# Changelog v0.3.49 - 2026-04-11

### Changed

- **API key validation now uses provider auth endpoints instead of pings** — Previously, testing an API key sent a chat completion `POST` to a model endpoint and waited for a 200 response. This was indirect (a model being down didn't mean the key was invalid) and slow (sequential probes with 4s delays).

- **Parallel auth-only probes (3×8s)** — For providers that expose an OpenAI-compatible `/v1/models` or a `/v1/account` endpoint, the test now fires 3 simultaneous probes to that endpoint. A 200 response = key valid and accepted. A 401/403 response = key rejected (auth error). This is decisive and ~8× faster than the ping approach.

- **Parallel ping burst fallback** — Providers without an auth-check endpoint (replicate, cloudflare, zai, googleai, opencode-zen, rovo, gemini) or that timed out now fall back to chat completion pings, but in **parallel batches of 5 probes** instead of 1-by-1 with 4s delays. This keeps the overall test under 30s even for "difficult" providers.

- **Auto-test all keys on Settings open (`P`)** — Opening Settings now automatically fires parallel auth probes for all configured API keys simultaneously. Users see the status of every provider the moment they open the screen, instead of having to press `T` for each one individually.

### Providers with dedicated auth endpoints

| Provider | Auth check endpoint | Method |
|----------|-------------------|--------|
| NVIDIA NIM | `/v1/account` | GET |
| Groq, Cerebras, SambaNova, OpenRouter, HuggingFace, DeepInfra, Fireworks, Hyperbolic, Scaleway, SiliconFlow, Together, Perplexity, Chutes, OVHcloud, Qwen, iFlow | `/v1/models` | GET |
