Commit Graph

23 Commits

Author SHA1 Message Date
Alex Knight
7634c8118b fix(google): image generation unavailable when google provider set via config apiKey + custom baseUrl (#100779)
* fix(google): image generation unavailable when google provider set via config apiKey + custom baseUrl

* test(google): satisfy required baseUrl in provider config fixture

* fix(google): normalize config apiKey readiness via hasConfiguredSecretInput

---------

Co-authored-by: Alex Knight <15041791+amknight@users.noreply.github.com>
2026-07-06 19:54:10 +10:00
Peter Steinberger
c757675f34 improve: keep isolated tests under one second (#100019)
* test: speed up isolated test suite

* test: finish isolated latency cleanup

* test: eliminate remaining isolated latency spikes

* test: remove final isolated timing outliers

* test: bound full-suite tooling processes

* test: bound native test process lifetime

* test: warm isolated runtime suites

* test: eliminate final isolated timing outliers

* test: fix isolated timing fixture types

* test: make timeout cleanup timing deterministic

* test: pin media manifests to source checkout

* test: isolate provider manifest contracts

* test: eliminate residual isolated timing spikes

* test: restore final isolated timing fixes

* test: eliminate remaining isolated timing spikes

* test: warm Zalo lifecycle imports

* test: keep isolated suites below one second

* test: use readable browser response fixtures
2026-07-05 10:57:19 -07:00
NIO
527f8f0cbb fix(image-gen): bound image generation provider JSON response reads (#96495)
* fix(image-gen): bound image generation provider JSON response reads

Route success JSON reads through readProviderJsonResponse (16 MiB cap)
in openrouter, google, fal, minimax, openai, and vydra image generation
providers to prevent OOM from oversized or hostile endpoint responses.
Mirrors the response-limit campaign already applied to other provider paths.

AI-assisted.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(image-gen): size bounded JSON caps for inline image payloads

Signed-off-by: sallyom <somalley@redhat.com>

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: sallyom <somalley@redhat.com>
2026-06-26 07:08:30 -04:00
Peter Steinberger
96e5812426 docs: document medium extension sources 2026-06-04 21:33:54 -04:00
Peter Steinberger
4f4d108639 chore(lint): remove underscore-dangle allow list (#83542)
* chore(lint): reduce underscore-dangle exceptions

* chore(lint): reduce more underscore exceptions

* chore(lint): remove underscore-dangle allow list

* fix(lint): repair underscore cleanup regressions

* test(lint): track version define suppression
2026-05-18 14:56:06 +01:00
Vincent Koc
eb7a082b77 fix(providers): harden image response schemas 2026-05-16 09:16:01 +08:00
Peter Steinberger
dd127ba0ba test: dedupe google image fetch mock read 2026-05-13 07:14:29 +01:00
Peter Steinberger
b3ded351e3 test: guard extension provider mock calls 2026-05-12 10:04:45 +01:00
Peter Steinberger
e17dfb0014 test: guard extension mock helpers 2026-05-11 19:19:27 +01:00
Jason Zhou
bfd540bcdf [codex] refresh plugin regression fixtures
Summary:
- Refresh plugin regression fixtures and test-support mocks for guarded network resolution, progress streaming windows, staged TTS output, QQBot STT, and CLI runner assertions.
- Resolve current-main conflicts in Discord, Google video, QQBot STT, and CLI runner tests without changing runtime code.

Verification:
- pnpm check:test-types
- pnpm vitest run $(git diff --name-only origin/main...HEAD)
- git diff --check
- GitHub CI passed, including Real behavior proof, auto-response, ClawSweeper dispatch, CodeQL, and full CI checks.

Co-authored-by: Jason Zhou <22532527+JayZeeDesign@users.noreply.github.com>
2026-05-10 23:44:50 -05:00
Peter Steinberger
fa00637476 test: tighten google image assertions 2026-05-11 00:55:29 +01:00
Peter Steinberger
0a09a8f02f fix: propagate image generation SSRF policy (#79765) (thanks @hclsys) 2026-05-09 07:59:31 -04:00
Peter Steinberger
1ef85c7d4c test: make suites safe without isolation (#78834)
* test: make suites safe without isolation

* fix: narrow auth profile credential types

* test: inject channel module loader factory locally
2026-05-07 08:43:29 +01:00
Peter Steinberger
716a3a5865 fix: honor Google image private-network opt-in 2026-04-24 01:04:13 +01:00
Vincent Koc
6c0bff111c fix(google): strip Gemini compat base suffixes (#66445)
* fix(google): cover Gemini image /openai base URLs

* fix(google): strip Gemini compat base suffixes

* fix(google): scope Gemini /openai normalization

* fix(google): harden base URL normalization

* fix(google): restrict Gemini auth base URLs

* Update CHANGELOG.md

* Update CHANGELOG.md
2026-04-14 11:19:41 +01:00
狼哥
eb130aa4e9 fix(google): disable pinned dns for image generation (#59873)
* fix(google): restore proxy-safe image generation (#59873)

* fix(ssrf): preserve transport policy without pinned dns

* fix(ssrf): use undici fetch for dispatcher requests

* fix(ssrf): type dispatcher fetch path

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-04-05 08:23:22 +01:00
Peter Steinberger
35233bae96 refactor: decouple bundled plugin sdk surfaces 2026-03-29 21:20:46 +01:00
Tak Hoffman
2b586b423a test(google): spy on image-generation auth surface 2026-03-27 00:51:38 -05:00
Peter Steinberger
410c2dba65 test: collapse provider plugin suites 2026-03-25 04:25:02 +00:00
Peter Steinberger
6f6468027a refactor: dedupe test and runtime seams 2026-03-24 23:33:30 +00:00
Peter Steinberger
9f47892bef refactor: centralize google API base URL handling 2026-03-24 10:01:22 -07:00
Vincent Koc
ac0fd26e16 fix(ci): resync generated baselines and line runtime seam 2026-03-22 19:53:26 -07:00
Vincent Koc
2131981230 refactor(plugins): move remaining channel and provider ownership out of src 2026-03-22 19:13:25 -07:00