Loading the catalogue…
Loading the catalogue…
“Permanently shut down with 11 unpatched CVEs including a critical command-injection flaw — no patch is ever coming, migration is the only call.”
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
Public security, privacy and governance advisories that are still open. Each row carries a source link — these are factual claims, not editorial judgements.
lowUpstream change on roo-code: github_release 'v3.53.0' → 'v3.54.0', github_last_push '2026-05-12T06:18:58Z' → '2026-05-15T18:08:47Z'
other · open
Source ↗lowUpstream change on roo-code: github_last_push '2026-05-04T19:52:43Z' → '2026-05-12T06:18:58Z'
other · open
Source ↗lowUpstream change on roo-code: github_release None → 'v3.53.0', github_last_push None → '2026-05-04T19:52:43Z', cve_count None → 11
other · open
Source ↗How Roo Code moves data between the client, the inference endpoint and any vendor-owned services.
OpenAI-compatible. Point Roo Code at Stav, set the header, you're done.
# Roo Code on Stav AI # OpenAI-compatible — drop the base URL in, swap your key, ship. OPENAI_API_KEY=$STAV_API_KEY OPENAI_BASE_URL=https://api.stav.ai/v1 # Header — Stav attributes usage to your registered app and respects # per-app routing policy. Send when the app supports custom headers. X-Stav-App-Id: roo-code
Setup notes · Read about sovereign routing →
What a model must support to work well with Roo Code. Match these against the Stav model catalogue to pick an endpoint.
Live usage rolls up every five minutes. We surface the 12-week trend once enough requests have flowed through this app.
Live usage rolls up every five minutes. We surface the model mix once enough requests have flowed through this app.