Commit Graph

287 Commits

Author SHA1 Message Date
google-labs-jules[bot] 326b9a12f4 chore: relax HTTP header name validation to match RFC 7230
Updated the regex in `src/helpers.ts` to allow all valid characters in an HTTP token (RFC 7230, section 3.2.6), including symbols like `_`, `.`, `!`, and `*`. Previously, the validation was overly restrictive, only allowing alphanumeric characters and hyphens.

Also updated the corresponding unit test in `__tests__/helpers.test.ts` to reflect the change.
2026-02-24 17:44:57 +00:00
Stephanie Giang a380166897 Merge pull request #170 from GitPaulo/gitpaulo/update-deprecated-max-tokens
Update deprecated max_tokens to max_completion_tokens
v2.0.6
2026-02-06 11:09:51 -05:00
Paulo Santos b07a08c5eb generate dist 2026-02-04 21:30:14 +00:00
Paulo Santos 725fb1c850 update max_tokens to max_completion_tokens 2026-02-04 21:29:53 +00:00
Stephanie Giang 95f4a27227 Merge pull request #160 from actions/dependabot/npm_and_yarn/rollup/rollup-linux-x64-gnu-4.55.1
chore(deps): bump @rollup/rollup-linux-x64-gnu from 4.52.5 to 4.55.1
2026-02-04 16:04:14 -05:00
dependabot[bot] b9877e2b39 chore(deps): bump @rollup/rollup-linux-x64-gnu from 4.52.5 to 4.55.1
Bumps [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup) from 4.52.5 to 4.55.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.5...v4.55.1)

---
updated-dependencies:
- dependency-name: "@rollup/rollup-linux-x64-gnu"
  dependency-version: 4.55.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-04 21:00:34 +00:00
Stephanie Giang 29ac79522a Merge pull request #164 from actions/dependabot/npm_and_yarn/lodash-4.17.23
chore(deps): bump lodash from 4.17.21 to 4.17.23
2026-02-04 15:59:45 -05:00
Stephanie Giang 4ae036562a Merge branch 'main' into dependabot/npm_and_yarn/lodash-4.17.23 2026-02-04 15:59:12 -05:00
Stephanie Giang 268593b9a6 Merge pull request #168 from GitPaulo/gitpaulo/fork-add-temperature-topp-params
Add model parameters temperature and topP to action inputs
2026-02-04 15:58:13 -05:00
Paulo Santos 1171309110 refactor temperature/top-p parsing for clarity 2026-02-04 12:20:53 +00:00
Paulo Santos 71c69d42b5 document temperature and top-p inputs in readme 2026-02-04 12:12:24 +00:00
Paulo Santos d51321a7a6 rebuild dist bundle 2026-02-04 12:12:19 +00:00
Paulo Santos 5b62ecd0dd add temperature and top-p input parameters 2026-02-04 12:12:14 +00:00
dependabot[bot] eff4de28e3 chore(deps): bump lodash from 4.17.21 to 4.17.23
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-23 17:09:22 +00:00
Sean Goedecke a6101c89c6 Merge pull request #163 from yg1996/add-custom-headers-support
Add custom headers support for API Management integration
v2.0.5
2026-01-19 17:28:08 +11:00
Yonatan Golick 15ae50ae2f Add CRLF injection protection for header values
Implement security validation to prevent HTTP header injection attacks:
- Reject header values containing \r or \n characters
- Add comprehensive test coverage for CRLF protection
- Replace multiline YAML test with proper rejection test

Security improvements:
- Validates header values to prevent header injection
- Clear warning messages when values are rejected
- Four new test cases covering LF, CR, CRLF, and multiline scenarios

This addresses a critical security concern where malicious headers
could be injected via newline characters in header values.

All 84 tests passing.
2026-01-18 12:19:43 +02:00
Yonatan Golick f77380037b Update src/helpers.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-01-18 11:59:12 +02:00
Yonatan Golick 6402ff8f9a Update README.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-01-18 11:58:58 +02:00
Yonatan Golick c760995fbc Remove redundant feature documentation file
Delete CUSTOM_HEADERS_FEATURE.md as the README.md already contains
comprehensive documentation for the custom headers feature. This
reduces documentation duplication and follows standard practice
of keeping feature docs in the README.
2026-01-18 11:43:39 +02:00
Yonatan Golick ce720b3d0c Fix header validation per RFC 7230 and add null check
Address Copilot AI feedback:
- Remove underscore support from header names (RFC 7230 compliance)
- Add explicit null check for JSON parsing
- Update validation regex to /^[A-Za-z0-9-]+$/
- Add test case for null value handling
- Update documentation to clarify header name requirements

Changes:
- Header names now only accept alphanumeric characters and hyphens
- Improved error messages for invalid headers
- Added test for null JSON input
- Updated APIM example tests

All 81 tests passing.
2026-01-18 11:35:18 +02:00
Yonatan Golick 6d144ac474 Add custom headers support for API Management integration
This change adds support for custom HTTP headers in AI inference requests,
enabling integration with API Management platforms (Azure APIM, AWS API
Gateway, Kong, etc.) and custom request routing/tracking.

Features:
- New 'custom-headers' input supporting both YAML and JSON formats
- Auto-detection of input format for better UX
- Header name validation (alphanumeric, hyphens, underscores)
- Automatic masking of sensitive headers in logs
- Full backward compatibility (optional parameter)

Changes:
- Added parseCustomHeaders() function in helpers.ts
- Updated InferenceRequest interface with optional customHeaders field
- Modified simpleInference() and mcpInference() to pass headers to OpenAI client
- Added 18 comprehensive test cases
- Updated documentation with examples and use cases

All 80 tests passing. Zero breaking changes.
2026-01-18 11:24:13 +02:00
Sarah Vessels 63993128d7 Merge pull request #51 from KyFaSt/patch-1
Add Missing Languages to CodeQL Advanced Configuration
2026-01-07 11:27:48 -06:00
Sarah Vessels 3dfda414c6 Merge branch 'main' into patch-1 2026-01-07 11:21:35 -06:00
Sarah Vessels b99f473284 Merge pull request #152 from actions/dependabot/npm_and_yarn/express-5.2.1
chore(deps): bump express from 5.1.0 to 5.2.1
2026-01-07 11:11:33 -06:00
Sarah Vessels acb23a78e0 Merge branch 'main' into dependabot/npm_and_yarn/express-5.2.1 2026-01-07 11:10:57 -06:00
Sarah Vessels de9f3a655a Merge pull request #158 from actions/dependabot/npm_and_yarn/modelcontextprotocol/sdk-1.25.2
chore(deps): bump @modelcontextprotocol/sdk from 1.24.0 to 1.25.2
2026-01-07 11:09:33 -06:00
Sarah Vessels 38e68a8ffc licensed cache 2026-01-07 11:01:16 -06:00
Sarah Vessels 7012ba221f Merge branch 'main' into dependabot/npm_and_yarn/express-5.2.1 2026-01-07 11:00:24 -06:00
Sarah Vessels 185fd7e675 licensed cache 2026-01-07 10:57:30 -06:00
Sarah Vessels d89080af40 npm run bundle 2026-01-07 10:57:20 -06:00
dependabot[bot] 6f1b0370bb chore(deps): bump @modelcontextprotocol/sdk from 1.24.0 to 1.25.2
Bumps [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) from 1.24.0 to 1.25.2.
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](https://github.com/modelcontextprotocol/typescript-sdk/compare/1.24.0...v1.25.2)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.25.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-07 16:51:03 +00:00
Sarah Vessels 0a593b0c24 Merge pull request #149 from actions/dependabot/npm_and_yarn/body-parser-2.2.1
chore(deps): bump body-parser from 2.2.0 to 2.2.1
2026-01-06 14:12:53 -06:00
Sarah Vessels 214f0b0a68 Merge branch 'main' into dependabot/npm_and_yarn/body-parser-2.2.1 2026-01-06 14:12:17 -06:00
Sarah Vessels 812f8bb844 Merge pull request #144 from actions/dependabot/npm_and_yarn/js-yaml-4.1.1
chore(deps): bump js-yaml from 4.1.0 to 4.1.1
2026-01-06 14:11:41 -06:00
Sarah Vessels de36aa9302 npm run bundle 2026-01-06 14:02:26 -06:00
Sarah Vessels b99132354c Merge branch 'main' into dependabot/npm_and_yarn/js-yaml-4.1.1 2026-01-06 14:01:47 -06:00
Sarah Vessels ad4351a3a2 npm run bundle 2026-01-06 13:57:11 -06:00
Sarah Vessels 146434d459 Merge pull request #153 from actions/dependabot/npm_and_yarn/modelcontextprotocol/sdk-1.24.0
chore(deps): bump @modelcontextprotocol/sdk from 1.15.1 to 1.24.0
2026-01-06 13:56:25 -06:00
Sarah Vessels ce17fb5d9d licensed cache 2026-01-06 13:53:13 -06:00
Sarah Vessels 2ef8c2618e Merge branch 'main' into dependabot/npm_and_yarn/js-yaml-4.1.1 2026-01-06 13:52:50 -06:00
Sarah Vessels eeef9fe1ab Merge branch 'main' into dependabot/npm_and_yarn/modelcontextprotocol/sdk-1.24.0 2026-01-06 13:51:06 -06:00
Sarah Vessels 82e525eb0f licensed cache 2026-01-06 13:47:43 -06:00
Sarah Vessels 0f8b89d701 Merge branch 'main' into dependabot/npm_and_yarn/body-parser-2.2.1 2026-01-06 13:47:02 -06:00
Sarah Vessels 7e91a1e627 Merge pull request #132 from actions/dependabot/npm_and_yarn/rollup/rollup-linux-x64-gnu-4.52.5
chore(deps): bump @rollup/rollup-linux-x64-gnu from 4.46.0 to 4.52.5
2026-01-06 13:45:33 -06:00
Sarah Vessels 82a7737224 Merge branch 'main' into dependabot/npm_and_yarn/rollup/rollup-linux-x64-gnu-4.52.5 2026-01-06 13:45:00 -06:00
Sarah Vessels 6709541cb1 Merge pull request #135 from actions/dependabot/npm_and_yarn/vite-7.1.11
chore(deps-dev): bump vite from 7.0.6 to 7.1.11
2026-01-06 13:44:04 -06:00
Sarah Vessels 059db2ba93 Merge branch 'main' into dependabot/npm_and_yarn/vite-7.1.11 2026-01-06 13:43:32 -06:00
Sarah Vessels 7228fd1adf npm run bundle 2026-01-06 13:37:09 -06:00
Sarah Vessels 04be163c40 licensed cache 2026-01-06 13:34:55 -06:00
Sarah Vessels 26b055458c Merge branch 'main' into dependabot/npm_and_yarn/modelcontextprotocol/sdk-1.24.0 2026-01-06 13:33:53 -06:00