tokenroute

Changelog

What's new in tokenroute — new features, updates, and fixes.

Week of May 25 – May 29, 2026

New features

  • DeepSeek v4 models live. Two new passthrough models are routable through the gateway: deepseek-v4-flash (low-latency tier) and deepseek-v4-pro (frontier tier). List them with tokenroute models or call them directly via /v1/chat/completions. See the CLI reference and API reference.
  • Unified public model IDs. Every model now exposes a single canonical public_id (a bare alias like deepseek-v4-pro) for use in API requests. Vendor-prefixed IDs continue to work, but new code should prefer the bare alias — it's stable across provider re-routing.

Updates

  • Faster API key authentication. Auth now indexes API keys by an HMAC lookup column instead of scanning the full table with Argon2 on every request. Practical effect: noticeably lower auth latency and CPU under load, especially for high-RPS agents.

Fixes

  • Stripe top-up webhook handles duplicate deliveries. Stripe occasionally retries webhook deliveries; the credit ledger now treats a duplicate event as a no-op instead of returning 500. Balances reconcile correctly even when Stripe re-sends.
  • Quota pre-deduction is now atomic. Concurrent in-flight requests can no longer race past your remaining balance. The previous "big-spender skip" shortcut has been removed — every request is checked atomically, eliminating a class of overdraft scenarios.
  • Embed sign-in no longer logs you out on first load. When tokenroute is embedded inside a Paradigx host page, the companion sync bridge now distinguishes "auth pending" from "unauthenticated" and skips the spurious logout call on the first unauthenticated hydration.

Week of May 18 – May 22, 2026

New features

  • CLI 2.0 (tokenroute 0.2.0). The CLI now shares a unified core with other Paradigx tools. Auth tokens have moved to ~/.paradigx/auth.json and are automatically migrated from ~/.tokenroute/ on first run. JWTs now refresh transparently — no more re-logging in mid-session. See the CLI reference.
  • Self-serve top-up via Stripe. Top-ups initiated from the dashboard or tokenroute topup now flow end-to-end through a Stripe Checkout webhook. Your balance updates automatically the moment payment succeeds — no manual reconciliation step. New /topup/success and /topup/cancel pages (available in English and 中文) confirm the result. See Quickstart → Top up your balance.
  • Custom code injection for admins. Workspace admins can now inject arbitrary <head>, body-start, and body-end snippets site-wide from /admin/custom-code. Useful for embedding analytics, support widgets, or third-party agent scripts.
  • Partner customer usage endpoint. Paradigx partners can now query aggregated usage across all of their attributed customers in one call — plan, monthly spend, balance, and last-active timestamp per customer. Available via the management API for partner portal integrations.

Updates

  • New case study: botu on tokenroute. Walks through how the botu production agent runtime routes 100% of its LLM traffic through tokenroute with Claude Haiku 4.5 as primary and Sonnet 4.5 as fallback. Read the botu case study.

Fixes

  • Admin custom-code editor placeholder now matches the environment. The example shown in the editor on QA points to QA assets instead of production, so admins don't accidentally embed production widgets while testing.
  • CLI now works on Windows terminals with legacy code pages. Replaced Unicode status markers that crashed on GBK consoles, and forced UTF-8 stdout reconfiguration so colored output works in modern terminals while degrading gracefully on legacy ones.
  • OAuth device-flow login now works against Logto. The CLI's OIDC discovery now tries the Logto-specific discovery path before falling back to the spec default, fixing login failures for tokenroute's default identity provider.

On this page