<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Manifest Changelog</title>
    <link>https://manifest.build/changelog/</link>
    <description>New features, fixes, and improvements to Manifest, released on GitHub.</description>
    <language>en-us</language>
    <atom:link href="https://manifest.build/changelog/rss.xml" rel="self" type="application/rss+xml" />
    <item>
      <title><![CDATA[Manifest v6.13.5]]></title>
      <link>https://manifest.build/changelog/#v6-13-5</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>46a09a8: Fix waitlist sync reading email from session instead of empty tenant field, rename table to waitlist_claims</li>
</ul>
]]></description>
      <pubDate>Mon, 06 Jul 2026 09:15:27 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.13.5</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.13.4]]></title>
      <link>https://manifest.build/changelog/#v6-13-4</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>
<p>b2b95f0: Preserve route metadata on streamed provider errors so message logs keep model and provider fields.</p>
</li>
<li>
<p>3dd41a1: fix: Gemini adapter — strip unsupported schema keywords, merge parallel tool responses, and inject missing thought signatures</p>
<p>The Gemini adapter now strips additional JSON Schema keywords that Google’s
<code>function_declarations</code> parameter schema rejects (<code>propertyNames</code>,
<code>uniqueItems</code>, <code>multipleOf</code>, <code>contains</code>/<code>minContains</code>/<code>maxContains</code>,
<code>prefixItems</code>, <code>additionalItems</code>, <code>readOnly</code>, <code>writeOnly</code>, <code>deprecated</code>,
and <code>$comment</code>/<code>$anchor</code>/<code>$dynamicRef</code>/<code>$dynamicAnchor</code>/<code>$vocabulary</code>).</p>
<p>It merges consecutive parallel tool responses into a single Gemini user turn,
matching Google’s requirement that N functionCall parts be answered by exactly
N functionResponse parts in one turn.</p>
<p>When a functionCall part has no <code>thought_signature</code> from the client or cache
(e.g. after a fallback from another model), the adapter now injects the
documented dummy signature so Gemini 3.x does not reject the request with
“Function call is missing a thought_signature”.</p>
</li>
<li>
<p>3b2bbd9: Self-hosted waitlist claims now sync to the cloud instance</p>
</li>
</ul>
]]></description>
      <pubDate>Sun, 05 Jul 2026 18:48:13 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.13.4</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.13.3]]></title>
      <link>https://manifest.build/changelog/#v6-13-3</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>4e3fdde: Report Claude Opus 4.8 with a 1M context window for Anthropic subscription routing.</li>
<li>a0f5549: Preserve Responses reasoning summaries when Copilot responses-only models are used through Chat Completions.</li>
<li>aafa8d4: Record DeepSeek prompt cache hits from <code>prompt_cache_hit_tokens</code>.</li>
<li>6ce3a9d: Send Fireworks prompt cache keys from Manifest sessions.</li>
<li>4c9335e: Mark MiniMax Coding Plan subscriptions as prompt-cache capable.</li>
<li>ff48cfb: Send Moonshot prompt cache keys and record Kimi cached tokens.</li>
<li>884170d: Preserve author-prefixed Ollama model IDs when proxying requests.</li>
<li>a4fd8aa: Stop forwarding Anthropic-style thinking params to Ollama endpoints.</li>
<li>d329f57: Send Qwen cache-control markers and mark Qwen subscriptions cacheable.</li>
<li>09d904a: Remove the proxy message-count limit so long agent sessions are bounded by request body limits instead.</li>
<li>f1a5243: Mark Xiaomi MiMo Token Plan subscriptions as prompt-cache capable.</li>
<li>0cc5520: Mark <a href="http://Z.ai" target="_blank" rel="noopener noreferrer">Z.ai</a> Coding Plan subscriptions as prompt-cache capable.</li>
</ul>
]]></description>
      <pubDate>Fri, 03 Jul 2026 12:35:06 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.13.3</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.13.2]]></title>
      <link>https://manifest.build/changelog/#v6-13-2</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>7ca120b: Enable prompt caching support metadata for Anthropic subscriptions and send first-party subscription requests with Anthropic automatic cache control.</li>
<li>a46c3dc: Mark Gemini subscriptions as supporting prompt caching in shared provider metadata.</li>
<li>dc3c4a9: Send stable prompt cache keys to Mistral when callers do not provide one.</li>
<li>abec177: Mark OpenAI subscriptions as supporting prompt caching in shared provider metadata.</li>
<li>fb63274: Add OpenRouter prompt cache breakpoints for Gemini and Qwen model families.</li>
<li>22a15a4: Send prompt cache keys to xAI Responses requests from Manifest session affinity.</li>
</ul>
]]></description>
      <pubDate>Fri, 03 Jul 2026 11:56:58 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.13.2</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.13.1]]></title>
      <link>https://manifest.build/changelog/#v6-13-1</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>fef144a: Show explicit SDK model overrides as Direct in Messages.</li>
<li>5572692: Update the shipped modal for OpenAI-compatible model discovery and direct model calls.</li>
<li>f8a5a5d: Lead README, Docker docs, and app meta tags with connecting agents to any provider instead of cost savings.</li>
</ul>
]]></description>
      <pubDate>Fri, 03 Jul 2026 10:07:39 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.13.1</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.12.0]]></title>
      <link>https://manifest.build/changelog/#v6-12-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>8956f43: Stop storing full message request/response bodies. The Messages page keeps the per-message metadata view (status, model, provider, tokens, cost, routing, request headers, model parameters) but the recorded-body drawer is removed. A migration drops the <code>message_recordings</code> table and the unused <code>llm_calls</code> / <code>tool_executions</code> / <code>agent_logs</code> tables, significantly reducing database storage.</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>b27a16e: Stop index migrations from deadlocking deploys against live traffic. The agent_messages index migrations used blocking DDL (plain CREATE/DROP INDEX), which takes an ACCESS EXCLUSIVE lock and deadlocked against live INSERTs while the previous deployment was still serving — failing every deploy and leaving the schema (and the dashboard perf work) unshipped. Those migrations now run CONCURRENTLY (SHARE UPDATE EXCLUSIVE, which does not conflict with writes) outside a transaction, and the migration runner uses per-migration (‘each’) transactions. The covering index also builds without a write stall.</li>
<li>88a8590: Add a timestamp-leading partial index for cross-tenant error scans. The Cloud control plane’s hourly error-insights rollup scans agent_messages by time window across all tenants, but the only error index was tenant-leading — so each run scanned every error row ever recorded (cost growing with total accumulated errors), which turned into multi-minute scans that saturated the database. A timestamp-leading partial index over error rows turns those into windowed range scans (measured 110ms/29k buffers down to 2ms/274 buffers on ~2M error rows). The index stays partial so write amplification on ingest is negligible.</li>
<li>29ee8be: Speed up the dashboard, message log, and provider/subscription lists for high-volume tenants. Distinct model/provider lookups now use an index skip-scan instead of scanning a tenant’s whole history, and the Overview derives its summary cards from the timeseries it already fetches (one fewer full-range scan). A covering index lets the Overview summary, timeseries, and cost-by-model aggregations run as index-only scans on every install (previously self-hosted had none). Postgres planner defaults (JIT off, larger work_mem, SSD-tuned random_page_cost) plus tighter autovacuum on agent_messages keep those aggregations off the heap, and a redundant index is dropped to lighten ingest.</li>
<li>46c88c2: Lazy-load hidden token and cost chart series on agent overview.</li>
<li>1591e53: Name the affected agent when provider disconnect is blocked by routing.</li>
<li>8fb56c1: Speed up provider disconnect route checks and ignore disabled route rows.</li>
<li>e266b8e: Support large OpenAI-compatible inline image requests on <code>/v1/*</code> with route-scoped body parsing, clear body-size errors, and redacted inline image data for routing and message recordings.</li>
<li>49ef687: Start retiring complexity and task-specific routing. Agents that never configured them now see only Default and Custom routing, so the routing page is simpler for new and unconfigured agents. Agents already using complexity tiers or task-specific categories keep everything working and see a banner explaining the change.</li>
<li>0501bb0: Improve the agent routing empty state contrast in dark mode.</li>
<li>5eec940: Stop deploys from deadlocking on database migrations. Migrations ran on every replica’s boot over PgBouncer, so multi-replica deploys with pending migrations could deadlock acquiring locks on agent_messages and fail. Migrations now run once in a pre-deploy step over the direct connection (with an advisory lock so overlapping deploys serialize), before any replica starts. App-boot migration is now configurable (RUN_MIGRATIONS_ON_BOOT, default on for dev and single-instance self-hosted). The migration runner also uses the committed migration list instead of a compiled-file glob, so stale build artifacts from deleted migrations can never run.</li>
<li>100a3b4: Run database migrations under a Postgres advisory lock so concurrent runners serialize instead of deadlocking. When more than one process ran migrations at once (overlapping deployments, or replicas across regions), they could deadlock acquiring DDL locks on the high-churn agent_messages table and fail the deploy. The deploy migration step now takes a single advisory lock over the direct migration connection: the first runner applies every pending migration, the rest wait and then find nothing pending. Single-instance and self-hosted deploys are unaffected.</li>
<li>ca62d7b: Clarify Xiaomi MiMo Basic API-key setup by linking directly to the API Keys console and validating the documented <code>sk-xxxxx</code> pay-as-you-go key shape separately from Token Plan <code>tp-</code> credentials.</li>
</ul>
]]></description>
      <pubDate>Wed, 24 Jun 2026 07:39:04 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.12.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.11.0]]></title>
      <link>https://manifest.build/changelog/#v6-11-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>e30e0e9: Add global provider pages (ConnectProvider, ProviderDetail, AgentProviders tab) and lift provider connections from per-agent to user-scoped. Remove agent H1 header block from AgentDetail shell.</li>
<li>21f0981: Tenant-canonical scoping: every resource now belongs to a tenant instead of a user. The <code>user_providers</code> table is renamed to <code>tenant_providers</code> (junction column <code>user_provider_id</code> → <code>tenant_provider_id</code>), <code>api_keys</code>, <code>email_provider_configs</code>, and <code>custom_providers</code> are re-keyed by <code>tenant_id</code>, and the remaining <code>user_id</code> scope columns are dropped from routing/notification/playground tables (kept only as nullable <code>created_by_user_id</code> audit columns). Self-host operators querying the database directly should note the table/column renames; migrations run automatically on boot and abort with a clear message if orphaned rows are found (set <code>MANIFEST_MIGRATION_FORCE=1</code> to delete them instead).</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>e30e0e9: “View more” on a harness’s recent messages now opens the global Messages log pre-filtered to that harness.</li>
<li>e30e0e9: The per-agent Overview now breaks usage down by provider (chart + provider filter), matching the global Overview.</li>
<li>e30e0e9: Restructure agent detail view into a horizontal-tabbed shell (Overview / Routing / Guardrails / Settings) with back-link navigation. Unify sidebar to a single global nav (Overview / Messages / Agents) rendered identically on every authenticated route; remove the agent-scoped MONITORING/MANAGE/RESOURCES sub-nav.</li>
<li>7aa49e5: A newly added provider key no longer shows another key’s usage on its connection page — per-connection analytics now attribute every message to the exact connection that served it, instead of grouping by provider, auth type, and label.</li>
<li>19b9b9e: Add AWS Bedrock as an API-key provider using Bedrock Mantle’s OpenAI-compatible endpoints. Bedrock vendor-prefixed model IDs now resolve model parameters, pricing, and capabilities through the underlying provider metadata while keeping the original Bedrock ID for inference.</li>
<li>548a836: Fix Claude Code subscription routing for Anthropic Messages requests by capping Manifest-added <code>cache_control</code> markers at Anthropic’s four-block limit, enabling the <code>context_management</code> beta header expected by recent Claude Code clients, and downgrading <code>output_config.effort: &quot;xhigh&quot;</code> when routing resolves to Sonnet.</li>
<li>e30e0e9: Custom providers now display their name and models consistently across Messages, Overview, graphs and cost tables — the literal “custom:” prefix is gone and names resolve on global pages too (the backend resolves them, so deleted providers degrade gracefully).</li>
<li>550d2a4: Restore the “Add custom provider” button on the Usage-based page and use a dedicated modal for creating and editing custom providers</li>
<li>30539c2: Deleting a custom provider can no longer leave orphaned key or routing data behind: the link between custom providers and their stored keys is now enforced by the database (with automatic cleanup of any pre-existing orphans), and creating or deleting a custom provider is atomic.</li>
<li>8df85b4: Speed up global overview and Messages by collapsing overview usage timeseries queries and letting Messages load rows before exact totals/filter metadata.</li>
<li>fd5bc63: Connecting a provider right after creating your first agent no longer fails with “Tenant not found” for several minutes — newly created workspaces are now visible to the dashboard immediately. When a database migration fails on startup, the logs now show the real migration error instead of a misleading “Unable to connect to the database” retry loop.</li>
<li>e30e0e9: Add global dashboard with Overview, Messages, and Agents navigation for tenant-wide usage analytics.</li>
<li>e30e0e9: Local providers (sidebar tab, page and overview card) are hidden on cloud — they only apply to self-hosted installs.</li>
<li>0efdb6b: Add Kiro IAM Identity Center start URL and region options to the subscription login flow.</li>
<li>e30e0e9: Fix token/cost limits never blocking (or alerting) when the server’s timezone isn’t UTC. <code>computePeriodBoundaries</code>/<code>computePeriodResetDate</code> built their window in UTC, but <code>agent_messages.timestamp</code> rows are stored in the process’s local time — so on a non-UTC host the window’s upper bound sat behind the stored rows by the TZ offset and the consumption SUM read ~0, meaning hard limits silently never tripped and threshold alerts never fired. Boundaries are now computed in local time (matching <code>computeCutoff</code>), via a new <code>toLocalSqlTimestamp</code> helper.</li>
<li>2f2c8e1: Harden provider connection attribution and analytics before release. A subscription a user removed is no longer silently brought back by an agent’s background re-registration. Pre-upgrade message history now attributes to the right connection for users who had the same provider on multiple agents. The dashboard overview keeps Playground traffic out of every card and chart consistently, and the provider-key cache is no longer bypassed on the proxy path.</li>
<li>28dbedb: Provider connections lifted from per-agent keys now get clearer names (e.g. “from Agent A”) instead of the bare agent name.</li>
<li>3bb50ae: Provider migrations can now be rolled back without dropping connected providers.</li>
<li>ed58472: Removed the leftover savings/baseline cost tracking (database columns and proxy-side computation) now that the dashboard no longer shows savings.</li>
<li>e30e0e9: Removed the Subscription Savings card, chart, explainer and its API endpoints.</li>
<li>97b401a: Rename the agent_provider_access table to agent_enabled_providers so the database, API routes, and dashboard all use the same “enabled providers” naming. The migration is a pure rename — no data is modified — and rolls back cleanly.</li>
<li>e30e0e9: Fix the post-create “Set up harness” modal showing the full harness picker instead of the harness you just chose. AgentGuard now refetches the agent list when the viewed agent changes, so a newly created agent’s platform reaches the setup modal (previously the stale, source-less list left the platform unset whenever the agent was created from the always-present sidebar while another agent was open).</li>
<li>2492e76: Harden the tenant-scoping upgrade for large production databases. The provider-lift migration now skips rows whose agent was already deleted instead of aborting the whole upgrade with a foreign-key error, and the multi-million-row agent-message attribution backfill runs as a throttled, resumable post-deploy job (<code>npm run backfill:message-providers</code>) instead of inside the boot transaction — so upgrading no longer holds a long lock on <code>agent_messages</code>.</li>
<li>d6748ad: Close a cross-tenant read path in message-detail logs (the llm_calls/agent_logs/tool_executions child queries are now tenant-scoped), and harden dashboard reliability: reject API keys past their own expiry from the auth cache, stop reporting routing-override saves that didn’t persist, keep a demo-seed failure from aborting boot, and add a retryable error state to the connection page.</li>
<li>8d7f916: Add a one-time “What we just shipped” dialog for existing users that announces global providers: connect a provider once across all harnesses, scope access per harness, and track subscription vs usage-based spend per provider and harness. Dismissal is remembered locally.</li>
</ul>
]]></description>
      <pubDate>Wed, 17 Jun 2026 06:03:38 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.11.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.10.0]]></title>
      <link>https://manifest.build/changelog/#v6-10-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>a29a705: Add a per-auth-type breakdown to the public <code>provider-tokens</code> endpoint. Each provider now carries an <code>auth_types</code> array (<code>{ auth_type, total_tokens, model_count }</code>) alongside the existing <code>models</code> list, so a provider that is used both with an API key and a subscription (e.g. OpenAI API key vs ChatGPT subscription) can be listed once per auth method. Usage with no recorded auth type is counted as <code>api_key</code>. The existing <code>provider</code>/<code>total_tokens</code>/<code>models</code> fields are unchanged, so the addition is backwards compatible.</li>
<li>43e06c6: Add Xiaomi MiMo as an API-key provider with MiMo Token Plan subscription routing.</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>17d7fd5: Fix the Anthropic subscription model catalog. Drop the <code>claude-*-fast</code> ids it pulled from the pricing cache — those 404 at <code>api.anthropic.com</code> because fast mode is an <code>anthropic-beta</code> header on the base Opus model, not a model id. Also add <code>claude-fable-5</code> (Claude Fable 5), a new subscription model that didn’t match the existing <code>claude-*-4</code> prefixes.</li>
<li>6eb902d: Forward OpenAI-compatible image inputs as Anthropic image content blocks when routing Chat Completions or Responses requests to Claude.</li>
<li>abbf574: Inject cache_control prompt-caching breakpoints for Anthropic subscription OAuth requests. The skip dated from a misdiagnosed 400 that was actually caused by the missing Claude Code identity block, so subscription users were re-paying their full prompt prefix in quota on every request.</li>
<li>6dc6c07: Filter ChatGPT subscription model discovery to models the Codex backend accepts with a ChatGPT account.</li>
<li>00870bf: Make Anthropic Claude Code subscription OAuth and routing match the Claude Code flow: exchange tokens through the Claude Code API host, avoid connect-time probes, and use Claude Code-compatible request headers. Also fix Anthropic OAuth pending-flow consumption so the saved provider keeps the correct agent and user IDs.</li>
<li>392efe2: Allow adaptive-only Anthropic thinking mode parameters to be reset to unset from the model parameter dialog.</li>
<li>04782c1: Restore prompt-cache hits on the ChatGPT subscription backend: send the session affinity headers the Codex CLI sends (<code>session-id</code>/<code>thread-id</code>, <code>x-codex-turn-state</code> replay, stable <code>prompt_cache_key</code>), and forward the caller’s <code>prompt_cache_key</code> on OpenAI /responses conversions</li>
<li>4ea4872: Allow self-hosted installs to tune streaming warmup timeout with STREAM_WARMUP_MS.</li>
<li>3f59cc4: Route Copilot subscription models using their advertised supported endpoints so responses-only models use <code>/responses</code> directly instead of failing on <code>/chat/completions</code>.</li>
<li>96eba2d: Resolve subscription provider aliases before checking subscription support so Gemini subscriptions stored or registered as “google” remain usable for routing.</li>
<li>09a7379: Strip unsupported <code>exclusiveMinimum</code> and <code>exclusiveMaximum</code> JSON Schema fields from Google/Gemini tool declarations so function-calling requests do not fail validation.</li>
<li>8cbc0da: Forward OpenAI-compatible image inputs as Gemini inline or file data parts when routing requests to Google.</li>
<li>d018cb4: Fix custom (header) routing tiers keeping stale account pins after disconnecting one of several accounts on the same provider. Provider-reference cleanup only updated complexity and specificity tiers, so disconnecting an account, renaming a key, or deactivating all providers left header-tier routes pointing at a removed account (the account chip then rendered blank). <code>relabelOverrides</code>, <code>cleanupProviderReferences</code>, and <code>deactivateAllProviders</code> now clean <code>header_tiers</code> routes the same way.</li>
<li>cb48cc0: Fix OAuth subscription tokens getting permanently invalidated (#2012). Providers like OpenAI now rotate refresh tokens on every refresh, so the previous “refresh then persist” path could brick an account when parallel proxy requests refreshed the same credential at once, or when the DB write failed after the provider had already rotated. Lazy refreshes are now coordinated per credential: concurrent refreshes coalesce into a single round-trip, the freshest token is re-read from the database before refreshing, and the rotated token is persisted with retries. Applies to all subscription OAuth providers (OpenAI, Gemini, Anthropic, MiniMax, xAI, Kiro).</li>
<li>2ee31b3: Route already-resolved OpenAI <code>o3-deep-research</code> API-key requests through the Responses endpoint, matching the existing deep-research handling for <code>o4-mini-deep-research</code> without adding unavailable models to discovery. Preserve non-streaming mode when forwarding Chat Completions-shaped requests to OpenAI Responses, and surface collected Responses SSE error events as upstream failures instead of empty successful completions.</li>
<li>6677b95: Fix the Playground sending MiniMax subscription requests to the default region endpoint. The OAuth <code>resource_url</code> (which encodes the chosen region) was only applied for Gemini and dropped for MiniMax; it is now turned into a <code>minimax-subscription</code> base-URL override the same way the proxy does, so Playground requests hit the correct region. Follow-up to #2110 (cubic-flagged).</li>
<li>4a7e1fa: Normalize provider reasoning stream aliases such as Copilot’s <code>reasoning_text</code> to OpenAI-compatible <code>reasoning_content</code> for chat-completions clients while preserving provider-specific replay safeguards.</li>
<li>642b162: Prevent OpenAI Responses-backed subscription streams from ending as interrupted client streams: forward terminal upstream <code>error</code> / <code>response.failed</code> events as OpenAI-compatible SSE error payloads, convert <code>response.incomplete</code> (max_output_tokens / content filter) into a proper <code>length</code> / <code>content_filter</code> finish chunk, surface upstream stream errors to <code>/v1/messages</code> clients as native Anthropic <code>error</code> events instead of a fabricated empty <code>end_turn</code> message, and stop the provider request timeout from aborting healthy streaming response bodies after headers have arrived.</li>
<li>34febf8: Fix the Playground using the wrong endpoint for region-based providers (qwen, zai) and forwarding vendor-prefixed model ids for copilot/zai. The proxy’s endpoint + model resolution (region overrides for minimax/qwen/zai, prefix stripping for copilot/minimax/zai, custom-provider endpoints) is now a shared <code>resolveForwardEndpoint</code> helper used by both the proxy and the Playground, so the two paths can no longer drift.</li>
<li>6154127: Try configured tier fallback routes before the auto-assigned route when a manual override model is unavailable.</li>
</ul>
]]></description>
      <pubDate>Sun, 14 Jun 2026 13:40:15 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.10.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.9.2]]></title>
      <link>https://manifest.build/changelog/#v6-9-2</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>2d7541b: Resolve model parameter specs through the providerless modelparams.dev by-model endpoint so gateway routes such as GitHub Copilot can expose the underlying model’s thinking and reasoning controls.</li>
<li>5006434: Speed up the dashboard and lower proxy overhead: unbuffered SSE streaming, smaller render-blocking CSS, lazy-loaded modals, cached per-agent model lookups, and new indexes for hot queries.</li>
<li>aad3033: Fix native <code>/v1/responses</code> forwarding so typed non-message input items such as <code>reasoning</code> and <code>item_reference</code> are preserved without a <code>role</code>, preventing ChatGPT subscription Codex backend 400 errors on multi-turn Codex requests.</li>
</ul>
]]></description>
      <pubDate>Thu, 04 Jun 2026 08:58:30 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.9.2</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.9.1]]></title>
      <link>https://manifest.build/changelog/#v6-9-1</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>e2ec0a6: Add BytePlus ModelArk Coding Plan as a subscription provider.</li>
<li>90e7af5: Add Command Code subscription routing with dynamic model discovery and OpenAI/Anthropic Provider API forwarding.</li>
<li>c78f6fb: Persist refreshed OAuth subscription tokens to the same provider account label that supplied the token.</li>
<li>4884967: Add Qwen Token Plan as a subscription option for the Alibaba Cloud provider.</li>
<li>6cdd23d: Add a <a href="http://Z.ai" target="_blank" rel="noopener noreferrer">Z.ai</a> GLM Coding Plan endpoint selector for outside-China and China Mainland subscription routing.</li>
</ul>
]]></description>
      <pubDate>Tue, 02 Jun 2026 19:38:59 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.9.1</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.9.0]]></title>
      <link>https://manifest.build/changelog/#v6-9-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>50e7ecd: Add OpenCode Zen as an API-key provider. OpenCode Zen exposes an OpenAI-compatible <code>/v1/models</code> catalog and <code>/v1/chat/completions</code> proxy endpoint, plus a native Anthropic <code>/v1/messages</code> endpoint for Claude models. Manifest now discovers Zen models on connect and routes Claude requests through <code>/v1/messages</code> (with <code>x-api-key</code> auth) and everything else through <code>/v1/chat/completions</code> (with Bearer auth).</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>0eff607: Keep same-name models from different providers available in the routing model picker.</li>
<li>d950469: Add Fireworks AI as an official API-key routing provider.</li>
<li>d439884: Add Kimi Coding Plan subscription routing for Moonshot/Kimi with the <code>kimi-for-coding</code> model.</li>
<li>31383c5: Refresh OAuth subscription credentials once when the upstream rejects a stored access token.</li>
</ul>
]]></description>
      <pubDate>Tue, 02 Jun 2026 12:34:01 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.9.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.8.3]]></title>
      <link>https://manifest.build/changelog/#v6-8-3</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>65bca08: Fix token-cost calculation for providers that report cache-read prompt tokens. Manifest now uses models.dev cache-read/cache-write prices when available, so cached DeepSeek input tokens are billed at the cache-hit rate instead of the full input-token rate.</li>
<li>08f9c6f: Fix <code>/v1/responses</code> streaming to emit the full OpenAI Responses API event lifecycle when bridging a Chat Completions upstream. The converter now opens a message item and content part (<code>response.output_item.added</code> / <code>response.content_part.added</code>) before the text deltas and closes them (<code>response.output_text.done</code> / <code>response.content_part.done</code> / <code>response.output_item.done</code>) with a populated <code>response.completed</code>, instead of emitting bare <code>output_text.delta</code> + <code>response.completed{output:[]}</code>. Strict Responses API clients (Pi, OpenClaw-style) previously dropped the deltas and rendered empty assistant messages.</li>
</ul>
]]></description>
      <pubDate>Mon, 01 Jun 2026 06:05:49 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.8.3</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.8.2]]></title>
      <link>https://manifest.build/changelog/#v6-8-2</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>c86ab75: Record cumulative Anthropic streamed input and cache token counts when they are reported on <code>message_delta</code> events.</li>
<li>191170c: fix(charts): pad bar chart x-scale by half a bin so the last bar is fully visible (#1756)</li>
<li>3471514: Speed up the dashboard’s first load. Heavy code now loads on demand instead of up front: the syntax highlighter is a slim 6-language build, charts load per tab, and the markdown renderer loads when the first message renders. Dev-only tooling no longer ships in production bundles.</li>
<li>26f3458: Limit the OAuth callback-URL tutorial video on the provider sign-in screen to OpenAI. Other OAuth providers (Gemini, etc.) no longer show the OpenAI-specific video.</li>
<li>72a398b: Separate model selector capabilities from input and output modality columns.</li>
<li>d3b742f: Fix OpenCode Go reasoning-tier routing by sending qwen3.7 models through the provider’s Anthropic-compatible endpoint, keeping Mimo on the OpenAI-compatible endpoint, and hardening streamed reasoning_content caching for tool-call continuations.</li>
<li>1a4063d: Replace the Routing page’s empty pricing catalog panel with a concise warning toast that avoids naming implementation-specific upstream pricing sources.</li>
<li>259951e: Parse provider SSE streams with a spec-compliant parser so keepalive comments remain comments instead of being forwarded as data payloads.</li>
<li>3434f64: Close an SSRF hole where a custom provider URL written as an IPv4-mapped IPv6 literal (for example <code>https://[::ffff:169.254.169.254]</code>) slipped past the guard and could reach cloud metadata or private hosts. The carrier-grade NAT range (100.64.0.0/10, used by managed Kubernetes and Tailscale) is now blocked too. Separately, MiniMax, Kiro, and Copilot OAuth errors no longer echo refresh tokens or client secrets into logs.</li>
<li>690de8d: Request exact token usage for every supported OpenAI-compatible streamed provider by moving <code>stream_options.include_usage</code> behind endpoint capability metadata, including Kilo and NVIDIA NIM.</li>
</ul>
]]></description>
      <pubDate>Fri, 29 May 2026 14:28:19 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.8.2</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.8.1]]></title>
      <link>https://manifest.build/changelog/#v6-8-1</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>ba08e72: Support adding and managing multiple GitHub Copilot subscription accounts.</li>
<li>9109d10: Keep connected subscription add-account flows visible for OAuth and device-code providers.</li>
</ul>
]]></description>
      <pubDate>Tue, 26 May 2026 19:23:34 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.8.1</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.8.0]]></title>
      <link>https://manifest.build/changelog/#v6-8-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>19e2d5b: Kiro subscriptions now connect in Manifest Cloud. Kiro previously used a local-only CLI flow (reading the <code>kiro-cli</code> token cache off the backend’s own disk), so it only worked when self-hosting. It now uses the AWS SSO OIDC device authorization flow server-side — register → show a user code + verification link → poll for the token — exactly like the GitHub Copilot and MiniMax subscriptions, working identically on a laptop and in the cloud.</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>8061e86: Show capability badges for gateway models in the model picker. A gateway model like <code>opencode-go/glm-5.1</code> now resolves its capabilities from the underlying provider’s models.dev metadata (<code>zai</code> / <code>glm-5.1</code>) instead of showing “Capabilities unknown”. The resolution is gateway-generic — it keys off the shared gateway-prefix abstraction, so any gateway added later inherits it automatically.</li>
<li>b13ac3d: Add Grok subscription provider support with xAI OAuth login and dynamic xAI model discovery.</li>
<li>20c7c40: Add NVIDIA NIM as an official API-key routing provider.</li>
<li>f71c741: Show OpenCode Go’s per-request cost in the model picker and tier cards. OpenCode Go bills a per-request slice of its dollar quota rather than a flat fee, so models with a published cost now display e.g. <code>$0.0136/req</code> instead of the generic “Included in subscription” label. The <code>available-models</code> API surfaces <code>cost_per_request</code> (from the OpenCode Go catalog) for gateway models; flat-fee subscriptions are unchanged.</li>
</ul>
]]></description>
      <pubDate>Tue, 26 May 2026 17:42:09 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.8.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.6.2]]></title>
      <link>https://manifest.build/changelog/#v6-6-2</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>
<p>b6920d3: refactor(proxy): forward Anthropic Messages requests to Anthropic upstreams without OpenAI translation</p>
<p>When a <code>POST /v1/messages</code> request resolves to an Anthropic upstream, the
proxy now forwards the original Anthropic body directly with only additive
mutations applied (cache_control on the last system block and last tool,
subscription identity injection for OAuth, default max_tokens, cached
extended-thinking replay). The OpenAI-shaped <code>chatBody</code> is retained for
the routing/scoring layer but no longer feeds the wire request.</p>
<p>Closes the lossy-roundtrip class of bugs that previously dropped Anthropic-
native fields (server-tool <code>type</code> discriminators, <code>top_k</code>, native
<code>stop_sequences</code> form, future Anthropic-only parameters) through the
Anthropic → OpenAI → Anthropic translation. Replaces the targeted
<code>_anthropicServerTools</code> stash workaround.</p>
</li>
<li>
<p>07bc952: Set Claude Code setup snippets to use Manifest’s <code>auto</code> model by default and expose it through <code>/v1/models</code>.</p>
</li>
<li>
<p>610c408: Show captured assistant responses as the final turn in recorded OpenAI Chat and Responses API message log conversations.</p>
</li>
<li>
<p>58dd78c: Show configured task-specific and custom tiers in the Messages tier filter and route those selections to the matching message-log filters.</p>
</li>
<li>
<p>ebb1e2b: Use modelparams.dev parameter descriptions in the Model parameters dialog instead of local hardcoded hints.</p>
</li>
<li>
<p>534ff60: Refresh the Model parameters dialog with grouped cards, inline descriptions, a compact slider with min/max markers, and a synced number field. Disabled parameters now keep their description and gain a help icon explaining how to enable them, while remembering the last user value for when they become available again.</p>
</li>
<li>
<p>6cd59c7: Resolve modelparams.dev provider aliases such as <a href="http://Z.ai" target="_blank" rel="noopener noreferrer">Z.ai</a>’s <code>z-ai</code> catalog ID when loading configurable model parameters.</p>
</li>
<li>
<p>ec47903: Keep the OpenAI OAuth callback paste field visible while an OAuth flow is active, align the OpenAI authorize request with the current Codex CLI flow, and persist pending OpenAI OAuth exchanges across backend instances.</p>
</li>
<li>
<p>261769d: fix(proxy): re-inject cached reasoning_content for OpenAI-compatible tool turns</p>
<p>When reasoning providers return <code>reasoning_content</code> alongside tool calls, Manifest now caches the field and restores it on the next request if an OpenAI-compatible client dropped it from the assistant history. The replay is guarded to DeepSeek/Kimi/OpenCode Go-compatible targets and strict providers still have the field stripped.</p>
</li>
<li>
<p>130eb3c: Remove the recorded-only filter from the messages dashboard.</p>
</li>
<li>
<p>96cdd40: Persist cached <code>reasoning_content</code> for DeepSeek-compatible tool-call turns in Postgres so cloud deployments with multiple backend instances can re-inject the required field on follow-up requests.</p>
</li>
<li>
<p>2bf3734: Render recorded OpenAI Responses API request input in the message log conversation tab instead of falling back to the raw-body hint.</p>
</li>
<li>
<p>d061461: fix(proxy): route xAI Responses API requests to xAI’s native /v1/responses endpoint</p>
<p>Adds native xAI Responses API forwarding and routes xAI multi-agent Grok models
through /v1/responses instead of filtering them out of model discovery.</p>
</li>
</ul>
]]></description>
      <pubDate>Tue, 26 May 2026 00:12:00 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.6.2</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.6.1]]></title>
      <link>https://manifest.build/changelog/#v6-6-1</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>9d3f743: Stop recording Railway and proxy noise headers on every message. Headers injected by the hosting edge (x-railway-<em>, x-forwarded-</em>, x-real-ip, etc.) are dropped before storage, so the message Headers tab only shows headers the agent actually sent.</li>
<li>1173e30: Performance: bound the public usage-stats aggregations, add a composite <code>(key_prefix, is_active)</code> index for agent-key auth lookups, reuse uPlot chart instances in place on data refresh instead of rebuilding them, and memoize the message log’s feedback overrides.</li>
</ul>
]]></description>
      <pubDate>Fri, 22 May 2026 00:23:16 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.6.1</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.6.0]]></title>
      <link>https://manifest.build/changelog/#v6-6-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>400c195: Add opt-in per-agent message recording. Toggle in Settings → Recording captures the full request body, response body, and response headers for subsequent proxy calls. Recorded rows show a record-dot icon in the Messages log; clicking it opens a formatted modal with Parameters, Conversation turns, Tool calls, Reply, Usage pills, and Headers. Payloads capped at 2 MB and kept out of the hot message-list query via a separate <code>message_recordings</code> table. Defaults off; never included in anonymous telemetry.</li>
</ul>
]]></description>
      <pubDate>Thu, 21 May 2026 14:13:00 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.6.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.5.1]]></title>
      <link>https://manifest.build/changelog/#v6-5-1</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>3b345e7: Fix provider disconnect cleanup so removing an OAuth subscription clears routes pinned to that auth type even when an API-key credential for the same provider remains connected.</li>
<li>492cf46: Preserve provider key labels and priorities when duplicating agents.</li>
<li>045907d: Preserve native Google <code>generationConfig</code> fields when routing requests to Gemini, while keeping existing OpenAI-compatible generation aliases as explicit overrides.</li>
<li>9438035: Serve model parameter specs from the MPS catalog API and support scoped per-route defaults.</li>
<li>4e780be: Make saved Manifest model parameters authoritative over overlapping client request parameters while preserving client parameters that Manifest does not configure.</li>
<li>bea267e: Fetch model parameter specs per-model on demand instead of downloading the full MPS catalog on every Routing-page load, and add an ETag conditional GET to the catalog refresh. Keeps the dashboard payload flat as the catalog grows.</li>
<li>680feca: Stop slow startup model-catalog syncs from stalling boot past the deploy healthcheck. The OpenRouter, models.dev, GitHub, and modelparameters.dev fetches now run in the background instead of blocking <code>app.listen()</code>, and the two that lacked a timeout (OpenRouter, GitHub) now abort after 10s. The pricing cache still warms up with real data once those fetches land.</li>
</ul>
]]></description>
      <pubDate>Thu, 21 May 2026 13:30:39 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.5.1</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.5.0]]></title>
      <link>https://manifest.build/changelog/#v6-5-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>c4571f7: Add Playground page: compare LLM responses from multiple models side by side for cost, output tokens, and latency. Includes request-headers popover, history drawer with replay, and markdown rendering of responses.</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>f2074dd: Make Anthropic OAuth token exchange diagnostics safe when fields are missing.</li>
<li>3ff3087: Persist Anthropic OAuth pending state in Postgres so production exchanges survive reloads, restarts, and multi-instance routing.</li>
<li>7913169: Align Anthropic OAuth state handling with the Claude Code PKCE flow.</li>
<li>ed05898: Add Claude Code-compatible Anthropic OAuth token headers and safe request-shape diagnostics.</li>
<li>0421e0a: Fall back to the OAuth state when Anthropic pending verifier data is missing.</li>
<li>d00e52b: Fix custom providers in the Playground. Selecting a model from a custom (OpenAI/Anthropic-compatible) provider now resolves its endpoint instead of failing with “Provider request failed”.</li>
<li>2b1c9b5: Hide the misleading empty “tier” label in the Playground model picker. The subtitle now only shows when a real routing tier applies.</li>
</ul>
]]></description>
      <pubDate>Tue, 19 May 2026 06:54:39 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.5.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.4.0]]></title>
      <link>https://manifest.build/changelog/#v6-4-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>
<p>24832a3: Add Nanobot to the supported personal AI agents list. The setup screen renders a paste-ready <code>~/.nanobot/config.json</code> block that points the <code>manifest</code> provider at the Manifest endpoint and selects model <code>auto</code> by default.</p>
</li>
<li>
<p>d7dc183: Move request body defaults (today: DeepSeek’s <code>thinking</code> toggle) from tier-scoped storage to per-route storage. Settings now travel with the model identity (<code>agent_id</code>, <code>provider</code>, <code>auth_type</code>, <code>model_name</code>) wherever the model appears — default tier primary, specificity fallback, header-tier primary, anywhere. <strong>Behavior change:</strong> Manifest no longer auto-disables DeepSeek’s thinking mode on simple/standard/complex tiers. Users who never configured a value will see the provider’s natural default (thinking enabled) instead of Manifest’s previous cost-saving override. To get the old behavior back, configure thinking explicitly per-model from the Routing page once the frontend ships. Migration backfills the existing per-tier config to every compatible route in the assignment (primary + fallbacks) so no per-model setting is silently lost. Adds new endpoints <code>GET/PUT/DELETE /api/v1/routing/:agent/model-params</code> for the upcoming frontend.</p>
</li>
<li>
<p>4cba5b3: Routing UI: every model row (primary chip, fallback row, header-tier primary, header-tier fallback) now exposes the per-model Parameters affordance for any provider whose API consumes a known knob (today: DeepSeek’s <code>thinking</code>). Settings travel with the model identity wherever it appears — saving DeepSeek’s thinking mode on one slot updates every other slot showing the same model. Closes the long-standing gap on the “custom” (header-tier) routing surface, which previously had no params support at all. Wires the new <code>GET/PUT/DELETE /api/v1/routing/:agent/model-params</code> endpoints shipped in the backend PR.</p>
</li>
<li>
<p>a8e907e: Add full OAuth flow for the Anthropic Claude Pro / Max subscription. Connecting
your Claude subscription is now a one-click “Sign in with Claude” → paste the
authorization code, instead of running <code>claude setup-token</code> in a separate
terminal. Tokens auto-refresh through the same blob/refresh path used by OpenAI.</p>
<p>Internally the OAuth code in <code>routing/oauth/</code> was split into shared <code>core/</code>
primitives (PKCE, token-blob storage, pending-state TTL, callback HTML) plus
per-provider files. The OpenAI service now delegates to the same primitives,
and a new <code>oauth/anthropic/</code> package implements the paste-code flow.</p>
</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>
<p>a254c32: Add OpenCode to the Coding Assistant setup flow. The setup screen now renders a paste-ready OpenCode config block for the global or project config, registers Manifest as an OpenAI-compatible provider, and selects <code>manifest/auto</code> by default.</p>
</li>
<li>
<p>6f52fdd: Normalize Chat Completions <code>image_url</code> parts to Responses API <code>input_image</code> parts before forwarding to <code>/v1/responses</code>.</p>
</li>
<li>
<p>bbcfa50: Stop filtering the canonical <code>gemini-3.1-flash-lite-preview</code> (and similar non-dated <code>flash-lite-preview</code> aliases) from Gemini model discovery. The previous regex was meant to drop deprecated dated snapshots like <code>gemini-2.5-flash-lite-preview-09-2025</code> but over-matched and removed live preview models too. Tightened to require a <code>-MM-YYYY</code> date suffix so dated snapshots still get filtered while canonical previews surface.</p>
</li>
<li>
<p>91088e2: Fix “Add another key” button for OAuth subscription providers</p>
</li>
<li>
<p>cedeba2: Extract Wingman to a standalone hosted SPA at <code>wingman.manifest.build</code>.
The dashboard’s bottom drawer stays dev-only (dead-code-eliminated from
production / self-hosted bundles) and now embeds the hosted build by
default. Contributors can still point it at a local Wingman with
<code>VITE_WINGMAN_URL</code>. Dev-mode CORS allow-lists the hosted origin so
contributors can use the hosted SPA against a local backend; production
never enables CORS, so nothing Wingman-related ships to self-hosted
deployments. The <code>packages/wingman/</code> workspace is removed; source moves
to <a href="https://github.com/mnfst/wingman" target="_blank" rel="noopener noreferrer">https://github.com/mnfst/wingman</a>.</p>
</li>
<li>
<p>abf3c15: Show a small “Last used” badge on the sign-in and sign-up pages so returning visitors can see at a glance which method (email or one of the social providers) they used last time. The hint is stored per-browser in <code>localStorage</code> and is best-effort: it falls back silently when storage is unavailable.</p>
</li>
<li>
<p>9b4a586: Accept MiniMax Coding Plan <code>sk-cp-</code> tokens on the MiniMax subscription tile alongside the device-code OAuth flow. The region picker now applies to both paths, so CN Coding Plan tokens route to <code>api.minimaxi.com</code> for both model discovery and proxied requests. Closes #1467.</p>
</li>
<li>
<p>d9e6232: Improve the dashboard layout on phone-sized screens with a compact navigation drawer, tighter header chrome, and mobile-sized chart stats.</p>
</li>
<li>
<p>828812c: Patch five high-severity Dependabot alerts in transitive dependencies.</p>
<ul>
<li><code>fast-uri</code> 3.1.0 → 3.1.2 (path traversal + host confusion, dev-only via <code>@nestjs/schematics</code>).</li>
<li><code>kysely</code> 0.28.14 → 0.28.17 via <code>better-auth</code> 1.4 → 1.6 (JSON-path injection in <code>JSONPathBuilder</code>, runtime).</li>
<li><code>undici</code> 5.x → 6.25 via <code>@codecov/vite-plugin</code> 1 → 2 (HTTP smuggling + CRLF injection, dev/build only).</li>
</ul>
<p>No behavior change. Better Auth bump is patch-compatible (1.4 → 1.6) — login, register, OAuth round-trips verified locally.</p>
</li>
<li>
<p>7792ef8: Coerce unknown Anthropic Messages tool types to custom tools instead of forwarding unsupported server-tool tags, and normalize missing array <code>items</code> in forwarded tool schemas for OpenAI compatibility.</p>
</li>
<li>
<p>504a7af: Route Anthropic and MiniMax subscription disconnects through provider-specific OAuth cleanup endpoints</p>
</li>
<li>
<p>47d143c: Rename the personal agent category label to “AI agents”.</p>
</li>
<li>
<p>ee47ba7: Strip adaptive thinking when Anthropic Messages requests are routed to Claude Haiku.</p>
</li>
<li>
<p>f4fb104: Preserve OpenCode Go reasoning content for known non-DeepSeek reasoning model families.</p>
</li>
</ul>
]]></description>
      <pubDate>Mon, 18 May 2026 14:26:43 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.4.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.3.0]]></title>
      <link>https://manifest.build/changelog/#v6-3-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>74f6fb3: Add <code>GET /api/v1/public/agent-tokens</code> public endpoint. Mirrors the shape of <code>/provider-tokens</code> but groups daily-token usage by <code>(agent_category, agent_platform)</code> instead of by LLM provider, so the marketing site can show per-agent (OpenClaw, Claude Code, OpenAI SDK, etc.) charts alongside the existing per-provider ones. Excludes the <code>other</code> platform bucket and <code>custom:*</code> models server-side. Gated by <code>MANIFEST_PUBLIC_STATS</code> and cached for 24h, same posture as the rest of the public-stats endpoints.</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>
<p>c1fe19a: Fix GitHub Copilot routing for GPT-5 Codex models. Copilot serves Codex variants (<code>gpt-5-codex</code>, <code>gpt-5.2-codex</code>, <code>gpt-5.3-codex</code>) only via <code>/responses</code>, so chat-completions requests now swap to that endpoint instead of returning “Unsupported API for model”. Also rewrites <code>max_tokens</code> to <code>max_completion_tokens</code> for the GPT-5 / o-series family on Copilot, fixing the “Unsupported parameter: ‘max_tokens’” error reported alongside.</p>
</li>
<li>
<p>786dd76: Preserve Responses stream classification during stream warm-up.</p>
</li>
<li>
<p>ae56a30: fix(proxy): preserve Anthropic server tools through /v1/messages double-conversion (#1886)</p>
<p>Claude Code requests routed through <code>POST /v1/messages</code> to an Anthropic upstream
failed with <code>tools.N.custom.input_schema: Field required</code> because server tools
(web_search, bash, text_editor, computer, code_execution) lost their <code>type</code> tag
during the Anthropic → OpenAI → Anthropic translation and were re-emitted as
custom tools missing the required <code>input_schema</code>. Server tools are now stashed
on the translated body and re-emitted unchanged when the upstream is Anthropic.</p>
</li>
<li>
<p>d25320a: Preserve DeepSeek <code>reasoning_content</code> on every follow-up turn, regardless of which provider proxies it (OpenCode Go, custom providers, future aggregators). Fixes a hard failure on OpenCode Go’s <code>deepseek-v4-pro</code> (“The reasoning_content in the thinking mode must be passed back to the API”) — issue #1862.</p>
</li>
<li>
<p>e7cdfa1: Strip the non-standard <code>ref</code> JSON Schema keyword (no <code>$</code> prefix) from Google Gemini tool parameters. Some tool emitters drop the <code>$</code> prefix because Protobuf and similar parsers reject dollar-prefixed field names; without this fix Manifest forwarded <code>ref</code> verbatim and Google rejected the request with <code>Invalid JSON payload received. Unknown name &quot;ref&quot;</code>.</p>
</li>
<li>
<p>f21584a: Fix prompt-caching token counters on <code>/v1/messages</code>. <code>cache_control</code> markers always reached Anthropic (caching was working server-side), but the chat → Anthropic-Messages conversion in <code>toAnthropicUsage</code> hardcoded <code>cache_creation_input_tokens: 0</code>, and the <code>parseUsageObject</code> Anthropic branch read cache reads from the wrong key. Result: client responses lost cache creation counts, and <code>agent_messages</code> rows recorded <code>0</code> for both cache creation and cache reads even when Anthropic actually hit the cache.</p>
<p>Also fixes the recorder’s duplicate-write detector, which summed <code>input_tokens + cache_read_tokens + cache_creation_tokens</code> when computing a row’s total prompt tokens — <code>input_tokens</code> already stored the chat-shape total, so the sum double-counted caches and caused legitimate duplicates to bypass dedup. And <code>toAnthropicUsage</code> now reads OpenAI-compat nested <code>prompt_tokens_details.cached_tokens</code> as a fallback so <code>/v1/messages</code> requests routed to OpenAI / DeepSeek / <a href="http://Z.AI" target="_blank" rel="noopener noreferrer">Z.AI</a> / MiniMax / Mistral surface their cached-input counts too.</p>
</li>
<li>
<p>9f64594: Update MiniMax “Where to get an API key” link to point to the actual key page (<code>/user-center/basic-information/interface-key</code>) instead of the API docs overview.</p>
</li>
</ul>
]]></description>
      <pubDate>Tue, 12 May 2026 14:08:23 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.3.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.2.2]]></title>
      <link>https://manifest.build/changelog/#v6-2-2</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>562d105: Fix Groq model attribution in the routing UI so Groq-served prefixed model IDs stay selectable and show the Groq provider.</li>
</ul>
]]></description>
      <pubDate>Mon, 11 May 2026 14:48:57 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.2.2</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.2.1]]></title>
      <link>https://manifest.build/changelog/#v6-2-1</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>00784e3: Show the Model Parameters button on a routing tier when any route in the tier — primary or fallback — uses a params-compatible provider. Previously the button was gated to the primary route only, so a tier with DeepSeek configured as a fallback hid the toggle even though the proxy already applies tier-level <code>param_defaults</code> to whichever provider an attempt actually targets. The dialog’s provider-default hint follows the first compatible route in the ordered (primary, …fallbacks) list.</li>
</ul>
]]></description>
      <pubDate>Mon, 11 May 2026 11:41:05 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.2.1</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.2.0]]></title>
      <link>https://manifest.build/changelog/#v6-2-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>
<p>ef46fa0: Per-assignment request body defaults: each tier and specificity slot now carries an optional <code>param_defaults</code> JSONB column that the proxy merges into the outbound provider request before forwarding. Initial knob is DeepSeek’s thinking-mode toggle (<code>{ thinking: { type: 'enabled' | 'disabled' } }</code>) — fixes empty-content responses on DeepSeek V4 Flash/Pro that consume the <code>max_tokens</code> budget on reasoning. Precedence is presence-based: client-supplied fields in the request body always win, so explicit per-call overrides keep working.</p>
<p>Configure from the routing UI via a new “Parameters” button on each model chip; persisted via <code>PATCH /api/v1/routing/:agent/tiers/:tier/params</code> and <code>…/specificity/:category/params</code>.</p>
</li>
<li>
<p>085431c: Per-message model parameter telemetry. Each <code>agent_messages</code> row now carries a <code>request_params</code> JSONB snapshot of the effective request body parameters that hit the provider (today: DeepSeek’s <code>thinking</code> toggle; future provider knobs and user-defined custom-provider params land here without a schema change). The dashboard’s expanded message detail shows a new “Model Parameters” accordion next to Request Headers, with an info tooltip explaining the field. Existing rows stay NULL — back-compat is preserved.</p>
</li>
<li>
<p>d3b551f: Per-provider model refresh: a small refresh button next to each provider in the Connect Providers detail view and next to each section header in the model picker. Toasts now report the actual count or upstream error instead of a blanket “Models refreshed” lie. Empty discovery results no longer wipe a non-empty cache, so a transient API hiccup can’t silently empty the model list. The model picker subtitle now shows “Default tier” instead of just “tier”.</p>
</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>
<p>ec7fc12: Restore the per-tier (and per-specificity) Model Parameters dialog that was inadvertently dropped during a stacked-PR merge. The sliders icon is back on every primary model chip in Routing for providers that consume known params (today: DeepSeek’s <code>thinking</code> toggle). The dialog persists per-assignment, so a single configured value applies to the primary model AND every fallback the proxy tries — without per-route schema changes. Multi-key compatible: pinning a different key on the same route does not affect the stored params, and switching keys mid-flight keeps using whatever the proxy resolved for that iteration.</p>
<p>Adds back: <code>PATCH /api/v1/routing/:agent/tiers/:tier/params</code>, <code>…/specificity/:category/params</code>, <code>TierService.setParamDefaults</code>, <code>SpecificityService.setParamDefaults</code>, frontend <code>setTierParamDefaults</code> / <code>setSpecificityParamDefaults</code>, and <code>ModelParamsDialog</code>.</p>
</li>
<li>
<p>c446856: fix(routing): attribute models by their connection’s provider, not by model-id prefix</p>
<p>The routing UI used to derive a model’s logo from the prefix of its model id,
which broke for any provider that redistributes other vendors’ models. Most
visibly, a Groq connection serving <code>qwen/qwen3-32b</code> rendered with the Qwen
logo and Qwen-on-OpenRouter pricing (≈$0.08/$0.24 per 1M) instead of Groq’s
own pricing ($0.29/$0.59).</p>
<p>Two changes:</p>
<ul>
<li><strong>Frontend</strong> (<code>RoutingTierCard.providerIdForModel</code>): when a model row has a
stored <code>provider</code> that resolves to a registered first-party provider, that
wins over prefix inference. OpenRouter remains the documented exception
because its rows really do represent vendor-prefixed models served on behalf
of those vendors.</li>
<li><strong>Backend</strong> (<code>ModelDiscoveryService.enrichModel</code>): <code>known-model-prices.ts</code>
is now consulted <em>before</em> models.dev and the OpenRouter cache, so curated
per-provider prices win over upstream catalogs that may attribute the same
model id to a different (cheaper) inference provider. Behaviour change for
the existing entries (moonshot-v1, gemma-3-1b-it, gemini-pro-latest): they
become authoritative instead of last-resort, which matches their intent.</li>
</ul>
<p>Builds on #1772, which introduced <code>route.provider</code> as the routing identity.</p>
</li>
</ul>
]]></description>
      <pubDate>Thu, 07 May 2026 07:47:32 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.2.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.1.0]]></title>
      <link>https://manifest.build/changelog/#v6-1-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>ab9f0cb: Add an Anthropic Messages-compatible endpoint at <code>POST /v1/messages</code>. Anthropic SDK clients (Claude Code, <code>@anthropic-ai/sdk</code>) can now point <code>ANTHROPIC_BASE_URL</code> at a Manifest gateway and route through Manifest’s tier/specificity pipeline like any OpenAI client. The implementation translates Anthropic Messages requests into the internal chat-completions form (and back on the response side), reusing the existing routing, scoring, fallback, and recording machinery.</li>
<li>1627493: Add a “Coding Assistant” category in the agent picker and move Claude Code into it. The Connect Agent / Change Agent Type modal now shows three columns instead of two: Personal AI Agent | App AI SDK | Coding Assistant. Claude Code is no longer mis-bucketed under personal agents — it sits in the new column with the existing copper-orange Claude mark. Picker order, icons, and the existing Claude Code setup wizard are unchanged.</li>
<li>fb7d921: Add support for multiple API keys per provider per agent. Users with several accounts for the same provider (a personal + work OpenAI key, two ChatGPT Plus subscriptions, two Anthropic Pro tokens) can attach all credentials and pin specific tiers or fallback rows to a specific labeled key. Multi-key applies to both <code>api_key</code> and <code>subscription</code> providers; local providers (Ollama, LM Studio) stay single-row since they don’t carry credentials. Cap is 5 active keys per (agent, provider, auth_type). Single-key users see no UI change — the chip + “+ Add another key” affordance only appear once a provider has 2+ active keys.</li>
<li>c6efb87: Add Wingman, an in-dashboard gateway tester for contributors. Embedded as a half-screen iframe drawer behind a floating action button in dev mode, stripped from Docker / cloud bundles. Lets contributors send one-shot requests at the gateway while impersonating OpenClaw, Hermes, OpenAI SDK, Vercel AI SDK, LangChain, cURL, or Raw — with editable code panels that actually execute via stubbed SDKs.</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>
<p>9a0e8c3: Fix silent failure when adding a fallback that shares a provider with an existing route. Adding an OpenAI API key model as a fallback to an OpenAI subscription model (or any other same-provider, different-auth combination) now persists correctly instead of showing a success toast and dropping the change. The frontend now sends the explicit <code>(provider, authType, model)</code> tuple alongside the model name so the backend can disambiguate when the same model id is offered by two connected providers. Affects both complexity tier and specificity (“custom”) routing.</p>
</li>
<li>
<p>30d19ab: Stop silently wiping the saved fallback list when an unresolvable model is added (issue #1790).</p>
<p><code>buildFallbackRoutes()</code> in <code>tier</code>, <code>specificity</code>, and <code>header-tier</code> services used to return <code>null</code> whenever any single model couldn’t be resolved to a unique <code>(provider, authType, model)</code> tuple. <code>setFallbacks</code> then persisted that <code>null</code>, so the user’s existing <code>fallback_routes</code> row was overwritten with <code>null</code> and the controller returned <code>[]</code>. The toast still said “Fallback added” — the only visible result was the previously-saved fallbacks disappearing.</p>
<p>PR #1825 already plugged the most common trigger by sending an explicit <code>routes</code> payload from the add handlers. This change removes the underlying footgun: <code>buildFallbackRoutes</code> now throws <code>400 Bad Request</code> instead of returning <code>null</code>, so the row is left untouched on resolution failure and the frontend shows the error.</p>
<p>Scoped strictly to the backend wipe path. Does not change input validation, the <code>authType !== undefined</code> guard in the add handlers, or the discovery-fallback shape of <code>buildFallbackRoutes</code>.</p>
</li>
<li>
<p>022529a: Fix MiniMax Token Plan activation redirecting to the homepage. The MiniMax <code>/oauth/code</code> endpoint returns a <code>verification_uri</code> pointing at <code>https://www.minimax.io/oauth-authorize?...</code>, which 307-redirects to the homepage with no instructions. The real authorize page lives on <code>platform.minimax.io</code> (and <code>platform.minimaxi.com</code> for the CN region). The MiniMax OAuth start flow now rewrites the host before returning the URI, so users land on the actual page where their 6-digit code can be entered. Closes #1796.</p>
</li>
</ul>
]]></description>
      <pubDate>Wed, 06 May 2026 15:49:47 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.1.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.0.2]]></title>
      <link>https://manifest.build/changelog/#v6-0-2</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>cf98f70: Fix OpenAI subscription model discovery so newer Codex CLI models (e.g. <code>gpt-5.5</code>) appear. The hardcoded <code>client_version=0.99.0</code> query param made <code>https://chatgpt.com/backend-api/codex/models</code> silently return only the older subset; bump it to <code>0.128.0</code> and lift Codex/Copilot client identifiers into a shared constants file so future bumps are a one-line change.</li>
<li>a7a9c3b: Fix fallback success rows recording the primary route’s <code>auth_type</code> instead of the fallback’s, which caused <code>cost_usd</code> to be miscomputed on mixed-auth chains (subscription fallbacks were charged, api_key fallbacks were stored as $0).</li>
<li>be679c4: Strip Codex-unsupported parameters on the OpenAI subscription proxy path. Requests forwarded to <code>chatgpt.com/backend-api/codex/responses</code> now drop <code>temperature</code>, <code>top_p</code>, <code>max_output_tokens</code>, <code>metadata</code>, <code>safety_identifier</code>, <code>prompt_cache_retention</code>, and <code>truncation</code> before the upstream call, and force <code>store: false</code>. Previously these fields propagated through and Codex returned <code>400 unsupported_parameter</code>, breaking OpenAI-SDK clients that set sampling defaults. Closes #1791.</li>
</ul>
]]></description>
      <pubDate>Tue, 05 May 2026 15:56:41 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.0.2</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.0.1]]></title>
      <link>https://manifest.build/changelog/#v6-0-1</link>
      <description><![CDATA[<h3>🐛 Patch Changes</h3>
<ul>
<li>
<p>e8162c3: Security hardening across the build pipeline and runtime: every GitHub Action is now pinned by commit SHA, the awesome-free-llm-apis data feed is pinned to an immutable commit and validated for HTTPS shape before render, the encryption-key cache no longer keeps the raw secret as a Map key, the Google Gemini API key moves from <code>?key=</code> query param to the <code>x-goog-api-key</code> header (so it stays out of upstream proxy/LB access logs), OpenAI OAuth error logs run through <code>scrubSecrets</code>, the OAuth <code>backendUrl</code> now prefers <code>BETTER_AUTH_URL</code> over the request <code>Host</code> header, the dev-loopback agent fallback prefers the seeded tenant over picking the first active key, rejected agent keys log only the fixed <code>mnfst_</code> prefix, and migrations log via the TypeORM logger instead of <code>console.log</code>. <code>npm audit fix</code> resolved vite + postcss CVEs. A boot-time check counts active legacy static-salt API-key hashes and warns if any remain (no forced rotation). <code>MANIFEST_ENCRYPTION_KEY</code> is now documented and threaded through <code>docker-compose.yml</code>; if unset the runtime still falls back to <code>BETTER_AUTH_SECRET</code>.</p>
</li>
<li>
<p>f0082d5: Fix: detect Podman and Kubernetes as self-hosted runtimes. Manifest now reads <code>/run/.containerenv</code> (Podman) and <code>KUBERNETES_SERVICE_HOST</code> in addition to <code>/.dockerenv</code>, so rootless Podman and Kubernetes installs no longer fall back to cloud-mode SSRF rules and reject <code>http://</code> URLs to local LLM servers.</p>
<p>Also narrows the cloud-metadata SSRF block to the actual IMDS addresses (<code>169.254.169.254</code>, <code>169.254.169.253</code>, <code>100.100.100.200</code>, <code>fd00:ec2::254</code>) instead of the entire <code>169.254.0.0/16</code> link-local range, so self-hosted users can reach <code>host.containers.internal</code> (which Podman maps to <code>169.254.x.y</code> under pasta/slirp4netns). Cloud mode is unchanged: link-local space is still rejected via the private-IP guard.</p>
</li>
</ul>
]]></description>
      <pubDate>Fri, 01 May 2026 14:59:58 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.0.1</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v6.0.0]]></title>
      <link>https://manifest.build/changelog/#v6-0-0</link>
      <description><![CDATA[<h3>💥 Major Changes</h3>
<ul>
<li>
<p>d4675ba: Drop the legacy routing identity columns from <code>tier_assignments</code>, <code>specificity_assignments</code>, and <code>header_tiers</code>. The structured <code>route</code> shape introduced in #1772 is now the only persistence form.</p>
<p>Schema: 13 columns dropped (<code>override_model</code>, <code>override_provider</code>, <code>override_auth_type</code>, <code>fallback_models</code> from all three tables; <code>auto_assigned_model</code> from tier and specificity tables). Migration <code>1784000000000-DropLegacyRoutingColumns</code> runs on boot. <code>down()</code> re-adds the columns nullable but data is one-way lost — backup before upgrading if you maintain a hot-standby.</p>
<p>API breaking change: <code>POST /api/v1/routing/resolve</code> no longer returns the flat <code>model</code>, <code>provider</code>, <code>auth_type</code>, <code>fallback_models</code> fields. External callers must read <code>route.model</code>, <code>route.provider</code>, <code>route.authType</code>, and <code>fallback_routes</code> instead.</p>
<p>Internals: removes the legacy inference cascade in <code>proxy-fallback.service.ts</code>, the dual-write paths in routing services, and the <code>?? legacy</code> reads throughout. Same model name on different auth types stays correctly distinct (the #1708 fix).</p>
</li>
</ul>
<h3>✨ Minor Changes</h3>
<ul>
<li>1ce8ed9: Stable error codes for the proxy. Every user-facing <code>[🦚 Manifest]</code> message now embeds an <code>M###</code> code (M001–M500) and a docs link at <code>manifest.build/errors/M###</code>. Companion encyclopedia pages live in mnfst/docs.</li>
<li>1d37134: Routing identity is now backed by a structured <code>ModelRoute = (provider, authType, model)</code> shape stored alongside the existing legacy columns on <code>tier_assignments</code>, <code>specificity_assignments</code>, and <code>header_tiers</code>. Reads prefer the new shape and fall back to legacy, so existing rows keep working without intervention. Selecting the same model name under different auth types (e.g. <code>gpt-4o</code> on subscription and on api_key) is now correctly treated as two distinct routes — fixes #1708. The <code>/api/v1/routing/resolve</code> response gains additive <code>route</code> and <code>fallback_routes</code> fields without breaking the existing flat shape. Per-fallback-attempt <code>auth_type</code> is now recorded on <code>agent_messages</code> instead of inheriting the primary’s. No UI, API contract, or data is removed in this release; legacy columns and fields stay populated for one cycle before being dropped in a follow-up.</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>4e7843a: Recreating an agent with a previously used name now produces a clean slate without losing the deleted agent’s history. Agent deletion is soft (the row stays with <code>deleted_at</code> set, telemetry rows are preserved) and per-agent analytics scope to the live agent’s id, so the new agent starts at zero while the old data remains queryable in storage.</li>
<li>2d4a06e: Show the Manifest version in the bottom-right corner of self-hosted Docker installs. Baked into the image at build time, no API call.</li>
</ul>
]]></description>
      <pubDate>Thu, 30 Apr 2026 18:14:53 GMT</pubDate>
      <guid isPermaLink="false">manifest@6.0.0</guid>
    </item>
    <item>
      <title><![CDATA[Manifest v5.58.0]]></title>
      <link>https://manifest.build/changelog/#v5-58-0</link>
      <description><![CDATA[<h3>✨ Minor Changes</h3>
<ul>
<li>992ae47: Add saved cost metric to the Overview dashboard showing how much money routing saves compared to using a single model</li>
</ul>
<h3>🐛 Patch Changes</h3>
<ul>
<li>7394235: Mark Manifest’s canned setup-prompt and limit responses as Failed in the Messages list. Requests that hit <code>no_provider</code>, <code>no_provider_key</code>, <code>limit_exceeded</code>, or <code>friendly_error</code> (the <code>[🦚 Manifest] …</code> stubs) now show a red Failed badge with a tooltip explaining why, instead of an ambiguous green Success.</li>
<li>4bd4039: Fix two routing regressions caused by agent-wrapped user messages. Strip leading metadata envelopes (e.g. <code>Sender (untrusted metadata):</code> blocks emitted by OpenClaw, NanoBot, Hermes) before scoring so simple greetings like “say hello” no longer route to standard/complex (#1766). Tighten coding specificity signals so generic agent tools (<code>read</code>, <code>write</code>, <code>edit</code>, <code>bash</code>, etc.) and tiny envelope code fences no longer hijack every prompt to the coding tier (#1767).</li>
</ul>
]]></description>
      <pubDate>Thu, 30 Apr 2026 12:11:21 GMT</pubDate>
      <guid isPermaLink="false">manifest@5.58.0</guid>
    </item>
  </channel>
</rss>