release v0.5.6

[ding113]

Summary

Release v0.5.6 — merges dev into main. This release includes endpoint circuit breaker operational improvements (opt-in toggle, 524 decision chain visibility), a fix for Key concurrent session limit inheritance, enhanced configuration form warnings, and a provider clone deep-copy bug fix.

Included PRs

PR	Title	Type
#773	feat(circuit-breaker): endpoint CB default-off + 524 decision chain audit	Enhancement
#772	Fix Key concurrent limit inheriting User concurrent cap	Bug fix
#768	Enhance configuration form input warnings	Enhancement
#767	fix: provider clone shallow-copy reference sharing	Bug fix

Related Issues

• Fixes Concurrent User limit #769 — Key concurrent limit was not inherited from User (via 修复 Key 并发限制继承用户并发上限 #772)
• Partially addresses 端点熔断在 UI 和决策链中的可见性不足 #754 — Endpoint circuit breaker visibility in UI and decision chain (524 timeout now surfaced in decision chain via feat(circuit-breaker): endpoint CB default-off + 524 decision chain audit #773; 端点熔断在 UI 和决策链中的可见性不足 #754 was closed by earlier feat(circuit): unify provider-endpoint circuit visibility and notifications #755, this release adds follow-up improvements)
• Related to logic and display of provider errors #760 — Provider error logic and display improvements (524 vendor-type timeout now visible in decision chain)
• Related to provider的apikey自己会换 #739 — Provider API key mutation on save (fixed by fix: 修复供应商克隆时因浅拷贝引用共享导致源供应商数据被意外污染的问题 #767 deep-copy fix for clone flow)

Changes

Core: Endpoint Circuit Breaker (opt-in toggle)

• New env var ENABLE_ENDPOINT_CIRCUIT_BREAKER (default false) — endpoint-level CB is now opt-in
• When disabled: isEndpointCircuitOpen, recordEndpointFailure, recordEndpointSuccess, and triggerEndpointCircuitBreakerAlert are all no-ops
• Startup initialization (initEndpointCircuitBreaker) clears stale Redis keys and in-memory state when the feature is disabled
• Vendor-type circuit breaker (isVendorTypeCircuitOpen, recordVendorTypeAllEndpointsTimeout) also respects this toggle
• endpoint-selector skips circuit-open checks entirely when disabled
• Response handler no longer calls recordEndpointFailure for stream aborts, fake-200s, or non-200 HTTP errors (these are key-level errors, not endpoint connectivity failures)

Core: 524 Vendor-Type Timeout in Decision Chain

• New vendor_type_all_timeout reason added to ProviderChainItem type and ProxySession
• provider-chain-formatter renders 524 vendor-type timeout with provider details, status code, error, and explanatory note
• i18n strings added across all 5 languages (zh-CN, zh-TW, en, ja, ru)
• filterDetails i18n section added for vendor_type_circuit_open, circuit_open, circuit_half_open, rate_limited

Bug Fix: Key Concurrent Session Limit Inheritance (#769)

• New resolveKeyConcurrentSessionLimit(keyLimit, userLimit) utility in concurrent-session-limit.ts
• Key > 0 takes priority; Key <= 0 falls back to User > 0; both 0 means unlimited
• Applied in ProxyRateLimitGuard, getKeyQuotaUsage, getMyQuota, and getKeys actions
• Normalizes edge cases (NaN, Infinity, negative, fractional values)

Bug Fix: Provider Clone Deep-Copy (#739)

• createInitialState in provider form context now uses structuredClone before extracting fields
• RESET_FORM reducer deep-copies defaultInitialState to prevent shared references after reset
• Prevents mutations in cloned provider form from polluting source provider data in React Query cache

Enhancement: Configuration Form Warnings (#768)

• New InlineWarning UI component (inline-warning.tsx)
• API key input warnings: detects auth headers, wrapped quotes, non-ASCII, whitespace, uncommon symbols
• System settings warnings: DB refresh interval too low/high, lease percent zero, lease cap zero
• User form: past expiration date warning
• All warnings are advisory only (non-blocking)
• New validation utilities: api-key-warnings.ts, quota-lease-warnings.ts, date-input.ts

Supporting Changes

• Biome schema updated from 2.3.10 to 2.3.14
• Deploy scripts (deploy.sh, deploy.ps1) include ENABLE_ENDPOINT_CIRCUIT_BREAKER=false
• Russian i18n: fixed grammatical errors in endpoint-related strings ("конечная точкаов" -> "конечных точек")
• LogicTraceTab: renders filterDetails with i18n lookup and fallback
• provider-chain-popover: renders vendor_type_all_timeout entries
• provider-selector: minor formatting (no logic change)
• forwarder.ts: records 524 vendor-type timeout to decision chain

Testing

Automated Tests Added/Updated

• endpoint-circuit-breaker.test.ts — 6 new tests for disabled state (no-op behavior, stale state cleanup)
• vendor-type-circuit-breaker.test.ts — tests for disabled toggle behavior
• endpoint-selector.test.ts — tests for skipping circuit check when disabled
• concurrent-session-limit.test.ts — unit tests for resolveKeyConcurrentSessionLimit
• key-quota-concurrent-inherit.test.ts — Key concurrent limit fallback to User
• my-usage-concurrent-inherit.test.ts — getMyQuota concurrent limit inheritance
• provider-form-clone-deep-copy.test.ts — deep-copy isolation for clone/edit/create modes
• api-key-warnings.test.ts — API key warning detection
• quota-lease-warnings.test.ts — quota/lease warning thresholds
• date-input.test.ts — date formatting and parsing utilities
• provider-chain-formatter.test.ts — vendor_type_all_timeout rendering
• response-handler-endpoint-circuit-isolation.test.ts — verifies endpoint CB is NOT called for key-level errors
• rate-limit-guard.test.ts — concurrent limit inheritance in proxy guard
• user-form-expiry-clear-ui.test.tsx — updated to use locale-safe date formatting

New Environment Variables

Variable	Default	Description
ENABLE_ENDPOINT_CIRCUIT_BREAKER	false	Enable endpoint-level circuit breaker. When true, endpoints with consecutive failures are temporarily blocked.

Checklist

• No database migrations
• No breaking API changes
• No removed exports
• i18n strings added for all 5 languages
• Tests added for all new functionality

---

Description enhanced by Claude AI

[gemini-code-assist]

Summary of Changes

Hello @ding113, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This release, version 0.5.6, focuses on bolstering system resilience through refined circuit breaker mechanisms and improving the user experience with enhanced validation and clearer feedback in the UI. Key changes include the introduction of a configurable endpoint-level circuit breaker, intelligent inheritance for concurrent session limits, and more informative warnings for user and provider settings. These updates aim to provide a more robust and user-friendly platform by preventing cascading failures and guiding users with better input validation.

Highlights

• Endpoint Circuit Breaker Control: Introduced a new environment variable, ENABLE_ENDPOINT_CIRCUIT_BREAKER, to globally enable or disable endpoint-level circuit breakers. When disabled, all circuit breaker logic is bypassed, and any stale states are cleared on application startup.
• Concurrent Session Limit Inheritance: Implemented logic for API keys to inherit concurrent session limits from their associated user's settings if the key's own limit is not explicitly set or is zero, providing more flexible quota management.
• Enhanced UI Warnings and Validation: Added new inline warnings for user expiration dates (if set in the past), API key input validation (e.g., detecting auth headers, non-ASCII characters), and quota lease settings (e.g., DB refresh interval, zero percentages/caps) to improve user guidance.
• Refined Circuit Breaker Isolation: Adjusted the endpoint circuit breaker logic to ensure it is only penalized for true forwarder-level failures (network errors, timeouts) and probe failures, not for key-level errors like invalid API keys or malformed responses.
• Improved Provider Chain Logging: Expanded the provider chain details to include more granular reasons for filtering (e.g., vendor_type_circuit_open, circuit_open, rate_limited) and a new vendor_type_all_timeout reason, enhancing diagnostic capabilities.

Changelog

• .env.example
  • Added ENABLE_ENDPOINT_CIRCUIT_BREAKER environment variable with default false.
• biome.json
  • Updated Biome.js schema version to 2.3.14.
• messages/en/dashboard.json
  • Added pastWarning message for user expiration dates.
• messages/en/provider-chain.json
  • Added vendorTypeAllTimeout reason for provider chain.
  • Introduced filterDetails for various circuit breaker states and rate limiting.
  • Added vendorTypeAllTimeout and vendorTypeAllTimeoutNote for timeline descriptions.
• messages/en/settings/config.json
  • Added warning messages for quota lease settings, including DB refresh intervals and zero lease percentages/caps.
• messages/en/settings/providers/form/key.json
  • Added warning messages for API key input validation.
• messages/ja/dashboard.json
  • Added pastWarning message for user expiration dates.
• messages/ja/provider-chain.json
  • Added vendorTypeAllTimeout reason for provider chain.
  • Introduced filterDetails for various circuit breaker states and rate limiting.
  • Added vendorTypeAllTimeout and vendorTypeAllTimeoutNote for timeline descriptions.
• messages/ja/settings/config.json
  • Added warning messages for quota lease settings, including DB refresh intervals and zero lease percentages/caps.
• messages/ja/settings/providers/form/key.json
  • Added warning messages for API key input validation.
• messages/ru/dashboard.json
  • Added pastWarning message for user expiration dates.
• messages/ru/provider-chain.json
  • Added vendorTypeAllTimeout reason for provider chain.
  • Introduced filterDetails for various circuit breaker states and rate limiting.
  • Added vendorTypeAllTimeout and vendorTypeAllTimeoutNote for timeline descriptions.
  • Corrected Russian translations for "endpoint pool exhausted" and "endpoint circuit open".
• messages/ru/settings/config.json
  • Added warning messages for quota lease settings, including DB refresh intervals and zero lease percentages/caps.
• messages/ru/settings/providers/form/key.json
  • Added warning messages for API key input validation.
• messages/zh-CN/dashboard.json
  • Added pastWarning message for user expiration dates.
• messages/zh-CN/provider-chain.json
  • Added vendorTypeAllTimeout reason for provider chain.
  • Introduced filterDetails for various circuit breaker states and rate limiting.
  • Added vendorTypeAllTimeout and vendorTypeAllTimeoutNote for timeline descriptions.
• messages/zh-CN/settings/config.json
  • Added warning messages for quota lease settings, including DB refresh intervals and zero lease percentages/caps.
• messages/zh-CN/settings/providers/form/key.json
  • Added warning messages for API key input validation.
• messages/zh-TW/dashboard.json
  • Added pastWarning message for user expiration dates.
• messages/zh-TW/provider-chain.json
  • Added vendorTypeAllTimeout reason for provider chain.
  • Introduced filterDetails for various circuit breaker states and rate limiting.
  • Added vendorTypeAllTimeout and vendorTypeAllTimeoutNote for timeline descriptions.
• messages/zh-TW/settings/config.json
  • Added warning messages for quota lease settings, including DB refresh intervals and zero lease percentages/caps.
• messages/zh-TW/settings/providers/form/key.json
  • Added warning messages for API key input validation.
• scripts/deploy.ps1
  • Added ENABLE_ENDPOINT_CIRCUIT_BREAKER to deployment script.
• scripts/deploy.sh
  • Added ENABLE_ENDPOINT_CIRCUIT_BREAKER to deployment script.
• src/actions/key-quota.ts
  • Implemented concurrent session limit inheritance for keys from user settings.
• src/actions/keys.ts
  • Implemented concurrent session limit inheritance for keys from user settings.
• src/actions/my-usage.ts
  • Implemented concurrent session limit inheritance for keys from user settings in usage display.
• src/app/[locale]/dashboard/_components/user/forms/user-form.tsx
  • Improved date input handling for user expiration and added a warning for past dates.
• src/app/[locale]/dashboard/logs/_components/error-details-dialog/components/LogicTraceTab.tsx
  • Updated logic to display translated filterDetails in error logs.
• src/app/[locale]/dashboard/logs/_components/provider-chain-popover.tsx
  • Enhanced status detection for provider chain items to include new failure reasons.
• src/app/[locale]/settings/config/_components/system-settings-form.tsx
  • Added UI warnings for various quota lease configuration settings.
  • Clamped DB refresh interval input.
• src/app/[locale]/settings/providers/_components/forms/provider-form/provider-form-context.tsx
  • Ensured deep copying of provider data in form context to prevent unintended mutations.
• src/app/[locale]/settings/providers/_components/forms/provider-form/sections/basic-info-section.tsx
  • Added UI warnings for potential issues with API key input.
• src/app/v1/_lib/proxy/forwarder.ts
  • Recorded vendor_type_all_timeout to decision chain before triggering circuit breaker.
• src/app/v1/_lib/proxy/provider-selector.ts
  • Standardized filterDetails keys for better translation handling.
• src/app/v1/_lib/proxy/rate-limit-guard.ts
  • Integrated concurrent session limit inheritance logic.
• src/app/v1/_lib/proxy/response-handler.ts
  • Refined endpoint circuit breaker logic to only penalize for forwarder-level failures.
• src/app/v1/_lib/proxy/session.ts
  • Added vendor_type_all_timeout to ProviderChainItemReason.
• src/components/ui/inline-warning.tsx
  • Added new InlineWarning UI component.
• src/instrumentation.ts
  • Added startup initialization for endpoint circuit breaker to clear stale states if disabled.
• src/lib/config/env.schema.ts
  • Added ENABLE_ENDPOINT_CIRCUIT_BREAKER environment variable.
• src/lib/endpoint-circuit-breaker.ts
  • Implemented conditional execution of circuit breaker logic based on ENABLE_ENDPOINT_CIRCUIT_BREAKER.
  • Added initEndpointCircuitBreaker for cleanup on disable.
• src/lib/provider-endpoints/endpoint-selector.ts
  • Implemented conditional execution of circuit breaker logic based on ENABLE_ENDPOINT_CIRCUIT_BREAKER.
• src/lib/rate-limit/concurrent-session-limit.ts
  • Added new utility for resolving effective concurrent session limits.
• src/lib/utils/date-input.test.ts
  • Added unit tests for date input utilities.
• src/lib/utils/date-input.ts
  • Added new utilities for local timezone date-only parsing and formatting.
• src/lib/utils/provider-chain-formatter.test.ts
  • Updated tests for vendor_type_all_timeout reason.
• src/lib/utils/provider-chain-formatter.ts
  • Updated provider chain formatting to support new failure reasons and translated details.
• src/lib/utils/validation/api-key-warnings.test.ts
  • Added unit tests for API key warning detection.
• src/lib/utils/validation/api-key-warnings.ts
  • Added new utility for detecting API key input warnings.
• src/lib/utils/validation/quota-lease-warnings.test.ts
  • Added unit tests for quota lease warning functions.
• src/lib/utils/validation/quota-lease-warnings.ts
  • Added new utilities for detecting quota lease configuration warnings.
• src/lib/vendor-type-circuit-breaker.ts
  • Implemented conditional execution of circuit breaker logic based on ENABLE_ENDPOINT_CIRCUIT_BREAKER.
• src/types/message.ts
  • Added vendor_type_all_timeout to ProviderChainItemReason type.
• tests/unit/actions/key-quota-concurrent-inherit.test.ts
  • Added unit tests for key quota concurrent limit inheritance.
• tests/unit/actions/my-usage-concurrent-inherit.test.ts
  • Added unit tests for my usage concurrent limit inheritance.
• tests/unit/dashboard/provider-form-clone-deep-copy.test.ts
  • Added unit tests for deep copying in provider form context.
• tests/unit/dashboard/user-form-expiry-clear-ui.test.tsx
  • Updated unit tests for user form expiry.
• tests/unit/lib/endpoint-circuit-breaker.test.ts
  • Added comprehensive unit tests for endpoint circuit breaker functionality.
• tests/unit/lib/provider-endpoints/endpoint-selector.test.ts
  • Added unit tests for endpoint selector with disabled circuit breaker.
• tests/unit/lib/provider-endpoints/probe.test.ts
  • Updated unit tests for endpoint probing.
• tests/unit/lib/rate-limit/concurrent-session-limit.test.ts
  • Added unit tests for concurrent session limit resolution.
• tests/unit/lib/vendor-type-circuit-breaker.test.ts
  • Added unit tests for vendor-type circuit breaker with disabled endpoint circuit breaker.
• tests/unit/proxy/rate-limit-guard.test.ts
  • Added unit test for key concurrent limit inheritance.
• tests/unit/proxy/response-handler-endpoint-circuit-isolation.test.ts
  • Added new unit tests for endpoint circuit breaker isolation in response handling.
• tests/unit/vacuum-filter/vacuum-filter-has.bench.test.ts
  • Minor update to a test utility.

Activity

• A new environment variable, ENABLE_ENDPOINT_CIRCUIT_BREAKER, was introduced and integrated into the application's circuit breaker logic, allowing for global control over endpoint-level circuit breakers.
• New UI components and validation utilities were added to provide clearer feedback to users, including warnings for past user expiration dates, potential issues with API key inputs, and configuration warnings for quota lease settings.
• The logic for concurrent session limits was updated to allow API keys to inherit limits from user settings, enhancing flexibility in quota management.
• Internationalization message files across English, Japanese, Russian, Simplified Chinese, and Traditional Chinese were extensively updated to support the new features and warnings.
• Several new unit tests were added to cover the concurrent session limit inheritance, API key warnings, quota lease warnings, and the behavior of the endpoint circuit breaker, including its disabled state and isolation from key-level errors.
• Existing unit tests were updated to align with changes in date handling and circuit breaker mocking.
• Deployment scripts (deploy.ps1, deploy.sh) were modified to include the new ENABLE_ENDPOINT_CIRCUIT_BREAKER environment variable.
• The biome.json schema was updated to version 2.3.14.
• The provider form context now utilizes structuredClone for deep copying provider data, improving state management robustness.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🧪 测试结果

测试类型	状态
代码质量	✅
单元测试	✅
集成测试	✅
API 测试	✅

总体结果: ✅ 所有测试通过

[gemini-code-assist]

Code Review

This pull request introduces a new version, v0.5.6, which brings several significant features and improvements. A new endpoint-level circuit breaker has been added, controlled by the ENABLE_ENDPOINT_CIRCUIT_BREAKER flag. This feature is well-implemented, including a startup cleanup mechanism for when it's disabled. The concurrent session limit logic has been improved to allow keys to inherit limits from their parent user, providing more flexible configuration. The user interface has been enhanced with several warnings for common configuration mistakes, such as invalid API key formats and potentially problematic quota lease settings. Additionally, the accuracy of the circuit breaker has been improved by correctly isolating endpoint health from key-level or application-level errors. The PR also includes extensive internationalization updates and a large number of new unit tests, which significantly increase the quality and robustness of the codebase. Overall, this is a high-quality pull request with well-designed features and important bug fixes. The code is clean, well-tested, and demonstrates good software engineering practices.

[github-actions]

[Medium] [TYPE-MISSING-VALIDATION] InlineWarning component lacks ARIA attributes for screen reader accessibility

Why this is a problem: The InlineWarning component renders a visual warning (amber text + icon) but has no role="status" or aria-live="polite" attribute. Screen reader users will not be notified when these warnings appear. The existing codebase consistently uses role="alert" for form field error messages (see form-field.tsx:89, form-field.tsx:218, date-picker-field.tsx:158). Since this is a non-blocking warning (less urgent than an error), role="status" with aria-live="polite" is the appropriate pattern.

Suggested fix:

export function InlineWarning({ children, className }: InlineWarningProps) {
  return (
    <div
      role="status"
      aria-live="polite"
      className={cn(
        "flex items-start gap-1.5 text-xs text-amber-600 dark:text-amber-400",
        className
      )}
    >
      <AlertTriangle className="mt-0.5 h-3.5 w-3.5 shrink-0" aria-hidden="true" />
      <span className="min-w-0">{children}</span>
    </div>
  );
}

[github-actions]

Code Review Summary

This XL release PR (v0.5.6) introduces three well-structured feature areas: endpoint-level circuit breaker isolation, key concurrent session limit inheritance, and form input validation enhancements. The changes are architecturally sound with comprehensive test coverage. One accessibility issue was identified in the new InlineWarning component.

PR Size: XL

• Lines changed: 2434 (2261 additions, 173 deletions)
• Files changed: 67

Split suggestion: This XL PR bundles three independent feature areas. Future releases could benefit from splitting into separate PRs: (1) circuit breaker isolation, (2) concurrent limit inheritance, (3) form validation/UX enhancements. Each area has clean boundaries and independent test suites.

Issues Found

Category	Critical	High	Medium	Low
Logic/Bugs	0	0	0	0
Security	0	0	0	0
Error Handling	0	0	0	0
Types	0	0	1	0
Comments/Docs	0	0	0	0
Tests	0	0	0	0
Simplification	0	0	0	0

High Priority Issues (Should Fix)

• [Medium] InlineWarning missing ARIA attributes (src/components/ui/inline-warning.tsx:17): The new InlineWarning component lacks role="status" and aria-live="polite" attributes. The existing codebase consistently uses role="alert" for form field feedback (see form-field.tsx, date-picker-field.tsx). Since this is a non-blocking warning, role="status" with aria-live="polite" is the appropriate pattern. See inline comment for suggested fix.

Review Coverage

• Logic and correctness - Clean (circuit breaker isolation logic is sound; concurrent limit inheritance with resolveKeyConcurrentSessionLimit handles edge cases well including NaN, Infinity, negatives)
• Security (OWASP Top 10) - Clean (no injection vectors, no hardcoded secrets, proper input validation in api-key-warnings)
• Error handling - Clean (initEndpointCircuitBreaker properly logs and handles Redis failures; instrumentation try/catch blocks are appropriate)
• Type safety - One issue (InlineWarning accessibility, see above)
• Documentation accuracy - Clean (comments match code behavior; i18n strings added for all 5 languages)
• Test coverage - Adequate (new test files cover circuit breaker isolation, concurrent limit inheritance, deep copy safety, date input parsing, API key warnings, quota lease warnings)
• Code clarity - Good (structuredClone for deep copy in provider-form-context is a clean fix; parseYmdToLocalEndOfDay has proper round-trip validation)

---

Automated review by Claude AI

[github-actions]

[HIGH] [LOGIC-BUG] filterDetails translation fallback detection is wrong, causing raw i18n fallback keys to be rendered

Evidence:

• At src/lib/utils/provider-chain-formatter.ts:415-419:

  const detailsText = f.details
    ? t(`filterDetails.${f.details}`) !== `filterDetails.${f.details}`
      ? t(`filterDetails.${f.details}`)
      : f.details
    : f.reason;

• This repo configures missing translations to fall back to a namespaced key. In src/i18n/request.ts:40-42:

  getMessageFallback: ({ namespace, key }) => {
    return `${namespace}.${key}`;
  },

Why this is a problem: When a filterDetails.* key is missing (e.g. details values that are not IDs like "供应商已禁用"), t(...) becomes something like "provider-chain.filterDetails.供应商已禁用". That will always pass the current !== check and gets rendered, so the provider-chain timeline shows fallback keys instead of the intended raw detail text.

Suggested fix (use t.has() like LogicTraceTab does):

type ProviderChainTranslator = ((key: string, values?: Record<string, string | number>) => string) & {
  has?: (key: string) => boolean;
};

// ...inside formatProviderTimeline(...)
const detailsText = f.details
  ? (() => {
      const detailsKey = `filterDetails.${f.details}`;
      return t.has?.(detailsKey) ? t(detailsKey) : f.details;
    })()
  : f.reason;

[github-actions]

Code Review Summary

XL release PR touching proxy forwarding, endpoint/vendor-type circuit breaker behavior, UI forms, i18n messages, and a large set of tests. One user-visible regression was found in provider-chain timeline formatting where missing filterDetails.* translations render as namespaced fallback keys instead of the intended raw details.

PR Size: XL

• Lines changed: 2434
• Files changed: 67
• Suggested split (to make review/rollback safer):
  • Endpoint circuit breaker toggle + init + endpoint selector changes + tests
  • Vendor-type timeout reason + provider chain i18n updates + logs UI rendering
  • Concurrent session limit inheritance (actions + rate-limit guard) + tests
  • UI warnings (InlineWarning, UserForm expiry parsing, System settings warnings, API key warnings) + i18n
  • Tooling/config changes (.env.example, biome schema bump, deploy scripts)

Issues Found

Category	Critical	High	Medium	Low
Logic/Bugs	0	1	0	0
Security	0	0	0	0
Error Handling	0	0	0	0
Types	0	0	0	0
Comments/Docs	0	0	0	0
Tests	0	0	0	0
Simplification	0	0	0	0

Critical Issues (Must Fix)

None.

High Priority Issues (Should Fix)

• src/lib/utils/provider-chain-formatter.ts:415 - filterDetails translation check uses t(key) !== key, but missing translations fall back to ${namespace}.${key} in this repo, so unknown details render as provider-chain.filterDetails.* instead of raw detail text.

Review Coverage

• Logic and correctness
• Security (OWASP Top 10)
• Error handling
• Type safety
• Documentation accuracy
• Test coverage
• Code clarity

---

Automated review by Codex AI

[github-actions]

• Identified open PR: #775 release v0.5.6 (2261 additions / 173 deletions / 67 files) → size/XL label applied.
• Left an inline review comment for a user-visible regression in provider-chain timeline i18n fallback handling at src/lib/utils/provider-chain-formatter.ts:415 (missing filterDetails.* translations render as provider-chain.filterDetails.* instead of raw details).
• Submitted the required PR review summary via gh pr review.