feat(llm): mask API keys in UI responses and prevent masked-key leakage in fetch/test/save payloads

- Add mask_api_key() and is_masked_or_placeholder() to llm_provider service
- Return masked keys in all provider CRUD endpoints
- Reject masked/placeholder keys in fetch_models and test_provider_config
- Show masked key with Change button in ProviderConfig.svelte edit form
- Exclude masked keys from fetch-models, test, and submit payloads on frontend
- Update semantics-core skill with clarified complexity tier rules
- Switch agent modes from subagent to all
This commit is contained in:
2026-05-15 23:34:09 +03:00
parent b3572ce443
commit 30ba70933d
203 changed files with 158083 additions and 28396 deletions

View File

@@ -0,0 +1,27 @@
{
"/v1/ocr": {
"post": {
"tags": [
"ocr"
],
"summary": "Ocr",
"description": "OCR endpoint for extracting text from documents and images.\n\nSupports two input modes:\n\n**1. JSON body** (Mistral OCR API compatible):\n```bash\ncurl -X POST \"http://localhost:4000/v1/ocr\" -H \"Authorization: Bearer sk-1234\" -H \"Content-Type: application/json\" -d '{\n \"model\": \"mistral-ocr\",\n \"document\": {\n \"type\": \"document_url\",\n \"document_url\": \"https://arxiv.org/pdf/2201.04234\"\n }\n }'\n```\n\n**2. Multipart form file upload**:\n```bash\ncurl -X POST \"http://localhost:4000/v1/ocr\" -H \"Authorization: Bearer sk-1234\" -F \"model=mistral-ocr\" -F \"file=@document.pdf\"\n```",
"operationId": "ocr_v1_ocr_post",
"responses": {
"200": {
"description": "Successful Response",
"content": {
"application/json": {
"schema": {}
}
}
}
},
"security": [
{
"APIKeyHeader": []
}
]
}
}
}