Dashboard routes were accessible without authentication because
dashboardGuard.js was not connected to Next.js middleware pipeline.
Created src/proxy.js to export the auth guard using Next.js 16
proxy convention. Now /dashboard routes properly redirect to
/login when auth_token cookie is missing or invalid.
* fix(translator): filter nameless hosted tools when converting Responses API to Chat format
Codex CLI sends "hosted" tools (e.g. `request_user_input`) via the OpenAI
Responses API. These tools have no explicit `name` field. The previous
`body.tools.map()` pass propagated `name: undefined` into the resulting
Chat Completions function declarations, which then became anonymous
`functionDeclarations` after the OpenAI→Gemini translation step.
Gemini strictly requires every function declaration to have a valid name
and rejects the entire request with:
GenerateContentRequest.tools[0].function_declarations[4].name:
Invalid function name. Must start with a letter or an underscore.
Fix: filter out any Responses API tool that lacks a non-empty `name`
string before converting to `{ type: "function", function: { name, ... } }`.
Named function tools are unaffected; only unnamed hosted tools are skipped.
Fixes: Gemini 400 error when Codex CLI is routed through 9router.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(gemini): convert OpenAI SSE to Gemini SSE format in /v1beta/models route
The @google/genai SDK always uses :streamGenerateContent?alt=sse for chat
and expects Gemini SSE chunk format. The upstream handleChat returns OpenAI
SSE format, causing the SDK to crash on the [DONE] sentinel.
Changes:
- Add transformOpenAISSEToGeminiSSE() using TransformStream that converts
each OpenAI SSE chunk (choices[0].delta) to Gemini SSE format
(candidates[0].content.parts) on the fly
- Drop the OpenAI [DONE] sentinel (Gemini SSE ends by stream close)
- Map finish_reason -> finishReason, attach usageMetadata on final chunk
- Support reasoning_content -> thought: true parts for thinking models
- Refactor finishReasonMap to shared FINISH_REASON_MAP constant
- Fix streaming dispatch: stream=true now calls transformOpenAISSEToGeminiSSE
instead of passing OpenAI SSE through raw
Fixes: SyntaxError: "[DONE]" is not valid JSON in Gemini CLI
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Codex CLI sends "hosted" tools (e.g. `request_user_input`) via the OpenAI
Responses API. These tools have no explicit `name` field. The previous
`body.tools.map()` pass propagated `name: undefined` into the resulting
Chat Completions function declarations, which then became anonymous
`functionDeclarations` after the OpenAI→Gemini translation step.
Gemini strictly requires every function declaration to have a valid name
and rejects the entire request with:
GenerateContentRequest.tools[0].function_declarations[4].name:
Invalid function name. Must start with a letter or an underscore.
Fix: filter out any Responses API tool that lacks a non-empty `name`
string before converting to `{ type: "function", function: { name, ... } }`.
Named function tools are unaffected; only unnamed hosted tools are skipped.
Fixes: Gemini 400 error when Codex CLI is routed through 9router.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
- Add a warning message for Windows users in AntigravityToolCard to run the terminal as Administrator for MITM functionality.
- Refactor model testing logic in ProviderDetailPage to improve state management and user experience.
- Introduce new version notification in Sidebar for available updates.
- Add a 10-second timeout for fetch requests in getAntigravityUsage and getAntigravitySubscriptionInfo functions.
- Include error logging for fetch failures in both functions.
- Update headers to include "x-request-source" for MITM bypass.
- Enhance proxyFetch with DNS resolution and MITM bypass capabilities.
- Ensure proxyFetch is loaded in the API route for proper fetch patching.
- Added eye icon button to show/hide individual API keys
- Keys hidden by default on page load for security
- Copy button always copies full key regardless of visibility state
- Implemented per-key visibility state with React useState
- Added maskKey helper to display first 8 characters + "..."
- Clean up visibility state when keys are deleted
Improves security and UX when managing API keys in the dashboard.
- Patch Node fetch via undici ProxyAgent when HTTP_PROXY/HTTPS_PROXY/ALL_PROXY is set
- Ensure proxy patch is loaded for both chat pipeline and OAuth token exchange
- Add Dashboard Settings → Network to edit outbound proxy and apply immediately
- Persist outbound proxy settings in local db and initialize on server startup
- Move proxy helpers to src/lib/network/ for better structure
- Rename src/proxy.js → src/dashboardGuard.js to avoid naming confusion
- Re-apply proxy env after DB import
- Fix: close old dispatcher on proxy URL change to prevent connection pool leak
- Fix: idempotency guard to avoid patching globalThis.fetch multiple times
Made-with: Cursor
- Add alicode provider with OpenAI-compatible API endpoint
- Support 8 models via Aliyun Bailian Coding Plan
- Add API key validation and connection testing
- Use getDefaultModel() instead of hardcoded model names
Co-authored-by: decolua <decoluadt@example.com>
Made-with: Cursor
- Added new provider models: Claude 4.6 Opus Max, Claude 4.6 Sonnet Medium Thinking, Kimi K2.5, Gemini 3.1 Pro Preview, Gemini 3 Flash Preview, GPT 5.2, and GPT 5.3 Codex.
Rename alicloud to alicode to clearly indicate Aliyun's Coding Plan service.
- Provider ID: alicode (short for Aliyun Coding)
- Model format: alicode/qwen3.5-plus
- Simplified mapping - no more bidirectional aliases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add support for Alibaba Cloud Bailian Coding Plan, a coding-focused AI service
that provides fixed monthly pricing for multiple models.
Changes:
- Add alicloud provider with OpenAI-compatible API endpoint
- Support 8 models: qwen3.5-plus, kimi-k2.5, glm-5, MiniMax-M2.5,
qwen3-max, qwen3-coder-next, qwen3-coder-plus, glm-4.7
- Use "ali" as provider alias (ali/model format)
- Add API key validation and connection testing
- Add frontend provider definition with "ALi" text icon
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added functionality to fetch and set statuses for various CLI tools (Claude, Codex, Droid, OpenClaw, Antigravity) on component mount.
- Enhanced error handling and logging in the OAuth provider test utilities and DNS management functions.
- Improved the MITM server to handle multiple target hosts and provide clearer error messages regarding port usage.
- Introduced a new ProviderDetailPage component to handle provider-specific functionalities.
- Implemented state management for connections, loading states, and model selections.
- Added API calls for fetching provider connections and model aliases.
- Included modals for OAuth and API key management.
- Enhanced user experience with model selection and saving capabilities.
Cherry-picked from decolua/9router PR #183.
Note: open-sse changes included but need further review due to extensive modifications.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Add glm-cn to APIKEY_PROVIDERS in src/shared/constants/providers.js
- Align with existing glm-cn model definitions in providerModels.js
- Users can now see and select GLM (China) option in Web UI
- Follows same pattern as minimax-cn (red color for China region)
* feat: implement Project ID service to fetch and cache real Project IDs from Google Cloud Code API
* fix: implement caching and cleanup for Project ID retrieval
* feat: add project ID invalidation and refresh logic after token updates
* refactor: remove unnecessary format changes
* feat: add on-demand project ID retrieval for antigravity requests
The macOS auto-import was failing with "Cursor database not found" even
when Cursor was installed and logged in. This was caused by a single
hardcoded path and no fallback when the DB file existed but couldn't be
opened (e.g. WAL lock, Insiders variant).
Changes (macOS only — linux/win32 paths are unchanged):
- Probe both standard and Insiders DB locations on macOS
- Return a descriptive error when the DB file exists but can't be opened
- Try multiple known key names for token and machine ID
- Add fuzzy key fallback for future Cursor schema changes
- Normalize JSON-encoded string values from the DB
Adds unit tests covering all new and existing behavior.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Add isActive field to API key schema with migration
- Implement PUT /api/keys/[id] endpoint for toggle
- Update validation to reject paused keys (403)
- Add UI toggle controls with confirmation
- Ensure cloud sync preserves pause state
- Tracks endpoints like /v1/chat/completions, /v1/messages, /v1/responses
- New sortable/groupable table in usage dashboard with expandable groups
- Enhanced usage database aggregation by endpoint + model + provider
- Added endpoint tracking to all saveRequestUsage/saveRequestDetail calls
- Maintains backward compatibility with existing data structure
