mark/vibn-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
93 Commits 2 Branches 0 Tags
775c42e2fafcecfe7e494ba129c8b84b3478009a
Commit Graph

42 Commits

Author SHA1 Message Date
mawkone
775c42e2fa fix(auth): allow empty string appPath inside session-creation route 2026-05-29 19:23:06 -07:00
mawkone
3cb079f6e4 feat(auth): enable requireWorkspacePrincipal on agent/sessions routes to support desktop API keys 2026-05-29 19:08:23 -07:00
mawkone
a8b55b7d8f feat(auth): enable requireWorkspacePrincipal on individual project GET/PATCH routes to support desktop API keys 2026-05-29 18:48:28 -07:00
mawkone
7a3b964fb2 feat(auth): enable requireWorkspacePrincipal on projects GET route to support desktop API keys 2026-05-29 17:06:23 -07:00
mawkone
2a8bc25804 feat: added desktop sso endpoints 2026-05-28 16:05:47 -07:00
mawkone
2647919bd5 feat(refactor): live zed-style codebase files autocomplete and context attachment 2026-05-21 17:20:31 -07:00
mawkone
50f65e337d feat(refactor): premium zed-style chat UI, collapsible reasoning, and comprehensive strict type sweeps 2026-05-21 17:05:42 -07:00
mawkone
8323108f96 feat(ai): configure Architect mode prompt with Spec Kit templates and enforce task completion rules in background runner 2026-05-19 19:40:23 -07:00
mawkone
2b799e4907 feat(ai): automate end-to-end PRD, architecture, and task generation directly from Objective 2026-05-19 19:32:07 -07:00
mawkone
1da2a0b166 fix(ai): bump roundSinceText cutoff to 30 to prevent panic loops 2026-05-19 15:26:15 -07:00
mawkone
5309a72206 fix(api): delete legacy atlas and advisor agent endpoints 2026-05-19 15:09:59 -07:00
mawkone
0a4b3af327 fix(ai): restore thinking animations for gemini streams 2026-05-19 14:53:24 -07:00
mawkone
6a083ff261 fix(ai): bump loop-breaker limits from 16 to 30 to permit long autonomous workflows 2026-05-19 14:51:45 -07:00
mawkone
0eaa5534d0 feat(runner): migrate vibn-agent-runner to use frontend MCP proxy tools and updated headless prompt 2026-05-19 14:06:12 -07:00
mawkone
d21daa8abf fix(ai): implement Phase 2 and 3 prompt recommendations from review 2026-05-19 13:47:18 -07:00
mawkone
93087d4f9a feat(ai): optimize tool loops, fix deployments, and integrate new onboarding flow 2026-05-19 12:52:47 -07:00
mawkone
5364bd8497 feat(api): comprehensive QA hardening — security gates, chat improvements, beta scaffolds 
Closes checklist items F-01..F-06, D-01..D-28, S-01..S-10, C-01..C-07,
B-01..B-07, R-01..R-02, O-03.

Security (28 deletions + 10 auth gates):
- Delete 28 unauthenticated debug/cursor/firebase/test routes
- Gate ai/chat, ai/conversation, context/summarize, work-completed with withTenantProject/withAuth
- Add HMAC-SHA256 signature verification to webhooks/coolify
- Switch all admin secret comparisons to timingSafeStringEq

Foundations (lib/server/*):
- api-handler.ts: withAuth, withTenantProject, withWorkspace, withAdminSecret, withRateLimit
- logger.ts: structured request-scoped logging with turnId
- audit-log.ts: writeAuditLog helper + audit_log table
- rate-limit.ts: Postgres sliding window rate limiter
- coolify-webhook.ts: verifyCoolifySignature
- timing-safe.ts: timingSafeStringEq

Chat hardening (chat/route.ts):
- MAX_TOOL_ROUNDS 15 → 8 (C-01)
- Loop detection: hard-break at 3 identical fingerprints (was 5) (C-02)
- Add 6-consecutive-tool-call hard-break (C-02)
- Mode: respond first, act second prompt block (C-03)
- SSE heartbeat every 25s via setInterval (C-04)
- Per-tool 45s timeout via Promise.race (C-05)
- turnId per-turn UUID for log correlation (C-06)
- Recovery fires when roundsSinceText >= 4 (C-07)
- SSE plan event on plan_task_add/edit (B-05)

Beta features:
- invites table + GET/POST /api/invites (P4.8)
- invites/[token] validate + redeem (P4.8)
- fs_project_dev_servers table + lib/server/dev-server-state.ts (P6.B1)
- fs_project_secrets table + CRUD routes (P6.D2)
- lib/integrations/brief-extract.ts (P3.7)

Documentation:
- app/api/ROUTES.md: full route map with auth + tenant
 2026-05-17 19:17:22 -07:00
mawkone
cd062bd30d fix(deploy): use explicit ssh:// scheme and port 222 for gitea clone urls in coolify 2026-05-16 13:54:17 -07:00
mawkone
67855b94c2 fix(ai): upgrade deploy mechanism to use explicit ssh deploy keys rather than http basic auth to solve gitea cloning bugs 2026-05-16 13:30:14 -07:00
mawkone
cdddaced30 fix(ai): implement two-stage loop detection to warn before hard-stopping (Fix 11) 2026-05-16 12:59:16 -07:00
mawkone
c06ab8650b fix(ai): relax fs_edit line number enforcement to allow safe oldString replacements 2026-05-16 12:54:15 -07:00
mawkone
f053567741 fix(ai): sync auto-commit with streamed result to surface commit SHA to UI (Fix 10) 2026-05-16 12:26:54 -07:00
mawkone
3f4a0de2e6 fix(ai): add hard-rule prompt clause forbidding unverified mutation claims (Fix 8) 2026-05-16 12:25:26 -07:00
mawkone
aff22cba93 fix(ai): force recovery summary when final tools fail (Fix 6) 2026-05-16 12:25:00 -07:00
mawkone
ad66fe61c9 fix(ai): implement fixes 4, 5, and 7 to broaden loop detection, tighten silent stretches, and lower tool round caps 2026-05-16 12:24:09 -07:00
mawkone
8bed453f7c fix(ai): feed verified tool history back into model context to prevent hallucination compounding (Fix 3) 2026-05-16 12:22:58 -07:00
mawkone
0494a67632 feat(ai): persist raw tool execution results in postgres to enable fine-tuning dataset extraction 2026-05-16 11:59:46 -07:00
mawkone
7832e83542 fix(ai): update system prompt to enforce line-number usage for fs_edit to prevent 404 block mismatches 2026-05-15 16:38:17 -07:00
mawkone
67c43028dd feat(ai): inject dynamic codebase summary into system prompt to eliminate blind structure searches 2026-05-15 16:16:45 -07:00
mawkone
377725a98f feat(ui): hardcode visual preview tab to primary frontend port 3000 2026-05-15 16:03:06 -07:00
mawkone
dea388f99d feat(ai): implement adaptive 5-dimensional QA rubric for multi-surface evaluation 2026-05-15 14:35:27 -07:00
mawkone
2db6bee780 feat(ui): add showcase toggle and runtime renderer to design explorer 2026-05-15 14:09:27 -07:00
mawkone
547d74ae44 fix(ui): handle fallback UI for design systems without visual previews 2026-05-15 14:00:01 -07:00
mawkone
3bed7ff3a9 feat(ui): implement split-pane live preview for design systems 2026-05-15 13:56:12 -07:00
mawkone
688378aa1f feat(ai): replace hardcoded design kits with dynamic open-design templates and registries 2026-05-15 13:49:16 -07:00
mawkone
299addfcad feat(ai): integrate open-design capabilities (templates, media generation, visual QA) 2026-05-15 11:07:44 -07:00
mawkone
4862c76a60 feat(ui): add mobile preview device framing and design QA tools 2026-05-15 11:01:49 -07:00
mawkone
6c85b1db34 fix(mcp): resolve external preview routing failures and correct monorepo git paths 2026-05-14 14:56:29 -07:00
mawkone
d99e8f96c5 fix(ai): strip deepseek xml tags from chat history & secure git tools 
This commit addresses the issue where DeepSeek's raw XML markup (like <tool_calls> and <think>) was leaking into chat history, causing hallucinations in subsequent turns. It also patches a vulnerability in the git commit tool where arbitrary shell injection was possible.

Additionally, it includes UX copy and color contrast adjustments for the marketing homepage breadcrumbs.
 2026-05-14 11:34:42 -07:00
mawkone
c8bbae6978 feat(marketing): replace landing page with new site design and animations 2026-05-13 20:50:02 -07:00
mawkone
8bc8bc36f1 fix(ai): add system prompt guardrail to prevent infinite dev server loops when testing protected auth routes 2026-05-13 15:07:31 -07:00
mawkone
575c38cb34 chore: convert submodules to standard directories for true monorepo structure 2026-05-13 14:54:23 -07:00