Fix Kilo OAuth2 500 errors with retry logic:
- Root cause: Vercel edge node cdg1 returning 500 errors
- Added retry logic with exponential backoff (3 attempts)
- Logs Vercel edge node ID to track which node handles request
- Retries automatically route to different edge nodes
- Delays: 1s, 2s, 4s between retries

Add detailed request/response logging for Kilo OAuth2:
- Log exact request URL, headers, and body
- Log httpx version being used
- Log complete response status, headers, and body
- This will help diagnose the 500 error difference between local and remote

Add explicit headers to Kilo OAuth2 device auth request:
- Added Content-Length: 0 header
- Added User-Agent header
- Attempting to fix 500 error on remote servers

Fix Kilo OAuth2 device auth for remote servers:
- Changed from data={} to explicit content=b'' with Content-Type header
- This ensures proper form-urlencoded POST request format
- Fixes 500 error when calling from remote servers behind nginx

- Added version number to debug startup message
- Fixed Kilo OAuth2 device auth endpoint (form encoding)
- Fixed dashboard save endpoints (rotations/autoselect)
- Fixed analytics page template syntax error
- Fixed Kilo provider model prefetch at startup
- Added favicon to PyPI package

Fixes:
- Kilo OAuth2 device auth endpoint now uses form encoding instead of JSON
- Final fix for Kilo device auth 500 Internal Server Error

Fixes:
- Kilo OAuth2 device auth initiation 500 error (missing empty json payload)
- Kilo provider model prefetch at startup for OAuth2 credentials
- Rotations save endpoint 500 error
- Autoselect save endpoint config shadowing bug
- Analytics page Jinja2 TemplateSyntaxError

Fixes:
- Kilo provider model prefetch at startup for OAuth2 credentials
- Rotations save endpoint 500 error (form parameter mismatch, config shadowing)
- Autoselect save endpoint config shadowing bug
- Analytics page Jinja2 TemplateSyntaxError (missing closing parenthesis)
- FormData JSON serialization in validation error handler

v0.99.7 - Fixed undefined provider_key variable bug in OAuth2 handlers, fixed config shadowing bug in rotations save handler

- Remove automatic model detection during provider save operations
- OAuth2 providers now only show models when 'Get Models from Provider' is clicked
- Users have full control over when models are fetched and saved
- Bump version to 0.99.6

- Fixed malformed url_for() calls with extra quotes in providers.html
- Corrected uploadCodexFile function JavaScript syntax
- Fixed remaining hardcoded OAuth2 URLs
- All JavaScript template syntax errors resolved
- Updated version in setup.py, pyproject.toml, aisbf/__init__.py, and PYPI.md
- Added changelog entry for 0.99.5

- Fixed malformed url_for() calls in uploadCodexFile function (extra quotes)
- Fixed hardcoded /dashboard/claude/auth/complete URL to use url_for()
- All JavaScript syntax errors resolved for proper template rendering

- Fixed OAuth2 authentication endpoints not respecting reverse proxy subpaths
- Updated all OAuth2 JavaScript fetch calls to use url_for() instead of hardcoded /dashboard/ paths
- Fixed Claude, Kilo, Codex, and Qwen OAuth2 authentication flows for reverse proxy deployments
- Fixed file upload endpoints, rate limits data endpoint, user management endpoints, and autoselect save endpoint
- OAuth2 authentication buttons now work correctly behind nginx reverse proxy with /aisbf/ location
- Updated version in setup.py, pyproject.toml, aisbf/__init__.py, and PYPI.md
- Added changelog entry for 0.99.4

- Fixed malformed Jinja2 template syntax in user_providers.html causing download link issues
- Corrected URL generation for authentication file download links
- Fixed extension download link in providers.html template
- All template syntax errors resolved for proper dashboard rendering
- Updated version in setup.py, pyproject.toml, aisbf/__init__.py, and PYPI.md
- Added changelog entry for 0.99.3

- Fixed Jinja2 template syntax errors in dashboard templates
- Updated version in pyproject.toml, setup.py, and aisbf/__init__.py
- Updated PYPI.md and CHANGELOG.md with new version

- Corrected nested template tags in dashboard templates
- All fetch() calls and URL generations now use proper url_for syntax
- Templates should render correctly now

- Fix login redirect after authentication not respecting proxy subpaths
- Modified url_for function to return relative URLs when behind reverse proxy
- Updated login form action and template URLs to use url_for
- Fixed JavaScript fetch calls in providers and rotations templates
- Bumped version to 0.99.1 in all configuration files
- Updated CHANGELOG.md and PYPI.md with new version

- Implemented complete OAuth2 Device Authorization Grant with PKCE (S256)
- Added aisbf/auth/qwen.py for OAuth2 authentication
- Added aisbf/providers/qwen.py for OpenAI-compatible DashScope API
- Cross-process token synchronization with file locking
- Automatic token refresh with 30-second expiry buffer
- Optional API key mode (bypass OAuth2)
- Dashboard integration ready
- Free tier: 1,000 requests/day, 60 requests/minute
- Available models: qwen-plus, qwen-turbo, qwen-max, coder-model
- Updated documentation in AI.PROMPT, README.md, and CHANGELOG.md
- Version bumped to 0.99.0

v0.9.9: User-based configuration routing for providers, rotations, autoselects, and OAuth2 credentials

- Config admin (from aisbf.json, user_id=None) saves configurations to JSON files
- Database users save configurations to the database (user_providers, user_rotations, user_autoselects tables)
- Dashboard endpoints check user type and route accordingly
- File upload endpoint supports both config admin (files) and database users (database)
- MCP server tools accept user_id parameter and route to appropriate storage
- OAuth2 credential handling already implemented this pattern (Claude, Kilo, Codex)
- Updated CHANGELOG.md, setup.py, and pyproject.toml

- Added find_config_file() to check config locations in correct order
- Added get_host() to read server.host from config (defaults to 127.0.0.1)
- Fixed get_port() to read from server.port instead of top-level port
- Updated start_server() and start_daemon() to use config-based host
- Updated CHANGELOG.md with the fix

- Changed authenticate_with_device_flow() to request_device_code_flow() + poll_device_code_completion()
- /dashboard/codex/auth/start now returns immediately with verification URI and user code
- /dashboard/codex/auth/poll checks for completion status
- Fixed poll_device_code_token to raise exception for 403/404 (pending state)
- Dashboard JavaScript opens popup window with verification URI immediately

- New codex provider type using OpenAI-compatible protocol
- OAuth2 authentication via Device Authorization Grant flow
- Provider handler in aisbf/providers/codex.py
- OAuth2 handler in aisbf/auth/codex.py
- Dashboard integration with authentication UI
- Token refresh with automatic retry
- API key exchange from ID token
- Updated version to 0.9.8 in setup.py and pyproject.toml
- Updated CHANGELOG.md, README.md, PYPI.md with Codex documentation
- Added codex provider configuration to config/providers.json