fix: response cache stats missing enabled field; tor status reads from JSON config instead of Pydantic singleton

When a card was added via billing page, it was only stored in the DB — never
attached to the Stripe customer. This meant every charge was on an unattached
PM, which Stripe processes differently.

For subscription upgrades the user is actively present, so off_session=True
was incorrect: it marks the charge as a Merchant-Initiated Transaction (MIT)
which settles slower than Customer-Initiated (CIT). Other sites that use
Stripe's frontend SDK do CITs, which is why their charges clear faster.

- dashboard_add_payment_method_stripe: attach PM to Stripe customer and set
  as customer default immediately when the card is added
- auto_charge: add off_session parameter (default True for existing auto
  top-up/renewal callers); document the distinction
- dashboard_subscribe_tier: pass off_session=False so the upgrade charge is
  processed as a CIT and settles at normal speed

- auto_charge: verify payment_intent.status is succeeded/processing before returning success; add description/metadata params so subscription charges are labeled correctly in Stripe
- pricing: redirect to ?success= after upgrade/downgrade so the persistent server-side banner shows instead of a 1.5s toast that disappears on reload
- pricing GET endpoint: pass success/error query params to template context
- base modal: support html:true option in open() so showConfirm can render HTML content; update showConfirm signature to accept html flag
- pricing: pass html=true to showConfirm so the upgrade confirmation renders bold/colored text instead of raw tags

- Per-item save/delete API endpoints for providers, rotations, autoselects (admin + user)
- Config hot-reload on every change without server restart
- Provider list pagination (10/page) with search/filter
- Searchable datalist selects for >25 providers or models
- Model name autocomplete from provider's configured model list
- Fix JS key-escaping bug that broke rendering with special chars in keys

Fix Claude CLI streaming: pass-through SSE strings, handle assistant/tool_use events, non-streaming via --output-format json

Bump version to 0.99.57; add Claude CLI proxy mode

- Add aisbf/cli_mode.py: detect claude binary in PATH at startup
- Add ClaudeCliSessionManager: per-user isolated temp config dirs with
  10-minute idle cleanup and asyncio subprocess-based request proxying
- Add ClaudeProviderHandler CLI methods: _get_cli_credentials,
  _messages_to_cli_prompt, _handle_cli_streaming_request,
  _handle_cli_request, _oauth_tokens_to_cli_credentials
- Wire CLI mode check into _handle_request_with_model; falls through to
  HTTP API mode when no CLI credentials are configured
- Add 'Use Claude CLI mode' checkbox in provider config (both admin and
  user templates): derives credentials from existing OAuth2 tokens
- Add explicit CLI credentials file upload (file_type=cli_credentials);
  DB users: stored in user_oauth2_credentials; admin: path in providers.json
- Update Claude provider warning notices to scope risk to HTTP API mode
  and clarify that claude -p is permitted by Claude's terms of service
- Update CHANGELOG.md, DOCUMENTATION.md, README.md

- Fix ReferenceError: url_for is not defined in pricing JS (was calling
  server-side Jinja2 helper from client-side JavaScript)
- Add new POST /dashboard/subscribe/{tier_id} endpoint with smart payment
  logic: deducts from wallet if sufficient, otherwise charges saved Stripe
  card for the exact plan amount; returns clear error when neither is
  available
- Add POST /dashboard/subscribe/free for downgrade flow
- Fix plan description field names (max_requests_day → max_requests_per_day,
  etc.) across pricing.html and subscription.html; numbers now formatted
  with thousands separators
- Fix pricing card layout so a single plan is centered and capped in width
  instead of stretching full-screen
- Add is_default and is_active to get_user_tier() return dict
- Add upgrade CTA banner in dashboard overview subscription section when
  higher plans are available
- Add subscription hint banner in wallet page
- Add new Usage & Quotas page (/dashboard/usage) with progress bars for
  daily/monthly requests, providers, rotations, autoselections, and tokens;
  bars warn at 75% and turn red at 90%
- Add Usage link to main nav and account dropdown
- Register usage.html in setup.py data_files

- Add Reply-To header using sender's email for all contact submissions
- Show email input in contact modal for non-logged-in users
- Allow unauthenticated contact form submissions (email required)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- Replace relative DOCUMENTATION.md links in README with absolute Gitea URLs (/blob/master/)
- Update dashboard about page regex to rewrite both relative and absolute doc links
- Bump version to 0.99.52
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- Add /dashboard/profile/upload-pic/chunk endpoint: assembles chunks server-side,
  validates MIME type and 5 MB limit, base64-encodes and stores in DB + session
- Remove profile_pic from the form POST (was limited by proxy body size limits)
- Profile template: file input triggers JS chunked upload, shows progress bar and
  inline status; client-side pre-check for size/type before any network request
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- Add DatabaseManager.placeholder property returning '?' (SQLite) or '%s' (MySQL)
- Fix paypal_handler.py: payment_methods INSERT
- Fix service.py: payment_methods INSERT for PayPal vault
- Fix subscription/manager.py: all SQL in create/upgrade/downgrade/cancel_subscription
- Fix subscription/renewal.py: all SQL in process_renewals/_renew_subscription/_cancel_subscription
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- Replace invalid 'ON CONFLICT DO NOTHING' (PostgreSQL) with 'INSERT IGNORE' (MySQL)
  for user_crypto_wallets upsert
- Use repr() and full traceback in exception logging so blank-message exceptions
  are still diagnosable
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- get_user_by_id and get_user_by_email now include profile_pic in SELECT
- Store profile_pic in session on login and update it on profile save
- base.html and user_index.html use session.profile_pic, falling back to gravatar
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

TEXT maxes at 64 KB; base64-encoded images easily exceed that.
Migration auto-widens existing installations on next startup.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

v0.99.51: security hardening — bcrypt passwords, rate limiting, auth fixes, safe cache serialisation

- Migrate password hashing from SHA-256 to bcrypt with backward-compatible auto-upgrade on login
- Add login rate limiting (10 attempts / 5 min window, 10 min lockout) per IP+username
- Force password change when default admin/admin credentials are detected (C3)
- Fix /api/admin/* middleware to require valid admin session instead of unconditional bypass (C5)
- Replace pickle serialisation in all cache backends (Redis, SQLite, MySQL, File) with JSON-first encoding; legacy pickle data still readable (H9)
- Fix PayPal webhook: implement 6 previously empty handler stubs with real wallet credit/debit logic (H1)
- Fix Stripe: remove no-op _handle_payment_succeeded stub, fix real implementation to use WalletManager (C7)
- Fix crypto address derivation race condition via BEGIN EXCLUSIVE / SELECT FOR UPDATE (H6)
- Fix PayPal webhook verification: return False (not True) when webhook_id not configured (C6)
- Fix pre-existing password reset flow using non-existent DB methods
- Fix CORS: allow_credentials=False to be compatible with wildcard origins
- Fix session cookie flags: same_site=lax, https_only via AISBF_HTTPS env var
- Fix background task GC: hold strong references to prevent premature task collection
- Remove dead Jinja2 environment and commented-out analytics init code
- Apply XSS escaping to user-controlled innerHTML in analytics and autoselects dashboard templates
- Update docs: security warnings in README and DEBUG_GUIDE, missing endpoints in ENDPOINTS.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>