chore(release): v3.5.6 — email masking, model toggle, OpenRouter registries & bug fixes (#1080)

* fix(minimax): switch auth from x-api-key to Authorization Bearer (#1076)

Integrated into release/v3.5.6 — MiniMax auth fix with authHeader consistency normalization

* feat(CI,i18n): autogenerate language files + Add missing strings (#1071)

Integrated into release/v3.5.6 — i18n translations for memory, skills, and missing keys across 31 languages

* fix(ci): restore i18n continue-on-error, remove auto-commit race condition

* fix(husky): load nvm in hooks for VS Code compatibility

* fix(husky): gracefully skip hooks when npm is not in PATH

* fix: convert OpenAI function tool_choice to Claude tool format (#1072)

* fix: prevent EPIPE feedback loop filling logs at GB/s (#1006)

* fix: fallback to native fetch when undici dispatcher fails (#1054)

* fix: improve Qoder PAT validation with actionable error messages (#966)

- Add QODER_PERSONAL_ACCESS_TOKEN env var fallback for both validation and execution
- Pre-flight ping check to diagnose connectivity issues (Docker/proxy)
- Detect encrypted auth blobs from ~/.qoder/.auth/user and guide to website PAT
- Clear error messages for auth failures with link to integrations page
- Treat non-auth 4xx as auth-pass (request format issue, not token issue)
- Update tests to cover new validation paths (23 tests, all passing)

* feat: Improve the Chinese translation (#1079)

Integrated into release/v3.5.6

* chore(release): v3.5.6 — i18n updates and credential security fixes

* fix(ci): resolve e2e and docs-sync pipeline failures

* fix(security): bump next to 16.2.3 to resolve SNYK-JS-NEXT-15954202

* fix: guard Memory/Cache UI against null toLocaleString crash (#1083)

* fix: translate OpenAI tool_choice type 'function' to Claude 'tool' format (#1072)

* fix: pass custom baseUrl in provider API key validation (#1078)

* docs: update CHANGELOG with v3.5.6 bug fixes and security patches

* docs: rewrite implement-features workflow with 5-phase harvest-research-report-plan-execute pipeline

* docs: organize _ideia/ into viable/defer/notfit + add Phase 2.5 auto-response workflow

* docs: implementation plans for #1025, #750, #960, #1046 + close already-implemented #833, #973, #982

* feat: mask email addresses in dashboard for privacy (#1025)

* feat: add OpenRouter and GitHub to embedding/image provider registries (#960)

* feat: add model visibility toggle and search filter to provider page (#750)

* docs: move implemented features to notfit, update task plans status

* chore: untrack _ideia/ and _tasks/ from git — private/internal only

* chore(release): bump to v3.5.6 — changelog, docs, version sync & any-budget fix

* fix: remove explicit .ts extension in qoderCli import that caused 500 error in production build

---------

Co-authored-by: Jean Brito <jeanfbrito@gmail.com>
Co-authored-by: zenobit <zenobit@disroot.org>
Co-authored-by: diegosouzapw <diegosouzapw@users.noreply.github.com>
Co-authored-by: Ethan Hunt <136065060+only4copilot@users.noreply.github.com>

scripts/sync-env.mjs

@@ -0,0 +1,137 @@
+#!/usr/bin/env node
+/**
+ * OmniRoute — Environment Sync
+ *
+ * Ensures .env exists and contains all keys from .env.example.
+ * Runs on installs and can be executed manually via `npm run env:sync`.
+ *
+ * Rules:
+ *   - Never overwrites existing values in .env
+ *   - Auto-generates cryptographic secrets if blank in .env.example
+ *   - Copies default values from .env.example for new keys
+ *   - Skips commented lines from .env.example
+ */
+
+import { copyFileSync, existsSync, readFileSync, writeFileSync } from "node:fs";
+import { randomBytes } from "node:crypto";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const CRYPTO_SECRETS = {
+  JWT_SECRET: () => randomBytes(64).toString("hex"),
+  API_KEY_SECRET: () => randomBytes(32).toString("hex"),
+  STORAGE_ENCRYPTION_KEY: () => randomBytes(32).toString("hex"),
+  MACHINE_ID_SALT: () => `omniroute-${randomBytes(8).toString("hex")}`,
+};
+
+export function parseEnvFile(filePath) {
+  if (!existsSync(filePath)) return new Map();
+
+  const content = readFileSync(filePath, "utf8");
+  const entries = new Map();
+
+  for (const line of content.split(/\r?\n/)) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+
+    const eqIndex = trimmed.indexOf("=");
+    if (eqIndex < 1) continue;
+
+    const key = trimmed.slice(0, eqIndex).trim();
+    const value = trimmed.slice(eqIndex + 1).trim();
+    entries.set(key, value);
+  }
+
+  return entries;
+}
+
+function replaceBlankSecret(content, key, value) {
+  const pattern = new RegExp(`^${key}=\\s*$`, "m");
+  return pattern.test(content) ? content.replace(pattern, `${key}=${value}`) : content;
+}
+
+export function syncEnv({ rootDir, quiet = false } = {}) {
+  const log = quiet ? () => {} : (message) => process.stderr.write(`[sync-env] ${message}\n`);
+  const root = rootDir || dirname(dirname(fileURLToPath(import.meta.url)));
+  const envExamplePath = join(root, ".env.example");
+  const envPath = join(root, ".env");
+
+  if (!existsSync(envExamplePath)) {
+    log("⚠️  .env.example not found — skipping sync");
+    return { created: false, added: 0 };
+  }
+
+  const exampleEntries = parseEnvFile(envExamplePath);
+
+  if (!existsSync(envPath)) {
+    copyFileSync(envExamplePath, envPath);
+
+    let content = readFileSync(envPath, "utf8");
+    let generated = 0;
+    for (const [key, generator] of Object.entries(CRYPTO_SECRETS)) {
+      const nextContent = replaceBlankSecret(content, key, generator());
+      if (nextContent !== content) {
+        content = nextContent;
+        generated++;
+        log(`✨ ${key} auto-generated`);
+      }
+    }
+
+    writeFileSync(envPath, content, "utf8");
+    log(
+      `✨ Created .env from .env.example (${exampleEntries.size} keys, ${generated} secrets generated)`
+    );
+    return { created: true, added: exampleEntries.size };
+  }
+
+  const currentEntries = parseEnvFile(envPath);
+  const missingEntries = [];
+
+  for (const [key, defaultValue] of exampleEntries) {
+    if (currentEntries.has(key)) continue;
+
+    if (CRYPTO_SECRETS[key] && !defaultValue) {
+      missingEntries.push({
+        key,
+        value: CRYPTO_SECRETS[key](),
+        generated: true,
+      });
+      continue;
+    }
+
+    missingEntries.push({
+      key,
+      value: defaultValue,
+      generated: false,
+    });
+  }
+
+  if (missingEntries.length === 0) {
+    log("✅ .env is up to date (0 keys added)");
+    return { created: false, added: 0 };
+  }
+
+  const appendLines = [
+    "",
+    `# ── Auto-added by sync-env (${new Date().toISOString().slice(0, 10)}) ──`,
+  ];
+
+  for (const entry of missingEntries) {
+    appendLines.push(`${entry.key}=${entry.value}`);
+    log(
+      `${entry.generated ? "✨" : "📦"} ${entry.key}${entry.generated ? " (auto-generated)" : ""}`
+    );
+  }
+
+  appendLines.push("");
+
+  const currentContent = readFileSync(envPath, "utf8");
+  writeFileSync(envPath, `${currentContent.trimEnd()}\n${appendLines.join("\n")}`, "utf8");
+  log(`📦 Synced .env — added ${missingEntries.length} missing keys`);
+
+  return { created: false, added: missingEntries.length };
+}
+
+if (process.argv[1]?.endsWith("sync-env.mjs")) {
+  syncEnv();
+}