All notable engineering changes to this repository are recorded here. For product-facing release notes on the docs site, see packages/content/changelog.mdx.
The format is based on Keep a Changelog.
- Auth API consistency (edge + handlers) — Many org-scoped and infrastructure routes now use
requireAuthOrApiKeyWithOrg/requireAuthOrApiKeyso API keys work end-to-end;proxy.tsaddssessionOnlyPaths/sessionOnlyPathPatternsand rejects API-key-style auth on cookie-only routes with401+session_auth_required. Why: Previously the edge let API keys through but cookie-only handlers returned confusing 401s; session-only edge enforcement gives integrators an explicit error. Docs: docs/auth-api-consistency.md, docs/api-authentication.md. Note:POST /api/crypto/paymentsremains session-only;GETlist accepts API keys. CLI auth: onlyPOST /api/auth/cli-sessionandGET /api/auth/cli-session/:idstay public at the edge;POST .../completeis no longer under the blanket public prefix (why: so session-only rules apply to completion). session_auth_required— NewApiErrorCodefor proxy JSON errors when a session-only path receivesX-API-KeyorBearer eliza_…. Why: Distinguish “no credentials” from “wrong credential type for this endpoint.”- Per-agent Anthropic extended thinking —
user_characters.settings.anthropicThinkingBudgetTokens(integer ≥ 0) controls thinking for MCP and A2A agent chat when the model is Anthropic.ANTHROPIC_COT_BUDGET_MAXoptionally caps any effective budget (character or env default). Why: Agent owners set policy in stored character data; request bodies must not carry budgets (untrusted MCP/A2A callers). Env still supplies defaults where no character field exists and caps worst-case cost. ANTHROPIC_COT_BUDGET(existing) — Clarified role as default when the character omitsanthropicThinkingBudgetTokens(or value is invalid), plus baseline for routes without a resolved character. Why: One deploy-level knob for generic chat; per-agent overrides stay in JSON.parseThinkingBudgetFromCharacterSettings,resolveAnthropicThinkingBudgetTokens,parseAnthropicCotBudgetMaxFromEnv,ANTHROPIC_THINKING_BUDGET_CHARACTER_SETTINGS_KEY— Seepackages/lib/providers/anthropic-thinking.ts. Why: Single resolution path and a stable settings key for dashboards/APIs.packages/lib/providers/cloud-provider-options.ts— Shared type for mergedproviderOptions. Why: Type-safe merges withoutany.mockMiladyPricingMinimumDepositForRouteTests— Test helper inpackages/tests/helpers/mock-milady-pricing-for-route-tests.ts. Why: PartialMILADY_PRICINGmocks broke Milady billing cron under fullbun run test:unit.
- MCP Google / Microsoft / HubSpot — Same org burst limit and
apiFailureResponseas other MCP integrations (were missing Redis org limit and used substring auth detection). - Error helpers —
caughtErrorJson+nextJsonFromCaughtErrorinpackages/lib/api/errors.ts(shared body for nativeResponsevsNextResponse). My agents saved + characters list routes usenextJsonFromCaughtErrorinstead ofmessage.includes("auth"). - Rate limit + MCP error DRY —
packages/lib/middleware/rate-limit.tsexportsORGANIZATION_SERVICE_BURST_LIMIT,rateLimitExceededPayload/rateLimitExceededNextResponse/rateLimitExceededResponse,mcpOrgRateLimitRedisKey, andenforceMcpOrganizationRateLimit;withRateLimit429 responses use the shared payload.packages/lib/api/errors.tsaddsapiFailureResponsefor nativeResponsecatches. Core MCP, integration MCP routes, and A2A org limit reuse the shared burst numbers and canonical 429 / error JSON. Why: One definition for 100/min org MCP limits and consistentrate_limit_exceededbodies instead of ad hoc{ error: "rate_limit_exceeded" }; auth failures useApiErrormapping instead of substring checks onerror.message. POST /api/agents/{id}/mcp(chattool) andPOST /api/agents/{id}/a2a(chat) pass charactersettingsintomergeAnthropicCotProviderOptions. Why: Those routes always resolve auser_charactersrow; other v1 routes remain env-only until a character is available on the request path.- Milady billing cron unit tests —
z-milady-billing-route.test.ts, queue-backed DB mocks,package.jsonscript paths. Why:mock.moduleordering and partial pricing objects caused flaky full-suite failures.
docs/auth-api-consistency.md— Rationale for cookie vs API key, edge session-only lists, CLI session path split, crypto GET/POST split, key-management caveats.docs/api-authentication.md— “Why this model exists” summary and cross-link to consistency doc.docs/anthropic-cot-budget.md— Per-agent settings, env default/max, operator checklist, MCP/A2A scope.docs/unit-testing-milady-mocks.md— Miladymock.modulepitfalls.docs/ROADMAP.md— Done / near-term items.