mark/vibn-agent-runner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
269 Commits 2 Branches 0 Tags
6813869d10bc576cbc7e9bdfc03bb97ecec93e7b
Commit Graph

19 Commits

Author SHA1 Message Date
mawkone
9def97c3a5 fix(frontend): add X-Accel-Buffering to sse stream and optimize textarea input height resize 2026-06-04 11:16:21 -07:00
mawkone
0ce4facf8f feat: handle runner execute failures and surface immediately to DB sessions 2026-06-02 11:41:02 -07:00
mawkone
6a688c8dd1 fix(api): accept workspace API key on agent session /stop route 
The /stop route used browser-only authSession(), so the desktop's vibn_sk_
key got a 401. The desktop treats any 401 as session-expired and signs the
user out (kicking them to the login page on Stop). Use requireWorkspacePrincipal
like the sibling create/get routes.
 2026-05-30 19:24:42 -07:00
mawkone
2ef7631c5f feat(auth): enable requireWorkspacePrincipal on individual session GET route to support desktop API keys 2026-05-30 12:56:57 -07:00
mawkone
1926b7df22 fix(db): cast project_id to uuid in agent_sessions INSERT query 2026-05-30 12:40:14 -07:00
mawkone
eb709d111d fix(auth): allow empty string appPath inside session-creation route 2026-05-29 19:23:06 -07:00
mawkone
c2f71769bb feat(auth): enable requireWorkspacePrincipal on agent/sessions routes to support desktop API keys 2026-05-29 19:08:23 -07:00
mawkone
7681bd1211 feat(auth): enable requireWorkspacePrincipal on individual project GET/PATCH routes to support desktop API keys 2026-05-29 18:48:28 -07:00
mawkone
b263f6d392 feat(auth): enable requireWorkspacePrincipal on projects GET route to support desktop API keys 2026-05-29 17:06:23 -07:00
mawkone
b3dd3714c3 feat(refactor): live zed-style codebase files autocomplete and context attachment 2026-05-21 17:20:31 -07:00
mawkone
8049a7f1ab feat(refactor): premium zed-style chat UI, collapsible reasoning, and comprehensive strict type sweeps 2026-05-21 17:05:42 -07:00
mawkone
329eb4eb67 feat(ai): configure Architect mode prompt with Spec Kit templates and enforce task completion rules in background runner 2026-05-19 19:40:23 -07:00
mawkone
02de32958f feat(ai): automate end-to-end PRD, architecture, and task generation directly from Objective 2026-05-19 19:32:07 -07:00
mawkone
096ebc278a fix(api): delete legacy atlas and advisor agent endpoints 2026-05-19 15:09:59 -07:00
mawkone
67fa4a2ccc feat(runner): migrate vibn-agent-runner to use frontend MCP proxy tools and updated headless prompt 2026-05-19 14:06:12 -07:00
mawkone
618f7796b2 feat(ai): optimize tool loops, fix deployments, and integrate new onboarding flow 2026-05-19 12:52:47 -07:00
mawkone
6b8862ef2b feat(api): comprehensive QA hardening — security gates, chat improvements, beta scaffolds 
Closes checklist items F-01..F-06, D-01..D-28, S-01..S-10, C-01..C-07,
B-01..B-07, R-01..R-02, O-03.

Security (28 deletions + 10 auth gates):
- Delete 28 unauthenticated debug/cursor/firebase/test routes
- Gate ai/chat, ai/conversation, context/summarize, work-completed with withTenantProject/withAuth
- Add HMAC-SHA256 signature verification to webhooks/coolify
- Switch all admin secret comparisons to timingSafeStringEq

Foundations (lib/server/*):
- api-handler.ts: withAuth, withTenantProject, withWorkspace, withAdminSecret, withRateLimit
- logger.ts: structured request-scoped logging with turnId
- audit-log.ts: writeAuditLog helper + audit_log table
- rate-limit.ts: Postgres sliding window rate limiter
- coolify-webhook.ts: verifyCoolifySignature
- timing-safe.ts: timingSafeStringEq

Chat hardening (chat/route.ts):
- MAX_TOOL_ROUNDS 15 → 8 (C-01)
- Loop detection: hard-break at 3 identical fingerprints (was 5) (C-02)
- Add 6-consecutive-tool-call hard-break (C-02)
- Mode: respond first, act second prompt block (C-03)
- SSE heartbeat every 25s via setInterval (C-04)
- Per-tool 45s timeout via Promise.race (C-05)
- turnId per-turn UUID for log correlation (C-06)
- Recovery fires when roundsSinceText >= 4 (C-07)
- SSE plan event on plan_task_add/edit (B-05)

Beta features:
- invites table + GET/POST /api/invites (P4.8)
- invites/[token] validate + redeem (P4.8)
- fs_project_dev_servers table + lib/server/dev-server-state.ts (P6.B1)
- fs_project_secrets table + CRUD routes (P6.D2)
- lib/integrations/brief-extract.ts (P3.7)

Documentation:
- app/api/ROUTES.md: full route map with auth + tenant
 2026-05-17 19:17:22 -07:00
mawkone
c51c3c21b3 fix(ai): strip deepseek xml tags from chat history & secure git tools 
This commit addresses the issue where DeepSeek's raw XML markup (like <tool_calls> and <think>) was leaking into chat history, causing hallucinations in subsequent turns. It also patches a vulnerability in the git commit tool where arbitrary shell injection was possible.

Additionally, it includes UX copy and color contrast adjustments for the marketing homepage breadcrumbs.
 2026-05-14 11:34:42 -07:00
mawkone
abf9bf89c2 chore: convert submodules to standard directories for true monorepo structure 2026-05-13 14:54:23 -07:00