Fail fast on missing config and reject default encryption keys; use SHA-256 ingress key lookup, trusted-proxy-aware client IP, sentinel gateway errors with correct HTTP status codes, daily provider key counter reset, Anthropic multimodal forwarding, and cache Get methods that return copies.
Co-authored-by: Cursor <cursoragent@cursor.com>
Lock admin login by IP after repeated failures with configurable lockout, and document /v1 endpoints with correct default port.
Co-authored-by: Cursor <cursoragent@cursor.com>