- Fix email validation JSDoc comment in chat.js
- Add explicit format validation for devId/project in preview routes
- Sanitize contact field input in build route
- Add detailed token estimation comment in memory-injector
- Add warning log when ws module is not available
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
- chat.html: Enhanced modal with email+contact fields, split-screen HTML structure,
resizer divider, preview panel with status bar and iframe
- chat.js: Email validation (frontend regex), email prefill on repeat visits,
split-screen enterDevMode(), draggable resizer with touch support,
preview panel status updates, WebSocket connection for build progress
- style.css: Split-screen dev-mode layout, resizer styles, preview panel styles
with status indicators (waiting/building/done/error), modal field styles
- backend: Preview API route, WebSocket server for progress push,
enhanced build route with email validation and broadcast,
enhanced email template with file list and brand signature
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
1. Login page: two modes (developer EXP-XXX / guest), both require API key
2. Persona: upgraded from 知秋 to 铸渊 with core brain cognition
3. UI: dark theme with gradients, animations, modern visual style
4. Guest mode: enabled with reminder about developer ID application
5. Developer mode: memory continuity with dev info lookup
6. API wake mechanism: ZhuYuan wakes when real API key is provided
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
- Frontend index.html: Replace backend proxy model detection with direct browser fetch to user's API /models endpoint, add KNOWN_ENDPOINTS auto-probing, AbortController timeout
- Frontend chat.js: Replace backend proxy chat with direct browser fetch to user's API /chat/completions with streaming support
- Backend apikey.js: Add URL format validation (INVALID_API_BASE) and specific error codes (DNS_ERROR, NETWORK_ERROR, TIMEOUT)
- Backend server.js: Add /api/health endpoint for smoke test compatibility
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
- Add protocol validation (http/https only) to prevent SSRF via file:/ftp: URLs
- Hash both apiBase+apiKey together in cache key to prevent collision attacks
- Simplify frontend error detection (use TypeError instanceof instead of fragile string check)
- Make smoke test error code assertion more precise with regex
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Root cause: Persona Studio frontend sent requests to /api/ps/apikey/detect-models
but api-proxy.js (port 3721, the only backend Nginx routes to) didn't handle those paths.
The separate persona-studio backend (port 3002) was never deployed via ecosystem.config.js or Nginx.
Fix: Add detect-models and chat handlers directly to api-proxy.js so they work through
the same Nginx → API Proxy chain that the docs main site already uses successfully.
Also update frontend to point to port 3721 for local dev, and improve error messages.
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
- Use const/let instead of var for block-scoped variables in frontend
- Add header injection validation for API Key (reject newline chars)
- Include original error message in fetchModels error callback
- Use more reliable hostname for unreachable API base test
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
- Add backend route POST /api/ps/apikey/detect-models for model auto-detection with 1-hour caching
- Add backend route POST /api/ps/apikey/chat for proxying chat through user's own API credentials
- Update login page with API Key login section (API Base URL + API Key + model detection + model list)
- Update chat.js to support API Key mode with dynamic model usage (selected_model)
- Update styles for API Key login UI (detect status, model list, etc.)
- Add smoke tests for new endpoints and dev_id login backward compatibility
- Security: API Key stored only in sessionStorage, never persisted on backend
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
- Copy persona-studio frontend to docs/persona-studio/ for GitHub Pages deployment
- Update API base URL to point to guanghulab.com production server
- Update all README links from broken guanghulab.com/persona-studio/ to GitHub Pages URL
- Update deploy-pages.yml to trigger on persona-studio/frontend changes and sync files
- Update persona-studio/README.md link to point to guanghulab repo Pages
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>