Altere para seu domínio
+    server_name llms.vasedomena.com;  # Změňte na vaši doménu

    ssl_certificate     /etc/nginx/ssl/origin.crt;
    ssl_certificate_key /etc/nginx/ssl/origin.key;
@@ -220,7 +222,7 @@ server {
 server {
    listen 80;
    listen [::]:80;
-    server_name llms.seudominio.com;
+    server_name llms.vasedomena.com;
    return 301 https://$server_name$request_uri;
 }
 NGINX
@@ -245,11 +247,11 @@ nginx -t && systemctl reload nginx

 ### 4.1 Další DNS registr

-No painel da Cloudflare → DNS:
+V dashboardu Cloudflare → DNS:

-Typ | Jméno | Obsah | Proxy
--- | --- | --- | ---
-A | `llms` | `203.0.113.10` (IP adresa virtuálního počítače) | ✅ Proxy
+| Typ | Jméno  | Obsah                                           | Proxy    |
+| --- | ------ | ----------------------------------------------- | -------- |
+| A   | `llms` | `203.0.113.10` (IP adresa virtuálního počítače) | ✅ Proxy |

 ### 4.2 Konfigurace SSL

@@ -257,7 +259,7 @@ Em **SSL/TLS → Přehled** :

 - Režim: **Plný (Přísný)**

-Em **SSL/TLS → Edge certifikáty** :
+V **SSL/TLS → Edge Certificates**:

 - Vždy používat HTTPS: ✅ Zapnuto
 - Minimální verze TLS: TLS 1.2
@@ -266,7 +268,7 @@ Em **SSL/TLS → Edge certifikáty** :
 ### 4.3 Testar

 ```bash
-curl -sI https://llms.seudominio.com/health
+curl -sI https://llms.vasedomena.com/health
 # Deve retornar HTTP/2 200
 ```

@@ -289,14 +291,14 @@ docker run -d --name omniroute --restart unless-stopped \
 ### Verzovní protokoly

 ```bash
-docker logs -f omniroute          # Stream em tempo real
+docker logs -f omniroute          # Živý stream
 docker logs omniroute --tail 50   # Últimas 50 linhas
 ```

 ### Ruční zálohování banky

 ```bash
-# Copiar dados do volume para o host
+# Kopírovat data z volume do hostitele
 docker cp omniroute:/app/data ./backup-$(date +%F)

 # Ou comprimir todo o volume
@@ -321,7 +323,7 @@ docker start omniroute

 ```bash
 cat > /etc/nginx/cloudflare-ips.conf << 'CF'
-# Cloudflare IPv4 ranges — atualizar periodicamente
+# Cloudflare IPv4 ranges — aktualizovat pravidelně
 # https://www.cloudflare.com/ips-v4/
 set_real_ip_from 173.245.48.0/20;
 set_real_ip_from 103.21.244.0/22;
@@ -342,7 +344,7 @@ real_ip_header CF-Connecting-IP;
 CF
 ```

-Přidat `nginx.conf` dentro do bloco `http {}` :
+Přidat do `nginx.conf` do bloku `http {}`:

 ```nginx
 include /etc/nginx/cloudflare-ips.conf;
@@ -362,7 +364,7 @@ fail2ban-client status sshd
 ### Bloquear accesso direto na port do Docker

 ```bash
-# Impedir acesso externo direto à porta 20128
+# Zamezit přímému externímu přístupu k portu 20128
 iptables -I DOCKER-USER -p tcp --dport 20128 -j DROP
 iptables -I DOCKER-USER -i lo -p tcp --dport 20128 -j ACCEPT

@@ -389,11 +391,11 @@ Dokumenty jsou kompletní pro [omnirouteCloud/README.md](../omnirouteCloud/READM

 ---

-## Resumo de Portas
+## Přehled portů

-Porta | Služba | Přístup
--- | --- | ---
-22 | SSH | Veřejné (s fail2ban)
-80 | nginx HTTP | Přesměrování → HTTPS
-443 | nginx HTTPS | Prostřednictvím proxy serveru Cloudflare
-20128 | OmniRoute | Někdy na localhostu (přes nginx)
+| Port  | Služba      | Přístup                                  |
+| ----- | ----------- | ---------------------------------------- |
+| 22    | SSH         | Veřejné (s fail2ban)                     |
+| 80    | nginx HTTP  | Přesměrování → HTTPS                     |
+| 443   | nginx HTTPS | Prostřednictvím proxy serveru Cloudflare |
+| 20128 | OmniRoute   | Někdy na localhostu (přes nginx)         |
@@ -1,164 +0,0 @@
-<!DOCTYPE html>
-        <html>
-        <head>
-            <meta charset="UTF-8">
-            <title>V&iacute;cejazy&ccaron;n&aacute; dokumentace</title>
-            <style>
-/* From extension vscode.github */
-/*---------------------------------------------------------------------------------------------
- *  Copyright (c) Microsoft Corporation. All rights reserved.
- *  Licensed under the MIT License. See License.txt in the project root for license information.
- *--------------------------------------------------------------------------------------------*/
-
-.vscode-dark img[src$=\#gh-light-mode-only],
-.vscode-light img[src$=\#gh-dark-mode-only],
-.vscode-high-contrast:not(.vscode-high-contrast-light) img[src$=\#gh-light-mode-only],
-.vscode-high-contrast-light img[src$=\#gh-dark-mode-only] {
-	display: none;
-}
-
-</style>
-            
-        <link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/Microsoft/vscode/extensions/markdown-language-features/media/markdown.css">
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/Microsoft/vscode/extensions/markdown-language-features/media/highlight.css">
-<style>
-            body {
-                font-family: -apple-system, BlinkMacSystemFont, 'Segoe WPC', 'Segoe UI', system-ui, 'Ubuntu', 'Droid Sans', sans-serif;
-                font-size: 14px;
-                line-height: 1.6;
-            }
-        </style>
-        <style>
-.task-list-item {
-    list-style-type: none;
-}
-
-.task-list-item-checkbox {
-    margin-left: -20px;
-    vertical-align: middle;
-    pointer-events: none;
-}
-</style>
-<style>
-:root {
-  --color-note: #0969da;
-  --color-tip: #1a7f37;
-  --color-warning: #9a6700;
-  --color-severe: #bc4c00;
-  --color-caution: #d1242f;
-  --color-important: #8250df;
-}
-
-</style>
-<style>
-@media (prefers-color-scheme: dark) {
-  :root {
-    --color-note: #2f81f7;
-    --color-tip: #3fb950;
-    --color-warning: #d29922;
-    --color-severe: #db6d28;
-    --color-caution: #f85149;
-    --color-important: #a371f7;
-  }
-}
-
-</style>
-<style>
-.markdown-alert {
-  padding: 0.5rem 1rem;
-  margin-bottom: 16px;
-  color: inherit;
-  border-left: .25em solid #888;
-}
-
-.markdown-alert>:first-child {
-  margin-top: 0
-}
-
-.markdown-alert>:last-child {
-  margin-bottom: 0
-}
-
-.markdown-alert .markdown-alert-title {
-  display: flex;
-  font-weight: 500;
-  align-items: center;
-  line-height: 1
-}
-
-.markdown-alert .markdown-alert-title .octicon {
-  margin-right: 0.5rem;
-  display: inline-block;
-  overflow: visible !important;
-  vertical-align: text-bottom;
-  fill: currentColor;
-}
-
-.markdown-alert.markdown-alert-note {
-  border-left-color: var(--color-note);
-}
-
-.markdown-alert.markdown-alert-note .markdown-alert-title {
-  color: var(--color-note);
-}
-
-.markdown-alert.markdown-alert-important {
-  border-left-color: var(--color-important);
-}
-
-.markdown-alert.markdown-alert-important .markdown-alert-title {
-  color: var(--color-important);
-}
-
-.markdown-alert.markdown-alert-warning {
-  border-left-color: var(--color-warning);
-}
-
-.markdown-alert.markdown-alert-warning .markdown-alert-title {
-  color: var(--color-warning);
-}
-
-.markdown-alert.markdown-alert-tip {
-  border-left-color: var(--color-tip);
-}
-
-.markdown-alert.markdown-alert-tip .markdown-alert-title {
-  color: var(--color-tip);
-}
-
-.markdown-alert.markdown-alert-caution {
-  border-left-color: var(--color-caution);
-}
-
-.markdown-alert.markdown-alert-caution .markdown-alert-title {
-  color: var(--color-caution);
-}
-
-</style>
-        
-        </head>
-        <body class="vscode-body vscode-light">
-            <h1 id="vícejazyčná-dokumentace">Vícejazyčná dokumentace</h1>
-<p>Tento adresář obsahuje strojově asistované překlady založené na anglické dokumentaci.</p>
-<ul>
-<li><strong>API_REFERENCE.md</strong> : 🇺🇸 <a href="../API_REFERENCE.html">Česky</a> | 🇧🇷 <a href="./pt-BR/API_REFERENCE.html">Português (Brazílie)</a> | 🇪🇸 <a href="./es/API_REFERENCE.html">Español</a> | 🇫🇷 <a href="./fr/API_REFERENCE.html">Français</a> | 🇮🇹 <a href="./it/API_REFERENCE.html">Italiano</a> | 🇷🇺 <a href="./ru/API_REFERENCE.html">Русский</a> | 🇨🇳<a href="./zh-CN/API_REFERENCE.html">中文 (简体)</a> | 🇩🇪 <a href="./de/API_REFERENCE.html">Deutsch</a> | 🇮🇳 <a href="./in/API_REFERENCE.html">हिन्दी</a> | 🇹🇭 <a href="./th/API_REFERENCE.html">ไทย</a> | 🇺🇦 <a href="./uk-UA/API_REFERENCE.html">Українська</a> | 🇸🇦 <a href="./ar/API_REFERENCE.html">العربية</a> | 🇯🇵<a href="./ja/API_REFERENCE.html">日本語</a>| 🇻🇳 <a href="./vi/API_REFERENCE.html">Tiếng Việt</a> | 🇧🇬 <a href="./bg/API_REFERENCE.html">Български</a> | 🇩🇰 <a href="./da/API_REFERENCE.html">Dánsko</a> | 🇫🇮 <a href="./fi/API_REFERENCE.html">Suomi</a> | 🇮🇱 <a href="./he/API_REFERENCE.html">עברית</a> | 🇭🇺 <a href="./hu/API_REFERENCE.html">maďarština</a> | 🇮🇩 <a href="./id/API_REFERENCE.html">Bahasa Indonésie</a> | 🇰🇷 <a href="./ko/API_REFERENCE.html">한국어</a> | 🇲🇾 <a href="./ms/API_REFERENCE.html">Bahasa Melayu</a> | 🇳🇱 <a href="./nl/API_REFERENCE.html">Nizozemsko</a> | 🇳🇴 <a href="./no/API_REFERENCE.html">Norsk</a> | 🇵🇹 <a href="./pt/API_REFERENCE.html">Português (Portugalsko)</a> | 🇷🇴 <a href="./ro/API_REFERENCE.html">Română</a> | 🇵🇱 <a href="./pl/API_REFERENCE.html">Polski</a> | 🇸🇰 <a href="./sk/API_REFERENCE.html">Slovenčina</a> | 🇸🇪 <a href="./sv/API_REFERENCE.html">Svenska</a> | 🇵🇭 <a href="./phi/API_REFERENCE.html">Filipínec</a></li>
-<li><strong><a href="http://ARCHITECTURE.html">ARCHITECTURE.md</a></strong> : 🇺🇸 <a href="../ARCHITECTURE.html">anglicky</a> | 🇧🇷 <a href="./pt-BR/ARCHITECTURE.html">Português (Brazílie)</a> | 🇪🇸 <a href="./es/ARCHITECTURE.html">Español</a> | 🇫🇷 <a href="./fr/ARCHITECTURE.html">Français</a> | 🇮🇹 <a href="./it/ARCHITECTURE.html">Italiano</a> | 🇷🇺 <a href="./ru/ARCHITECTURE.html">Русский</a> | 🇨🇳<a href="./zh-CN/ARCHITECTURE.html">中文 (简体)</a> | 🇩🇪 <a href="./de/ARCHITECTURE.html">Deutsch</a> | 🇮🇳 <a href="./in/ARCHITECTURE.html">हिन्दी</a> | 🇹🇭 <a href="./th/ARCHITECTURE.html">ไทย</a> | 🇺🇦 <a href="./uk-UA/ARCHITECTURE.html">Українська</a> | 🇸🇦 <a href="./ar/ARCHITECTURE.html">العربية</a> | 🇯🇵<a href="./ja/ARCHITECTURE.html">日本語</a>| 🇻🇳 <a href="./vi/ARCHITECTURE.html">Tiếng Việt</a> | 🇧🇬 <a href="./bg/ARCHITECTURE.html">Български</a> | 🇩🇰 <a href="./da/ARCHITECTURE.html">Dánsko</a> | 🇫🇮 <a href="./fi/ARCHITECTURE.html">Suomi</a> | 🇮🇱 <a href="./he/ARCHITECTURE.html">עברית</a> | 🇭🇺 <a href="./hu/ARCHITECTURE.html">maďarština</a> | 🇮🇩 <a href="./id/ARCHITECTURE.html">Bahasa Indonésie</a> | 🇰🇷 <a href="./ko/ARCHITECTURE.html">한국어</a> | 🇲🇾 <a href="./ms/ARCHITECTURE.html">Bahasa Melayu</a> | 🇳🇱 <a href="./nl/ARCHITECTURE.html">Nizozemsko</a> | 🇳🇴 <a href="./no/ARCHITECTURE.html">Norsk</a> | 🇵🇹 <a href="./pt/ARCHITECTURE.html">Português (Portugalsko)</a> | 🇷🇴 <a href="./ro/ARCHITECTURE.html">Română</a> | 🇵🇱 <a href="./pl/ARCHITECTURE.html">Polski</a> | 🇸🇰 <a href="./sk/ARCHITECTURE.html">Slovenčina</a> | 🇸🇪 <a href="./sv/ARCHITECTURE.html">Svenska</a> | 🇵🇭 <a href="./phi/ARCHITECTURE.html">Filipínec</a></li>
-<li><strong>CODEBASE_DOCUMENTATION.md</strong> : 🇺🇸 <a href="../CODEBASE_DOCUMENTATION.html">anglicky</a> | 🇧🇷 <a href="./pt-BR/CODEBASE_DOCUMENTATION.html">Português (Brazílie)</a> | 🇪🇸 <a href="./es/CODEBASE_DOCUMENTATION.html">Español</a> | 🇫🇷 <a href="./fr/CODEBASE_DOCUMENTATION.html">Français</a> | 🇮🇹 <a href="./it/CODEBASE_DOCUMENTATION.html">Italiano</a> | 🇷🇺 <a href="./ru/CODEBASE_DOCUMENTATION.html">Русский</a> | 🇨🇳<a href="./zh-CN/CODEBASE_DOCUMENTATION.html">中文 (简体)</a> | 🇩🇪 <a href="./de/CODEBASE_DOCUMENTATION.html">Deutsch</a> | 🇮🇳 <a href="./in/CODEBASE_DOCUMENTATION.html">हिन्दी</a> | 🇹🇭 <a href="./th/CODEBASE_DOCUMENTATION.html">ไทย</a> | 🇺🇦 <a href="./uk-UA/CODEBASE_DOCUMENTATION.html">Українська</a> | 🇸🇦 <a href="./ar/CODEBASE_DOCUMENTATION.html">العربية</a> | 🇯🇵<a href="./ja/CODEBASE_DOCUMENTATION.html">日本語</a>| 🇻🇳 <a href="./vi/CODEBASE_DOCUMENTATION.html">Tiếng Việt</a> | 🇧🇬 <a href="./bg/CODEBASE_DOCUMENTATION.html">Български</a> | 🇩🇰 <a href="./da/CODEBASE_DOCUMENTATION.html">Dánsko</a> | 🇫🇮 <a href="./fi/CODEBASE_DOCUMENTATION.html">Suomi</a> | 🇮🇱 <a href="./he/CODEBASE_DOCUMENTATION.html">עברית</a> | 🇭🇺 <a href="./hu/CODEBASE_DOCUMENTATION.html">maďarština</a> | 🇮🇩 <a href="./id/CODEBASE_DOCUMENTATION.html">Bahasa Indonésie</a> | 🇰🇷 <a href="./ko/CODEBASE_DOCUMENTATION.html">한국어</a> | 🇲🇾 <a href="./ms/CODEBASE_DOCUMENTATION.html">Bahasa Melayu</a> | 🇳🇱 <a href="./nl/CODEBASE_DOCUMENTATION.html">Nizozemsko</a> | 🇳🇴 <a href="./no/CODEBASE_DOCUMENTATION.html">Norsk</a> | 🇵🇹 <a href="./pt/CODEBASE_DOCUMENTATION.html">Português (Portugalsko)</a> | 🇷🇴 <a href="./ro/CODEBASE_DOCUMENTATION.html">Română</a> | 🇵🇱 <a href="./pl/CODEBASE_DOCUMENTATION.html">Polski</a> | 🇸🇰 <a href="./sk/CODEBASE_DOCUMENTATION.html">Slovenčina</a> | 🇸🇪 <a href="./sv/CODEBASE_DOCUMENTATION.html">Svenska</a> | 🇵🇭 <a href="./phi/CODEBASE_DOCUMENTATION.html">Filipínec</a></li>
-<li><strong><a href="http://FEATURES.html">FEATURES.md</a></strong> : 🇺🇸 <a href="../FEATURES.html">anglicky</a> | 🇧🇷 <a href="./pt-BR/FEATURES.html">Português (Brazílie)</a> | 🇪🇸 <a href="./es/FEATURES.html">Español</a> | 🇫🇷 <a href="./fr/FEATURES.html">Français</a> | 🇮🇹 <a href="./it/FEATURES.html">Italiano</a> | 🇷🇺 <a href="./ru/FEATURES.html">Русский</a> | 🇨🇳<a href="./zh-CN/FEATURES.html">中文 (简体)</a> | 🇩🇪 <a href="./de/FEATURES.html">Deutsch</a> | 🇮🇳 <a href="./in/FEATURES.html">हिन्दी</a> | 🇹🇭 <a href="./th/FEATURES.html">ไทย</a> | 🇺🇦 <a href="./uk-UA/FEATURES.html">Українська</a> | 🇸🇦 <a href="./ar/FEATURES.html">العربية</a> | 🇯🇵<a href="./ja/FEATURES.html">日本語</a>| 🇻🇳 <a href="./vi/FEATURES.html">Tiếng Việt</a> | 🇧🇬 <a href="./bg/FEATURES.html">Български</a> | 🇩🇰 <a href="./da/FEATURES.html">Dánsko</a> | 🇫🇮 <a href="./fi/FEATURES.html">Suomi</a> | 🇮🇱 <a href="./he/FEATURES.html">עברית</a> | 🇭🇺 <a href="./hu/FEATURES.html">maďarština</a> | 🇮🇩 <a href="./id/FEATURES.html">Bahasa Indonésie</a> | 🇰🇷 <a href="./ko/FEATURES.html">한국어</a> | 🇲🇾 <a href="./ms/FEATURES.html">Bahasa Melayu</a> | 🇳🇱 <a href="./nl/FEATURES.html">Nizozemsko</a> | 🇳🇴 <a href="./no/FEATURES.html">Norsk</a> | 🇵🇹 <a href="./pt/FEATURES.html">Português (Portugalsko)</a> | 🇷🇴 <a href="./ro/FEATURES.html">Română</a> | 🇵🇱 <a href="./pl/FEATURES.html">Polski</a> | 🇸🇰 <a href="./sk/FEATURES.html">Slovenčina</a> | 🇸🇪 <a href="./sv/FEATURES.html">Svenska</a> | 🇵🇭 <a href="./phi/FEATURES.html">Filipínec</a></li>
-<li><strong><a href="http://TOUBLESHOOTING.html">TOUBLESHOOTING.md</a></strong> : 🇺🇸 <a href="../TROUBLESHOOTING.html">anglicky</a> | 🇧🇷 <a href="./pt-BR/TROUBLESHOOTING.html">Português (Brazílie)</a> | 🇪🇸 <a href="./es/TROUBLESHOOTING.html">Español</a> | 🇫🇷 <a href="./fr/TROUBLESHOOTING.html">Français</a> | 🇮🇹 <a href="./it/TROUBLESHOOTING.html">Italiano</a> | 🇷🇺 <a href="./ru/TROUBLESHOOTING.html">Русский</a> | 🇨🇳<a href="./zh-CN/TROUBLESHOOTING.html">中文 (简体)</a> | 🇩🇪 <a href="./de/TROUBLESHOOTING.html">Deutsch</a> | 🇮🇳 <a href="./in/TROUBLESHOOTING.html">हिन्दी</a> | 🇹🇭 <a href="./th/TROUBLESHOOTING.html">ไทย</a> | 🇺🇦 <a href="./uk-UA/TROUBLESHOOTING.html">Українська</a> | 🇸🇦 <a href="./ar/TROUBLESHOOTING.html">العربية</a> | 🇯🇵<a href="./ja/TROUBLESHOOTING.html">日本語</a>| 🇻🇳 <a href="./vi/TROUBLESHOOTING.html">Tiếng Việt</a> | 🇧🇬 <a href="./bg/TROUBLESHOOTING.html">Български</a> | 🇩🇰 <a href="./da/TROUBLESHOOTING.html">Dánsko</a> | 🇫🇮 <a href="./fi/TROUBLESHOOTING.html">Suomi</a> | 🇮🇱 <a href="./he/TROUBLESHOOTING.html">עברית</a> | 🇭🇺 <a href="./hu/TROUBLESHOOTING.html">maďarština</a> | 🇮🇩 <a href="./id/TROUBLESHOOTING.html">Bahasa Indonésie</a> | 🇰🇷 <a href="./ko/TROUBLESHOOTING.html">한국어</a> | 🇲🇾 <a href="./ms/TROUBLESHOOTING.html">Bahasa Melayu</a> | 🇳🇱 <a href="./nl/TROUBLESHOOTING.html">Nizozemsko</a> | 🇳🇴 <a href="./no/TROUBLESHOOTING.html">Norsk</a> | 🇵🇹 <a href="./pt/TROUBLESHOOTING.html">Português (Portugalsko)</a> | 🇷🇴 <a href="./ro/TROUBLESHOOTING.html">Română</a> | 🇵🇱 <a href="./pl/TROUBLESHOOTING.html">Polski</a> | 🇸🇰 <a href="./sk/TROUBLESHOOTING.html">Slovenčina</a> | 🇸🇪 <a href="./sv/TROUBLESHOOTING.html">Svenska</a> | 🇵🇭 <a href="./phi/TROUBLESHOOTING.html">Filipínec</a></li>
-<li><strong>USER_GUIDE.md</strong> : 🇺🇸 <a href="../USER_GUIDE.html">anglicky</a> | 🇧🇷 <a href="./pt-BR/USER_GUIDE.html">Português (Brazílie)</a> | 🇪🇸 <a href="./es/USER_GUIDE.html">Español</a> | 🇫🇷 <a href="./fr/USER_GUIDE.html">Français</a> | 🇮🇹 <a href="./it/USER_GUIDE.html">Italiano</a> | 🇷🇺 <a href="./ru/USER_GUIDE.html">Русский</a> | 🇨🇳<a href="./zh-CN/USER_GUIDE.html">中文 (简体)</a> | 🇩🇪 <a href="./de/USER_GUIDE.html">Deutsch</a> | 🇮🇳 <a href="./in/USER_GUIDE.html">हिन्दी</a> | 🇹🇭 <a href="./th/USER_GUIDE.html">ไทย</a> | 🇺🇦 <a href="./uk-UA/USER_GUIDE.html">Українська</a> | 🇸🇦 <a href="./ar/USER_GUIDE.html">العربية</a> | 🇯🇵<a href="./ja/USER_GUIDE.html">日本語</a>| 🇻🇳 <a href="./vi/USER_GUIDE.html">Tiếng Việt</a> | 🇧🇬 <a href="./bg/USER_GUIDE.html">Български</a> | 🇩🇰 <a href="./da/USER_GUIDE.html">Dánsko</a> | 🇫🇮 <a href="./fi/USER_GUIDE.html">Suomi</a> | 🇮🇱 <a href="./he/USER_GUIDE.html">עברית</a> | 🇭🇺 <a href="./hu/USER_GUIDE.html">maďarština</a> | 🇮🇩 <a href="./id/USER_GUIDE.html">Bahasa Indonésie</a> | 🇰🇷 <a href="./ko/USER_GUIDE.html">한국어</a> | 🇲🇾 <a href="./ms/USER_GUIDE.html">Bahasa Melayu</a> | 🇳🇱 <a href="./nl/USER_GUIDE.html">Nizozemsko</a> | 🇳🇴 <a href="./no/USER_GUIDE.html">Norsk</a> | 🇵🇹 <a href="./pt/USER_GUIDE.html">Português (Portugalsko)</a> | 🇷🇴 <a href="./ro/USER_GUIDE.html">Română</a> | 🇵🇱 <a href="./pl/USER_GUIDE.html">Polski</a> | 🇸🇰 <a href="./sk/USER_GUIDE.html">Slovenčina</a> | 🇸🇪 <a href="./sv/USER_GUIDE.html">Svenska</a> | 🇵🇭 <a href="./phi/USER_GUIDE.html">Filipínec</a></li>
-</ul>
-<h2 id="nedávná-poznámka-zásady-limitů-pro-účty-codex">Nedávná poznámka: Zásady limitů pro účty Codex</h2>
-<p>Dokumentace nyní zahrnuje chování zásad kvót na úrovni účtu Codex:</p>
-<ul>
-<li>Přepínání pro jednotlivé účty: <code>5h</code> a <code>Weekly</code> (ZAP/VYP).</li>
-<li>Zásady prahových hodnot: povolené okno dosahující &gt;=90 % označuje účet jako nezpůsobilý k výběru.</li>
-<li>Automatická rotace: provoz se přesune na další způsobilý účet Codex.</li>
-<li>Automatické opětovné použití: účet se opět stane způsobilým po úspěšném <code>resetAt</code> poskytovatele.</li>
-</ul>
-<p>Vygenerováno 26. února 2026.</p>
-
-            
-            
-        </body>
-        </html>
@@ -8,73 +8,6 @@ _Din universelle API-proxy — ét slutpunkt, 36+ udbydere, ingen nedetid. Nu me

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-<div align="center">
-
-[![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
-[![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
-[![Licens](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
-[![Websted](https://img.shields.io/badge/Website-omniroute.online-blue?logo=google-chrome&logoColor=white)](https://omniroute.online)
-[![WhatsApp](https://img.shields.io/badge/WhatsApp-Community-25D366?logo=whatsapp&logoColor=white)](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
-
-[🌐 Hjemmeside](https://omniroute.online) • [🚀 Hurtig start](#-quick-start) • [💡 Funktioner](#-key-features) • [📖 Docs](#-documentation) • [💡 Priser](#-pricing-at-a-glance) • [💬 WhatsApp](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
-
-</div>
-
-🌐 **Tilgængelig på:** 🇺🇸 [engelsk](../../README.md) | 🇧🇷 [Português (Brasil)](../pt-BR/README.md) | 🇪🇸 [Español](../es/README.md) | 🇫🇷 [Français](../fr/README.md) | 🇮🇹 [Italiano](../it/README.md) | 🇷🇺 [Русский](../ru/README.md) | 🇨🇳 [中文 (简体)](../zh-CN/README.md) | 🇩🇪 [Tysk](../de/README.md) | 🇮🇳 [हिन्दी](../in/README.md) | 🇹🇭 [ไทย](../th/README.md) | 🇺🇦 [Українська](../uk-UA/README.md) | 🇸🇦 [العربية](../ar/README.md) | 🇯🇵 [日本語](../ja/README.md) | 🇻🇳 [Tiếng Việt](../vi/README.md) | 🇧🇬 [Български](../bg/README.md) | 🇩🇰 [Dansk](../da/README.md) | 🇫🇮 [Suomi](../fi/README.md) | 🇮🇱 [engelsk](../he/README.md) | 🇭🇺 [Magyar](../hu/README.md) | 🇮🇩 [Bahasa Indonesien](../id/README.md) | 🇰🇷 [한국어](../ko/README.md) | 🇲🇾 [Bahasa Melayu](../ms/README.md) | 🇳🇱 [Nederlands](../nl/README.md) | 🇳🇴 [norsk](../no/README.md) | 🇵🇹 [Português (Portugal)](../pt/README.md) | 🇷🇴 [Română](../ro/README.md) | 🇵🇱 [Polski](../pl/README.md) | 🇸🇰 [Slovenčina](../sk/README.md) | 🇸🇪 [Svenska](../sv/README.md) | 🇵🇭 [filippinsk](../phi/README.md)
-
---
-
-## 🖼️ Hovedbetjeningspanel
-
-<div align="center">
-  <img src="./docs/screenshots/MainOmniRoute.png" alt="OmniRoute Dashboard" width="800"/>
-</div>
-
---
-
-## 📸 Dashboard Preview
-
-<details>
-<summary><b>Klik for at se skærmbilleder af dashboard</b></summary>
-
-| Side              | Skærmbillede                                        |
-| ----------------- | --------------------------------------------------- |
-| **Udbydere**      | ![Udbydere](docs/screenshots/01-providers.png)      |
-| **Komboer**       | ![Combos](docs/screenshots/02-combos.png)           |
-| **Analyse**       | ![Analytics](docs/screenshots/03-analytics.png)     |
-| **Sundhed**       | ![Sundhed](docs/screenshots/04-health.png)          |
-| **Oversætter**    | ![Oversætter](docs/screenshots/05-translator.png)   |
-| **Indstillinger** | ![Indstillinger](docs/screenshots/06-settings.png)  |
-| **CLI-værktøjer** | ![CLI-værktøjer](docs/screenshots/07-cli-tools.png) |
-| **Brugslogfiler** | ![Brug](docs/screenshots/08-usage.png)              |
-| **Endpunkt**      | ![Endpoint](docs/screenshots/09-endpoint.png)       |
-
-</details>
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Gratis AI-udbyder til dine foretrukne kodningsagenter

 _Tilslut ethvert AI-drevet IDE- eller CLI-værktøj gennem OmniRoute - gratis API-gateway til ubegrænset kodning._
@@ -159,6 +92,34 @@ _Tilslut ethvert AI-drevet IDE- eller CLI-værktøj gennem OmniRoute - gratis AP

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 ## 🤔 Hvorfor OmniRoute?

 **Stop med at spilde penge og nå grænser:**
@@ -977,6 +938,8 @@ OmniRoute v2.0 er bygget som en operationel platform, ikke kun en relæ-proxy.
 | 🧙 **Onboarding Wizard**               | Første kørsel guidet opsætning                                 |
 | 🔧 **CLI Tools Dashboard**             | Et-klik opsætning til populære kodningsværktøjer               |
 | 🌐 **i18n (30 sprog)**                 | Fuldt dashboard + understøttelse af docs-sprog med RTL-dækning |
+| 🧹 **Clear All Models**                | One-click model list clearing in provider details              |
+| 📋 **Issue Templates**                 | Standardized GitHub templates for bugs and features            |
 | 📂 **Tilpasset datakatalog**           | `DATA_DIR` tilsidesættelse af lagerplacering                   |

 ### Feature Deep Dive
@@ -8,61 +8,6 @@ _Ihr universeller API-Proxy – ein Endpunkt, mehr als 36 Anbieter, keine Ausfal

 ---

-### 🆕 Neu in v2.7.0
-
- **Erweiterbare RouterStrategy** — Regeln-, Kosten- und Latenzstrategien
- **Mehrsprachige Absichtserkennung** — Routing-Scoring in 30+ Sprachen
- **Anfrage-Deduplizierung** — doppelte API-Aufrufe per Content-Hash vermeiden
- **Neue Anbieter:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Aktualisierte Preise:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-<div align="center">
-
-[![npm-Version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
-[![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
-[![Lizenz](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
-[![Website](https://img.shields.io/badge/Website-omniroute.online-blue?logo=google-chrome&logoColor=white)](https://omniroute.online)
-[![WhatsApp](https://img.shields.io/badge/WhatsApp-Community-25D366?logo=whatsapp&logoColor=white)](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
-
-[🌐 Website](https://omniroute.online) • [🚀 Schnellstart](#-quick-start) • [💡 Funktionen](#-key-features) • [📖 Dokumente](#-documentation) • [💰 Preise](#-pricing-at-a-glance) • [💬 WhatsApp](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
-
-</div>
-
-🌐 **Verfügbar in:** 🇺🇸 [Englisch](../../README.md) | 🇧🇷 [Português (Brasilien)](../pt-BR/README.md) | 🇪🇸 [Español](../es/README.md) | 🇫🇷 [Français](../fr/README.md) | 🇮🇹 [Italienisch](../it/README.md) | 🇷🇺 [Русский](../ru/README.md) | 🇨🇳 [中文 (简体)](../zh-CN/README.md) | 🇩🇪 [Deutsch](../de/README.md) | 🇮🇳 [हिन्दी](../in/README.md) | 🇹🇭 [ไทย](../th/README.md) | 🇺🇦 [Українська](../uk-UA/README.md) | 🇸🇦 [العربية](../ar/README.md) | 🇯🇵 [日本語](../ja/README.md) | 🇻🇳 [Tiếng Việt](../vi/README.md) | 🇧🇬 [Български](../bg/README.md) | 🇩🇰 [Dänisch](../da/README.md) | 🇫🇮 [Suomi](../fi/README.md) | 🇮🇱 [עברית](../he/README.md) | 🇭🇺 [Magyar](../hu/README.md) | 🇮🇩 [Bahasa Indonesia](../id/README.md) | 🇰🇷 [한국어](../ko/README.md) | 🇲🇾 [Bahasa Melayu](../ms/README.md) | 🇳🇱 [Niederlande](../nl/README.md) | 🇳🇴 [Norsk](../no/README.md) | 🇵🇹 [Português (Portugal)](../pt/README.md) | 🇷🇴 [Română](../ro/README.md) | 🇵🇱 [Polski](../pl/README.md) | 🇸🇰 [Slovenčina](../sk/README.md) | 🇸🇪 [Svenska](../sv/README.md) | 🇵🇭 [Philippinisch](../phi/README.md)
-
---
-
-## 🖼️ Haupt-Dashboard
-
-<div align="center">
-  <img src="./docs/screenshots/MainOmniRoute.png" alt="OmniRoute Dashboard" width="800"/>
-</div>
-
---
-
-## 📸 Dashboard-Vorschau
-
-<details>
-<summary><b>Klicken Sie hier, um Dashboard-Screenshots anzuzeigen</b></summary>
-
-| Seite                  | Screenshot                                         |
-| ---------------------- | -------------------------------------------------- |
-| **Anbieter**           | ![Anbieter](docs/screenshots/01-providers.png)     |
-| **Kombinationen**      | ![Combos](docs/screenshots/02-combos.png)          |
-| **Analytik**           | ![Analytics](docs/screenshots/03-analytics.png)    |
-| **Gesundheit**         | ![Gesundheit](docs/screenshots/04-health.png)      |
-| **Übersetzer**         | ![Übersetzer](docs/screenshots/05-translator.png)  |
-| **Einstellungen**      | ![Einstellungen](docs/screenshots/06-settings.png) |
-| **CLI-Tools**          | ![CLI-Tools](docs/screenshots/07-cli-tools.png)    |
-| **Nutzungsprotokolle** | ![Verwendung](docs/screenshots/08-usage.png)       |
-| **Endpunkt**           | ![Endpunkt](docs/screenshots/09-endpoint.png)      |
-
-</details>
-
---
-
 ### 🤖 Kostenloser KI-Anbieter für Ihre bevorzugten Programmieragenten

 _Verbinden Sie jedes KI-gestützte IDE- oder CLI-Tool über OmniRoute – kostenloses API-Gateway für unbegrenzte Codierung._
@@ -147,6 +92,34 @@ _Verbinden Sie jedes KI-gestützte IDE- oder CLI-Tool über OmniRoute – kosten

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 ## 🤔 Warum OmniRoute?

 **Hören Sie auf, Geld zu verschwenden und an Grenzen zu stoßen:**
@@ -890,18 +863,6 @@ Wenn OmniRoute minimiert ist, befindet es sich mit schnellen Aktionen in Ihrer T

 OmniRoute v2.0 ist als Betriebsplattform konzipiert und nicht nur als Relay-Proxy.

-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Agenten- und Protokolloperationen (v2.0)| Funktion | Was es tut |

 | ------------------------------------ | -------------------------------------------------------------------------------- |
@@ -981,6 +942,8 @@ OmniRoute v2.0 ist als Betriebsplattform konzipiert und nicht nur als Relay-Prox
 | 🧙 **Onboarding-Assistent**                 | Erstmaliges geführtes Setup                                                    |
 | 🔧 **CLI-Tools-Dashboard**                  | Ein-Klick-Setup für beliebte Codierungstools                                   |
 | 🌐 **i18n (30 Sprachen)**                   | Vollständige Sprachunterstützung für Dashboard und Dokumente mit RTL-Abdeckung |
+| 🧹 **Clear All Models**                     | One-click model list clearing in provider details                              |
+| 📋 **Issue Templates**                      | Standardized GitHub templates for bugs and features                            |
 | 📂 **Benutzerdefiniertes Datenverzeichnis** | `DATA_DIR`-Überschreibung für Speicherort                                      |

 ### Feature Deep Dive
@@ -11,28 +11,6 @@ _Tu proxy de API universal — un endpoint, 36+ proveedores, cero tiempo de inac

 ---

-### 🆕 Novedades en v2.7.0
-
- **RouterStrategy enchufable** — estrategias de reglas, costo y latencia
- **Detección de intención multilingüe** — puntuación de enrutamiento en 30+ idiomas
- **Deduplicación de solicitudes** — evita llamadas duplicadas por hash de contenido
- **Nuevos proveedores:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Precios actualizados:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Proveedor de IA Gratuito para tus agentes de programación favoritos

 _Conecta cualquier IDE o herramienta CLI con IA a través de OmniRoute — gateway de API gratuito para programación ilimitada._
@@ -118,6 +96,38 @@ _Conecta cualquier IDE o herramienta CLI con IA a través de OmniRoute — gatew

 ---

+### 🆕 What's New in v3.0.0
+
+| Area | Change |
+| --- | --- |
+| 🔒 **CodeQL Security** | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection |
+| ✅ **Route Validation** | All 176 API routes validated with Zod schemas + `validateBody()` |
+| 🐛 **omniModel Tag Leak** | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585) |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons** | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback |
+| 🔄 **Model Auto-Sync** | 24h scheduler refreshes model lists for 16 providers |
+| 🌐 **OpenCode Zen/Go** | Two new providers: free tier + subscription tier |
+| 🔧 **926 Tests** | Full test suite passes with 0 failures |
+
+
+
+### 🆕 What's New in v3.0.0
+
+| Area | Change |
+| --- | --- |
+| 🔒 **CodeQL Security** | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection |
+| ✅ **Route Validation** | All 176 API routes validated with Zod schemas + `validateBody()` |
+| 🐛 **omniModel Tag Leak** | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585) |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons** | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback |
+| 🔄 **Model Auto-Sync** | 24h scheduler refreshes model lists for 16 providers |
+| 🌐 **OpenCode Zen/Go** | Two new providers: free tier + subscription tier |
+| 🔧 **926 Tests** | Full test suite passes with 0 failures |
+
+---
+
+
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -11,28 +11,6 @@ _Universaali API-välityspalvelin – yksi päätepiste, yli 36 palveluntarjoaja

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Ilmainen AI Provider suosikkikoodaajillesi

 _Yhdistä mikä tahansa tekoälyllä toimiva IDE- tai CLI-työkalu OmniRouten kautta – ilmainen API-yhdyskäytävä rajoittamattomaan koodaukseen._
@@ -118,6 +96,34 @@ _Yhdistä mikä tahansa tekoälyllä toimiva IDE- tai CLI-työkalu OmniRouten ka

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -928,6 +934,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **DB-varmuuskopiot**             | Automaattinen varmuuskopiointi, palautus, vienti ja tuonti kaikille asetuksille  |
 | 🌐 **Kansainvälistyminen**          | Täysi i18n next-intl:llä — Englanti + portugali (Brasilia) tuki                  |
 | 🌍 **Kielenvalitsin**               | Maapallokuvake otsikossa reaaliaikaista kielenvaihtoa varten (🇺🇸/🇧🇷)             |
+| 🧹 **Clear All Models**             | One-click model list clearing in provider details                                |
+| 📋 **Issue Templates**              | Standardized GitHub templates for bugs and features                              |
 | 📂 **Muokattu tietohakemisto**      | `DATA_DIR` env var ohittaa oletusarvoisen `~/.omniroute`-tallennuspolun          |

 <details>
@@ -11,28 +11,6 @@ _Votre proxy API universel — un endpoint, 36+ fournisseurs, zéro temps d'arr

 ---

-### 🆕 Nouveautés dans v2.7.0
-
- **RouterStrategy extensible** — stratégies de règles, coût et latence
- **Détection d'intention multilingue** — scoring de routage en 30+ langues
- **Déduplication des requêtes** — évite les appels dupliqués via hash de contenu
- **Nouveaux fournisseurs :** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Tarifs mis à jour :** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Fournisseur IA gratuit pour vos agents de programmation préférés

 _Connectez n'importe quel IDE ou outil CLI alimenté par l'IA via OmniRoute — passerelle API gratuite pour un codage illimité._
@@ -118,6 +96,38 @@ _Connectez n'importe quel IDE ou outil CLI alimenté par l'IA via OmniRoute —

 ---

+### 🆕 What's New in v3.0.0
+
+| Area | Change |
+| --- | --- |
+| 🔒 **CodeQL Security** | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection |
+| ✅ **Route Validation** | All 176 API routes validated with Zod schemas + `validateBody()` |
+| 🐛 **omniModel Tag Leak** | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585) |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons** | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback |
+| 🔄 **Model Auto-Sync** | 24h scheduler refreshes model lists for 16 providers |
+| 🌐 **OpenCode Zen/Go** | Two new providers: free tier + subscription tier |
+| 🔧 **926 Tests** | Full test suite passes with 0 failures |
+
+
+
+### 🆕 What's New in v3.0.0
+
+| Area | Change |
+| --- | --- |
+| 🔒 **CodeQL Security** | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection |
+| ✅ **Route Validation** | All 176 API routes validated with Zod schemas + `validateBody()` |
+| 🐛 **omniModel Tag Leak** | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585) |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons** | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback |
+| 🔄 **Model Auto-Sync** | 24h scheduler refreshes model lists for 16 providers |
+| 🌐 **OpenCode Zen/Go** | Two new providers: free tier + subscription tier |
+| 🔧 **926 Tests** | Full test suite passes with 0 failures |
+
+---
+
+
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -11,28 +11,6 @@ _שרת ה-API האוניברסלי שלך - נקודת קצה אחת, 36+ ספ

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 ספק AI בחינם עבור סוכני הקידוד המועדפים עליך

 _חבר כל כלי IDE או CLI המופעל על ידי AI דרך OmniRoute - שער API בחינם לקידוד בלתי מוגבל._
@@ -118,6 +96,34 @@ _חבר כל כלי IDE או CLI המופעל על ידי AI דרך OmniRoute -

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -927,6 +933,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **גיבויים של DB**               | גיבוי, שחזור, ייצוא וייבוא אוטומטי עבור כל ההגדרות                  |
 | 🌐 **בינלאומיות**                  | i18n מלא עם next-intl — תמיכה באנגלית + פורטוגזית (ברזיל)             |
 | 🌍 **בורר שפה**                    | סמל גלובוס בכותרת למעבר שפה בזמן אמת (🇺🇸/🇧🇷)                          |
+| 🧹 **Clear All Models**            | One-click model list clearing in provider details                     |
+| 📋 **Issue Templates**             | Standardized GitHub templates for bugs and features                   |
 | 📂 **ספריית נתונים מותאמים אישית** | `DATA_DIR` env var כדי לעקוף את ברירת המחדל `~/.omniroute` נתיב אחסון |

 <details>
@@ -11,28 +11,6 @@ _Az univerzális API-proxy – egy végpont, 36+ szolgáltató, nulla állásid

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Ingyenes mesterséges intelligencia szolgáltató kedvenc kódoló ügynökei számára

 _Csatlakoztasson bármilyen mesterséges intelligencia-alapú IDE-t vagy CLI-eszközt az OmniRoute-on keresztül – ingyenes API-átjáró a korlátlan kódoláshoz._
@@ -118,6 +96,34 @@ _Csatlakoztasson bármilyen mesterséges intelligencia-alapú IDE-t vagy CLI-esz

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -928,6 +934,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **DB biztonsági mentések** | Automatikus biztonsági mentés, visszaállítás, exportálás és importálás az összes beállításhoz |
 | 🌐 **Nemzetközivé válás**     | Teljes i18n next-intl-vel – angol + portugál (Brazília) támogatás                             |
 | 🌍 **Nyelvválasztó**          | Globe ikon a fejlécben a valós idejű nyelvváltáshoz (🇺🇸/🇧🇷)                                   |
+| 🧹 **Clear All Models**       | One-click model list clearing in provider details                                             |
+| 📋 **Issue Templates**        | Standardized GitHub templates for bugs and features                                           |
 | 📂 **Egyéni adattár**         | `DATA_DIR` env var felülírja az alapértelmezett `~/.omniroute` tárolási útvonalat             |

 <details>
@@ -11,28 +11,6 @@ _Proksi API universal Anda — satu titik akhir, 36+ penyedia, tanpa waktu henti

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Penyedia AI gratis untuk agen coding favorit Anda

 _Hubungkan alat IDE atau CLI apa pun yang didukung AI melalui OmniRoute — gerbang API gratis untuk pengkodean tanpa batas._
@@ -118,6 +96,34 @@ _Hubungkan alat IDE atau CLI apa pun yang didukung AI melalui OmniRoute — gerb

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -928,6 +934,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **Cadangan DB**           | Pencadangan, pemulihan, ekspor & impor otomatis untuk semua pengaturan       |
 | 🌐 **Internasionalisasi**    | I18n lengkap dengan next-intl — Dukungan Inggris + Portugis (Brasil)         |
 | 🌍 **Pemilih Bahasa**        | Ikon bola dunia di header untuk peralihan bahasa secara real-time (🇮🇩/🇧🇷)    |
+| 🧹 **Clear All Models**      | One-click model list clearing in provider details                            |
+| 📋 **Issue Templates**       | Standardized GitHub templates for bugs and features                          |
 | 📂 **Direktori Data Khusus** | `DATA_DIR` env var untuk mengganti jalur penyimpanan `~/.omniroute` default  |

 <details>
@@ -13,28 +13,6 @@ _आपका सार्वभौमिक एपीआई प्रॉक्

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 आपके पसंदीदा कोडिंग एजेंटों के लिए निःशुल्क एआई प्रदाता

 _OmniRoute के माध्यम से किसी भी AI-संचालित IDE या CLI टूल को कनेक्ट करें - असीमित कोडिंग के लिए निःशुल्क API गेटवे।_
@@ -43,6 +21,34 @@ _OmniRoute के माध्यम से किसी भी AI-संचा

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -824,6 +830,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **डीबी बैकअप**            | सभी सेटिंग्स के लिए स्वचालित बैकअप, पुनर्स्थापना, निर्यात और आयात            |
 | 🌐 **अंतर्राष्ट्रीयकरण**     | नेक्स्ट-इंटल के साथ पूर्ण i18n - अंग्रेजी + पुर्तगाली (ब्राजील) समर्थन       |
 | 🌍 **भाषा चयनकर्ता**         | रीयल-टाइम भाषा स्विचिंग के लिए हेडर में ग्लोब आइकन (🇺🇸/🇧🇷)                   |
+| 🧹 **Clear All Models**      | One-click model list clearing in provider details                            |
+| 📋 **Issue Templates**       | Standardized GitHub templates for bugs and features                          |
 | 📂 **कस्टम डेटा निर्देशिका** | `DATA_DIR` env var डिफ़ॉल्ट `~/.omniroute` संग्रहण पथ को ओवरराइड करने के लिए |

 <summary><b>📖 सुविधा विवरण</b></summary>
@@ -5,34 +5,12 @@

 ### Non smettere mai di programmare. Routing intelligente verso **modelli IA GRATUITI e economici** con fallback automatico.

-_Il tuo proxy API universale — un endpoint, 36+ provider, zero downtime._
+_Il tuo proxy API universale — un endpoint, 67+ provider, zero downtime._

 **Chat Completions • Embeddings • Generazione Immagini • Audio • Reranking • 100% TypeScript**

 ---

-### 🆕 Novità in v2.7.0
-
- **RouterStrategy estensibile** — strategie per regole, costo e latenza
- **Rilevamento intento multilingue** — scoring di routing in 30+ lingue
- **Deduplicazione richieste** — evita chiamate duplicate tramite hash del contenuto
- **Nuovi provider:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Prezzi aggiornati:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Provider IA gratuito per i tuoi agenti di programmazione preferiti

 _Connetti qualsiasi IDE o strumento CLI con IA tramite OmniRoute — gateway API gratuito per programmazione illimitata._
@@ -118,6 +96,38 @@ _Connetti qualsiasi IDE o strumento CLI con IA tramite OmniRoute — gateway API

 ---

+### 🆕 What's New in v3.0.0
+
+| Area | Change |
+| --- | --- |
+| 🔒 **CodeQL Security** | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection |
+| ✅ **Route Validation** | All 176 API routes validated with Zod schemas + `validateBody()` |
+| 🐛 **omniModel Tag Leak** | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585) |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons** | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback |
+| 🔄 **Model Auto-Sync** | 24h scheduler refreshes model lists for 16 providers |
+| 🌐 **OpenCode Zen/Go** | Two new providers: free tier + subscription tier |
+| 🔧 **926 Tests** | Full test suite passes with 0 failures |
+
+
+
+### 🆕 What's New in v3.0.0
+
+| Area | Change |
+| --- | --- |
+| 🔒 **CodeQL Security** | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection |
+| ✅ **Route Validation** | All 176 API routes validated with Zod schemas + `validateBody()` |
+| 🐛 **omniModel Tag Leak** | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585) |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons** | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback |
+| 🔄 **Model Auto-Sync** | 24h scheduler refreshes model lists for 16 providers |
+| 🌐 **OpenCode Zen/Go** | Two new providers: free tier + subscription tier |
+| 🔧 **926 Tests** | Full test suite passes with 0 failures |
+
+---
+
+
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -11,28 +11,6 @@ _ユニバーサル API プロキシ — 1 つのエンドポイント、36 以

 ---

-### 🆕 v2.7.0 の新機能
-
- **プラガブル RouterStrategy** — ルール・コスト・レイテンシ戦略をサポート
- **多言語インテント検出** — 30以上の言語でルーティングスコアリング
- **リクエスト重複排除** — コンテンツハッシュで重複 API 呼び出しを防止
- **新しいプロバイダー：** Grok-4 Fast (xAI)、GLM-5 / Z.AI、MiniMax M2.5、Kimi K2.5
- **価格更新：** Grok-4 Fast $0.20/$0.50/M、GLM-5 $0.50/M、MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 お気に入りのコーディング エージェント向けの無料 AI プロバイダー

 _AI を活用した IDE または CLI ツールを、無制限のコーディングのための無料 API ゲートウェイである OmniRoute 経由で接続します。_
@@ -118,6 +96,34 @@ _AI を活用した IDE または CLI ツールを、無制限のコーディン

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -929,6 +935,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **DB バックアップ**              | すべての設定の自動バックアップ、復元、エクスポートとインポート                      |
 | 🌐 **国際化**                       | next-intl を備えた完全な i18n — 英語 + ポルトガル語 (ブラジル) のサポート           |
 | 🌍 **言語セレクター**               | リアルタイム言語切り替え用のヘッダーの地球儀アイコン (🇺🇸/🇧🇷)                        |
+| 🧹 **Clear All Models**             | One-click model list clearing in provider details                                   |
+| 📋 **Issue Templates**              | Standardized GitHub templates for bugs and features                                 |
 | 📂 **カスタム データ ディレクトリ** | デフォルトの `~/.omniroute` ストレージ パスをオーバーライドする `DATA_DIR` 環境変数 |

 <details>
@@ -11,28 +11,6 @@ _범용 API 프록시 — 하나의 엔드포인트, 36개 이상의 공급자,

 ---

-### 🆕 v2.7.0 새로운 기능
-
- **플러그형 RouterStrategy** — 규칙, 비용, 지연 전략 지원
- **다국어 의도 감지** — 30개 이상 언어로 라우팅 스코어링
- **요청 중복 제거** — 콘텐츠 해시로 중복 API 호출 방지
- **새 공급자:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **가격 업데이트:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 좋아하는 코딩 에이전트를 위한 무료 AI 제공업체

 _무제한 코딩을 위한 무료 API 게이트웨이인 OmniRoute를 통해 AI 기반 IDE 또는 CLI 도구를 연결하세요._
@@ -118,6 +96,34 @@ _무제한 코딩을 위한 무료 API 게이트웨이인 OmniRoute를 통해 AI

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -927,6 +933,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **DB 백업**                     | 모든 설정에 대한 자동 백업, 복원, 내보내기 및 가져오기            |
 | 🌐 **국제화**                      | next-intl이 포함된 전체 i18n — 영어 + 포르투갈어(브라질) 지원     |
 | 🌍 **언어 선택기**                 | 실시간 언어 전환을 위한 헤더의 지구본 아이콘(🇺🇸/🇧🇷)               |
+| 🧹 **Clear All Models**            | One-click model list clearing in provider details                 |
+| 📋 **Issue Templates**             | Standardized GitHub templates for bugs and features               |
 | 📂 **사용자 정의 데이터 디렉터리** | `DATA_DIR` env var는 기본 `~/.omniroute` 저장 경로를 재정의합니다 |

 <details>
@@ -11,28 +11,6 @@ _Proksi API universal anda — satu titik akhir, 36+ pembekal, masa henti sifar.

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Pembekal AI percuma untuk ejen pengekodan kegemaran anda

 _Sambungkan mana-mana alat IDE atau CLI berkuasa AI melalui OmniRoute — get laluan API percuma untuk pengekodan tanpa had._
@@ -118,6 +96,34 @@ _Sambungkan mana-mana alat IDE atau CLI berkuasa AI melalui OmniRoute — get la

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -928,6 +934,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **Sandaran DB**            | Sandaran automatik, pulihkan, eksport & import untuk semua tetapan      |
 | 🌐 **Pengantarabangsaan**     | i18n penuh dengan next-intl — sokongan Inggeris + Portugis (Brazil)     |
 | 🌍 **Pemilih Bahasa**         | Ikon glob dalam pengepala untuk penukaran bahasa masa nyata (🇺🇸/🇧🇷)     |
+| 🧹 **Clear All Models**       | One-click model list clearing in provider details                       |
+| 📋 **Issue Templates**        | Standardized GitHub templates for bugs and features                     |
 | 📂 **Direktori Data Tersuai** | `DATA_DIR` env var untuk mengatasi laluan storan lalai `~/.omniroute`   |

 <details>
@@ -11,28 +11,6 @@ _Uw universele API-proxy: één eindpunt, meer dan 36 providers, geen downtime._

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Gratis AI-provider voor uw favoriete codeeragenten

 _Verbind elke AI-aangedreven IDE- of CLI-tool via OmniRoute: gratis API-gateway voor onbeperkte codering._
@@ -118,6 +96,34 @@ _Verbind elke AI-aangedreven IDE- of CLI-tool via OmniRoute: gratis API-gateway

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -246,7 +252,7 @@ OpenAI gebruikt het ene formaat, Claude (Anthropic) gebruikt een ander, Gemini n

 **Hoe OmniRoute het oplost:**

- **Unified Endpoint** — Eén enkele `http://localhost:20128/v1` dient als proxy voor alle 36+ providers
+- **Unified Endpoint** — Eén enkele `http://localhost:20128/v1` dient als proxy voor alle 67+ providers
 - **Formatvertaling** — Automatisch en transparant: OpenAI ↔ Claude ↔ Gemini ↔ Responses API
 - **Response Sanitization** — Verwijdert niet-standaardvelden (`x_groq`, `usage_breakdown`, `service_tier`) die OpenAI SDK v1.83+ breken
 - **Rolnormalisatie** — Converteert `developer` → `system` voor niet-OpenAI-providers; `system` → `user` voor GLM/ERNIE
@@ -927,6 +933,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **DB-back-ups**            | Automatische back-up, herstel, export en import voor alle instellingen          |
 | 🌐 **Internationalisering**   | Volledige i18n met next-intl — Engels + Portugees (Brazilië) ondersteuning      |
 | 🌍 **Taalkiezer**             | Wereldbolpictogram in koptekst voor realtime taalwisseling (🇺🇸/🇧🇷)              |
+| 🧹 **Clear All Models**       | One-click model list clearing in provider details                               |
+| 📋 **Issue Templates**        | Standardized GitHub templates for bugs and features                             |
 | 📂 **Aangepaste gegevensmap** | `DATA_DIR` env var om standaard `~/.omniroute` opslagpad te overschrijven       |

 <details>
@@ -11,28 +11,6 @@ _Din universelle API-proxy – ett endepunkt, 36+ leverandører, null nedetid._

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Gratis AI-leverandør for dine favorittkodeagenter

 _Koble til ethvert AI-drevet IDE- eller CLI-verktøy gjennom OmniRoute – gratis API-gateway for ubegrenset koding._
@@ -118,6 +96,34 @@ _Koble til ethvert AI-drevet IDE- eller CLI-verktøy gjennom OmniRoute – grati

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -928,6 +934,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **DB-sikkerhetskopier**       | Automatisk sikkerhetskopiering, gjenoppretting, eksport og import for alle innstillinger |
 | 🌐 **Internasjonalisering**      | Full i18n med neste-intl — støtte for engelsk + portugisisk (Brasil)                     |
 | 🌍 **Språkvelger**               | Globusikon i overskriften for sanntids språkbytte (🇺🇸/🇧🇷)                                |
+| 🧹 **Clear All Models**          | One-click model list clearing in provider details                                        |
+| 📋 **Issue Templates**           | Standardized GitHub templates for bugs and features                                      |
 | 📂 **Tilpasset datakatalog**     | `DATA_DIR` env var for å overstyre standard `~/.omniroute` lagringsbane                  |

 <details>
@@ -5,34 +5,12 @@

 ### Huwag kailanman ihinto ang coding. Smart routing sa **LIBRE at murang mga modelo ng AI** na may awtomatikong fallback.

-_Iyong unibersal na API proxy — isang endpoint, 36+ provider, zero downtime._
+_Iyong unibersal na API proxy — isang endpoint, 67+ provider, zero downtime._

 **Mga Pagkumpleto ng Chat • Mga Pag-embed • Pagbuo ng Imahe • Audio • Pag-rerank • 100% TypeScript**

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Libreng AI Provider para sa iyong mga paboritong coding agent

 _Ikonekta ang anumang AI-powered IDE o CLI tool sa pamamagitan ng OmniRoute — libreng API gateway para sa walang limitasyong coding._
@@ -118,6 +96,34 @@ _Ikonekta ang anumang AI-powered IDE o CLI tool sa pamamagitan ng OmniRoute —

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -246,7 +252,7 @@ Gumagamit ang OpenAI ng isang format, gumagamit si Claude (Anthropic) ng isa pa,

 **Paano ito niresolba ng OmniRoute:**

- **Pinag-isang Endpoint** — Isang `http://localhost:20128/v1` ang nagsisilbing proxy para sa lahat ng 36+ provider
+- **Pinag-isang Endpoint** — Isang `http://localhost:20128/v1` ang nagsisilbing proxy para sa lahat ng 67+ provider
 - **Format Translation** — Awtomatiko at transparent: OpenAI ↔ Claude ↔ Gemini ↔ Responses API
 - **Response Sanitization** — Tinatanggal ang mga hindi karaniwang field (`x_groq`, `usage_breakdown`, `service_tier`) na sumisira sa OpenAI SDK v1.83+
 - **Role Normalization** — Kino-convert ang `developer` → `system` para sa mga provider na hindi OpenAI; `system` → `user` para sa GLM/ERNIE
@@ -331,7 +337,7 @@ Gumagamit ang mga developer ng Cursor, Claude Code, Codex CLI, OpenClaw, Gemini
 - **CLI Tools Dashboard** — Nakatuon na page na may isang-click na setup para sa Claude Code, Codex CLI, OpenClaw, Kilo Code, Antigravity, Cline
 - **GitHub Copilot Config Generator** — Bumubuo ng `chatLanguageModels.json` para sa VS Code na may maramihang pagpili ng modelo
 - **Onboarding Wizard** — May gabay na 4-step na pag-setup para sa mga unang beses na user
- **Isang endpoint, lahat ng modelo** — I-configure ang `http://localhost:20128/v1` nang isang beses, i-access ang 36+ provider
+- **Isang endpoint, lahat ng modelo** — I-configure ang `http://localhost:20128/v1` nang isang beses, i-access ang 67+ provider

 </details>

@@ -929,6 +935,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **Mga Backup ng DB**             | Awtomatikong pag-backup, pagpapanumbalik, pag-export at pag-import para sa lahat ng mga setting |
 | 🌐 **Internasyonalisasyon**         | Buong i18n na may next-intl — suporta sa English + Portuguese (Brazil)                          |
 | 🌍 **Pili ng Wika**                 | Globe icon sa header para sa real-time na paglipat ng wika (🇺🇸/🇧🇷)                              |
+| 🧹 **Clear All Models**             | One-click model list clearing in provider details                                               |
+| 📋 **Issue Templates**              | Standardized GitHub templates for bugs and features                                             |
 | 📂 **Custom na Direktoryo ng Data** | `DATA_DIR` env var to override default `~/.omniroute` storage path                              |

 <details>
@@ -11,28 +11,6 @@ _Twój uniwersalny serwer proxy API — jeden punkt końcowy, ponad 36 dostawcó

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Bezpłatny dostawca AI dla Twoich ulubionych agentów kodujących

 _Połącz dowolne narzędzie IDE lub CLI oparte na sztucznej inteligencji poprzez OmniRoute — bezpłatną bramę API dla nieograniczonego kodowania._
@@ -118,6 +96,34 @@ _Połącz dowolne narzędzie IDE lub CLI oparte na sztucznej inteligencji poprze

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -927,6 +933,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **Kopie zapasowe DB**             | Automatyczne tworzenie kopii zapasowych, przywracanie, eksportowanie i importowanie wszystkich ustawień |
 | 🌐 **Internacjonalizacja**           | Pełny i18n z next-intl — obsługa języka angielskiego i portugalskiego (Brazylia)                        |
 | 🌍 **Wybór języka**                  | Ikona kuli ziemskiej w nagłówku umożliwiająca zmianę języka w czasie rzeczywistym (🇺🇸/🇧🇷)               |
+| 🧹 **Clear All Models**              | One-click model list clearing in provider details                                                       |
+| 📋 **Issue Templates**               | Standardized GitHub templates for bugs and features                                                     |
 | 📂 **Niestandardowy katalog danych** | `DATA_DIR` env var, aby zastąpić domyślną ścieżkę przechowywania `~/.omniroute`                         |

 <details>
@@ -11,28 +11,6 @@ _Seu proxy de API universal — um endpoint, 36+ provedores, zero tempo de inati

 ---

-### 🆕 Novidades na v2.7.0
-
- **RouterStrategy plugável** — estratégias de regras, custo e latência
- **Detecção de intenção multilíngue** — scoring de roteamento em 30+ idiomas
- **Deduplicação de requisições** — evita chamadas duplicadas por hash de conteúdo
- **Novos provedores:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Preços atualizados:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Provedor de IA Gratuito para seus agentes de programação favoritos

 _Conecte qualquer IDE ou ferramenta CLI com IA através do OmniRoute — gateway de API gratuito para programação ilimitada._
@@ -118,6 +96,34 @@ _Conecte qualquer IDE ou ferramenta CLI com IA através do OmniRoute — gateway

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -819,24 +825,28 @@ Quando minimizado, o OmniRoute fica na bandeja do sistema com ações rápidas:

 ## 💰 Preços Resumidos

-| Tier              | Provedor          | Custo                        | Reset de Cota     | Melhor Para             |
-| ----------------- | ----------------- | ---------------------------- | ----------------- | ----------------------- |
-| **💳 ASSINATURA** | Claude Code (Pro) | $20/mês                      | 5h + semanal      | Já é assinante          |
-|                   | Codex (Plus/Pro)  | $20-200/mês                  | 5h + semanal      | Usuários OpenAI         |
-|                   | Gemini CLI        | **GRATUITO**                 | 180K/mês + 1K/dia | Todos!                  |
-|                   | GitHub Copilot    | $10-19/mês                   | Mensal            | Usuários GitHub         |
-| **🔑 API KEY**    | NVIDIA NIM        | **GRATUITO** (1000 créditos) | Único             | Testes gratuitos        |
-|                   | DeepSeek          | Por uso                      | Nenhum            | Melhor preço/qualidade  |
-|                   | Groq              | Tier gratuito + pago         | Limitado          | Inferência ultra-rápida |
-|                   | xAI (Grok)        | Por uso                      | Nenhum            | Modelos Grok            |
-|                   | Mistral           | Tier gratuito + pago         | Limitado          | IA Europeia             |
-|                   | OpenRouter        | Por uso                      | Nenhum            | 100+ modelos            |
-| **💰 BARATO**     | GLM-4.7           | $0.6/1M                      | Diário 10h        | Backup econômico        |
-|                   | MiniMax M2.1      | $0.2/1M                      | Rotativo 5h       | Opção mais barata       |
-|                   | Kimi K2           | $9/mês fixo                  | 10M tokens/mês    | Custo previsível        |
-| **🆓 GRATUITO**   | iFlow             | $0                           | Ilimitado         | 8 modelos gratuitos     |
-|                   | Qwen              | $0                           | Ilimitado         | 3 modelos gratuitos     |
-|                   | Kiro              | $0                           | Ilimitado         | Claude gratuito         |
+| Tier              | Provedor          | Custo                        | Reset de Cota     | Melhor Para                    |
+| ----------------- | ----------------- | ---------------------------- | ----------------- | ------------------------------ |
+| **💳 ASSINATURA** | Claude Code (Pro) | $20/mês                      | 5h + semanal      | Já é assinante                 |
+|                   | Codex (Plus/Pro)  | $20-200/mês                  | 5h + semanal      | Usuários OpenAI                |
+|                   | Gemini CLI        | **GRATUITO**                 | 180K/mês + 1K/dia | Todos!                         |
+|                   | GitHub Copilot    | $10-19/mês                   | Mensal            | Usuários GitHub                |
+| **🔑 API KEY**    | NVIDIA NIM        | **GRATUITO** (1000 créditos) | Único             | Testes gratuitos               |
+|                   | DeepSeek          | Por uso                      | Nenhum            | Melhor preço/qualidade         |
+|                   | Groq              | Tier gratuito + pago         | Limitado          | Inferência ultra-rápida        |
+|                   | xAI (Grok)        | Por uso                      | Nenhum            | Modelos Grok                   |
+|                   | Mistral           | Tier gratuito + pago         | Limitado          | IA Europeia                    |
+|                   | OpenRouter        | Por uso                      | Nenhum            | 100+ modelos                   |
+| **💰 BARATO**     | GLM-4.7           | $0.6/1M                      | Diário 10h        | Backup econômico               |
+|                   | MiniMax M2.1      | $0.2/1M                      | Rotativo 5h       | Opção mais barata              |
+|                   | Kimi K2           | $9/mês fixo                  | 10M tokens/mês    | Custo previsível               |
+| **🆓 GRATUITO**   | iFlow             | $0                           | Ilimitado         | 8 modelos gratuitos            |
+|                   | Qwen              | $0                           | Ilimitado         | 3 modelos gratuitos            |
+|                   | Kiro              | $0                           | Ilimitado         | Claude gratuito                |
+|                   | LongCat 🆕        | **$0** (50M tok/dia 🔥)      | 1 req/s           | Maior cota grátis do mundo     |
+|                   | Pollinations 🆕   | **$0** (sem chave API)       | 1 req/15s         | GPT-5, Claude, DeepSeek, Llama |
+|                   | Cloudflare AI 🆕  | **$0** (10K Neurons/dia)     | ~150 resp/dia     | 50+ modelos, edge global       |
+|                   | Scaleway AI 🆕    | **$0** (1M tokens total)     | Limitado por taxa | EU/GDPR, Qwen3 235B, Llama 70B |

 **💡 Dica Pro:** Comece com Gemini CLI (180K grátis/mês) + iFlow (ilimitado grátis) = $0 de custo!

@@ -934,6 +944,8 @@ Por que isso é relevante:
 | 🔄 **Backups de DB**              | Backup, restauração, exportação e importação automática de todas as configurações |
 | 🌐 **Internacionalização**        | i18n completo com next-intl — suporte a 30 idiomas com RTL                        |
 | 🌍 **Seletor de Idioma**          | Ícone de globo no cabeçalho para troca entre 30 idiomas em tempo real             |
+| 🧹 **Clear All Models**           | One-click model list clearing in provider details                                 |
+| 📋 **Issue Templates**            | Standardized GitHub templates for bugs and features                               |
 | 📂 **Diretório de Dados Custom**  | Variável `DATA_DIR` para sobrescrever o caminho padrão `~/.omniroute`             |

 <details>
@@ -1223,6 +1235,53 @@ Modelos:
  kr/claude-haiku-4.5
 ```

+### LongCat AI (GRATUITO 50M tokens/dia!) 🆕
+
+1. Cadastre-se: [longcat.chat](https://longcat.chat) com e-mail ou telefone
+2. Gere uma chave de API gratuita
+3. Dashboard → Adicionar Provedor → LongCat
+
+**Modelos:**
+
+- `lc/LongCat-Flash-Lite` — **50M tokens/dia** 💥 (maior cota gratuita do mundo!)
+- `lc/LongCat-Flash-Chat` — 500K tokens/dia
+- `lc/LongCat-Flash-Thinking` — 500K tokens/dia (raciocínio)
+
+> 100% gratuito durante o beta público. Reset diário à meia-noite UTC.
+
+### Pollinations AI (SEM CHAVE NECESSÁRIA!) 🆕
+
+1. Adicione o provedor Pollinations no Dashboard
+2. Deixe o campo de chave API vazio (ou coloque qualquer string)
+3. Comece a usar imediatamente!
+
+**Modelos via `pol/`:** `openai` (GPT-5), `claude`, `gemini`, `deepseek`, `llama` (Llama 4)
+
+> Sem cadastro, sem chave, sem cartão de crédito. 1 req/15s ilimitado.
+
+### Cloudflare Workers AI (GRATUITO 10K Neurons/dia!) 🆕
+
+1. Cadastre-se: [dash.cloudflare.com](https://dash.cloudflare.com)
+2. Gere um API Token em Profile → API Tokens
+3. Copie seu Account ID (coluna direita do dashboard)
+4. Dashboard → Adicionar Provedor → Cloudflare AI
+   - API Key: seu token
+   - Account ID: seu account ID
+
+**Modelos via `cf/`:** `@cf/meta/llama-3.3-70b-instruct`, `@cf/google/gemma-3-12b-it`, 50+ mais
+
+> 10K Neurons/dia ≈ 150 respostas de LLM ou 500s de transcrição Whisper gratuita!
+
+### Scaleway AI (1M tokens gratuitos!) 🆕
+
+1. Cadastre-se: [console.scaleway.com](https://console.scaleway.com)
+2. Gere uma chave de API IAM
+3. Dashboard → Adicionar Provedor → Scaleway
+
+**Modelos via `scw/`:** `qwen3-235b-a22b-instruct-2507` (Qwen3 235B!), `llama-3.1-70b-instruct`
+
+> 1M tokens gratuitos para novas contas. Dados processados na 🇫🇷 França (EU/GDPR).
+
 </details>

 <details>
@@ -11,28 +11,6 @@ _Seu proxy de API universal — um endpoint, mais de 36 provedores, tempo de ina

 ---

-### 🆕 Novidades na v2.7.0
-
- **RouterStrategy extensível** — estratégias de regras, custo e latência
- **Deteção de intenção multilíngue** — scoring de encaminhamento em 30+ idiomas
- **Deduplicação de pedidos** — evita chamadas duplicadas por hash de conteúdo
- **Novos fornecedores:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Preços atualizados:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Provedor de IA gratuito para seus agentes de codificação favoritos

 _Conecte qualquer ferramenta IDE ou CLI com tecnologia de IA por meio do OmniRoute - gateway de API gratuito para codificação ilimitada._
@@ -118,6 +96,34 @@ _Conecte qualquer ferramenta IDE ou CLI com tecnologia de IA por meio do OmniRou

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -928,6 +934,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **Backups de banco de dados**        | Backup, restauração, exportação e importação automáticos para todas as configurações |
 | 🌐 **Internacionalização**              | i18n completo com next-intl — Suporte Inglês + Português (Brasil)                    |
 | 🌍 **Seletor de idioma**                | Ícone de globo no cabeçalho para troca de idioma em tempo real (🇺🇸/🇧🇷)               |
+| 🧹 **Clear All Models**                 | One-click model list clearing in provider details                                    |
+| 📋 **Issue Templates**                  | Standardized GitHub templates for bugs and features                                  |
 | 📂 **Diretório de dados personalizado** | `DATA_DIR` env var para substituir o caminho de armazenamento padrão `~/.omniroute`  |

 <details>
@@ -11,28 +11,6 @@ _Proxy-ul dvs. universal API - un punct final, peste 36 de furnizori, zero timpi

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Furnizor AI gratuit pentru agenții tăi preferați de codare

 _Conectați orice instrument IDE sau CLI alimentat de AI prin OmniRoute — gateway API gratuit pentru codare nelimitată._
@@ -118,6 +96,34 @@ _Conectați orice instrument IDE sau CLI alimentat de AI prin OmniRoute — gate

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -930,6 +936,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **Backup-uri DB**                  | Backup automat, restaurare, export și import pentru toate setările              |
 | 🌐 **Internaționalizare**             | I18n complet cu next-intl — suport engleză + portugheză (Brazilia)              |
 | 🌍 **Selector de limbă**              | Pictograma glob în antet pentru schimbarea limbii în timp real (🇺🇸/🇧🇷)          |
+| 🧹 **Clear All Models**               | One-click model list clearing in provider details                               |
+| 📋 **Issue Templates**                | Standardized GitHub templates for bugs and features                             |
 | 📂 **Director de date personalizate** | `DATA_DIR` env var pentru a înlocui calea de stocare implicită `~/.omniroute`   |

 <details>
@@ -11,28 +11,6 @@ _Ваш универсальный API-прокси — одна точка до

 ---

-### 🆕 Новое в v2.7.0
-
- **Подключаемая RouterStrategy** — стратегии по правилам, стоимости и задержке
- **Многоязычное распознавание намерений** — маршрутизация на 30+ языках
- **Дедупликация запросов** — устранение дублей по хэшу содержимого
- **Новые провайдеры:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Обновлённые цены:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Бесплатный AI-провайдер для ваших любимых агентов программирования

 _Подключайте любую IDE или CLI-инструмент с AI через OmniRoute — бесплатный API gateway для неограниченного программирования._
@@ -118,6 +96,38 @@ _Подключайте любую IDE или CLI-инструмент с AI ч

 ---

+### 🆕 What's New in v3.0.0
+
+| Area | Change |
+| --- | --- |
+| 🔒 **CodeQL Security** | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection |
+| ✅ **Route Validation** | All 176 API routes validated with Zod schemas + `validateBody()` |
+| 🐛 **omniModel Tag Leak** | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585) |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons** | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback |
+| 🔄 **Model Auto-Sync** | 24h scheduler refreshes model lists for 16 providers |
+| 🌐 **OpenCode Zen/Go** | Two new providers: free tier + subscription tier |
+| 🔧 **926 Tests** | Full test suite passes with 0 failures |
+
+
+
+### 🆕 What's New in v3.0.0
+
+| Area | Change |
+| --- | --- |
+| 🔒 **CodeQL Security** | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection |
+| ✅ **Route Validation** | All 176 API routes validated with Zod schemas + `validateBody()` |
+| 🐛 **omniModel Tag Leak** | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585) |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons** | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback |
+| 🔄 **Model Auto-Sync** | 24h scheduler refreshes model lists for 16 providers |
+| 🌐 **OpenCode Zen/Go** | Two new providers: free tier + subscription tier |
+| 🔧 **926 Tests** | Full test suite passes with 0 failures |
+
+---
+
+
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -376,7 +386,7 @@ Claude Code, Codex, Gemini CLI, Copilot — все используют OAuth 2.
 - **Панель управления унифицированными журналами** — 4 вкладки: журналы запросов, журналы прокси, журналы аудита, консоль.
 - **Консольный просмотр журнала** — просмотрщик в режиме терминала в режиме реального времени с уровнями с цветовой кодировкой, автоматической прокруткой, поиском и фильтрацией.
 - **Журналы прокси-сервера SQLite** — постоянные журналы, сохраняющиеся после перезапуска сервера.
- **Площадка переводчика** — 4 режима отладки: Площадка (перевод формата), Тестер чата (туда и обратно), Тестовый стенд (пакетный), Мониторинг в реальном времени (в режиме реального времени).
+- **Площадка транслятора (Translator Playground)** — 4 режима отладки: Площадка (перевод формата), Тестер чата (туда и обратно), Тестовый стенд (пакетный), Мониторинг в реальном времени (в режиме реального времени).
 - **Запрос телеметрии** — задержка p50/p95/p99 + отслеживание X-Request-Id
 - **Журналирование на основе файлов с ротацией** — перехватчик консоли записывает все в журнал JSON с ротацией на основе размера.

@@ -441,7 +451,7 @@ Claude Code, Codex, Gemini CLI, Copilot — все используют OAuth 2.

 - **Оценки LLM** — тестирование золотого набора с 10 предварительно загруженными вариантами, охватывающими приветствия, математику, географию, генерацию кода, соответствие JSON, перевод, уценку, отказ от безопасности.
 - **4 стратегии сопоставления** — `exact`, `contains`, `regex`, `custom` (функция JS)
- **Тестовый стенд Translator Playground** — пакетное тестирование с несколькими входными данными и ожидаемыми результатами, сравнение между поставщиками.
+- **Тестовый стенд (Testbed)** — пакетное тестирование с несколькими входными данными и ожидаемыми результатами, сравнение между поставщиками.
 - **Тестер чата** — полный цикл с визуальным отображением ответов.
 - **Живой монитор** — поток всех запросов, проходящих через прокси, в реальном времени.

@@ -1006,7 +1016,7 @@ OmniRoute включает встроенный фреймворк оценки

 - Приветствия, математика, география, генерация кода
 - Соответствие формату JSON, перевод, markdown
- Отказ от небезопасного контента, подсчёт, булева логика
+- Отказ от небезопасного контента (Safety refusal), подсчёт, булева логика

 ### Стратегии оценки

@@ -11,28 +11,6 @@ _Váš univerzálny proxy server API – jeden koncový bod, 36+ poskytovateľov

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Bezplatný poskytovateľ AI pre vašich obľúbených kódovacích agentov

 _Pripojte akýkoľvek nástroj IDE alebo CLI poháňaný AI cez OmniRoute – bezplatnú bránu API pre neobmedzené kódovanie._
@@ -118,6 +96,34 @@ _Pripojte akýkoľvek nástroj IDE alebo CLI poháňaný AI cez OmniRoute – be

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -931,6 +937,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **Zálohy DB**               | Automatické zálohovanie, obnovenie, export a import všetkých nastavení          |
 | 🌐 **Internacionalizácia**     | Plný i18n s next-intl — podpora angličtiny + portugalčiny (Brazília)            |
 | 🌍 **Výber jazyka**            | Ikona zemegule v hlavičke na prepínanie jazyka v reálnom čase (🇺🇸/🇧🇷)           |
+| 🧹 **Clear All Models**        | One-click model list clearing in provider details                               |
+| 📋 **Issue Templates**         | Standardized GitHub templates for bugs and features                             |
 | 📂 **Custom Data Directory**   | `DATA_DIR` env var na prepísanie predvolenej cesty úložiska `~/.omniroute`      |

 <details>
@@ -11,28 +11,6 @@ _Din universella API-proxy — en slutpunkt, 36+ leverantörer, noll driftstopp.

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Gratis AI-leverantör för dina favoritkodningsagenter

 _Anslut alla AI-drivna IDE- eller CLI-verktyg via OmniRoute — gratis API-gateway för obegränsad kodning._
@@ -118,6 +96,34 @@ _Anslut alla AI-drivna IDE- eller CLI-verktyg via OmniRoute — gratis API-gatew

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -929,6 +935,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **DB-säkerhetskopior**        | Automatisk säkerhetskopiering, återställning, export och import för alla inställningar |
 | 🌐 **Internationalisering**      | Fullständig i18n med nästa-intl — stöd för engelska + portugisiska (Brasilien)         |
 | 🌍 **Språkväljare**              | Globikon i rubriken för språkväxling i realtid (🇺🇸/🇧🇷)                                 |
+| 🧹 **Clear All Models**          | One-click model list clearing in provider details                                      |
+| 📋 **Issue Templates**           | Standardized GitHub templates for bugs and features                                    |
 | 📂 **Anpassad datakatalog**      | `DATA_DIR` env var för att åsidosätta standard `~/.omniroute` lagringssökväg           |

 <details>
@@ -11,28 +11,6 @@ _พร็อกซี API สากลของคุณ — จุดสิ้

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 ผู้ให้บริการ AI ฟรีสำหรับตัวแทนการเขียนโค้ดที่คุณชื่นชอบ

 _เชื่อมต่อเครื่องมือ IDE หรือ CLI ที่ขับเคลื่อนด้วย AI ผ่าน OmniRoute — เกตเวย์ API ฟรีสำหรับการเข้ารหัสไม่จำกัด_
@@ -118,6 +96,34 @@ _เชื่อมต่อเครื่องมือ IDE หรือ CLI

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -928,6 +934,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **การสำรองฐานข้อมูล**             | สำรองข้อมูล กู้คืน ส่งออก & นำเข้าอัตโนมัติสำหรับการตั้งค่าทั้งหมด          |
 | 🌐 **ความเป็นสากล**                  | i18n เต็มรูปแบบพร้อม next-intl — รองรับภาษาอังกฤษ + โปรตุเกส (บราซิล)       |
 | 🌍 **ตัวเลือกภาษา**                  | ไอคอนลูกโลกในส่วนหัวสำหรับการสลับภาษาแบบเรียลไทม์ (USA/🇧🇷)                  |
+| 🧹 **Clear All Models**              | One-click model list clearing in provider details                           |
+| 📋 **Issue Templates**               | Standardized GitHub templates for bugs and features                         |
 | 📂 **ไดเรกทอรีข้อมูลที่กำหนดเอง**    | `DATA_DIR` env var เพื่อแทนที่ค่าเริ่มต้น `~/.omniroute` พาธหน่วยเก็บข้อมูล |

 <details>
@@ -11,28 +11,6 @@ _Ваш універсальний API-проксі — одна кінцева

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Безкоштовний постачальник AI для ваших улюблених агентів кодування

 _Підключіть будь-який інструмент IDE або CLI на основі штучного інтелекту через OmniRoute — безкоштовний шлюз API для необмеженого програмування._
@@ -118,6 +96,34 @@ _Підключіть будь-який інструмент IDE або CLI на

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -932,6 +938,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **Резервне копіювання БД**               | Автоматичне резервне копіювання, відновлення, експорт і імпорт для всіх налаштувань |
 | 🌐 **Інтернаціоналізація**                  | Повний i18n із next-intl — підтримка англійської та португальської (Бразилія)       |
 | 🌍 **Вибір мови**                           | Значок глобуса в заголовку для перемикання мов у реальному часі (🇺🇸/🇧🇷)             |
+| 🧹 **Clear All Models**                     | One-click model list clearing in provider details                                   |
+| 📋 **Issue Templates**                      | Standardized GitHub templates for bugs and features                                 |
 | 📂 **Каталог користувацьких даних**         | `DATA_DIR` змінна env для перевизначення типового шляху зберігання `~/.omniroute`   |

 <details>
@@ -11,28 +11,6 @@ _Proxy API phổ quát của bạn — một điểm cuối, hơn 36 nhà cung c

 ---

-### 🆕 What's New in v2.7.0
-
- **Pluggable RouterStrategy** — rules, cost, and latency routing strategies
- **Multilingual intent detection** — routing scoring in 30+ languages
- **Request deduplication** — prevent duplicate API calls via content hash
- **New providers:** Grok-4 Fast (xAI), GLM-5 / Z.AI, MiniMax M2.5, Kimi K2.5
- **Updated pricing:** Grok-4 Fast $0.20/$0.50/M, GLM-5 $0.50/M, MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 Nhà cung cấp AI miễn phí cho các tác nhân mã hóa yêu thích của bạn

 _Kết nối mọi công cụ IDE hoặc CLI được hỗ trợ bởi AI thông qua OmniRoute — cổng API miễn phí để mã hóa không giới hạn._
@@ -118,6 +96,34 @@ _Kết nối mọi công cụ IDE hoặc CLI được hỗ trợ bởi AI thông

 ---

+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+### 🆕 What's New in v3.0.0
+
+| Area                       | Change                                                                            |
+| -------------------------- | --------------------------------------------------------------------------------- |
+| 🔒 **CodeQL Security**     | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection   |
+| ✅ **Route Validation**    | All 176 API routes validated with Zod schemas + `validateBody()`                  |
+| 🐛 **omniModel Tag Leak**  | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585)       |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons**      | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback                  |
+| 🔄 **Model Auto-Sync**     | 24h scheduler refreshes model lists for 16 providers                              |
+| 🌐 **OpenCode Zen/Go**     | Two new providers: free tier + subscription tier                                  |
+| 🔧 **926 Tests**           | Full test suite passes with 0 failures                                            |
+
+---
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -928,6 +934,8 @@ npm run electron:build:linux   # Linux (.AppImage)
 | 🔄 **Sao lưu DB**                  | Tự động sao lưu, khôi phục, xuất và nhập cho tất cả cài đặt                             |
 | 🌐 **Quốc tế hóa**                 | I18n đầy đủ với hỗ trợ next-intl — Tiếng Anh + Tiếng Bồ Đào Nha (Brazil)                |
 | 🌍 **Bộ chọn ngôn ngữ**            | Biểu tượng quả địa cầu trong tiêu đề để chuyển đổi ngôn ngữ theo thời gian thực (🇺🇸/🇧🇷) |
+| 🧹 **Clear All Models**            | One-click model list clearing in provider details                                       |
+| 📋 **Issue Templates**             | Standardized GitHub templates for bugs and features                                     |
 | 📂 **Thư mục dữ liệu tùy chỉnh**   | `DATA_DIR` env var để ghi đè đường dẫn lưu trữ `~/.omniroute` mặc định                  |

 <details>
@@ -11,28 +11,6 @@ _您的通用 API 代理 — 一个端点，36+ 提供商，零停机时间。_

 ---

-### 🆕 v2.7.0 新功能
-
- **可插拔 RouterStrategy** — 支持规则、成本和延迟策略
- **多语言意图检测** — 支持 30+ 语言的路由评分
- **请求去重** — 基于内容哈希避免重复 API 调用
- **新增提供商：** Grok-4 Fast (xAI)、GLM-5 / Z.AI、MiniMax M2.5、Kimi K2.5
- **价格更新：** Grok-4 Fast $0.20/$0.50/M，GLM-5 $0.50/M，MiniMax M2.5 $0.30/M
-
---
-
-### 🚀 New in v2.0.9+ — Playground, CLI Fingerprints & ACP
-
-| Feature                                    | What It Does                                                                                                                                  |
-| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| 🎮 **Model Playground**                    | Dashboard page to test any model directly — provider/model/endpoint selectors, Monaco Editor, streaming, abort, timing                        |
-| 🔏 **CLI Fingerprint Matching**            | Per-provider header/body ordering to match native CLI signatures — toggle per provider in Settings > Security. **Your proxy IP is preserved** |
-| 🤝 **ACP Support (Agent Client Protocol)** | CLI agent discovery (Codex, Claude, Goose, Gemini CLI, OpenClaw), process spawner, `/api/acp/agents` endpoint                                 |
-| 🤖 **ACP Agents Dashboard**                | Debug > Agents page — grid of 14 agents with install status, version, custom agent form for any CLI tool                                      |
-| 🔧 **Custom Model `apiFormat` Routing**    | Custom models with `apiFormat: "responses"` now correctly route to the Responses API translator                                               |
-| 🏢 **Codex Workspace Isolation**           | Multiple Codex workspaces per email — OAuth correctly separates connections by workspace ID                                                   |
-| 🔄 **Electron Auto-Update**                | Desktop app checks for updates + auto-install on restart                                                                                      |
-
 ### 🤖 为您最爱的编程代理提供免费 AI

 _通过 OmniRoute 连接任何 AI 驱动的 IDE 或 CLI 工具 — 免费 API 网关，无限编程。_
@@ -118,6 +96,38 @@ _通过 OmniRoute 连接任何 AI 驱动的 IDE 或 CLI 工具 — 免费 API

 ---

+### 🆕 What's New in v3.0.0
+
+| Area | Change |
+| --- | --- |
+| 🔒 **CodeQL Security** | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection |
+| ✅ **Route Validation** | All 176 API routes validated with Zod schemas + `validateBody()` |
+| 🐛 **omniModel Tag Leak** | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585) |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons** | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback |
+| 🔄 **Model Auto-Sync** | 24h scheduler refreshes model lists for 16 providers |
+| 🌐 **OpenCode Zen/Go** | Two new providers: free tier + subscription tier |
+| 🔧 **926 Tests** | Full test suite passes with 0 failures |
+
+
+
+### 🆕 What's New in v3.0.0
+
+| Area | Change |
+| --- | --- |
+| 🔒 **CodeQL Security** | Fixed 10+ CodeQL alerts: polynomial-redos, insecure-randomness, shell-injection |
+| ✅ **Route Validation** | All 176 API routes validated with Zod schemas + `validateBody()` |
+| 🐛 **omniModel Tag Leak** | Internal `<omniModel>` tags no longer leak to clients in SSE streams (#585) |
+| 🔑 **Registered Keys API** | Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement |
+| 🎨 **Provider Icons** | 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback |
+| 🔄 **Model Auto-Sync** | 24h scheduler refreshes model lists for 16 providers |
+| 🌐 **OpenCode Zen/Go** | Two new providers: free tier + subscription tier |
+| 🔧 **926 Tests** | Full test suite passes with 0 failures |
+
+---
+
+
+
 [![npm version](https://img.shields.io/npm/v/omniroute?color=cb3837&logo=npm)](https://www.npmjs.com/package/omniroute)
 [![Docker Hub](https://img.shields.io/docker/v/diegosouzapw/omniroute?label=Docker%20Hub&logo=docker&color=2496ED)](https://hub.docker.com/r/diegosouzapw/omniroute)
 [![License](https://img.shields.io/github/license/diegosouzapw/OmniRoute)](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
@@ -1,7 +1,7 @@
 openapi: 3.1.0
 info:
  title: OmniRoute API
-  version: 2.9.2
+  version: 3.2.2
  description: |
    OmniRoute is a local-first AI API proxy router. It provides an OpenAI-compatible
    endpoint that routes requests to multiple AI providers with load balancing,
@@ -29,6 +29,7 @@ const eslintConfig = [
    ignores: [
      // Next.js build output
      ".next/**",
+      "src/.next/**",
      "out/**",
      "build/**",
      "next-env.d.ts",
@@ -1,6 +1,6 @@
 # OmniRoute

-> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 36+ AI providers — all through a single OpenAI-compatible endpoint.
+> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 67+ AI providers — all through a single OpenAI-compatible endpoint.

 ## Overview

@@ -8,19 +8,19 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo

 **Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost.

-**Current version:** 2.0.13
+**Current version:** 3.0.0

 ## Tech Stack

 - **Runtime:** Node.js >= 18
- **Framework:** Next.js 16 (App Router) with TypeScript
+- **Framework:** Next.js 16 (App Router) with TypeScript 5.9
 - **Database:** SQLite via better-sqlite3 (local, zero-config)
- **State management:** Zustand (client), lowdb (server JSON persistence)
- **UI:** React 19, Tailwind CSS 4, Recharts for analytics
+- **State management:** Zustand (client), SQLite (server persistence)
+- **UI:** React 19, Tailwind CSS 4, Recharts for analytics, @lobehub/icons for 130+ provider SVG icons
 - **Auth:** OAuth 2.0 (PKCE) for providers, bcrypt for local user auth
- **Background jobs:** Custom token health check scheduler
+- **Background jobs:** Custom token health check scheduler, 24h model auto-sync
 - **Streaming:** Server-Sent Events (SSE) for real-time proxy responses
- **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting
+- **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting, auto-combo engine
 - **i18n:** next-intl with 30 languages
 - **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`)

@@ -35,14 +35,14 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo
 │   │   │       ├── agents/       # ACP Agents dashboard (CLI agent detection + custom agents)
 │   │   │       ├── analytics/    # Usage analytics and charts
 │   │   │       ├── api-manager/  # API key management
-│   │   │       ├── cli-tools/    # CLI tool configuration (Claude, Codex, Gemini, etc.)
-│   │   │       ├── combos/       # Model combo management
-│   │   │       ├── costs/        # Cost tracking
-│   │   │       ├── endpoint/     # Endpoint info and cloud proxy
-│   │   │       ├── health/       # System health monitoring
+│   │   │       ├── cli-tools/    # CLI tool configuration (Claude Code, Codex, Gemini CLI, etc.)
+│   │   │       ├── combos/       # Model combo management (9 strategies + 4 templates)
+│   │   │       ├── costs/        # Cost tracking per provider/model
+│   │   │       ├── endpoint/     # Unified: Endpoint Proxy, MCP, A2A, API Endpoints tabs
+│   │   │       ├── health/       # System health (uptime, circuit breakers, latency)
 │   │   │       ├── limits/       # Rate limits dashboard
-│   │   │       ├── logs/         # Request logs viewer
-│   │   │       ├── media/        # Image/video/music generation
+│   │   │       ├── logs/         # Request, Proxy, Audit, Console logs (tabbed)
+│   │   │       ├── media/        # Image/video/music generation + transcription
 │   │   │       ├── playground/   # Model playground (Monaco editor, streaming)
 │   │   │       ├── providers/    # Provider management (OAuth + API key + free)
 │   │   │       ├── settings/     # Settings tabs (General, Appearance, Security, Routing, Resilience, Advanced)
@@ -51,7 +51,7 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo
 │   │   ├── api/                  # REST API endpoints
 │   │   │   ├── v1/               # OpenAI-compatible API (chat, models, embeddings, images, audio)
 │   │   │   ├── acp/              # ACP agent management API
-│   │   │   ├── oauth/            # OAuth flows per provider (authorize, exchange, callback)
+│   │   │   ├── oauth/            # OAuth flows per provider
 │   │   │   ├── providers/        # Provider CRUD and batch testing
 │   │   │   ├── models/           # Dashboard model listing and aliases
 │   │   │   ├── combos/           # Combo CRUD (multi-model fallback chains)
@@ -59,131 +59,143 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo
 │   │   └── login/                # Login page
 │   ├── domain/                   # Domain types and business logic interfaces
 │   ├── i18n/                     # Internationalization
-│   │   └── messages/             # 30 language JSON files (ar, bg, cs, da, de, en, es, fi, fr, he, hu, id, in, it, ja, ko, ms, nl, no, phi, pl, pt, pt-BR, ro, ru, sk, sv, th, uk-UA, vi, zh-CN)
+│   │   └── messages/             # 30 language JSON files
 │   ├── lib/                      # Core libraries
-│   │   ├── acp/                  # ACP agent registry and manager (14 built-in agents + custom)
-│   │   ├── db/                   # SQLite database layer (providers, combos, prompts, logs)
+│   │   ├── a2a/                  # Agent-to-Agent v0.3 protocol server
+│   │   ├── acp/                  # ACP agent registry and manager (14 built-in + custom)
+│   │   ├── db/                   # SQLite database layer (core, providers, models, combos, apiKeys, settings, backup)
 │   │   ├── oauth/                # OAuth providers, services, and utilities
-│   │   │   ├── providers/        # Provider-specific OAuth configs (GitHub, Google, Claude, etc.)
+│   │   │   ├── constants/        # Default OAuth credentials (overridable via env)
+│   │   │   ├── providers/        # Provider-specific OAuth configs
 │   │   │   ├── services/         # Provider-specific token exchange logic
 │   │   │   └── utils/            # PKCE, callback server, token helpers
 │   │   ├── cloudSync.ts          # Cloud sync via Cloudflare Workers
 │   │   ├── tokenHealthCheck.ts   # Background OAuth token refresh scheduler
-│   │   └── localDb.ts            # Unified database access layer
+│   │   └── localDb.ts            # Unified re-export layer for all DB modules
 │   ├── shared/                   # Shared utilities, components, and constants
-│   │   ├── components/           # Reusable UI components (Card, Badge, Button, Modal, Sidebar, etc.)
-│   │   ├── constants/            # Provider definitions, model lists, pricing
-│   │   ├── validation/           # Zod schemas (settings, providers, etc.)
+│   │   ├── components/           # Reusable UI components (Card, Badge, Button, Modal, Sidebar, ProviderIcon, etc.)
+│   │   ├── constants/            # Provider definitions, model lists, pricing, upstream headers
+│   │   ├── validation/           # Zod schemas (settings, providers, routes)
 │   │   └── utils/                # Helpers (auth, CORS, error codes, machine ID)
 │   ├── sse/                      # SSE proxy pipeline
 │   │   ├── services/             # Auth resolution, format translation, response handling
 │   │   └── middleware/           # Rate limiting, circuit breaker, caching, idempotency
 │   ├── store/                    # Zustand client-side stores (theme, providers, etc.)
-│   ├── types/                    # TypeScript type definitions
-│   ├── proxy.ts                  # Main proxy request handler
-│   └── server-init.ts            # Server initialization (DB, health checks)
+│   └── types/                    # TypeScript type definitions
 ├── open-sse/                     # Standalone SSE server (npm workspace)
 │   ├── config/                   # Model registries (embedding, image, audio, rerank, moderation, CLI fingerprints)
-│   ├── handlers/                 # Request handlers per API type
-│   ├── mcp-server/               # Built-in MCP server (16 tools, audit logging, scope auth)
-│   └── translators/              # Format translators (OpenAI ↔ Claude ↔ Gemini ↔ Responses ↔ Ollama)
-├── tests/                        # Test suites
+│   ├── handlers/                 # Request handlers per API type (chat, responses, embeddings, images, audio, search)
+│   ├── mcp-server/               # Built-in MCP server (16 tools, 3 transports: stdio/SSE/streamable-HTTP)
+│   ├── services/                 # Auto-combo engine (6-factor scoring, 4 mode packs, bandit exploration)
+│   └── translator/               # Format translators (OpenAI ↔ Claude ↔ Gemini ↔ Responses ↔ Ollama ↔ DeepSeek)
+├── tests/                        # Test suites (926 assertions)
 │   ├── unit/                     # Unit tests (32+ test files)
 │   └── integration/              # Integration tests
-├── docs/                         # Documentation (with 29-language i18n subdirectories)
-│   ├── i18n/                     # Translated docs (ar, bg, cs, da, de, es, fi, fr, he, hu, id, in, it, ja, ko, ms, nl, no, phi, pl, pt, pt-BR, ro, ru, sk, sv, th, uk-UA, vi, zh-CN)
+├── docs/                         # Documentation
+│   ├── i18n/                     # 30-language translated READMEs
 │   ├── screenshots/              # Dashboard screenshots
 │   ├── a2a-server.md             # A2A agent protocol documentation
 │   ├── auto-combo.md             # Auto-combo engine (6-factor scoring)
 │   └── mcp-server.md             # MCP server (16 tools)
-├── electron/                     # Electron desktop app
 ├── bin/                          # CLI entry points (omniroute, reset-password)
 └── .env.example                  # Environment variable template
 ```

-## Key Features (v2.0.13)
+## Key Features (v3.0.0)

 ### Core Proxy
- **36+ AI providers** with automatic format translation
+- **67+ AI providers** with automatic format translation
 - **6 routing strategies**: priority, weighted, round-robin, random, least-used, cost-optimized
 - **4-tier fallback**: Subscription → API Key → Cheap → Free
+- **Auto-combo engine**: Self-healing routing optimization with 6-factor scoring, bandit exploration, progressive cooldown
 - **Semantic caching** with cache hit/miss headers
 - **Idempotency** with configurable dedup window
 - **Circuit breaker** per provider with configurable thresholds
+- **Provider Icons**: 130+ provider logos via `@lobehub/icons` (SVG) with PNG fallback
+- **Model Auto-Sync**: 24h scheduler refreshes model lists for 16 providers
+- **Registered Keys API**: Auto-provision API keys via `POST /api/v1/registered-keys` with quota enforcement
+- **926 tests** with 0 failures

-### Anti-Ban Protection
+### Security
+- **CodeQL security**: Fixed 10+ CodeQL alerts (polynomial-redos, insecure-randomness, shell-injection)
+- **Route validation**: All 176 API routes validated with Zod schemas + `validateBody()`
+- **omniModel tag sanitization**: Internal `<omniModel>` tags never leak to clients in SSE streams
 - **TLS Fingerprint Spoofing** — Browser-like TLS fingerprint to reduce bot detection
- **CLI Fingerprint Matching** — Per-provider request signature matching (headers/body ordering) to match native CLI tools. Proxy IP is preserved.
+- **CLI Fingerprint Matching** — Per-provider request signature matching

 ### Dashboard Pages
- **Providers** — OAuth, API key, and free provider management
- **Combos** — Multi-model fallback chain builder with templates
+- **Providers** — OAuth, API key, and free provider management with ProviderIcon SVG icons
+- **Combos** — Multi-model combo builder with 4 templates (Free Stack, High Availability, Cost Saver, Balanced) + 9 strategies
 - **Analytics** — Token consumption, cost, heatmaps, distributions
 - **Health** — Uptime, memory, latency percentiles, circuit breakers
- **Logs** — Real-time request log viewer with filtering
+- **Logs** — Request, Proxy, Audit, Console (tabbed)
 - **Costs** — Cost tracking per provider/model
 - **Limits** — Rate limit monitoring
 - **CLI Tools** — One-click configuration for 10+ AI CLI tools
- **CLI Agents** — Grid of 14 built-in agents with install detection + custom agent registration
+- **CLI Agents** — Grid of 14+ built-in agents with ProviderIcon and install detection + custom agent registration
 - **Playground** — Test any model with Monaco editor, streaming responses
- **Media** — Image/video/music generation (DALL-E, FLUX, AnimateDiff, etc.)
+- **Media** — Image/video/music generation (DALL-E, FLUX, etc.) + audio transcription (up to 2GB files)
 - **Translator** — Format debugging: playground, chat tester, test bench, live monitor
 - **Settings** — General, Appearance (7 color themes), Security (TLS/CLI fingerprint, IP filter), Routing, Resilience, Advanced
- **Endpoint** — Unified API endpoint info + cloud proxy
-
-### Sidebar Organization
- **Main**: Home, Endpoints, API Manager, Providers, Combos, Costs, Analytics, Limits
- **CLI**: Tools, Agents
- **Debug**: Translator, Playground, Media
- **System**: Health, Logs, Settings
- **Help**: Docs, Issues
+- **Endpoint** — Unified: Endpoint Proxy, MCP Server, A2A Server, API Endpoints (tabbed)

 ### Protocol Support
- **OpenAI-compatible** — `/v1/chat/completions`, `/v1/models`, `/v1/embeddings`, `/v1/images/generations`, `/v1/audio/transcriptions`
+- **OpenAI-compatible** — `/v1/chat/completions`, `/v1/models`, `/v1/embeddings`, `/v1/images/generations`, `/v1/audio/transcriptions`, `/v1/audio/speech`
 - **Anthropic** — `/v1/messages`, `/v1/messages/count_tokens`
 - **OpenAI Responses** — `/v1/responses`
 - **Gemini** — `/v1beta/models`, `/v1beta/models/{...path}`
 - **Ollama** — `/v1/api/chat`, `/api/tags`
- **MCP** — 16-tool MCP server with scope-based auth
- **A2A** — Agent-to-Agent protocol (smart-routing, quota-management skills)
+- **MCP** — 16-tool MCP server with scope-based auth (3 transports: stdio, SSE, streamable HTTP)
+- **A2A** — Agent-to-Agent v0.3 protocol (JSON-RPC 2.0, smart-routing + quota-management skills)
 - **ACP** — Agent detection, custom agent registry

+### MCP Server (16 Tools)
+| Category  | Tools |
+|-----------|-------|
+| Essential | `get_health`, `list_combos`, `get_combo_metrics`, `switch_combo`, `check_quota`, `route_request`, `cost_report`, `list_models_catalog` |
+| Advanced  | `simulate_route`, `set_budget_guard`, `set_resilience_profile`, `test_combo`, `get_provider_metrics`, `best_combo_for_task`, `explain_route`, `get_session_snapshot` |
+
 ### Internationalization
- 30 languages for UI (sidebar, settings, agents, and all dashboard pages)
- 30 READMEs (root README.md + 29 translated README.*.md)
- 29 translated doc sets in docs/i18n/
+- 30 languages for UI (all dashboard pages)
+- 30 translated READMEs in docs/i18n/
+- Language switcher in documentation

 ## Key Architectural Decisions

-1. **OpenAI-compatible API surface:** All incoming requests follow the OpenAI API format (`/v1/chat/completions`, `/v1/models`, etc.). This makes OmniRoute a drop-in replacement for any tool that supports custom OpenAI endpoints.
+1. **OpenAI-compatible API surface:** All incoming requests follow the OpenAI API format. This makes OmniRoute a drop-in replacement for any tool that supports custom OpenAI endpoints.

-2. **Provider abstraction via format translators:** Each AI provider (Claude, Gemini, etc.) has a translator in `open-sse/translators/` that converts between the OpenAI format and the provider's native format. This happens transparently.
+2. **Provider abstraction via format translators:** Each AI provider has a translator in `open-sse/translator/` that converts between OpenAI format and the provider's native format transparently.

-3. **Connection-based provider model:** Providers are stored as "connections" in SQLite. Each connection has an `id`, `provider`, `authType` (oauth/apikey/free), `isActive` flag, and credentials. Multiple connections per provider are supported for multi-account rotation.
+3. **Connection-based provider model:** Providers are stored as "connections" in SQLite. Each connection has an `id`, `provider`, `authType` (oauth/apikey/free), `isActive` flag, and credentials. Multiple connections per provider for multi-account rotation.

-4. **Combo system for fallback:** Users create "combos" — ordered lists of `provider/model` pairs. The proxy tries each in order until one succeeds. Supports 6 strategies.
+4. **Combo system for fallback:** Users create "combos" — ordered lists of `provider/model` pairs. The proxy tries each in order until one succeeds. Supports 9 strategies including auto-combo with self-healing.

-5. **SSE proxy pipeline (`src/sse/`):** The proxy pipeline is middleware-based: request → auth resolution → rate limiting → circuit breaker → format translation → upstream call → response translation → SSE streaming back to client.
+5. **SSE proxy pipeline:** The proxy pipeline is middleware-based: request → auth resolution → rate limiting → circuit breaker → format translation → upstream call → response translation → SSE streaming back to client.

-6. **SQLite for persistence:** All state (providers, combos, logs, settings) is stored in a single SQLite database file at `data/omniroute.db`. This keeps the app self-contained and zero-config.
+6. **SQLite for persistence:** All state (providers, combos, logs, settings, API keys) stored in a single SQLite database. All DB operations go through `src/lib/db/` modules, never raw SQL in routes.

-7. **OAuth with PKCE:** OAuth flows use PKCE for security. A local callback server handles the redirect. Token refresh is handled by a background job (`tokenHealthCheck.ts`).
+7. **OAuth with PKCE:** OAuth flows use PKCE for security. Token refresh handled by background job (`tokenHealthCheck.ts`).

-8. **ACP Agent Registry:** 14 built-in CLI agents with dynamic detection and a 60-second cache. Custom agents can be added via dashboard or API, stored in settings DB.
+8. **ProviderIcon component:** Unified icon system using `@lobehub/icons` (130+ SVG) with PNG fallback and generic icon fallback chain. Used on providers, dashboard, and agents pages.
+
+9. **DB architecture:** `localDb.ts` is a re-export layer only — real logic lives in `src/lib/db/` modules (core, providers, models, combos, apiKeys, settings, backup).
+
+10. **Upstream headers:** Custom headers merged in executors after default auth; same header name replaces executor value. Forbidden header names in `src/shared/constants/upstreamHeaders.ts`.

 ## Main Flows

 ### Proxy Request Flow
 1. Client sends OpenAI-format request to `/v1/chat/completions`
-2. API key validation (`src/shared/utils/apiAuth.ts`)
+2. API key validation
 3. Model resolution: direct model or combo lookup
-4. For combos: iterate through models in fallback order
+4. For combos: iterate through models with selected strategy
 5. Auth resolution: get credentials for the target provider
 6. Format translation: OpenAI → provider native format
 7. CLI fingerprint matching (if enabled for provider)
 8. Upstream request with circuit breaker and rate limiting
 9. Response translation: provider → OpenAI format
-10. SSE streaming back to client
+10. omniModel tag sanitization (strip internal tags)
+11. SSE streaming back to client

 ### OAuth Flow
 1. Dashboard initiates `/api/oauth/[provider]/authorize`
@@ -192,31 +204,27 @@ OmniRoute solves the problem of managing multiple AI provider subscriptions, quo
 4. Tokens stored as a provider connection in SQLite
 5. Background job refreshes tokens before expiry

-### Model Listing
- `/api/models` — Dashboard endpoint, lists all defined models with aliases
- `/v1/models` — OpenAI-compatible endpoint, lists only models from active providers
-
 ## Important Notes for LLMs

-1. **Two model endpoints exist:** `/api/models` (dashboard, all models) and `/v1/models` (OpenAI-compatible, active only). Don't confuse them.
+1. **Two model endpoints exist:** `/api/models` (dashboard, all models) and `/v1/models` (OpenAI-compatible, active only).

 2. **Provider IDs vs aliases:** Providers have both an ID (`claude`, `github`) and a short alias (`cc`, `gh`). Models are referenced as `alias/model-name` (e.g., `cc/claude-opus-4-6`).

-3. **The `open-sse/` directory is a separate npm workspace** with its own config, handlers, and translators. It handles the actual SSE streaming and format translation.
+3. **The `open-sse/` directory is a separate npm workspace** with its own config, handlers, and translators.

 4. **Environment variables:** All configuration is in `.env` (from `.env.example`). Key vars: `PORT`, `NEXT_PUBLIC_BASE_URL`, `API_KEY`, `ADMIN_PASSWORD`.

-5. **Database migrations:** SQLite schema is managed inline in `src/lib/db/core.ts` and `src/lib/db/providers.ts`. No migration framework — schema changes are applied on startup.
+5. **Database layer:** Operations go through `src/lib/db/` modules. `localDb.ts` is re-exports only — add new functions to the proper `db/*.ts` module.

-6. **Tests use Node.js built-in test runner:** Run `npm test` or `node --test tests/unit/*.test.mjs`. Playwright is used for E2E tests.
+6. **Tests use Node.js built-in test runner:** 926 assertions across 32+ test files. Run `npm test`.

-7. **The proxy pipeline is in `src/sse/`**, not in `src/app/api/v1/`. The API routes in `src/app/api/v1/` delegate to the SSE server running on a separate Express instance.
+7. **MCP and A2A pages are embedded as tabs inside `/dashboard/endpoint`**, not standalone routes.

-8. **Sidebar sections:** Main nav, CLI (Tools + Agents), Debug (Translator + Playground + Media), System (Health + Logs + Settings), Help (Docs + Issues).
+8. **ACP agents** are in `src/lib/acp/registry.ts` (14 built-in) with a 60s detection cache. Custom agents stored via settings DB.

-9. **ACP agents** are in `src/lib/acp/registry.ts` (14 built-in) with a 60s detection cache. Custom agents stored via `src/shared/validation/settingsSchemas.ts`.
+9. **Auto-combo engine** in `open-sse/services/autoCombo/` — 6-factor scoring, 4 mode packs, bandit exploration, progressive cooldown.

-10. **CLI fingerprint configs** are in `open-sse/config/cliFingerprints.ts`. They match native CLI request patterns per provider.
+10. **Docker:** Dockerfile has two targets: `runner-base` and `runner-cli`. `docker-compose.yml` for dev (3 profiles), `docker-compose.prod.yml` for production (port 20130).

 ## Links

@@ -13,7 +13,12 @@ const nextConfig = {
  },
  output: "standalone",
  serverExternalPackages: [
+    "pino",
+    "pino-pretty",
+    "thread-stream",
    "better-sqlite3",
+    "keytar",
+    "wreq-js",
    "zod",
    "child_process",
    "fs",
@@ -37,8 +42,16 @@ const nextConfig = {
  images: {
    unoptimized: true,
  },
-  webpack: (config, { isServer }) => {
+  webpack: (config, { isServer, webpack }) => {
    if (isServer) {
+      // Webpack IgnorePlugin: skip thread-stream test files that contain
+      // intentionally broken syntax/imports (they cause Turbopack build errors)
+      config.plugins.push(
+        new webpack.IgnorePlugin({
+          resourceRegExp: /\/test\//,
+          contextRegExp: /thread-stream/,
+        })
+      );
      // ── Turbopack / Next.js 16 module-hash patch (#394, #396, #398) ────────
      //
      // Next.js 16 (with or without Turbopack) compiles the instrumentation hook
@@ -59,6 +72,8 @@ const nextConfig = {

      const KNOWN_EXTERNALS = new Set([
        "better-sqlite3",
+        "keytar",
+        "wreq-js",
        "zod",
        "pino",
        "pino-pretty",
@@ -1,12 +1,12 @@
 import { loadProviderCredentials } from "./credentialLoader.ts";

 // Timeout for non-streaming fetch requests (ms). Prevents stalled connections.
-export const FETCH_TIMEOUT_MS = parseInt(process.env.FETCH_TIMEOUT_MS || "120000", 10);
+export const FETCH_TIMEOUT_MS = parseInt(process.env.FETCH_TIMEOUT_MS || "600000", 10);

 // Idle timeout for SSE streams (ms). Closes stream if no data for this duration.
 // Default: 120s balances deep-reasoning pauses with fast zombie stream detection (#473).
 // Extended-thinking models rarely pause >90s between chunks. Override with STREAM_IDLE_TIMEOUT_MS env var.
-export const STREAM_IDLE_TIMEOUT_MS = parseInt(process.env.STREAM_IDLE_TIMEOUT_MS || "120000", 10);
+export const STREAM_IDLE_TIMEOUT_MS = parseInt(process.env.STREAM_IDLE_TIMEOUT_MS || "600000", 10);

 // Provider configurations
 // OAuth credentials read from env vars with hardcoded fallbacks for backward compatibility.
@@ -66,6 +66,15 @@ export const DEFAULT_MAX_TOKENS = 64000;
 // Minimum max tokens for tool calling (to prevent truncated arguments)
 export const DEFAULT_MIN_TOKENS = 32000;

+export const PROVIDER_MAX_TOKENS: Record<string, number> = {
+  groq: 16384, // Groq strict per-model enforcement
+  openai: 16384, // GPT-4/4o standard
+  anthropic: 65536, // Claude models
+  gemini: 65536, // Gemini Studio
+};
+
+export const DEFAULT_PROVIDER_MAX_TOKENS = 32000;
+
 // HTTP status codes
 export const HTTP_STATUS = {
  BAD_REQUEST: 400,
@@ -16,6 +16,7 @@

 import { readFileSync, existsSync } from "fs";
 import { join } from "path";
+import { resolveDataDir } from "../../src/lib/dataPaths";

 // Fields that can be overridden per provider
 const CREDENTIAL_FIELDS = ["clientId", "clientSecret", "tokenUrl", "authUrl", "refreshUrl"];
@@ -25,13 +26,21 @@ const CONFIG_TTL_MS = 60_000;
 let lastLoadTime = 0;
 let cachedProviders = null;

+// Survives Next.js dev HMR: module-level cache resets but process is the same (V4 pattern).
+type CredGlobals = typeof globalThis & { __omnirouteCredNoFileLogged?: boolean };
+function credGlobals(): CredGlobals {
+  return globalThis as CredGlobals;
+}
+
 /**
- * Resolve the path to provider-credentials.json
- * Priority: DATA_DIR env → ./data (project root)
+ * Resolves the path to provider-credentials.json using the application's
+ * data directory. Delegates to resolveDataDir() which handles DATA_DIR env,
+ * platform-specific defaults, and fallback logic.
+ *
+ * previous: Priority: DATA_DIR env → ./data (project root)
 */
 function resolveCredentialsPath() {
-  const dataDir = process.env.DATA_DIR || join(process.cwd(), "data");
-  return join(dataDir, "provider-credentials.json");
+  return join(resolveDataDir(), "provider-credentials.json");
 }

 /**
@@ -51,8 +60,9 @@ export function loadProviderCredentials(providers) {
  const credPath = resolveCredentialsPath();

  if (!existsSync(credPath)) {
-    if (!cachedProviders) {
+    if (!credGlobals().__omnirouteCredNoFileLogged) {
      console.log("[CREDENTIALS] No external credentials file found, using defaults.");
+      credGlobals().__omnirouteCredNoFileLogged = true;
    }
    cachedProviders = providers;
    lastLoadTime = Date.now();
@@ -93,7 +103,11 @@ export function loadProviderCredentials(providers) {
      `[CREDENTIALS] ${isReload ? "Reloaded" : "Loaded"} external credentials: ${overrideCount} field(s) from ${credPath}`
    );
  } catch (err) {
-    console.log(`[CREDENTIALS] Error reading credentials file: ${err.message}. Using defaults.`);
+    const reason =
+      err instanceof SyntaxError
+        ? "Invalid JSON format"
+        : (err as NodeJS.ErrnoException).code || "read error";
+    console.log(`[CREDENTIALS] Error reading credentials file (${reason}). Using defaults.`);
  }

  cachedProviders = providers;
@@ -17,6 +17,7 @@ export interface EmbeddingProvider {
 }

 export interface EmbeddingProviderNodeRow {
+  id?: string;
  prefix: string;
  name: string;
  baseUrl: string;
@@ -6,6 +6,8 @@
 * is auto-generated from this registry.
 */

+import { platform, arch } from "os";
+
 // ── Types ─────────────────────────────────────────────────────────────────

 export interface RegistryModel {
@@ -14,6 +16,8 @@ export interface RegistryModel {
  toolCalling?: boolean;
  targetFormat?: string;
  unsupportedParams?: readonly string[];
+  /** Maximum context window in tokens */
+  contextLength?: number;
 }

 // Reasoning models reject temperature, top_p, penalties, logprobs, n.
@@ -47,6 +51,8 @@ export interface RegistryEntry {
  executor: string;
  baseUrl?: string;
  baseUrls?: string[];
+  /** Override base URL used only for API key validation (e.g., opencode-go validates on zen/v1) */
+  testKeyBaseUrl?: string;
  responsesBaseUrl?: string;
  urlSuffix?: string;
  urlBuilder?: (base: string, model: string, stream: boolean) => string;
@@ -61,6 +67,8 @@ export interface RegistryEntry {
  chatPath?: string;
  clientVersion?: string;
  passthroughModels?: boolean;
+  /** Default context window for all models in this provider (can be overridden per-model) */
+  defaultContextLength?: number;
 }

 interface LegacyProvider {
@@ -94,6 +102,32 @@ const KIMI_CODING_SHARED = {
  ] as RegistryModel[],
 } as const;

+function mapStainlessOs() {
+  switch (platform()) {
+    case "darwin":
+      return "MacOS";
+    case "win32":
+      return "Windows";
+    case "linux":
+      return "Linux";
+    default:
+      return `Other::${platform()}`;
+  }
+}
+
+function mapStainlessArch() {
+  switch (arch()) {
+    case "x64":
+      return "x64";
+    case "arm64":
+      return "arm64";
+    case "ia32":
+      return "x86";
+    default:
+      return `other::${arch()}`;
+  }
+}
+
 // ── Registry ──────────────────────────────────────────────────────────────

 export const REGISTRY: Record<string, RegistryEntry> = {
@@ -107,22 +141,23 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    urlSuffix: "?beta=true",
    authType: "oauth",
    authHeader: "x-api-key",
+    defaultContextLength: 200000,
    headers: {
      "Anthropic-Version": "2023-06-01",
      "Anthropic-Beta":
-        "claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14,context-management-2025-06-27",
+        "claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14,context-management-2025-06-27,prompt-caching-scope-2026-01-05",
      "Anthropic-Dangerous-Direct-Browser-Access": "true",
-      "User-Agent": "claude-cli/1.0.83 (external, cli)",
+      "User-Agent": "claude-cli/2.1.63 (external, cli)",
      "X-App": "cli",
      "X-Stainless-Helper-Method": "stream",
      "X-Stainless-Retry-Count": "0",
      "X-Stainless-Runtime-Version": "v24.3.0",
-      "X-Stainless-Package-Version": "0.55.1",
+      "X-Stainless-Package-Version": "0.74.0",
      "X-Stainless-Runtime": "node",
      "X-Stainless-Lang": "js",
-      "X-Stainless-Arch": "arm64",
-      "X-Stainless-Os": "MacOS",
-      "X-Stainless-Timeout": "60",
+      "X-Stainless-Arch": mapStainlessArch(),
+      "X-Stainless-Os": mapStainlessOs(),
+      "X-Stainless-Timeout": "600",
    },
    oauth: {
      clientIdEnv: "CLAUDE_OAUTH_CLIENT_ID",
@@ -150,6 +185,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    },
    authType: "apikey",
    authHeader: "x-goog-api-key",
+    defaultContextLength: 1000000,
    oauth: {
      clientIdEnv: "GEMINI_OAUTH_CLIENT_ID",
      clientIdDefault: "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com",
@@ -157,9 +193,13 @@ export const REGISTRY: Record<string, RegistryEntry> = {
      clientSecretDefault: "",
    },
    models: [
+      { id: "gemini-3.1-pro-high", name: "Gemini 3.1 Pro High" },
+      { id: "gemini-3.1-pro-low", name: "Gemini 3.1 Pro Low" },
      { id: "gemini-3.1-pro", name: "Gemini 3.1 Pro" },
      { id: "gemini-3-1-pro", name: "Gemini 3.1 Pro (Alt ID)" },
      { id: "gemini-3.1-pro-preview", name: "Gemini 3.1 Pro Preview" },
+      { id: "gemini-3.1-flash-lite-preview", name: "Gemini 3.1 Flash Lite Preview" },
+      { id: "gemini-3-flash-preview", name: "Gemini 3 Flash Preview" },
      { id: "gemini-2.5-pro", name: "Gemini 2.5 Pro" },
      { id: "gemini-2.5-flash", name: "Gemini 2.5 Flash" },
      { id: "gemini-2.5-flash-lite", name: "Gemini 2.5 Flash Lite" },
@@ -182,6 +222,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    },
    authType: "oauth",
    authHeader: "bearer",
+    defaultContextLength: 1000000,
    oauth: {
      clientIdEnv: "GEMINI_CLI_OAUTH_CLIENT_ID",
      clientIdDefault: "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com",
@@ -189,9 +230,13 @@ export const REGISTRY: Record<string, RegistryEntry> = {
      clientSecretDefault: "",
    },
    models: [
+      { id: "gemini-3.1-pro-high", name: "Gemini 3.1 Pro High" },
+      { id: "gemini-3.1-pro-low", name: "Gemini 3.1 Pro Low" },
      { id: "gemini-3.1-pro", name: "Gemini 3.1 Pro" },
      { id: "gemini-3-1-pro", name: "Gemini 3.1 Pro (Alt ID)" },
      { id: "gemini-3.1-pro-preview", name: "Gemini 3.1 Pro Preview" },
+      { id: "gemini-3.1-flash-lite-preview", name: "Gemini 3.1 Flash Lite Preview" },
+      { id: "gemini-3-flash-preview", name: "Gemini 3 Flash Preview" },
      { id: "gemini-2.5-pro", name: "Gemini 2.5 Pro" },
      { id: "gemini-2.5-flash", name: "Gemini 2.5 Flash" },
      { id: "gemini-2.5-flash-lite", name: "Gemini 2.5 Flash Lite" },
@@ -209,6 +254,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    baseUrl: "https://chatgpt.com/backend-api/codex/responses",
    authType: "oauth",
    authHeader: "bearer",
+    defaultContextLength: 400000,
    headers: {
      Version: "0.92.0",
      "Openai-Beta": "responses=experimental",
@@ -245,7 +291,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    alias: "qw",
    format: "openai",
    executor: "default",
-    baseUrl: "https://portal.qwen.ai/v1/chat/completions",
+    baseUrl: "https://dashscope-intl.aliyuncs.com/compatible-mode/v1/chat/completions",
    authType: "oauth",
    authHeader: "bearer",
    headers: {
@@ -320,7 +366,11 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    alias: "ag",
    format: "antigravity",
    executor: "antigravity",
-    baseUrls: ["https://daily-cloudcode-pa.googleapis.com", "https://cloudcode-pa.googleapis.com"],
+    baseUrls: [
+      "https://daily-cloudcode-pa.googleapis.com",
+      "https://daily-cloudcode-pa.sandbox.googleapis.com",
+      "https://cloudcode-pa.googleapis.com",
+    ],
    urlBuilder: (base, model, stream) => {
      const path = stream
        ? "/v1internal:streamGenerateContent?alt=sse"
@@ -330,22 +380,29 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    authType: "oauth",
    authHeader: "bearer",
    headers: {
-      "User-Agent": "antigravity/1.104.0 darwin/arm64",
+      "User-Agent": `antigravity/1.107.0 ${platform()}/${arch()}`,
    },
    oauth: {
      clientIdEnv: "ANTIGRAVITY_OAUTH_CLIENT_ID",
      clientIdDefault: "1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com",
      clientSecretEnv: "ANTIGRAVITY_OAUTH_CLIENT_SECRET",
-      clientSecretDefault: "",
+      clientSecretDefault: "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",
    },
    models: [
      { id: "claude-opus-4-6-thinking", name: "Claude Opus 4.6 Thinking" },
      { id: "claude-sonnet-4-6", name: "Claude Sonnet 4.6" },
+      { id: "claude-sonnet-4-5", name: "Claude Sonnet 4.5" },
+      { id: "claude-sonnet-4", name: "Claude Sonnet 4" },
+      { id: "gemini-3.1-pro-preview", name: "Gemini 3.1 Pro Preview" },
+      { id: "gemini-3.1-flash-lite-preview", name: "Gemini 3.1 Flash Lite Preview" },
      { id: "gemini-2.5-pro", name: "Gemini 2.5 Pro" },
      { id: "gemini-2.5-flash", name: "Gemini 2.5 Flash" },
      { id: "gemini-2.0-flash", name: "Gemini 2.0 Flash" },
      { id: "gpt-oss-120b-medium", name: "GPT OSS 120B Medium" },
+      { id: "gpt-5", name: "GPT 5" },
+      { id: "gpt-5-mini", name: "GPT 5 Mini" },
    ],
+    passthroughModels: true,
  },

  github: {
@@ -357,11 +414,12 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    responsesBaseUrl: "https://api.githubcopilot.com/responses",
    authType: "oauth",
    authHeader: "bearer",
+    defaultContextLength: 128000,
    headers: {
      "copilot-integration-id": "vscode-chat",
-      "editor-version": "vscode/1.107.1",
-      "editor-plugin-version": "copilot-chat/0.26.7",
-      "user-agent": "GitHubCopilotChat/0.26.7",
+      "editor-version": "vscode/1.110.0",
+      "editor-plugin-version": "copilot-chat/0.38.0",
+      "user-agent": "GitHubCopilotChat/0.38.0",
      "openai-intent": "conversation-panel",
      "x-github-api-version": "2025-04-01",
      "x-vscode-user-agent-library-version": "electron-fetch",
@@ -405,6 +463,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    baseUrl: "https://codewhisperer.us-east-1.amazonaws.com/generateAssistantResponse",
    authType: "oauth",
    authHeader: "bearer",
+    defaultContextLength: 200000,
    headers: {
      "Content-Type": "application/json",
      Accept: "application/vnd.amazon.eventstream",
@@ -431,6 +490,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    chatPath: "/aiserver.v1.ChatService/StreamUnifiedChatWithTools",
    authType: "oauth",
    authHeader: "bearer",
+    defaultContextLength: 200000,
    headers: {
      "connect-accept-encoding": "gzip",
      "connect-protocol-version": "1",
@@ -459,6 +519,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    baseUrl: "https://api.openai.com/v1/chat/completions",
    authType: "apikey",
    authHeader: "bearer",
+    defaultContextLength: 128000,
    models: [
      { id: "gpt-4o", name: "GPT-4o" },
      { id: "gpt-4o-mini", name: "GPT-4o Mini" },
@@ -480,6 +541,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    urlSuffix: "?beta=true",
    authType: "apikey",
    authHeader: "x-api-key",
+    defaultContextLength: 200000,
    headers: {
      "Anthropic-Version": "2023-06-01",
    },
@@ -495,6 +557,44 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    ],
  },

+  "opencode-go": {
+    id: "opencode-go",
+    alias: "opencode-go",
+    format: "openai",
+    executor: "opencode",
+    baseUrl: "https://opencode.ai/zen/go/v1",
+    // (#532) Key validation must hit the main zen endpoint (same key works for both tiers)
+    testKeyBaseUrl: "https://opencode.ai/zen/v1",
+    authType: "apikey",
+    authHeader: "Authorization",
+    authPrefix: "Bearer",
+    defaultContextLength: 200000,
+    models: [
+      { id: "glm-5", name: "GLM-5" },
+      { id: "kimi-k2.5", name: "Kimi K2.5" },
+      { id: "minimax-m2.7", name: "MiniMax M2.7", targetFormat: "claude" },
+      { id: "minimax-m2.5", name: "MiniMax M2.5", targetFormat: "claude" },
+    ],
+  },
+
+  "opencode-zen": {
+    id: "opencode-zen",
+    alias: "opencode-zen",
+    format: "openai",
+    executor: "opencode",
+    baseUrl: "https://opencode.ai/zen/v1",
+    modelsUrl: "https://opencode.ai/zen/v1/models",
+    authType: "apikey",
+    authHeader: "Authorization",
+    authPrefix: "Bearer",
+    defaultContextLength: 200000,
+    models: [
+      { id: "minimax-m2.5-free", name: "MiniMax M2.5 Free" },
+      { id: "big-pickle", name: "Big Pickle" },
+      { id: "gpt-5-nano", name: "GPT 5 Nano" },
+    ],
+  },
+
  openrouter: {
    id: "openrouter",
    alias: "openrouter",
@@ -503,6 +603,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    baseUrl: "https://openrouter.ai/api/v1/chat/completions",
    authType: "apikey",
    authHeader: "bearer",
+    defaultContextLength: 128000,
    headers: {
      "HTTP-Referer": "https://endpoint-proxy.local",
      "X-Title": "Endpoint Proxy",
@@ -516,6 +617,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    format: "claude",
    executor: "default",
    baseUrl: "https://api.z.ai/api/anthropic/v1/messages",
+    defaultContextLength: 200000,
    urlSuffix: "?beta=true",
    authType: "apikey",
    authHeader: "x-api-key",
@@ -524,6 +626,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
      "Anthropic-Beta": "claude-code-20250219,interleaved-thinking-2025-05-14",
    },
    models: [
+      { id: "glm-5.1", name: "GLM 5.1" },
      { id: "glm-5", name: "GLM 5" },
      { id: "glm-5-turbo", name: "GLM 5 Turbo" },
      { id: "glm-4.7-flash", name: "GLM 4.7 Flash" },
@@ -533,7 +636,6 @@ export const REGISTRY: Record<string, RegistryEntry> = {
      { id: "glm-4.5v", name: "GLM 4.5V (Vision)" },
      { id: "glm-4.5", name: "GLM 4.5" },
      { id: "glm-4.5-air", name: "GLM 4.5 Air" },
-      { id: "glm-4-32b", name: "GLM 4 32B" },
    ],
  },

@@ -709,6 +811,10 @@ export const REGISTRY: Record<string, RegistryEntry> = {
      "Anthropic-Beta": "claude-code-20250219,interleaved-thinking-2025-05-14",
    },
    models: [
+      // T12/T28: MiniMax default upgraded from M2.5 to M2.7
+      { id: "minimax-m2.7", name: "MiniMax M2.7" },
+      { id: "MiniMax-M2.7", name: "MiniMax M2.7 (Legacy Alias)" },
+      { id: "minimax-m2.7-highspeed", name: "MiniMax M2.7 Highspeed" },
      { id: "minimax-m2.5", name: "MiniMax M2.5" },
      { id: "MiniMax-M2.5", name: "MiniMax M2.5 (Legacy Alias)" },
      { id: "MiniMax-M2.1", name: "MiniMax M2.1" },
@@ -730,6 +836,9 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    },
    models: [
      // Keep parity with minimax to ensure model discovery works for minimax-cn connections.
+      { id: "minimax-m2.7", name: "MiniMax M2.7" },
+      { id: "MiniMax-M2.7", name: "MiniMax M2.7 (Legacy Alias)" },
+      { id: "minimax-m2.7-highspeed", name: "MiniMax M2.7 Highspeed" },
      { id: "minimax-m2.5", name: "MiniMax M2.5" },
      { id: "MiniMax-M2.5", name: "MiniMax M2.5 (Legacy Alias)" },
      { id: "MiniMax-M2.1", name: "MiniMax M2.1" },
@@ -883,6 +992,12 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    authType: "apikey",
    authHeader: "bearer",
    models: [
+      { id: "meta-llama/Llama-3.3-70B-Instruct-Turbo-Free", name: "Llama 3.3 70B Turbo (🆓 Free)" },
+      { id: "meta-llama/Llama-Vision-Free", name: "Llama Vision (🆓 Free)" },
+      {
+        id: "deepseek-ai/DeepSeek-R1-Distill-Llama-70B-Free",
+        name: "DeepSeek R1 Distill 70B (🆓 Free)",
+      },
      { id: "meta-llama/Llama-3.3-70B-Instruct-Turbo", name: "Llama 3.3 70B Turbo" },
      { id: "deepseek-ai/DeepSeek-R1", name: "DeepSeek R1" },
      { id: "Qwen/Qwen3-235B-A22B", name: "Qwen3 235B" },
@@ -928,8 +1043,8 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    alias: "ollamacloud",
    format: "openai",
    executor: "default",
-    baseUrl: "https://api.ollama.com/v1/chat/completions",
-    modelsUrl: "https://api.ollama.com/v1/models",
+    baseUrl: "https://ollama.com/v1/chat/completions",
+    modelsUrl: "https://ollama.com/api/tags",
    authType: "apikey",
    authHeader: "bearer",
    // Note: rate limits vary by plan (free = "Light usage", Pro = more, Max = 5x Pro).
@@ -1103,7 +1218,7 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    alias: "vertex",
    // Vertex AI uses Google's generateContent format (same as Gemini)
    format: "gemini",
-    executor: "default",
+    executor: "vertex",
    // URL uses {project_id} and {region} from providerSpecificData — handled by custom executor or fallback
    // Default to us-central1 / generic endpoint; users configure project via providerSpecificData
    baseUrl: "https://us-central1-aiplatform.googleapis.com/v1/projects",
@@ -1117,10 +1232,16 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    authType: "apikey",
    authHeader: "bearer",
    models: [
+      { id: "gemini-3.1-pro-preview", name: "Gemini 3.1 Pro Preview (Vertex)" },
+      { id: "gemini-3.1-flash-lite-preview", name: "Gemini 3.1 Flash Lite Preview (Vertex)" },
+      { id: "gemini-3-flash-preview", name: "Gemini 3 Flash Preview (Vertex)" },
      { id: "gemini-2.5-pro", name: "Gemini 2.5 Pro (Vertex)" },
      { id: "gemini-2.5-flash", name: "Gemini 2.5 Flash (Vertex)" },
      { id: "gemini-2.0-flash-thinking-exp", name: "Gemini 2.0 Flash Thinking Exp (Vertex)" },
      { id: "gemma-2-27b-it", name: "Gemma 2 27B (Vertex)" },
+      { id: "deepseek-v3.2", name: "DeepSeek V3.2 (Vertex Partner)" },
+      { id: "qwen3-next-80b", name: "Qwen3 Next 80B (Vertex Partner)" },
+      { id: "glm-5", name: "GLM-5 (Vertex Partner)" },
      { id: "claude-opus-4-5@20251101", name: "Claude Opus 4.5 (Vertex)" },
      { id: "claude-sonnet-4-5@20251101", name: "Claude Sonnet 4.5 (Vertex)" },
    ],
@@ -1154,6 +1275,167 @@ export const REGISTRY: Record<string, RegistryEntry> = {
    ],
    passthroughModels: true,
  },
+
+  // ── New Free Providers (2026) ─────────────────────────────────────────────
+
+  longcat: {
+    id: "longcat",
+    alias: "lc",
+    format: "openai",
+    executor: "default",
+    baseUrl: "https://api.longcat.chat/openai/v1/chat/completions",
+    authType: "apikey",
+    authHeader: "Authorization",
+    authPrefix: "Bearer",
+    // Free tier: 50M tokens/day (Flash-Lite) + 500K/day (Chat/Thinking) — 100% free while public beta
+    models: [
+      { id: "LongCat-Flash-Lite", name: "LongCat Flash-Lite (50M tok/day 🆓)" },
+      { id: "LongCat-Flash-Chat", name: "LongCat Flash-Chat (500K tok/day 🆓)" },
+      { id: "LongCat-Flash-Thinking", name: "LongCat Flash-Thinking (500K tok/day 🆓)" },
+      { id: "LongCat-Flash-Thinking-2601", name: "LongCat Flash-Thinking-2601 (🆓)" },
+      { id: "LongCat-Flash-Omni-2603", name: "LongCat Flash-Omni-2603 (🆓)" },
+    ],
+  },
+
+  pollinations: {
+    id: "pollinations",
+    alias: "pol",
+    format: "openai",
+    executor: "pollinations",
+    // No API key required for basic use. Proxy to GPT-5, Claude, Gemini, DeepSeek, Llama 4.
+    baseUrl: "https://text.pollinations.ai/openai/chat/completions",
+    authType: "apikey", // Optional — works without one too
+    authHeader: "bearer",
+    models: [
+      { id: "openai", name: "GPT-5 via Pollinations (🆓)" },
+      { id: "claude", name: "Claude via Pollinations (🆓)" },
+      { id: "gemini", name: "Gemini via Pollinations (🆓)" },
+      { id: "deepseek", name: "DeepSeek V3 via Pollinations (🆓)" },
+      { id: "llama", name: "Llama 4 via Pollinations (🆓)" },
+      { id: "mistral", name: "Mistral via Pollinations (🆓)" },
+    ],
+  },
+
+  puter: {
+    id: "puter",
+    alias: "pu",
+    format: "openai",
+    executor: "puter",
+    // OpenAI-compatible gateway with 500+ models (GPT, Claude, Gemini, Grok, DeepSeek, Qwen…)
+    // Auth: Bearer <puter_auth_token> from puter.com/dashboard → Copy Auth Token
+    // Model IDs use provider/model-name format for non-OpenAI models.
+    // Only chat completions (incl. streaming) are available via REST.
+    // Image gen, TTS, STT, video are puter.js SDK-only (browser).
+    baseUrl: "https://api.puter.com/puterai/openai/v1/chat/completions",
+    authType: "apikey",
+    authHeader: "bearer",
+    models: [
+      // OpenAI — use bare IDs
+      { id: "gpt-4o-mini", name: "GPT-4o Mini (🆓 Puter)" },
+      { id: "gpt-4o", name: "GPT-4o (Puter)" },
+      { id: "gpt-4.1", name: "GPT-4.1 (Puter)" },
+      { id: "gpt-4.1-mini", name: "GPT-4.1 Mini (Puter)" },
+      { id: "gpt-5-nano", name: "GPT-5 Nano (Puter)" },
+      { id: "gpt-5-mini", name: "GPT-5 Mini (Puter)" },
+      { id: "gpt-5", name: "GPT-5 (Puter)" },
+      { id: "o3-mini", name: "OpenAI o3-mini (Puter)" },
+      { id: "o3", name: "OpenAI o3 (Puter)" },
+      { id: "o4-mini", name: "OpenAI o4-mini (Puter)" },
+      // Anthropic Claude — use bare IDs (confirmed working)
+      { id: "claude-haiku-4-5", name: "Claude Haiku 4.5 (Puter)" },
+      { id: "claude-sonnet-4-5", name: "Claude Sonnet 4.5 (Puter)" },
+      { id: "claude-opus-4-5", name: "Claude Opus 4.5 (Puter)" },
+      { id: "claude-sonnet-4", name: "Claude Sonnet 4 (Puter)" },
+      { id: "claude-opus-4", name: "Claude Opus 4 (Puter)" },
+      // Google Gemini — use google/ prefix (confirmed working)
+      { id: "google/gemini-2.0-flash", name: "Gemini 2.0 Flash (Puter)" },
+      { id: "google/gemini-2.5-flash", name: "Gemini 2.5 Flash (Puter)" },
+      { id: "google/gemini-2.5-pro", name: "Gemini 2.5 Pro (Puter)" },
+      { id: "google/gemini-3-flash", name: "Gemini 3 Flash (Puter)" },
+      { id: "google/gemini-3-pro", name: "Gemini 3 Pro (Puter)" },
+      // DeepSeek — use deepseek/ prefix (confirmed working)
+      { id: "deepseek/deepseek-chat", name: "DeepSeek Chat (Puter)" },
+      { id: "deepseek/deepseek-r1", name: "DeepSeek R1 (Puter)" },
+      { id: "deepseek/deepseek-v3.2", name: "DeepSeek V3.2 (Puter)" },
+      // xAI Grok — use x-ai/ prefix
+      { id: "x-ai/grok-3", name: "Grok 3 (Puter)" },
+      { id: "x-ai/grok-3-mini", name: "Grok 3 Mini (Puter)" },
+      { id: "x-ai/grok-4", name: "Grok 4 (Puter)" },
+      { id: "x-ai/grok-4-fast", name: "Grok 4 Fast (Puter)" },
+      // Meta Llama — bare IDs (confirmed ✅)
+      { id: "llama-4-scout", name: "Llama 4 Scout (Puter)" },
+      { id: "llama-4-maverick", name: "Llama 4 Maverick (Puter)" },
+      { id: "llama-3.3-70b-instruct", name: "Llama 3.3 70B (Puter)" },
+      // Mistral — bare IDs (confirmed ✅)
+      { id: "mistral-small-latest", name: "Mistral Small (Puter)" },
+      { id: "mistral-medium-latest", name: "Mistral Medium (Puter)" },
+      { id: "open-mistral-nemo", name: "Mistral Nemo (Puter)" },
+      // Qwen — use qwen/ prefix (confirmed ✅)
+      { id: "qwen/qwen3-235b-a22b", name: "Qwen3 235B (Puter)" },
+      { id: "qwen/qwen3-32b", name: "Qwen3 32B (Puter)" },
+      { id: "qwen/qwen3-coder", name: "Qwen3 Coder 480B (Puter)" },
+    ],
+    passthroughModels: true, // 500+ models available — users can type arbitrary Puter model IDs
+  },
+
+  "cloudflare-ai": {
+    id: "cloudflare-ai",
+    alias: "cf",
+    format: "openai",
+    executor: "cloudflare-ai",
+    // URL is dynamic: uses accountId from credentials. The executor builds it.
+    baseUrl: "https://api.cloudflare.com/client/v4/accounts",
+    authType: "apikey",
+    authHeader: "bearer",
+    // 10K Neurons/day free: ~150 LLM responses or 500s Whisper audio — global edge
+    models: [
+      { id: "@cf/meta/llama-3.3-70b-instruct", name: "Llama 3.3 70B (🆓 ~150 resp/day)" },
+      { id: "@cf/meta/llama-3.1-8b-instruct", name: "Llama 3.1 8B (🆓)" },
+      { id: "@cf/google/gemma-3-12b-it", name: "Gemma 3 12B (🆓)" },
+      { id: "@cf/mistral/mistral-7b-instruct-v0.2-lora", name: "Mistral 7B (🆓)" },
+      { id: "@cf/qwen/qwen2.5-coder-15b-instruct", name: "Qwen 2.5 Coder 15B (🆓)" },
+      { id: "@cf/deepseek-ai/deepseek-r1-distill-qwen-32b", name: "DeepSeek R1 Distill 32B (🆓)" },
+    ],
+  },
+
+  scaleway: {
+    id: "scaleway",
+    alias: "scw",
+    format: "openai",
+    executor: "default",
+    baseUrl: "https://api.scaleway.ai/v1/chat/completions",
+    authType: "apikey",
+    authHeader: "bearer",
+    // 1M tokens free for new accounts — EU/GDPR (Paris), no credit card needed under limit
+    models: [
+      { id: "qwen3-235b-a22b-instruct-2507", name: "Qwen3 235B A22B (1M free tok 🆓)" },
+      { id: "llama-3.1-70b-instruct", name: "Llama 3.1 70B (🆓 EU)" },
+      { id: "llama-3.1-8b-instruct", name: "Llama 3.1 8B (🆓 EU)" },
+      { id: "mistral-small-3.2-24b-instruct-2506", name: "Mistral Small 3.2 (🆓 EU)" },
+      { id: "deepseek-v3-0324", name: "DeepSeek V3 (🆓 EU)" },
+      { id: "gpt-oss-120b", name: "GPT-OSS 120B (🆓 EU)" },
+    ],
+  },
+
+  aimlapi: {
+    id: "aimlapi",
+    alias: "aiml",
+    format: "openai",
+    executor: "default",
+    baseUrl: "https://api.aimlapi.com/v1/chat/completions",
+    authType: "apikey",
+    authHeader: "bearer",
+    // $0.025/day free credits — 200+ models via single aggregator endpoint
+    models: [
+      { id: "gpt-4o", name: "GPT-4o (via AI/ML API)" },
+      { id: "claude-3-5-sonnet-20241022", name: "Claude 3.5 Sonnet (via AI/ML API)" },
+      { id: "gemini-1.5-pro", name: "Gemini 1.5 Pro (via AI/ML API)" },
+      { id: "meta-llama/Meta-Llama-3.1-70B-Instruct-Turbo", name: "Llama 3.1 70B (via AI/ML API)" },
+      { id: "deepseek-chat", name: "DeepSeek Chat (via AI/ML API)" },
+      { id: "mistral-large-latest", name: "Mistral Large (via AI/ML API)" },
+    ],
+    passthroughModels: true,
+  },
 };

 // ── Generator Functions ───────────────────────────────────────────────────
@@ -1,5 +1,5 @@
 import crypto from "crypto";
-import { BaseExecutor } from "./base.ts";
+import { BaseExecutor, mergeUpstreamExtraHeaders } from "./base.ts";
 import { PROVIDERS, OAUTH_ENDPOINTS, HTTP_STATUS } from "../config/constants.ts";

 const MAX_RETRY_AFTER_MS = 10000;
@@ -44,12 +44,28 @@ export class AntigravityExecutor extends BaseExecutor {
    // stale/wrong client-side values causing 404/403 from Cloud Code endpoints.
    // Opt-in escape hatch: set OMNIROUTE_ALLOW_BODY_PROJECT_OVERRIDE=1.
    const projectId =
-      allowBodyProjectOverride && bodyProjectId ? bodyProjectId : credentialsProjectId || bodyProjectId;
+      allowBodyProjectOverride && bodyProjectId
+        ? bodyProjectId
+        : credentialsProjectId || bodyProjectId;

    if (!projectId) {
-      throw new Error(
-        "Missing Google projectId for Antigravity account. Please reconnect OAuth so OmniRoute can fetch your real Cloud Code project (loadCodeAssist)."
-      );
+      // (#489) Return a structured error instead of throwing — gives the client a clear signal
+      // to show a "Reconnect OAuth" prompt rather than an opaque "Internal Server Error".
+      const errorMsg =
+        "Missing Google projectId for Antigravity account. Please reconnect OAuth in Providers → Antigravity so OmniRoute can fetch your Cloud Code project.";
+      const errorBody = {
+        error: {
+          message: errorMsg,
+          type: "oauth_missing_project_id",
+          code: "missing_project_id",
+        },
+      };
+      const resp = new Response(JSON.stringify(errorBody), {
+        status: 422,
+        headers: { "Content-Type": "application/json" },
+      });
+      // Returning a Response object signals the executor to stop and forward it
+      return resp as unknown as never;
    }

    // Fix contents for Claude models via Antigravity
@@ -182,7 +198,7 @@ export class AntigravityExecutor extends BaseExecutor {
    return totalMs > 0 ? totalMs : null;
  }

-  async execute({ model, body, stream, credentials, signal, log }) {
+  async execute({ model, body, stream, credentials, signal, log, upstreamExtraHeaders }) {
    const fallbackCount = this.getFallbackCount();
    let lastError = null;
    let lastStatus = 0;
@@ -192,6 +208,7 @@ export class AntigravityExecutor extends BaseExecutor {
    for (let urlIndex = 0; urlIndex < fallbackCount; urlIndex++) {
      const url = this.buildUrl(model, stream, urlIndex);
      const headers = this.buildHeaders(credentials, stream);
+      mergeUpstreamExtraHeaders(headers, upstreamExtraHeaders);
      const transformedBody = this.transformRequest(model, body, stream, credentials);

      // Initialize retry counter for this URL
@@ -58,8 +58,23 @@ export type ExecuteInput = {
  signal?: AbortSignal | null;
  log?: ExecutorLog | null;
  extendedContext?: boolean;
+  /** Merged after auth + CLI fingerprint headers (values override same-named defaults). */
+  upstreamExtraHeaders?: Record<string, string> | null;
 };

+/** Apply model-level extra upstream headers (e.g. Authentication, X-Custom-Auth). */
+export function mergeUpstreamExtraHeaders(
+  headers: Record<string, string>,
+  extra?: Record<string, string> | null
+): void {
+  if (!extra) return;
+  for (const [k, v] of Object.entries(extra)) {
+    if (typeof k === "string" && k.length > 0 && typeof v === "string") {
+      headers[k] = v;
+    }
+  }
+}
+
 function mergeAbortSignals(primary: AbortSignal, secondary: AbortSignal): AbortSignal {
  const controller = new AbortController();

@@ -204,7 +219,16 @@ export class BaseExecutor {
    return { status: response.status, message: bodyText || `HTTP ${response.status}` };
  }

-  async execute({ model, body, stream, credentials, signal, log, extendedContext }: ExecuteInput) {
+  async execute({
+    model,
+    body,
+    stream,
+    credentials,
+    signal,
+    log,
+    extendedContext,
+    upstreamExtraHeaders,
+  }: ExecuteInput) {
    const fallbackCount = this.getFallbackCount();
    let lastError: unknown = null;
    let lastStatus = 0;
@@ -258,6 +282,8 @@ export class BaseExecutor {
          bodyString = fingerprinted.bodyString;
        }

+        mergeUpstreamExtraHeaders(finalHeaders, upstreamExtraHeaders);
+
        const fetchOptions: RequestInit = {
          method: "POST",
          headers: finalHeaders,
@@ -289,7 +315,7 @@ export class BaseExecutor {
          continue;
        }

-        return { response, url, headers, transformedBody };
+        return { response, url, headers: finalHeaders, transformedBody };
      } catch (error) {
        // Distinguish timeout errors from other abort errors
        const err = error instanceof Error ? error : new Error(String(error));
@@ -0,0 +1,59 @@
+import { BaseExecutor } from "./base.ts";
+import { PROVIDERS } from "../config/constants.ts";
+
+/**
+ * CloudflareAIExecutor — handles dynamic URL construction with accountId.
+ * Cloudflare Workers AI uses the authenticated user's account ID in the URL.
+ *
+ * URL pattern: https://api.cloudflare.com/client/v4/accounts/{accountId}/ai/v1/chat/completions
+ * Auth: Bearer <API Token>
+ * Docs: https://developers.cloudflare.com/workers-ai/
+ *
+ * Free tier: 10,000 Neurons/day = ~150 LLM responses or 500s Whisper audio
+ * API Token: dash.cloudflare.com/profile/api-tokens
+ * Account ID: right sidebar of dash.cloudflare.com
+ */
+export class CloudflareAIExecutor extends BaseExecutor {
+  constructor() {
+    super("cloudflare-ai", PROVIDERS["cloudflare-ai"] || { format: "openai" });
+  }
+
+  buildUrl(_model: string, _stream: boolean, _urlIndex = 0, credentials: any = null): string {
+    // Account ID can be stored in providerSpecificData or at top level credentials
+    const accountId =
+      credentials?.providerSpecificData?.accountId ||
+      credentials?.accountId ||
+      process.env.CLOUDFLARE_ACCOUNT_ID;
+
+    if (!accountId) {
+      throw new Error(
+        "Cloudflare Workers AI requires an Account ID. " +
+          "Add it in provider settings under 'Account ID'. " +
+          "Find it at: https://dash.cloudflare.com (right sidebar)."
+      );
+    }
+
+    return `https://api.cloudflare.com/client/v4/accounts/${accountId}/ai/v1/chat/completions`;
+  }
+
+  buildHeaders(credentials: any, stream = true): Record<string, string> {
+    const headers: Record<string, string> = {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${credentials.apiKey || credentials.accessToken}`,
+    };
+
+    if (stream) {
+      headers["Accept"] = "text/event-stream";
+    }
+
+    return headers;
+  }
+
+  transformRequest(_model: string, body: any, _stream: boolean, _credentials: any): any {
+    // Cloudflare uses full model paths like @cf/meta/llama-3.3-70b-instruct
+    // No transformation needed — user sends the full Cloudflare model path.
+    return body;
+  }
+}
+
+export default CloudflareAIExecutor;
@@ -3,6 +3,112 @@ import { CODEX_DEFAULT_INSTRUCTIONS } from "../config/codexInstructions.ts";
 import { PROVIDERS } from "../config/constants.ts";
 import { refreshCodexToken } from "../services/tokenRefresh.ts";

+// ─── T09: Codex vs Spark Scope-Aware Rate Limiting ────────────────────────
+// Codex has two independent quota pools: "codex" (standard) and "spark" (premium).
+// Exhausting one should NOT block requests to the other.
+// Ref: sub2api PR #1129 (feat(openai): split codex spark rate limiting from codex)
+
+/**
+ * Maps model name substrings to their rate-limit scope.
+ * Checked in order — first match wins.
+ */
+const CODEX_SCOPE_PATTERNS: Array<{ pattern: string; scope: "codex" | "spark" }> = [
+  { pattern: "codex-spark", scope: "spark" },
+  { pattern: "spark", scope: "spark" },
+  { pattern: "codex", scope: "codex" },
+  { pattern: "gpt-5", scope: "codex" }, // gpt-5.2-codex, gpt-5.3-codex, etc.
+];
+
+/**
+ * T09: Determine the rate-limit scope for a Codex model.
+ * Use this key as the suffix for per-scope rate limit state:
+ *   `${accountId}:${getModelScope(model)}`
+ *
+ * @param model - The Codex model ID (e.g. "gpt-5.3-codex", "codex-spark-mini")
+ * @returns "codex" | "spark"
+ */
+export function getCodexModelScope(model: string): "codex" | "spark" {
+  const lower = model.toLowerCase();
+  for (const { pattern, scope } of CODEX_SCOPE_PATTERNS) {
+    if (lower.includes(pattern)) return scope;
+  }
+  return "codex"; // default scope
+}
+
+/**
+ * T09: Get the scope-keyed rate limit identifier for an account+model combination.
+ * Use this as the key for rateLimitState maps to ensure scope isolation.
+ */
+export function getCodexRateLimitKey(accountId: string, model: string): string {
+  return `${accountId}:${getCodexModelScope(model)}`;
+}
+
+/**
+ * T03: Parsed quota snapshot from Codex response headers.
+ * Codex includes per-account usage windows that allow precise reset scheduling.
+ * Ref: sub2api PR #357 (feat(oauth): persist usage snapshots and window cooldown)
+ */
+export interface CodexQuotaSnapshot {
+  usage5h: number; // tokens used in 5h window
+  limit5h: number; // token limit for 5h window
+  resetAt5h: string | null; // ISO timestamp when 5h window resets
+  usage7d: number; // tokens used in 7d window
+  limit7d: number; // token limit for 7d window
+  resetAt7d: string | null; // ISO timestamp when 7d window resets
+}
+
+/**
+ * T03: Parse Codex-specific quota headers from a provider response.
+ * Returns null if none of the relevant headers are present.
+ *
+ * Extracts:
+ *   x-codex-5h-usage / x-codex-5h-limit / x-codex-5h-reset-at
+ *   x-codex-7d-usage / x-codex-7d-limit / x-codex-7d-reset-at
+ */
+export function parseCodexQuotaHeaders(headers: Headers): CodexQuotaSnapshot | null {
+  const usage5h = headers.get("x-codex-5h-usage");
+  const limit5h = headers.get("x-codex-5h-limit");
+  const resetAt5h = headers.get("x-codex-5h-reset-at");
+  const usage7d = headers.get("x-codex-7d-usage");
+  const limit7d = headers.get("x-codex-7d-limit");
+  const resetAt7d = headers.get("x-codex-7d-reset-at");
+
+  // Return null if none of the quota headers are present (not a quota-aware response)
+  if (!usage5h && !limit5h && !resetAt5h && !usage7d && !limit7d && !resetAt7d) {
+    return null;
+  }
+
+  return {
+    usage5h: usage5h ? parseFloat(usage5h) : 0,
+    limit5h: limit5h ? parseFloat(limit5h) : Infinity,
+    resetAt5h: resetAt5h ?? null,
+    usage7d: usage7d ? parseFloat(usage7d) : 0,
+    limit7d: limit7d ? parseFloat(limit7d) : Infinity,
+    resetAt7d: resetAt7d ?? null,
+  };
+}
+
+/**
+ * T03: Get the soonest quota reset time from a CodexQuotaSnapshot.
+ * 7d window takes priority (wider window, harder limit) but we use whichever
+ * is further in the future to avoid releasing the block too early.
+ *
+ * @returns Unix timestamp (ms) of the soonest effective reset, or null
+ */
+export function getCodexResetTime(quota: CodexQuotaSnapshot): number | null {
+  const times: number[] = [];
+  if (quota.resetAt7d) {
+    const t = new Date(quota.resetAt7d).getTime();
+    if (!isNaN(t) && t > Date.now()) times.push(t);
+  }
+  if (quota.resetAt5h) {
+    const t = new Date(quota.resetAt5h).getTime();
+    if (!isNaN(t) && t > Date.now()) times.push(t);
+  }
+  if (times.length === 0) return null;
+  return Math.max(...times); // Use furthest-out reset to avoid premature unblock
+}
+
 // Ordered list of effort levels from lowest to highest
 const EFFORT_ORDER = ["none", "low", "medium", "high", "xhigh"] as const;
 type EffortLevel = (typeof EFFORT_ORDER)[number];
@@ -20,7 +20,7 @@ declare const EdgeRuntime: string | undefined;
 * @see cursorProtobuf.js for Protobuf encoding/decoding utilities
 */

-import { BaseExecutor } from "./base.ts";
+import { BaseExecutor, mergeUpstreamExtraHeaders } from "./base.ts";
 import { PROVIDERS, HTTP_STATUS } from "../config/constants.ts";
 import {
  generateCursorBody,
@@ -363,9 +363,10 @@ export class CursorExecutor extends BaseExecutor {
    });
  }

-  async execute({ model, body, stream, credentials, signal, log }) {
+  async execute({ model, body, stream, credentials, signal, log, upstreamExtraHeaders }) {
    const url = this.buildUrl();
    const headers = this.buildHeaders(credentials);
+    mergeUpstreamExtraHeaders(headers, upstreamExtraHeaders);
    const transformedBody = this.transformRequest(model, body, stream, credentials);

    try {
@@ -1,4 +1,4 @@
-import { BaseExecutor } from "./base.ts";
+import { BaseExecutor, ExecuteInput } from "./base.ts";
 import { PROVIDERS, OAUTH_ENDPOINTS } from "../config/constants.ts";
 import { getModelTargetFormat } from "../config/providerModels.ts";

@@ -19,15 +19,82 @@ export class GithubExecutor extends BaseExecutor {
    return this.config.baseUrl;
  }

+  injectResponseFormat(messages: any[], responseFormat: any) {
+    if (!responseFormat) return messages;
+
+    let formatInstruction = "";
+    if (responseFormat.type === "json_object") {
+      formatInstruction =
+        "Respond only with valid JSON. Do not include any text before or after the JSON object.";
+    } else if (responseFormat.type === "json_schema" && responseFormat.json_schema) {
+      formatInstruction = `Respond only with valid JSON matching this schema:\n${JSON.stringify(
+        responseFormat.json_schema.schema,
+        null,
+        2
+      )}\nDo not include any text before or after the JSON.`;
+    }
+
+    if (!formatInstruction) return messages;
+
+    const systemIdx = messages.findIndex((m: any) => m.role === "system");
+    if (systemIdx >= 0) {
+      return messages.map((m: any, i: number) =>
+        i === systemIdx ? { ...m, content: `${m.content}\n\n${formatInstruction}` } : m
+      );
+    }
+
+    return [{ role: "system", content: formatInstruction }, ...messages];
+  }
+
+  transformRequest(model: string, body: any, stream: boolean, credentials: any): any {
+    const modifiedBody = JSON.parse(JSON.stringify(body));
+    if (modifiedBody.response_format && model.toLowerCase().includes("claude")) {
+      modifiedBody.messages = this.injectResponseFormat(
+        modifiedBody.messages,
+        modifiedBody.response_format
+      );
+      delete modifiedBody.response_format;
+    }
+    return modifiedBody;
+  }
+
+  async execute(input: ExecuteInput) {
+    const result = await super.execute(input);
+    if (!result || !result.response?.body) return result;
+
+    const isStreaming = input.stream === true;
+    if (isStreaming) {
+      const decoder = new TextDecoder();
+      const transformStream = new TransformStream({
+        transform(chunk, controller) {
+          const text = decoder.decode(chunk, { stream: true });
+          if (text.includes("data: [DONE]")) {
+            return;
+          }
+          controller.enqueue(chunk);
+        },
+      });
+
+      const newResponse = new Response(result.response.body.pipeThrough(transformStream), {
+        status: result.response.status,
+        statusText: result.response.statusText,
+        headers: result.response.headers, // Headers class carries over correctly
+      });
+      result.response = newResponse;
+    }
+
+    return result;
+  }
+
  buildHeaders(credentials, stream = true) {
    const token = credentials.copilotToken || credentials.accessToken;
    return {
      Authorization: `Bearer ${token}`,
      "Content-Type": "application/json",
      "copilot-integration-id": "vscode-chat",
-      "editor-version": "vscode/1.107.1",
-      "editor-plugin-version": "copilot-chat/0.26.7",
-      "user-agent": "GitHubCopilotChat/0.26.7",
+      "editor-version": "vscode/1.110.0",
+      "editor-plugin-version": "copilot-chat/0.38.0",
+      "user-agent": "GitHubCopilotChat/0.38.0",
      "openai-intent": "conversation-panel",
      "x-github-api-version": "2025-04-01",
      "x-request-id":
@@ -44,7 +111,7 @@ export class GithubExecutor extends BaseExecutor {
        headers: {
          Authorization: `token ${githubAccessToken}`,
          "User-Agent": "GithubCopilot/1.0",
-          "Editor-Version": "vscode/1.100.0",
+          "Editor-Version": "vscode/1.110.0",
          "Editor-Plugin-Version": "copilot/1.300.0",
          Accept: "application/json",
        },
--- a/Show More
+++ b/Show More