Add dedicated batch test modes for web-cookie, search, and audio
providers in the dashboard, API route, and request validation so
category-level testing targets the correct connections.
Rename legacy qoder refresh and usage helpers from iflow to qoder
for consistency, and tighten regex handling in response cleaning,
thinking compression, and proxy matching to address edge cases and
static analysis findings.
Also update related tests, typing fixes, and README star history
embeds.
* fix(streaming): #1211 greedy strip omniModel tags to prevent literal \n\n artifacts
- Changed regex quantifier from ? to * in combo.ts, comboAgentMiddleware.ts,
and contextHandoff.ts to greedily strip all JSON-escaped newline sequences
surrounding <omniModel> tags in SSE streaming chunks
- Added \r to the character class for cross-platform robustness
- Fixed Playwright strict-mode violation in combo-unification.spec.ts
- Bumped OpenAPI version and CHANGELOG to 3.6.6
* fix: 3 bugs found during issue triage (#1175, #1187/#1218, #1202)
- fix(gemini): strip VS Code JSON Schema extensions from tool schemas (#1175)
Add enumDescriptions, markdownDescription, markdownEnumDescriptions,
enumItemLabels and tags to UNSUPPORTED_SCHEMA_CONSTRAINTS so the Gemini
sanitizer removes them before forwarding. GitHub Copilot injects these
non-standard fields into tool definitions, causing Gemini to reject with
'Unknown name enumDescriptions at functionDeclarations[n].parameters'.
- fix(health-check): unwrap proxy config object before passing to getAccessToken (#1187#1218)
resolveProxyForConnection() returns { proxy, level, levelId } but the health
check loop was passing the full wrapper to getAccessToken(), which expects the
inner config object (.host, .port etc). The proxy dispatcher validated .host
on the wrapper (undefined) and threw 'Context proxy host is required', silently
marking every connection as unhealthy every sweep. Fix mirrors the pattern
already used in chatHelpers.ts: proxyResult?.proxy || null.
- fix(ui): debounce models.dev sync interval slider to save only on release (#1202)
The slider's onChange fired updateInterval() on every drag tick, sending a
PATCH per pixel of movement. Rapid API responses overwrote UI state mid-drag.
Introduce draftIntervalHours for smooth visual feedback; the PATCH fires
on onMouseUp / onBlur once the user releases the control.
* fix(providers): update Xiaomi MiMo token-plan endpoints (#1238)
Integrated into release/v3.6.6
* fix(cc-compatible): trim beta flags and preserve cache passthrough (#1230)
Integrated into release/v3.6.6
* feat(memory+skills): full-featured memory & skills systems with tests (#1228)
Integrated into release/v3.6.6
* fix: forward client x-initiator header to GitHub Copilot upstream (#1227)
Integrated into release/v3.6.6
* feat(bailian-quota): add Alibaba Coding Plan quota monitoring (#1235)
* fix: resolve v3.6.6 backlog bugs (#1206, #1211, #1220, #1231)
- fix(core): #1206 inject startup guard against app/ and src/app/ conflict
- fix(health): #1220 add HEALTHCHECK_STAGGER_MS to prevent token refresh bursting
- fix(proxy): #1231 prioritize HTTP 429 over quota body heuristics
- fix(sse): #1211 strip leading double-newlines in responses API stream
* fix(tests): resolve memory migration and skills route pagination bugs from PR overlaps
* docs: Update CHANGELOG.md with v3.6.6 features (#1182, #1165, #1177)
* chore(release): bump version to 3.6.6
Update package versions for the electron app and open-sse package.
Sync llm.txt metadata and feature headings with the 3.6.6 release.
* feat(core): harden outbound provider calls and add cooldown retries
Add guarded outbound fetch helpers with private/local URL blocking,
controlled retries, timeout normalization, and route-level status
propagation for provider validation and model discovery.
Introduce cooldown-aware chat retries with configurable
requestRetry and maxRetryIntervalSec settings, model-scoped cooldown
responses, and improved rate-limit learning from headers and error
bodies so short upstream lockouts can recover automatically.
Also align Antigravity and Codex header handling, require API keys
for Pollinations, validate web runtime env at startup, restore
sanitized Gemini tool names in translated responses, and inject a
synthetic Claude text block when upstream SSE completes empty.
* feat(models): add glmt preset and hybrid token counting
Introduce GLM Thinking as a first-class provider preset with shared GLM
model metadata, pricing, usage sync, dashboard support, and provider
request defaults for higher token budgets and longer timeouts.
Use provider-side /messages/count_tokens when a Claude-compatible
upstream supports it, while preserving estimated fallback behavior for
missing models, missing credentials, and upstream failures.
Also add startup seeding for default model aliases and normalize common
cross-proxy model dialects so canonical slashful model ids do not get
misrouted during resolution.
* feat(api): add sync tokens and v1 websocket bridge
Add dedicated sync token storage, issuance, revocation, and bundle
download routes backed by stable config bundle versioning and ETag
support.
Expose the v1 websocket handshake route and custom Next server bridge so
OpenAI-compatible websocket traffic can be upgraded and proxied through
the dashboard and API bridge.
Expand compliance auditing with structured metadata, pagination, request
context, auth and provider credential events, and SSRF-blocked
validation logging.
* docs: Update all documentation for v3.6.6
- CHANGELOG: Add WebSocket bridge, GLM Thinking preset, safe outbound
fetch/SSRF guard, cooldown-aware retries, compliance audit v2, model
alias seeding, and all Internal Improvements for the 3 new commits
- README: Expand v3.6.x highlights table with 10 new features; add
SafeOutboundFetch, CooldownAwareRetry, SSRF guard, TPS metric, sync
tokens, WebSocket bridge to Resilience/Observability/Deployment tables
- ARCHITECTURE: Bump date; add new modules to executive summary, API
routes, SSE core services, Auth/Security section; add SSRF/Outbound
guard failure mode (section 6); expand module mapping
- ENVIRONMENT: Add OMNIROUTE_CRYPT_KEY/OMNIROUTE_API_KEY_BASE64 legacy
aliases, OUTBOUND_SSRF_GUARD_ENABLED, CODEX_CLIENT_VERSION, and
REQUEST_RETRY/MAX_RETRY_INTERVAL_SEC cooldown retry settings
- FEATURES: Add 6 new feature sections — V1 WebSocket Bridge, Sync
Tokens & Config Bundle, GLM Thinking Preset, Safe Outbound Fetch &
SSRF Guard, Cooldown-Aware Retries, Compliance Audit v2
* fix: use api64 for proxy test (#1255)
Integrated into release/v3.6.6 — IPv6 proxy test fix
* fix(page): update custom models section to include all providers #1200 (#1256)
Integrated into release/v3.6.6 — Gemini custom model picker fix
* fix: provide default client_id fallbacks to prevent broken OAuth requests (#1246)
Integrated into release/v3.6.6 — OAuth client_id default fallbacks
* fix: translate max_tokens/max_completion_tokens → max_output_tokens in Chat→Responses translator (#1245)
Integrated into release/v3.6.6 — max_tokens → max_output_tokens Responses API translation + unit tests
* feat(oauth): support cursor-agent CLI as Cursor credential source (#1258)
Integrated into release/v3.6.6 — cursor-agent CLI credential source support
* fix(cc-compatible): restore upstream SSE and correct stream/combo timeout behavior (#1257)
Integrated into release/v3.6.6 — CC-compatible upstream SSE restore + stream timeout fix + README table repair
* fix(cli-tools): resolve API key resolution and model mapping bugs in CLI tools (#1263)
Integrated into release/v3.6.6
* feat(cli-tools): add Qwen Code CLI integration (#1266)
Integrated into release/v3.6.6
* fix(i18n): add missing zh-CN translations and fix logger imports (#1269)
Integrated into release/v3.6.6
* fix(i18n): add Chinese i18n support to dashboard components (#1274)
Integrated into release/v3.6.6
* feat: update Pollinations to require API key, remove free tier flag (#1177)
* feat: friendly error messages for crypto/encryption failures (#1165)
* feat: add TPS (tokens per second) metric column to request logs (#1182)
* feat: merge custom/imported models into filter list for all providers (#1191)
* feat(fallback): Fix provider-profile-driven lockouts (#1267)
This integrates rdself's unify-provider-profile-locks PR manually to handle structural conflicts.
* fix(claude): proper Anthropic SDK integration (#1271)
* fix(healthcheck): use correct proxy wrapper format for getAccessToken (#1272)
* chore(release): v3.6.6 — skills registry stability fix + final integration
* fix(auth): harden bootstrap auth and memory dashboard behavior
Restrict unauthenticated writes to /api/settings/require-login to
the initial bootstrap window while keeping read-only checks public.
This prevents post-setup config changes without blocking first-run
login setup, and the onboarding flow now logs in immediately after
setting the password.
Restore memory API filtering and pagination behavior by supporting q
searches, honoring offset-based requests, and avoiding unrelated
fallback results when FTS misses. Update dashboard stats fallback to
use the response totals consistently.
Package the MCP server with explicit file entries and add regression
tests for bootstrap auth and memory route behavior
* fix(codex): remove max_output_tokens from body for compatibility
* chore(release): v3.6.6 — include PR 1274 fixes in changelog
* chore: exclude additional build artifacts and internal directories from npm package distribution
* fix: update Gemini OAuth test to match registry defaults + codex UI improvements
* fix: restore .mjs refs for scripts/ in test imports after ts migration
* fix: restore next.config.mjs ref in dev-origins test
* fix: implement db migration safety checks and codex config format
* fix: disable mass-migration abort during unit tests based on auto-backup flag
* fix: update script regex in auto-update tests to use .mjs
* feat: Add Perplexity Web (Session) provider (#1289)
Integrated into release/v3.6.6
* fix(cli): resolve codex routing config parsing, standardize select model button positioning, and clarify oauth documentation
* docs(changelog): record recent cli, provider, and test updates
Document the latest fixes for Codex routing configuration parsing and
Lobehub provider icon fallback behavior.
Add the note that the remaining JavaScript test files were migrated to
TypeScript ES modules to reflect the completed test stack transition.
* chore(release): merge #1286 minor improvements manually to avoid testing conflict
* chore(test): rename perplexity-web.test.mjs to .ts to maintain 100% TS codebase
* chore(docs): update CHANGELOG.md for perplexity-web provider
* fix(security): resolve CodeQL incomplete URL substring sanitization via URL parsing in test mocks
* fix: integrate compressContext() into chatCore.ts request pipeline
Proactively compress oversized contexts before sending to upstream providers,
preventing context_length_exceeded errors. Compression triggers at 85% of
model's context limit using the existing 3-layer compressContext() function.
- Import compressContext, estimateTokens, getTokenLimit from contextManager
- Add compression check after translation, before executor dispatch
- Estimate tokens and compare against 85% threshold of model's context limit
- Apply 3-layer compression (trim tools, compress thinking, purify history)
- Log compression events with before/after token counts and layers applied
- Audit compression events for observability
- Add unit tests verifying integration behavior
Closes#1290
* fix(tests): align reasoning expectations with GLM thinking structure
* fix: prevent orphaned tool_result messages in purifyHistory()
When purifyHistory() drops oldest messages to fit context window, it can
split tool_use/tool_result pairs — keeping the tool_result but dropping
the tool_use that initiated it. This causes upstream providers to reject
the request with format errors.
Add fixToolPairs() that runs after each purification pass to remove:
- OpenAI format: orphaned role='tool' messages without matching tool_calls ID
- Claude format: orphaned tool_result content blocks without matching tool_use ID
Closes#1291
* fix(tests): supply tool_use in mock so it is not dropped
* chore: convert remaining test to TypeScript
* fix(tests): restore compatibility with compressContext threshold test after tsx migration
* docs: finalize v3.6.6 release documentation
* fix(core): finalize provider removal, type issues, and codex API key config
* fix(dashboard): render Web/Cookie, Search, Audio provider sections and fix TypeScript errors
* fix: increase MCP web_search timeout to 60s (#1278)
* fix: route combo testing properly for embedding models (#1260)
* fix: accumulate excluded accounts in combo fallback loop (#1233)
* fix: strip leading whitespace and newlines from first streaming chunk (#1211)
* docs: clarify VPS and Docker settings for OAuth credentials (#1204)
* fix: return real retry-after for pipeline gates (#1301)
Integrated into release/v3.6.6 — returns real Retry-After values from pipeline gates
* feat: streaming semantic cache, Cursor auto-version detection, and call-log enhancements (#1296)
Integrated into release/v3.6.6 — streaming semantic cache, Cursor auto-version detection, call-log cache_source tracking
* feat(api): support more OpenAI types (image, embeddings, audio-transcriptions, audio-speech) (#1297)
Integrated into release/v3.6.6 — adds embeddings, audio-transcriptions, audio-speech, and images-generations support for custom OpenAI-compatible providers, plus Pollinations image registry
* deps: bump hono from 4.12.12 to 4.12.14 (#1302)
Integrated into release/v3.6.6
* deps: bump hono from 4.12.12 to 4.12.14 (#1306)
Integrated into release/v3.6.6
* chore: stabilization fixes for v3.6.6 (#1298, #1254, #59, CI)
* fix(providers): match correct endpoint for Xiaomi MiMo, strip routing prefix for custom openai endpoints (#1303, #1261)
* feat(storage): add database backup cleanup controls
* chore(release): v3.6.6 — Final Stabilization Push
* Backport call log storage refactor to release/v3.6.6 (#1307)
Integrated into release/v3.6.6
* deps: update dompurify to 3.4.0 to resolve CVE-XYZ (#60)
* test: disable sqlite auto backup in CI to resolve E2E timeout (#24481475058)
* chore(docs): sync CHANGELOG for v3.6.6 with missing features and fixes
* chore(release): prep v3.6.6 infrastructure and type safety fixes
- Migrated legacy .mjs scripts to .ts (bin, prepublish, policies)
- Resolved pre-commit strict lint (t11 budget) errors in combo.ts
- Explicitly typed all TS bindings in pack-artifact policies
- Updated package.json commands to run Node via tsx/esm internally
- Hardened CI/CD with explicit node version 22.22.2 checks
- Completed stage validations for v3.6.6 final release
* chore: fix TS build errors and e2e timeouts in CI
- Migrate nodeRuntimeSupport to TS interfaces avoiding implicit any
- Increase visibility timeouts in skills-marketplace E2E test to 15s to bypass CI flakiness
- Complete migration of .mjs scripts to .ts ensuring type safety
* chore(release): sync package version 3.6.6 across workspaces
* test(e2e): universally increase UI component visibility timeouts from 5s to 15s to bypass CI starvation
* chore(build): inject baseUrl, paths, and types:node into MITM tsconfig within prepublish hook to fix missing types in CI check
---------
Co-authored-by: diegosouzapw <diegosouzapw@users.noreply.github.com>
Co-authored-by: Jack <5443152+hijak@users.noreply.github.com>
Co-authored-by: Randi <55005611+rdself@users.noreply.github.com>
Co-authored-by: Paijo <14921983+oyi77@users.noreply.github.com>
Co-authored-by: Samuel Cedric <ceds.sam@gmail.com>
Co-authored-by: Max Garmash <max@37bytes.com>
Co-authored-by: Markus Hartung <mail@hartmark.se>
Co-authored-by: Gi99lin <74502520+Gi99lin@users.noreply.github.com>
Co-authored-by: Payne <baboialex95@gmail.com>
Co-authored-by: Benson K B <bensonkbmca@gmail.com>
Co-authored-by: clousky2020 <33016567+clousky2020@users.noreply.github.com>
Co-authored-by: Ravi Tharuma <25951435+RaviTharuma@users.noreply.github.com>
Co-authored-by: oyi77 <oyi77@users.noreply.github.com>
Co-authored-by: Hdsje <vovan877@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: xiaoge1688 <moyekongling@gmail.com>
Apply composite tier ordering to top-level combo steps and direct
targets so priority and round-robin strategies follow the configured
defaultTier to fallbackTier chain before using remaining steps.
Add defensive config parsing helpers, regression tests for composite
tier ordering, and documentation updates for the structured combo
builder, quota-aware P2C, and combo target health.
- CHANGELOG: documented 33 new API Key providers (DeepInfra, SambaNova, Meta Llama API, AI21 Labs, Databricks, Snowflake, GigaChat, etc.)
- README: updated tagline, unified endpoint, and feature descriptions from 60+ to 100+
- AGENTS.md: updated project description and full API Key provider list (48+ → 91)
- ARCHITECTURE.md: updated executive summary
- i18n: synced all 33 language README and ARCHITECTURE files
- Add emailPrivacyStore (Zustand + persist) for global toggle state
- Add EmailPrivacyToggle component with eye open/closed icons
- Add pickDisplayValue() visibility-aware masking function
- Integrate toggle into provider detail, usage limits & playground pages
- Per-modal showEmail now uses global store (synced across all pages)
- Default: emails hidden; toggle persists across page reloads
- Add showEmails/hideEmails i18n keys
- Update CHANGELOG.md and openapi.yaml to v3.6.2
* fix(minimax): switch auth from x-api-key to Authorization Bearer (#1076)
Integrated into release/v3.5.6 — MiniMax auth fix with authHeader consistency normalization
* feat(CI,i18n): autogenerate language files + Add missing strings (#1071)
Integrated into release/v3.5.6 — i18n translations for memory, skills, and missing keys across 31 languages
* fix(ci): restore i18n continue-on-error, remove auto-commit race condition
* fix(husky): load nvm in hooks for VS Code compatibility
* fix(husky): gracefully skip hooks when npm is not in PATH
* fix: convert OpenAI function tool_choice to Claude tool format (#1072)
* fix: prevent EPIPE feedback loop filling logs at GB/s (#1006)
* fix: fallback to native fetch when undici dispatcher fails (#1054)
* fix: improve Qoder PAT validation with actionable error messages (#966)
- Add QODER_PERSONAL_ACCESS_TOKEN env var fallback for both validation and execution
- Pre-flight ping check to diagnose connectivity issues (Docker/proxy)
- Detect encrypted auth blobs from ~/.qoder/.auth/user and guide to website PAT
- Clear error messages for auth failures with link to integrations page
- Treat non-auth 4xx as auth-pass (request format issue, not token issue)
- Update tests to cover new validation paths (23 tests, all passing)
* feat: Improve the Chinese translation (#1079)
Integrated into release/v3.5.6
* chore(release): v3.5.6 — i18n updates and credential security fixes
* fix(ci): resolve e2e and docs-sync pipeline failures
* fix(security): bump next to 16.2.3 to resolve SNYK-JS-NEXT-15954202
* fix: guard Memory/Cache UI against null toLocaleString crash (#1083)
* fix: translate OpenAI tool_choice type 'function' to Claude 'tool' format (#1072)
* fix: pass custom baseUrl in provider API key validation (#1078)
* docs: update CHANGELOG with v3.5.6 bug fixes and security patches
* docs: rewrite implement-features workflow with 5-phase harvest-research-report-plan-execute pipeline
* docs: organize _ideia/ into viable/defer/notfit + add Phase 2.5 auto-response workflow
* docs: implementation plans for #1025, #750, #960, #1046 + close already-implemented #833, #973, #982
* feat: mask email addresses in dashboard for privacy (#1025)
* feat: add OpenRouter and GitHub to embedding/image provider registries (#960)
* feat: add model visibility toggle and search filter to provider page (#750)
* docs: move implemented features to notfit, update task plans status
* chore: untrack _ideia/ and _tasks/ from git — private/internal only
* chore(release): bump to v3.5.6 — changelog, docs, version sync & any-budget fix
* fix: remove explicit .ts extension in qoderCli import that caused 500 error in production build
---------
Co-authored-by: Jean Brito <jeanfbrito@gmail.com>
Co-authored-by: zenobit <zenobit@disroot.org>
Co-authored-by: diegosouzapw <diegosouzapw@users.noreply.github.com>
Co-authored-by: Ethan Hunt <136065060+only4copilot@users.noreply.github.com>
* test(settings): add unit tests for debugMode and hiddenSidebarItems
Tests cover:
- PATCH debugMode=true/false
- PATCH hiddenSidebarItems with array values
- Combined updates with both fields
* test(e2e): add Playwright tests for settings toggles
Tests cover:
- Debug mode toggle on/off
- Sidebar visibility toggle
- Settings persistence after page reload
* fix(tests): address code review issues
- Unit tests: fix async/await for getSettings, use direct db functions
- E2E tests: remove conditional logic, use Playwright auto-waiting assertions
* feat(logging): unify request log retention and artifacts
* docs: add dashboard settings toggles to CONTRIBUTING
Add section documenting:
- Debug Mode toggle (Settings → Advanced)
- Sidebar Visibility toggle (Settings → General)
* fix(cache): only inject prompt_cache_key for supported providers
Only inject prompt_cache_key for providers that support prompt caching
(Claude, Anthropic, ZAI, Qwen, DeepSeek). This fixes issue #848 where
NVIDIA API rejected the parameter.
* fix(model-sync): log only channel-level model changes
* feat(providers): add 4 free models to opencode-zen
* feat(providers): add explicit contextLength for opencode-zen free models
* feat(providers): add contextLength for all opencode-zen models
* feat: Improve the Chinese translation
* fix: preserve client cache_control for all Claude-protocol providers
Previously, the cache control preservation logic only recognized a
hardcoded list of providers (claude, anthropic, zai, qwen, deepseek).
This caused OmniRoute to inject its own cache_control markers for
Claude-protocol providers not in that list (bailian-coding-plan, glm,
minimax, minimax-cn, etc.), overwriting the client's cache markers.
The fix checks both:
1. Known caching providers list (existing behavior)
2. Whether targetFormat === 'claude' (all Claude-protocol providers)
This ensures all Claude-compatible providers properly preserve client
cache_control headers when appropriate (Claude Code client, deterministic
routing, etc.).
Also removes unused CacheStatsCard from settings/components (duplicate
of the one in cache/ page).
Fixes cache token calculation for GLM, Minimax, and other Claude-compatible providers.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: pure passthrough for Claude→Claude when cache_control preserved
The Claude passthrough path round-trips through OpenAI format
(claude→openai→claude) for structural normalization. This strips
cache_control markers from every content block since OpenAI format
has no equivalent, causing ~42k cache creation tokens per request
with zero cache reads.
When preserveCacheControl is true (Claude Code client, "always"
setting, or deterministic combo), skip the round-trip entirely and
forward the body as-is. Claude Code sends well-formed Messages API
payloads — the normalization was only needed for non-Code clients.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: restore CacheStatsCard — was not a duplicate
The first commit incorrectly deleted CacheStatsCard from
settings/components/ as a "duplicate". It's the only copy — both
settings/page.tsx and cache/page.tsx import from this location.
Restored the i18n-ized version from main.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(429): parse long quota reset times from error body
- Parse XhYmZs format from antigravity error messages (e.g., 27h41m36s)
- Dynamic retry-after threshold (60s default) instead of hardcoded 10s
- Add parseRetryFromErrorText() in accountFallback.ts for body parsing
- Fix 403 'verify your account' to trigger permanent deactivation
- Add keyword matching for 'quota will reset', 'exhausted capacity'
- Add unit tests for retry parsing and keyword matching
Fixes#858 (Antigravity 429 handling)
Fixes#832 (Qwen quota 429 - same underlying bug)
* chore: bump version to v3.4.0-dev
* fix(migrations): rename 013 to 014 to avoid collision with v3.3.11
* chore(docs): update CHANGELOG for v3.4.0 integrations
* fix: Claude token refresh, Antigravity quota, and 429 rate-limit handling
- Fix Claude OAuth token refresh to use form-urlencoded format (standard OAuth2)
- Add anthropic-beta header required by Claude OAuth API
- Switch Antigravity quota to use retrieveUserQuota API (same as Gemini CLI)
- Parse quota reset time for all providers (not just Antigravity)
- Add quota reset keywords to error classifier
- Cap maximum retry time at 24 hours to prevent infinite wait
Closes#836, #857, #858, #832
* fix(dashboard): resolve /dashboard/limits hanging UI with 70+ accounts via chunk parallelization (#784)
---------
Co-authored-by: oyi77 <oyi77@users.noreply.github.com>
Co-authored-by: R.D. <rogerproself@gmail.com>
Co-authored-by: kang-heewon <heewon.dev@gmail.com>
Co-authored-by: gmw <rorschach1167@qq.com>
Co-authored-by: tombii <github@tombii.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: diegosouzapw <diegosouzapw@users.noreply.github.com>
- CHANGELOG: [3.0.0-rc.5] section now serves as full 'What's New vs v2.9.5':
* 2 new providers (OpenCode Zen/Go via PR #530)
* 3 new features: Registered Keys API (#464), provider icons (#529), model auto-sync (#488)
* 10 bug fixes (#521, #522, #524, #527, #532, #535, #536, #537, #489, #510, #492)
* 16 issues resolved total, DB migration 008
- README: added 'What's New in v3.0.0' table section after badges
