ypollak2/llm-router

v9.0.0 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 11d LLM Frameworks

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-routing anthropic claude claude-code cost-optimization gemini

+7 more

litellm llm llm-router mcp-server model-router ollama openai

Affected surfaces

auth rbac

ReleasePort's take

Light signal

editorial:auto 11d

Release v9.0.0 fixes a session type path mismatch and extends the pending route TTL to one hour, while adding warnings for silent env var overrides.

Why it matters: Extending the pending route TTL from 5 minutes to 1 hour reduces premature route expirations; logging warnings prevents unintended routing behavior when LLM_ROUTER_ENFORCE silently overrides routing.yaml.

Summary

AI summary

Fixed session type path mismatch, extended pending route TTL to 1 hour, and added warnings for silent env var overrides.

Changes in this release

Type	Severity	Summary	CVE
Bugfix
Bugfix	Medium	Fixes session type path mismatch between auto-route.py and enforce-route.py. Fixes session type path mismatch between auto-route.py and enforce-route.py. Source: llm_adapter@2026-05-23 Confidence: high	—
Bugfix	Medium	Extends pending route TTL from 5 minutes to 1 hour. Extends pending route TTL from 5 minutes to 1 hour. Source: llm_adapter@2026-05-23 Confidence: low	—
Bugfix	Medium	Logs warning when `LLM_ROUTER_ENFORCE` env var overrides routing.yaml silently. Logs warning when `LLM_ROUTER_ENFORCE` env var overrides routing.yaml silently. Source: llm_adapter@2026-05-23 Confidence: low	—

Full changelog

What's New

Fixed

Session type path mismatch — auto-route.py reset session_type_{id}.json but enforce-route.py read session_{id}.json, so once a session was marked "coding", enforcement stayed soft permanently. Now both hooks use the same path.
Pending route TTL too short — extended from 5 minutes to 1 hour. Routing state now survives context compaction delays without expiring between prompts.
Silent env var override — LLM_ROUTER_ENFORCE set in .zshrc/.bashrc silently overrode routing.yaml with no warning. enforce-route.py now logs a conflict warning to enforcement.log, and set-enforce warns users when a shell env var will override the written config.

Upgrade

pip install --upgrade claude-code-llm-router

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ypollak2/llm-router

Get notified when new releases ship.

About ypollak2/llm-router

Subscription-aware LLM router for Claude Code. Routes tasks to 20+ providers (OpenAI, Gemini, Groq, Ollama, Codex) based on complexity classification, Claude subscription pressure, and cost. Free tasks stay on Claude subscription; expensive tasks fall back to the cheapest capable model. Includes 30 MCP tools, 6 auto-routing hooks, semantic dedup cache, prompt caching, daily spend cap, and a live web dashboard.

All releases →

Related context

Related tools

Earlier breaking changes

v9.2.0 Changes auto‑route directive from advisory "DO NOT SKIP" to hard constraint with explicit blocked tools list.
v9.2.0 Breaks permanent downgrade of enforcement after first Edit/Write; v13 now requires per‑turn routing.