Languages: 🇺🇸 English | 🇧🇷 Português (Brasil) | 🇪🇸 Español | 🇫🇷 Français | 🇮🇹 Italiano | 🇷🇺 Русский | 🇨🇳 中文 (简体) | 🇩🇪 Deutsch | 🇮🇳 हिन्दी | 🇹🇭 ไทย | 🇺🇦 Українська | 🇸🇦 العربية | 🇯🇵 日本語 | 🇻🇳 Tiếng Việt | 🇧🇬 Български | 🇩🇰 Dansk | 🇫🇮 Suomi | 🇮🇱 עברית | 🇭🇺 Magyar | 🇮🇩 Bahasa Indonesia | 🇰🇷 한국어 | 🇲🇾 Bahasa Melayu | 🇳🇱 Nederlands | 🇳🇴 Norsk | 🇵🇹 Português (Portugal) | 🇷🇴 Română | 🇵🇱 Polski | 🇸🇰 Slovenčina | 🇸🇪 Svenska | 🇵🇭 Filipino | 🇨🇿 Čeština

Last updated: 2026-05-02

) and routes traffic across multiple upstream providers with translation, fallback, token refresh, and usage tracking.

• ) with runtime ordering by
• (6 providers, 9 models)
• (10+ providers, 20+ models)
• (7 providers)
• (10 providers)
• (ComfyUI + SD WebUI)
• (ComfyUI)
• (5 providers)
• ) for reasoning models
• /
• )
• )
• ) first-class provider preset
• with estimation fallback)
• and

implement both dashboard APIs and compatibility APIs
• + handles provider execution, translation, streaming, fallback, and usage

:

— quick start + provider overview
• — endpoint proxy + MCP + A2A + API endpoint tabs
• — provider connections and credentials
• — combo strategies, templates, step-based builder, model routing rules, manual persisted ordering
• — cost aggregation and pricing visibility
• — usage analytics, evaluations, combo target health
• — quota/rate controls
• — CLI onboarding, runtime detection, config generation
• — detected ACP agents + custom agent registration
• — image/video/music playground
• — search provider testing and history
• — uptime, circuit breakers, rate limits, quota-monitored sessions
• — request/proxy/audit/console logs
• — system settings tabs (general, routing, combo defaults, etc.)
• — Caveman compression rules, language packs, preview, and output mode
• — RTK command-output filters, preview, and runtime safety settings
• — named compression pipelines assigned to routing combos
• — API key lifecycle and model permissions

flowchart LR
    subgraph Clients[Developer Clients]
        C1[Claude Code]
        C2[Codex CLI]
        C3[OpenClaw / Droid / Cline / Continue / Roo]
        C4[Custom OpenAI-compatible clients]
        BROWSER[Browser Dashboard]
    end

    subgraph Router[OmniRoute Local Process]
        API[V1 Compatibility API\n/v1/*]
        DASH[Dashboard + Management API\n/api/*]
        CORE[SSE + Translation Core\nopen-sse + src/sse]
        DB[(storage.sqlite)]
        UDB[(usage tables + log artifacts)]
    end

    subgraph Upstreams[Upstream Providers]
        P1[OAuth Providers\nClaude/Codex/Gemini/Qwen/Qoder/GitHub/Kiro/Cursor/Antigravity]
        P2[API Key Providers\nOpenAI/Anthropic/OpenRouter/GLM/Kimi/MiniMax\nDeepSeek/Groq/xAI/Mistral/Perplexity\nTogether/Fireworks/Cerebras/Cohere/NVIDIA]
        P3[Compatible Nodes\nOpenAI-compatible / Anthropic-compatible]
    end

    subgraph Cloud[Optional Cloud Sync]
        CLOUD[Cloud Sync Endpoint\nNEXT_PUBLIC_CLOUD_URL]
    end

    C1 --> API
    C2 --> API
    C3 --> API
    C4 --> API
    BROWSER --> DASH

    API --> CORE
    DASH --> DB
    CORE --> DB
    CORE --> UDB

    CORE --> P1
    CORE --> P2
    CORE --> P3

    DASH --> CLOUD

and for compatibility APIs
• for management/configuration APIs
• map to

• — includes custom models with
• — embedding generation (6 providers)
• — image generation (4+ providers incl. Antigravity/Nebius)
• — dedicated per-provider chat
• — dedicated per-provider embeddings
• — dedicated per-provider images

,
• (GET/POST/DELETE)
• (GET)
• (GET/PUT/DELETE) + (POST)
• , , ,
• ,
• (GET/PUT)
• (GET/PUT)
• (GET/PUT)
• , , and
• (GET)
• (GET)
• (GET/PATCH) — request queue, connection cooldown, provider breaker, wait-for-cooldown config
• (POST) — reset provider breakers
• (GET/DELETE)
• (GET)
• (GET/POST)
• (GET/POST/DELETE)
• (GET, with pagination + structured metadata)
• (GET/POST), (GET)
• (GET/POST)
• (GET/POST), (GET/DELETE)
• (GET, ETag-versioned snapshot of settings/providers/combos/keys)
• — Upgrade handler for OpenAI-compatible WS clients

• ,
• ,

• — handoff summary generation and injection for context-relay strategy
• — proactive compression before provider translation; includes Caveman rules, RTK filters, stacked pipelines, compression combos, stats, and validation
• — fetches Codex quota for context-relay handoff decisions
• — per-model cooldown retries with configurable /
• — guarded provider/model fetch with SSRF guard, private-URL blocking, retry, and timeout
• — validates provider URLs against private/localhost CIDR ranges
• — provider-level , , defaults
• — shared GLM models, quota URLs, GLMT timeout/defaults
• — base URL and discovery path constants
• — versioned user-agent and client-version values
• — seeds 30+ cross-proxy dialect aliases at startup

• — centralized lockout → budget → fallback evaluation
• — SQLite CRUD for fallback chains, budgets, cost history, lockout state, circuit breakers

):

• , , , , , , , , , , ,
• — re-exports from individual modules

(better-sqlite3, migrations, WAL)
• (thin compatibility layer for callers)
• (or when set, else )
• customModels, proxyConfig, ipFilter, thinkingBudget, systemPrompt

(decomposed modules in )
• : , ,
• , , )

— CRUD operations for domain state
• ): , , , ,

,
• entries
• (env vars) and (configurable per-provider or global)
• — blocks private/loopback/link-local ranges for all provider calls
• — Zod schema for all environment variables, surfaced as startup errors/warnings
• — scoped tokens for config bundle download endpoints; backed by SQLite table (migration )
• — validates WS upgrade requests via API key or session cookie

, ,

)

sequenceDiagram
    autonumber
    participant Client as CLI/SDK Client
    participant Route as /api/v1/chat/completions
    participant Chat as src/sse/handlers/chat
    participant Core as open-sse/handlers/chatCore
    participant Model as Model Resolver
    participant Auth as Credential Selector
    participant Exec as Provider Executor
    participant Prov as Upstream Provider
    participant Stream as Stream Translator
    participant Usage as usageDb

    Client->>Route: POST /v1/chat/completions
    Route->>Chat: handleChat(request)
    Chat->>Model: parse/resolve model or combo

    alt Combo model
        Chat->>Chat: iterate combo models (handleComboChat)
    end

    Chat->>Auth: getProviderCredentials(provider)
    Auth-->>Chat: active account + tokens/api key

    Chat->>Core: handleChatCore(body, modelInfo, credentials)
    Core->>Core: detect source format
    Core->>Core: translate request to target format
    Core->>Exec: execute(provider, transformedBody)
    Exec->>Prov: upstream API call
    Prov-->>Exec: SSE/JSON response
    Exec-->>Core: response + metadata

    alt 401/403
        Core->>Exec: refreshCredentials()
        Exec-->>Core: updated tokens
        Core->>Exec: retry request
    end

    Core->>Stream: translate/normalize stream to client format
    Stream-->>Client: SSE chunks / JSON response

    Stream->>Usage: extract usage + persist history/log

flowchart TD
    A[Incoming model string] --> B{Is combo name?}
    B -- Yes --> C[Load combo models sequence]
    B -- No --> D[Single model path]

    C --> E[Try model N]
    E --> F[Resolve provider/model]
    D --> F

    F --> G[Select account credentials]
    G --> H{Credentials available?}
    H -- No --> I[Return provider unavailable]
    H -- Yes --> J[Execute request]

    J --> K{Success?}
    K -- Yes --> L[Return response]
    K -- No --> M{Fallback-eligible error?}

    M -- No --> N[Return error]
    M -- Yes --> O[Mark account unavailable cooldown]
    O --> P{Another account for provider?}
    P -- Yes --> G
    P -- No --> Q{In combo with next model?}
    Q -- Yes --> E
    Q -- No --> R[Return all unavailable]

using status codes and error-message heuristics. Combo routing adds one extra guard: provider-scoped 400s such as upstream content-block and role-validation failures are treated as model-local failures so later combo targets can still run.

sequenceDiagram
    autonumber
    participant UI as Dashboard UI
    participant OAuth as /api/oauth/[provider]/[action]
    participant ProvAuth as Provider Auth Server
    participant DB as localDb
    participant Test as /api/providers/[id]/test
    participant Exec as Provider Executor

    UI->>OAuth: GET authorize or device-code
    OAuth->>ProvAuth: create auth/device flow
    ProvAuth-->>OAuth: auth URL or device code payload
    OAuth-->>UI: flow data

    UI->>OAuth: POST exchange or poll
    OAuth->>ProvAuth: token exchange/poll
    ProvAuth-->>OAuth: access/refresh tokens
    OAuth->>DB: createProviderConnection(oauth data)
    OAuth-->>UI: success + connection id

    UI->>Test: POST /api/providers/[id]/test
    Test->>Exec: validate credentials / optional refresh
    Exec-->>Test: valid or refreshed token info
    Test->>DB: update status/tokens/errors
    Test-->>UI: validation result

via executor .

sequenceDiagram
    autonumber
    participant UI as Endpoint Page UI
    participant Sync as /api/sync/cloud
    participant DB as localDb
    participant Cloud as External Cloud Sync
    participant Claude as ~/.claude/settings.json

    UI->>Sync: POST action=enable
    Sync->>DB: set cloudEnabled=true
    Sync->>DB: ensure API key exists
    Sync->>Cloud: POST /sync/{machineId} (providers/aliases/combos/keys)
    Cloud-->>Sync: sync result
    Sync->>Cloud: GET /{machineId}/v1/verify
    Sync-->>UI: enabled + verification status

    UI->>Sync: POST action=sync
    Sync->>Cloud: POST /sync/{machineId}
    Cloud-->>Sync: remote data
    Sync->>DB: update newer local tokens/status
    Sync-->>UI: synced

    UI->>Sync: POST action=disable
    Sync->>DB: set cloudEnabled=false
    Sync->>Cloud: DELETE /sync/{machineId}
    Sync->>Claude: switch ANTHROPIC_BASE_URL back to local (if needed)
    Sync-->>UI: disabled

when cloud is enabled.

erDiagram
    SETTINGS ||--o{ PROVIDER_CONNECTION : controls
    PROVIDER_NODE ||--o{ PROVIDER_CONNECTION : backs_compatible_provider
    PROVIDER_CONNECTION ||--o{ USAGE_ENTRY : emits_usage

    SETTINGS {
      boolean cloudEnabled
      number stickyRoundRobinLimit
      boolean requireLogin
      string password_hash
      string fallbackStrategy
      json rateLimitDefaults
      json providerProfiles
    }

    PROVIDER_CONNECTION {
      string id
      string provider
      string authType
      string name
      number priority
      boolean isActive
      string apiKey
      string accessToken
      string refreshToken
      string expiresAt
      string testStatus
      string lastError
      string rateLimitedUntil
      json providerSpecificData
    }

    PROVIDER_NODE {
      string id
      string type
      string name
      string prefix
      string apiType
      string baseUrl
    }

    MODEL_ALIAS {
      string alias
      string targetModel
    }

    COMBO {
      string id
      string name
      string[] models
    }

    API_KEY {
      string id
      string name
      string key
      string machineId
    }

    USAGE_ENTRY {
      string provider
      string model
      number prompt_tokens
      number completion_tokens
      string connectionId
      string timestamp
    }

    CUSTOM_MODEL {
      string id
      string name
      string providerId
    }

    PROXY_CONFIG {
      string global
      json providers
    }

    IP_FILTER {
      string mode
      string[] allowlist
      string[] blocklist
    }

    THINKING_BUDGET {
      string mode
      number customBudget
      string effortLevel
    }

    SYSTEM_PROMPT {
      boolean enabled
      string prompt
      string position
    }

• (compat/debug artifact)

flowchart LR
    subgraph LocalHost[Developer Host]
        CLI[CLI Tools]
        Browser[Dashboard Browser]
    end

    subgraph ContainerOrProcess[OmniRoute Runtime]
        Next[Next.js Server\nPORT=20128]
        Core[SSE Core + Executors]
        MainDB[(storage.sqlite)]
        UsageDB[(usage tables + log artifacts)]
    end

    subgraph External[External Services]
        Providers[AI Providers]
        SyncCloud[Cloud Sync Service]
    end

    CLI --> Next
    Browser --> Next
    Next --> Core
    Next --> MainDB
    Core --> MainDB
    Core --> UsageDB
    Core --> Providers
    Next --> SyncCloud

, : compatibility APIs
• : dedicated per-provider routes (chat, embeddings, images)
• : provider CRUD, validation, testing
• : custom compatible node management
• : custom model management (CRUD)
• : model catalog API (aliases + custom models)
• : OAuth/device-code flows
• : local API key lifecycle
• : alias management
• : fallback combo management
• : pricing overrides for cost calculation
• : proxy configuration (GET/PUT/DELETE)
• : outbound proxy connectivity test (POST)
• : usage and logs APIs
• + : cloud sync and cloud-facing helpers
• : local CLI config writers/checkers
• : IP allowlist/blocklist (GET/PUT)
• : thinking token budget config (GET/PUT)
• : global system prompt (GET/PUT)
• : global compression settings (GET/PUT)
• : compression preview, rule metadata, and language packs
• : Caveman settings alias (GET/PUT)
• : RTK config, filter catalog, test endpoint, and raw-output recovery
• : compression combo CRUD and routing-combo assignments
• : compression analytics alias
• : active session listing (GET)
• : per-account rate limit status (GET)
• : sync token CRUD (GET/POST)
• : sync token get/delete (GET/DELETE)
• : config bundle download (GET, ETag versioning)
• : WebSocket upgrade handler for OpenAI-compatible WS clients

: request parse, combo handling, account selection loop
• : translation, executor dispatch, retry/refresh handling, stream setup
• : provider-specific network and format behavior

: translator registry and orchestration

: persistent config/state and domain persistence on SQLite
• : compatibility re-export for DB modules
• : usage history/call logs facade on top of SQLite tables

(in ), which provides URL building, header construction, retry with exponential backoff, credential refresh hooks, and the orchestration method.

.

OpenAI as the hub format — all conversions go through OpenAI as intermediate:

Response sanitization — Strips non-standard fields from OpenAI-format responses (both streaming and non-streaming) to ensure strict SDK compliance
• Role normalization — Converts → for non-OpenAI targets; merges → for models that reject the system role (GLM, ERNIE)
• Think tag extraction — Parses blocks from content into field
• Structured output — Converts OpenAI to Gemini's +

) intercepts known "throwaway" requests from Claude CLI — warmup pings, title extractions, and token counts — and returns a fake response without consuming upstream provider tokens. This is triggered only when contains .

) is retained only for legacy compatibility. The current runtime contract uses:

for application and audit logs written under
• artifacts when the call log pipeline is enabled

• handling

blocks all private/loopback/link-local target URLs before they reach provider executors
• which applies the guard before every outbound request
• with HTTP 422 and are logged to the compliance audit trail via

• , , )
• ) when
• (optional/compat)
• when
• when the call log pipeline is enabled
• ) for UI consumption

) secures dashboard session cookie verification/signing
• ) should be explicitly configured for first-run provisioning
• ) secures generated local API key format

,
• unset):
• ,
• , ,
• ,
• , , , and lowercase variants
• ,
• , , ,

and share the same base directory policy ( -> -> ) with legacy file migration.
1. delegates to the same unified catalog builder used by () to avoid semantic drift.
3. and cloud endpoint reachability.
4. directory is published as the npm workspace package. Source code imports it via (resolved by Next.js ). File paths in this document still use the directory name for consistency.
5. Recharts (SVG-based) for accessible, interactive analytics visualizations (model usage bar charts, provider breakdown tables with success rates).
6. Playwright (), run via . Unit tests use Node.js test runner (), run via . Source code under is TypeScript (/); the workspace remains JavaScript ().
8. Context Relay strategy () is split across two layers: decides if a handoff should be generated, injects the handoff after account resolution. Handoff data lives in SQLite table. This split is intentional because only knows whether the actual account changed.
9. Proxy enforcement is now comprehensive: resolves proxy per connection, uses , and uses to maintain dispatcher compatibility on Node 22.
10. Node.js runtime policy detection: returns and fields. The login page renders a warning banner when the runtime falls outside the supported secure Node.js lines.

• when