- Add 'cohere' to DEFAULT_PROVIDERS and PLANNING_PROVIDERS arrays in admin.js
- Add Cohere option to provider limits dropdown in admin.html
- Add 'cohere' to DEFAULT_PROVIDER_SEEDS, PLANNING_PROVIDERS, and KNOWN_USAGE_PROVIDERS in server.js
Cohere was already integrated in the opencode backend (SDK installed, provider registered, icons defined). These changes make it available in the admin panel for build message configuration.
- Parse model names like 'chutes/deepseek-ai/DeepSeek-V3.2-TEE'
- Extract provider prefix before '/' to detect chutes, cerebras, etc.
- This fixes provider detection when admin panel sets wrong provider
- Support providers as array of strings: [opencode, chutes]
- Support providers as array of objects: [{provider: opencode}]
- This fixes provider detection for Chutes and other providers
- Move loadAdminModelStore() before loadState() in bootstrap()
- This ensures adminModels is available when ensureOpencodeConfig is called
- Fixes issue where Chutes provider was not being configured
- Add check to load adminModels if not already loaded
- Add error handling for models.dev fetch failures
- Log provider source (models.dev vs built-in) for debugging
- Add fetchModelsDevProviderModels() function with 1-hour caching
- Update ensureOpencodeConfig() to dynamically load all models for configured providers
- Support Chutes, Cerebras, Groq, Google, and Nvidia providers
- Only fetch models for providers actually used in adminModels
- Cache models.dev data to reduce API calls and improve performance
This allows any model from models.dev to work when added in the admin panel,
instead of requiring hardcoded model definitions.
When models from providers like Chutes or Cerebras were added via the admin panel,
they didn't work in the builder page because the opencode.json config file only
included the Ollama provider configuration.
This fix adds Chutes and Cerebras provider configurations to the opencode.json
file when their respective API keys are available in environment variables
(CHUTES_API_KEY and CEREBRAS_API_KEY).
Fixes the issue where chutes/deepseek-ai/DeepSeek-V3.2-TEE and similar models
would fail to load from the builder page.
- Update data model to include status, adminReply, and updatedAt fields
- Hide user emails from public API responses for privacy
- Add admin-only endpoints: list, reply, update status, delete
- Create admin-feature-requests.html with full management UI
- Add status badges and admin replies to public feature requests page
- Add Feature Requests link to all admin page sidebars
Admin capabilities:
- View all feature requests with author emails (admin only)
- Reply to feature requests with admin responses visible to public
- Update status: pending, planned, in-progress, completed, declined
- Delete feature requests
- Filter and sort by status, votes, date
Add dual-source blog system with Editor.js integration:
- Blog storage supporting repo-based (JSON) and database sources
- Admin panel with rich text editor using Editor.js
- Public news page with infinite scroll
- Individual blog post viewer page
- Categories management in admin
- Image upload functionality
- 4 SEO blog posts about WordPress with PluginCompass promotion
- 3 News blog posts about Plugin Compass
- API endpoints for CRUD operations
- Security and validation for admin operations
Closes blog feature request
- Modified handleUndoMessage in server.js to remove the undone message from session history
- Added persistState() call to save the updated session state after undo
- Message is now removed from UI when undo is completed
- Works for opencode/build messages that are completed, errored, or cancelled
1. Fix Ollama 504 Gateway Timeout - add 30s timeout to prevent long hangs
2. Add Ollama to provider error classification for proper fallback handling
3. Show model selector when proceed with build modal opens
These fixes ensure Ollama failures are handled gracefully with proper fallback
to Groq, and users can select their model before starting the build.
- Changed getUserSession to getAdminSession for all contact message endpoints
- Admin panel now properly authenticates and displays contact messages
- Fixed list, mark-read, and delete operations
- Change openrouter/pony-alpha model status from 'alpha' to 'beta' to prevent deletion
- Fix ReferenceError where heartbeat was used before initialization in cleanupStream
- Declare heartbeat and streamTimeout with let before cleanupStream function
- Change const assignments to let assignments for timer variables
- Capture todowrite tool events and store todos on messages
- Add API endpoint GET /api/sessions/:sessionId/todos
- Clear todos on message finish, undo, and redo
- Create renderStructuredTodos function with status icons
- Integrate todo display into message rendering
- Add CSS styling for todo items by status and priority
- Professional plan: reduced from 10M to 5M tokens per month
- Enterprise plan: reduced from 50M to 20M tokens per month
- Hobby (50k) and Starter (100k) remain unchanged
These limits align with the updated pricing structure from shopify-ai.
- Add comprehensive prompt injection security module with 160+ attack pattern detection
- Implement security checks in message handling with proper blocking and user feedback
- Add OpenRouter paid API key support (OPENROUTER_PAID_API_KEY) for premium models
- Update model discovery and chat functions to use paid API key for premium models
- Add comprehensive test suite with 434 test cases (98.39% accuracy)
- Tests cover legitimate WordPress development queries, injection attacks, obfuscated attempts
- Improve builder loading indicators with text-based progress (building/planning)
- Replace spinning animations with 'Starting build/planning process' messages
