DEV Community: Preecha The latest articles on DEV Community by Preecha (@preecha). https://dev.to/preecha https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3891818%2Ffc0ea1ab-a477-4892-93a0-711e6f361ce2.png DEV Community: Preecha https://dev.to/preecha en Open Source API Management Tools Preecha Fri, 26 Jun 2026 13:02:58 +0000 https://dev.to/preecha/open-source-api-management-tools-djh https://dev.to/preecha/open-source-api-management-tools-djh <p>APIs are the backbone of modern applications, but managing them across microservices, mobile apps, partner integrations, and internal platforms gets difficult fast. Open source API management tools give teams a flexible way to secure, publish, monitor, and govern APIs without committing fully to a closed vendor platform.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <p>This guide breaks down what open source API management tools do, which features matter, which projects are commonly used in 2026, and how to implement a practical API management workflow from design to runtime governance.</p> <h2> What Are Open Source API Management Tools? </h2> <p>Open source API management tools help teams manage the full API lifecycle:</p> <ul> <li>Designing and publishing APIs</li> <li>Routing traffic through an API gateway</li> <li>Applying authentication and authorization</li> <li>Enforcing rate limits and quotas</li> <li>Monitoring usage, latency, and errors</li> <li>Managing versions, deprecations, and developer access</li> </ul> <p>Unlike proprietary API platforms, open source tools provide more transparency and customization. You can inspect the source code, extend behavior with plugins or policies, and adapt the platform to your infrastructure.</p> <h2> Why API Management Matters </h2> <p>As systems scale, APIs often become distributed across teams, regions, and environments. Without API management, common problems include:</p> <ul> <li>Unauthorized or poorly governed API access</li> <li>Inconsistent authentication and rate limiting</li> <li>No centralized visibility into API usage</li> <li>Difficult API versioning and deprecation</li> <li>Scaling issues during traffic spikes</li> <li>Vendor lock-in from closed commercial platforms</li> </ul> <p>An API management layer helps standardize how APIs are exposed, secured, monitored, and consumed.</p> <h2> Core Features to Look For </h2> <p>When evaluating open source API management tools, focus on implementation-critical capabilities.</p> <h3> 1. API Gateway </h3> <p>The gateway is the runtime entry point for API traffic. It typically handles:</p> <ul> <li>Request routing</li> <li>Load balancing</li> <li>Authentication</li> <li>Rate limiting</li> <li>Protocol handling</li> <li>Request and response transformations</li> </ul> <p>Example gateway flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Client -&gt; API Gateway -&gt; Backend Service | +-- Auth policy +-- Rate limit policy +-- Logging policy +-- Routing rule </code></pre> </div> <h3> 2. Security and Access Control </h3> <p>Look for support for common API security patterns:</p> <ul> <li>API keys</li> <li>OAuth2</li> <li>JWT validation</li> <li>IP allowlists and blocklists</li> <li>mTLS where required</li> <li>Role-based or policy-based access control</li> </ul> <p>A basic policy model might look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">security</span><span class="pi">:</span> <span class="na">authentication</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">jwt</span> <span class="na">issuer</span><span class="pi">:</span> <span class="s">https://auth.example.com</span> <span class="na">access</span><span class="pi">:</span> <span class="na">allowed_roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">partner</span> <span class="pi">-</span> <span class="s">internal</span> <span class="na">traffic</span><span class="pi">:</span> <span class="na">rate_limit</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="m">1000</span> <span class="na">period</span><span class="pi">:</span> <span class="s">1m</span> </code></pre> </div> <h3> 3. Traffic Management </h3> <p>Traffic controls protect backend services and create fair usage rules for consumers.</p> <p>Common controls include:</p> <ul> <li>Rate limiting</li> <li>Throttling</li> <li>Quotas</li> <li>Retry rules</li> <li>Circuit breaking</li> <li>Request size limits</li> </ul> <h3> 4. Analytics and Monitoring </h3> <p>API management tools should help you answer questions like:</p> <ul> <li>Which APIs are used most?</li> <li>Which consumers generate the most traffic?</li> <li>What is the error rate?</li> <li>Which endpoints are slow?</li> <li>Are there suspicious request patterns?</li> </ul> <p>Useful metrics include:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>requests_total request_latency_ms error_rate status_code_distribution consumer_usage upstream_response_time </code></pre> </div> <h3> 5. Developer Portal </h3> <p>A developer portal gives internal or external developers a self-service place to:</p> <ul> <li>Discover available APIs</li> <li>Read documentation</li> <li>Test endpoints</li> <li>Request access</li> <li>View credentials or subscriptions</li> </ul> <p>This is especially useful for partner APIs and API-as-a-product platforms.</p> <h3> 6. API Lifecycle Management </h3> <p>API management is not only about routing traffic. You also need lifecycle controls for:</p> <ul> <li>API design</li> <li>Review and approval</li> <li>Publishing</li> <li>Versioning</li> <li>Deprecation</li> <li>Retirement</li> </ul> <p>A simple lifecycle could be:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Design -&gt; Review -&gt; Publish -&gt; Monitor -&gt; Version -&gt; Deprecate -&gt; Retire </code></pre> </div> <h3> 7. Extensibility </h3> <p>Open source API management tools often support plugins, custom policies, or scripting.</p> <p>Use extensibility when you need to integrate with:</p> <ul> <li>Internal identity providers</li> <li>Custom logging pipelines</li> <li>CI/CD workflows</li> <li>Observability platforms</li> <li>Compliance systems</li> </ul> <h2> Top Open Source API Management Tools in 2026 </h2> <p>The open source API management ecosystem includes several mature options. The right choice depends on your runtime environment, team skills, traffic patterns, and governance requirements.</p> <h2> 1. Kong </h2> <p>Kong is a high-performance API gateway built on NGINX. It is commonly used for scalable API traffic management and has a broad plugin ecosystem.</p> <p>Key capabilities:</p> <ul> <li>Traffic control</li> <li>Authentication plugins</li> <li>Logging plugins</li> <li>Analytics integrations</li> <li>Kubernetes-native deployment options</li> <li>Declarative configuration</li> </ul> <p>Good fit for:</p> <ul> <li>Teams running high-traffic APIs</li> <li>Kubernetes-based environments</li> <li>Plugin-driven gateway customization</li> </ul> <h2> 2. Tyk </h2> <p>Tyk provides an open source gateway with API management features including a dashboard and developer portal options.</p> <p>Key capabilities:</p> <ul> <li>REST, GraphQL, and gRPC support</li> <li>Fine-grained security controls</li> <li>Rate limiting</li> <li>API analytics</li> <li>Hybrid and multi-cloud deployment support</li> </ul> <p>Good fit for:</p> <ul> <li>Teams that need a lightweight gateway</li> <li>Multi-protocol API environments</li> <li>Hybrid infrastructure</li> </ul> <h2> 3. Gravitee.io </h2> <p>Gravitee.io is a modular open source API platform that includes gateway, access management, and developer portal components.</p> <p>Key capabilities:</p> <ul> <li>Policy-based security</li> <li>Traffic shaping</li> <li>Analytics</li> <li>Developer portal</li> <li>Support for event-driven and asynchronous APIs</li> </ul> <p>Good fit for:</p> <ul> <li>Teams managing both synchronous and asynchronous APIs</li> <li>Organizations that need centralized access management</li> <li>API platforms with event-driven architecture</li> </ul> <h2> 4. WSO2 API Manager </h2> <p>WSO2 API Manager is a comprehensive open source API management platform with strong integration and identity management capabilities.</p> <p>Key capabilities:</p> <ul> <li>API gateway</li> <li>API publisher</li> <li>API store</li> <li>Analytics</li> <li>Monetization support</li> <li>OAuth2 support</li> </ul> <p>Good fit for:</p> <ul> <li>Enterprise API programs</li> <li>Teams needing broader integration capabilities</li> <li>Organizations with complex identity requirements</li> </ul> <h2> 5. Apache APISIX </h2> <p>Apache APISIX is a cloud-native API gateway known for dynamic configuration and real-time plugin hot reload.</p> <p>Key capabilities:</p> <ul> <li>Traffic control</li> <li>Security policies</li> <li>Real-time logging</li> <li>Plugin ecosystem</li> <li>Support for multiple protocols</li> </ul> <p>Good fit for:</p> <ul> <li>Cloud-native deployments</li> <li>Teams that need dynamic runtime configuration</li> <li>High-performance gateway use cases</li> </ul> <h2> 6. KrakenD </h2> <p>KrakenD is a stateless API gateway focused on aggregation and transformation. It is often used in microservices architectures.</p> <p>Key capabilities:</p> <ul> <li>Endpoint aggregation</li> <li>Request and response transformation</li> <li>Security controls</li> <li>No-code endpoint configuration</li> <li>High-performance stateless design</li> </ul> <p>Good fit for:</p> <ul> <li>Backend-for-frontend patterns</li> <li>Microservices aggregation</li> <li>APIs that need response composition</li> </ul> <h2> 7. Apiman </h2> <p>Apiman is an extensible open source API management tool focused on policy-based runtime governance.</p> <p>Key capabilities:</p> <ul> <li>Multi-tenancy</li> <li>Metrics</li> <li>Custom policies</li> <li>Management UI</li> <li>Developer portal</li> <li>Integration with Java stacks</li> </ul> <p>Good fit for:</p> <ul> <li>Java-based organizations</li> <li>Teams needing custom governance policies</li> <li>Internal API platforms</li> </ul> <h2> How Open Source API Management Tools Work </h2> <p>Most API management platforms sit between API consumers and backend services.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Web App / Mobile App / Partner App | v API Management Layer - Authentication - Authorization - Rate limiting - Routing - Logging - Analytics | v Backend APIs / Microservices </code></pre> </div> <p>A typical workflow looks like this:</p> <ol> <li><p><strong>Design the API</strong><br><br> Define endpoints, methods, parameters, request bodies, responses, and error formats using OpenAPI or Swagger.</p></li> <li><p><strong>Publish the API</strong><br><br> Register the API in your API management platform and expose it through the gateway.</p></li> <li><p><strong>Secure the API</strong><br><br> Apply authentication, authorization, API key, OAuth2, JWT, or IP filtering policies.</p></li> <li><p><strong>Control traffic</strong><br><br> Configure rate limits, quotas, throttling, and request validation.</p></li> <li><p><strong>Monitor usage</strong><br><br> Track requests, errors, latency, and consumer behavior.</p></li> <li><p><strong>Iterate safely</strong><br><br> Version APIs, update documentation, deprecate old endpoints, and retire unused APIs.</p></li> </ol> <h2> Using Apidog Before Runtime API Management </h2> <p>Apidog can complement open source API management tools during the API design, testing, and documentation phase.</p> <p>A practical workflow is:</p> <ol> <li>Design the API contract in Apidog.</li> <li>Define endpoints, parameters, request examples, and response examples.</li> <li>Generate or maintain OpenAPI/Swagger definitions.</li> <li>Share online API documentation with your team.</li> <li>Create mock data for frontend or integration testing.</li> <li>Export the API specification.</li> <li>Import the spec into an API management tool such as Kong, Tyk, Gravitee.io, or Apiman.</li> </ol> <p>This helps ensure APIs are defined and tested before they are exposed through a production gateway.</p> <h2> Real-World Use Cases </h2> <h2> 1. Banking and Fintech </h2> <p>Banks and fintech platforms use API management to expose secure partner APIs for open banking, payment integrations, and regulatory reporting.</p> <p>Example implementation:</p> <ul> <li>Use Tyk Gateway to expose partner APIs.</li> <li>Apply OAuth2 policies.</li> <li>Enforce rate limits per partner.</li> <li>Log API activity for audit and compliance.</li> <li>Monitor failed authentication attempts.</li> </ul> <h2> 2. E-commerce Platforms </h2> <p>E-commerce companies use API management to scale APIs for storefronts, mobile apps, vendors, and logistics partners.</p> <p>Example implementation:</p> <ul> <li>Use Kong as the API gateway.</li> <li>Route traffic to catalog, cart, checkout, and logistics services.</li> <li>Apply rate limits to public APIs.</li> <li>Track request volume and latency.</li> <li>Use analytics to identify slow or error-prone endpoints.</li> </ul> <h2> 3. Healthcare and IoT </h2> <p>Healthcare and IoT systems often need strict access control and audit logging for sensitive data APIs.</p> <p>Example implementation:</p> <ul> <li>Use Gravitee.io to expose FHIR APIs.</li> <li>Apply access policies for healthcare apps.</li> <li>Monitor unusual request patterns.</li> <li>Centralize audit logs.</li> <li>Enforce security controls for patient data APIs.</li> </ul> <h2> 4. SaaS and Developer Platforms </h2> <p>Developer-focused SaaS companies use API management to provide self-service onboarding, documentation, and sandbox environments.</p> <p>Example implementation:</p> <ul> <li>Use Apidog for API design, testing, and documentation.</li> <li>Use Apiman for runtime governance.</li> <li>Publish APIs through a developer portal.</li> <li>Apply subscription-based access policies.</li> <li>Monitor usage by developer account or tenant.</li> </ul> <h2> Practical Implementation Workflow </h2> <p>Here is a practical implementation path for combining API design tooling with open source API management.</p> <h2> Step 1: Design the API Contract </h2> <p>Start with an API specification.</p> <p>Example OpenAPI fragment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">openapi</span><span class="pi">:</span> <span class="s">3.0.3</span> <span class="na">info</span><span class="pi">:</span> <span class="na">title</span><span class="pi">:</span> <span class="s">Orders API</span> <span class="na">version</span><span class="pi">:</span> <span class="s">1.0.0</span> <span class="na">paths</span><span class="pi">:</span> <span class="na">/orders</span><span class="pi">:</span> <span class="na">get</span><span class="pi">:</span> <span class="na">summary</span><span class="pi">:</span> <span class="s">List orders</span> <span class="na">responses</span><span class="pi">:</span> <span class="s2">"</span><span class="s">200"</span><span class="err">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s">A list of orders</span> <span class="na">content</span><span class="pi">:</span> <span class="na">application/json</span><span class="pi">:</span> <span class="na">schema</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">array</span> <span class="na">items</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">object</span> <span class="na">properties</span><span class="pi">:</span> <span class="na">id</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">string</span> <span class="na">status</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">string</span> </code></pre> </div> <p>Use Apidog to define endpoints, parameters, examples, and responses before exporting the OpenAPI or Swagger file.</p> <h2> Step 2: Export the OpenAPI or Swagger Spec </h2> <p>Export the API contract from your design tool.</p> <p>Example file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>apidog-exported-api.json </code></pre> </div> <p>Keep this file versioned in Git so API changes can go through review.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git add apidog-exported-api.json git commit <span class="nt">-m</span> <span class="s2">"Add Orders API specification"</span> </code></pre> </div> <h2> Step 3: Import the API into Your Management Tool </h2> <p>Import the exported API definition into your API management platform.</p> <p>Example: importing a Swagger/OpenAPI spec into Apiman:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> @apidog-exported-api.json <span class="se">\</span> https://<span class="o">{</span>apiman-server<span class="o">}</span>/apiman/rest/apis/import </code></pre> </div> <p>Replace <code>{apiman-server}</code> with your Apiman server hostname.</p> <h2> Step 4: Configure Runtime Policies </h2> <p>After importing the API, configure policies such as:</p> <ul> <li>Authentication</li> <li>Authorization</li> <li>Rate limiting</li> <li>Request validation</li> <li>Logging</li> <li>CORS</li> <li>Quotas</li> </ul> <p>Example policy checklist:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[ ] Require authentication [ ] Validate JWT issuer [ ] Apply per-consumer rate limit [ ] Enable request logging [ ] Track 4xx and 5xx errors [ ] Add versioning rules </code></pre> </div> <h2> Step 5: Publish Through the Gateway </h2> <p>Expose the API through your gateway endpoint.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://api.example.com/orders </code></pre> </div> <p>Route requests to the backend service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://orders-service.internal/orders </code></pre> </div> <h2> Step 6: Monitor and Iterate </h2> <p>Track operational metrics after release:</p> <ul> <li>Request count</li> <li>Error rate</li> <li>Latency</li> <li>Top consumers</li> <li>Rate limit violations</li> <li>Authentication failures</li> </ul> <p>Use these signals to decide when to optimize, scale, version, or deprecate endpoints.</p> <h2> Advantages of Open Source API Management Tools </h2> <p>Open source API management tools offer several practical benefits.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Advantage</th> <th>Why it matters</th> </tr> </thead> <tbody> <tr> <td>Cost savings</td> <td>No licensing fees for the open source components</td> </tr> <tr> <td>Transparency</td> <td>Source code can be reviewed for security and compliance</td> </tr> <tr> <td>Customization</td> <td>Policies, plugins, and integrations can be adapted to your stack</td> </tr> <tr> <td>Community support</td> <td>Active communities help with troubleshooting and improvements</td> </tr> <tr> <td>Reduced vendor lock-in</td> <td>Teams can migrate, fork, or extend tools as requirements change</td> </tr> </tbody> </table></div> <h2> Challenges and Considerations </h2> <p>Open source API management is powerful, but it still requires operational planning.</p> <h3> Operational Overhead </h3> <p>You need in-house expertise to deploy, secure, scale, upgrade, and monitor the platform.</p> <p>Plan for:</p> <ul> <li>High availability</li> <li>Backups</li> <li>Configuration management</li> <li>Gateway scaling</li> <li>Observability</li> <li>Security patching</li> </ul> <h3> Feature Gaps </h3> <p>Some advanced capabilities may require commercial editions, plugins, or custom implementation.</p> <p>Examples include:</p> <ul> <li>Advanced monetization</li> <li>AI-based analytics</li> <li>Enterprise support</li> <li>Advanced developer portal features</li> <li>Managed hosting</li> </ul> <h3> Integration Complexity </h3> <p>Before choosing a tool, validate compatibility with your existing stack:</p> <ul> <li>CI/CD pipelines</li> <li>Identity providers</li> <li>Logging systems</li> <li>Metrics platforms</li> <li>Kubernetes or VM infrastructure</li> <li>Secrets management</li> <li>API documentation workflow</li> </ul> <h2> Implementation Checklist </h2> <p>Use this checklist before adopting an open source API management platform:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[ ] Identify APIs that need centralized management [ ] Define authentication and authorization requirements [ ] Choose gateway deployment model [ ] Decide how API specs will be created and versioned [ ] Configure logging and monitoring [ ] Define rate limits and quotas [ ] Set up developer onboarding flow [ ] Test failure scenarios [ ] Document API publishing process [ ] Create versioning and deprecation rules </code></pre> </div> <h2> Conclusion </h2> <p>Open source API management tools help teams secure, govern, publish, and monitor APIs with more flexibility and transparency. Tools like Kong, Tyk, Gravitee.io, WSO2 API Manager, Apache APISIX, KrakenD, and Apiman can provide the runtime control layer for modern API platforms.</p> <p>For a practical implementation, separate API design from runtime governance:</p> <ol> <li>Design and test the API contract.</li> <li>Export an OpenAPI or Swagger specification.</li> <li>Import it into your API management platform.</li> <li>Apply security and traffic policies.</li> <li>Monitor usage and iterate over time.</li> </ol> <p>Combining open source API management tools with an API design and documentation workflow helps teams ship APIs that are easier to secure, operate, and evolve.</p> Hermes Agent: The Better OpenClaw Alternative Is Here Preecha Fri, 26 Jun 2026 01:02:51 +0000 https://dev.to/preecha/hermes-agent-the-better-openclaw-alternative-is-here-1a21 https://dev.to/preecha/hermes-agent-the-better-openclaw-alternative-is-here-1a21 <h2> TL;DR / Quick Answer </h2> <p>For API-heavy workflows, Hermes Agent is the stronger OpenClaw alternative for most teams. It combines official MCP support, broader provider flexibility, built-in OpenClaw migration, self-improving skills, and more deployment options. OpenClaw still makes sense if you prefer a gateway-first runtime, a tightly scoped workspace model, and its existing plugin and cron setup.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <h2> Introduction </h2> <p>If you are evaluating Hermes Agent as an OpenClaw alternative, the short answer is yes for many developer-facing API workflows. The reason is not hype. It is stack coverage.</p> <p>Hermes Agent is positioned as a self-improving agent with MCP support, multiple messaging surfaces, scheduled automations, provider choice, and an official <code>hermes claw migrate</code> path for OpenClaw users.</p> <p>OpenClaw is still a capable runtime. Its docs describe a gateway scheduler, custom skills, plugins, and a clear workspace model. The practical decision is not “which agent is newer?” It is “which runtime fits the way your team connects APIs, tools, webhooks, and MCP servers?”</p> <p>That is also where <a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=blog-sync">Apidog</a> fits. If you are building the API contracts either agent will call, Apidog helps you design, mock, test, and document those integrations before an agent touches production data.</p> <h2> What Is Hermes Agent? </h2> <p>Hermes Agent is an open-source AI assistant from NousResearch. It is designed to retain context, learn from past sessions, and become more useful over time.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu9uue7jiwv8gve6mpj31.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu9uue7jiwv8gve6mpj31.png" alt="Image" width="800" height="137"></a></p> <p>Unlike a stateless assistant that starts from zero each session, Hermes builds persistent context around projects, preferences, and workflow patterns.</p> <p>Its main differentiator is the learning loop:</p> <ul> <li>Conversations and completed tasks can feed future behavior.</li> <li>Repeated workflows can become reusable skills.</li> <li>Past sessions can be searched for relevant context.</li> <li>Project-specific preferences can persist across runs.</li> </ul> <p>For developers, that matters when the agent is not just answering questions but repeatedly working with codebases, APIs, internal tools, and operational workflows.</p> <h2> Why Developers Compare Hermes Agent and OpenClaw </h2> <p>Hermes and OpenClaw target overlapping use cases:</p> <ul> <li>CLI-based agent workflows</li> <li>Long-lived project context</li> <li>Skills or reusable workflows</li> <li>Scheduled automation</li> <li>Tool integration</li> <li>Messaging or gateway-style interaction</li> </ul> <p>But their public positioning is different.</p> <p>Hermes presents itself as a broader agent platform with:</p> <ul> <li>built-in learning loop</li> <li>cross-session memory</li> <li>skills</li> <li>scheduled automations</li> <li>parallel delegation</li> <li>MCP support</li> <li>OpenClaw migration tooling</li> </ul> <p>OpenClaw is framed more as a gateway-centered runtime with:</p> <ul> <li>a single workspace model</li> <li>bootstrap files such as <code>AGENTS.md</code> and <code>SOUL.md</code> </li> <li><code>openclaw cron</code></li> <li>WebSocket gateway</li> <li>custom skills</li> <li>plugin extension points</li> <li>context-engine plugins</li> </ul> <p>That difference changes implementation choices:</p> <ul> <li>Choose Hermes when you want more of the agent stack pre-integrated.</li> <li>Choose OpenClaw when you want a focused runtime around an existing workspace and gateway setup.</li> </ul> <p>For API work, this distinction matters because the agent is only one layer. The difficult parts are usually underneath it:</p> <ul> <li>HTTP APIs</li> <li>MCP servers</li> <li>webhooks</li> <li>secrets</li> <li>approval policies</li> <li>test environments</li> <li>documentation</li> <li>schema drift</li> </ul> <h2> Core Product Differences </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Dimension</th> <th>Hermes Agent</th> <th>OpenClaw</th> <th>Why it matters for API workflows</th> </tr> </thead> <tbody> <tr> <td>Memory model</td> <td>Built-in learning loop, skill creation, session search, user modeling</td> <td>Workspace context, runtime memory model, bootstrap files</td> <td>Hermes does more out of the box for long-running operational knowledge</td> </tr> <tr> <td>Tool extension</td> <td>Skills plus official MCP support</td> <td>Skills plus plugins and plugin slots</td> <td>Hermes is easier if your tools already exist as MCP servers</td> </tr> <tr> <td>Runtime shape</td> <td>CLI, gateway, multiple terminal backends, scheduled automations</td> <td>Embedded runtime centered around workspace and gateway</td> <td>Hermes is easier to stretch across local, VPS, and remote environments</td> </tr> <tr> <td>Migration</td> <td>Official <code>hermes claw migrate</code> flow</td> <td>N/A</td> <td>Hermes lowers switching cost for OpenClaw users</td> </tr> <tr> <td>Provider surface</td> <td>Nous Portal, OpenRouter, OpenAI, Anthropic, GitHub Copilot, local endpoints, and more</td> <td>Model options exist, but public positioning is less expansive</td> <td>Hermes is easier to match to team budget and provider constraints</td> </tr> <tr> <td>Project context</td> <td>Context files and project-level instructions</td> <td> <code>AGENTS.md</code>, <code>SOUL.md</code>, <code>TOOLS.md</code>, <code>BOOTSTRAP.md</code> </td> <td>Both are workable; Hermes aims for broader operational context</td> </tr> </tbody> </table></div> <p>The important point: OpenClaw still has substance. Its docs cover cron jobs, plugins, gateway configuration, and custom skills.</p> <p>Hermes adds a more complete stack around those same categories, especially for teams that want MCP, migration, provider flexibility, and multi-surface automation in one path.</p> <h2> Hermes vs OpenClaw: Feature Comparison </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Hermes Agent</th> <th>OpenClaw</th> <th>Practical takeaway</th> </tr> </thead> <tbody> <tr> <td>OpenClaw migration</td> <td>Yes, via <code>hermes claw migrate</code> </td> <td>N/A</td> <td>Hermes makes switching realistic instead of theoretical</td> </tr> <tr> <td>MCP support</td> <td>Official docs and config path</td> <td>Not the main public extension story</td> <td>Hermes is easier if your tool layer is MCP-based</td> </tr> <tr> <td>Messaging surfaces</td> <td>Broad multi-surface story across CLI and messaging</td> <td>Gateway-first runtime with messaging workflows</td> <td>Both can work; Hermes packages more of the setup</td> </tr> <tr> <td>Scheduling</td> <td>Built-in scheduled automations</td> <td> <code>openclaw cron</code> scheduler</td> <td>Both support scheduled workflows</td> </tr> <tr> <td>Skills</td> <td>Self-improving skill loop</td> <td>Custom skills</td> <td>Hermes emphasizes automatic skill evolution</td> </tr> <tr> <td>Plugins</td> <td>Multiple extension paths</td> <td>Plugin and context-engine plugin model</td> <td>OpenClaw still has serious extension points</td> </tr> <tr> <td>Provider flexibility</td> <td>Wider public provider story</td> <td>Less central in public docs</td> <td>Hermes is easier to adapt to cost or provider changes</td> </tr> <tr> <td>Deployment options</td> <td>Local plus broader backend and VPS-friendly options</td> <td>Tighter runtime and workspace model</td> <td>Hermes fits more operations use cases</td> </tr> </tbody> </table></div> <h2> Migration Guide: OpenClaw to Hermes </h2> <p>If you already use OpenClaw, start with a dry run.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes claw migrate <span class="nt">--dry-run</span> </code></pre> </div> <p>Use the output to review what Hermes can import before changing your active setup.</p> <p>Then run the migration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes claw migrate </code></pre> </div> <p>Based on the public Hermes migration docs and README, the migration path is designed to bring over operational state such as:</p> <ul> <li>memories and user context</li> <li>existing skills</li> <li>command approval patterns</li> <li>messaging settings</li> <li>some workspace-level instructions</li> </ul> <p>A safer migration sequence:</p> <ol> <li>Install Hermes.</li> <li>Run the health check. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> hermes doctor </code></pre> </div> <ol> <li>Run the migration dry run. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> hermes claw migrate <span class="nt">--dry-run</span> </code></pre> </div> <ol> <li>Review imported skills, messaging settings, and command approvals.</li> <li>Run the full migration. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> hermes claw migrate </code></pre> </div> <ol> <li>Start with a CLI-only session.</li> <li>Reconnect messaging surfaces after the base runtime works.</li> <li>Re-add MCP servers or external tool integrations last.</li> </ol> <p>That order isolates failures. If something breaks, you can tell whether the cause is imported state, provider configuration, or a new integration.</p> <p>If your OpenClaw setup depends on custom plugins or strict workspace bootstrap files, treat migration like a runtime change:</p> <ul> <li>export important state</li> <li>test one workflow at a time</li> <li>validate API-backed tools before handing them to the agent</li> <li>keep rollback instructions available</li> </ul> <p>For API-backed workflows, validate the contract in <a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=blog-sync">Apidog</a> first. Otherwise, you may blame the agent for an unstable integration.</p> <h2> Standout Hermes Features </h2> <p>Hermes stands out where it combines capabilities that OpenClaw does not present as its main path today.</p> <h3> 1. First-class OpenClaw migration </h3> <p>Hermes directly acknowledges OpenClaw users with a migration command.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes claw migrate </code></pre> </div> <p>That lowers switching cost compared with manually recreating skills, memory, approvals, and messaging settings.</p> <h3> 2. Official MCP-based expansion </h3> <p>OpenClaw supports plugins and skills. Hermes adds an official MCP configuration path.</p> <p>That matters if your team is already exposing tools through MCP servers, such as:</p> <ul> <li>filesystem access</li> <li>GitHub operations</li> <li>database tools</li> <li>fetch tools</li> <li>internal service wrappers</li> <li>custom operational APIs</li> </ul> <h3> 3. Broader provider and backend surface </h3> <p>Hermes is more explicit about provider choice and runtime backends.</p> <p>That helps when you need to change model vendors, run locally, use a VPS, or connect through remote execution environments without redesigning the whole workflow.</p> <h3> 4. Stronger learning-loop model </h3> <p>Both tools care about persistent usefulness, but Hermes makes self-improving skills, user modeling, and cross-session recall central to the product.</p> <p>For recurring API operations, that can reduce repeated prompting and manual setup.</p> <h3> 5. Better fit for API-plus-messaging workflows </h3> <p>Hermes combines:</p> <ul> <li>migration support</li> <li>MCP</li> <li>provider flexibility</li> <li>messaging</li> <li>scheduling</li> <li>broader deployment options</li> </ul> <p>That combination is why it feels more complete for API operations, not just more feature-heavy on paper.</p> <h2> Which One Is Better for API Workflows? </h2> <p>For most teams building against internal APIs, webhooks, or MCP-connected services, Hermes is the stronger default.</p> <h3> 1. Hermes has a cleaner path to external tool ecosystems </h3> <p>Hermes has official MCP documentation and example configuration for local and remote MCP servers.</p> <p>A typical Hermes MCP configuration looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">mcp_servers</span><span class="pi">:</span> <span class="na">filesystem</span><span class="pi">:</span> <span class="na">command</span><span class="pi">:</span> <span class="s2">"</span><span class="s">npx"</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">-y"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">@modelcontextprotocol/server-filesystem"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/home/user/projects"</span> <span class="na">github</span><span class="pi">:</span> <span class="na">command</span><span class="pi">:</span> <span class="s2">"</span><span class="s">npx"</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">-y"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">@modelcontextprotocol/server-github"</span> <span class="na">env</span><span class="pi">:</span> <span class="na">GITHUB_PERSONAL_ACCESS_TOKEN</span><span class="pi">:</span> <span class="s2">"</span><span class="s">${GITHUB_PERSONAL_ACCESS_TOKEN}"</span> </code></pre> </div> <p>That fits teams that already think in service boundaries and tool contracts.</p> <p>If your engineering org exposes capabilities through MCP, Hermes maps cleanly to that model.</p> <h3> 2. Hermes has the stronger migration story </h3> <p>The migration command makes the OpenClaw comparison practical instead of theoretical.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes claw migrate <span class="nt">--dry-run</span> hermes claw migrate </code></pre> </div> <p>If you already use OpenClaw, this is the first feature to test.</p> <h3> 3. Hermes is broader without forcing a browser-first workflow </h3> <p>Hermes can run in the CLI, but it is not limited to the CLI. Its docs also describe messaging surfaces such as Telegram and WhatsApp, plus scheduled job output.</p> <p>That is useful for operational tasks like:</p> <ul> <li>posting nightly API audit summaries</li> <li>sending deployment health checks</li> <li>surfacing failed contract tests</li> <li>summarizing queue backlogs</li> <li>reporting webhook failures</li> </ul> <p>OpenClaw can handle scheduled gateway work too. Its cron docs show scheduler behavior such as retention, retries, and job history.</p> <p>The difference is that Hermes presents more of the full path together: model selection, tools, messaging, cron, provider setup, and migration.</p> <h3> 4. Hermes is better aligned with provider churn </h3> <p>API-heavy agent workflows can break or become expensive when model providers change pricing, rate limits, or behavior.</p> <p>Hermes emphasizes provider flexibility, including OpenRouter, OpenAI-compatible endpoints, and multiple direct integrations.</p> <p>That flexibility is useful if your team does not want agent architecture tied to one model vendor.</p> <h2> Where OpenClaw Still Makes Sense </h2> <p>OpenClaw should not be dismissed.</p> <p>Its current docs still describe:</p> <ul> <li>clear agent runtime model</li> <li>dedicated workspace abstraction</li> <li>bootstrap context files</li> <li>custom skills</li> <li>plugin support</li> <li>context-engine plugins</li> <li>gateway scheduling via <code>openclaw cron</code> </li> </ul> <p>OpenClaw remains a good option if you value:</p> <ul> <li>a simpler workspace model</li> <li>gateway-first workflows</li> <li>existing skills or plugins your team depends on</li> <li>avoiding migration work</li> <li>predictable workspace policy</li> </ul> <p>OpenClaw can also be easier to treat as a contained runtime with a known home directory and workspace structure.</p> <p>A better framing is:</p> <ul> <li>Hermes is the better default for API-heavy, MCP-based, multi-surface automation.</li> <li>OpenClaw is still valid if your current runtime and plugin model already work.</li> </ul> <h2> How Apidog Fits Into Either Stack </h2> <p>Hermes and OpenClaw are agent layers. Apidog is the API contract layer beneath them.</p> <p>The fragile part of an agent workflow is usually not the chat interface. It is the service interface.</p> <p>If the agent calls an unclear webhook, a drifting OpenAPI schema, or an undocumented status model, the workflow becomes unreliable.</p> <p>A practical stack looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Apidog -&gt; define and test the API contract MCP server or plugin -&gt; expose that contract to the agent Hermes Agent or OpenClaw -&gt; call the tool in a workflow </code></pre> </div> <p>Example: your team wants an agent that triggers an internal API audit and posts the result in Telegram.</p> <p>Define the HTTP contract first:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">POST /audits GET /audits/{audit_id} </span></code></pre> </div> <p>Set up an environment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>base_url = https://internal-api.example.com token = redacted audit_id = </code></pre> </div> <p>Add assertions:</p> <ul> <li> <code>POST /audits</code> returns <code>202</code> </li> <li>response includes <code>audit_id</code> </li> <li> <code>GET /audits/{audit_id}</code> moves from <code>queued</code> to <code>completed</code> </li> <li>failure states are documented</li> <li>auth errors return predictable status codes</li> <li>retry behavior is clear</li> </ul> <p>Only after the contract is stable should you expose it to the agent:</p> <ul> <li>Hermes via MCP or another compatible tool path</li> <li>OpenClaw via plugin, skill, or gateway workflow</li> </ul> <p>This prevents a common failure mode: blaming the agent for a weak API contract.</p> <p>Use <a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=blog-sync">Apidog</a> to design, test, and document the APIs your Hermes Agent or OpenClaw workflows rely on before those integrations go live.</p> <h2> Advanced Evaluation Checklist </h2> <p>Do not choose based only on “which one writes better replies.”</p> <p>Use this checklist instead.</p> <h3> 1. How does the tool handle context pressure? </h3> <p>Hermes emphasizes compression, session search, and persistent knowledge.</p> <p>OpenClaw also has a context engine model and plugin hooks.</p> <p>If your workflows run for days or weeks, context management matters more than demo quality.</p> <h3> 2. How much of your tool layer already exists as APIs or MCP servers? </h3> <p>If much of your tooling is already API-backed or MCP-ready, Hermes has the simpler story today.</p> <h3> 3. How hard is it to move existing operational state? </h3> <p>If you are already on OpenClaw, test:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes claw migrate <span class="nt">--dry-run</span> </code></pre> </div> <p>The migration path is one of Hermes’ strongest practical advantages.</p> <h3> 4. How much deployment flexibility do you need? </h3> <p>Hermes is explicit about local, Docker, SSH, Modal, and other backend options.</p> <p>That matters if you want the agent to run on a VPS, connect to remote systems, or wake up only for scheduled jobs.</p> <h3> 5. Do you need a platform or a runtime? </h3> <p>Use this as the final decision line:</p> <ul> <li>Choose Hermes if you want a broader agent platform.</li> <li>Stay with OpenClaw if you want a tighter runtime and your current setup already works.</li> </ul> <h2> Alternatives and Comparisons </h2> <p>If your main goal is coding assistance, Hermes and OpenClaw are not the only options.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>Best fit</th> <th>Where it differs</th> </tr> </thead> <tbody> <tr> <td>Hermes Agent</td> <td>API-heavy personal or team agent workflows</td> <td>Broader stack with MCP, messaging, automation, and migration path</td> </tr> <tr> <td>OpenClaw</td> <td>Gateway-first agent runtime with existing plugin or skill investment</td> <td>More focused workspace model and runtime-centered design</td> </tr> <tr> <td>Claude Code</td> <td>Code-first terminal agent</td> <td>Strong for coding, weaker as a messaging-first personal agent</td> </tr> <tr> <td>Codex-style agents</td> <td>Repo work, automation, code change execution</td> <td>Good for engineering tasks, not the same long-lived messaging agent model</td> </tr> </tbody> </table></div> <p>Hermes is the closer OpenClaw alternative because it competes at the same architectural layer: long-lived agent runtime plus tools, scheduling, and integrations.</p> <h2> Real-World Use Cases </h2> <h3> 1. Internal API operations assistant </h3> <p>You want a bot that can:</p> <ul> <li>summarize failed contract tests</li> <li>create follow-up tickets</li> <li>post a digest to Telegram</li> <li>rerun checks after fixes</li> </ul> <p>Hermes is a better fit if you also want MCP-based tool growth and scheduled delivery.</p> <p>OpenClaw is still viable if your gateway flow already exists.</p> <h3> 2. Team knowledge and workflow agent </h3> <p>You want:</p> <ul> <li>project instructions</li> <li>reusable skills</li> <li>cross-session recall</li> <li>workflow memory</li> </ul> <p>Hermes has the stronger public story here because the learning loop is central to the product.</p> <h3> 3. API watchdog on a cheap VPS </h3> <p>You want a small always-on agent that watches:</p> <ul> <li>logs</li> <li>health checks</li> <li>webhook activity</li> <li>failed jobs</li> <li>API contract test results</li> </ul> <p>Hermes is easier to recommend because its docs describe VPS-friendly and remote backend setups.</p> <h2> Conclusion </h2> <p>Hermes Agent is the better OpenClaw alternative for most API-heavy workflows right now.</p> <p>OpenClaw still has a credible runtime, scheduler, skills system, and plugin model. If your team already built around OpenClaw and it works, there may be no urgent reason to migrate.</p> <p>The biggest Hermes advantage is not one feature. It is how much of the modern agent stack is already connected:</p> <ul> <li>MCP</li> <li>migration</li> <li>scheduling</li> <li>messaging</li> <li>provider flexibility</li> <li>persistent learning</li> <li>broader deployment paths</li> </ul> <p>The biggest OpenClaw advantage is simplicity for teams already aligned with its workspace and gateway model.</p> <p>If you are starting fresh, Hermes is the better default. If you are already on OpenClaw, test the migration path before rebuilding anything manually. And if your real problem is unstable API contracts, fix that first in <a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=blog-sync">Apidog</a> so the agent layer has reliable tools to call.</p> <h2> FAQ </h2> <h3> Is “Hermers Agent” the same as Hermes Agent? </h3> <p>Yes. People sometimes type “Hermers Agent,” but the project is Hermes Agent by NousResearch.</p> <h3> Is Hermes Agent connected to OpenClaw? </h3> <p>They are separate projects today, but Hermes explicitly supports migration from OpenClaw. That is why the comparison appears often.</p> <h3> Does OpenClaw still support plugins and cron jobs? </h3> <p>Yes. OpenClaw’s current docs describe a plugin system, context-engine plugins, custom skills, and scheduler commands under <code>openclaw cron</code>.</p> <h3> Why is Hermes better for API-heavy workflows? </h3> <p>Because Hermes combines broader provider support, official MCP documentation, migration tooling, scheduling, messaging, and a stronger learning-loop story in one stack.</p> <h3> Can Hermes Agent replace Apidog? </h3> <p>No. Hermes is an agent. Apidog is for API design, testing, mocking, environments, and documentation. They solve different layers of the same workflow.</p> <h3> Does Hermes Agent run on native Windows? </h3> <p>No. The official install docs say Linux, macOS, and WSL2 are supported, while native Windows is not.</p> How to Use Hermes Agent Preecha Thu, 25 Jun 2026 13:03:32 +0000 https://dev.to/preecha/how-to-use-hermes-agent-5ch7 https://dev.to/preecha/how-to-use-hermes-agent-5ch7 <p>TL;DR: Hermes Agent is an open-source AI assistant that keeps persistent memory across sessions, learns reusable skills, and can run through CLI, Telegram, Discord, Slack, your IDE, or scheduled automation. This guide walks through installation, configuration, daily usage, integrations, memory, skills, and troubleshooting.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <h2> What Is Hermes Agent? </h2> <p>Hermes Agent is a personal AI assistant from NousResearch that can run continuously, remember prior work, and improve over time. Unlike tools that start each conversation from scratch, Hermes builds persistent context around your projects, preferences, conversations, and workflows.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbn7xyr7n0ho03doa7j0i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbn7xyr7n0ho03doa7j0i.png" alt="Image" width="800" height="137"></a></p> <p>Core capabilities:</p> <ul> <li> <strong>Persistent memory</strong>: stores conversations, decisions, and code context</li> <li> <strong>Learning system</strong>: turns repeated tasks into reusable skills</li> <li> <strong>Multi-platform access</strong>: CLI, Telegram, Discord, Slack, WhatsApp, and IDE workflows</li> <li> <strong>Self-hosting</strong>: run locally, on a VPS, or in cloud infrastructure</li> <li> <strong>Model flexibility</strong>: use OpenRouter or direct LLM providers</li> <li> <strong>Extensibility</strong>: add plugins, tools, commands, and hooks</li> </ul> <p>Hermes is useful if you want:</p> <ul> <li>An AI pair programmer that can remember your codebase</li> <li>A shared assistant for a team or workspace</li> <li>Long-running automation through scheduled tasks</li> <li>Data for training or evaluating custom agent behavior</li> </ul> <h2> Installation </h2> <h3> Prerequisites </h3> <p>Before installing Hermes, make sure you have:</p> <ul> <li>macOS, Linux, or Windows with WSL recommended</li> <li>Python 3.10+</li> <li>Git</li> <li>An API key from OpenRouter, Anthropic, OpenAI, or another supported provider</li> </ul> <h3> Quick Install </h3> <p>Use the installer script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-fsSL</span> https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash </code></pre> </div> <p>The script:</p> <ol> <li>Clones the Hermes repository</li> <li>Installs <code>uv</code> </li> <li>Creates a Python virtual environment</li> <li>Installs dependencies</li> <li>Adds Hermes to your <code>PATH</code> </li> </ol> <p>Reload your shell:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">source</span> ~/.bashrc <span class="c"># bash</span> <span class="nb">source</span> ~/.zshrc <span class="c"># zsh</span> </code></pre> </div> <p>Verify the installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes <span class="nt">--version</span> </code></pre> </div> <p>You should see output similar to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Hermes Agent v0.5.0 </code></pre> </div> <h3> Manual Install </h3> <p>Use this path if you want to work on Hermes directly or control the environment yourself.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/NousResearch/hermes-agent.git <span class="nb">cd </span>hermes-agent curl <span class="nt">-LsSf</span> https://astral.sh/uv/install.sh | sh uv venv venv <span class="nt">--python</span> 3.11 <span class="nb">source </span>venv/bin/activate </code></pre> </div> <p>On Windows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="o">.</span><span class="n">\venv\Scripts\activate</span><span class="w"> </span></code></pre> </div> <p>Install Hermes with all features:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>uv pip <span class="nb">install</span> <span class="nt">-e</span> <span class="s2">".[all,dev]"</span> </code></pre> </div> <p>Run tests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python <span class="nt">-m</span> pytest tests/ <span class="nt">-q</span> </code></pre> </div> <h3> Install RL Training Support </h3> <p>If you plan to train custom models, initialize the training submodule and install its dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git submodule update <span class="nt">--init</span> tinker-atropos uv pip <span class="nb">install</span> <span class="nt">-e</span> <span class="s2">"./tinker-atropos"</span> </code></pre> </div> <h2> Initial Setup </h2> <h3> Run the Setup Wizard </h3> <p>For first-time setup, use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes setup </code></pre> </div> <p>The wizard helps you configure:</p> <ul> <li>LLM provider</li> <li>API keys</li> <li>Persistent memory</li> <li>Terminal backend</li> <li>Optional gateways such as Telegram, Discord, or Slack</li> </ul> <h3> Manual Configuration </h3> <p>Open the config file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config edit </code></pre> </div> <p>Or set values directly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>model anthropic/claude-opus-4 hermes config <span class="nb">set </span>terminal.backend <span class="nb">local </span>hermes config <span class="nb">set </span>OPENROUTER_API_KEY sk-or-... hermes config <span class="nb">set </span>ANTHROPIC_API_KEY sk-ant-... </code></pre> </div> <p>Hermes stores API keys in:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>~/.hermes/.env </code></pre> </div> <p>Do not commit or share this file.</p> <h3> Configuration Directory </h3> <p>Hermes stores local data under <code>~/.hermes/</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>~/.hermes/ ├── config.yaml # Main configuration ├── .env # API keys ├── memory/ # Persistent memory storage ├── skills/ # Installed skills └── plugins/ # Custom plugins </code></pre> </div> <h3> Verify Your Setup </h3> <p>Run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes doctor </code></pre> </div> <p>This checks:</p> <ul> <li>Config validity</li> <li>API key connectivity</li> <li>Memory status</li> <li>Gateway status</li> <li>Terminal backend connection</li> </ul> <h2> Choose an LLM Provider </h2> <p>Hermes can work with multiple model providers. Pick the provider based on cost, privacy, context length, and coding quality requirements.</p> <h3> OpenRouter </h3> <p>OpenRouter is a good default because one API key gives access to many models.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>model openrouter hermes config <span class="nb">set </span>OPENROUTER_API_KEY sk-or-... </code></pre> </div> <p>Example model choices:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Model</th> <th>Use case</th> <th>Relative cost</th> </tr> </thead> <tbody> <tr> <td><code>anthropic/claude-opus-4</code></td> <td>Complex coding and reasoning</td> <td>High</td> </tr> <tr> <td><code>anthropic/claude-sonnet-4</code></td> <td>Balanced development work</td> <td>Medium</td> </tr> <tr> <td><code>openai/gpt-4o</code></td> <td>General-purpose tasks</td> <td>Medium</td> </tr> <tr> <td><code>google/gemini-pro-1.5</code></td> <td>Long-context workflows</td> <td>Low</td> </tr> <tr> <td><code>meta/llama-3-70b</code></td> <td>Open-source, fast tasks</td> <td>Low</td> </tr> </tbody> </table></div> <h3> Anthropic Direct </h3> <p>Use Anthropic directly if you want direct access to Claude models.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>model anthropic hermes config <span class="nb">set </span>ANTHROPIC_API_KEY sk-ant-... hermes config <span class="nb">set </span>model.default claude-opus-4 </code></pre> </div> <h3> OpenAI Direct </h3> <p>Use OpenAI directly for GPT-4o or o1 workflows.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>model openai hermes config <span class="nb">set </span>OPENAI_API_KEY sk-... </code></pre> </div> <h3> Local Models with Ollama </h3> <p>Use Ollama if you want local, private, offline-capable inference.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>model ollama hermes config <span class="nb">set </span>model.default qwen2.5-coder:32b </code></pre> </div> <p>Install Ollama first from:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://ollama.ai </code></pre> </div> <h3> Example Model Config </h3> <p>Smart routing with fallbacks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">model</span><span class="pi">:</span> <span class="na">provider</span><span class="pi">:</span> <span class="s">openrouter</span> <span class="na">default</span><span class="pi">:</span> <span class="s">anthropic/claude-opus-4</span> <span class="na">fallback</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">anthropic/claude-haiku-4-5</span> <span class="pi">-</span> <span class="s">openai/gpt-4o-mini</span> </code></pre> </div> <p>Budget controls:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">model</span><span class="pi">:</span> <span class="na">budget</span><span class="pi">:</span> <span class="na">daily_limit</span><span class="pi">:</span> <span class="m">5.00</span> <span class="na">monthly_limit</span><span class="pi">:</span> <span class="m">100.00</span> </code></pre> </div> <h2> Basic CLI Usage </h2> <p>Start Hermes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes </code></pre> </div> <p>Then chat naturally:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; Help me write a Python function to parse JSON safely. </code></pre> </div> <h3> Useful Slash Commands </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; /help # Show commands &gt; /skills # Browse skills &gt; /memory # View memory status &gt; /config # View or edit config &gt; /clear # Clear current conversation &gt; /history # View past conversations </code></pre> </div> <h3> Work with Files </h3> <p>Ask Hermes to inspect a file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; Look at ./src/main.py and explain the database connection flow. </code></pre> </div> <p>Ask it to edit a file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; In main.py, change the database port from 5432 to 5433. </code></pre> </div> <p>Create a new file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; Create utils.py with helper functions for date formatting. </code></pre> </div> <h3> Run Terminal Commands </h3> <p>You can ask Hermes to run commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; Run: npm install &amp;&amp; npm run build </code></pre> </div> <p>Hermes asks for confirmation before executing commands.</p> <h3> Use a Persistent Shell </h3> <p>Hermes keeps shell state across commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; cd /my/project &amp;&amp; source venv/bin/activate &gt; python src/main.py </code></pre> </div> <p>The virtual environment remains active for later commands in the same shell session.</p> <h3> Run Multi-Step Development Tasks </h3> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; Add user authentication to my Flask app: &gt; 1. Create database models &gt; 2. Add login and logout endpoints &gt; 3. Generate JWT tokens &gt; 4. Write tests for the auth flow </code></pre> </div> <p>Hermes can break the task into steps and ask for confirmation as it works.</p> <h2> Messaging Gateways </h2> <p>Hermes can run as a bot in messaging platforms so you can use it from your phone or team chat.</p> <h3> Telegram Setup </h3> <ol> <li>Open Telegram and search for <code>@BotFather</code> </li> <li>Send <code>/newbot</code> </li> <li>Follow the prompts</li> <li>Copy the bot token</li> </ol> <p>Configure Hermes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>TELEGRAM_BOT_TOKEN 123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11 </code></pre> </div> <p>Start the gateway:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes gateway setup telegram hermes gateway start </code></pre> </div> <p>Then open your bot in Telegram, send <code>/start</code>, and chat.</p> <h3> Discord Setup </h3> <ol> <li>Go to <code>https://discord.com/developers/applications</code> </li> <li>Create a new application</li> <li>Open the <strong>Bot</strong> section</li> <li>Create a bot and copy the token</li> <li>Use <strong>OAuth2 → URL Generator</strong> to invite the bot to your server</li> </ol> <p>Configure Hermes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>DISCORD_BOT_TOKEN MTIzNDU2... hermes gateway setup discord hermes gateway start </code></pre> </div> <p>Use it by mentioning the bot:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>@Hermes help me write a function that validates email addresses </code></pre> </div> <p>You can also use it in DMs.</p> <h3> Slack Setup </h3> <ol> <li>Go to <code>https://api.slack.com/apps</code> </li> <li>Create a new app from scratch</li> <li>Add bot permissions</li> <li>Install the app to your workspace</li> <li>Copy the bot token</li> </ol> <p>Configure Hermes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>SLACK_BOT_TOKEN xoxb-... hermes gateway setup slack hermes gateway start </code></pre> </div> <h3> Run All Gateways </h3> <p>To start every configured gateway:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes gateway start <span class="nt">--all</span> </code></pre> </div> <p>Hermes syncs conversation state across platforms.</p> <h2> IDE Integration </h2> <p>Hermes integrates with editors through the Agent Communication Protocol.</p> <h3> VS Code </h3> <ol> <li>Open Extensions with <code>Ctrl+Shift+X</code> </li> <li>Search for <code>Agent Communication Protocol</code> </li> <li>Install the extension</li> <li>Start the Hermes ACP server: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes acp start </code></pre> </div> <p>Then open the ACP sidebar, select Hermes, and chat from the editor.</p> <h3> JetBrains IDEs </h3> <p>For IntelliJ, PyCharm, and other JetBrains IDEs:</p> <ol> <li>Open <strong>Settings → Plugins</strong> </li> <li>Search for <code>ACP</code> or <code>Agent Communication Protocol</code> </li> <li>Install the plugin</li> <li>Restart the IDE</li> <li>Start Hermes: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes acp start </code></pre> </div> <p>Then configure Hermes under:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Settings → Tools → AI Agents </code></pre> </div> <h3> Zed </h3> <p>Configure Zed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"agent"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"provider"</span><span class="p">:</span><span class="w"> </span><span class="s2">"acp"</span><span class="p">,</span><span class="w"> </span><span class="nl">"endpoint"</span><span class="p">:</span><span class="w"> </span><span class="s2">"hermes"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Start Hermes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes acp start </code></pre> </div> <h2> Memory and Learning </h2> <p>Hermes uses memory to make future sessions more useful.</p> <h3> Memory Types </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Type</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td>Episodic memory</td> <td>Stores conversations and sessions</td> </tr> <tr> <td>Semantic memory</td> <td>Builds knowledge about projects, preferences, and patterns</td> </tr> <tr> <td>Procedural memory</td> <td>Stores reusable skills and workflows</td> </tr> </tbody> </table></div> <p>Search memory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; /memory search "database migration" </code></pre> </div> <p>List project memory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; /memory projects </code></pre> </div> <p>List skills:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; /skills list </code></pre> </div> <h3> Search Past Sessions </h3> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; /memory search "How did we handle JWT expiration last week?" </code></pre> </div> <p>Hermes searches prior context and summarizes relevant results.</p> <h3> Memory Nudges </h3> <p>Hermes can surface related context while you work:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[Hermes]: I noticed you're working on the auth system. Last Tuesday you mentioned a problem with JWT expiration. Want to revisit that? </code></pre> </div> <h3> Context Compression </h3> <p>Hermes automatically compresses context to avoid hitting model limits:</p> <ul> <li>Gateway compression at 85% context usage</li> <li>Agent-level compression at 50%, configurable</li> </ul> <p>This helps keep long conversations usable without manual pruning.</p> <h3> Backup and Restore Memory </h3> <p>Export memory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes memory <span class="nb">export</span> ~/backup/hermes-memory.json </code></pre> </div> <p>Import memory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes memory import ~/backup/hermes-memory.json </code></pre> </div> <h2> Skills and Plugins </h2> <h3> Skills </h3> <p>Skills are reusable workflows Hermes can execute.</p> <p>Built-in examples include:</p> <ul> <li><code>code_review</code></li> <li><code>debug_session</code></li> <li><code>api_tester</code></li> <li><code>git_workflow</code></li> <li><code>documentation</code></li> </ul> <p>List skills:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; /skills list </code></pre> </div> <p>Install a skill:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; /skills install code_review </code></pre> </div> <p>Run a skill:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; /skills run code_review ./src/auth.py </code></pre> </div> <h3> Create a Custom Skill </h3> <p>Create a file under <code>~/.hermes/skills/</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ~/.hermes/skills/my_skill.py </span><span class="kn">from</span> <span class="n">hermes.skills</span> <span class="kn">import</span> <span class="n">Skill</span> <span class="k">class</span> <span class="nc">MyCustomSkill</span><span class="p">(</span><span class="n">Skill</span><span class="p">):</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">my_custom_skill</span><span class="sh">"</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Does something useful</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">execute</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="c1"># Your skill logic here </span> <span class="k">return</span> <span class="sh">"</span><span class="s">Skill executed successfully</span><span class="sh">"</span> </code></pre> </div> <h3> Plugins </h3> <p>Plugins extend Hermes with custom tools, slash commands, and lifecycle hooks.</p> <p>Example custom tool:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ~/.hermes/plugins/my_tool.py </span><span class="kn">from</span> <span class="n">hermes.tools</span> <span class="kn">import</span> <span class="n">Tool</span> <span class="k">class</span> <span class="nc">MyCustomTool</span><span class="p">(</span><span class="n">Tool</span><span class="p">):</span> <span class="n">name</span> <span class="o">=</span> <span class="sh">"</span><span class="s">my_tool</span><span class="sh">"</span> <span class="n">description</span> <span class="o">=</span> <span class="sh">"</span><span class="s">A custom tool for specific tasks</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">run</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="c1"># Tool logic here </span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">success</span><span class="sh">"</span><span class="p">}</span> </code></pre> </div> <p>Plugin types:</p> <ul> <li> <strong>Tools</strong>: new capabilities the agent can use</li> <li> <strong>Commands</strong>: new slash commands</li> <li> <strong>Hooks</strong>: before/after turn handlers</li> </ul> <h2> Advanced Workflows </h2> <h3> Cron Scheduling </h3> <p>Ask Hermes to create a scheduled task:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; Set up a daily digest of my GitHub notifications at 9am. </code></pre> </div> <p>Or configure a task manually:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">cron</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Daily</span><span class="nv"> </span><span class="s">digest"</span> <span class="na">schedule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0</span><span class="nv"> </span><span class="s">9</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*"</span> <span class="na">command</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/skills</span><span class="nv"> </span><span class="s">run</span><span class="nv"> </span><span class="s">github_digest"</span> <span class="na">model</span><span class="pi">:</span> <span class="s2">"</span><span class="s">anthropic/claude-haiku-4-5"</span> </code></pre> </div> <h3> Subagent Delegation </h3> <p>Hermes can spawn subagents for parallel work.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; Review all PRs in my repo and summarize the changes. </code></pre> </div> <p>Hermes can delegate work to multiple subagents and synthesize the results.</p> <h3> Voice Mode </h3> <p>Start CLI voice mode:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes <span class="nt">--voice</span> </code></pre> </div> <p>Messaging platforms can also support voice-note workflows:</p> <ul> <li>Send a voice message</li> <li>Hermes transcribes it</li> <li>Hermes responds in the chat</li> </ul> <p>For Discord voice channels, Hermes can join and handle real-time voice interaction.</p> <h3> Browser Control </h3> <p>Hermes can integrate with Browser Use CLI 2.0 for web automation.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; Go to github.com and find the top 5 trending Python repos. </code></pre> </div> <p>Connect to a live Chrome instance with CDP:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes browser connect <span class="nt">--cdp</span> </code></pre> </div> <h3> MCP Integration </h3> <p>Hermes supports Model Context Protocol servers.</p> <p>Example config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">mcp</span><span class="pi">:</span> <span class="na">servers</span><span class="pi">:</span> <span class="na">filesystem</span><span class="pi">:</span> <span class="na">command</span><span class="pi">:</span> <span class="s2">"</span><span class="s">npx"</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-y"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">@modelcontextprotocol/server-filesystem"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">~/projects"</span><span class="pi">]</span> <span class="na">git</span><span class="pi">:</span> <span class="na">command</span><span class="pi">:</span> <span class="s2">"</span><span class="s">npx"</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-y"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">@modelcontextprotocol/server-git"</span><span class="pi">]</span> </code></pre> </div> <h3> Worktree Mode </h3> <p>Run Hermes in an isolated Git worktree:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes <span class="nt">-w</span> </code></pre> </div> <p>This lets multiple agents work on the same repo concurrently without conflicting changes.</p> <h3> Run Other Agents Inside Hermes </h3> <p>You can ask Hermes to call another specialized agent:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; Use claude-code to review this pull request. </code></pre> </div> <p>This is useful when a subagent is better suited for a specific task.</p> <h2> Troubleshooting </h2> <h3> API Key Not Found </h3> <p>Check whether the key is set:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config get OPENROUTER_API_KEY </code></pre> </div> <p>Set it again if needed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>OPENROUTER_API_KEY sk-or-... </code></pre> </div> <h3> Model Not Available </h3> <p>List available models:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes models list </code></pre> </div> <p>Change the model:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>model anthropic/claude-opus-4 </code></pre> </div> <h3> Gateway Failed to Start </h3> <p>Check status:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes gateway status </code></pre> </div> <p>Restart:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes gateway stop hermes gateway start </code></pre> </div> <h3> Memory Corruption Detected </h3> <p>Back up memory first:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes memory <span class="nb">export</span> ~/backup/memory-backup.json </code></pre> </div> <p>Reset memory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes memory reset </code></pre> </div> <p>Re-import if needed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes memory import ~/backup/memory-backup.json </code></pre> </div> <h3> Get Help </h3> <p>Inside Hermes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&gt; /help </code></pre> </div> <p>View logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes logs <span class="nb">tail</span> <span class="nt">--follow</span> </code></pre> </div> <p>Run diagnostics:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes doctor </code></pre> </div> <h2> FAQ </h2> <h3> How much does Hermes cost? </h3> <p>Hermes itself is free. You pay for LLM usage.</p> <p>Typical monthly ranges:</p> <ul> <li>Light use: <code>$5–15</code> </li> <li>Moderate development use: <code>$20–50</code> </li> <li>Heavy automation: <code>$50–200</code> </li> </ul> <p>Local models through Ollama can avoid API usage costs but require suitable hardware.</p> <h3> Can Hermes run 24/7? </h3> <p>Yes. For example, on a VPS:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-fsSL</span> https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash hermes service <span class="nb">install </span>hermes service start </code></pre> </div> <h3> Is Hermes suitable for enterprise use? </h3> <p>Hermes includes features relevant to enterprise deployments, including:</p> <ul> <li>Multi-user gateway mode with session isolation</li> <li>PII redaction</li> <li>Supply chain security hardening</li> <li>Self-hosted deployment</li> <li>Audit logging</li> </ul> <h3> How do I migrate from OpenClaw? </h3> <p>Preview the migration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes claw migrate <span class="nt">--dry-run</span> </code></pre> </div> <p>Run it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes claw migrate </code></pre> </div> <p>Verify the result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes doctor </code></pre> </div> <h3> Can I use Hermes without internet? </h3> <p>Yes, with local models.</p> <p>Install Ollama:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-fsSL</span> https://ollama.ai/install.sh | sh </code></pre> </div> <p>Pull a model:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ollama pull qwen2.5-coder:32b </code></pre> </div> <p>Configure Hermes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes config <span class="nb">set </span>model ollama hermes config <span class="nb">set </span>model.default qwen2.5-coder:32b </code></pre> </div> <h3> Hermes vs. ChatGPT </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Hermes</th> <th>ChatGPT</th> </tr> </thead> <tbody> <tr> <td>Memory</td> <td>Persistent and searchable</td> <td>Session-only</td> </tr> <tr> <td>Deployment</td> <td>Self-hosted, can run 24/7</td> <td>Cloud-only</td> </tr> <tr> <td>Model choice</td> <td>200+ models</td> <td>GPT models</td> </tr> <tr> <td>Extensibility</td> <td>Plugins and skills</td> <td>Limited</td> </tr> <tr> <td>Cost model</td> <td>Pay for usage</td> <td>Subscription</td> </tr> <tr> <td>Privacy</td> <td>You control deployment and data</td> <td>OpenAI stores data</td> </tr> </tbody> </table></div> <h3> How do I back up all Hermes data? </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hermes <span class="nb">export</span> <span class="nt">--all</span> ~/backup/hermes-full-backup.tar.gz </code></pre> </div> <h3> Can Hermes access my local files? </h3> <p>Hermes can access files you explicitly reference or directories you grant permission to. By default, it does not have unrestricted filesystem access.</p> <p>Want to include API testing in your AI-assisted development workflow? Use Apidog to design, test, and document APIs alongside your agent-based coding process.</p> Qwen 3.6 Available on OpenRouter: How to Use It Right Now Preecha Thu, 25 Jun 2026 01:03:12 +0000 https://dev.to/preecha/qwen-36-available-on-openrouter-how-to-use-it-right-now-1fk2 https://dev.to/preecha/qwen-36-available-on-openrouter-how-to-use-it-right-now-1fk2 <h2> TL;DR </h2> <p>Qwen 3.6 Plus Preview launched on March 30, 2026, with a 1-million-token context window, mandatory chain-of-thought reasoning, and tool use support. It is currently free on OpenRouter. Use the model ID <code>qwen/qwen3.6-plus-preview:free</code> with any OpenAI-compatible client to start sending requests.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <h2> The model that showed up quietly </h2> <p>Alibaba Cloud released Qwen 3.6 Plus Preview on March 30, 2026. There was no waitlist or major launch campaign. The model appeared on OpenRouter at <code>$0</code> per million tokens.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa1sovt2j08pac59126ya.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fa1sovt2j08pac59126ya.png" alt="Image" width="800" height="240"></a></p> <p>In its first two days, it processed more than 400 million completion tokens across roughly 400,000 requests. Developers also reported fast responses.</p> <p>This guide shows how to:</p> <ul> <li>Create an OpenRouter account</li> <li>Generate an API key</li> <li>Call Qwen 3.6 with cURL, Python, Node.js, and the OpenAI SDK</li> <li>Use tool calling for agentic workflows</li> <li>Work with the 1M-token context window</li> <li>Test OpenRouter requests with Apidog</li> <li>Plan around free-tier limitations</li> </ul> <p>If you build on top of AI APIs, you also need a reliable way to test and debug HTTP requests. Apidog can help with request building, response inspection, and API test automation for REST APIs including OpenRouter.</p> <p>By the end, you should be able to call Qwen 3.6 for free, understand where it works well, and know what constraints to account for before using it in an app.</p> <h2> What Qwen 3.6 adds over the 3.5 series </h2> <p>The jump from Qwen 3.5 to Qwen 3.6 is meaningful in three areas.</p> <h3> 1. The context window grew to 1 million tokens </h3> <p>Qwen 3.5 supported a 32K to 128K context window depending on the variant. Qwen 3.6 supports up to 1 million input tokens.</p> <p>In practical terms, 1 million tokens is roughly 750,000 words. That is enough to pass in:</p> <ul> <li>A large codebase</li> <li>Long Slack or support logs</li> <li>A full legal document set</li> <li>A research corpus</li> <li>Large API documentation sets</li> </ul> <p>Most free models top out around 8K to 32K tokens, so 1M tokens at the free tier is unusual.</p> <h3> 2. Reasoning is built in </h3> <p>Qwen 3.6 uses mandatory reasoning tokens. Before returning the final answer, the model performs internal chain-of-thought reasoning.</p> <p>You do not need to add prompts like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Think step by step. </code></pre> </div> <p>This is similar to the pattern popularized by DeepSeek R1. Qwen 3.6 applies it across coding, front-end development, and general problem-solving tasks.</p> <h3> 3. Tool use is more reliable </h3> <p>Tool calling in the Qwen 3.5 series could be inconsistent. Common issues included:</p> <ul> <li>Incorrect function argument types</li> <li>Hallucinated tool names</li> <li>Invalid JSON arguments</li> <li>Missed tool calls in multi-step workflows</li> </ul> <p>Alibaba Cloud describes Qwen 3.6 as delivering “stronger reasoning and more reliable agentic behavior compared to the 3.5 series.”</p> <p>For developers, that mainly means fewer broken tool calls when building agents.</p> <p>Qwen 3.6 is tuned for:</p> <ul> <li>Agentic coding: multi-step code generation with tool use</li> <li>Front-end development: HTML, CSS, JavaScript, and component generation</li> <li>Complex problem-solving: research, analysis, and long-context summarization</li> </ul> <h2> How to access Qwen 3.6 for free </h2> <p>You need:</p> <ol> <li>An OpenRouter account</li> <li>An OpenRouter API key</li> </ol> <p>No credit card is required for free models.</p> <h3> Step 1: Create an OpenRouter account </h3> <p>Go to <code>openrouter.ai</code> and sign up with email or Google.</p> <p>After email verification, you can use free models without adding a payment method.</p> <h3> Step 2: Generate an API key </h3> <p>In OpenRouter:</p> <ol> <li>Click your profile avatar in the top-right corner</li> <li>Select <strong>API Keys</strong> </li> <li>Click <strong>Create Key</strong> </li> <li>Give the key a name, for example <code>qwen-test</code> </li> <li>Click <strong>Create</strong> </li> <li>Copy the key</li> </ol> <p>The key starts with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sk-or-v1-... </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpm80wt8cpulj2nl1hj49.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpm80wt8cpulj2nl1hj49.png" alt="Image" width="799" height="530"></a></p> <p>Store it securely. OpenRouter will not show it again.</p> <h3> Step 3: Send your first request </h3> <p>Use this model ID:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>qwen/qwen3.6-plus-preview:free </code></pre> </div> <p>OpenRouter uses an OpenAI-compatible API format, so most OpenAI SDKs and clients work with only a base URL change.</p> <h3> cURL </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl https://openrouter.ai/api/v1/chat/completions <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer sk-or-v1-YOUR_KEY_HERE"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{ "model": "qwen/qwen3.6-plus-preview:free", "messages": [ { "role": "user", "content": "Write a Python function that parses a JWT token and returns the payload as a dictionary." } ] }'</span> </code></pre> </div> <h3> Python with <code>requests</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="k">def</span> <span class="nf">call_qwen</span><span class="p">(</span><span class="n">prompt</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">api_key</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://openrouter.ai/api/v1/chat/completions</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Bearer </span><span class="si">{</span><span class="n">api_key</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">model</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">qwen/qwen3.6-plus-preview:free</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">messages</span><span class="sh">"</span><span class="p">:</span> <span class="p">[{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">prompt</span><span class="p">}],</span> <span class="p">},</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">60</span><span class="p">,</span> <span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">choices</span><span class="sh">"</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">]</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">call_qwen</span><span class="p">(</span> <span class="sh">"</span><span class="s">Write a Python function that parses a JWT token and returns the payload.</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-or-v1-YOUR_KEY_HERE</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">)</span> </code></pre> </div> <h3> Node.js with <code>fetch</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">callQwen</span><span class="p">(</span><span class="nx">prompt</span><span class="p">,</span> <span class="nx">apiKey</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://openrouter.ai/api/v1/chat/completions</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Authorization</span><span class="dl">"</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">apiKey</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">model</span><span class="p">:</span> <span class="dl">"</span><span class="s2">qwen/qwen3.6-plus-preview:free</span><span class="dl">"</span><span class="p">,</span> <span class="na">messages</span><span class="p">:</span> <span class="p">[{</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">user</span><span class="dl">"</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">prompt</span> <span class="p">}],</span> <span class="p">}),</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`OpenRouter error: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2"> </span><span class="p">${</span><span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">text</span><span class="p">()}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">return</span> <span class="nx">data</span><span class="p">.</span><span class="nx">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">message</span><span class="p">.</span><span class="nx">content</span><span class="p">;</span> <span class="p">}</span> <span class="nf">callQwen</span><span class="p">(</span> <span class="dl">"</span><span class="s2">Write a JavaScript function that validates an email address.</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">sk-or-v1-YOUR_KEY_HERE</span><span class="dl">"</span> <span class="p">).</span><span class="nf">then</span><span class="p">(</span><span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">);</span> </code></pre> </div> <h3> Python with the OpenAI SDK </h3> <p>If you already use the OpenAI Python SDK, point it at OpenRouter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://openrouter.ai/api/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-or-v1-YOUR_KEY_HERE</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen/qwen3.6-plus-preview:free</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">system</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">You are a senior backend engineer. Write clean, production-ready code.</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Write a Python function that retries a failed HTTP request up to 3 times with exponential backoff.</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <h2> Tool use and agentic workflows </h2> <p>Tool use is where Qwen 3.6 is especially useful at the free tier.</p> <p>The pattern is:</p> <ol> <li>Define tools as JSON schemas</li> <li>Send the user request plus tool definitions</li> <li>Let the model choose a tool</li> <li>Execute the tool in your code</li> <li>Send the tool result back to the model</li> <li>Repeat until the task is complete</li> </ol> <p>Here is a minimal tool-calling example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="kn">import</span> <span class="n">json</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://openrouter.ai/api/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-or-v1-YOUR_KEY_HERE</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">tools</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">function</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">function</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">search_api_docs</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Search the API documentation for a specific endpoint or parameter</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">parameters</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">object</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">properties</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">query</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">string</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">The search query</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="sh">"</span><span class="s">version</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">string</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">enum</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">v1</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">v2</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">v3</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">API version to search</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="sh">"</span><span class="s">required</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">query</span><span class="sh">"</span><span class="p">],</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">function</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">function</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">run_api_test</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Execute a test request against an API endpoint</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">parameters</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">object</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">properties</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">endpoint</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">string</span><span class="sh">"</span><span class="p">},</span> <span class="sh">"</span><span class="s">method</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">string</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">enum</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">POST</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">PUT</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DELETE</span><span class="sh">"</span><span class="p">],</span> <span class="p">},</span> <span class="sh">"</span><span class="s">body</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">object</span><span class="sh">"</span><span class="p">},</span> <span class="p">},</span> <span class="sh">"</span><span class="s">required</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">endpoint</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">method</span><span class="sh">"</span><span class="p">],</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">]</span> <span class="n">messages</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Find documentation for the /users endpoint and run a test GET request against it.</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="p">]</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen/qwen3.6-plus-preview:free</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="n">messages</span><span class="p">,</span> <span class="n">tools</span><span class="o">=</span><span class="n">tools</span><span class="p">,</span> <span class="n">tool_choice</span><span class="o">=</span><span class="sh">"</span><span class="s">auto</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">message</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span> <span class="k">if</span> <span class="n">message</span><span class="p">.</span><span class="n">tool_calls</span><span class="p">:</span> <span class="k">for</span> <span class="n">tool_call</span> <span class="ow">in</span> <span class="n">message</span><span class="p">.</span><span class="n">tool_calls</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Tool: </span><span class="si">{</span><span class="n">tool_call</span><span class="p">.</span><span class="n">function</span><span class="p">.</span><span class="n">name</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">args</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">tool_call</span><span class="p">.</span><span class="n">function</span><span class="p">.</span><span class="n">arguments</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Arguments: </span><span class="si">{</span><span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">args</span><span class="p">,</span> <span class="n">indent</span><span class="o">=</span><span class="mi">2</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="n">message</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <p>The model should return a structured function call instead of a free-form answer. Your app is still responsible for executing the function and returning the result in the next turn.</p> <p>That loop is the core of most agentic workflows.</p> <h2> Using the 1 million token context window </h2> <p>A 1M-token context window is not useful for simple prompts. It is useful when the model needs a large amount of context in a single request.</p> <p>Good use cases include:</p> <ul> <li>Full codebase review</li> <li>Large document analysis</li> <li>Long technical debugging sessions</li> <li>API documentation comparison</li> <li>Research corpus summarization</li> </ul> <h3> Full codebase review </h3> <p>You can load source files into one prompt and ask the model to inspect them for specific issues.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">pathlib</span> <span class="kn">import</span> <span class="n">Path</span> <span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://openrouter.ai/api/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-or-v1-YOUR_KEY_HERE</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">load_codebase</span><span class="p">(</span><span class="n">directory</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">extensions</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">str</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Load all source files from a directory into a single string.</span><span class="sh">"""</span> <span class="n">content_parts</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">path</span> <span class="ow">in</span> <span class="nc">Path</span><span class="p">(</span><span class="n">directory</span><span class="p">).</span><span class="nf">rglob</span><span class="p">(</span><span class="sh">"</span><span class="s">*</span><span class="sh">"</span><span class="p">):</span> <span class="k">if</span> <span class="n">path</span><span class="p">.</span><span class="n">suffix</span> <span class="ow">in</span> <span class="n">extensions</span> <span class="ow">and</span> <span class="n">path</span><span class="p">.</span><span class="nf">is_file</span><span class="p">():</span> <span class="k">try</span><span class="p">:</span> <span class="n">text</span> <span class="o">=</span> <span class="n">path</span><span class="p">.</span><span class="nf">read_text</span><span class="p">(</span><span class="n">encoding</span><span class="o">=</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">,</span> <span class="n">errors</span><span class="o">=</span><span class="sh">"</span><span class="s">ignore</span><span class="sh">"</span><span class="p">)</span> <span class="n">content_parts</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">--- FILE: </span><span class="si">{</span><span class="n">path</span><span class="si">}</span><span class="s"> ---</span><span class="se">\n</span><span class="si">{</span><span class="n">text</span><span class="si">}</span><span class="se">\n</span><span class="sh">"</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="k">continue</span> <span class="k">return</span> <span class="sh">"</span><span class="se">\n</span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">content_parts</span><span class="p">)</span> <span class="n">codebase</span> <span class="o">=</span> <span class="nf">load_codebase</span><span class="p">(</span><span class="sh">"</span><span class="s">./src</span><span class="sh">"</span><span class="p">,</span> <span class="p">[</span><span class="sh">"</span><span class="s">.py</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">.js</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">.ts</span><span class="sh">"</span><span class="p">])</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen/qwen3.6-plus-preview:free</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">(</span> <span class="sh">"</span><span class="s">Review this codebase and identify:</span><span class="se">\n</span><span class="sh">"</span> <span class="sh">"</span><span class="s">1. Security vulnerabilities</span><span class="se">\n</span><span class="sh">"</span> <span class="sh">"</span><span class="s">2. Functions with no error handling</span><span class="se">\n</span><span class="sh">"</span> <span class="sh">"</span><span class="s">3. Inconsistent naming conventions</span><span class="se">\n\n</span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Codebase:</span><span class="se">\n</span><span class="si">{</span><span class="n">codebase</span><span class="si">}</span><span class="sh">"</span> <span class="p">),</span> <span class="p">}</span> <span class="p">],</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <p>When using this pattern, filter out files that add noise:</p> <ul> <li><code>node_modules</code></li> <li>Build artifacts</li> <li>Lock files</li> <li>Generated files</li> <li>Binary files</li> <li>Test snapshots</li> </ul> <h3> Large document analysis </h3> <p>For long reports, legal documents, or API docs, pass the full document and ask for specific extraction.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://openrouter.ai/api/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-or-v1-YOUR_KEY_HERE</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">annual_report_2025.txt</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">r</span><span class="sh">"</span><span class="p">,</span> <span class="n">encoding</span><span class="o">=</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">document</span> <span class="o">=</span> <span class="n">f</span><span class="p">.</span><span class="nf">read</span><span class="p">()</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen/qwen3.6-plus-preview:free</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">(</span> <span class="sh">"</span><span class="s">Extract all mentions of API rate limits and pricing changes </span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">from this document:</span><span class="se">\n\n</span><span class="si">{</span><span class="n">document</span><span class="si">}</span><span class="sh">"</span> <span class="p">),</span> <span class="p">}</span> <span class="p">],</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <h3> Multi-turn conversation with full history </h3> <p>For long debugging sessions, keep the entire conversation in memory and send it with each request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://openrouter.ai/api/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-or-v1-YOUR_KEY_HERE</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">conversation</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">chat</span><span class="p">(</span><span class="n">user_message</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">conversation</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">user_message</span><span class="p">})</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen/qwen3.6-plus-preview:free</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="n">conversation</span><span class="p">,</span> <span class="p">)</span> <span class="n">assistant_message</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span> <span class="n">conversation</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">assistant</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">assistant_message</span><span class="p">})</span> <span class="k">return</span> <span class="n">assistant_message</span> <span class="nf">print</span><span class="p">(</span><span class="nf">chat</span><span class="p">(</span><span class="sh">"</span><span class="s">I</span><span class="sh">'</span><span class="s">m getting a 401 error from the GitHub API. Here</span><span class="sh">'</span><span class="s">s my code...</span><span class="sh">"</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="nf">chat</span><span class="p">(</span><span class="sh">"</span><span class="s">I added the token but now I get a 403. The token has repo scope.</span><span class="sh">"</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="nf">chat</span><span class="p">(</span><span class="sh">"</span><span class="s">The repo is private. What scopes do I actually need?</span><span class="sh">"</span><span class="p">))</span> </code></pre> </div> <h2> Testing OpenRouter API requests with Apidog </h2> <p>When you build against the OpenRouter API, you need to debug HTTP requests, inspect JSON responses, and iterate on prompts. Doing that only from the command line can get slow.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpm80wt8cpulj2nl1hj49.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpm80wt8cpulj2nl1hj49.png" alt="Image" width="799" height="530"></a></p> <p>Apidog is a free API client for request building, response inspection, and test automation.</p> <p>To test Qwen 3.6 in Apidog:</p> <ol> <li>Create a new <code>POST</code> request</li> <li>Set the URL: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://openrouter.ai/api/v1/chat/completions </code></pre> </div> <ol> <li>Add the authorization header: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Authorization: Bearer sk-or-v1-YOUR_KEY_HERE </code></pre> </div> <ol> <li>Add the content type header: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Content-Type: application/json </code></pre> </div> <ol> <li>Set the request body: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"model"</span><span class="p">:</span><span class="w"> </span><span class="s2">"qwen/qwen3.6-plus-preview:free"</span><span class="p">,</span><span class="w"> </span><span class="nl">"messages"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"role"</span><span class="p">:</span><span class="w"> </span><span class="s2">"user"</span><span class="p">,</span><span class="w"> </span><span class="nl">"content"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Write a TypeScript function that validates an email address."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <ol> <li>Send the request and inspect the response.</li> </ol> <p>You can also save the request in a collection and create tests such as:</p> <ul> <li> <code>choices</code> exists</li> <li> <code>choices[0].message.content</code> is not empty</li> <li> <code>choices[0].message.tool_calls</code> contains the expected function name</li> <li>The response status is <code>200</code> </li> <li>The model returns valid JSON when your prompt requires JSON</li> </ul> <p>For example, a basic response-shape test could assert that the assistant message exists before your app depends on it.</p> <p>If your app calls OpenRouter in production, adding these tests early makes it easier to catch model, schema, or integration regressions.</p> <h2> Free tier limits to know before you build </h2> <p>Qwen 3.6 is free now, but you should still design around free-tier constraints.</p> <h3> Rate limits are shared </h3> <p>Free models on OpenRouter share capacity across users. During peak hours, such as US evenings, you may see:</p> <ul> <li>Higher latency</li> <li>Occasional rate limit errors</li> <li>Temporary failures</li> </ul> <p>Add retry logic before using the endpoint in any production workflow.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="kn">from</span> <span class="n">requests.adapters</span> <span class="kn">import</span> <span class="n">HTTPAdapter</span> <span class="kn">from</span> <span class="n">urllib3.util.retry</span> <span class="kn">import</span> <span class="n">Retry</span> <span class="n">session</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">retry_strategy</span> <span class="o">=</span> <span class="nc">Retry</span><span class="p">(</span> <span class="n">total</span><span class="o">=</span><span class="mi">3</span><span class="p">,</span> <span class="n">backoff_factor</span><span class="o">=</span><span class="mi">2</span><span class="p">,</span> <span class="n">status_forcelist</span><span class="o">=</span><span class="p">[</span><span class="mi">429</span><span class="p">,</span> <span class="mi">500</span><span class="p">,</span> <span class="mi">502</span><span class="p">,</span> <span class="mi">503</span><span class="p">,</span> <span class="mi">504</span><span class="p">],</span> <span class="p">)</span> <span class="n">adapter</span> <span class="o">=</span> <span class="nc">HTTPAdapter</span><span class="p">(</span><span class="n">max_retries</span><span class="o">=</span><span class="n">retry_strategy</span><span class="p">)</span> <span class="n">session</span><span class="p">.</span><span class="nf">mount</span><span class="p">(</span><span class="sh">"</span><span class="s">https://</span><span class="sh">"</span><span class="p">,</span> <span class="n">adapter</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://openrouter.ai/api/v1/chat/completions</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer sk-or-v1-YOUR_KEY_HERE</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">model</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">qwen/qwen3.6-plus-preview:free</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">messages</span><span class="sh">"</span><span class="p">:</span> <span class="p">[{</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Hello</span><span class="sh">"</span><span class="p">}],</span> <span class="p">},</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">30</span><span class="p">,</span> <span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> </code></pre> </div> <h3> Data is logged </h3> <p>OpenRouter’s model page states that “the model collects prompt and completion data that can be used to improve the model.”</p> <p>Do not send:</p> <ul> <li>API keys</li> <li>Passwords</li> <li>Private tokens</li> <li>Personally identifiable information</li> <li>Confidential customer data</li> </ul> <h3> Preview behavior can change </h3> <p>Qwen 3.6 Plus Preview is a preview release. Model behavior may change.</p> <p>If you use it for production inference:</p> <ul> <li>Pin your integration to the current model ID</li> <li>Add regression tests for important prompts</li> <li>Monitor response format changes</li> <li>Keep fallback model options ready</li> </ul> <h3> Text only </h3> <p>Qwen 3.6 accepts text input and produces text output.</p> <p>It does not support:</p> <ul> <li>Images</li> <li>Audio</li> <li>File uploads</li> </ul> <h2> Real-world use cases </h2> <h3> Code review agent </h3> <p>A team building an internal PR review tool can pass full pull request diffs into Qwen 3.6 and ask for:</p> <ul> <li>Logic errors</li> <li>Missing tests</li> <li>Security issues</li> <li>Risky dependency changes</li> <li>Inconsistent patterns</li> </ul> <p>The 1M-token context window makes this possible without splitting many large diffs into chunks.</p> <h3> Front-end component generation </h3> <p>For front-end work, you can give the model a design spec and ask for React, TypeScript, HTML, CSS, or JavaScript components.</p> <p>Example prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Generate a responsive React TypeScript pricing table component. Requirements: - Three pricing tiers - Monthly and yearly toggle - Accessible buttons - Mobile-first layout - Tailwind CSS classes </code></pre> </div> <p>Qwen 3.6 is tuned for front-end development tasks, so this is a strong fit.</p> <h3> API documentation summarization </h3> <p>If you are comparing two third-party APIs, pass in the relevant docs and ask for a structured comparison.</p> <p>Useful comparison dimensions include:</p> <ul> <li>Authentication methods</li> <li>Rate limits</li> <li>Webhook payloads</li> <li>Error response formats</li> <li>Pagination models</li> <li>Pricing-related API constraints</li> </ul> <p>Example prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Compare these two payment API documentation sets. Return a table with: 1. Authentication method 2. Webhook verification flow 3. Rate limit policy 4. Pagination style 5. Refund API behavior 6. Migration risks </code></pre> </div> <h2> FAQ </h2> <h3> Is Qwen 3.6 actually free to use? </h3> <p>Yes. As of March 2026, the model is listed at <code>$0</code> per million input tokens and <code>$0</code> per million output tokens on OpenRouter.</p> <p>That can change when the preview period ends, so check OpenRouter pricing before building anything that depends on the price staying at zero.</p> <h3> What is the rate limit for the free tier? </h3> <p>OpenRouter does not publish exact rate limits for free-tier models.</p> <p>In practice, free models share capacity and can be throttled during high-traffic periods. Start with one request at a time, add retry logic, and increase concurrency gradually.</p> <h3> Can I use Qwen 3.6 for commercial projects? </h3> <p>Yes, OpenRouter allows commercial use.</p> <p>Also check Alibaba Cloud’s Qwen model license for restrictions on the underlying model, especially if you are distributing outputs.</p> <h3> Why does Qwen 3.6 take longer to respond than other models? </h3> <p>Mandatory reasoning tokens add latency. Before producing the final response, the model performs internal reasoning.</p> <p>For simple prompts, this can add a few seconds. For complex reasoning tasks, the tradeoff may be worth it.</p> <p>Use streaming if you want to show partial output while the response is generated.</p> <h3> Is there a way to disable reasoning tokens? </h3> <p>As of the current preview, reasoning is mandatory and cannot be turned off.</p> <p>If you need lower latency without chain-of-thought reasoning, use a different model variant when available or a smaller free model for latency-sensitive tasks.</p> <h3> How does the 1M-token context window affect cost? </h3> <p>On the free tier, it does not affect cost. You pay <code>$0</code> regardless of the number of tokens sent.</p> <p>However, very large requests take longer and may time out. Start with a <code>30</code> to <code>60</code> second timeout and increase it for requests over 100K tokens.</p> <h2> Final setup checklist </h2> <p>To start using Qwen 3.6:</p> <ol> <li>Create an OpenRouter account</li> <li>Generate an API key</li> <li>Use this model ID: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>qwen/qwen3.6-plus-preview:free </code></pre> </div> <ol> <li>Send requests to: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://openrouter.ai/api/v1/chat/completions </code></pre> </div> <ol> <li>Add retry logic for <code>429</code> and <code>5xx</code> errors</li> <li>Avoid sending secrets or sensitive data</li> <li>Test your requests and response assumptions before shipping</li> </ol> <p>Once your API key is ready, you can swap <code>qwen/qwen3.6-plus-preview:free</code> into any OpenAI-compatible client and start testing.</p> Claude Code Can Now Control Your Mac. Here's How to Use It Preecha Wed, 24 Jun 2026 13:03:13 +0000 https://dev.to/preecha/claude-code-can-now-control-your-mac-heres-how-to-use-it-3am6 https://dev.to/preecha/claude-code-can-now-control-your-mac-heres-how-to-use-it-3am6 <h2> TL;DR </h2> <p>Claude Code can now control your Mac from the same terminal session where it writes code. It can open apps, click through UIs, run tests, capture screenshots, and use the results to patch code. The feature is a research preview for Pro and Max plan subscribers on macOS.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <p>To enable it, run <code>/mcp</code> in Claude Code, enable the <code>computer-use</code> MCP server, then grant macOS Accessibility and Screen Recording permissions.</p> <h2> Claude can now use your computer </h2> <p>Anthropic announced Claude Code computer use on March 23, 2026. The workflow is simple: Claude writes code, runs it, interacts with the UI, observes the result, and fixes issues without you leaving the terminal.</p> <p>Before computer use, Claude could generate a macOS menu bar app, but you still had to compile it, launch it, click through the UI, and report back what failed.</p> <p>Now you can ask for the whole loop:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Build this app and make sure it works. </code></pre> </div> <p>Claude can compile the project, launch the binary, interact with controls, screenshot failures, inspect the relevant source, patch the issue, and re-run the flow.</p> <p>That changes the unit of work from:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Write this feature. </code></pre> </div> <p>to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Build this feature, run it, and verify the UI behavior. </code></pre> </div> <p>If you’re building on APIs, this is useful for GUI-driven flows that do not expose a CLI or API. Claude can verify the app behavior visually, and you can then build automated API test suites in Apidog to validate the same flows programmatically.</p> <h2> What you can do with it </h2> <h3> Build and validate native apps end-to-end </h3> <p>Use computer use when you want Claude to verify the result in the actual app, not just generate code.</p> <p>Example prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Build the MenuBarStats target, launch it, open the preferences window, and verify the interval slider updates the label. Screenshot the preferences window when done. </code></pre> </div> <p>Claude can:</p> <ul> <li>Run <code>xcodebuild</code> </li> <li>Launch the compiled app</li> <li>Open the preferences window</li> <li>Move the slider</li> <li>Check whether the label updates</li> <li>Screenshot the final state</li> <li>Patch and re-test if something fails</li> </ul> <p>You get a verified build instead of a code-only draft.</p> <h3> Run UI checks without setting up a test framework </h3> <p>For early-stage projects, you may not want to configure Playwright, Selenium, or XCTest yet.</p> <p>Prompt Claude with the flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Open the app, click through the onboarding screens, and tell me if any screen takes more than a second to load. </code></pre> </div> <p>Claude can open the app, click through the UI, screenshot each step, and flag slow or broken transitions.</p> <p>This is useful for:</p> <ul> <li>Electron apps</li> <li>Native macOS apps</li> <li>iOS Simulator flows</li> <li>GUI-only tools</li> <li>Prototypes without formal test coverage</li> </ul> <p>It is not a replacement for deterministic production test suites, but it is fast for exploratory validation.</p> <h3> Debug visual and layout bugs </h3> <p>Visual bugs are often hard to describe precisely. With computer use, Claude can reproduce the UI state directly.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>The settings modal clips its footer on narrow windows. Resize the app window until you can reproduce it, screenshot the clipped state, then check the CSS for the modal container. </code></pre> </div> <p>Claude can:</p> <ul> <li>Resize the app window</li> <li>Capture the broken layout</li> <li>Inspect the relevant CSS</li> <li>Apply a fix</li> <li>Re-test the same window size</li> </ul> <p>This works well for issues such as:</p> <ul> <li>Overflow bugs</li> <li>Clipped footers</li> <li>Broken responsive layouts</li> <li>Misaligned controls</li> <li>Modals that fail at narrow widths</li> </ul> <h3> Drive GUI-only tools </h3> <p>Some tools do not expose useful automation APIs. Examples include design tools, hardware control panels, proprietary enterprise apps, and simulators.</p> <p>With computer use, you can describe the interaction in natural language and let Claude operate the UI.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Open the simulator, launch the app, tap through onboarding, and screenshot each screen where the UI changes. </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpwchcytg3lqx28mu6us0.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpwchcytg3lqx28mu6us0.gif" alt="Image" width="720" height="405"></a></p> <h2> How to enable computer use </h2> <p>Computer use is disabled by default. It ships as a built-in MCP server named <code>computer-use</code>, and you enable it per project.</p> <p>Before you start, confirm these requirements:</p> <ul> <li>macOS only</li> <li>Claude Code <code>v2.1.85</code> or later</li> <li>Pro or Max plan</li> <li>Authentication through <code>claude.ai</code> </li> <li>Interactive Claude Code session</li> <li>Not using the <code>-p</code> non-interactive flag</li> </ul> <p>Check your Claude Code version:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>claude <span class="nt">--version</span> </code></pre> </div> <p>Update if needed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> @anthropic-ai/claude-code </code></pre> </div> <h3> Step 1: Open the MCP menu </h3> <p>In an active Claude Code session, run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/mcp </code></pre> </div> <p>This opens the server list.</p> <p>Find:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>computer-use </code></pre> </div> <p>It should appear as disabled.</p> <h3> Step 2: Enable the server </h3> <p>Select <code>computer-use</code>, then choose <strong>Enable</strong>.</p> <p>This setting persists per project. You only need to enable it once for each project where you want Claude to control the GUI.</p> <h3> Step 3: Grant macOS permissions </h3> <p>The first time Claude tries to control your screen, macOS prompts for two permissions:</p> <ul> <li> <strong>Accessibility</strong>: allows Claude to click, type, and scroll</li> <li> <strong>Screen Recording</strong>: allows Claude to see what is on screen</li> </ul> <p>The prompts include links to the relevant System Settings panes.</p> <p>After granting Screen Recording, restart Claude Code if the permission does not take effect immediately.</p> <h3> Step 4: Run a GUI verification prompt </h3> <p>Try a small, low-risk workflow first:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Build the app target, launch it, and click through each tab to confirm nothing crashes. Screenshot any error states you find. </code></pre> </div> <p>Start with test apps or isolated development environments before using computer use on workflows that contain sensitive data.</p> <h2> How Claude works on your screen </h2> <h3> Only one session can control your Mac </h3> <p>Computer use uses a machine-wide lock.</p> <p>If another Claude Code session is already using computer use, new requests fail with a message showing which session holds the lock.</p> <p>To continue:</p> <ol> <li>Finish the active computer use task.</li> <li>Exit the other Claude Code session.</li> <li>Retry the request.</li> </ol> <h3> Other apps hide while Claude works </h3> <p>When Claude takes control, visible apps hide so Claude interacts only with approved apps.</p> <p>Your terminal stays visible, but it is excluded from screenshots. This prevents Claude from seeing its own prompts on screen.</p> <p>When Claude finishes a turn, hidden apps restore automatically.</p> <h3> You can stop it immediately </h3> <p>When Claude acquires the lock, macOS shows a notification:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Claude is using your computer - press Esc to stop. </code></pre> </div> <p>You can stop computer use in either of these ways:</p> <ul> <li>Press <code>Esc</code> from anywhere</li> <li>Press <code>Ctrl+C</code> in the terminal</li> </ul> <p>Claude releases the lock, restores hidden apps, and returns control to you.</p> <h2> Per-app approval </h2> <p>Enabling <code>computer-use</code> does not give Claude access to every app.</p> <p>The first time Claude needs a specific app in a session, Claude Code shows a terminal approval prompt with:</p> <ul> <li>Which apps Claude wants to control</li> <li>Any extra permissions requested, such as clipboard access</li> <li>How many other apps will hide while Claude works</li> </ul> <p>You can choose:</p> <ul> <li><strong>Allow for this session</strong></li> <li><strong>Deny</strong></li> </ul> <p>Approvals last only for the current session. You approve apps again in the next session.</p> <h3> Apps with extra warnings </h3> <p>Some app categories show additional warnings because they grant broad access.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Warning</th> <th>Apps</th> </tr> </thead> <tbody> <tr> <td>Equivalent to shell access</td> <td>Terminal, iTerm2, VS Code, Warp, other terminals and IDEs</td> </tr> <tr> <td>Can read or write any file</td> <td>Finder</td> </tr> <tr> <td>Can change system settings</td> <td>System Settings</td> </tr> </tbody> </table></div> <p>These apps are not blocked automatically. The warning exists so you can decide whether the task needs that level of access.</p> <h3> App control tiers </h3> <p>Claude’s control level depends on the app category.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Control level</th> <th>App types</th> </tr> </thead> <tbody> <tr> <td>View-only</td> <td>Browsers, trading platforms</td> </tr> <tr> <td>Click-only</td> <td>Terminals, IDEs</td> </tr> <tr> <td>Full control</td> <td>All other apps</td> </tr> </tbody> </table></div> <p>Browsers are view-only because they can expose account data and sensitive information. If you need full browser automation, use Claude in Chrome instead.</p> <h2> How Claude decides when to use computer use </h2> <p>Computer use is Claude’s last resort.</p> <p>Claude chooses the most precise available tool first:</p> <ol> <li>MCP server for the service, if configured</li> <li>Bash for shell commands</li> <li>Claude in Chrome for browser tasks, if configured</li> <li>Computer use when no programmatic interface can reach the target</li> </ol> <p>For example, if you ask:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Run the tests. </code></pre> </div> <p>Claude should use a shell command such as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">test</span> </code></pre> </div> <p>It should not click a UI button unless the target workflow requires GUI interaction.</p> <p>Use computer use for tasks like:</p> <ul> <li>Native desktop app validation</li> <li>iOS Simulator flows</li> <li>GUI-only tools</li> <li>Visual bug reproduction</li> <li>App interactions without a CLI or API</li> </ul> <h2> Safety model </h2> <p>Computer use runs on your real desktop. That is different from Claude’s sandboxed Bash tool.</p> <p>The Bash tool runs in an isolated environment with limited filesystem and network access. Computer use can interact with apps on your actual machine, depending on what you approve.</p> <p>Anthropic built several guardrails into the feature.</p> <h3> Per-app approval </h3> <p>Claude can only control apps you explicitly allow in the current session.</p> <p>There is no blanket machine-wide approval.</p> <h3> Sentinel warnings </h3> <p>Apps that expose shell access, filesystem access, or system settings changes are flagged before approval.</p> <p>This helps you understand what level of access you are granting.</p> <h3> Terminal excluded from screenshots </h3> <p>Claude does not see your terminal window in screenshots.</p> <p>This prevents on-screen terminal prompts from being fed back into the model.</p> <h3> Global escape </h3> <p>Pressing <code>Esc</code> aborts computer use from anywhere.</p> <p>The key press is consumed by Claude Code, so prompt injection attacks cannot use it to dismiss dialogs.</p> <h3> Lock file </h3> <p>Only one Claude Code session can control your screen at a time.</p> <p>This prevents concurrent computer use sessions from competing for the same machine.</p> <h3> Prompt injection detection </h3> <p>Claude checks actions and flags on-screen content that appears to be an attempt to redirect its behavior.</p> <p>Anthropic’s guidance is to avoid sensitive workflows until you are comfortable with how computer use behaves on your machine. Start with sandboxed apps, test environments, and non-sensitive data.</p> <h2> Example workflows </h2> <h3> End-to-end Swift app validation </h3> <p>Prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Build the MenuBarStats target, launch it, open the preferences window, and verify the interval slider updates the label. Screenshot the preferences window when done. </code></pre> </div> <p>Expected Claude workflow:</p> <ol> <li>Run <code>xcodebuild</code> </li> <li>Launch the app</li> <li>Open the preferences window</li> <li>Move the interval slider</li> <li>Verify that the label updates</li> <li>Capture a screenshot</li> <li>Report failures with source locations</li> <li>Patch and re-test if needed</li> </ol> <h3> Reproduce a layout bug </h3> <p>Prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>The settings modal clips its footer on narrow windows. Resize the app window down until you can reproduce it, screenshot the clipped state, then check the CSS for the modal container. </code></pre> </div> <p>Expected Claude workflow:</p> <ol> <li>Resize the window in increments</li> <li>Capture the clipped state</li> <li>Inspect <code>modal.css</code> </li> <li>Identify the overflow issue</li> <li>Apply a layout fix</li> <li>Re-test at the failing size</li> </ol> <h3> Test an iOS Simulator flow without XCTest </h3> <p>Prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Open the iOS Simulator, launch the app, tap through the onboarding screens, and tell me if any screen takes more than a second to load. </code></pre> </div> <p>Claude controls the Simulator through the GUI. You do not need to create XCTest targets, UI test selectors, or Instruments configuration for this exploratory pass.</p> <h3> Validate an Electron onboarding flow </h3> <p>Prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Launch the desktop app in dev mode, complete the signup flow using test@example.com, and screenshot each step. Flag any step where the button is not clickable or the UI shows an error. </code></pre> </div> <p>Claude can:</p> <ul> <li>Start the app</li> <li>Fill form fields</li> <li>Click through each onboarding screen</li> <li>Capture screenshots</li> <li>Report blocked buttons or UI errors</li> </ul> <h2> Using computer use with API testing </h2> <p>Claude Code computer use pairs well with Apidog for full-stack API verification.</p> <p>A practical workflow:</p> <ol> <li>Claude writes or updates a local server.</li> <li>Claude builds and launches the app.</li> <li>Claude uses computer use to trigger a user action in the UI.</li> <li>You capture or inspect the underlying API call in Apidog.</li> <li>You create an automated API test for the same request.</li> <li>Future regressions are caught by the API test instead of manual UI validation.</li> </ol> <p>This gives you two layers:</p> <ul> <li>Claude validates the user-facing flow through the GUI.</li> <li>Apidog validates the underlying API behavior programmatically.</li> </ul> <p>The GUI pass confirms the happy path. The API test guards that behavior going forward, including in CI.</p> <h2> Differences between CLI and Desktop app </h2> <p>The CLI and Desktop app use the same computer use engine, but some settings are Desktop-only for now.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Desktop</th> <th>CLI</th> </tr> </thead> <tbody> <tr> <td>Enable</td> <td>Settings &gt; Desktop app &gt; General</td> <td> <code>/mcp</code> &gt; enable <code>computer-use</code> </td> </tr> <tr> <td>Denied apps list</td> <td>Configurable in Settings</td> <td>Not available yet</td> </tr> <tr> <td>Auto-unhide toggle</td> <td>Optional</td> <td>Always on</td> </tr> <tr> <td>Dispatch integration</td> <td>Yes</td> <td>Not applicable</td> </tr> </tbody> </table></div> <p>For most development workflows, the CLI version covers the core computer use flow.</p> <h2> Troubleshooting </h2> <h3> “Computer use is in use by another Claude session” </h3> <p>Another Claude Code session holds the machine lock.</p> <p>Fix:</p> <ol> <li>Exit the other session.</li> <li>If it crashed, wait for Claude Code to detect that the process is gone.</li> <li>Retry the computer use request.</li> </ol> <h3> macOS permissions prompt keeps reappearing </h3> <p>macOS may require a process restart after granting Screen Recording.</p> <p>Fix:</p> <ol> <li>Quit Claude Code completely.</li> <li>Start a new Claude Code session.</li> <li>Open <strong>System Settings &gt; Privacy &amp; Security &gt; Screen Recording</strong>.</li> <li>Confirm your terminal emulator is listed and enabled.</li> </ol> <p>Also check <strong>Accessibility</strong> permissions in the same Privacy &amp; Security area.</p> <h3> <code>computer-use</code> does not appear in <code>/mcp</code> </h3> <p>Check the following:</p> <ul> <li>You are on macOS.</li> <li> <code>claude --version</code> shows <code>v2.1.85</code> or later.</li> <li>You are on a Pro or Max plan.</li> <li> <code>/status</code> confirms the expected account.</li> <li>You are authenticated through <code>claude.ai</code>.</li> <li>You are not using Bedrock, Vertex AI, or another third-party provider.</li> <li>You are in an interactive session.</li> <li>You are not using the <code>-p</code> flag.</li> </ul> <h3> Claude cannot see the app after approval </h3> <p>Make sure you selected <strong>Allow for this session</strong> in the per-app approval prompt.</p> <p>If you accidentally denied the app:</p> <ol> <li>Exit the Claude Code session.</li> <li>Start a new session.</li> <li>Retry the task.</li> <li>Approve the app when prompted.</li> </ol> <p>Approvals and denials reset each session.</p> <h2> FAQ </h2> <h3> Which Claude Code version do I need? </h3> <p>You need Claude Code <code>v2.1.85</code> or later.</p> <p>Check your version:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>claude <span class="nt">--version</span> </code></pre> </div> <p>Update if needed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> @anthropic-ai/claude-code </code></pre> </div> <h3> Does it work on Windows or Linux? </h3> <p>No. Computer use is macOS-only in the current research preview.</p> <p>Anthropic has not announced a timeline for Windows or Linux support.</p> <h3> Can I use computer use through Amazon Bedrock or Google Vertex AI? </h3> <p>No. Computer use requires authentication through a <code>claude.ai</code> account on a Pro or Max plan.</p> <p>Third-party providers such as Amazon Bedrock, Google Vertex AI, and Microsoft Foundry do not support this feature.</p> <h3> Is it available on Team or Enterprise plans? </h3> <p>No. During the research preview, it is available only on Pro and Max plans.</p> <h3> What happens if I do not grant Screen Recording permission? </h3> <p>Claude may still click and type if Accessibility is granted, but it cannot verify visual results without Screen Recording.</p> <p>Most useful computer use workflows require both permissions.</p> <h3> Can Claude access apps I did not approve? </h3> <p>No. Claude can only control apps you explicitly approve in the current session.</p> <p>The approval prompt appears the first time Claude needs each app.</p> <h3> How do I revoke computer use access completely? </h3> <p>Disable the MCP server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/mcp </code></pre> </div> <p>Then disable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>computer-use </code></pre> </div> <p>To remove macOS permissions:</p> <ol> <li>Open <strong>System Settings &gt; Privacy &amp; Security</strong>.</li> <li>Remove your terminal app from <strong>Accessibility</strong>.</li> <li>Remove your terminal app from <strong>Screen Recording</strong>.</li> </ol> <h3> Is computer use safe for sensitive work? </h3> <p>Anthropic recommends avoiding sensitive data during the research preview.</p> <p>Start with:</p> <ul> <li>Isolated test environments</li> <li>Local development apps</li> <li>Non-production accounts</li> <li>Non-sensitive datasets</li> </ul> <p>Review Anthropic’s computer use safety guidance before using it with credentials, personal data, production systems, or regulated workflows.</p> <h3> Can multiple Claude Code sessions use computer use at the same time? </h3> <p>No. Computer use holds a machine-wide lock.</p> <p>Only one Claude Code session can control your screen at a time. If another session holds the lock, Claude Code shows an error with the session details.</p> <h3> How is this different from Playwright or Selenium? </h3> <p>Playwright and Selenium are scripted test frameworks. They require selectors, assertions, configuration, and test maintenance.</p> <p>Computer use lets Claude interact with an app through natural language, without a test harness.</p> <p>Use computer use for:</p> <ul> <li>Exploratory testing</li> <li>Quick UI validation</li> <li>Visual bug reproduction</li> <li>GUI-only tools</li> <li>Apps that do not expose automation APIs</li> </ul> <p>Use Playwright, Selenium, XCTest, or similar tools for:</p> <ul> <li>Deterministic regression tests</li> <li>CI pipelines</li> <li>Repeatable production test coverage</li> <li>Complex assertions</li> <li>Long-term test suites</li> </ul> <p>Computer use is faster to start. Scripted tests are more reliable over time.</p> How to Use Qwen3.5-Omni: Text, Audio, Video, and Voice Cloning via API Preecha Wed, 24 Jun 2026 01:03:30 +0000 https://dev.to/preecha/how-to-use-qwen35-omni-text-audio-video-and-voice-cloning-via-api-3h8j https://dev.to/preecha/how-to-use-qwen35-omni-text-audio-video-and-voice-cloning-via-api-3h8j <h2> TL;DR </h2> <p>Qwen3.5-Omni accepts text, images, audio, and video as input and returns text or real-time speech. You can access it through the Alibaba Cloud DashScope API or run it locally with HuggingFace Transformers. This guide walks through API setup, working examples for each modality, voice cloning, streaming, local deployment, retries, and testing with Apidog.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <h2> What you’re working with </h2> <p>Qwen3.5-Omni is a single multimodal model that handles four input types in one request:</p> <ul> <li>Text</li> <li>Images</li> <li>Audio</li> <li>Video</li> </ul> <p>It can return either text or natural speech, depending on your request configuration.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffafib4wwd0lg6zpbrixn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffafib4wwd0lg6zpbrixn.png" alt="Image" width="800" height="604"></a></p> <p>Released March 30, 2026, Qwen3.5-Omni uses a Thinker-Talker architecture with an MoE backbone:</p> <ul> <li> <strong>Thinker</strong>: processes multimodal input and performs reasoning.</li> <li> <strong>Talker</strong>: converts output into speech using a multi-codebook system that can start streaming audio before the full response is complete.</li> </ul> <p>Available variants:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Variant</th> <th>Best for</th> </tr> </thead> <tbody> <tr> <td>Plus</td> <td>Highest quality, reasoning, voice cloning</td> </tr> <tr> <td>Flash</td> <td>Balanced speed and quality for most production use</td> </tr> <tr> <td>Light</td> <td>Lowest latency for mobile and edge scenarios</td> </tr> </tbody> </table></div> <p>Most examples below use <code>qwen3.5-omni-flash</code>. Use <code>qwen3.5-omni-plus</code> when quality matters most, and <code>qwen3.5-omni-light</code> when latency is the main constraint.</p> <h2> API access via DashScope </h2> <p>Alibaba Cloud DashScope is the primary hosted API for Qwen3.5-Omni. You need:</p> <ul> <li>A DashScope account</li> <li>A DashScope API key</li> <li>Either the DashScope SDK or the OpenAI-compatible API endpoint</li> </ul> <h3> Step 1: Create a DashScope account </h3> <p>Go to <code>dashscope.aliyuncs.com</code> and sign up. If you already have an Alibaba Cloud account, use that account.</p> <h3> Step 2: Create an API key </h3> <p>In the DashScope console:</p> <ol> <li>Open <strong>API Key Management</strong>.</li> <li>Click <strong>Create API Key</strong>.</li> <li>Copy the key.</li> </ol> <p>The key format starts with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sk-... </code></pre> </div> <h3> Step 3: Install an SDK </h3> <p>Install the DashScope SDK:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>dashscope </code></pre> </div> <p>Or use the OpenAI Python SDK with DashScope’s OpenAI-compatible endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>openai </code></pre> </div> <p>DashScope exposes an OpenAI-compatible API at:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://dashscope.aliyuncs.com/compatible-mode/v1 </code></pre> </div> <p>That means you can reuse OpenAI-style chat completion code by changing <code>base_url</code> and <code>api_key</code>.</p> <h2> Text input and output </h2> <p>Start with the simplest request: text in, text out.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Explain the difference between REST and GraphQL APIs in plain terms.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">],</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <p>Use a different model ID when needed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-plus</span><span class="sh">"</span> <span class="c1"># better quality </span><span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-flash</span><span class="sh">"</span> <span class="c1"># balanced default </span><span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-light</span><span class="sh">"</span> <span class="c1"># lower latency </span></code></pre> </div> <h2> Audio input: transcription and understanding </h2> <p>You can send audio as a URL or as base64-encoded data. The model can transcribe and reason over the audio directly, so you do not need a separate ASR step.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">base64</span> <span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">meeting_recording.wav</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">rb</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">audio_data</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64encode</span><span class="p">(</span><span class="n">f</span><span class="p">.</span><span class="nf">read</span><span class="p">()).</span><span class="nf">decode</span><span class="p">(</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">input_audio</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">input_audio</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">audio_data</span><span class="p">,</span> <span class="sh">"</span><span class="s">format</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">wav</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Summarize the key decisions made in this meeting and list any action items.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">],</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <p>Qwen3.5-Omni handles 113 languages for speech recognition and detects the language automatically.</p> <p>Supported audio formats include:</p> <ul> <li>WAV</li> <li>MP3</li> <li>M4A</li> <li>OGG</li> <li>FLAC</li> </ul> <h2> Audio output: text-to-speech response </h2> <p>To receive speech in the response, set <code>modalities</code> and configure the <code>audio</code> output.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="kn">import</span> <span class="n">base64</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">modalities</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">audio</span><span class="sh">"</span><span class="p">],</span> <span class="n">audio</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">voice</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Chelsie</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">format</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">wav</span><span class="sh">"</span><span class="p">},</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Describe the steps to authenticate a REST API using OAuth 2.0.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">],</span> <span class="p">)</span> <span class="n">text_content</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span> <span class="n">audio_data</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">audio</span><span class="p">.</span><span class="n">data</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">response.wav</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">wb</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">f</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">base64</span><span class="p">.</span><span class="nf">b64decode</span><span class="p">(</span><span class="n">audio_data</span><span class="p">))</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Text: </span><span class="si">{</span><span class="n">text_content</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Audio saved to response.wav</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Built-in voices:</p> <ul> <li><code>Chelsie</code></li> <li><code>Ethan</code></li> </ul> <p>Speech generation works in 36 languages.</p> <h2> Image input: visual understanding </h2> <p>Send an image URL with a text prompt when you want the model to inspect visual content.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">image_url</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">image_url</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">https://example.com/api-diagram.png</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Describe this API architecture diagram and identify any potential bottlenecks.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">],</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <p>For local images, encode the file as base64 and pass it as a data URL.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">base64</span> <span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">screenshot.png</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">rb</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">image_data</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64encode</span><span class="p">(</span><span class="n">f</span><span class="p">.</span><span class="nf">read</span><span class="p">()).</span><span class="nf">decode</span><span class="p">(</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">)</span> <span class="n">image_url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">data:image/png;base64,</span><span class="si">{</span><span class="n">image_data</span><span class="si">}</span><span class="sh">"</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">image_url</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">image_url</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">image_url</span><span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">What error is shown in this screenshot?</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">],</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <h2> Video input: understand recordings and screen captures </h2> <p>Video input lets Qwen3.5-Omni reason across visual frames and audio tracks in one request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">video_url</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">video_url</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">https://example.com/product-demo.mp4</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Describe what the developer is building in this demo and write equivalent code.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">],</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <h3> Audio-Visual Vibe Coding </h3> <p>A common workflow is to pass a screen recording and ask the model to generate code from what it sees.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">base64</span> <span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">screen_recording.mp4</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">rb</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">video_data</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64encode</span><span class="p">(</span><span class="n">f</span><span class="p">.</span><span class="nf">read</span><span class="p">()).</span><span class="nf">decode</span><span class="p">(</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-plus</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">video_url</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">video_url</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">data:video/mp4;base64,</span><span class="si">{</span><span class="n">video_data</span><span class="si">}</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Watch this screen recording and write the complete code that replicates what you see being built. Include all the UI components and their interactions.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">],</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> </code></pre> </div> <p>The 256K token context window fits roughly 400 seconds of 720p video with audio. For longer recordings, trim or split the video before sending it.</p> <h2> Voice cloning </h2> <p>Voice cloning lets you provide a target voice sample and have the model respond in that voice. This is available through the API on Plus and Flash.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">base64</span> <span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">voice_sample.wav</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">rb</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">voice_sample</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64encode</span><span class="p">(</span><span class="n">f</span><span class="p">.</span><span class="nf">read</span><span class="p">()).</span><span class="nf">decode</span><span class="p">(</span><span class="sh">"</span><span class="s">utf-8</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-plus</span><span class="sh">"</span><span class="p">,</span> <span class="n">modalities</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">audio</span><span class="sh">"</span><span class="p">],</span> <span class="n">audio</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">voice</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">custom</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">format</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">wav</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">voice_sample</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">voice_sample</span><span class="p">,</span> <span class="sh">"</span><span class="s">format</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">wav</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Welcome to the Apidog developer portal. How can I help you today?</span><span class="sh">"</span> <span class="p">}</span> <span class="p">],</span> <span class="p">)</span> <span class="n">audio_data</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">audio</span><span class="p">.</span><span class="n">data</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">cloned_response.wav</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">wb</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">f</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">base64</span><span class="p">.</span><span class="nf">b64decode</span><span class="p">(</span><span class="n">audio_data</span><span class="p">))</span> </code></pre> </div> <p>For better voice cloning quality:</p> <ul> <li>Use a clean recording with minimal background noise.</li> <li>Prefer 15-30 seconds of speech.</li> <li>Use WAV at 16kHz or higher.</li> <li>Use natural speech instead of read-aloud text when possible.</li> </ul> <h2> Streaming responses </h2> <p>For real-time voice chat or interactive apps, use streaming. The model can start returning audio before the full response is complete.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="kn">import</span> <span class="n">base64</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">stream</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">modalities</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">audio</span><span class="sh">"</span><span class="p">],</span> <span class="n">audio</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">voice</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Ethan</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">format</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">pcm16</span><span class="sh">"</span><span class="p">},</span> <span class="n">messages</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Explain how WebSocket connections differ from HTTP polling.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">],</span> <span class="n">stream</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="p">)</span> <span class="n">audio_chunks</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">text_chunks</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">stream</span><span class="p">:</span> <span class="n">delta</span> <span class="o">=</span> <span class="n">chunk</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">delta</span> <span class="k">if</span> <span class="nf">hasattr</span><span class="p">(</span><span class="n">delta</span><span class="p">,</span> <span class="sh">"</span><span class="s">audio</span><span class="sh">"</span><span class="p">)</span> <span class="ow">and</span> <span class="n">delta</span><span class="p">.</span><span class="n">audio</span><span class="p">:</span> <span class="k">if</span> <span class="n">delta</span><span class="p">.</span><span class="n">audio</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">):</span> <span class="n">audio_chunks</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">delta</span><span class="p">.</span><span class="n">audio</span><span class="p">[</span><span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">])</span> <span class="k">if</span> <span class="n">delta</span><span class="p">.</span><span class="n">content</span><span class="p">:</span> <span class="n">text_chunks</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">delta</span><span class="p">.</span><span class="n">content</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">delta</span><span class="p">.</span><span class="n">content</span><span class="p">,</span> <span class="n">end</span><span class="o">=</span><span class="sh">""</span><span class="p">,</span> <span class="n">flush</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="nf">print</span><span class="p">()</span> <span class="k">if</span> <span class="n">audio_chunks</span><span class="p">:</span> <span class="n">full_audio</span> <span class="o">=</span> <span class="sa">b</span><span class="sh">""</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">base64</span><span class="p">.</span><span class="nf">b64decode</span><span class="p">(</span><span class="n">chunk</span><span class="p">)</span> <span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">audio_chunks</span><span class="p">)</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">streamed_response.pcm</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">wb</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">f</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">full_audio</span><span class="p">)</span> </code></pre> </div> <p><code>pcm16</code> is useful for streaming because you can pipe chunks directly into an audio output buffer without waiting for a complete file.</p> <h2> Multi-turn conversation with mixed modalities </h2> <p>You can keep conversation state across turns and mix modalities as needed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="kn">import</span> <span class="n">base64</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">conversation</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">send_message</span><span class="p">(</span><span class="n">content_parts</span><span class="p">):</span> <span class="n">conversation</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">content_parts</span><span class="p">})</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="n">conversation</span><span class="p">,</span> <span class="p">)</span> <span class="n">reply</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">message</span><span class="p">.</span><span class="n">content</span> <span class="n">conversation</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span><span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">assistant</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">reply</span><span class="p">})</span> <span class="k">return</span> <span class="n">reply</span> <span class="c1"># Turn 1: text </span><span class="nf">print</span><span class="p">(</span><span class="nf">send_message</span><span class="p">([</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">I have an API that keeps returning 503 errors.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]))</span> <span class="c1"># Turn 2: image + text </span><span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">error_log.png</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">rb</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">img</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64encode</span><span class="p">(</span><span class="n">f</span><span class="p">.</span><span class="nf">read</span><span class="p">()).</span><span class="nf">decode</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="nf">send_message</span><span class="p">([</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">image_url</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">image_url</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">data:image/png;base64,</span><span class="si">{</span><span class="n">img</span><span class="si">}</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Here</span><span class="sh">'</span><span class="s">s the error log screenshot. What</span><span class="sh">'</span><span class="s">s causing this?</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]))</span> <span class="c1"># Turn 3: follow-up text </span><span class="nf">print</span><span class="p">(</span><span class="nf">send_message</span><span class="p">([</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">How do I fix the connection pool exhaustion you mentioned?</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]))</span> </code></pre> </div> <p>The 256K context window supports long conversations, including conversations with images and audio in the history.</p> <h2> Local deployment with HuggingFace </h2> <p>To run Qwen3.5-Omni on your own infrastructure, install the required packages.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span><span class="nv">transformers</span><span class="o">==</span>4.57.3 pip <span class="nb">install </span>accelerate pip <span class="nb">install </span>qwen-omni-utils <span class="nt">-U</span> pip <span class="nb">install</span> <span class="nt">-U</span> flash-attn <span class="nt">--no-build-isolation</span> </code></pre> </div> <p>Then load the model and processor.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">soundfile</span> <span class="k">as</span> <span class="n">sf</span> <span class="kn">from</span> <span class="n">transformers</span> <span class="kn">import</span> <span class="n">Qwen3OmniMoeForConditionalGeneration</span><span class="p">,</span> <span class="n">Qwen3OmniMoeProcessor</span> <span class="kn">from</span> <span class="n">qwen_omni_utils</span> <span class="kn">import</span> <span class="n">process_mm_info</span> <span class="n">model_path</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Qwen/Qwen3-Omni-30B-A3B-Instruct</span><span class="sh">"</span> <span class="n">model</span> <span class="o">=</span> <span class="n">Qwen3OmniMoeForConditionalGeneration</span><span class="p">.</span><span class="nf">from_pretrained</span><span class="p">(</span> <span class="n">model_path</span><span class="p">,</span> <span class="n">device_map</span><span class="o">=</span><span class="sh">"</span><span class="s">auto</span><span class="sh">"</span><span class="p">,</span> <span class="n">attn_implementation</span><span class="o">=</span><span class="sh">"</span><span class="s">flash_attention_2</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="n">processor</span> <span class="o">=</span> <span class="n">Qwen3OmniMoeProcessor</span><span class="p">.</span><span class="nf">from_pretrained</span><span class="p">(</span><span class="n">model_path</span><span class="p">)</span> <span class="n">conversation</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">system</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">You are Qwen, a virtual human developed by the Qwen Team, Alibaba Group, capable of perceiving auditory and visual inputs, as well as generating text and speech.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">],</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">audio</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">audio</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">path/to/your/audio.wav</span><span class="sh">"</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">What is being discussed in this audio?</span><span class="sh">"</span> <span class="p">}</span> <span class="p">],</span> <span class="p">},</span> <span class="p">]</span> <span class="n">text</span> <span class="o">=</span> <span class="n">processor</span><span class="p">.</span><span class="nf">apply_chat_template</span><span class="p">(</span> <span class="n">conversation</span><span class="p">,</span> <span class="n">add_generation_prompt</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">tokenize</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="p">)</span> <span class="n">audios</span><span class="p">,</span> <span class="n">images</span><span class="p">,</span> <span class="n">videos</span> <span class="o">=</span> <span class="nf">process_mm_info</span><span class="p">(</span> <span class="n">conversation</span><span class="p">,</span> <span class="n">use_audio_in_video</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="n">inputs</span> <span class="o">=</span> <span class="nf">processor</span><span class="p">(</span> <span class="n">text</span><span class="o">=</span><span class="n">text</span><span class="p">,</span> <span class="n">audio</span><span class="o">=</span><span class="n">audios</span><span class="p">,</span> <span class="n">images</span><span class="o">=</span><span class="n">images</span><span class="p">,</span> <span class="n">videos</span><span class="o">=</span><span class="n">videos</span><span class="p">,</span> <span class="n">return_tensors</span><span class="o">=</span><span class="sh">"</span><span class="s">pt</span><span class="sh">"</span><span class="p">,</span> <span class="n">padding</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="p">)</span> <span class="n">inputs</span> <span class="o">=</span> <span class="n">inputs</span><span class="p">.</span><span class="nf">to</span><span class="p">(</span><span class="n">model</span><span class="p">.</span><span class="n">device</span><span class="p">).</span><span class="nf">to</span><span class="p">(</span><span class="n">model</span><span class="p">.</span><span class="n">dtype</span><span class="p">)</span> <span class="n">text_ids</span><span class="p">,</span> <span class="n">audio_output</span> <span class="o">=</span> <span class="n">model</span><span class="p">.</span><span class="nf">generate</span><span class="p">(</span> <span class="o">**</span><span class="n">inputs</span><span class="p">,</span> <span class="n">speaker</span><span class="o">=</span><span class="sh">"</span><span class="s">Chelsie</span><span class="sh">"</span> <span class="p">)</span> <span class="n">text_response</span> <span class="o">=</span> <span class="n">processor</span><span class="p">.</span><span class="nf">batch_decode</span><span class="p">(</span> <span class="n">text_ids</span><span class="p">,</span> <span class="n">skip_special_tokens</span><span class="o">=</span><span class="bp">True</span> <span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="n">sf</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span> <span class="sh">"</span><span class="s">local_response.wav</span><span class="sh">"</span><span class="p">,</span> <span class="n">audio_output</span><span class="p">.</span><span class="nf">reshape</span><span class="p">(</span><span class="o">-</span><span class="mi">1</span><span class="p">).</span><span class="nf">cpu</span><span class="p">().</span><span class="nf">numpy</span><span class="p">(),</span> <span class="n">samplerate</span><span class="o">=</span><span class="mi">24000</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">text_response</span><span class="p">)</span> </code></pre> </div> <p>Approximate GPU memory requirements:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Variant</th> <th>Precision</th> <th>Min VRAM</th> </tr> </thead> <tbody> <tr> <td>Plus / 30B MoE</td> <td>BF16</td> <td>~40GB</td> </tr> <tr> <td>Flash</td> <td>BF16</td> <td>~20GB</td> </tr> <tr> <td>Light</td> <td>BF16</td> <td>~10GB</td> </tr> </tbody> </table></div> <p>For production local inference, use vLLM instead of HuggingFace Transformers. MoE models run faster with vLLM routing optimizations.</p> <h2> Testing Qwen3.5-Omni requests with Apidog </h2> <p>Multimodal API requests are harder to debug than plain JSON. You may need to inspect base64-encoded media, nested content arrays, and responses that include both text and audio.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffafib4wwd0lg6zpbrixn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffafib4wwd0lg6zpbrixn.png" alt="Image" width="800" height="604"></a></p> <p>A practical workflow in Apidog:</p> <ol> <li>Create a new collection for DashScope.</li> <li>Set the base URL to: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> https://dashscope.aliyuncs.com/compatible-mode/v1 </code></pre> </div> <ol> <li>Store your DashScope API key as an environment variable.</li> <li>Create request templates for each modality: <ul> <li>Text</li> <li>Audio input</li> <li>Audio output</li> <li>Image input</li> <li>Video input</li> </ul> </li> <li>Duplicate the base request for <code>Plus</code>, <code>Flash</code>, and <code>Light</code>.</li> <li>Change only the <code>model</code> parameter to compare output quality and latency.</li> </ol> <p>You can also add test assertions for response validation:</p> <ul> <li>Verify <code>choices[0].message.content</code> is not empty for text responses.</li> <li>Verify <code>choices[0].message.audio.data</code> exists when audio output is requested.</li> <li>Assert that Flash latency stays under your target threshold.</li> </ul> <p>This helps you choose the right model variant before building the full application.</p> <h2> Error handling and retry logic </h2> <p>Large multimodal requests can hit rate limits, connection errors, or timeouts. Add retries from the start.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">random</span> <span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span><span class="p">,</span> <span class="n">RateLimitError</span><span class="p">,</span> <span class="n">APITimeoutError</span><span class="p">,</span> <span class="n">APIConnectionError</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">120</span><span class="p">,</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">call_with_retry</span><span class="p">(</span><span class="n">messages</span><span class="p">,</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">qwen3.5-omni-flash</span><span class="sh">"</span><span class="p">,</span> <span class="n">max_retries</span><span class="o">=</span><span class="mi">3</span><span class="p">):</span> <span class="k">for</span> <span class="n">attempt</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">max_retries</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="k">return</span> <span class="n">client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="n">model</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="n">messages</span><span class="p">,</span> <span class="p">)</span> <span class="k">except</span> <span class="n">RateLimitError</span><span class="p">:</span> <span class="n">wait</span> <span class="o">=</span> <span class="p">(</span><span class="mi">2</span> <span class="o">**</span> <span class="n">attempt</span><span class="p">)</span> <span class="o">+</span> <span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Rate limit hit. Waiting </span><span class="si">{</span><span class="n">wait</span><span class="si">:</span><span class="p">.</span><span class="mi">1</span><span class="n">f</span><span class="si">}</span><span class="s">s...</span><span class="sh">"</span><span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="n">wait</span><span class="p">)</span> <span class="nf">except </span><span class="p">(</span><span class="n">APITimeoutError</span><span class="p">,</span> <span class="n">APIConnectionError</span><span class="p">)</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">if</span> <span class="n">attempt</span> <span class="o">==</span> <span class="n">max_retries</span> <span class="o">-</span> <span class="mi">1</span><span class="p">:</span> <span class="k">raise</span> <span class="n">wait</span> <span class="o">=</span> <span class="p">(</span><span class="mi">2</span> <span class="o">**</span> <span class="n">attempt</span><span class="p">)</span> <span class="o">+</span> <span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Connection error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="s">. Retrying in </span><span class="si">{</span><span class="n">wait</span><span class="si">:</span><span class="p">.</span><span class="mi">1</span><span class="n">f</span><span class="si">}</span><span class="s">s...</span><span class="sh">"</span><span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="n">wait</span><span class="p">)</span> <span class="k">raise</span> <span class="nc">RuntimeError</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed after </span><span class="si">{</span><span class="n">max_retries</span><span class="si">}</span><span class="s"> attempts</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>For video inputs larger than 100MB:</p> <ul> <li>Trim to the relevant section.</li> <li>Reduce resolution to 480p when high visual detail is not required.</li> <li>Split long recordings into segments and aggregate the results in your app.</li> </ul> <h2> Common issues and fixes </h2> <h3> Audio output is garbled on numbers or technical terms </h3> <p>This is the problem ARIA technology addresses. Make sure you are using Qwen3.5-Omni, not an earlier version. If you self-host, use the latest model weights from HuggingFace.</p> <h3> The model keeps talking when I send an audio interruption </h3> <p>Semantic interruption requires Flash or Plus. Light may not support this feature. Also make sure you are streaming the response instead of using a batch request.</p> <h3> Voice cloning quality is poor </h3> <p>Use a cleaner voice sample. Remove background noise with a tool such as Audacity before uploading. Use at least 15 seconds of audio. WAV at 16kHz or 44.1kHz works best.</p> <h3> Video input returns a token limit error </h3> <p>The 256K token context covers roughly 400 seconds of 720p video. For longer videos, trim the clip or lower the resolution. Keep videos under about 6 minutes for a safer margin.</p> <h3> Local deployment is very slow </h3> <p>Use vLLM instead of HuggingFace Transformers for production local inference. MoE models need vLLM routing optimizations for better throughput.</p> <p>For developers whose primary need is high-fidelity speech synthesis rather than full multimodal inference, Fish Audio S2's dedicated TTS and voice-cloning API offers a narrower, faster endpoint worth evaluating alongside all-in-one multimodal models.</p> <h2> FAQ </h2> <h3> Which DashScope model ID should I use for Qwen3.5-Omni? </h3> <p>Use one of these:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>qwen3.5-omni-plus qwen3.5-omni-flash qwen3.5-omni-light </code></pre> </div> <p>Start with <code>qwen3.5-omni-flash</code> for most use cases.</p> <h3> Can I use the OpenAI Python SDK with DashScope? </h3> <p>Yes. Configure the client like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">openai</span> <span class="kn">import</span> <span class="n">OpenAI</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">OpenAI</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://dashscope.aliyuncs.com/compatible-mode/v1</span><span class="sh">"</span><span class="p">,</span> <span class="n">api_key</span><span class="o">=</span><span class="sh">"</span><span class="s">sk-YOUR_DASHSCOPE_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> </code></pre> </div> <p>The request and response format follows the OpenAI-compatible API style.</p> <h3> How do I send multiple files, such as audio and image, in one request? </h3> <p>Put each file in the <code>content</code> array as a separate typed object.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">content</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">input_audio</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">input_audio</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">audio_data</span><span class="p">,</span> <span class="sh">"</span><span class="s">format</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">wav</span><span class="sh">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">image_url</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">image_url</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">image_url</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Use the audio and image to explain what is happening.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">]</span> </code></pre> </div> <p>All four modalities can appear in the same message.</p> <h3> Is there a size limit for audio or video files? </h3> <p>DashScope has per-request payload limits. For large files, use a URL reference instead of base64 encoding. Host the file on accessible storage and pass the URL in the audio or <code>video_url</code> field.</p> <h3> How do I disable audio output and get text only? </h3> <p>Omit <code>modalities</code>, or set it to text only:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">modalities</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">]</span> </code></pre> </div> <p>Text-only responses are faster and cheaper.</p> <h3> Does Qwen3.5-Omni support function calling? </h3> <p>Yes. Use the standard <code>tools</code> parameter with function definitions, the same way you would with other OpenAI-compatible models. The model returns structured tool call objects that your application executes.</p> <h3> What is the best way to handle long audio recordings? </h3> <p>For recordings under 10 hours, send them as a single request. For longer recordings, split at natural pause points, process each segment, and aggregate the results in your application layer.</p> <h3> How do I test multimodal requests before building a full application? </h3> <p>Use Apidog to build saved request templates for each modality, switch between model variants, inspect the full response structure, and write assertions before integrating the API into your application.</p> Qwen3.5-Omni Is Here: Alibaba's Omnimodal AI Beats Gemini on Audio Preecha Tue, 23 Jun 2026 13:03:20 +0000 https://dev.to/preecha/qwen35-omni-is-here-alibabas-omnimodal-ai-beats-gemini-on-audio-4af6 https://dev.to/preecha/qwen35-omni-is-here-alibabas-omnimodal-ai-beats-gemini-on-audio-4af6 <h2> TL;DR </h2> <p>Alibaba released Qwen3.5-Omni on March 30, 2026. It processes text, images, audio, and video in a single model and outputs both text and real-time speech. It outperforms Gemini 3.1 Pro on general audio understanding and reasoning benchmarks, supports 113 languages for speech recognition, and includes voice cloning. Three variants are available: Plus, Flash, and Light.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <h2> Why Qwen3.5-Omni matters for developers </h2> <p>Most multimodal AI apps are still built as pipelines:</p> <ol> <li>Speech-to-text for audio input</li> <li>Vision model for images or video frames</li> <li>LLM for reasoning and response generation</li> <li>Text-to-speech for voice output</li> </ol> <p>That architecture works, but every handoff adds latency, cost, and failure points.</p> <p>Qwen3.5-Omni collapses that stack into one model. It accepts text, images, audio, and video as input, then returns text or speech as output from a single inference call.</p> <p>The model supports a 256,000-token context window, which can fit:</p> <ul> <li>More than 10 hours of audio</li> <li>Roughly 400 seconds of 720p video with audio</li> <li>Around 190,000 words of text</li> </ul> <p>Alibaba trained it on more than 100 million hours of native audio-visual data. The practical result: you can build applications where the model reasons across speech, visuals, and text together instead of stitching together separate model outputs.</p> <p>Use cases include:</p> <ul> <li>Voice assistants</li> <li>Video analysis tools</li> <li>Multilingual support agents</li> <li>Accessibility tools</li> <li>Developer productivity workflows using screen recordings</li> </ul> <h2> What changed from Qwen3-Omni </h2> <p>The previous generation, Qwen3-Omni Flash, launched in December 2025 with 234ms response latency. Qwen3.5-Omni is the next full release.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3qqnoy7jlzgxo1nhfduf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3qqnoy7jlzgxo1nhfduf.png" alt="Image" width="800" height="604"></a></p> <h3> 1. Speech recognition now covers 113 languages </h3> <p>Qwen3-Omni supported speech recognition in 19 languages. Qwen3.5-Omni expands that to 113 languages and dialects.</p> <p>Speech generation also increased from 10 languages to 36.</p> <p>For developers, this matters if your app needs to support users outside major Western markets. Instead of routing different languages through separate ASR vendors, you can test one model across a much broader language set.</p> <p>Example workflows:</p> <ul> <li>Transcribe customer support calls in multiple languages</li> <li>Summarize non-English podcasts or interviews</li> <li>Handle bilingual conversations with mid-sentence language switching</li> </ul> <h3> 2. Voice cloning is available through the API </h3> <p>Qwen3.5-Omni Plus and Flash support voice cloning through the API.</p> <p>The workflow is:</p> <ol> <li>Upload or reference a voice sample</li> <li>Send the user prompt and voice configuration</li> <li>Receive speech output in the cloned voice</li> </ol> <p>This is useful for:</p> <ul> <li>Consistent voice personas</li> <li>Branded voice agents</li> <li>Long-running conversational assistants</li> </ul> <p>Voice cloning was not available in the previous generation.</p> <h3> 3. ARIA improves pronunciation for numbers and technical terms </h3> <p>Neural TTS systems often struggle with:</p> <ul> <li>Product names</li> <li>Technical terms</li> <li>Proper nouns</li> <li>Prices</li> <li>Version numbers</li> <li>Acronyms</li> </ul> <p>Qwen3.5-Omni introduces ARIA, a dynamic text-speech synchronization layer. It reads ahead in the text buffer and adjusts phoneme generation before audio is emitted.</p> <p>That helps terms like these render correctly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>IPv6 $249.99 Qwen3.5-Omni </code></pre> </div> <p>This is especially relevant for developer tools, sales assistants, support bots, and technical documentation readers.</p> <h3> 4. Semantic interruption improves voice UX </h3> <p>In many voice systems, any incoming audio is treated as an interruption.</p> <p>That creates bad UX:</p> <ul> <li>User says “uh-huh” → assistant stops</li> <li>User says “right” → assistant stops</li> <li>User says “wait, stop” → assistant should stop</li> </ul> <p>Qwen3.5-Omni distinguishes between backchannels and real interruptions.</p> <p>This makes it more useful for real-time voice assistants where users naturally acknowledge, pause, or interrupt during conversation.</p> <h3> 5. Real-time web search is integrated </h3> <p>Qwen3.5-Omni can query the web during inference and include live results in its response.</p> <p>That means you do not always need to pre-fetch external context and inject it into the prompt yourself.</p> <p>Use this when your app needs current information, such as:</p> <ul> <li>Recent documentation</li> <li>Current pricing</li> <li>News or market updates</li> <li>Live product information</li> </ul> <h3> 6. Screen recordings can become coding input </h3> <p>Qwen3.5-Omni supports “Audio-Visual Vibe Coding.”</p> <p>The workflow:</p> <ol> <li>Record a screen interaction</li> <li>Send the video to the model</li> <li>Ask the model to replicate, explain, or improve what it sees</li> <li>Use the generated code as a starting point</li> </ol> <p>This gives coding assistants a new input format: video.</p> <p>Instead of describing UI behavior in text, you can provide a screen recording and ask for implementation guidance.</p> <h2> Benchmark results </h2> <p>Across 36 audio and audio-visual benchmarks:</p> <ul> <li>Qwen3.5-Omni achieves state-of-the-art on 32 out of 36</li> <li>It sets new state-of-the-art on 22 of those 36</li> <li>It outperforms Gemini 3.1 Pro on general audio understanding, reasoning, and translation</li> <li>It matches Gemini 3.1 Pro on audio-visual comprehension</li> </ul> <p>For speech generation quality, Alibaba reports that Qwen3.5-Omni beats ElevenLabs, GPT-Audio, and Minimax on multilingual voice stability across 20 languages.</p> <p>That comparison is notable because ElevenLabs is a dedicated voice AI company. Still, you should benchmark against your own prompts, languages, accents, and audio conditions before choosing a production model.</p> <h2> Model variants </h2> <p>Alibaba ships three versions.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Variant</th> <th>Best for</th> </tr> </thead> <tbody> <tr> <td>Qwen3.5-Omni Plus</td> <td>Maximum quality; audio-visual reasoning, voice cloning, long-context tasks</td> </tr> <tr> <td>Qwen3.5-Omni Flash</td> <td>Balanced speed and quality; real-time voice chat, production APIs</td> </tr> <tr> <td>Qwen3.5-Omni Light</td> <td>Low-latency tasks; mobile and edge scenarios</td> </tr> </tbody> </table></div> <p>All three handle text, images, audio, and video as input.</p> <p>The differences are mainly:</p> <ul> <li>Output quality</li> <li>Latency</li> <li>Cost</li> <li>Deployment fit</li> </ul> <p>For most production APIs, start by testing Flash. Use Plus when quality matters more than latency or cost. Use Light for latency-sensitive scenarios.</p> <h2> Working with the 256K token context window </h2> <p>Qwen3.5-Omni supports up to 256,000 input tokens.</p> <p>In practice, that means you can send:</p> <ul> <li>A long meeting recording</li> <li>A full support call</li> <li>A product demo video</li> <li>A large document</li> <li>Mixed text, audio, image, and video context</li> </ul> <p>Approximate capacity:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Input type</th> <th>Approximate capacity</th> </tr> </thead> <tbody> <tr> <td>Audio</td> <td>More than 10 hours of continuous speech</td> </tr> <tr> <td>Video</td> <td>Roughly 400 seconds of 720p video with embedded audio</td> </tr> <tr> <td>Text</td> <td>Around 190,000 words</td> </tr> </tbody> </table></div> <p>For many multimodal use cases, this removes the need to chunk inputs manually.</p> <p>Example prompt for a meeting recording:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Summarize this meeting recording. Return: 1. Main decisions 2. Open questions 3. Action items with owners 4. Risks mentioned 5. Follow-up email draft </code></pre> </div> <p>Example prompt for a product demo video:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Analyze this product demo video. Return: 1. What feature is being demonstrated 2. Step-by-step user flow 3. Any visible bugs or UX friction 4. Suggested improvements 5. A short release note </code></pre> </div> <p>Qwen3.5-Omni’s 256K context is smaller than Gemini 2.5 Pro’s 1M context and larger than many standard multimodal workflows require. Compared with GPT-4o’s 128K context, it gives more room for long audio-visual inputs.</p> <h2> Building multilingual voice workflows </h2> <p>The increase from 19 to 113 speech recognition languages changes how you can design multilingual systems.</p> <h3> Customer support </h3> <p>You can route voice input from many regions into the same model rather than maintaining separate ASR pipelines per language.</p> <p>Example support-agent prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>You are a customer support assistant. Input: - Customer audio - Product documentation - Recent order information Tasks: 1. Detect the spoken language 2. Transcribe the user request 3. Identify the issue 4. Reply in the same language 5. Escalate if the issue involves billing, legal, or account security </code></pre> </div> <h3> Content processing </h3> <p>For podcasts, interviews, and videos, one request can cover transcription, translation, and summarization.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Process this interview. Return: 1. Original-language transcript 2. English translation 3. 5-bullet summary 4. Notable quotes 5. Speaker-by-speaker topic breakdown </code></pre> </div> <h3> Mid-conversation language switching </h3> <p>Bilingual users often switch languages mid-sentence.</p> <p>Qwen3.5-Omni handles this natively, which is useful for:</p> <ul> <li>Support conversations</li> <li>Education apps</li> <li>Travel assistants</li> <li>Internal company tools for global teams</li> </ul> <h2> Architecture: Thinker-Talker with MoE </h2> <p>Qwen3.5-Omni uses a Thinker-Talker architecture.</p> <p>The Thinker processes multimodal input and generates reasoning tokens.</p> <p>The Talker converts those tokens into natural speech in real time using a multi-codebook approach designed to reduce latency.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqenmfvz1twio3948rmin.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqenmfvz1twio3948rmin.png" alt="Image" width="800" height="594"></a></p> <p>The Plus variant uses Mixture of Experts, or MoE. With MoE, only a subset of model parameters activates per token. This keeps inference more efficient than a dense model of equivalent quality.</p> <p>For local deployment:</p> <ul> <li>Use <code>vLLM</code> when possible for MoE-optimized serving</li> <li>Use HuggingFace Transformers if you need broader compatibility</li> <li>Expect higher latency with Transformers on MoE architectures</li> </ul> <p>Basic local deployment decision flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Need production local serving? → Start with vLLM Need experimentation or custom model loading? → Try HuggingFace Transformers Limited GPU memory? → Test Flash or Light before Plus </code></pre> </div> <h2> Testing Qwen3.5-Omni APIs with Apidog </h2> <p>If you evaluate Qwen3.5-Omni through an API, you will likely send multimodal request bodies containing:</p> <ul> <li>Text prompts</li> <li>Image URLs</li> <li>Base64-encoded audio</li> <li>Video references</li> <li>Model variant settings</li> <li>Streaming options</li> <li>Voice cloning parameters</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftux0bpj6cs1yvaff9wkz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftux0bpj6cs1yvaff9wkz.png" alt="Image" width="799" height="530"></a></p> <p>This gets hard to debug with raw <code>curl</code> commands.</p> <p>Apidog is useful for building, saving, and testing these request templates. You can:</p> <ul> <li>Store DashScope API keys as environment variables</li> <li>Create reusable request bodies for Plus, Flash, and Light</li> <li>Compare latency across variants</li> <li>Validate response structure</li> <li>Write automated tests for expected fields</li> </ul> <p>Example API test checklist:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[ ] Request returns HTTP 200 [ ] Response includes text output [ ] Response includes audio output when requested [ ] Latency is within target range [ ] Language detection matches input [ ] Streaming response starts before full generation completes [ ] Error responses are handled correctly </code></pre> </div> <p>A typical multimodal request template might include:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"model"</span><span class="p">:</span><span class="w"> </span><span class="s2">"qwen3.5-omni-flash"</span><span class="p">,</span><span class="w"> </span><span class="nl">"input"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"messages"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"role"</span><span class="p">:</span><span class="w"> </span><span class="s2">"user"</span><span class="p">,</span><span class="w"> </span><span class="nl">"content"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"text"</span><span class="p">,</span><span class="w"> </span><span class="nl">"text"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Summarize this video and extract action items."</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"video_url"</span><span class="p">,</span><span class="w"> </span><span class="nl">"video_url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://example.com/demo.mp4"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"parameters"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"output_modalities"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"text"</span><span class="p">,</span><span class="w"> </span><span class="s2">"audio"</span><span class="p">],</span><span class="w"> </span><span class="nl">"language"</span><span class="p">:</span><span class="w"> </span><span class="s2">"auto"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Use the same saved request against Plus, Flash, and Light to compare output quality and latency under identical inputs.</p> <p>Download Apidog free to start testing multimodal API requests.</p> <h2> Who should evaluate Qwen3.5-Omni? </h2> <p>Qwen3.5-Omni is worth testing if you are building any of the following.</p> <h3> Voice assistants </h3> <p>Use it for real-time speech input and speech output with conversation memory and web retrieval.</p> <p>The semantic interruption and ARIA features address two common voice UX problems:</p> <ul> <li>False interruptions</li> <li>Mispronounced technical terms</li> </ul> <h3> Video analysis tools </h3> <p>Use it for:</p> <ul> <li>Meeting transcription</li> <li>Product demo analysis</li> <li>Tutorial generation</li> <li>Video summarization</li> <li>Screen-recording-to-code workflows</li> </ul> <p>The 256K context window means many recordings can fit in one request.</p> <h3> Multilingual customer products </h3> <p>Use it when your app needs:</p> <ul> <li>113-language ASR</li> <li>36-language TTS</li> <li>Language switching</li> <li>One multimodal model instead of multiple vendors</li> </ul> <h3> Accessibility tooling </h3> <p>Potential workflows include:</p> <ul> <li>Alt text generation</li> <li>Audio descriptions for video</li> <li>Real-time captions</li> <li>Multilingual caption generation</li> </ul> <h3> Developer productivity tools </h3> <p>Audio-Visual Vibe Coding lets developers provide screen recordings as context.</p> <p>Example prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Watch this screen recording of a UI interaction. Generate: 1. React component structure 2. Required state management 3. CSS layout 4. Edge cases 5. A minimal working implementation </code></pre> </div> <h2> Access options </h2> <p>Qwen3.5-Omni is available through:</p> <ul> <li>Alibaba Cloud DashScope API for production API access</li> <li>qwen.ai for web-based testing</li> <li>HuggingFace Hub for model weights and local deployment</li> <li>ModelScope, recommended for users in mainland China</li> </ul> <p>The API follows Alibaba Cloud’s standard authentication model. You need a DashScope API key.</p> <p>Check the DashScope documentation for:</p> <ul> <li>Endpoint details</li> <li>Authentication</li> <li>Streaming support</li> <li>Pricing by modality</li> <li>Rate limits</li> <li>Model availability</li> </ul> <h2> What to test before production </h2> <p>Benchmarks are useful, but your own workload matters more.</p> <p>Before adopting Qwen3.5-Omni, test:</p> <ul> <li>Your users’ accents</li> <li>Your supported languages</li> <li>Domain-specific vocabulary</li> <li>Audio quality from real devices</li> <li>Long recordings</li> <li>Noisy environments</li> <li>Video formats and resolutions</li> <li>Latency under load</li> <li>Voice cloning quality</li> <li>Streaming behavior</li> </ul> <p>Also note:</p> <ul> <li>Voice cloning is API-only for now</li> <li>The qwen.ai web interface does not expose voice cloning yet</li> <li>Local deployment requires significant GPU memory</li> <li>The Plus variant, a 30B MoE model, needs at least 40GB VRAM for comfortable inference</li> <li>Flash and Light are more accessible for smaller deployments</li> </ul> <h2> FAQ </h2> <h3> How is Qwen3.5-Omni different from Qwen2.5-Omni? </h3> <p>Qwen2.5-Omni supported 7B and 3B dense model sizes with 19 languages for speech. Qwen3.5-Omni uses an MoE architecture, expands speech recognition to 113 languages, adds voice cloning, and introduces ARIA for better audio quality. Benchmark performance and context length also increased.</p> <h3> Can I run Qwen3.5-Omni locally? </h3> <p>Yes. You can run it with HuggingFace Transformers or vLLM.</p> <p>For production local deployment, vLLM is the better option because it handles MoE routing more efficiently.</p> <p>The Plus variant needs 40GB+ VRAM. Flash and Light run on smaller GPUs.</p> <h3> Is there a free tier? </h3> <p>The qwen.ai web interface is free to use. API access through DashScope is paid.</p> <p>Pricing depends on modality, such as audio tokens, video frames, and text tokens. Check the DashScope pricing documentation for current details.</p> <h3> Does it support real-time streaming? </h3> <p>Yes. The Thinker-Talker architecture outputs audio in streaming chunks, so the first audio bytes can arrive before the full response is generated.</p> <p>This is important for live voice conversations.</p> <h3> What is the difference between Plus, Flash, and Light? </h3> <p>Plus is the highest-quality variant and is best when accuracy matters more than speed.</p> <p>Flash balances speed and quality and is the best starting point for most production APIs.</p> <p>Light is the fastest option and is intended for latency-sensitive applications such as mobile or edge scenarios.</p> <h3> Can I use my own voice with the API? </h3> <p>Yes. Voice cloning is available through the API.</p> <p>You provide an audio sample of the target voice, and the model uses it for speech output.</p> <p>This feature is not available through the web interface yet.</p> <h3> How does it compare to ElevenLabs for voice generation? </h3> <p>On Alibaba’s benchmarks across 20 languages, Qwen3.5-Omni Plus outperforms ElevenLabs on multilingual voice stability.</p> <p>ElevenLabs still has a longer product track record and more voice-specific customization options. If you only need voice generation, compare both. If you need one integrated multimodal model, Qwen3.5-Omni is the cleaner architecture to test.</p> <h3> Is it safe to send sensitive audio or video data through the API? </h3> <p>Review Alibaba Cloud’s data processing agreement before sending sensitive data.</p> <p>As with any cloud API, assume data may be logged unless the agreement explicitly states otherwise.</p> Pretext.js: The 15KB Library That Makes Text Layout 500x Faster Preecha Tue, 23 Jun 2026 01:01:35 +0000 https://dev.to/preecha/pretextjs-the-15kb-library-that-makes-text-layout-500x-faster-5a4d https://dev.to/preecha/pretextjs-the-15kb-library-that-makes-text-layout-500x-faster-5a4d <h2> TL;DR </h2> <p>Pretext.js is a zero-dependency TypeScript library that measures and positions multiline text with arithmetic instead of DOM layout reads. It avoids forced synchronous reflows, reports benchmarks up to ~500x faster than <code>getBoundingClientRect()</code> for text measurement, and supports major writing systems. If you build virtual scrollers, chat UIs, or data grids, it targets one of the most expensive browser UI bottlenecks: measuring dynamic text.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <h2> Introduction </h2> <p>Every time JavaScript calls <code>getBoundingClientRect()</code> or reads layout properties like <code>offsetHeight</code>, the browser may stop to flush pending styles, recalculate layout, and return the computed value. That forced synchronous reflow is expensive.</p> <p>Now apply that to:</p> <ul> <li>1,000 chat bubbles in a virtualized list</li> <li>10,000 rows in a data grid</li> <li>Streaming API responses that constantly append text</li> <li>Multilingual feeds with unpredictable line wrapping</li> </ul> <p>The result is usually dropped frames, visible scroll jumps, and layout jank.</p> <p>Apidog teams building API-driven frontends know this pain well: streaming response data into dynamic UIs is hard when every layout measurement fights the rendering pipeline.</p> <p>Cheng Lou, the developer behind <code>react-motion</code> and a core contributor to React and ReasonML at Meta, built Pretext.js to address this. The library shipped in March 2026, gained 14,000+ GitHub stars in days, and triggered a large Hacker News discussion.</p> <p>This guide focuses on how Pretext.js works, where it fits, how to integrate it, and when not to use it.</p> <h2> What is Pretext.js? </h2> <p>Pretext.js is a pure JavaScript/TypeScript text layout engine. It measures and positions multiline text through arithmetic instead of DOM reads.</p> <p>That means:</p> <ul> <li>No <code>getBoundingClientRect()</code> </li> <li>No <code>offsetHeight</code> </li> <li>No forced reflow during layout calculation</li> <li>No off-screen DOM measurement loop</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj9jh5milb4qivpf313w9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj9jh5milb4qivpf313w9.png" alt="Image" width="800" height="347"></a></p> <p>The core idea: instead of asking the browser, “How tall is this rendered text?”, Pretext.js computes the answer from font metrics and line-breaking rules.</p> <p>Basic usage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">prepare</span><span class="p">,</span> <span class="nx">layout</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@chenglou/pretext</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Step 1: prepare text once</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span><span class="dl">'</span><span class="s1">Hello, pretext.js</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">16px "Inter"</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Step 2: compute layout at a target width</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">height</span><span class="p">,</span> <span class="nx">lineCount</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="mi">400</span><span class="p">,</span> <span class="mi">24</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">({</span> <span class="nx">height</span><span class="p">,</span> <span class="nx">lineCount</span> <span class="p">});</span> </code></pre> </div> <p>The API has two main functions:</p> <ul> <li> <code>prepare(text, font)</code> measures and caches text segments.</li> <li> <code>layout(handle, width, lineHeight)</code> computes wrapping and height.</li> </ul> <p><code>prepare()</code> touches the browser through Canvas text measurement. After that, <code>layout()</code> is arithmetic.</p> <h2> Why this matters for API-heavy applications </h2> <p>If your app consumes streaming or frequently changing API data, you often need to know text height before rendering.</p> <p>Common examples:</p> <ul> <li>AI chat interfaces streaming tokens</li> <li>Real-time dashboards showing logs or events</li> <li>Collaborative editors</li> <li>Chat and comment feeds</li> <li>Data grids with variable-height cells</li> </ul> <p>Without precomputed heights, virtual scrollers usually fall back to one of these options:</p> <ol> <li>Render first, measure later.</li> <li>Estimate height, then correct after render.</li> <li>Force fixed-height rows.</li> </ol> <p>All three have tradeoffs. Pretext.js gives you a way to compute text height before creating DOM nodes.</p> <h2> The problem Pretext.js solves </h2> <h3> Forced synchronous reflow </h3> <p>This pattern is common and expensive:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">elements</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelectorAll</span><span class="p">(</span><span class="dl">'</span><span class="s1">.text-block</span><span class="dl">'</span><span class="p">);</span> <span class="nx">elements</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">el</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">height</span> <span class="o">=</span> <span class="nx">el</span><span class="p">.</span><span class="nf">getBoundingClientRect</span><span class="p">().</span><span class="nx">height</span><span class="p">;</span> <span class="c1">// use height for positioning...</span> <span class="p">});</span> </code></pre> </div> <p>Each layout read can force the browser to:</p> <ul> <li>Pause JavaScript</li> <li>Flush pending style changes</li> <li>Recalculate layout</li> <li>Return the computed geometry</li> </ul> <p>In loops, this becomes layout thrashing.</p> <p>For virtualized UI, that cost is especially painful because the whole point is to avoid rendering and measuring thousands of DOM nodes.</p> <h3> The virtual scrolling problem </h3> <p>Virtual scrollers such as <code>react-window</code> or <code>@tanstack/react-virtual</code> need item heights to compute scroll offsets.</p> <p>Fixed-height rows are easy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">rowHeight</span> <span class="o">=</span> <span class="mi">48</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">offset</span> <span class="o">=</span> <span class="nx">index</span> <span class="o">*</span> <span class="nx">rowHeight</span><span class="p">;</span> </code></pre> </div> <p>Variable-height text is harder:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">offset</span> <span class="o">=</span> <span class="nx">heights</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nx">index</span><span class="p">).</span><span class="nf">reduce</span><span class="p">((</span><span class="nx">a</span><span class="p">,</span> <span class="nx">b</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">a</span> <span class="o">+</span> <span class="nx">b</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> </code></pre> </div> <p>The challenge is getting <code>heights</code> without rendering every row.</p> <p>Traditional options include:</p> <ul> <li>Hidden off-screen render containers</li> <li>Post-render measurement</li> <li>Estimated heights</li> <li>Fixed-height constraints</li> </ul> <p>Pretext.js replaces those workarounds with a pre-render calculation.</p> <h2> Benchmark numbers </h2> <p>Pretext.js published benchmark results comparing DOM measurement with <code>layout()</code>.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Approach</th> <th>1,000 text blocks</th> <th>500 text blocks</th> </tr> </thead> <tbody> <tr> <td>DOM with <code>getBoundingClientRect()</code> </td> <td>~94ms</td> <td>~47ms</td> </tr> <tr> <td>Pretext.js <code>layout()</code> </td> <td>~2ms</td> <td>~0.09ms</td> </tr> <tr> <td>Speed difference</td> <td>~47x faster</td> <td>~500x faster</td> </tr> </tbody> </table></div> <p>The improvement comes from avoiding layout reads. DOM measurement has browser rendering overhead; Pretext’s <code>layout()</code> step is arithmetic over prepared segment widths.</p> <h2> How Pretext.js works </h2> <p>Pretext.js has three main phases.</p> <h2> 1. Text segmentation </h2> <p>When you call <code>prepare()</code>, Pretext.js normalizes and segments the input text.</p> <p>It accounts for:</p> <ul> <li>Whitespace handling</li> <li>Unicode line breaking rules, including UAX #14</li> <li>Breakable units</li> <li>Multilingual text behavior</li> </ul> <p>This matters because line wrapping is not the same across writing systems.</p> <p>Examples:</p> <ul> <li>CJK text can break at character-level boundaries.</li> <li>Arabic and Hebrew require bidirectional text handling.</li> <li>Thai does not use spaces between words in the same way English does.</li> <li>Hindi/Devanagari can include conjunct consonants and ligatures.</li> <li>Emoji can span multiple code points.</li> <li>Soft hyphens introduce conditional break opportunities.</li> </ul> <h2> 2. Canvas measurement </h2> <p>After segmentation, Pretext.js measures segments with Canvas <code>measureText()</code>.</p> <p>Example of the underlying browser primitive:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">canvas</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">OffscreenCanvas</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">ctx</span> <span class="o">=</span> <span class="nx">canvas</span><span class="p">.</span><span class="nf">getContext</span><span class="p">(</span><span class="dl">'</span><span class="s1">2d</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">ctx</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Canvas context unavailable</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nx">ctx</span><span class="p">.</span><span class="nx">font</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">16px "Inter"</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">metrics</span> <span class="o">=</span> <span class="nx">ctx</span><span class="p">.</span><span class="nf">measureText</span><span class="p">(</span><span class="dl">'</span><span class="s1">Hello</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">width</span> <span class="o">=</span> <span class="nx">metrics</span><span class="p">.</span><span class="nx">width</span><span class="p">;</span> </code></pre> </div> <p>Canvas text measurement does not trigger DOM layout reflow. Pretext.js caches measurements by segment and font combination, so repeated text/font pairs can reuse previous work.</p> <h2> 3. Arithmetic layout </h2> <p><code>layout()</code> takes the prepared handle, a target width, and a line height.</p> <p>Conceptually, it does this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">let</span> <span class="nx">currentLineWidth</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">lineCount</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">segment</span> <span class="k">of</span> <span class="nx">segments</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentLineWidth</span> <span class="o">+</span> <span class="nx">segment</span><span class="p">.</span><span class="nx">width</span> <span class="o">&gt;</span> <span class="nx">containerWidth</span><span class="p">)</span> <span class="p">{</span> <span class="nx">lineCount</span><span class="o">++</span><span class="p">;</span> <span class="nx">currentLineWidth</span> <span class="o">=</span> <span class="nx">segment</span><span class="p">.</span><span class="nx">width</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">currentLineWidth</span> <span class="o">+=</span> <span class="nx">segment</span><span class="p">.</span><span class="nx">width</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">height</span> <span class="o">=</span> <span class="nx">lineCount</span> <span class="o">*</span> <span class="nx">lineHeight</span><span class="p">;</span> </code></pre> </div> <p>The actual implementation handles Unicode and text layout details, but the performance win comes from the same principle: no DOM, no reflow, no render pass.</p> <h2> Reuse prepared handles </h2> <p>One useful pattern is preparing text once and laying it out at multiple widths.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">prepare</span><span class="p">,</span> <span class="nx">layout</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@chenglou/pretext</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span><span class="nx">longArticleText</span><span class="p">,</span> <span class="dl">'</span><span class="s1">16px "Inter"</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">mobile</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="mi">375</span><span class="p">,</span> <span class="mi">24</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">tablet</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="mi">768</span><span class="p">,</span> <span class="mi">24</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">desktop</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="mi">1200</span><span class="p">,</span> <span class="mi">24</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">({</span> <span class="na">mobileHeight</span><span class="p">:</span> <span class="nx">mobile</span><span class="p">.</span><span class="nx">height</span><span class="p">,</span> <span class="na">tabletHeight</span><span class="p">:</span> <span class="nx">tablet</span><span class="p">.</span><span class="nx">height</span><span class="p">,</span> <span class="na">desktopHeight</span><span class="p">:</span> <span class="nx">desktop</span><span class="p">.</span><span class="nx">height</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>This is useful for responsive layouts where the same content needs to be measured against different container widths.</p> <h2> Practical implementation patterns </h2> <h2> 1. Variable-height virtual scrolling </h2> <p>Use Pretext.js to precompute row heights before passing them into a virtualizer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">prepare</span><span class="p">,</span> <span class="nx">layout</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@chenglou/pretext</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">TextItem</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">content</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">computeHeights</span><span class="p">(</span><span class="nx">items</span><span class="p">:</span> <span class="nx">TextItem</span><span class="p">[],</span> <span class="nx">containerWidth</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">font</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">14px "Inter"</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">lineHeight</span> <span class="o">=</span> <span class="mi">20</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">verticalPadding</span> <span class="o">=</span> <span class="mi">32</span><span class="p">;</span> <span class="k">return</span> <span class="nx">items</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">item</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span><span class="nx">item</span><span class="p">.</span><span class="nx">content</span><span class="p">,</span> <span class="nx">font</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">height</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="nx">containerWidth</span><span class="p">,</span> <span class="nx">lineHeight</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">item</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">height</span><span class="p">:</span> <span class="nx">height</span> <span class="o">+</span> <span class="nx">verticalPadding</span><span class="p">,</span> <span class="p">};</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">heights</span> <span class="o">=</span> <span class="nf">computeHeights</span><span class="p">(</span><span class="nx">chatMessages</span><span class="p">,</span> <span class="mi">600</span><span class="p">);</span> </code></pre> </div> <p>This avoids:</p> <ul> <li>Rendering hidden rows</li> <li>Measuring DOM nodes</li> <li>Correcting estimated heights after paint</li> </ul> <h2> 2. AI chat interfaces </h2> <p>Streaming chat UIs update text many times while a response is being generated. If every update causes DOM measurement, the UI can stutter.</p> <p>With Pretext.js, update the item height from text data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">prepare</span><span class="p">,</span> <span class="nx">layout</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@chenglou/pretext</span><span class="dl">'</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">streamedText</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">font</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">15px "SF Pro"</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">lineHeight</span> <span class="o">=</span> <span class="mi">22</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">bubbleWidth</span> <span class="o">=</span> <span class="mi">520</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">padding</span> <span class="o">=</span> <span class="mi">24</span><span class="p">;</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">streamedText</span> <span class="o">+=</span> <span class="nx">token</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span><span class="nx">streamedText</span><span class="p">,</span> <span class="nx">font</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">height</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="nx">bubbleWidth</span><span class="p">,</span> <span class="nx">lineHeight</span><span class="p">);</span> <span class="nx">scroller</span><span class="p">.</span><span class="nf">updateItemHeight</span><span class="p">(</span><span class="nx">messageId</span><span class="p">,</span> <span class="nx">height</span> <span class="o">+</span> <span class="nx">padding</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>For better performance, batch token updates instead of recalculating on every single character:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">let</span> <span class="nx">pending</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">scheduled</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">pending</span> <span class="o">+=</span> <span class="nx">token</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">scheduled</span><span class="p">)</span> <span class="p">{</span> <span class="nx">scheduled</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="nf">requestAnimationFrame</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">streamedText</span> <span class="o">+=</span> <span class="nx">pending</span><span class="p">;</span> <span class="nx">pending</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="nx">scheduled</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span><span class="nx">streamedText</span><span class="p">,</span> <span class="nx">font</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">height</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="nx">bubbleWidth</span><span class="p">,</span> <span class="nx">lineHeight</span><span class="p">);</span> <span class="nx">scroller</span><span class="p">.</span><span class="nf">updateItemHeight</span><span class="p">(</span><span class="nx">messageId</span><span class="p">,</span> <span class="nx">height</span> <span class="o">+</span> <span class="nx">padding</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <h2> 3. Data grids with text-heavy cells </h2> <p>Data grids often need row heights before rendering visible rows.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">prepare</span><span class="p">,</span> <span class="nx">layout</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@chenglou/pretext</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">GridRow</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">description</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">computeRowHeight</span><span class="p">(</span><span class="nx">row</span><span class="p">:</span> <span class="nx">GridRow</span><span class="p">,</span> <span class="nx">columnWidth</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">font</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">13px system-ui</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">lineHeight</span> <span class="o">=</span> <span class="mi">18</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">verticalPadding</span> <span class="o">=</span> <span class="mi">16</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span><span class="nx">row</span><span class="p">.</span><span class="nx">description</span><span class="p">,</span> <span class="nx">font</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">height</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="nx">columnWidth</span><span class="p">,</span> <span class="nx">lineHeight</span><span class="p">);</span> <span class="k">return</span> <span class="nx">height</span> <span class="o">+</span> <span class="nx">verticalPadding</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Use this when rows contain long descriptions, logs, comments, or other variable-length text.</p> <h2> 4. Multilingual feeds </h2> <p>Mixed-script feeds are difficult to virtualize because line-breaking behavior varies across languages.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">prepare</span><span class="p">,</span> <span class="nx">layout</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@chenglou/pretext</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">posts</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="na">text</span><span class="p">:</span> <span class="dl">'</span><span class="s1">This library changed everything</span><span class="dl">'</span><span class="p">,</span> <span class="na">lang</span><span class="p">:</span> <span class="dl">'</span><span class="s1">en</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">text</span><span class="p">:</span> <span class="dl">'</span><span class="s1">RTL text with correct bidirectional layout</span><span class="dl">'</span><span class="p">,</span> <span class="na">lang</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ar</span><span class="dl">'</span> <span class="p">},</span> <span class="p">{</span> <span class="na">text</span><span class="p">:</span> <span class="dl">'</span><span class="s1">CJK text gets proper character-level breaks</span><span class="dl">'</span><span class="p">,</span> <span class="na">lang</span><span class="p">:</span> <span class="dl">'</span><span class="s1">zh</span><span class="dl">'</span> <span class="p">},</span> <span class="p">];</span> <span class="kd">const</span> <span class="nx">font</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">16px system-ui</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">width</span> <span class="o">=</span> <span class="mi">400</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">lineHeight</span> <span class="o">=</span> <span class="mi">24</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">post</span> <span class="k">of</span> <span class="nx">posts</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span><span class="nx">post</span><span class="p">.</span><span class="nx">text</span><span class="p">,</span> <span class="nx">font</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">height</span><span class="p">,</span> <span class="nx">lineCount</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="nx">width</span><span class="p">,</span> <span class="nx">lineHeight</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">post</span><span class="p">.</span><span class="nx">lang</span><span class="p">,</span> <span class="p">{</span> <span class="nx">height</span><span class="p">,</span> <span class="nx">lineCount</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>The same API handles different writing systems.</p> <h2> Testing text-heavy API flows with Apidog </h2> <p>When a UI depends on API-provided text, layout correctness also depends on response quality.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4iq5qg0nxweql6gz4ejw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4iq5qg0nxweql6gz4ejw.png" alt="Image" width="799" height="530"></a></p> <p>Use Apidog to test the API payloads that feed your text components. For example, you can create scenarios for:</p> <ul> <li>Short, medium, and long text responses</li> <li>Streaming chunks that simulate LLM output</li> <li>Multilingual payloads</li> <li>Emoji and Unicode edge cases</li> <li>Empty or missing text fields</li> <li>Unexpectedly large responses</li> </ul> <p>For AI chat products, this helps validate:</p> <ul> <li>Chunked streaming behavior</li> <li>Response schema correctness</li> <li>Text field formats</li> <li>Edge cases that affect rendering</li> <li>Automated regression coverage for text layout bugs</li> </ul> <p>Fast measurement helps, but bad API data can still produce broken UI. Test both the rendering layer and the API responses that drive it.</p> <h2> Known limitations </h2> <p>Pretext.js is not a replacement for the browser layout engine in every case.</p> <h2> Rendering accuracy edge cases </h2> <p>Because Pretext.js computes layout separately from DOM rendering, it can diverge from the browser in some cases.</p> <p>Potential causes include:</p> <ul> <li>Unusual kerning pairs</li> <li>Mixed font sizes inside one block</li> <li>Subpixel rendering differences</li> <li>Browser-specific text shaping behavior</li> <li>Differences between Canvas measurement and DOM text rendering</li> </ul> <p>For virtual scrolling, small differences may be acceptable. For pixel-perfect typography, DOM measurement remains the ground truth.</p> <h2> <code>prepare()</code> still has a cost </h2> <p><code>layout()</code> is fast, but <code>prepare()</code> still uses Canvas measurement.</p> <p>Avoid calling <code>prepare()</code> repeatedly for unchanged text. Cache handles by text and font:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">prepare</span><span class="p">,</span> <span class="nx">layout</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@chenglou/pretext</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">cache</span> <span class="o">=</span> <span class="k">new</span> <span class="nb">Map</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="nb">ReturnType</span><span class="o">&lt;</span><span class="k">typeof</span> <span class="nx">prepare</span><span class="o">&gt;&gt;</span><span class="p">();</span> <span class="kd">function</span> <span class="nf">getPreparedText</span><span class="p">(</span><span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">font</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="s2">`</span><span class="p">${</span><span class="nx">font</span><span class="p">}</span><span class="s2">::</span><span class="p">${</span><span class="nx">text</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nx">cache</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">key</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">handle</span><span class="p">)</span> <span class="p">{</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span><span class="nx">text</span><span class="p">,</span> <span class="nx">font</span><span class="p">);</span> <span class="nx">cache</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">key</span><span class="p">,</span> <span class="nx">handle</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">handle</span><span class="p">;</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">measureTextHeight</span><span class="p">(</span><span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">font</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">width</span><span class="p">:</span> <span class="kr">number</span><span class="p">,</span> <span class="nx">lineHeight</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">getPreparedText</span><span class="p">(</span><span class="nx">text</span><span class="p">,</span> <span class="nx">font</span><span class="p">);</span> <span class="k">return</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="nx">width</span><span class="p">,</span> <span class="nx">lineHeight</span><span class="p">).</span><span class="nx">height</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Limited CSS property support </h2> <p>Pretext.js measures raw text with a font specification. It does not fully account for CSS properties such as:</p> <ul> <li><code>letter-spacing</code></li> <li><code>word-spacing</code></li> <li><code>text-indent</code></li> <li><code>text-transform</code></li> <li><code>font-feature-settings</code></li> <li><code>font-variant</code></li> </ul> <p>If your rendered text depends heavily on these properties, measured height may not match the DOM.</p> <h2> It does not render text </h2> <p>Pretext.js computes text layout metrics. It does not display text.</p> <p>You still render with:</p> <ul> <li>DOM</li> <li>Canvas</li> <li>SVG</li> <li>WebGL</li> <li>Another rendering target</li> </ul> <p>Its value is in the measurement step before rendering.</p> <h2> Pretext.js vs. traditional approaches </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Pretext.js</th> <th>DOM measurement</th> <th>Estimated heights</th> </tr> </thead> <tbody> <tr> <td>Speed for 1K items</td> <td>~2ms</td> <td>~94ms</td> <td>~0ms</td> </tr> <tr> <td>Accuracy</td> <td>High, Canvas-based</td> <td>Ground truth</td> <td>Heuristic</td> </tr> <tr> <td>DOM dependency</td> <td>None after <code>prepare()</code> </td> <td>Full</td> <td>None</td> </tr> <tr> <td>Reflow triggers</td> <td>Zero during <code>layout()</code> </td> <td>One per measurement</td> <td>Zero</td> </tr> <tr> <td>Multilingual support</td> <td>Unicode-aware</td> <td>Browser-native</td> <td>Usually poor</td> </tr> <tr> <td>CSS property support</td> <td>Limited</td> <td>Full</td> <td>None</td> </tr> <tr> <td>Memory overhead</td> <td>Cached segments</td> <td>DOM nodes</td> <td>Minimal</td> </tr> <tr> <td>Responsive layout</td> <td>One <code>prepare()</code>, many <code>layout()</code> calls</td> <td>Re-measure per width</td> <td>Re-estimate per width</td> </tr> </tbody> </table></div> <p>Use DOM measurement when you need maximum fidelity. Use Pretext.js when you need fast pre-render measurement for many text blocks and can tolerate minor differences.</p> <h2> Getting started </h2> <h2> Installation </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> @chenglou/pretext <span class="c"># or</span> pnpm add @chenglou/pretext <span class="c"># or</span> bun add @chenglou/pretext </code></pre> </div> <h2> Basic usage </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">prepare</span><span class="p">,</span> <span class="nx">layout</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@chenglou/pretext</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Pretext.js computes text layout without touching the DOM.</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">16px "Inter"</span><span class="dl">'</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="mi">600</span><span class="p">,</span> <span class="mi">24</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">height</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">lineCount</span><span class="p">);</span> </code></pre> </div> <h2> React integration with TanStack Virtual </h2> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">prepare</span><span class="p">,</span> <span class="nx">layout</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@chenglou/pretext</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useVirtualizer</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@tanstack/react-virtual</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">useMemo</span><span class="p">,</span> <span class="nx">useRef</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">react</span><span class="dl">'</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">VirtualChat</span><span class="p">({</span> <span class="nx">messages</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">messages</span><span class="p">:</span> <span class="kr">string</span><span class="p">[]</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">parentRef</span> <span class="o">=</span> <span class="nx">useRef</span><span class="o">&lt;</span><span class="nx">HTMLDivElement</span><span class="o">&gt;</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">containerWidth</span> <span class="o">=</span> <span class="mi">600</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">font</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">14px "Inter"</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">lineHeight</span> <span class="o">=</span> <span class="mi">20</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">verticalPadding</span> <span class="o">=</span> <span class="mi">24</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">heights</span> <span class="o">=</span> <span class="nf">useMemo</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">messages</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">message</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span><span class="nx">message</span><span class="p">,</span> <span class="nx">font</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">height</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="nx">containerWidth</span><span class="p">,</span> <span class="nx">lineHeight</span><span class="p">);</span> <span class="k">return</span> <span class="nx">height</span> <span class="o">+</span> <span class="nx">verticalPadding</span><span class="p">;</span> <span class="p">});</span> <span class="p">},</span> <span class="p">[</span><span class="nx">messages</span><span class="p">]);</span> <span class="kd">const</span> <span class="nx">virtualizer</span> <span class="o">=</span> <span class="nf">useVirtualizer</span><span class="p">({</span> <span class="na">count</span><span class="p">:</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">length</span><span class="p">,</span> <span class="na">getScrollElement</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">parentRef</span><span class="p">.</span><span class="nx">current</span><span class="p">,</span> <span class="na">estimateSize</span><span class="p">:</span> <span class="p">(</span><span class="nx">index</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">heights</span><span class="p">[</span><span class="nx">index</span><span class="p">],</span> <span class="p">});</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">ref</span><span class="p">=</span><span class="si">{</span><span class="nx">parentRef</span><span class="si">}</span> <span class="na">style</span><span class="p">=</span><span class="si">{</span><span class="p">{</span> <span class="na">height</span><span class="p">:</span> <span class="dl">'</span><span class="s1">100vh</span><span class="dl">'</span><span class="p">,</span> <span class="na">overflow</span><span class="p">:</span> <span class="dl">'</span><span class="s1">auto</span><span class="dl">'</span> <span class="p">}</span><span class="si">}</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">style</span><span class="p">=</span><span class="si">{</span><span class="p">{</span> <span class="na">height</span><span class="p">:</span> <span class="nx">virtualizer</span><span class="p">.</span><span class="nf">getTotalSize</span><span class="p">(),</span> <span class="na">position</span><span class="p">:</span> <span class="dl">'</span><span class="s1">relative</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span><span class="si">}</span> <span class="p">&gt;</span> <span class="si">{</span><span class="nx">virtualizer</span><span class="p">.</span><span class="nf">getVirtualItems</span><span class="p">().</span><span class="nf">map</span><span class="p">((</span><span class="nx">virtualRow</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">key</span><span class="p">=</span><span class="si">{</span><span class="nx">virtualRow</span><span class="p">.</span><span class="nx">key</span><span class="si">}</span> <span class="na">style</span><span class="p">=</span><span class="si">{</span><span class="p">{</span> <span class="na">position</span><span class="p">:</span> <span class="dl">'</span><span class="s1">absolute</span><span class="dl">'</span><span class="p">,</span> <span class="na">top</span><span class="p">:</span> <span class="nx">virtualRow</span><span class="p">.</span><span class="nx">start</span><span class="p">,</span> <span class="na">width</span><span class="p">:</span> <span class="nx">containerWidth</span><span class="p">,</span> <span class="p">}</span><span class="si">}</span> <span class="p">&gt;</span> <span class="si">{</span><span class="nx">messages</span><span class="p">[</span><span class="nx">virtualRow</span><span class="p">.</span><span class="nx">index</span><span class="p">]</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">))</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>This computes item heights before messages are rendered by the virtual list.</p> <h2> Wait for web fonts before measuring </h2> <p>If your app uses web fonts, make sure they are loaded before calling <code>prepare()</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">measureAfterFontsLoad</span><span class="p">(</span><span class="nx">text</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nb">document</span><span class="p">.</span><span class="nx">fonts</span><span class="p">.</span><span class="nx">ready</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">handle</span> <span class="o">=</span> <span class="nf">prepare</span><span class="p">(</span><span class="nx">text</span><span class="p">,</span> <span class="dl">'</span><span class="s1">16px "Inter"</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nf">layout</span><span class="p">(</span><span class="nx">handle</span><span class="p">,</span> <span class="mi">600</span><span class="p">,</span> <span class="mi">24</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>If the font is not loaded, Canvas may measure with a fallback font and produce incorrect results.</p> <h2> Interactive playground </h2> <p>The Pretext.js website includes an interactive playground at <code>pretextjs.dev/playground</code>, where you can paste text, choose fonts, adjust container width, and inspect layout behavior before integrating it.</p> <h2> When not to use Pretext.js </h2> <p>Avoid Pretext.js when the browser already solves your problem cheaply.</p> <p>Good reasons not to use it:</p> <ul> <li>Your page is static and not virtualized.</li> <li>You only have a small list of items.</li> <li>You need pixel-perfect print layout.</li> <li>Your text depends heavily on CSS text properties.</li> <li>You need server-side measurement without Canvas polyfills.</li> <li>DOM measurement cost is already negligible in your UI.</li> </ul> <p>For example, measuring 50 static elements may be fast enough with the DOM. The extra dependency may not be worth it.</p> <h2> FAQ </h2> <h2> Is Pretext.js production-ready? </h2> <p>The library shipped in March 2026 and gained 14,000+ GitHub stars within days. Its creator, Cheng Lou, runs Midjourney’s frontend, and the test suite covers many languages and edge cases.</p> <p>That said, it is still a new release. Pin your dependency version and test it with your actual fonts, content, browsers, and layout constraints.</p> <h2> Does it work with React, Vue, and Svelte? </h2> <p>Yes. Pretext.js is framework-agnostic.</p> <p>You can call <code>prepare()</code> and <code>layout()</code> from:</p> <ul> <li>React hooks</li> <li>Vue composables</li> <li>Svelte stores</li> <li>Plain JavaScript modules</li> <li>Worker-like architecture where browser APIs are available</li> </ul> <h2> How does it handle web fonts? </h2> <p><code>prepare()</code> measures with the font available at call time. If the web font has not loaded, measurement may use a fallback font.</p> <p>Use the Font Loading API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nb">document</span><span class="p">.</span><span class="nx">fonts</span><span class="p">.</span><span class="nx">ready</span><span class="p">;</span> </code></pre> </div> <p>Then call <code>prepare()</code>.</p> <h2> Can it be used for Canvas or SVG rendering? </h2> <p>Yes. The computed layout data can inform rendering in DOM, Canvas, SVG, WebGL, or other targets.</p> <p>Pretext.js handles measurement and layout calculation, not rendering.</p> <h2> Does it support RTL languages? </h2> <p>Yes. Pretext.js supports Arabic, Hebrew, and mixed-direction text with bidirectional handling.</p> <h2> What is the bundle size? </h2> <p>The article reports a 15KB minified bundle with zero dependencies. It uses standard browser APIs such as Canvas <code>measureText()</code> and <code>Intl.Segmenter</code> where available.</p> <h2> How accurate is it compared to DOM measurement? </h2> <p>For most text content, the article reports that Pretext.js matches DOM layout within roughly 1–2 pixels. Accuracy depends on fonts, browser behavior, and CSS properties.</p> <p>If you use unsupported CSS properties like <code>letter-spacing</code> or <code>word-spacing</code>, expect larger differences.</p> <h2> Can it measure styled text? </h2> <p>Each <code>prepare()</code> call accepts a single font specification. For mixed styles, such as bold words inside regular text, you need to split the text into style runs and measure them separately.</p> <h2> Conclusion </h2> <p>Pretext.js gives developers a practical way to measure multiline text without forcing DOM reflow. For virtual scrollers, chat interfaces, data grids, and streaming text UIs, that can remove a major source of layout jank.</p> <p>The tradeoff is fidelity. It does not fully support every CSS text property, can differ from DOM rendering in edge cases, and still requires Canvas measurement during <code>prepare()</code>.</p> <p>Use it when you need fast pre-render text heights across many dynamic items. Keep DOM measurement when you need browser-perfect layout accuracy.</p> How to Use ByteDance DeerFlow 2.0 in 2026: Setup, Features, Security, and API Workflow Fit Preecha Mon, 22 Jun 2026 13:02:30 +0000 https://dev.to/preecha/how-to-use-bytedance-deerflow-20-in-2026-setup-features-security-and-api-workflow-fit-pl8 https://dev.to/preecha/how-to-use-bytedance-deerflow-20-in-2026-setup-features-security-and-api-workflow-fit-pl8 <h2> TL;DR / Quick Answer </h2> <p>DeerFlow 2.0 is an open-source super-agent harness from ByteDance for long-horizon tasks, multi-agent delegation, sandboxed execution, and skills-based extensibility. It is not just a coding copilot; it is an execution runtime for complex workflows.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <p>If your team needs end-to-end autonomous task handling, DeerFlow is a strong fit. If your team also ships APIs, pair it with Apidog as your API quality layer for contract design, test governance, mock environments, and documentation.</p> <h2> Why DeerFlow Is Getting Attention </h2> <p>Most AI development tools help with one task at a time: generating code, answering questions, summarizing research, or automating a small workflow.</p> <p>DeerFlow targets a broader use case: orchestrating work across multiple steps.</p> <p>According to the project description, DeerFlow combines:</p> <ul> <li>sub-agents</li> <li>memory</li> <li>sandbox execution</li> <li>tools and skills</li> <li>message gateway channels</li> </ul> <p>That matters because real engineering work rarely fits into one prompt. A useful agent runtime needs to decompose work, inspect files, execute commands, produce artifacts, and iterate based on results.</p> <h2> What DeerFlow 2.0 Actually Changed </h2> <p>DeerFlow 2.0 is a full rewrite. The maintainers state that it shares no code with the 1.x branch.</p> <p>Practical takeaway:</p> <ul> <li>Use <code>main</code> if you want the current DeerFlow 2.0 super-agent harness architecture.</li> <li>Use <code>main-1.x</code> only if you intentionally need legacy behavior.</li> </ul> <p>If you are evaluating DeerFlow today, treat 2.0 as the baseline.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh9uycr5qdeejia4cvyx6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh9uycr5qdeejia4cvyx6.png" alt="Image" width="799" height="444"></a></p> <h2> Core Capability Breakdown </h2> <h3> 1. Skills and Tools </h3> <p>DeerFlow loads skills progressively instead of injecting every capability into the model context at once.</p> <p>That helps with:</p> <ul> <li>long sessions</li> <li>token-sensitive models</li> <li>workflows where the agent only needs certain capabilities at specific stages</li> </ul> <p>It also supports:</p> <ul> <li>built-in tools</li> <li>custom tools</li> <li>MCP server integration</li> </ul> <p>If your team already uses MCP-based integrations, DeerFlow can fit into that tool ecosystem more easily.</p> <h3> 2. Sub-Agents </h3> <p>The lead agent can delegate work to sub-agents with isolated contexts.</p> <p>Use this for workflows like:</p> <ul> <li>repository analysis + test planning + refactor proposal</li> <li>research + implementation + documentation handoff</li> <li>content generation + validation + publishing preparation</li> <li>API implementation + test generation + review</li> </ul> <p>The practical benefit is separation of responsibilities. Instead of forcing one agent context to handle everything, you can split the task into smaller execution stages.</p> <h3> 3. Sandbox and Filesystem </h3> <p>DeerFlow is designed to run execution inside a sandboxed environment with auditable file operations and command execution.</p> <p>This is a major difference between a chatbot and an agent runtime.</p> <p>A chatbot can suggest commands. An execution runtime can work through a task, create files, run commands, inspect outputs, and revise its approach.</p> <h3> 4. Context Engineering and Summarization </h3> <p>DeerFlow emphasizes:</p> <ul> <li>context compression</li> <li>isolated sub-agent context</li> <li>summarization across long workflows</li> </ul> <p>This helps reduce context bloat and keeps long-running tasks more stable.</p> <h3> 5. Long-Term Memory </h3> <p>DeerFlow supports memory that persists across sessions and is stored locally under user control.</p> <p>The project also documents improvements around duplicate-memory handling, which helps avoid repeated fact accumulation over time.</p> <h3> 6. Channel Connectivity </h3> <p>DeerFlow supports task intake from messaging channels such as:</p> <ul> <li>Telegram</li> <li>Slack</li> <li>Feishu/Lark</li> </ul> <p>Channel configuration is handled in <code>config.yaml</code>.</p> <p>This makes DeerFlow useful for team workflows where the agent is not only accessed through a terminal or local UI.</p> <h2> Setup Tutorial: Fastest Safe Path </h2> <p>The official installation docs prioritize Docker when available. That is the safest default for most teams.</p> <h3> Step 1: Clone the repository and initialize config </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/bytedance/deer-flow.git <span class="nb">cd </span>deer-flow make config </code></pre> </div> <h3> Step 2: Configure model providers </h3> <p>Edit <code>config.yaml</code> and define at least one model.</p> <p>DeerFlow supports OpenAI-compatible APIs and CLI-backed providers.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">models</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">gpt-5-responses</span> <span class="na">display_name</span><span class="pi">:</span> <span class="s">GPT-5 (Responses API)</span> <span class="na">use</span><span class="pi">:</span> <span class="s">langchain_openai:ChatOpenAI</span> <span class="na">model</span><span class="pi">:</span> <span class="s">gpt-5</span> <span class="na">api_key</span><span class="pi">:</span> <span class="s">$OPENAI_API_KEY</span> <span class="na">use_responses_api</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">output_version</span><span class="pi">:</span> <span class="s">responses/v1</span> </code></pre> </div> <h3> Step 3: Set environment variables </h3> <p>Set the values referenced by your model configuration.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">OPENAI_API_KEY</span><span class="o">=</span>your-key <span class="nb">export </span><span class="nv">TAVILY_API_KEY</span><span class="o">=</span>your-key </code></pre> </div> <h3> Step 4: Start with Docker </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>make docker-init make docker-start </code></pre> </div> <p>Default access URL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>http://localhost:2026 </code></pre> </div> <h3> Step 5: Use local mode only if needed </h3> <p>If you are not using Docker, run the local setup checks and development server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>make check make <span class="nb">install </span>make dev </code></pre> </div> <h2> Security: The Part Most Teams Skip </h2> <p>DeerFlow's own docs include a strong warning: high-privilege capabilities such as command execution, file operations, and business logic invocation can be risky when exposed without controls.</p> <p>Do not treat DeerFlow like a normal public web app.</p> <h3> Safe baseline </h3> <p>Start with these controls:</p> <ul> <li>Keep deployment local or trusted by default.</li> <li>If cross-network access is required, add IP allowlists.</li> <li>Put a reverse proxy with strong authentication in front.</li> <li>Isolate network segments where possible.</li> <li>Keep DeerFlow updated.</li> <li>Review which tools and commands are available to the agent.</li> <li>Do not enable messaging channels before you have access controls and runbooks.</li> </ul> <h3> Common mistake </h3> <p>The dangerous pattern is exposing DeerFlow publicly without strict authentication, network restrictions, and permission boundaries.</p> <p>Avoid that. Keep the default posture local-first and trusted-network-first.</p> <h2> DeerFlow vs Typical Coding Agent </h2> <p>A better question than "Should DeerFlow replace my coding agent?" is:</p> <blockquote> <p>Which tool should own which part of the workflow?</p> </blockquote> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Workflow need</th> <th>Typical coding agent</th> <th>DeerFlow 2.0</th> </tr> </thead> <tbody> <tr> <td>IDE-centric coding loop</td> <td>Strong</td> <td>Good</td> </tr> <tr> <td>Multi-agent task decomposition</td> <td>Limited to moderate</td> <td>Strong</td> </tr> <tr> <td>Channel-driven operations</td> <td>Usually limited</td> <td>Strong</td> </tr> <tr> <td>Runtime orchestration</td> <td>Limited</td> <td>Strong</td> </tr> <tr> <td>Local trusted deployment focus</td> <td>Varies</td> <td>Explicitly documented</td> </tr> </tbody> </table></div> <p>If your work is mostly PR coding loops, a coding agent may be enough.</p> <p>If your work spans orchestration, channels, research, artifact pipelines, and multi-step automation, DeerFlow is more aligned.</p> <h2> Where Apidog Fits in a DeerFlow Stack </h2> <p>A common mistake is expecting one agent framework to handle the entire software delivery lifecycle.</p> <p>DeerFlow can orchestrate and execute, but API lifecycle quality still needs a dedicated system.</p> <h3> What DeerFlow does well for API teams </h3> <p>Use DeerFlow for execution-heavy work:</p> <ul> <li>scaffolding services and scripts</li> <li>running iterative implementation loops</li> <li>coordinating multi-step engineering automation</li> <li>delegating subtasks to specialized agents</li> <li>producing draft artifacts for review</li> </ul> <h3> What API teams still need beyond DeerFlow </h3> <p>API teams still need a reliable place for:</p> <ul> <li>contract-first API design and review</li> <li>endpoint-level regression test suites</li> <li>reusable mock environments</li> <li>API debugging workflows</li> <li>publishable API documentation</li> <li>governance around schema and behavior changes</li> </ul> <p>That is where Apidog fits.</p> <h3> Practical architecture </h3> <p>Use a split-responsibility model:</p> <ul> <li>DeerFlow automates engineering execution.</li> <li>Apidog defines and governs API behavior.</li> <li>DeerFlow can generate implementation and test candidates.</li> <li>Apidog remains the source of truth for contracts, mocks, tests, and documentation.</li> </ul> <p>This gives you speed without losing control over API correctness.</p> <h2> Example Adoption Blueprint: Week 1 to Week 4 </h2> <h3> Week 1: Local pilot </h3> <p>Start small.</p> <ul> <li>Run DeerFlow locally with Docker.</li> <li>Configure one model provider.</li> <li>Choose one internal workflow.</li> <li>Run it end to end.</li> </ul> <p>Example pilot workflow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Implement a new internal API endpoint from an existing contract, generate a docs stub, and produce test candidates. </code></pre> </div> <p>Do not expose the service outside your local or trusted environment yet.</p> <h3> Week 2: Add task decomposition </h3> <p>Introduce sub-agent stages.</p> <p>Example split:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Stage 1: Analyze the repository. Stage 2: Identify implementation files. Stage 3: Generate code changes. Stage 4: Draft tests. Stage 5: Summarize risks and review notes. </code></pre> </div> <p>Track:</p> <ul> <li>where the agent gets stuck</li> <li>which prompts are too broad</li> <li>which tools are unnecessary</li> <li>which permissions need tightening</li> </ul> <h3> Week 3: Add API governance guardrails </h3> <p>Use Apidog to define and validate API behavior.</p> <p>Add:</p> <ul> <li>OpenAPI contracts</li> <li>endpoint test collections</li> <li>mock responses</li> <li>documentation updates</li> </ul> <p>Then make API tests the gate for DeerFlow-generated changes.</p> <h3> Week 4: Controlled scaling </h3> <p>Only expand access after the local workflow is stable.</p> <ul> <li>Add messaging channels only if operations need them.</li> <li>Keep strict network and authentication boundaries.</li> <li>Document runbooks for approval, retry, rollback, and incident response.</li> <li>Define which agent actions require human review.</li> </ul> <h2> Strengths and Tradeoffs </h2> <h3> DeerFlow strengths </h3> <ul> <li>long-horizon orchestration model</li> <li>sub-agent task decomposition</li> <li>sandbox and filesystem execution model</li> <li>skills-based extensibility</li> <li>MCP integration support</li> <li>active open-source momentum</li> </ul> <h3> DeerFlow tradeoffs </h3> <ul> <li>more operational complexity than simple coding assistants</li> <li>higher security responsibility outside local environments</li> <li>requires disciplined configuration</li> <li>needs governance for production-grade usage</li> <li>can produce risky outcomes if granted broad command or file permissions without controls</li> </ul> <h2> Hands-On Workflow: DeerFlow + Apidog for an API Delivery Loop </h2> <p>Here is a practical workflow for teams shipping REST APIs.</p> <h3> Scenario </h3> <p>You need to ship a new internal REST API endpoint with:</p> <ul> <li>strict request and response contracts</li> <li>automated regression tests</li> <li>deploy-safe change checks</li> <li>fast iteration from idea to implementation</li> </ul> <h3> Step A: Define the API contract in Apidog first </h3> <p>Start with the contract before asking the agent to implement anything.</p> <p>Define:</p> <ul> <li>endpoint path</li> <li>HTTP method</li> <li>request schema</li> <li>response schema</li> <li>error objects</li> <li>status codes</li> <li>authentication requirements</li> </ul> <p>Example contract checklist:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POST /internal/users/search Request: - query: string - limit: number - cursor: string | null Response: - items: User[] - nextCursor: string | null Errors: - 400 invalid_request - 401 unauthorized - 500 internal_error </code></pre> </div> <p>This becomes the source of truth for the implementation.</p> <h3> Step B: Ask DeerFlow to generate implementation candidates </h3> <p>Use DeerFlow for the execution-heavy parts.</p> <p>Good tasks for DeerFlow:</p> <ul> <li>scaffold route handlers</li> <li>implement service layer logic</li> <li>draft migration scripts</li> <li>generate unit test templates</li> <li>generate integration test templates</li> <li>inspect existing code patterns</li> </ul> <p>Give DeerFlow specific contract constraints.</p> <p>Instead of this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Build the user search endpoint. </code></pre> </div> <p>Use this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Implement POST /internal/users/search according to the provided OpenAPI contract. Constraints: - Do not change the response shape. - Preserve existing auth middleware. - Add negative-path tests for invalid query and missing auth. - Follow existing repository patterns for route registration. - Summarize all files changed. </code></pre> </div> <h3> Step C: Run contract and regression tests in Apidog </h3> <p>Validate the generated implementation against your Apidog test suite.</p> <p>Check:</p> <ul> <li>contract conformance</li> <li>required fields</li> <li>optional fields</li> <li>error responses</li> <li>auth behavior</li> <li>backward compatibility</li> </ul> <p>If tests fail, send the concrete failure output back to DeerFlow.</p> <p>Example feedback prompt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>The Apidog contract test failed. Failure: Expected response field `nextCursor` to be nullable string. Actual response omitted `nextCursor` when there are no more results. Update the implementation to always return `nextCursor: null` when no cursor exists. Do not change the API contract. </code></pre> </div> <p>This keeps the agent focused on targeted fixes instead of broad rewrites.</p> <h3> Step D: Keep governance boundaries clear </h3> <p>Use this rule:</p> <ul> <li>DeerFlow owns execution velocity.</li> <li>Apidog owns API correctness and collaboration governance.</li> </ul> <p>That boundary prevents agent drift, where generated implementation starts diverging from the intended API behavior.</p> <h2> Configuration Patterns That Work Well </h2> <p>Teams usually succeed faster when they define explicit operating profiles.</p> <h3> Profile 1: Local trusted development </h3> <p>Best for early adoption.</p> <p>Use this when:</p> <ul> <li>one developer is testing DeerFlow</li> <li>workflows are experimental</li> <li>security boundaries are not fully documented yet</li> </ul> <p>Recommended setup:</p> <ul> <li>run DeerFlow on loopback only</li> <li>keep sandbox local or Docker-based</li> <li>disable external channel ingress</li> <li>limit tool permissions</li> <li>avoid storing unnecessary secrets in the environment</li> </ul> <h3> Profile 2: Internal team environment </h3> <p>Use this for cross-device access inside a company network.</p> <p>Recommended setup:</p> <ul> <li>place DeerFlow behind an authenticated reverse proxy</li> <li>apply IP allowlists</li> <li>enforce audit logging for tool actions</li> <li>document allowed workflows</li> <li>restrict high-risk commands</li> <li>review channel integrations before enabling them</li> </ul> <h3> Profile 3: Controlled automation cell </h3> <p>Use this for higher-volume automation.</p> <p>Recommended setup:</p> <ul> <li>dedicate a network segment</li> <li>use strict capability limits per agent role</li> <li>rotate provider credentials</li> <li>monitor provider usage</li> <li>log command execution</li> <li>define approval points for destructive actions</li> </ul> <p>These patterns align with DeerFlow's security recommendations and reduce operational risk.</p> <h2> Common Failure Modes and Fixes </h2> <h3> Failure mode 1: One giant prompt </h3> <p>Teams try to solve an entire workflow in one lead-agent pass.</p> <p>Result:</p> <ul> <li>context instability</li> <li>unclear intermediate state</li> <li>poor debugging</li> <li>broad, unfocused changes</li> </ul> <p>Fix:</p> <ul> <li>split work into sub-agent stages</li> <li>define completion criteria per stage</li> <li>write intermediate results to files</li> <li>summarize outputs before moving to the next stage</li> </ul> <p>Example structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Analyze repo structure. 2. Identify files to modify. 3. Draft implementation plan. 4. Apply code changes. 5. Generate tests. 6. Run checks. 7. Summarize results. </code></pre> </div> <h3> Failure mode 2: Unclear model routing </h3> <p>Multi-provider setups become hard to debug when every task can hit any model.</p> <p>Fix:</p> <ul> <li>define task-to-model mapping in <code>config.yaml</code> </li> <li>reserve stronger reasoning models for planning and decomposition</li> <li>use faster models for deterministic transform tasks</li> <li>document which provider handles which workflow type</li> </ul> <p>Example routing policy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Planning: high-reasoning model Code transformation: faster implementation model Summarization: low-cost model Validation review: high-reasoning model </code></pre> </div> <h3> Failure mode 3: Security added too late </h3> <p>Teams expose services to broader networks before authentication and network policies are ready.</p> <p>Fix:</p> <ul> <li>keep local-first as the default</li> <li>add reverse proxy authentication before external exposure</li> <li>apply IP allowlists</li> <li>review command and file permissions</li> <li>delay channel integrations until access controls are ready</li> </ul> <h3> Failure mode 4: No API quality gate </h3> <p>Agent-generated changes may pass code review but still break integration contracts.</p> <p>Fix:</p> <ul> <li>enforce Apidog contract tests in CI</li> <li>require a green API test suite before merge</li> <li>keep docs and mocks synchronized with contract updates</li> <li>send concrete test failures back to DeerFlow for targeted fixes</li> </ul> <h2> What to Measure After Adoption </h2> <p>To decide whether DeerFlow is delivering real value, track operational metrics.</p> <p>Measure:</p> <ul> <li>cycle time from task intake to validated output</li> <li>defect rate on agent-assisted changes</li> <li>rework ratio after API contract validation</li> <li>number of failed automation runs</li> <li>number of incidents tied to permissions or sandbox configuration</li> <li>percentage of workflows that require manual recovery</li> </ul> <p>Then compare against your pre-DeerFlow baseline.</p> <p>Use the results to tune your setup:</p> <ul> <li>If velocity improves but governance risk increases, tighten permissions and review gates.</li> <li>If governance is strong but velocity stalls, improve sub-agent decomposition and model routing.</li> <li>If output quality varies, add clearer completion criteria and validation steps.</li> </ul> <h2> FAQ </h2> <h3> Is DeerFlow open source? </h3> <p>Yes. DeerFlow is released under the MIT License.</p> <h3> Is DeerFlow 2.0 the same as DeerFlow 1.x? </h3> <p>No. The maintainers describe DeerFlow 2.0 as a ground-up rewrite. The 1.x line remains in a separate branch.</p> <h3> What runtime requirements should I expect? </h3> <p>The project documents Python 3.12+ and Node.js 22+ in current materials. Docker is recommended for setup.</p> <h3> Can DeerFlow be used only through terminal or UI? </h3> <p>No. It also supports messaging-channel integrations and an embedded Python client path.</p> <h3> Can DeerFlow replace Apidog for API teams? </h3> <p>No. DeerFlow can automate implementation workflows, but it is not a replacement for API lifecycle governance.</p> <p>Apidog is the better layer for schema-first API design, testing, mocks, and documentation.</p> <h2> Final Verdict </h2> <p>DeerFlow 2.0 is a capable open-source agent harness for teams that need more than chatbot-style assistance.</p> <p>The best production posture is pragmatic:</p> <ul> <li>use DeerFlow for orchestration and execution</li> <li>use Apidog for API quality governance</li> <li>keep security boundaries strict from day one</li> <li>validate generated API changes against contracts before merge</li> </ul> <p>That architecture gives you both velocity and reliability.</p> Best API Catalog Tools: Top Solutions for 2026 Preecha Mon, 22 Jun 2026 01:01:18 +0000 https://dev.to/preecha/best-api-catalog-tools-top-solutions-for-2026-4g8n https://dev.to/preecha/best-api-catalog-tools-top-solutions-for-2026-4g8n <p>As API estates grow across microservices, teams, and cloud platforms, an API catalog becomes the system of record developers use to find, understand, reuse, and govern APIs. This guide explains what API catalog tools do, which features matter in 2026, and how to evaluate options such as Apidog, DigitalAPI, RapidAPI Enterprise Hub, Collibra, Alation, Atlan, and MuleSoft API Catalog.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <h2> What Are API Catalog Tools? </h2> <p>API catalog tools centralize API information in one searchable place. A good catalog typically stores:</p> <ul> <li>API documentation</li> <li>Ownership and team metadata</li> <li>API type and protocol</li> <li>Version information</li> <li>Lifecycle status</li> <li>Security and governance details</li> <li>Links to specs, gateways, repositories, or developer portals</li> </ul> <p>In practice, an API catalog acts as the API source of truth for developers, architects, platform teams, and business stakeholders.</p> <p>Without a catalog, organizations often run into:</p> <ul> <li>Duplicate APIs built by different teams</li> <li>Inconsistent API standards</li> <li>Undocumented or "shadow" APIs</li> <li>Slow onboarding for new developers</li> <li>Weak auditability for compliance programs</li> </ul> <p>A catalog helps teams answer practical questions quickly:</p> <ul> <li>Does an API for this use case already exist?</li> <li>Who owns this API?</li> <li>Is this version still supported?</li> <li>Where is the OpenAPI spec?</li> <li>Can this API be reused safely?</li> <li>Is this endpoint compliant with internal policies?</li> </ul> <h2> Why API Catalog Tools Matter in 2026 </h2> <p>Microservices, event-driven systems, and multi-cloud architectures have increased the number of APIs most teams need to manage. That flexibility is useful, but it also creates operational problems.</p> <p>Common API catalog use cases include:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Challenge</th> <th>How an API catalog helps</th> </tr> </thead> <tbody> <tr> <td>API sprawl</td> <td>Creates a searchable inventory across teams, gateways, and environments</td> </tr> <tr> <td>Redundant development</td> <td>Helps developers find and reuse existing APIs</td> </tr> <tr> <td>Shadow APIs</td> <td>Improves visibility into undocumented or unmanaged endpoints</td> </tr> <tr> <td>Compliance</td> <td>Tracks ownership, lifecycle status, and policy metadata</td> </tr> <tr> <td>Onboarding delays</td> <td>Gives new developers one place to find API docs and usage details</td> </tr> <tr> <td>Version confusion</td> <td>Shows current, deprecated, and legacy API versions</td> </tr> </tbody> </table></div> <p>For teams managing hundreds or thousands of APIs, a catalog is no longer just documentation. It becomes part of API governance, platform engineering, and developer experience.</p> <h2> Key Features to Look For in an API Catalog Tool </h2> <p>Use the following checklist when evaluating API catalog tools.</p> <h3> 1. Unified API Discovery and Search </h3> <p>A useful catalog should let developers search across different API types and metadata fields.</p> <p>Look for support for:</p> <ul> <li>REST APIs</li> <li>SOAP APIs</li> <li>GraphQL APIs</li> <li>Event-driven APIs</li> <li>API version</li> <li>Owner or team</li> <li>Business domain</li> <li>Lifecycle status</li> <li>Tags or categories</li> </ul> <p>Example search filters developers commonly need:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>domain:payments status:production owner:platform </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>type:graphql lifecycle:deprecated </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>tag:customer-data version:v2 </code></pre> </div> <h3> 2. Automated Documentation and Spec Import </h3> <p>Manual API catalogs become stale quickly. Prioritize tools that can import or sync API definitions from existing sources.</p> <p>Useful import sources include:</p> <ul> <li>OpenAPI / Swagger</li> <li>RAML</li> <li>Postman collections</li> <li>API gateways</li> <li>Source control repositories</li> <li>CI/CD pipelines</li> </ul> <p>A practical workflow looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>API spec updated -&gt; CI pipeline runs -&gt; catalog syncs latest spec -&gt; docs update automatically </code></pre> </div> <p>This reduces the gap between implementation and documentation.</p> <h3> 3. Lifecycle and Governance Management </h3> <p>API catalogs should make lifecycle status visible and enforceable.</p> <p>Typical lifecycle stages include:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Design -&gt; Development -&gt; Testing -&gt; Production -&gt; Deprecated -&gt; Retired </code></pre> </div> <p>Governance features to evaluate:</p> <ul> <li>Required ownership metadata</li> <li>Review and approval workflows</li> <li>Role-based access control</li> <li>Policy checks</li> <li>Deprecation tracking</li> <li>Audit history</li> <li>Compliance metadata</li> </ul> <p>For example, a platform team may require every production API to include:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">owner</span><span class="pi">:</span> <span class="s">payments-platform</span> <span class="na">status</span><span class="pi">:</span> <span class="s">production</span> <span class="na">version</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">security</span><span class="pi">:</span> <span class="s">oauth2</span> <span class="na">documentation</span><span class="pi">:</span> <span class="s">published</span> <span class="na">deprecationDate</span><span class="pi">:</span> <span class="kc">null</span> </code></pre> </div> <h3> 4. Versioning and Change Management </h3> <p>A catalog should help developers understand which API version to use and what changed between releases.</p> <p>Look for:</p> <ul> <li>Version history</li> <li>Changelogs</li> <li>Deprecation notices</li> <li>Breaking-change visibility</li> <li>Links to related specs or docs</li> <li>Consumer impact information</li> </ul> <p>A simple changelog entry might look like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gu">## v2.1.0</span> <span class="gu">### Added</span> <span class="p">-</span> Added <span class="sb">`customerTier`</span> field to <span class="sb">`GET /customers/{id}`</span> response. <span class="gu">### Changed</span> <span class="p">-</span> Updated pagination defaults for <span class="sb">`GET /customers`</span>. <span class="gu">### Deprecated</span> <span class="p">-</span> Deprecated <span class="sb">`legacyCustomerId`</span>. </code></pre> </div> <h3> 5. Collaboration and Usage Insight </h3> <p>API catalogs are more useful when developers can contribute context.</p> <p>Helpful collaboration capabilities include:</p> <ul> <li>Comments</li> <li>Documentation edits</li> <li>Ownership requests</li> <li>Feedback workflows</li> <li>Internal ratings or recommendations</li> <li>API usage analytics</li> </ul> <p>Usage metrics can help platform teams identify:</p> <ul> <li>Frequently reused APIs</li> <li>APIs with outdated docs</li> <li>APIs that should be deprecated</li> <li>APIs that need better onboarding examples</li> </ul> <h2> Top API Catalog Tools for 2026 </h2> <p>Below are API catalog tools commonly used for cataloging, discoverability, governance, and integration across different organization types.</p> <h2> 1. Apidog </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgk7i162ffld3wa5jei62.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgk7i162ffld3wa5jei62.png" alt="Image" width="800" height="400"></a></p> <p>Apidog is an all-in-one API development platform for designing, cataloging, documenting, debugging, mocking, and testing APIs. It supports importing API specs from formats such as Swagger and Postman, generates interactive documentation, and helps teams keep API information updated as APIs evolve.</p> <p>Key capabilities include:</p> <ul> <li>Centralized API catalog with metadata and search</li> <li>Import from popular API formats</li> <li>Live online API documentation</li> <li>Integrated mocking, debugging, and testing</li> <li>UI designed for both technical and non-technical collaborators</li> </ul> <p>A practical Apidog workflow can look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Import existing API specs. 2. Organize APIs by project, service, domain, or team. 3. Add ownership and lifecycle metadata. 4. Generate interactive documentation. 5. Share docs with internal developers or stakeholders. 6. Use built-in testing and mocking during development. 7. Update the catalog as APIs change. </code></pre> </div> <p>Apidog is a strong fit for teams that want API cataloging, documentation, testing, and collaboration in one workflow.</p> <h2> 2. DigitalAPI </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0wuf3kg52pf6lrgle345.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0wuf3kg52pf6lrgle345.png" alt="Image" width="800" height="347"></a></p> <p>DigitalAPI is designed to unify distributed API estates into a single catalog. It focuses on multi-gateway aggregation, OpenAPI normalization, lifecycle management, policy management, and federated discovery.</p> <p>Best for:</p> <ul> <li>Large enterprises</li> <li>Multi-cloud API environments</li> <li>Teams managing APIs across several gateways</li> <li>Organizations that need centralized API visibility</li> </ul> <p>Implementation focus:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Connect gateways -&gt; Aggregate API inventory -&gt; Normalize definitions -&gt; Apply lifecycle and policy metadata -&gt; Enable federated discovery </code></pre> </div> <h2> 3. RapidAPI Enterprise Hub </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg7kxujcpr3flhwfrmx98.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg7kxujcpr3flhwfrmx98.png" alt="Image" width="799" height="291"></a></p> <p>RapidAPI Enterprise Hub provides a private marketplace for internal and external APIs. It includes cataloging, analytics, access controls, search, and subscription management.</p> <p>Best for:</p> <ul> <li>Enterprises sharing APIs across business units</li> <li>Organizations exposing APIs to partners</li> <li>Teams that need marketplace-style API discovery</li> <li>API programs with access approval workflows</li> </ul> <p>A typical use case:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Publish internal API -&gt; Add docs and access rules -&gt; Developers request access -&gt; API owner approves subscription -&gt; Usage is tracked </code></pre> </div> <h2> 4. Collibra </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq01gdupx5clvoksatae5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq01gdupx5clvoksatae5.png" alt="Image" width="800" height="248"></a></p> <p>Collibra is primarily a data governance platform, but it also supports API cataloging capabilities with lineage tracking and policy enforcement.</p> <p>Best for:</p> <ul> <li>Regulated industries</li> <li>Data governance teams</li> <li>Organizations that need lineage from data assets to API consumers</li> <li>Compliance-focused API programs</li> </ul> <p>Use Collibra when API cataloging needs to connect closely with data governance, policy, and lineage workflows.</p> <h2> 5. Alation </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdqmcb6weunbun4q8psnp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdqmcb6weunbun4q8psnp.png" alt="Image" width="800" height="368"></a></p> <p>Alation provides API catalog capabilities as part of its broader data intelligence platform. Its strengths include discoverability, business metadata, and collaborative documentation.</p> <p>Best for:</p> <ul> <li>Data-driven organizations</li> <li>Teams that want API metadata connected to broader data context</li> <li>Catalog programs emphasizing collaboration and business definitions</li> </ul> <h2> 6. Atlan </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F28zwb7y720jq7rxcpzfx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F28zwb7y720jq7rxcpzfx.png" alt="Image" width="800" height="504"></a></p> <p>Atlan is a modern data catalog platform with support for API discovery, metadata management, and lineage.</p> <p>Best for:</p> <ul> <li>Data teams that need API visibility</li> <li>Enterprises connecting APIs with data assets</li> <li>Organizations focused on metadata and lineage across systems</li> </ul> <h2> 7. MuleSoft API Catalog </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6fmw4rkrhomia7ut9d5l.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6fmw4rkrhomia7ut9d5l.png" alt="Image" width="800" height="261"></a></p> <p>MuleSoft Anypoint Exchange provides cataloging, versioning, and governance for APIs built and managed within the MuleSoft ecosystem.</p> <p>Best for:</p> <ul> <li>MuleSoft users</li> <li>Organizations standardized on Anypoint Platform</li> <li>Teams that need API cataloging inside an existing MuleSoft workflow</li> </ul> <p>A typical MuleSoft-centered workflow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Design API -&gt; Publish to Anypoint Exchange -&gt; Manage versions -&gt; Apply governance -&gt; Enable reuse across MuleSoft projects </code></pre> </div> <h2> Practical API Catalog Implementation Examples </h2> <h3> Example 1: Improve Developer Onboarding with Apidog </h3> <p>A fintech team can use Apidog to import existing APIs, organize them by business domain, and publish interactive documentation.</p> <p>Implementation steps:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Export or collect existing API specs. 2. Import specs into Apidog. 3. Group APIs by service, product, or domain. 4. Add owner and lifecycle metadata. 5. Publish interactive docs. 6. Share the catalog with new developers. </code></pre> </div> <p>Expected outcome:</p> <ul> <li>Developers find APIs faster</li> <li>Teams avoid rebuilding existing endpoints</li> <li>Documentation stays closer to implementation</li> <li>API standards become easier to follow</li> </ul> <h3> Example 2: Enforce Governance Across Gateways with DigitalAPI </h3> <p>A healthcare provider managing APIs across multiple gateways can use DigitalAPI to centralize discovery and policy visibility.</p> <p>Implementation steps:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Connect API gateways. 2. Aggregate APIs into one catalog. 3. Normalize API definitions. 4. Add lifecycle and ownership metadata. 5. Apply policy checks. 6. Track auditable records for compliance. </code></pre> </div> <p>This is useful when APIs must meet regulatory or internal governance requirements.</p> <h3> Example 3: Support Multi-Cloud API Discovery with RapidAPI Enterprise Hub </h3> <p>A retail organization running APIs across AWS, Azure, and on-premise systems can use RapidAPI Enterprise Hub to provide a unified API marketplace.</p> <p>Implementation steps:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Publish APIs from each environment. 2. Add searchable descriptions and tags. 3. Define access controls. 4. Enable developer subscriptions. 5. Track usage and adoption. </code></pre> </div> <p>This makes it easier for internal teams and partners to discover and request access to APIs.</p> <h3> Example 4: Connect API and Data Governance with Collibra </h3> <p>A data-driven enterprise can use Collibra to connect API metadata with data lineage and governance policies.</p> <p>Implementation steps:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Catalog APIs that expose governed data. 2. Link APIs to related data assets. 3. Add business definitions and policy metadata. 4. Track ownership and lineage. 5. Use the catalog for compliance reviews. </code></pre> </div> <p>This helps teams understand how data moves from source systems to API consumers.</p> <h2> How Apidog Fits into an API Catalog Workflow </h2> <p>Apidog is useful when your API catalog needs to be more than a static registry. It combines cataloging with API design, documentation, debugging, mocking, and testing.</p> <p>A practical team workflow in Apidog could be:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Create or import an API definition. 2. Document endpoints, parameters, examples, and responses. 3. Generate interactive documentation. 4. Mock endpoints before backend implementation is complete. 5. Debug and test APIs during development. 6. Share the API with teammates for review. 7. Keep documentation updated as the API changes. </code></pre> </div> <p>Reasons teams may choose Apidog:</p> <ul> <li>Import existing APIs quickly</li> <li>Generate interactive API documentation</li> <li>Share APIs across teams</li> <li>Keep design, docs, tests, and mocks in one place</li> <li>Support collaboration between developers, QA, and product stakeholders</li> <li>Track changes and maintain a more reliable API catalog</li> </ul> <h2> How to Choose the Right API Catalog Tool </h2> <p>Use this evaluation checklist before choosing a tool.</p> <h3> 1. Map Your API Sources </h3> <p>List where APIs currently live:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- API gateways - Git repositories - OpenAPI files - Postman collections - Internal developer portals - Cloud environments - Service registries </code></pre> </div> <p>Then check whether the catalog tool can import or sync from those sources.</p> <h3> 2. Define Required Metadata </h3> <p>Decide which fields every cataloged API must include.</p> <p>Example metadata model:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Customer Profile API</span> <span class="na">owner</span><span class="pi">:</span> <span class="s">customer-platform</span> <span class="na">businessDomain</span><span class="pi">:</span> <span class="s">customer</span> <span class="na">apiType</span><span class="pi">:</span> <span class="s">REST</span> <span class="na">version</span><span class="pi">:</span> <span class="s">v2</span> <span class="na">status</span><span class="pi">:</span> <span class="s">production</span> <span class="na">security</span><span class="pi">:</span> <span class="s">OAuth2</span> <span class="na">repository</span><span class="pi">:</span> <span class="s">https://example.com/repo</span> <span class="na">documentationStatus</span><span class="pi">:</span> <span class="s">published</span> <span class="na">lastReviewed</span><span class="pi">:</span> <span class="s">2026-01-15</span> </code></pre> </div> <h3> 3. Check API Type Coverage </h3> <p>Confirm support for the API styles your teams use:</p> <ul> <li>REST</li> <li>SOAP</li> <li>GraphQL</li> <li>Async or event-driven APIs</li> <li>Internal APIs</li> <li>Partner APIs</li> <li>Public APIs</li> </ul> <h3> 4. Review Governance and Access Control </h3> <p>Evaluate whether the tool supports:</p> <ul> <li>Role-based access</li> <li>Approval workflows</li> <li>Ownership tracking</li> <li>Lifecycle states</li> <li>Deprecation notices</li> <li>Audit logs</li> <li>Policy enforcement</li> </ul> <h3> 5. Test the Developer Experience </h3> <p>Before rolling out a catalog, ask developers to complete common tasks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- Find an existing API for a use case. - Identify the API owner. - Check the latest supported version. - Read request and response examples. - Request access. - Report outdated documentation. </code></pre> </div> <p>If these workflows are slow, the catalog will be harder to adopt.</p> <h3> 6. Plan for Maintenance </h3> <p>A catalog only works if it stays current. Define:</p> <ul> <li>Who owns catalog quality</li> <li>How specs are updated</li> <li>Which metadata is required</li> <li>How deprecated APIs are handled</li> <li>How often APIs are reviewed</li> <li>What automation keeps docs in sync</li> </ul> <h2> API Catalog Tool Selection Matrix </h2> <p>Use this quick comparison when narrowing your options:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>Strong fit</th> </tr> </thead> <tbody> <tr> <td>Apidog</td> <td>Teams that want API cataloging, documentation, testing, mocking, and collaboration together</td> </tr> <tr> <td>DigitalAPI</td> <td>Large enterprises with distributed, multi-gateway API environments</td> </tr> <tr> <td>RapidAPI Enterprise Hub</td> <td>Organizations building private API marketplaces</td> </tr> <tr> <td>Collibra</td> <td>Regulated organizations connecting APIs with data governance</td> </tr> <tr> <td>Alation</td> <td>Data intelligence teams focused on metadata and collaboration</td> </tr> <tr> <td>Atlan</td> <td>Data-driven enterprises managing metadata and lineage</td> </tr> <tr> <td>MuleSoft API Catalog</td> <td>Teams already using the MuleSoft ecosystem</td> </tr> </tbody> </table></div> <h2> Conclusion </h2> <p>API catalog tools help developers discover, reuse, document, and govern APIs across growing software ecosystems. They are especially important when teams manage many services, cloud environments, API gateways, or compliance requirements.</p> <p>To choose the right tool:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Inventory your APIs. 2. Identify where specs and docs currently live. 3. Define required metadata and lifecycle states. 4. Evaluate search, import, governance, and collaboration features. 5. Pilot the tool with real developer workflows. 6. Automate updates so the catalog stays reliable. </code></pre> </div> <p>Tools like Apidog can help teams centralize API documentation, improve discoverability, and connect cataloging with the day-to-day API development workflow.</p> How the Axios NPM Supply Chain Attack Works (And How to Protect Your API Projects) Preecha Sun, 21 Jun 2026 13:02:07 +0000 https://dev.to/preecha/how-the-axios-npm-supply-chain-attack-works-and-how-to-protect-your-api-projects-288h https://dev.to/preecha/how-the-axios-npm-supply-chain-attack-works-and-how-to-protect-your-api-projects-288h <h2> TL;DR </h2> <p>On March 31, 2026, attackers compromised the primary maintainer’s npm account for Axios, the popular JavaScript HTTP client with 83 million weekly downloads. They published malicious versions <code>1.14.1</code> and <code>0.30.4</code> containing a cross-platform RAT that steals credentials, SSH keys, and cloud tokens from developer machines. Downgrade to Axios <code>1.14.0</code> or <code>0.30.3</code>, rotate secrets, and scan for indicators of compromise.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <h2> What happened </h2> <p>Axios is widely used for API clients, frontend-backend communication, integration tests, and developer tooling.</p> <p>On March 31, 2026, at <code>00:21 UTC</code>, a threat actor published <code>axios@1.14.1</code> through a hijacked maintainer account. The package looked almost identical to the legitimate release. Across 86 files, the meaningful change was in <code>package.json</code>: a new runtime dependency named <code>plain-crypto-js</code>.</p> <p>That dependency was not used by Axios source code. Its purpose was to execute a malicious <code>postinstall</code> script during <code>npm install</code>.</p> <p>The malicious Axios versions remained live for roughly two to three hours before npm removed them.</p> <p>If you build, test, or automate APIs with Node.js, this attack targeted your dependency chain directly.</p> <p>This guide covers:</p> <ul> <li>How the attack worked</li> <li>How to check whether your machine or CI environment was affected</li> <li>How to remediate immediately</li> <li>How to reduce similar supply chain risk in API workflows</li> </ul> <h2> Attack timeline </h2> <p>The operation happened across an 18-hour window:</p> <ul> <li> <strong>March 30, 05:57 UTC</strong>: <code>plain-crypto-js@4.2.0</code> was published as a clean decoy package.</li> <li> <strong>March 30, 23:59 UTC</strong>: <code>plain-crypto-js@4.2.1</code> was published with a malicious <code>postinstall</code> hook.</li> <li> <strong>March 31, 00:21 UTC</strong>: <code>axios@1.14.1</code> was released using the compromised <code>jasonsaayman</code> npm account.</li> <li> <strong>March 31, 01:00 UTC</strong>: <code>axios@0.30.4</code> was released, targeting projects still on the <code>0.x</code> branch.</li> <li> <strong>March 31, ~03:15 UTC</strong>: npm unpublished both malicious Axios versions after community reports.</li> <li> <strong>March 31, 04:26 UTC</strong>: npm published a security-holder stub for <code>plain-crypto-js</code> to prevent republishing.</li> </ul> <h2> How the maintainer account compromise showed up </h2> <p>The attacker took over the <code>jasonsaayman</code> npm account, associated with the primary Axios maintainer, and changed the registered email to <code>ifstap@proton.me</code>.</p> <p>Key forensic signals:</p> <ul> <li>Legitimate Axios releases used GitHub Actions with npm OIDC Trusted Publisher.</li> <li>The malicious releases did not include OIDC binding.</li> <li>The compromised releases did not include a <code>gitHead</code> field.</li> <li>No matching GitHub commits existed for the malicious package versions.</li> <li>The attacker likely used stolen long-lived npm access tokens to publish manually.</li> </ul> <p>For package maintainers, this is the main lesson: releases without CI/CD provenance should be treated as suspicious, especially for high-impact packages.</p> <h2> How the dependency injection worked </h2> <p>The attacker did not modify Axios source files.</p> <p>Instead, they added a dependency to <code>package.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"plain-crypto-js"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^4.2.1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The dependency was never imported by Axios. It only needed to be installed.</p> <p>During installation, npm executed the dependency’s <code>postinstall</code> hook, which launched the payload.</p> <p>This made the diff look small and easy to miss:</p> <ul> <li>Axios source code appeared unchanged.</li> <li>Tests and imports did not reveal the malicious package.</li> <li>The payload executed during dependency installation, not runtime execution.</li> </ul> <h2> What the malicious package did </h2> <h3> Dropper execution </h3> <p><code>plain-crypto-js</code> executed an obfuscated <code>setup.js</code> file through a <code>postinstall</code> script.</p> <p>The file used two obfuscation layers:</p> <ul> <li>XOR cipher using a key derived from <code>"OrDeR_7077"</code> </li> <li>Base64 encoding with character reversal</li> </ul> <p>After decoding, the dropper detected the host OS and executed a platform-specific path.</p> <h2> Platform-specific payload paths </h2> <h3> macOS </h3> <p>The macOS branch:</p> <ul> <li>Wrote AppleScript to: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>/tmp/6202033 </code></pre> </div> <ul> <li>Executed it with: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>osascript </code></pre> </div> <ul> <li>Downloaded the payload to: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>/Library/Caches/com.apple.act.mond </code></pre> </div> <h3> Windows </h3> <p>The Windows branch:</p> <ul> <li>Copied PowerShell to: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="o">%</span><span class="n">PROGRAMDATA</span><span class="o">%</span><span class="nx">\wt.exe</span><span class="w"> </span></code></pre> </div> <ul> <li>Executed a VBScript dropper with: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">cscript</span><span class="w"> </span></code></pre> </div> <h3> Linux </h3> <p>The Linux branch:</p> <ul> <li>Downloaded a Python RAT to: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>/tmp/ld.py </code></pre> </div> <ul> <li>Executed it with: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">nohup </span>python3 </code></pre> </div> <h2> Command-and-control endpoints </h2> <p>The payload contacted a command-and-control server using platform-specific POST paths:</p> <ul> <li>macOS: <code>packages.npm.org/product0</code> </li> <li>Windows: <code>packages.npm.org/product1</code> </li> <li>Linux: <code>packages.npm.org/product2</code> </li> </ul> <p>Known network indicators:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sfrclak.com 142.11.206.73 http://sfrclak.com:8000/6202033 </code></pre> </div> <h2> RAT capabilities </h2> <p>The deployed remote access trojan supported:</p> <ul> <li>Arbitrary shell command execution</li> <li>File system enumeration</li> <li>File exfiltration</li> <li>Process listing</li> <li>Process injection</li> <li>In-memory binary injection</li> <li>60-second beaconing to C2 infrastructure</li> </ul> <p>For a developer machine, that means the attacker could access:</p> <ul> <li> <code>.env</code> files</li> <li>npm tokens</li> <li>GitHub tokens</li> <li>SSH keys</li> <li>Cloud provider credentials</li> <li>Database credentials</li> <li>API keys</li> <li>Secrets stored in environment variables</li> </ul> <h2> Anti-forensics behavior </h2> <p>After execution, the dropper attempted to hide evidence by:</p> <ol> <li>Deleting <code>setup.js</code> </li> <li>Deleting the malicious <code>package.json</code> </li> <li>Renaming a pre-staged <code>package.md</code> reporting version <code>4.2.0</code> to <code>package.json</code> </li> </ol> <p>This caused <code>npm list</code> to potentially show <code>plain-crypto-js@4.2.0</code>, even though <code>4.2.1</code> had already executed.</p> <p>Do not rely only on current package metadata to determine whether the payload ran.</p> <h2> Attribution </h2> <p>Google Threat Intelligence Group attributed the Axios attack to UNC1069, a suspected North Korean threat actor.</p> <p>The macOS malware showed significant overlap with WAVESHAPER, a C++ backdoor tracked by Mandiant in February 2026.</p> <p>The operation matched known supply chain attack patterns:</p> <ul> <li>Compromise a maintainer or publishing token</li> <li>Target a high-volume developer package</li> <li>Execute during installation</li> <li>Steal credentials and cloud access</li> <li>Clean up local artifacts to slow investigation</li> </ul> <h2> Check whether you are affected </h2> <p>Run these checks on:</p> <ul> <li>Developer machines</li> <li>CI runners</li> <li>Build agents</li> <li>Containers used during the attack window</li> <li>Any system that ran <code>npm install</code> or <code>npm ci</code> </li> </ul> <p>The critical window was approximately:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>March 31, 2026 00:21 UTC to 03:15 UTC </code></pre> </div> <h2> Step 1: Check installed Axios versions </h2> <p>From each project directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm list axios 2&gt;/dev/null | <span class="nb">grep</span> <span class="nt">-E</span> <span class="s2">"1</span><span class="se">\.</span><span class="s2">14</span><span class="se">\.</span><span class="s2">1|0</span><span class="se">\.</span><span class="s2">30</span><span class="se">\.</span><span class="s2">4"</span> </code></pre> </div> <p>If this returns output, the project resolved a compromised version.</p> <p>Also check lockfiles:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">grep</span> <span class="nt">-E</span> <span class="s1">'"axios": "1\.14\.1"|"axios": "0\.30\.4"|axios@1\.14\.1|axios@0\.30\.4'</span> package-lock.json yarn.lock pnpm-lock.yaml 2&gt;/dev/null </code></pre> </div> <h2> Step 2: Check for the malicious dependency </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">ls </span>node_modules/plain-crypto-js 2&gt;/dev/null <span class="o">&amp;&amp;</span> <span class="nb">echo</span> <span class="s2">"POTENTIALLY AFFECTED"</span> </code></pre> </div> <p>The directory’s presence is a strong signal that the malicious dependency was installed.</p> <p>Because the dropper attempted cleanup, absence of this directory does not fully prove safety.</p> <h2> Step 3: Check platform artifacts </h2> <h3> macOS </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">ls</span> <span class="nt">-la</span> /Library/Caches/com.apple.act.mond 2&gt;/dev/null <span class="nb">ls</span> <span class="nt">-la</span> /tmp/6202033 2&gt;/dev/null </code></pre> </div> <h3> Linux </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">ls</span> <span class="nt">-la</span> /tmp/ld.py 2&gt;/dev/null </code></pre> </div> <h3> Windows PowerShell </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Test-Path</span><span class="w"> </span><span class="s2">"</span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">PROGRAMDATA</span><span class="s2">\wt.exe"</span><span class="w"> </span></code></pre> </div> <p>If any of these artifacts exist, treat the host as compromised.</p> <h2> Step 4: Check network indicators </h2> <p>Search firewall, proxy, EDR, DNS, and CI runner logs for:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sfrclak.com 142.11.206.73 http://sfrclak.com:8000/6202033 </code></pre> </div> <p>If possible, block the C2 domain and IP at the network level.</p> <h2> Step 5: Review CI/CD logs </h2> <p>Review pipeline runs during the exposure window.</p> <p>Look for commands such as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>npm ci yarn <span class="nb">install </span>pnpm <span class="nb">install</span> </code></pre> </div> <p>Any install that resolved <code>axios@1.14.1</code> or <code>axios@0.30.4</code> could have executed the payload.</p> <p>Pay special attention to CI jobs that had access to:</p> <ul> <li>Deployment credentials</li> <li>npm publishing tokens</li> <li>Cloud credentials</li> <li>SSH deploy keys</li> <li>GitHub Actions secrets</li> <li>Container registry credentials</li> </ul> <h2> Immediate remediation </h2> <p>If you find any indicator of compromise, assume the affected system and its secrets are compromised.</p> <h2> 1. Downgrade Axios </h2> <p>For the <code>1.x</code> branch:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>axios@1.14.0 </code></pre> </div> <p>For the <code>0.x</code> branch:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>axios@0.30.3 </code></pre> </div> <p>Then verify:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm list axios </code></pre> </div> <h2> 2. Add package overrides </h2> <p>Use overrides to prevent transitive resolution to the compromised versions.</p> <h3> npm </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"overrides"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"axios"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.14.0"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Yarn </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"resolutions"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"axios"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.14.0"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>For projects that must stay on the <code>0.x</code> branch, use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"overrides"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"axios"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0.30.3"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> 3. Remove the malicious dependency </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">rm</span> <span class="nt">-rf</span> node_modules/plain-crypto-js </code></pre> </div> <p>Then reinstall from a clean lockfile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">rm</span> <span class="nt">-rf</span> node_modules npm ci </code></pre> </div> <p>If your lockfile references the malicious versions, update it after pinning Axios.</p> <h2> 4. Rotate secrets </h2> <p>If the payload executed, rotate all credentials that may have been accessible from the host.</p> <p>Prioritize:</p> <ul> <li>npm tokens</li> <li>GitHub tokens</li> <li>GitLab tokens</li> <li>SSH keys</li> <li>AWS credentials</li> <li>GCP credentials</li> <li>Azure credentials</li> <li>API keys in <code>.env</code> files</li> <li>Database credentials</li> <li>Container registry credentials</li> <li>CI/CD deployment tokens</li> <li>Secrets stored in shell profiles or environment variables</li> </ul> <p>Do not rotate secrets from the compromised host. Use a clean machine.</p> <h2> 5. Block known C2 indicators </h2> <p>As a temporary local block on Unix-like systems:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="s2">"0.0.0.0 sfrclak.com"</span> | <span class="nb">sudo tee</span> <span class="nt">-a</span> /etc/hosts </code></pre> </div> <p>Also block at:</p> <ul> <li>DNS resolver</li> <li>Firewall</li> <li>Proxy</li> <li>EDR</li> <li>Cloud egress controls</li> </ul> <h2> 6. Rebuild compromised machines </h2> <p>If RAT artifacts are found, do not trust the system.</p> <p>A RAT with shell execution and file access can modify files, install persistence, and tamper with tooling.</p> <p>Recommended response:</p> <ol> <li>Preserve evidence if your incident response process requires it.</li> <li>Remove the host from the network.</li> <li>Rebuild from a known-good image.</li> <li>Reinstall dependencies from clean lockfiles.</li> <li>Rotate secrets from a clean environment.</li> </ol> <h2> Long-term defenses for JavaScript and API teams </h2> <h2> Pin exact dependency versions </h2> <p>The attack benefited from semver ranges.</p> <p>If your <code>package.json</code> used this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"axios"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^1.14.0"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>npm could resolve <code>1.14.1</code> during the attack window.</p> <p>Prefer exact versions for critical dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"axios"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1.14.0"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Also commit your lockfile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git add package-lock.json </code></pre> </div> <p>In CI, prefer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm ci </code></pre> </div> <p>over:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> </code></pre> </div> <p><code>npm ci</code> installs from the lockfile and fails if the lockfile and <code>package.json</code> are out of sync.</p> <h2> Disable install scripts where possible </h2> <p>The malicious package executed through <code>postinstall</code>.</p> <p>In CI/CD, test whether your project can install with scripts disabled:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm ci <span class="nt">--ignore-scripts</span> </code></pre> </div> <p>You can also set this in <code>.npmrc</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="py">ignore-scripts</span><span class="p">=</span><span class="s">true</span> </code></pre> </div> <p>This may break packages that require native compilation or setup scripts, so validate before enforcing globally.</p> <h2> Audit dependencies in CI </h2> <p>Add dependency checks to your pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm audit </code></pre> </div> <p>You can also run third-party supply chain scanners where appropriate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx socket-security/cli audit </code></pre> </div> <p>Use audit results as a deployment gate for high and critical findings.</p> <h2> Verify package provenance </h2> <p>npm supports package provenance through Sigstore.</p> <p>Check signatures with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm audit signatures </code></pre> </div> <p>The compromised Axios versions lacked OIDC provenance. For high-impact dependencies, missing provenance on a new release should trigger review before adoption.</p> <h2> Monitor for unexpected dependency changes </h2> <p>Add a CI step that fails when lockfiles change unexpectedly.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git diff <span class="nt">--exit-code</span> package-lock.json </code></pre> </div> <p>For pull requests, review:</p> <ul> <li>New runtime dependencies</li> <li>New transitive dependencies</li> <li>Packages with install scripts</li> <li>Packages with low download counts</li> <li>Packages published very recently</li> <li>Packages without repository metadata</li> <li>Packages without provenance</li> </ul> <h2> Reduce your HTTP client dependency surface </h2> <p>API testing workflows often add HTTP client dependencies such as Axios, <code>node-fetch</code>, or <code>got</code>.</p> <p>For production code, those libraries may still be appropriate. But for API testing, debugging, and documentation, you can often reduce npm dependency exposure by using a dedicated API platform.</p> <p>Apidog provides a built-in HTTP client for API testing, debugging, mocking, and documentation. That means you can avoid installing third-party HTTP clients in your API testing stack.</p> <p>Practical ways to reduce dependency surface:</p> <ul> <li>Use Apidog’s visual test builder instead of Axios-based test scripts.</li> <li>Use Apidog’s request inspector instead of custom debugging clients.</li> <li>Use Apidog mock servers instead of building mock endpoints with Express and Axios.</li> <li>Use Apidog CLI for automated API tests in CI/CD.</li> </ul> <p>This does not remove all supply chain risk, but it removes one common npm dependency path from API testing workflows.</p> <h2> Comparison: HTTP client approaches </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Approach</th> <th>Supply chain risk</th> <th>Maintenance burden</th> <th>Testing capability</th> </tr> </thead> <tbody> <tr> <td>Axios + custom scripts</td> <td>High, because it depends on third-party npm packages</td> <td>High, because versions and transitive dependencies must be managed</td> <td>Manual setup required</td> </tr> <tr> <td>Node.js native <code>fetch</code> </td> <td>Low, because it is built into the runtime</td> <td>Low</td> <td>Limited testing features</td> </tr> <tr> <td>Apidog built-in client</td> <td>No npm HTTP client dependency</td> <td>Platform-managed</td> <td>API testing, mocking, debugging, and docs</td> </tr> <tr> <td> <code>curl</code> / <code>httpie</code> scripts</td> <td>Low, because they are system-level tools</td> <td>Medium</td> <td>Limited automation</td> </tr> </tbody> </table></div> <h2> What this means for npm security </h2> <p>The npm trust model depends heavily on maintainer account security.</p> <p>A single compromised maintainer credential or long-lived token can affect millions of downstream installs.</p> <p>Important ecosystem-level defenses include:</p> <ul> <li>OIDC-based publishing instead of long-lived npm tokens</li> <li>Mandatory provenance for high-impact packages</li> <li>Two-person approval for critical releases</li> <li>Better detection for suspicious dependency additions</li> <li>Safer handling of install scripts</li> <li>Runtime permission scoping similar to Deno’s model</li> </ul> <p>For application teams, the takeaway is simpler: treat every dependency as an execution path.</p> <p>If it can run during install, it can become part of your attack surface.</p> <h2> FAQ </h2> <h2> Is Axios safe to use now? </h2> <p>Yes. Axios <code>1.14.0</code> and <code>0.30.3</code> are clean according to the provided incident details. The compromised versions were <code>1.14.1</code> and <code>0.30.4</code>.</p> <p>Verify your installed version:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm list axios </code></pre> </div> <p>Also check your lockfile.</p> <h2> How do I know if the RAT ran? </h2> <p>Check for these artifacts:</p> <h3> macOS </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>/Library/Caches/com.apple.act.mond /tmp/6202033 </code></pre> </div> <h3> Linux </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>/tmp/ld.py </code></pre> </div> <h3> Windows </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="o">%</span><span class="n">PROGRAMDATA</span><span class="o">%</span><span class="nx">\wt.exe</span><span class="w"> </span></code></pre> </div> <p>Also check for:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>node_modules/plain-crypto-js </code></pre> </div> <p>Because the dropper attempted cleanup, missing artifacts do not guarantee the host was safe if it installed a compromised version.</p> <h2> Should I stop using Axios? </h2> <p>Not necessarily.</p> <p>Axios remains a widely used HTTP client. The better question is where you need it.</p> <p>For application code, evaluate Axios against alternatives like native <code>fetch</code> in Node.js 18+.</p> <p>For API testing workflows, consider moving requests into tools like Apidog so your tests do not require an npm HTTP client dependency.</p> <h2> How do I reduce supply chain risk in Node.js projects? </h2> <p>Start with these controls:</p> <ul> <li>Pin exact dependency versions.</li> <li>Commit lockfiles.</li> <li>Use <code>npm ci</code> in CI/CD.</li> <li>Test <code>npm ci --ignore-scripts</code>.</li> <li>Audit dependencies on every build.</li> <li>Verify package provenance with <code>npm audit signatures</code>.</li> <li>Review new transitive dependencies.</li> <li>Minimize unnecessary packages.</li> <li>Rotate tokens regularly.</li> <li>Prefer OIDC publishing over long-lived npm tokens.</li> </ul> <h2> Was this related to the Claude Code source leak? </h2> <p>Both events happened on March 31, 2026, but they were unrelated.</p> <p>The Axios incident was a deliberate supply chain compromise attributed to a suspected state-sponsored threat actor.</p> <p>The Claude Code leak resulted from a Bun build tool issue that shipped source maps in production.</p> <h2> Who was behind the Axios attack? </h2> <p>Google Threat Intelligence Group attributed the attack to UNC1069, a suspected North Korean threat actor.</p> <p>The macOS malware shared significant overlap with WAVESHAPER, a C++ backdoor tracked by Mandiant.</p> <h2> How many developers were affected? </h2> <p>npm has not published official impact numbers in the provided incident details.</p> <p>The malicious versions were live for roughly two to three hours. Given Axios’ 83 million weekly downloads, the potential exposure was significant.</p> <h2> Can Apidog help prevent this type of issue? </h2> <p>Apidog can reduce one specific attack path: npm HTTP client dependencies in API testing workflows.</p> <p>By using Apidog’s built-in HTTP client for testing, debugging, mocking, and documentation, you do not need to install Axios, <code>node-fetch</code>, or similar libraries just to run API tests.</p> <p>That reduces your dependency surface, though it should be combined with broader supply chain controls.</p> <h2> Key takeaways </h2> <ul> <li>The Axios attack used a compromised maintainer account to publish malicious versions.</li> <li>The affected versions were <code>axios@1.14.1</code> and <code>axios@0.30.4</code>.</li> <li>The malicious dependency <code>plain-crypto-js</code> executed through a <code>postinstall</code> hook.</li> <li>The payload deployed a cross-platform RAT targeting macOS, Windows, and Linux.</li> <li>Treat affected machines as compromised and rotate secrets from a clean environment.</li> <li>Pin exact versions and commit lockfiles.</li> <li>Use <code>npm ci</code>, and test <code>--ignore-scripts</code> in CI/CD.</li> <li>Verify provenance with <code>npm audit signatures</code>.</li> <li>Reduce unnecessary npm dependencies in API testing workflows.</li> </ul> <p>Every package in <code>node_modules</code> is a trust decision. Make those decisions intentionally.</p> What the Claude Code Source Leak Reveals About AI Coding Tool Architecture Preecha Sun, 21 Jun 2026 01:01:42 +0000 https://dev.to/preecha/what-the-claude-code-source-leak-reveals-about-ai-coding-tool-architecture-4o1c https://dev.to/preecha/what-the-claude-code-source-leak-reveals-about-ai-coding-tool-architecture-4o1c <h2> TL;DR </h2> <p>Anthropic accidentally shipped a <code>.map</code> file with the Claude Code npm package, exposing the complete readable source code of its CLI tool. The leak revealed anti-distillation mechanisms with fake tool injection, a frustration-detection regex engine, an “undercover mode” that hides AI authorship in open-source commits, client attestation, and an unreleased autonomous agent mode called KAIROS. Here’s what API developers can learn from how AI coding tools work under the hood.</p> <p><a href="https://apidog.com/?utm_source=dev.to&amp;utm_medium=wanda&amp;utm_content=n8n-post-automation" class="crayons-btn crayons-btn--primary">Try Apidog today</a> </p> <h2> Introduction </h2> <p>On March 31, 2026, security researcher Chaofan Shou discovered that Anthropic shipped a source map file (<code>.map</code>) with the Claude Code npm package.</p> <p>Source maps map minified production code back to readable source code. They are useful for debugging, but they should not be included in production packages unless intentionally published.</p> <p>In this case, the source map exposed the complete Claude Code source code, including comments, internal codenames, prompt templates, feature flags, and architectural details.</p> <p>The discovery reached #1 on Hacker News and spread quickly across Reddit, Twitter, and developer forums. Anthropic removed the package, but the code had already been mirrored and analyzed.</p> <p>Whether you use Claude Code, Cursor, GitHub Copilot, or an API development platform like Apidog, the leak is useful because it shows how modern AI coding tools actually behave: what they send, what they hide, how they enforce client authenticity, and how they prepare for autonomous operation.</p> <p>This article focuses on the technical findings and what API developers can do with those lessons.</p> <h2> How the source code leaked </h2> <h3> Root cause: a Bun build tool bug </h3> <p>Claude Code is built with Bun, an alternative JavaScript runtime.</p> <p>On March 11, 2026, a bug was filed against Bun (<code>oven-sh/bun#28001</code>) reporting that source maps were being served in production mode even though Bun’s documentation said they should be disabled.</p> <p>Anthropic’s build pipeline triggered this bug. When the Claude Code npm package was published, the <code>.map</code> file was included in the distributed package.</p> <p>That meant anyone could inspect the package and read the unminified source.</p> <p>For example, this kind of workflow would expose package contents:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm pack @anthropic-ai/claude-code <span class="nb">tar</span> <span class="nt">-tf</span> anthropic-ai-claude-code-<span class="k">*</span>.tgz </code></pre> </div> <p>If a source map is included, developers can often recover readable source from the minified bundle.</p> <h3> What was exposed </h3> <p>The leak reportedly included:</p> <ul> <li>Complete TypeScript source across modules</li> <li>Internal comments explaining design decisions</li> <li>Feature flags and experimental configurations</li> <li>System prompt templates and safety mechanisms</li> <li>Internal codenames for unreleased features</li> <li>Performance optimization details with specific metrics</li> </ul> <p>This was not a partial leak or a sanitized open-source release. It was production source with internal engineering context.</p> <h2> Anti-distillation: protecting against model theft </h2> <h3> Fake tool injection </h3> <p>One of the most discussed findings was Claude Code’s anti-distillation system.</p> <p>In <code>claude.ts</code>, when the <code>ANTI_DISTILLATION_CC</code> flag is enabled, the client sends this field in API requests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">anti_distillation</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">fake_tools</span><span class="dl">"</span><span class="p">]</span> </code></pre> </div> <p>This instructs Anthropic’s server to inject decoy tool definitions into the system prompt.</p> <p>The goal is to make captured API traffic less useful for competitors trying to train a model on Claude’s tool-use behavior.</p> <p>A simplified version of the pattern looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">request</span> <span class="o">=</span> <span class="p">{</span> <span class="na">model</span><span class="p">:</span> <span class="dl">"</span><span class="s2">claude</span><span class="dl">"</span><span class="p">,</span> <span class="nx">messages</span><span class="p">,</span> <span class="nx">tools</span><span class="p">,</span> <span class="na">anti_distillation</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">fake_tools</span><span class="dl">"</span><span class="p">],</span> <span class="p">};</span> </code></pre> </div> <p>If a third party records the prompt and tool definitions, the captured data may include fake tools that do not exist. A model trained on that data could learn invalid capabilities.</p> <h3> Connector-text summarization </h3> <p>A second anti-distillation mechanism appeared in <code>betas.ts</code>.</p> <p>Instead of returning all assistant text between tool calls directly, the server can buffer the text, summarize it, and return a signed summary.</p> <p>On later turns, the original text can be restored from the signature. But someone passively recording API traffic only sees summaries, not the full reasoning-like connector text.</p> <p>The pattern is roughly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>assistant text between tool calls ↓ server-side summarization ↓ summary + cryptographic signature ↓ restore original text later when needed </code></pre> </div> <p>The purpose is to reduce how much useful behavioral data is available to traffic recorders.</p> <h3> Practical bypasses </h3> <p>The analysis also identified bypass paths:</p> <ul> <li>A man-in-the-middle proxy could strip the <code>anti_distillation</code> field before requests reach the server.</li> <li>Setting <code>CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS</code> disables the experimental beta system.</li> <li>These protections mainly defend against passive traffic recording, not active API usage.</li> </ul> <p>So the takeaway is not “anti-distillation is impossible to bypass.” The takeaway is that vendors are adding protocol-level defenses to make model copying more expensive.</p> <h2> Undercover mode: hiding AI authorship </h2> <h3> What the mode does </h3> <p>The <code>undercover.ts</code> file contained one of the most controversial findings.</p> <p>When Claude Code operates in non-Anthropic repositories, it activates behavior that prevents outputs from including:</p> <ul> <li>Internal codenames such as <code>Capybara</code> or <code>Tengu</code> </li> <li>Internal Slack channel names</li> <li>Internal repository names</li> <li>The phrase <code>Claude Code</code> </li> </ul> <p>The source comment was explicit:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>There is NO force-OFF. This guards against model codename leaks. </code></pre> </div> <h3> Why developers should care </h3> <p>The stated goal is to prevent leakage of internal Anthropic names. But the implementation also prevents the tool from identifying itself.</p> <p>That matters for open-source projects with policies requiring disclosure of AI-generated code.</p> <p>If an AI coding tool is designed not to mention its involvement, maintainers have a harder time enforcing disclosure policies.</p> <p>For teams, the practical step is to define disclosure requirements outside the tool:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gu">## AI-generated code policy</span> Contributors must disclose when code, tests, documentation, or review comments were materially generated by AI tools. Disclosure must be included in the pull request description. </code></pre> </div> <p>Do not rely on the coding assistant to self-identify.</p> <h2> Frustration detection via regex </h2> <h3> How it works </h3> <p>The <code>userPromptKeywords.ts</code> file implemented frustration detection using regex pattern matching.</p> <p>The system scans user prompts for profanity and emotionally charged language to infer when a user may be frustrated with Claude Code’s responses.</p> <p>A simplified version of that approach looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">frustrationPatterns</span> <span class="o">=</span> <span class="p">[</span> <span class="sr">/</span><span class="se">\b</span><span class="sr">this is broken</span><span class="se">\b</span><span class="sr">/i</span><span class="p">,</span> <span class="sr">/</span><span class="se">\b</span><span class="sr">wtf</span><span class="se">\b</span><span class="sr">/i</span><span class="p">,</span> <span class="sr">/</span><span class="se">\b</span><span class="sr">why won't this work</span><span class="se">\b</span><span class="sr">/i</span><span class="p">,</span> <span class="p">];</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">isUserFrustrated</span><span class="p">(</span><span class="nx">input</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nx">boolean</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">frustrationPatterns</span><span class="p">.</span><span class="nf">some</span><span class="p">((</span><span class="nx">pattern</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">pattern</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">input</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <h3> Why regex instead of an LLM? </h3> <p>Several developers pointed out the irony: Anthropic builds advanced language models, but uses regex to detect user emotion.</p> <p>The engineering reason is practical:</p> <ul> <li>Regex is fast.</li> <li>Regex is cheap.</li> <li>Regex does not require another model call.</li> <li>Regex can run on every prompt without adding much latency.</li> </ul> <p>For hot-path product telemetry, this is a common trade-off.</p> <p>The implementation question for developers is not whether regex is technically impressive. It is whether your team is comfortable with AI coding tools analyzing emotional signals in prompts.</p> <p>A practical evaluation checklist:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="p">-</span> Does the tool inspect user prompts for telemetry? <span class="p">-</span> Can telemetry be disabled? <span class="p">-</span> Is prompt telemetry documented? <span class="p">-</span> Is data used for product analytics, model training, or both? <span class="p">-</span> Are enterprise controls available? </code></pre> </div> <h2> Native client attestation </h2> <h3> Cryptographic request verification </h3> <p>In <code>system.ts</code>, Claude Code API requests include a placeholder header value:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cch=554eb </code></pre> </div> <p>Bun’s native HTTP stack, written in Zig, overwrites this placeholder with a computed hash before the request leaves the client.</p> <p>Anthropic’s servers can then validate that hash to verify that the request came from the legitimate Claude Code binary rather than a fork, wrapper, or proxy.</p> <p>At a high level:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Claude Code binary ↓ request contains placeholder ↓ native HTTP layer computes hash ↓ server validates attestation ↓ request accepted or rejected </code></pre> </div> <h3> Why this matters </h3> <p>This is a client-authenticity mechanism.</p> <p>It can be used to enforce that only approved clients access a SaaS API. Similar patterns exist in mobile API security, where app attestation helps prevent unauthorized clients from calling backend APIs.</p> <p>For API developers, the lesson is clear: authentication is not only about users. Sometimes you also need to authenticate the client.</p> <p>Common API client verification layers include:</p> <ul> <li>API keys</li> <li>OAuth clients</li> <li>mTLS</li> <li>Certificate pinning</li> <li>Device or app attestation</li> <li>Signed request headers</li> <li>Replay protection with timestamps and nonces</li> </ul> <p>A simplified signed-request flow looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">crypto</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">node:crypto</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">signRequest</span><span class="p">({</span> <span class="nx">method</span><span class="p">,</span> <span class="nx">path</span><span class="p">,</span> <span class="nx">body</span><span class="p">,</span> <span class="nx">timestamp</span><span class="p">,</span> <span class="nx">secret</span><span class="p">,</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">method</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">path</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">body</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">timestamp</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">secret</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">})</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="s2">`</span><span class="p">${</span><span class="nx">method</span><span class="p">}</span><span class="s2">\n</span><span class="p">${</span><span class="nx">path</span><span class="p">}</span><span class="s2">\n</span><span class="p">${</span><span class="nx">timestamp</span><span class="p">}</span><span class="s2">\n</span><span class="p">${</span><span class="nx">body</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="k">return</span> <span class="nx">crypto</span> <span class="p">.</span><span class="nf">createHmac</span><span class="p">(</span><span class="dl">"</span><span class="s2">sha256</span><span class="dl">"</span><span class="p">,</span> <span class="nx">secret</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">payload</span><span class="p">)</span> <span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">"</span><span class="s2">hex</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Server-side verification should recompute the signature and reject mismatches.</p> <h2> KAIROS: the unreleased autonomous agent mode </h2> <h3> What the code showed </h3> <p>References throughout the leaked codebase pointed to an unreleased feature-gated mode called KAIROS.</p> <p>The discovered scaffolding included:</p> <ul> <li>A <code>/dream</code> skill for “nightly memory distillation”</li> <li>Daily append-only logging</li> <li>GitHub webhook subscriptions</li> <li>Background daemon workers</li> <li>5-minute cron refresh intervals</li> </ul> <h3> What this implies </h3> <p>KAIROS appears to be an always-on coding agent mode.</p> <p>Instead of waiting for direct user prompts, an agent like this could monitor repositories, react to events, and perform background tasks.</p> <p>A simplified architecture would look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GitHub webhook ↓ agent event queue ↓ background worker ↓ repository analysis ↓ suggested or automated code changes </code></pre> </div> <p>This matches the broader direction of AI coding tools:</p> <ul> <li>GitHub Copilot Agent Mode</li> <li>Cursor background processing</li> <li>Google Agent Smith</li> <li>Claude Code KAIROS scaffolding</li> </ul> <p>The key implementation concern for API teams is drift.</p> <p>If an autonomous agent changes endpoint code, what else changes?</p> <ul> <li>OpenAPI specification</li> <li>Tests</li> <li>Mock server behavior</li> <li>SDKs</li> <li>Documentation</li> <li>Changelog</li> <li>Contract tests</li> </ul> <p>If those artifacts live in disconnected tools, autonomous changes can break your API lifecycle.</p> <p>A safer workflow is to enforce contract checks in CI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">API Contract Check</span> <span class="na">on</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">contract</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Validate OpenAPI spec</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npx @redocly/cli lint openapi.yaml</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run API tests</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm test</span> </code></pre> </div> <p>Whether a human or AI agent opens the pull request, the same checks should apply.</p> <h2> Performance optimizations exposed </h2> <h3> Terminal rendering with game-engine-style techniques </h3> <p>The <code>ink/screen.ts</code> and <code>ink/optimizer.ts</code> files showed that Claude Code uses unusually optimized terminal rendering techniques.</p> <p>The exposed techniques included:</p> <ul> <li> <code>Int32Array</code>-backed character pools</li> <li>Memory-efficient screen buffers</li> <li>Patch optimization during token streaming</li> <li>Character-width calculation reductions of about 50x</li> </ul> <p>This explains why Claude Code can feel responsive during long streaming outputs.</p> <p>For CLI developers, the lesson is that terminal rendering can become a bottleneck. If your tool streams many updates, avoid repainting everything.</p> <p>A basic inefficient renderer might do this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">render</span><span class="p">(</span><span class="nx">output</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="nx">process</span><span class="p">.</span><span class="nx">stdout</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="dl">"</span><span class="se">\</span><span class="s2">x1b[2J</span><span class="se">\</span><span class="s2">x1b[0f</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// clear screen</span> <span class="nx">process</span><span class="p">.</span><span class="nx">stdout</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nx">output</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>A more efficient approach computes and writes only changed regions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nf">diffLines</span><span class="p">(</span><span class="nx">previous</span><span class="p">:</span> <span class="kr">string</span><span class="p">[],</span> <span class="nx">next</span><span class="p">:</span> <span class="kr">string</span><span class="p">[])</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">next</span> <span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="nx">line</span><span class="p">,</span> <span class="nx">index</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="nx">index</span><span class="p">,</span> <span class="nx">line</span><span class="p">,</span> <span class="na">changed</span><span class="p">:</span> <span class="nx">line</span> <span class="o">!==</span> <span class="nx">previous</span><span class="p">[</span><span class="nx">index</span><span class="p">]</span> <span class="p">}))</span> <span class="p">.</span><span class="nf">filter</span><span class="p">((</span><span class="nx">entry</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">entry</span><span class="p">.</span><span class="nx">changed</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The principle: stream less, diff more.</p> <h3> Prompt cache economics </h3> <p><code>promptCacheBreakDetection.ts</code> tracked 14 distinct cache-break vectors with “sticky latches” that prevent mode toggles from invalidating cached prompts.</p> <p>Prompt caching matters because cache misses force the provider to reprocess the system prompt and conversation context.</p> <p>For high-volume AI tools, unnecessary cache invalidation can create major cost and latency problems.</p> <p>If you build AI workflows, track cache-break causes explicitly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">type</span> <span class="nx">CacheBreakReason</span> <span class="o">=</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">system_prompt_changed</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">tool_schema_changed</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">model_changed</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">temperature_changed</span><span class="dl">"</span> <span class="o">|</span> <span class="dl">"</span><span class="s2">context_reset</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">recordCacheBreak</span><span class="p">(</span><span class="nx">reason</span><span class="p">:</span> <span class="nx">CacheBreakReason</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">prompt_cache_break</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="nx">reason</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Make cache invalidation observable. Otherwise, cost regressions are hard to debug.</p> <h3> The autocompact failure cascade </h3> <p>A comment in <code>autoCompact.ts</code> described a production issue:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1,279 sessions had 50+ consecutive failures (up to 3,272) in a single session, wasting ~250K API calls/day globally. </code></pre> </div> <p>The fix was to cap consecutive autocompact failures:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">MAX_CONSECUTIVE_AUTOCOMPACT_FAILURES</span> <span class="o">=</span> <span class="mi">3</span><span class="p">;</span> </code></pre> </div> <p>The lesson is simple: every retry loop needs a limit.</p> <p>Bad pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">while </span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">compactContext</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>Safer pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">MAX_RETRIES</span> <span class="o">=</span> <span class="mi">3</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">attempt</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="nx">attempt</span> <span class="o">&lt;=</span> <span class="nx">MAX_RETRIES</span><span class="p">;</span> <span class="nx">attempt</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">compactContext</span><span class="p">();</span> <span class="k">break</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">attempt</span> <span class="o">===</span> <span class="nx">MAX_RETRIES</span><span class="p">)</span> <span class="k">throw</span> <span class="nx">error</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>At small scale, retry bugs are annoying. At AI scale, they can burn hundreds of thousands of API calls per day.</p> <h2> Security hardening details </h2> <h3> Bash security: 23 numbered checks </h3> <p><code>bashSecurity.ts</code> implemented 23 numbered security checks for shell command execution.</p> <p>The checks included defenses against:</p> <ul> <li>Zsh builtin exploitation</li> <li>Unicode zero-width space injection</li> <li> <code>IFS</code> null-byte injection</li> <li>Additional issues discovered during HackerOne security review</li> </ul> <p>This is more thorough than basic command sanitization.</p> <p>For AI coding tools, shell execution is one of the highest-risk capabilities. If an assistant can generate and run commands, it can potentially affect:</p> <ul> <li>Source code</li> <li>Local secrets</li> <li>Databases</li> <li>Cloud credentials</li> <li>CI/CD configuration</li> <li>Production infrastructure</li> </ul> <p>A minimal shell execution policy should include:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="p">-</span> Deny dangerous commands by default. <span class="p">-</span> Require confirmation for filesystem changes. <span class="p">-</span> Require confirmation for network calls. <span class="p">-</span> Block access to secret files. <span class="p">-</span> Normalize Unicode before validation. <span class="p">-</span> Log executed commands. <span class="p">-</span> Run commands in a sandbox when possible. </code></pre> </div> <p>Example denylist logic is not enough, but it is a starting point:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">blocked</span> <span class="o">=</span> <span class="p">[</span> <span class="sr">/</span><span class="se">\b</span><span class="sr">rm</span><span class="se">\s</span><span class="sr">+-rf</span><span class="se">\s</span><span class="sr">+</span><span class="se">\/</span><span class="sr">/</span><span class="p">,</span> <span class="sr">/</span><span class="se">\b</span><span class="sr">sudo</span><span class="se">\b</span><span class="sr">/</span><span class="p">,</span> <span class="sr">/</span><span class="se">\b</span><span class="sr">chmod</span><span class="se">\s</span><span class="sr">+777</span><span class="se">\b</span><span class="sr">/</span><span class="p">,</span> <span class="sr">/</span><span class="se">\b</span><span class="sr">curl</span><span class="se">\b</span><span class="sr">.*</span><span class="se">\|\s</span><span class="sr">*sh</span><span class="se">\b</span><span class="sr">/</span><span class="p">,</span> <span class="p">];</span> <span class="kd">function</span> <span class="nf">isBlockedCommand</span><span class="p">(</span><span class="nx">command</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">blocked</span><span class="p">.</span><span class="nf">some</span><span class="p">((</span><span class="nx">pattern</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">pattern</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">command</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <p>For production-grade tools, combine validation, sandboxing, explicit user approval, and audit logs.</p> <h2> What API developers should do next </h2> <h3> 1. Audit what your AI coding tools send </h3> <p>Do not treat AI coding assistants as local-only tools unless the vendor explicitly documents that behavior.</p> <p>Check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="p">-</span> Are prompts sent to external servers? <span class="p">-</span> Are files uploaded for context? <span class="p">-</span> Are tool outputs sent back to the provider? <span class="p">-</span> Is telemetry enabled? <span class="p">-</span> Can telemetry be disabled? <span class="p">-</span> Are enterprise privacy controls available? <span class="p">-</span> Are generated commits or PRs labeled as AI-assisted? </code></pre> </div> <p>For sensitive API work, pay special attention to:</p> <ul> <li> <code>.env</code> files</li> <li>API keys</li> <li>OAuth client secrets</li> <li>Internal endpoint URLs</li> <li>Private OpenAPI specs</li> <li>Customer data in test fixtures</li> </ul> <h3> 2. Treat your build toolchain as an attack surface </h3> <p>Anthropic’s source leaked because of a build tool issue. On the same day, Axios was compromised through npm account hijacking.</p> <p>Different causes, same lesson: the development supply chain is part of your security boundary.</p> <p>Practical checks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Inspect what your package will publish</span> npm pack <span class="nt">--dry-run</span> <span class="c"># Search for source maps</span> find dist <span class="nt">-name</span> <span class="s2">"*.map"</span> <span class="c"># Search for environment files</span> find <span class="nb">.</span> <span class="nt">-name</span> <span class="s2">".env*"</span> <span class="nt">-not</span> <span class="nt">-path</span> <span class="s2">"./node_modules/*"</span> <span class="c"># Check package contents</span> <span class="nb">tar</span> <span class="nt">-tf</span> your-package-<span class="k">*</span>.tgz </code></pre> </div> <p>Add CI checks to prevent accidental publication:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Package Safety Check</span> <span class="na">on</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">package-check</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build package</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npm ci &amp;&amp; npm run build</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Block source maps in dist</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">if find dist -name "*.map" | grep .; then</span> <span class="s">echo "Source maps found in dist"</span> <span class="s">exit 1</span> <span class="s">fi</span> </code></pre> </div> <h3> 3. Prepare for autonomous agents </h3> <p>AI coding tools are moving toward background operation.</p> <p>That means teams need workflow controls that do not depend on who made the change.</p> <p>For API teams, require every pull request to validate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="p">-</span> OpenAPI schema <span class="p">-</span> API contract tests <span class="p">-</span> Backward compatibility <span class="p">-</span> Generated SDK changes <span class="p">-</span> Documentation updates <span class="p">-</span> Mock server behavior </code></pre> </div> <p>A useful pull request checklist:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gu">## API change checklist</span> <span class="p"> -</span> [ ] OpenAPI spec updated <span class="p">-</span> [ ] Contract tests updated <span class="p">-</span> [ ] Mock responses updated <span class="p">-</span> [ ] Docs updated <span class="p">-</span> [ ] Breaking changes documented <span class="p">-</span> [ ] AI-generated changes disclosed, if applicable </code></pre> </div> <h3> 4. Decide how much transparency you require </h3> <p>The leak revealed internal behavior that users generally could not inspect beforehand.</p> <p>That does not automatically mean the tool is unsafe. But it does show the trade-off between proprietary tools and inspectable tools.</p> <p>When evaluating AI coding tools, ask:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="p">-</span> Can we inspect how the tool handles code and prompts? <span class="p">-</span> Is there a public security model? <span class="p">-</span> Are data retention rules documented? <span class="p">-</span> Can we disable telemetry? <span class="p">-</span> Can we restrict repository access? <span class="p">-</span> Can we enforce AI disclosure? <span class="p">-</span> Can we audit actions taken by the tool? </code></pre> </div> <h2> FAQ </h2> <h3> Is Claude Code safe to use after the source leak? </h3> <p>The leak exposed source code, not user data. Anthropic removed the <code>.map</code> file, and the source is no longer distributed with the npm package.</p> <p>The revealed features, including anti-distillation, frustration detection, undercover mode, and client attestation, are architectural decisions rather than direct evidence of leaked user data.</p> <p>Whether you are comfortable with those decisions is a separate trust and governance question.</p> <h3> What is undercover mode in Claude Code? </h3> <p>Undercover mode prevents Claude Code from revealing internal Anthropic project names, codenames, and its own identity when operating in non-Anthropic repositories.</p> <p>It activates automatically and cannot be disabled. The practical effect is that AI-generated contributions may not identify themselves as written with Claude Code.</p> <h3> What are fake tools in Claude Code? </h3> <p>Fake tools are decoy tool definitions injected into the system prompt when anti-distillation is enabled.</p> <p>They do not represent real capabilities. Their purpose is to poison captured training data so competitors recording API traffic cannot cleanly reproduce Claude’s tool-use behavior.</p> <h3> What is KAIROS in Claude Code? </h3> <p>KAIROS is an unreleased, feature-flagged autonomous agent mode found in the leaked Claude Code source.</p> <p>The scaffolding included background daemon workers, GitHub webhook subscriptions, daily logging, and a <code>/dream</code> skill for memory distillation.</p> <p>It suggests Anthropic has been building an always-on coding agent that can monitor repositories and act autonomously.</p> <h3> How did the Claude Code source code leak? </h3> <p>A Bun runtime bug caused source maps to be included in production builds when they should not have been.</p> <p>Because Claude Code used Bun in its build pipeline, the <code>.map</code> file was shipped with the npm package. Anyone inspecting the package could read the complete unminified source.</p> <h3> Does this leak affect Claude API users? </h3> <p>The leak exposed the Claude Code CLI source, not the Claude API itself.</p> <p>API keys, user data, and model weights were not part of the reported leak. Claude API users could continue using the API normally.</p> <p>The anti-distillation mechanisms discussed here are specific to Claude Code’s request pipeline.</p> <h3> Should I worry about frustration detection in AI coding tools? </h3> <p>That depends on your privacy and telemetry requirements.</p> <p>Claude Code used regex patterns to detect frustration signals such as profanity or emotional language. This is faster and cheaper than running an LLM-based sentiment classifier on every prompt.</p> <p>The practical step is to check whether your AI tools document prompt telemetry and whether your organization can disable or govern it.</p> <h3> How does this relate to the Axios npm attack on the same day? </h3> <p>Both events occurred on March 31, 2026, but they were unrelated.</p> <p>The Axios incident was a deliberate supply-chain compromise through npm account hijacking. The Claude Code leak was an accidental build/package issue.</p> <p>Together, they increased scrutiny of npm package security and the trust developers place in distributed tooling.</p> <h2> Key takeaways </h2> <ul> <li>Claude Code’s source leaked because a Bun build issue shipped source maps in the npm package.</li> <li>Anti-distillation mechanisms used fake tools and summarized connector text to make model copying harder.</li> <li>Undercover mode prevented Claude Code from revealing internal Anthropic names and its own identity in non-Anthropic repositories.</li> <li>Frustration detection used regex patterns on user prompts.</li> <li>KAIROS scaffolding revealed an unreleased autonomous background agent mode.</li> <li>Client attestation cryptographically verified requests from legitimate Claude Code binaries.</li> <li>Shell execution security received significant hardening, including 23 numbered checks.</li> <li>API teams should enforce contract tests, documentation updates, and disclosure policies regardless of whether changes come from humans or AI agents.</li> </ul> <p>AI coding tools are now part of your development and security surface. Treat them like any other privileged tool: inspect what you can, constrain what you cannot, and build API workflows that stay consistent when humans or agents make changes.</p>