manifest v5.48.0

✨ Minor Changes

• b41c0a2: Connect the Dockerized self-hosted version to local LLM servers on the host. The bundled --profile ollama service is gone; the Manifest container now reaches host-installed Ollama, vLLM, LM Studio, llama.cpp, text-generation-webui, and any OpenAI-compatible server at host.docker.internal:<port> via a host-gateway alias. Custom providers accept http:// and private/loopback URLs in the self-hosted version (cloud metadata endpoints stay blocked). Adds preset chips for local servers and a server-side /v1/models probe that auto-populates the model list. Renames the deployment concept from "local" to "self-hosted" across the codebase (MANIFEST_MODE=selfhosted, isSelfHosted()); MANIFEST_MODE=local is still honored as a legacy alias.
• 7de07d2: Capture incoming request headers on every proxied chat completion and surface them in the message detail drawer, with a new App/SDK meta row sourced from the existing caller attribution. Sensitive headers (authorization, cookie, proxy-authorization, x-api-key) are stripped before storage, and the Request Headers section is collapsed by default.
• 30adc95: Fix web_browsing false positives that misrouted coding sessions. Pruned generic web-dev vocabulary (html, dom, url, http, link, page) from the webBrowsing keyword list, added weighted scoring, URL detection, code-fence/file-path signals, session stickiness across recent turns, a confidence gate, and a "Wrong category?" feedback control in the Messages log that dampens repeatedly-miscategorized categories.

🐛 Patch Changes

• 2051a74: Code quality audit cleanup across backend, frontend, and shared packages:

  • Consolidate the provider registry into a single source of truth at packages/shared/src/providers.ts that the backend PROVIDER_REGISTRY and frontend PROVIDERS both consume, eliminating drift.
  • Drop the vestigial DbDialect / detectDialect / portableSql helpers and the _dialect parameter threaded through seven services; Manifest has been Postgres-only for some time.
  • Port NotificationRulesService off raw DataSource.query() onto TypeORM repositories + QueryBuilder.
  • Remove the unused TokenUsageSnapshot / CostSnapshot entities (tables remain; no data migration).
  • Extract scattered if (provider === 'xai' | 'copilot' | ...) branches into data-driven hooks (provider-hooks.ts).
  • Split scoring/keywords.ts (949 lines) into one file per specificity category under scoring/keywords/.
  • Split ProxyService.proxyRequest, ProxyController.chatCompletions, MessagesQueryService.getMessages, and ProviderClient.forward into focused helpers (all previously 130+ lines).
  • Consolidate the frontend API layer: fetchMutate now takes a path, and a routingPath(agentName, suffix) helper replaces 30+ duplicated ${BASE_URL}/routing/${encodeURIComponent(...)} literals.
  • Add recordSafely() and buildMessageRow() helpers in the proxy write path to dedupe seven fire-and-forget .catch(logger.warn) blocks and five near-identical message inserts.
  • Remove the deprecated subscriptionOAuth flag (use subscriptionAuthMode === 'popup_oauth').
  • Drop the identity sql() wrapper in EmailProviderConfigService and helpers.

• 4599c47: Shrink the Docker image by switching the runtime stage to distroless Node 22 (gcr.io/distroless/nodejs22-debian12:nonroot):

  • Runtime drops the shell, apk, and the unused yarn toolchain that node:22-alpine bakes in.
  • Production dependencies are now staged on node:22-slim so glibc matches the distroless debian12 runtime (all runtime deps are pure JS).
  • Prune sql.js from the runtime node_modules — it's an optional TypeORM peer only used by the legacy SQLite local mode, which is never active in Docker.
  • Add --prefer-offline --no-audit --no-fund to all npm installs, and pin the two new base images by digest.
  • Result: 423MB → 362MB on disk (−14.4%), 84.2MB → 71.9MB compressed pull (−14.6%).

• d5b23dc: Fix custom providers mangling upstream model IDs that contain / characters (#1591, #1615). Multi-segment model names like MiniMaxAI/MiniMax-2.7 or accounts/fireworks/routers/kimi-k2p5-turbo are now forwarded to the upstream API unchanged instead of having a legitimate slash segment stripped.

• bb3dc29: Retire residual SQLite / sql.js / "local mode" references left behind after the local-mode path was removed:

  • Drop the dead isLocal() branch in RoutingInstructionModal (the /api/v1/health endpoint never returns mode, so the branch was unreachable) and the test that faked a mode: "local" health response to exercise it.
  • Tighten the frontend NotificationRule.is_active type from boolean | number to boolean, and drop the typeof === 'number' ? !!x : x coercion in Limits.tsx and LimitRuleTable.tsx (the integer boolean was a SQLite-era shape; the backend returns real booleans).
  • Remove the dead connection: { options: { type: 'sqlite' } } mock in proxy.controller.spec.ts — no production code reads ds.connection.options.type.
  • Remove the stale vi.mock("../../src/services/local-mode.js", ...) in ProviderSelectModal-opencode-go.test.tsx (module was deleted long ago).
  • Refresh the packages/backend/src/common/utils/sql-dialect.ts header (no dialect switching happens — the file is Postgres-only).
  • Fix comment/test-description rot: "dialect" wording in query-helpers.ts + spec, "local mode" in Sidebar.test.tsx / session.guard.spec.ts / proxy-rate-limiter.ts, "PG & sql.js" in costs.e2e-spec.ts.
  • Update CLAUDE.md: drop references to deleted files (local-bootstrap.service.ts, local-mode.ts, LocalAuthGuard), drop the MANIFEST_DB_PATH / MANIFEST_UPDATE_CHECK_OPTOUT env vars (no-ops per the v2.x breaking changes), drop the "Local mode database uses sql.js" architecture note, and correct the "Better Auth database" section (Postgres always).

  No behaviour change — all four test suites green (backend 4007, frontend 2267, e2e 123) and both packages typecheck clean.

manifest v5.47.2

🐛 Patch Changes

• 135b9e3: Fix blank dashboard when exposing Manifest on a LAN IP over HTTP. Helmet's default CSP emitted upgrade-insecure-requests, which browsers enforce on private IPv4 ranges (10.x, 172.16-31.x, 192.168.x) but relax for localhost — so the JS bundle was rewritten to https:// and silently failed to load, leaving an empty <body>. The directive is now disabled; HTTPS deployments should enforce upgrades via HSTS at the reverse proxy instead.

manifest v5.47.1

🐛 Patch Changes

• b28f714: Docker hardening Phase 3 follow-ups: add a 64MB cap to the manifest container's /tmp tmpfs, raise pids_limit from 256 to 512, and switch the healthcheck from BusyBox wget to a node -e fetch(...) invocation that's guaranteed to exist in the runtime image. Narrow the Dockerfile's node_modules *.md cleanup to README* only so packages that read nested markdown at runtime (e.g. js-yaml schema docs) keep working. Gate /api/v1/public/{usage,free-models,provider-tokens} behind MANIFEST_PUBLIC_STATS=true (default off, returns 404) so self-hosted instances don't leak aggregate stats to unauthenticated callers. Detect non-chat callers in the proxy exception filter and the chat/completions catch block via body.stream === true / Accept: text/event-stream; non-chat clients now receive real 401/400/500 HTTP statuses with a structured error envelope while chat UIs continue to get the friendly HTTP-200 envelope. Rewrite og:url / og:image in the SPA's index.html from BETTER_AUTH_URL at boot so self-hosters' shared link previews show their own URL instead of app.manifest.build. Add a status query parameter to /api/v1/messages (ok, error, rate_limited, fallback_error, or errors for the union of the three error variants) so the dashboard can offer an "errors only" toggle. Add .github/workflows/docker-smoke.yml that boots the production compose stack with read_only: true, waits for /api/v1/health, and tears down — guards against future code that silently writes to disk.
• b9011ae: Fix deleted custom providers continuing to intercept every request (#1603). Specificity routing now validates that an override model is still available before using it, and deleting a custom provider now also clears orphan references in specificity assignments and fallback-model lists. A one-time migration cleans existing orphaned references from the database so previously affected agents recover automatically.

manifest v5.47.0

✨ Minor Changes

• 2493d97: feat: add OpenCode Go as a subscription provider with dynamic model discovery

  OpenCode Go is a low-cost subscription that exposes GLM, Kimi, MiMo, and MiniMax
  models through a unified API. Users sign in at opencode.ai/auth, copy their API
  key, and paste it into the OpenCode Go detail view in the routing UI. The backend
  routes GLM/Kimi/MiMo models through the OpenAI-compatible endpoint and MiniMax
  models through the Anthropic-compatible endpoint — both served from the same
  https://opencode.ai/zen/go base URL. The Anthropic endpoint authenticates via
  x-api-key (not Bearer), matching the native Anthropic wire protocol.

  The model list is fetched dynamically from the public OpenCode Go docs source
  and cached in memory for one hour, with a last-known-good fallback on fetch
  failures. No hardcoded model list in the codebase.

• 313a332: Add per-message feedback (thumbs up/down) to Messages and Overview pages

🐛 Patch Changes

• 4dda346: Filter internal Azure routing models from GitHub Copilot provider

manifest v5.46.7

🐛 Patch Changes

• aeb7a54: fix(proxy): capture streaming token usage for Ollama and Ollama Cloud providers

manifest v5.45.1

🐛 Patch Changes

• 34c015d: Add error observability for diagnosing HTTP 400 spikes

  • Add Express-level HTTP error logging middleware that logs all 4xx/5xx responses with request metadata (method, URL, status, user-agent, IP)
  • Add error_http_status column to agent_messages table so proxy errors record the upstream HTTP status code (400, 500, 503, etc.) for queryable diagnostics
  • Remove forbidNonWhitelisted: true from the global ValidationPipe — whitelist: true already strips unknown fields silently, the forbidNonWhitelisted setting was rejecting requests with extra fields as 400 errors
  • Expand proxy error log line to include provider, model, and tier context (up from 200 to 500 chars of error body)

• 9d3fb2e: fix: start embedded server eagerly instead of deferring to OpenClaw callback

  The plugin previously only registered a deferred start() callback via
  api.registerService(), relying on OpenClaw to invoke it. Newer OpenClaw
  versions may not invoke the callback, causing the server to never bind.

  Now the server starts eagerly during register(), with the existing
  checkExistingServer() health-check guard preventing double-starts if
  OpenClaw also calls the callback.

  The dashboard banner is now only logged after the server is confirmed
  running via health check, instead of prematurely during registration.

  Closes #1472, closes #1474.

manifest v5.45.0

✨ Minor Changes

• 5ae3552: Add provider tokens page with daily token consumption chart and auth_type/cost breakdown in public endpoint

manifest v5.44.0

✨ Minor Changes

• bafeb35: Add 30-day and previous-7-day token data to public usage endpoint, and new provider-tokens endpoint with daily breakdown per provider and model

🐛 Patch Changes

• 19cbf73: fix: preserve provider query param in /connect-provider redirect

manifest v5.43.0

✨ Minor Changes

• bbf8cdd: Add deep-link URL support for provider modals on the routing page. Navigate directly to a specific provider's connect form via ?provider=<id> (e.g. ?provider=gemini, ?provider=anthropic).

🐛 Patch Changes

• a4f1cb5: Relax MiniMax API key validation to use the generic provider prefix check (sk-) and remove the provider-specific validation branch.

  Also update the MiniMax key placeholder to sk-... so UI guidance matches accepted key formats.

manifest v5.42.0

✨ Minor Changes

• 8fb3ab1: Add Kilo Code as a free provider with 4 models, smart icon resolution by model name prefix, and fix colon handling in model deep-links