feat(llm): mask API keys in UI responses and prevent masked-key leakage in fetch/test/save payloads

- Add mask_api_key() and is_masked_or_placeholder() to llm_provider service
- Return masked keys in all provider CRUD endpoints
- Reject masked/placeholder keys in fetch_models and test_provider_config
- Show masked key with Change button in ProviderConfig.svelte edit form
- Exclude masked keys from fetch-models, test, and submit payloads on frontend
- Update semantics-core skill with clarified complexity tier rules
- Switch agent modes from subagent to all
This commit is contained in:
2026-05-15 23:34:09 +03:00
parent b3572ce443
commit 30ba70933d
203 changed files with 158083 additions and 28396 deletions

View File

@@ -1,12 +1,12 @@
---
description: QA & Semantic Auditor — orthogonal verification, contract validation, code review, and regression defense for Python (pytest) and Svelte (vitest).
mode: subagent
model: opencode-go/mimo-v2.5
mode: all
model: opencode-go/kimi-k2.6
temperature: 0.1
permission:
edit: allow
bash: allow
browser: deny
browser: allow
steps: 80
color: accent
---