Commit Graph

58 Commits

Author SHA1 Message Date
Paulo Santos b07a08c5eb generate dist 2026-02-04 21:30:14 +00:00
Paulo Santos 1171309110 refactor temperature/top-p parsing for clarity 2026-02-04 12:20:53 +00:00
Paulo Santos d51321a7a6 rebuild dist bundle 2026-02-04 12:12:19 +00:00
Yonatan Golick 15ae50ae2f Add CRLF injection protection for header values
Implement security validation to prevent HTTP header injection attacks:
- Reject header values containing \r or \n characters
- Add comprehensive test coverage for CRLF protection
- Replace multiline YAML test with proper rejection test

Security improvements:
- Validates header values to prevent header injection
- Clear warning messages when values are rejected
- Four new test cases covering LF, CR, CRLF, and multiline scenarios

This addresses a critical security concern where malicious headers
could be injected via newline characters in header values.

All 84 tests passing.
2026-01-18 12:19:43 +02:00
Yonatan Golick ce720b3d0c Fix header validation per RFC 7230 and add null check
Address Copilot AI feedback:
- Remove underscore support from header names (RFC 7230 compliance)
- Add explicit null check for JSON parsing
- Update validation regex to /^[A-Za-z0-9-]+$/
- Add test case for null value handling
- Update documentation to clarify header name requirements

Changes:
- Header names now only accept alphanumeric characters and hyphens
- Improved error messages for invalid headers
- Added test for null JSON input
- Updated APIM example tests

All 81 tests passing.
2026-01-18 11:35:18 +02:00
Yonatan Golick 6d144ac474 Add custom headers support for API Management integration
This change adds support for custom HTTP headers in AI inference requests,
enabling integration with API Management platforms (Azure APIM, AWS API
Gateway, Kong, etc.) and custom request routing/tracking.

Features:
- New 'custom-headers' input supporting both YAML and JSON formats
- Auto-detection of input format for better UX
- Header name validation (alphanumeric, hyphens, underscores)
- Automatic masking of sensitive headers in logs
- Full backward compatibility (optional parameter)

Changes:
- Added parseCustomHeaders() function in helpers.ts
- Updated InferenceRequest interface with optional customHeaders field
- Modified simpleInference() and mcpInference() to pass headers to OpenAI client
- Added 18 comprehensive test cases
- Updated documentation with examples and use cases

All 80 tests passing. Zero breaking changes.
2026-01-18 11:24:13 +02:00
Sarah Vessels d89080af40 npm run bundle 2026-01-07 10:57:20 -06:00
Sarah Vessels de36aa9302 npm run bundle 2026-01-06 14:02:26 -06:00
Sarah Vessels ad4351a3a2 npm run bundle 2026-01-06 13:57:11 -06:00
Maarten van Diemen 8a5d2ea4a1 Merge branch 'main' into feature/pass-toolsets 2025-11-30 22:08:41 +01:00
Sean Goedecke 18d468666d fix: keep response-file temp file for downstream steps
The temporary file created for response-file was being cleaned up
before downstream steps could access it. Now using keep: true to
ensure the file persists until the job completes.

Also added script/ to eslint ignores for the mock server.
2025-11-27 21:06:42 +00:00
Maarten van Diemen 95443f8d18 Merge with main 2025-11-24 13:06:01 +01:00
David Sanders c9e14713bc chore: update dist 2025-11-23 16:19:48 -08:00
David Sanders 48f0edec4d feat: support modelParameters in prompt.yaml files 2025-11-23 16:07:11 -08:00
Maarten van Diemen 4b4b2e8afe build index.js 2025-11-02 23:37:23 +01:00
David Sanders af1c1c29a3 fix: do template substition after parsing prompt YAML 2025-10-20 21:32:06 -07:00
Sean Goedecke dfaa426c29 Parse inference response format defensively 2025-08-22 22:34:18 +00:00
Jessica Rudder a2fd223fcf Properly clean up tmp files 2025-08-12 14:31:05 -07:00
Jessica Rudder 3ba8e1b39d Replace manual tmp file creation with tmp library which uses security best practices 2025-08-12 13:49:47 -07:00
Sean Goedecke 9133f81330 package 2025-08-06 00:54:19 +00:00
Sean Goedecke e44da102bf fixup format parsing 2025-08-05 22:21:28 +00:00
Sean Goedecke 866ae2b5d7 Ensure MCP loops output the right response format
In a tool loop, you can't set response_format because the model needs to
be able to think in plain English. But you still need the final response
to be in the desired format, so we add response_format only on the last
iteration.
2025-08-05 22:06:49 +00:00
Sean Goedecke 4685e0dcd4 Force exit once inference finishes in case we are holding any connections open 2025-08-05 21:42:07 +00:00
Sean Goedecke 009d5e6e28 Update error 2025-08-05 02:52:11 +00:00
Sean Goedecke 18367df745 Merge branch 'main' into sgoedecke/use-openai-sdk 2025-08-05 02:49:44 +00:00
Sean Goedecke 8c9e538880 package 2025-08-05 02:17:03 +00:00
Sean Goedecke 4b5bb5c538 Use OpenAI SDK to avoid setting apiVersion manually 2025-08-05 02:09:17 +00:00
Sean Goedecke ea4e7d8bb9 package 2025-08-05 01:52:46 +00:00
Sean Goedecke e7ddc840ba npm run package 2025-08-04 23:00:34 +00:00
Sean Goedecke a620b9fa98 Force exit on error 2025-08-04 22:40:30 +00:00
Sean Goedecke a6d2a86ab3 Log specific error even if it is not an Error 2025-08-04 22:28:10 +00:00
Sean Goedecke 419f171f16 Separate out MCP token 2025-08-04 03:06:53 +00:00
Marais Rossouw a5af2ca963 chore: bundles do change a tiny bit now 2025-07-24 19:14:33 +10:00
Sean Goedecke f79e4e11cb regenerate dist 2025-07-21 04:56:41 +00:00
Sean Goedecke e385879671 Merge branch 'main' into sgoedecke/prompt-file 2025-07-21 00:21:07 +00:00
Sean Goedecke 1780121e3b Support .prompt.yml files 2025-07-21 00:11:26 +00:00
Sean Goedecke aff9eb000b Fixup bundle 2025-07-16 07:30:35 +00:00
Sean Goedecke 5a874b9aa1 Ensure pkce-challenge is bundled in dist instead of treated as external 2025-07-16 07:12:45 +00:00
Sean Goedecke a3fe147234 Merge branch 'main' into sgoedecke/mcp 2025-07-16 02:56:55 +00:00
Sean Goedecke 4fd6464105 Add read-only MCP support 2025-07-16 02:19:49 +00:00
Sean Goedecke 86c0691fbf Add tests 2025-07-16 00:12:41 +00:00
Sean Goedecke 886d4717d7 Make it work 2025-07-15 23:31:48 +00:00
Sean Goedecke 0b82ac474e Sketch out MCP 2025-07-15 23:23:39 +00:00
Naoki Ainoya b678377f9b update bundle 2025-07-02 09:50:57 +09:00
Matthew Leibowitz 9c57490bf1 regen 2025-05-27 01:40:03 +02:00
Matthew Leibowitz eb37c9a493 Formatting 2025-05-26 03:46:39 +02:00
Matthew Leibowitz 91ba53d8b4 feat: Add system-prompt-file input for file-based system prompts
This enhancement adds the ability to load a system prompt from a file, similar to
the existing prompt-file functionality, providing more flexibility when working with
complex system prompts.

Key changes:
- Added new `system-prompt-file` input to action.yml with proper description
- Updated main.ts implementation to handle file-based system prompts with:
  - File existence checking and appropriate error handling
  - Proper precedence (system-prompt-file takes priority over system-prompt)
  - Consistent error messages with existing prompt-file implementation

Test coverage added:
- Basic usage: Test verifies system-prompt-file loads content correctly
- Error handling: Test ensures proper errors when system-prompt-file doesn't exist
- Precedence: Test confirms system-prompt-file overrides system-prompt when both exist
- Integration: Test validates both prompt-file and system-prompt-file work together
- Max tokens: Test verifies custom token limits are properly passed to the model
- Testing infrastructure: Improved mock implementations that detect unexpected calls

Documentation:
- Updated README.md with system-prompt-file in inputs table
- Added dedicated usage example for system-prompt-file
- Fixed formatting in inputs table

CI/CD:
- Updated workflow to test system-prompt-file functionality with actual file content

This feature maintains backward compatibility while adding a useful option
for workflows that need to use more complex system prompts stored in files.
2025-05-24 03:50:15 +02:00
Aiqiao Yan 1c557cdc25 react to feedback 2025-04-17 20:23:07 +00:00
Aiqiao Yan f1591cfa68 add test 2025-04-17 20:13:47 +00:00
Aiqiao Yan 43f6a3831f read prompt from file and print output to file 2025-04-17 17:41:35 +00:00