- Change openrouter/pony-alpha model status from 'alpha' to 'beta' to prevent deletion
- Fix ReferenceError where heartbeat was used before initialization in cleanupStream
- Declare heartbeat and streamTimeout with let before cleanupStream function
- Change const assignments to let assignments for timer variables
Add detailed logging to provider initialization to help debug why Chutes
and other providers aren't loading:
- Log all providers found in database
- Log API key env vars detected
- Log custom loader results with autoload status
- Log final loaded providers count
This will help identify if the issue is:
1. Database not loading correctly
2. Missing env vars
3. Custom loaders not being called
4. Providers being filtered out
- Add openrouter/pony-alpha model to models-api.json fixture
- Fix getModel() to lookup models with provider prefix (e.g., openrouter/pony-alpha)
When user specifies openrouter/pony-alpha, the code now correctly looks for
the full model ID including prefix in the provider's models object
This fixes the 'ModelNotFoundError' when using OpenRouter models that have
prefixed IDs in the database.
- Add comprehensive prompt injection security module with 160+ attack pattern detection
- Implement security checks in message handling with proper blocking and user feedback
- Add OpenRouter paid API key support (OPENROUTER_PAID_API_KEY) for premium models
- Update model discovery and chat functions to use paid API key for premium models
- Add comprehensive test suite with 434 test cases (98.39% accuracy)
- Tests cover legitimate WordPress development queries, injection attacks, obfuscated attempts
- Improve builder loading indicators with text-based progress (building/planning)
- Replace spinning animations with 'Starting build/planning process' messages
