|
| 1 | +## [2.2.1] - 2026-03-16 |
| 2 | + |
| 3 | +### Highlights |
| 4 | +Added modality-aware routing to intelligently route requests based on input type (vision, tool-calling, text, embeddings). Enhanced changelog organization and documentation. |
| 5 | + |
| 6 | +### New Features |
| 7 | + |
| 8 | +#### Modality-Aware Routing |
| 9 | +- **Modality detection module** (`router/modality.py`) - Automatic detection of request modalities from request shape: |
| 10 | + - Vision: Image URL content parts in messages |
| 11 | + - Tool Calling: Presence of tools in request |
| 12 | + - Text: Default text-based chat |
| 13 | + - Embedding: Embeddings endpoint requests |
| 14 | +- **Model filtering by modality** - Filters available models based on modality capabilities using profile flags and name heuristics. |
| 15 | +- **Safe fallback** - When modality filtering removes all candidates, falls back to all available models. |
| 16 | +- **Name-based heuristics** for models without profile data: |
| 17 | + - Vision: `llava`, `pixtral`, `gpt-4o`, `claude-3`, `gemini`, etc. |
| 18 | + - Tool calling: `gpt-4`, `claude-3`, `mistral-large`, `qwen2.5`, etc. |
| 19 | + - Embeddings: `embed`, `nomic`, `mxbai`, `text-embedding`, etc. |
| 20 | + |
| 21 | +### Integration |
| 22 | +- **Chat endpoint** - Modality detected from request and applied during model selection. |
| 23 | +- **Embeddings endpoint** - Added modality validation to warn when non-embedding models are requested. |
| 24 | +- **Router engine** - Modality-based filtering integrated into model selection pipeline. |
| 25 | + |
| 26 | +### Documentation |
| 27 | +- Reorganized 2.2.0 changelog for better readability with logical grouping. |
| 28 | +- Removed `(Item #XX)` references from 2.2.0 changelog. |
| 29 | + |
| 30 | +### Testing |
| 31 | +- Added comprehensive modality detection tests (`tests/test_modality.py`). |
| 32 | +- Coverage for all modality types, edge cases, and fallback behavior. |
| 33 | + |
| 34 | +--- |
| 35 | + |
1 | 36 | ## [2.2.0] - 2026-03-16 |
2 | 37 |
|
3 | 38 | ### Highlights |
4 | | -- Major platform update with performance improvements, reliability hardening, expanded security controls, and large documentation/testing expansion. |
5 | | -- Main application architecture refactored into focused modules (`router/state.py`, `router/middleware.py`, `router/lifecycle.py`, `router/api/*`) with `main.py` reduced to an app shell. |
| 39 | +Major platform update with performance improvements, reliability hardening, expanded security controls, and large documentation/testing expansion. Main application architecture refactored into focused modules with `main.py` reduced to an app shell. |
6 | 40 |
|
7 | | -### Performance & Scalability |
8 | | -- Added configurable response compression (`ROUTER_ENABLE_RESPONSE_COMPRESSION`, `ROUTER_COMPRESSION_MINIMUM_SIZE`). |
9 | | -- Added cursor-based admin pagination for large profile/benchmark datasets. |
10 | | -- Moved persistent cache cleanup to a background task (`ROUTER_CACHE_CLEANUP_INTERVAL_HOURS`). |
11 | | -- Added optional slow-request profiling middleware (`ROUTER_ENABLE_SLOW_QUERY_LOGGING`, `ROUTER_SLOW_QUERY_THRESHOLD_MS`). |
| 41 | +### Breaking Changes |
| 42 | +None - fully backward compatible. |
| 43 | + |
| 44 | +### New Features |
| 45 | + |
| 46 | +#### Request Routing & Processing |
| 47 | +- **Modality-aware routing** - Automatic detection and filtering for vision, tool-calling, and text modalities in chat requests (`router/modality.py`). |
| 48 | +- **CORS configuration** - Full CORS support with configurable origins, methods, headers, and credentials (`ROUTER_CORS_ORIGINS` settings). |
| 49 | +- **Request timeout enforcement** - Global request timeout with graceful cancellation (`ROUTER_REQUEST_TIMEOUT_ENABLED`). |
| 50 | +- **Chat-specific rate limiting** - Dedicated per-IP rate limit for `/v1/chat/completions` endpoint (`ROUTER_RATE_LIMIT_CHAT_REQUESTS_PER_MINUTE`). |
| 51 | +- **Model name sanitization** - Whitelist-based validation across all API paths to prevent injection attacks. |
| 52 | + |
| 53 | +#### Reliability & Operations |
| 54 | +- **Backend resilience** - Retry controls and circuit breaker pattern for all core backends (Ollama, llama.cpp, OpenAI-compatible). |
| 55 | +- **Dead Letter Queue** - Persistent DLQ for failed background tasks with automatic retry, manual retry endpoint, and health observability. |
| 56 | +- **Health endpoint expansion** - Added DB connectivity, GPU metrics, background task count, DLQ counts, and request ID to `/health`. |
| 57 | +- **Provider.db resilience** - Degradation detection, staleness status, and slow-query fallback window. |
| 58 | + |
| 59 | +#### Security |
| 60 | +- **Encrypted API key storage** - Fernet encryption for external provider keys with runtime decryption. |
| 61 | +- **Admin audit logging** - Persistent audit log for all admin actions with query endpoint. |
| 62 | +- **IP whitelist** - CIDR and exact IP matching for admin endpoints with proxy header support. |
| 63 | +- **Request size limits** - Configurable body size and per-message content length validation. |
| 64 | +- **TLS verification toggle** - Development-friendly setting for self-signed certificates (`ROUTER_VERIFY_TLS`). |
| 65 | +- **Dependency scanning** - GitHub Actions workflow for vulnerability scanning. |
| 66 | + |
| 67 | +### Performance Improvements |
| 68 | + |
| 69 | +#### Request Path Optimizations |
| 70 | +- Response compression middleware (gzip, configurable threshold). |
| 71 | +- Request-size middleware `Content-Length` fast path to avoid unnecessary buffering. |
| 72 | +- Health probe metrics bypass to reduce overhead. |
| 73 | +- Prompt analysis caching with 5-minute TTL. |
| 74 | +- Model list caching increased from 10s to 30s TTL. |
| 75 | + |
| 76 | +#### Backend Optimizations |
| 77 | +- External provider model-list caching (30s TTL in `BackendRegistry`). |
| 78 | +- Background cache cleanup task (configurable interval). |
| 79 | +- Optional slow-query profiling middleware. |
| 80 | + |
| 81 | +### Bug Fixes |
| 82 | + |
| 83 | +#### Data & Persistence |
| 84 | +- Fixed SQLite persistence path to absolute URL (`sqlite:////app/data/router.db`). |
| 85 | +- Fixed absolute-path parsing in database startup checks. |
12 | 86 | - Fixed `RouterEngine.refresh_models` cache bypass regression. |
13 | | -- Optimized request-size middleware with a `Content-Length` fast path. |
14 | | -- Added external provider model-list caching in backend registry (30s TTL). |
15 | | -- Increased global model-list cache TTL from 10s to 30s. |
16 | | -- Reduced `/health` probe overhead by skipping metrics accounting for that endpoint. |
17 | | - |
18 | | -### Reliability & Operations |
19 | | -- Added backend retry controls and unified retry orchestration for transient HTTP failures. |
20 | | -- Added backend circuit-breaker controls and resilience wrappers for core backends. |
21 | | -- Expanded `/health` checks (DB, backend readiness, GPU monitor, cache backend, background task count, request ID, DLQ counts). |
22 | | -- Added provider.db degradation/staleness status and slow-query fallback window. |
23 | | -- Added global request timeout middleware (`ROUTER_REQUEST_TIMEOUT_ENABLED`, `ROUTER_REQUEST_TIMEOUT_SECONDS`). |
24 | | -- Improved resource cleanup on error paths and profiler-owned judge client cleanup. |
25 | | -- Added persistent DLQ with retry scheduling, retry worker, admin inspect/retry endpoints, and health observability. |
26 | | -- Fixed Docker SQLite persistence path to absolute URL (`sqlite:////app/data/router.db`) and corrected absolute-path parsing in startup/database checks. |
27 | 87 | - Made model auto-profiling respect `ROUTER_MODEL_AUTO_PROFILE_ENABLED`. |
28 | 88 |
|
29 | | -### Security |
30 | | -- Added configurable CORS controls (`ROUTER_CORS_ORIGINS`, credentials/methods/headers/max-age settings). |
31 | | -- Added encrypted API key storage utilities (Fernet + PBKDF2) and wired runtime decryption for backend/judge key usage. |
32 | | -- Added optional-dependency hardening for encryption path when `cryptography` is unavailable. |
33 | | -- Added admin audit logging with persisted event records and query endpoint. |
34 | | -- Added TLS verification toggle (`ROUTER_VERIFY_TLS`) across backend/provider/judge/webhook clients. |
35 | | -- Added admin IP whitelist support (exact IP + CIDR, with proxy header handling). |
36 | | -- Added configurable request-size and per-message content-length limits. |
37 | | -- Added dependency scanning workflow with scheduled/on-demand vulnerability checks. |
38 | | -- Added prompt-injection and content-moderation utility modules/configuration; chat request path currently passes prompts through without moderation enforcement. |
39 | | - |
40 | | -### API & Routing Behavior |
41 | | -- Added dedicated chat endpoint rate limit (`ROUTER_RATE_LIMIT_CHAT_REQUESTS_PER_MINUTE`). |
42 | | -- Improved model-name sanitization across chat, embeddings, feedback, and admin model override paths. |
43 | | -- Added richer error log context (`request_id`, `user_ip`, `model_name`, `prompt_hash`) across core failure paths. |
44 | | -- Removed chat prompt moderation/injection enforcement from `/v1/chat/completions` request path. |
45 | | - |
46 | | -### Code Quality & Refactoring |
47 | | -- Split monolithic `main.py` into modular API/middleware/lifecycle/state packages. |
48 | | -- Removed dead code and duplicate declarations in router/profiler paths. |
49 | | -- Standardized assorted lint/type quality fixes across utility/runtime code. |
| 89 | +#### Code Quality |
| 90 | +- Removed dead code and duplicate declarations. |
| 91 | +- Standardized lint/type fixes across codebase. |
| 92 | + |
| 93 | +### API Changes |
| 94 | + |
| 95 | +#### New Endpoints |
| 96 | +- `GET /admin/dlq` - Inspect dead letter queue. |
| 97 | +- `POST /admin/dlq/retry/{entry_id}` - Manually retry failed tasks. |
| 98 | +- `GET /admin/audit-log` - Query admin audit logs with filtering. |
| 99 | + |
| 100 | +#### Modified Endpoints |
| 101 | +- `/health` - Expanded with DLQ counts, background tasks, request ID. |
| 102 | +- `/v1/chat/completions` - Removed prompt moderation, added modality detection. |
| 103 | +- Admin pagination - Cursor-based pagination for large datasets. |
50 | 104 |
|
51 | 105 | ### Documentation |
52 | | -- Added `docs/kubernetes.md` deployment guide (Helm/manifests, ingress, HPA, monitoring). |
53 | | -- Added `docs/architecture.md` with Mermaid diagrams and data-flow views. |
54 | | -- Added `docs/contributing.md` with development and PR workflow guidance. |
55 | | -- Maintained comprehensive `docs/troubleshooting.md` and `docs/configuration.md` coverage. |
56 | | -- API docs available via FastAPI `/docs` and `/redoc`. |
| 106 | +- Added Kubernetes deployment guide (`docs/kubernetes.md`). |
| 107 | +- Added architecture documentation with Mermaid diagrams (`docs/architecture.md`). |
| 108 | +- Added contributor guide (`docs/contributing.md`). |
| 109 | +- API documentation available at `/docs` and `/redoc`. |
57 | 110 |
|
58 | 111 | ### Testing |
59 | | -- Expanded integration and unit coverage for provider.db reliability, request timeout behavior, model sanitization, DLQ flows, chat rate limits, audit logging, TLS toggle, admin IP whitelist, and request-size limits. |
60 | | -- Added and stabilized new suites for property-based tests, backend failover, security edge cases, concurrency stress, routing snapshots, cache persistence recovery, provider fixtures, and optional Ollama integration. |
61 | | -- Fixed API drift in newly added tests to align with current runtime interfaces. |
62 | | - |
63 | | -### Validation Notes |
64 | | -- Targeted regression subset: `8 passed, 6 skipped`. |
65 | | -- Full coverage audit remains blocked in the local environment due to virtualenv dependency corruption (`pydantic_core` / optional packages). |
66 | | - |
67 | | -### Summary |
68 | | -- Documentation items complete. |
69 | | -- Test infrastructure largely complete with one environment-blocked coverage target. |
70 | | -- Overall: 57 of 58 planned improvements complete for this release. |
| 112 | +- New test suites: property-based, backend failover, security edge cases, concurrency stress, routing snapshots, cache persistence. |
| 113 | +- Expanded coverage for DLQ, audit logging, TLS toggle, IP whitelist, request timeouts. |
| 114 | +- Fixed API drift in existing tests. |
| 115 | + |
| 116 | +### Infrastructure |
| 117 | +- Split monolithic `main.py` into focused modules (`router/state.py`, `router/middleware.py`, `router/lifecycle.py`, `router/api/*`). |
| 118 | +- Added modality detection module (`router/modality.py`). |
| 119 | + |
| 120 | +### Validation |
| 121 | +- 57 of 58 planned improvements complete. |
| 122 | +- Targeted regression: 8 passed, 6 skipped. |
| 123 | +- Full coverage audit blocked by local environment issues. |
71 | 124 |
|
72 | 125 | --- |
73 | 126 |
|
|
0 commit comments