feat(llm): mask API keys in UI responses and prevent masked-key leakage in fetch/test/save payloads

- Add mask_api_key() and is_masked_or_placeholder() to llm_provider service
- Return masked keys in all provider CRUD endpoints
- Reject masked/placeholder keys in fetch_models and test_provider_config
- Show masked key with Change button in ProviderConfig.svelte edit form
- Exclude masked keys from fetch-models, test, and submit payloads on frontend
- Update semantics-core skill with clarified complexity tier rules
- Switch agent modes from subagent to all
This commit is contained in:
2026-05-15 23:34:09 +03:00
parent b3572ce443
commit 30ba70933d
203 changed files with 158083 additions and 28396 deletions

View File

@@ -0,0 +1,33 @@
{
"/api/v1/user/{user_id}/avatar.png": {
"get": {
"description": "Gets the avatar URL for the user with the given ID, or returns a 401 error if the user is unauthenticated.",
"parameters": [
{
"description": "The ID of the user",
"in": "path",
"name": "user_id",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"301": {
"description": "A redirect to the user's avatar URL"
},
"401": {
"$ref": "#/components/responses/401"
},
"404": {
"$ref": "#/components/responses/404"
}
},
"summary": "Get the user avatar",
"tags": [
"User"
]
}
}
}\n