LLM/AIPex
1
0
Fork 0
mirror of https://github.com/AIPexStudio/AIPex.git synced 2026-05-13 18:51:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
376 Commits 27 Branches 21 Tags
3a7b2ba67f2e37d6927d8d3bdb7b2577c5894e2b
Commit Graph

376 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
3a7b2ba67f build(deps): bump @ai-sdk/anthropic from 3.0.63 to 3.0.66 (#211) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 09:53:09 +08:00
dependabot[bot]
dc269beb82 build(deps): bump the npm_and_yarn group across 1 directory with 2 updates (#216) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 09:52:21 +08:00
ropzislaw
ffb8c9f152 fix: validate Origin header on WebSocket upgrade to prevent cross-site WebSocket hijacking (#210) 2026-04-03 23:49:04 +08:00
Sebastion
2534a2e608 fix: validate Origin header on WebSocket upgrade to prevent CSWSH 
The MCP daemon WebSocket server accepts connections on all three
endpoints (/bridge, /cli, /extension) without checking the Origin
header. This allows a malicious web page to open a WebSocket to
ws://127.0.0.1:9223/bridge and send tool calls that execute browser
automation (navigate, click, read page content, take screenshots,
access bookmarks/history).

Add Origin header validation in the HTTP upgrade handler:
- Allow connections with no Origin (Node.js clients: bridge.ts, cli.ts)
- Allow chrome-extension:// and moz-extension:// origins
- Reject all http:// and https:// origins with 403 Forbidden

This prevents cross-site WebSocket hijacking (CSWSH) where JavaScript
on an attacker-controlled page connects to the local daemon.

CWE-319
 2026-04-03 08:42:54 +01:00
dependabot[bot]
216206ea7b build(deps): bump react-syntax-highlighter from 16.1.0 to 16.1.1 (#206) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 16:19:52 +08:00
dependabot[bot]
c07f5484f5 build(deps-dev): bump @types/chrome from 0.1.32 to 0.1.38 (#205) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 16:19:38 +08:00
dependabot[bot]
98a26cf86b build(deps): bump tailwindcss from 4.2.1 to 4.2.2 (#204) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 16:19:20 +08:00
ropzislaw
ac34da29cd Feature mcp bridge (#203) 2026-03-29 00:20:06 +08:00
ropzislaw
12018159a9 fix: apply formatter and fix switch fallthrough lint error in cli.ts 
Made-with: Cursor
 2026-03-29 00:17:57 +08:00
ropzislaw
643554df06 fix: exclude mcp-bridge from typos checker 
Tool schema files contain glob patterns like *[Ss]earch* that trigger
false positives in the typos pre-push hook.

Made-with: Cursor
 2026-03-29 00:17:31 +08:00
ropzislaw
9b267acb34 feat: update MCP bridge to support multiple clients and enhance functionality 
- Bumped version to 3.1.0 and updated the description to reflect new capabilities.
- Introduced a shared daemon for handling multiple simultaneous clients, improving performance.
- Added new CLI commands and updated the README for better user guidance.
- Enhanced the package.json to include new dependencies and scripts for the daemon and CLI.
- Refactored the bridge architecture to utilize StreamableHTTP for improved communication with AI agents.

These changes significantly enhance the usability and functionality of the MCP bridge.
 2026-03-29 00:14:17 +08:00
dependabot[bot]
1aed1f04ef build(deps): bump @ai-sdk/anthropic from 3.0.44 to 3.0.63 (#201) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-24 16:09:35 +08:00
dependabot[bot]
7a71901fc9 build(deps-dev): bump @tailwindcss/postcss from 4.2.1 to 4.2.2 (#198) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-24 13:01:07 +08:00
dependabot[bot]
fe67af7580 build(deps-dev): bump @crxjs/vite-plugin from 2.3.0 to 2.4.0 (#200) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 17:03:51 +08:00
dependabot[bot]
ddbb0caf76 build(deps): bump @ai-sdk/openai from 3.0.25 to 3.0.47 (#190) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 15:18:52 +08:00
dependabot[bot]
09067c020e build(deps-dev): bump jsdom from 28.1.0 to 29.0.1 (#196) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 15:17:47 +08:00
dependabot[bot]
4e8bc95eba build(deps): bump @zenfs/dom from 1.2.6 to 1.2.7 (#194) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 15:17:29 +08:00
dependabot[bot]
a1449cfb77 build(deps): bump nanoid from 5.1.6 to 5.1.7 (#195) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 15:17:06 +08:00
dependabot[bot]
ec707433c6 build(deps): bump lucide-react from 0.576.0 to 0.577.0 (#193) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 15:15:57 +08:00
dependabot[bot]
947a8ec72b build(deps): bump @ai-sdk/openai-compatible from 2.0.21 to 2.0.37 (#191) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 15:15:39 +08:00
dependabot[bot]
ccf4082425 build(deps): bump three from 0.177.0 to 0.183.2 (#192) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 15:15:19 +08:00
dependabot[bot]
7abb8397a4 build(deps): bump @ai-sdk/google from 3.0.43 to 3.0.52 (#189) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 15:14:38 +08:00
dependabot[bot]
b239e7233d build(deps): bump pnpm/action-setup from 4 to 5 (#188) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 15:12:29 +08:00
ropzislaw
7e1f2e994c Add support for minimax-cn and minimax for custom provider (#187) 2026-03-21 17:01:45 +08:00
kmou424
deb813ab4c feat(core/provider): add minimax and minimax-cn support for custom provider 2026-03-21 16:35:31 +08:00
dependabot[bot]
a3153b6086 build(deps-dev): bump bumpp from 10.4.1 to 11.0.1 (#184) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 21:29:43 +08:00
dependabot[bot]
bf0181d703 build(deps): bump lru-cache from 11.2.4 to 11.2.7 (#185) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 21:22:06 +08:00
dependabot[bot]
982f927388 build(deps-dev): bump vitest from 4.0.18 to 4.1.0 (#182) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 21:21:34 +08:00
dependabot[bot]
6ad2b42234 build(deps): bump @openai/agents from 0.5.4 to 0.7.2 (#181) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-16 21:21:20 +08:00
ropzislaw
c2c7a6ce3b Update star history link in README.mdchange link 2026-03-13 14:45:40 +08:00
jk4235
5bd5b7fbf5 chore: release v0.1.0 v0.1.0 2026-03-11 18:49:04 +08:00
Ken Qian
d73e034c9d feat: add support for image inputs in chat functionality (#179) 2026-03-11 18:44:31 +08:00
dependabot[bot]
a60b864a40 build(deps): bump framer-motion from 12.34.3 to 12.35.1 (#174) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-09 21:04:36 +08:00
dependabot[bot]
811b628460 build(deps-dev): bump @tailwindcss/postcss from 4.1.18 to 4.2.1 (#175) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-09 21:04:24 +08:00
dependabot[bot]
efb9ca8c5d build(deps): bump @ai-sdk/google from 3.0.22 to 3.0.43 (#176) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-09 21:04:10 +08:00
dependabot[bot]
2bb6f7e6b3 build(deps): bump tailwindcss from 4.1.18 to 4.2.1 (#177) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-09 21:03:58 +08:00
dependabot[bot]
572e288429 build(deps): bump ai from 6.0.105 to 6.0.116 (#178) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-09 21:03:44 +08:00
ropzislaw
046d724515 optimize ui 2026-03-08 20:43:19 +08:00
ropzislaw
ccab3f30c0 feat: enhance model fetching and tool call handling in AI components 
- Updated the model fetching logic to include persistent storage for improved performance and reliability.
- Introduced background model list updates to ensure the UI reflects the latest data.
- Enhanced the handling of parameterless tool calls in the AI provider, injecting default arguments when necessary.
- Refactored the chat adapter to support session rollbacks, improving user experience during message regeneration.

These changes significantly improve the functionality and responsiveness of the AI components.
 2026-03-08 20:39:32 +08:00
ropzislaw
436c9559b9 fix: update destructive-foreground color in tailwind.css for improved accessibility 
- Changed the value of --destructive-foreground from oklch(0.577 0.245 27.325) to oklch(0.985 0 0) to enhance visibility and accessibility in the UI.

This update aims to improve user experience by ensuring better contrast for destructive actions.
 2026-03-08 16:29:03 +08:00
ropzislaw
b44cbae2ea Feature adjust (#172) 2026-03-08 15:56:20 +08:00
ropzislaw
017481a690 refactor: streamline type exports and improve import organization 
- Refactored type exports in skill-api, runtime-addon, and types files for better clarity and consistency.
- Updated import paths to utilize centralized type definitions, enhancing maintainability.
- Improved the BrowserMessageActions component to handle text content more effectively when copying messages.

These changes contribute to a cleaner codebase and improved functionality across the project.
 2026-03-08 15:53:47 +08:00
ropzislaw
b0b6020132 refactor: improve code formatting and organization in various components 
- Adjusted formatting in SettingsPage for better readability.
- Streamlined import statements in browser-chat-header and browser-message-actions for consistency.
- Enhanced the MCP bridge panel layout for improved clarity.
- Refactored WebSocket bridge exports for better structure.

These changes enhance code maintainability and readability across the project.
 2026-03-08 15:42:08 +08:00
ropzislaw
8f7d518191 feat: enhance chat adapter and settings components 
- Updated ChatAdapter to handle new assistant messages after tool calls, improving message management.
- Added connection tab support in SettingsPage, allowing for better organization of settings.
- Introduced connectionContent prop in SettingsPageProps for dynamic content rendering.
- Enhanced message-item component to include onLogin handler for improved user interaction.
- Refactored useChat and useChatConfig hooks for better state management and silent reload capabilities.
- Implemented WebSocket MCP bridge in background script for real-time communication.

This update improves user experience and functionality across chat and settings components.
 2026-03-08 15:41:27 +08:00
ropzislaw
891200fbbf build(deps): bump framer-motion from 12.29.2 to 12.34.3 (#168) 2026-03-02 20:58:53 +08:00
dependabot[bot]
fbb65caa73 build(deps): bump framer-motion from 12.29.2 to 12.34.3 
Bumps [framer-motion](https://github.com/motiondivision/motion) from 12.29.2 to 12.34.3.
- [Changelog](https://github.com/motiondivision/motion/blob/main/CHANGELOG.md)
- [Commits](https://github.com/motiondivision/motion/compare/v12.29.2...v12.34.3)

---
updated-dependencies:
- dependency-name: framer-motion
  dependency-version: 12.34.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-02 10:40:54 +00:00
dependabot[bot]
c7a83b431f build(deps): bump ai from 6.0.28 to 6.0.105 (#167) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-02 18:40:15 +08:00
dependabot[bot]
4e9e125f59 build(deps): bump lucide-react from 0.563.0 to 0.576.0 (#169) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-02 18:39:44 +08:00
dependabot[bot]
8912a763a8 build(deps): bump tailwind-merge from 3.4.0 to 3.5.0 (#170) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-02 18:39:30 +08:00
dependabot[bot]
4d57b4893c build(deps-dev): bump @testing-library/react from 16.3.0 to 16.3.2 (#171) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-02 18:39:13 +08:00