Explicitly set drop_params and supports_prompt_caching=false for
claude-sonnet-4.5 model to prevent prompt_cache_key parameter from
being sent to Anthropic API.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add router_settings and default_litellm_params to ensure unsupported
parameters like prompt_cache_key are properly dropped when using codex
with the litellm proxy.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added disable_responses_id_security setting to allow Codex CLI to access
the /responses endpoint without 401 errors. This removes the encryption
requirement on response IDs while maintaining API key authentication.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Created database initialization script following the core stack pattern.
The script automatically creates required databases on first initialization:
- openwebui: Open WebUI application database
- litellm: LiteLLM proxy database for API key management and tracking
Changes:
- Created ai/postgres/init/01-init-databases.sh
- Mounted init directory in ai_postgres service
- Added automatic privilege grants to AI_DB_USER
Note: Init script only runs on first database creation when volume is empty.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
LiteLLM now uses the ai_postgres database instance with a dedicated
'litellm' database for API key management, usage tracking, and rate limiting.
Changes:
- Set DATABASE_URL to postgresql://ai:password@ai_postgres:5432/litellm
- Added depends_on ai_postgres to ensure DB starts first
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed authentication middleware to simplify access. LiteLLM now relies
solely on Bearer token authentication via LITELLM_MASTER_KEY.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Re-enabled LITELLM_MASTER_KEY for proper API key authentication.
LiteLLM supports master key without database for simple auth scenarios.
- LiteLLM validates Bearer token against master key
- Open WebUI uses same key for internal communication
- External access requires both HTTP Basic Auth + API key
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed LITELLM_MASTER_KEY as it requires a database for virtual key
management. Security is already provided by HTTP Basic Auth on the
public Traefik endpoint. Internal Open WebUI communication doesn't
need additional API key auth.
Security layers:
- Public access: HTTP Basic Auth via Traefik
- Internal LiteLLM: Network isolation (no auth needed)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Added AI_LITELLM_API_KEY environment variable to .env
- Configured LiteLLM MASTER_KEY for authentication
- Updated Open WebUI to use secure API key from environment
- Generated secure 64-character hex key: sk-77b42236...
This replaces the insecure hardcoded sk-1234 key with proper
secret management via environment variables.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Healthcheck was failing because curl is not installed in the LiteLLM
container, causing Traefik to mark it as unhealthy and not route traffic.
Disabled healthcheck as Traefik doesn't require it for routing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
LiteLLM was binding to localhost by default, making it unreachable
from Traefik reverse proxy. Added --host 0.0.0.0 parameter to allow
connections from the Docker network.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added Traefik configuration to make LiteLLM accessible at llm.ai.pivoine.art
for use with @openai/codex CLI tool.
Changes:
- Added AI_LITELLM_TRAEFIK_HOST to arty.yml (llm.ai.pivoine.art)
- Updated ai/compose.yaml litellm service with full Traefik labels
- HTTP to HTTPS redirect
- SSL termination via Let's Encrypt
- Compression and security headers
This allows external tools like Codex to use Claude models via
OpenAI-compatible API endpoint.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Removed miniPaint image editor service from the kit stack:
- Deleted paint service definition from kit/compose.yaml
- Removed Dockerfile for paint build
- Removed KIT_PAINT_TRAEFIK_HOST from arty.yml
- Stopped and removed kit_paint container
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Paint service uses a custom Dockerfile build from GitHub, so it shouldn't
be auto-updated by Watchtower. Set watchtower.enable=false explicitly.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Watchtower was failing with "Unknown notification type 'mattermost'" because
'mattermost' is not a valid WATCHTOWER_NOTIFICATIONS value. When using
Shoutrrr URLs (WATCHTOWER_NOTIFICATION_URL), the notification type should
be set to 'shoutrrr' or left empty, as the service type is inferred from
the URL format (mattermost://...).
Changed WATCHTOWER_NOTIFICATIONS from 'mattermost' to 'shoutrrr' to fix
the fatal error that was occurring every minute.
The mattermost:// Shoutrrr URL in WATCHTOWER_NOTIFICATION_URL is correct
and will work once the notification type is fixed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Netdata v2.7 doesn't natively support Mattermost notifications, but
Mattermost supports Slack-compatible webhooks. Changed configuration to
use SEND_SLACK with SLACK_WEBHOOK_URL pointing to the Mattermost webhook.
Configuration changes:
- Changed SEND_MATTERMOST="YES" to SEND_SLACK="YES"
- Changed MATTERMOST_WEBHOOK_URL to SLACK_WEBHOOK_URL
- Updated role_recipients_mattermost to role_recipients_slack
- Webhook URL still uses ${MATTERMOST_WEBHOOK_URL} env var from .env
Tested with: alarm-notify.sh test
Result: All three alarm types (WARNING, CRITICAL, CLEAR) show "OK"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Remove all theme customization code:
- Removed theme directory (custom.css, custom.js, favicon.svg)
- Removed app.html.heex template override
- Removed Dockerfile for custom build
- Reverted compose.yaml to only mount custom.exs for SMTP config
Keeping only SMTP configuration in custom.exs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Mount app.html.heex template with custom theme links:
- Custom CSS at /assets/custom.css via Routes.static_path()
- Custom favicon at /images/favicon-custom.svg
Phoenix will use the external template file instead of compiled version.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
static_paths only includes: assets, fonts, images, js
The css directory is NOT served by Phoenix.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The Plug was causing AsciinemaWeb.Endpoint to fail on startup.
Reverting to just SMTP configuration while we find a proper way
to inject custom theme.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Mount custom CSS, favicon, and JS into static directories
- Create custom.js to inject theme CSS and favicon via JavaScript
- Add CustomThemeInjector Plug in custom.exs to inject script tag
- Custom theme features:
- Pivoine rose primary color (#CE275B)
- Gray tone backgrounds
- Custom SVG favicon with rose gradient
- Bootstrap 4 component overrides
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added explicit overrides for body, main, and pre elements to prevent
default light gray (#f7f7f7) backgrounds from showing through.
- Body and main: metal-bg-base (dark)
- Pre/code blocks: metal-bg-elevated (slightly lighter)
- Main container: metal-bg-surface with proper spacing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
