feat: implement prompt injection protection and OpenRouter paid API key support
- Add comprehensive prompt injection security module with 160+ attack pattern detection - Implement security checks in message handling with proper blocking and user feedback - Add OpenRouter paid API key support (OPENROUTER_PAID_API_KEY) for premium models - Update model discovery and chat functions to use paid API key for premium models - Add comprehensive test suite with 434 test cases (98.39% accuracy) - Tests cover legitimate WordPress development queries, injection attacks, obfuscated attempts - Improve builder loading indicators with text-based progress (building/planning) - Replace spinning animations with 'Starting build/planning process' messages
This commit is contained in:
@@ -324,9 +324,16 @@ export namespace Provider {
|
||||
},
|
||||
}
|
||||
},
|
||||
openrouter: async () => {
|
||||
openrouter: async (input) => {
|
||||
const hasKey = await (async () => {
|
||||
const env = Env.all()
|
||||
if (input.env.some((item) => env[item])) return true
|
||||
if (await Auth.get(input.id)) return true
|
||||
return false
|
||||
})()
|
||||
|
||||
return {
|
||||
autoload: false,
|
||||
autoload: hasKey,
|
||||
options: {
|
||||
headers: {
|
||||
"HTTP-Referer": "https://opencode.ai/",
|
||||
@@ -335,9 +342,16 @@ export namespace Provider {
|
||||
},
|
||||
}
|
||||
},
|
||||
vercel: async () => {
|
||||
vercel: async (input) => {
|
||||
const hasKey = await (async () => {
|
||||
const env = Env.all()
|
||||
if (input.env.some((item) => env[item])) return true
|
||||
if (await Auth.get(input.id)) return true
|
||||
return false
|
||||
})()
|
||||
|
||||
return {
|
||||
autoload: false,
|
||||
autoload: hasKey,
|
||||
options: {
|
||||
headers: {
|
||||
"http-referer": "https://opencode.ai/",
|
||||
@@ -404,9 +418,16 @@ export namespace Provider {
|
||||
},
|
||||
}
|
||||
},
|
||||
zenmux: async () => {
|
||||
zenmux: async (input) => {
|
||||
const hasKey = await (async () => {
|
||||
const env = Env.all()
|
||||
if (input.env.some((item) => env[item])) return true
|
||||
if (await Auth.get(input.id)) return true
|
||||
return false
|
||||
})()
|
||||
|
||||
return {
|
||||
autoload: false,
|
||||
autoload: hasKey,
|
||||
options: {
|
||||
headers: {
|
||||
"HTTP-Referer": "https://opencode.ai/",
|
||||
@@ -518,9 +539,16 @@ export namespace Provider {
|
||||
options: {},
|
||||
}
|
||||
},
|
||||
cerebras: async () => {
|
||||
cerebras: async (input) => {
|
||||
const hasKey = await (async () => {
|
||||
const env = Env.all()
|
||||
if (input.env.some((item) => env[item])) return true
|
||||
if (await Auth.get(input.id)) return true
|
||||
return false
|
||||
})()
|
||||
|
||||
return {
|
||||
autoload: false,
|
||||
autoload: hasKey,
|
||||
options: {
|
||||
headers: {
|
||||
"X-Cerebras-3rd-Party-Integration": "opencode",
|
||||
|
||||
Reference in New Issue
Block a user