feat(secureflow): Add OpenRouter Support and Svelte UI with Production Optimizations #441
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add OpenRouter client with support for 300+ models - Implement model config generator for dynamic model support - Add Svelte-based webview UI replacing old vanilla JS implementation - Implement profile-based scanning with CLI integration - Add ProfileScanService for running full security scans - Support passing config directly to CLI scanner (no env vars needed) - Add comprehensive logging for LLM responses and iteration tracking - Link scans to profiles via profileId - Add empty states and improved UX for profile details - Fix maxIterations to be configurable via constructor options - Update settings manager to support OpenRouter models 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add Settings component that replicates Onboarding functionality - Add navigation between Settings and Profiles views via backToProfiles message - Fix Settings to load current configuration on mount - Add skipScan flag to prevent Settings save from triggering workspace scan - Fix Input component to support proper two-way binding with bind:value - Add type prop to Button component to support submit/button types - Remove star emoji from recommended model in Select dropdown - Refactor ProfilesList to remove embedded settings form - Add getCurrentConfig message handler in explorer - Add onboardingStatus update after config save for proper view transition 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Remove redundant posthog-node dependency (already in CLI package) - Reduces package-lock.json by 253 lines and 20 packages - Disable source maps in production builds - Saves ~950KB in dist folder - Converts webpack configs to function form to access argv.mode - Sets devtool to false when mode is production - Configure Svelte compiler for production - Disables dev mode and hot reload in production builds - Update package script to remove --devtool flag 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove unused code: - Remove unused selectedVulnerability variable from ProfileDetails Deduplicate CSS: - Extract .severity-* classes to global styles in App.svelte - Remove 51 lines of duplicate CSS from ProfileDetails and VulnerabilityDetails - Fix inconsistent .severity-low colors (now consistently green) Impact: - ProfileDetails: 1,397 → 1,370 lines (-27) - VulnerabilityDetails: 278 → 254 lines (-24) - Net savings: 26 lines of code - Improved maintainability with single source of truth for severity styling 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove extensive debug logging infrastructure: - Remove file logging system (logFile, logStream, initLogFile, closeLogFile) - Remove all console.log/error/warn calls from scan services - Remove console output capture during CLI scanner execution - Remove fs import (no longer needed) Changes: - profile-scan-service.ts: Removed 150+ lines of logging code - profile-storage-service.ts: Removed console.error calls, re-throw errors instead - Deleted scan.json (temporary scan output file) - Added scan.json to .gitignore Impact: - Cleaner production output (no debug noise) - Faster scan execution (no I/O overhead from file logging) - Reduced memory footprint (no log stream buffers) - Production-ready error handling 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add silent mode for programmatic usage (VSCode extension): - CLIFullScanCommand: Add silent option and log() method wrapper - AISecurityAnalyzer: Add silent option, remove debug console.log statements - FileRequestHandler: Add silent mode support - ProfileScanService: Enable silent=true when invoking scanner from extension Changes: - Replace all console.log calls with this.log() in scanner classes - this.log() only outputs when silent=false (CLI usage) - When silent=true (extension usage), all console output is suppressed - Removed LLM response printing (3 console.log calls) - Removed iteration analysis logging (5 console.log calls) Impact: - Clean extension output (no scanner debug noise in VSCode console) - CLI tool still shows full output for terminal users - Cleaner separation between programmatic and CLI usage - ~200+ console.log calls now conditionally suppressed 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
SafeDep Report Summary
Package Details
This report is generated by SafeDep Github App |
This file should not be tracked as it's a temporary scan output. Already added to .gitignore in previous commit. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Created 45 unit tests covering all major features added in OpenRouter PR: - SettingsManager: API key, model config, provider selection (7 tests) - ScanStorageService: scan CRUD, severity tracking, profile linkage (14 tests) - ProfileStorageService: profile management, activation, workspace (12 tests) - ProfileScanService: scan validation, provider detection (12 tests) Test infrastructure: - Mocha + @vscode/test-electron framework - TDD-style test organization - Mock VSCode APIs for isolated unit testing - Test isolation with setup/teardown hooks All tests passing with proper type safety and API alignment.
- Add c8 dependency for coverage collection - Configure vscode-test with coverage options - Add test:coverage npm script - Coverage results: 46% statements, 95% branches - Exclude coverage/ directory from git - HTML coverage report generated in coverage/index.html
Version Changes: - VSCode Extension: 0.0.17 → 0.0.18 - SecureFlow CLI: 0.0.7 → 0.0.8 Documentation Updates: - Updated README with OpenRouter support and comprehensive Getting Started guide - Added v0.0.18 changelog entry highlighting new features - CLI README updated with OpenRouter model access Package Optimizations: - Added coverage/** to .vscodeignore (reduced package from 2.54MB to 818KB) - Added *.js.map to CLI .gitignore Features in v0.0.18: - OpenRouter integration for 200+ AI models - Modern Svelte-based webview UI - Enhanced provider selection and configuration - Profile-based security scanning workflow - Comprehensive scan history tracking
- Add Claude Opus 4.5 to models.json configuration - Update model-context-limits.json with Opus 4.5 context window - Regenerate TypeScript model types and configurations - Premium model with 200K context window and 64K max output
- Keep only Claude 4.5 models: Sonnet, Opus, Haiku - Remove deprecated Claude 4.1, 4, 3.7, and 3.5 models - Remove OpenRouter Claude 3.5 Sonnet - Reorder models: Sonnet (17), Opus (18), Haiku (19) - Update model-context-limits.json recommendations - Regenerate TypeScript types (33 → 27 models)
OpenRouter Models: - Remove all 7 existing OpenRouter models (GPT-4o, Gemini 2.0, DeepSeek, Llama, Mistral, Grok-2, Qwen 2.5) - Add qwen/qwen3-coder - specialized coding model - Add z-ai/glm-4.7 - high-performance AI model Google Models: - Add Gemini 3 Pro (gemini-3-pro-preview) - most advanced multimodal AI - Add Gemini 3 Flash (gemini-3-flash-preview) - fast multimodal AI - Both support 1M context window, 65K output, thinking capabilities - Multimodal support: text, image, video, audio, PDF inputs OpenAI Models: - Remove GPT-4.1, GPT-4.1 Mini, GPT-4o, GPT-4o Mini - Remove O1 reasoning model - Keep only GPT-5 family (5.1, 5 Pro, 5, 5 Mini, 5 Nano) - Keep O3 series (O3, O3 Pro, O3 Mini) and O4 Mini Model Count: 27 → 19 models Total Changes: - Removed 14 models (6 OpenAI v4, 1 O1, 7 OpenRouter) - Added 4 models (2 Gemini 3, 2 OpenRouter) - Reordered all models sequentially (orders 1-19) - Updated model-context-limits.json recommendations - Regenerated TypeScript types Updated metadata: - Last updated: December 27, 2025 - Added Gemini 3 multimodal capabilities note - Removed deprecated model shutdown notices
Model Ordering: - Move Gemini 3 models above Gemini 2.5 (orders 6-9) - Gemini 3 Pro (6), Gemini 3 Flash (7), Gemini 2.5 Pro (8), Gemini 2.5 Flash (9) OpenAI Changes: - Remove all O-series reasoning models (O3, O3 Pro, O3 Mini, O4 Mini) - Keep only GPT-5 family: 5.1, 5 Pro, 5, 5 Mini, 5 Nano (orders 1-5) - Updated recommendations in model-context-limits.json xAI Addition: - Add Grok 4.1 Fast (grok-4-1-fast-reasoning) - order 13 - "Frontier multimodal model optimized for high-performance agentic tool calling" - 2M context window, 65K max output - Positioned before Grok 4 Fast Reasoning UI Improvements: - Add "Missing a model? Request to include it here" link in Settings - Add "Missing a model? Request to include it here" link in Onboarding - Links point to GitHub issues: https://github.com/shivasurya/code-pathfinder/issues - Helps users request missing AI models easily Model Count: 15 → 16 models Final Order: GPT-5 family (1-5), Gemini 3 (6-7), Gemini 2.5 (8-9), Claude 4.5 (10-12), Grok (13-14), OpenRouter (15-16) Regenerated TypeScript types and compiled successfully
- Remove 'View Logs' action button from scan completion message - Show simple notification instead of opening logs directory - Cleaner UX without unnecessary directory access
New Models: - Add GPT-5.2 (order 1) - Best model for coding and agentic tasks - 400K context window, 128K max output - Description: "Best model for coding and agentic tasks across industries" - Positioned at the very top of OpenAI models Model Reordering: - GPT-5.2 (order 1) - NEW - GPT-5.1 (order 2, was 1) - GPT-5 Pro (order 3, was 2) - GPT-5 (order 4, was 3) - GPT-5 Mini (order 5, was 4) - GPT-5 Nano (order 6, was 5) - All other models incremented by 1 Configuration Updates: - Added gpt-5.2 to model-context-limits.json - Updated recommendations to prioritize GPT-5.2: - balanced: gpt-5.2 at top - reasoning: gpt-5.2 with thinking at top - highOutput: gpt-5.2 (128K output) at top - coding: gpt-5.2 at top - largeContext: gpt-5.2 (400K tokens) CHANGELOG Updates: - Added "Latest AI Models" section documenting: - GPT-5.2 (OpenAI's best model) - Gemini 3 Pro & Flash (Google's newest) - Grok 4.1 Fast (xAI's frontier model) - Highlighted model availability in Settings and Onboarding Model Count: 16 → 17 models Final Order: GPT-5.2 (1), GPT-5 family (2-6), Gemini 3 (7-8), Gemini 2.5 (9-10), Claude 4.5 (11-13), Grok (14-15), OpenRouter (16-17) Regenerated TypeScript types and compiled successfully
- Added minimax/minimax-m2: Compact high-efficiency model optimized for coding and agentic workflows (196K context, 65K output) - Added deepseek/deepseek-v3.2: High computational efficiency with strong reasoning and agentic tool-use (163K context, 32K output) - Updated model-context-limits.json with OpenRouter section - Added MiniMax M2 to coding recommendations - Added DeepSeek V3.2 to reasoning recommendations Model Count: 17 → 19 models Final Order: GPT-5.2 (1), GPT-5 family (2-6), Gemini 3 (7-8), Gemini 2.5 (9-10), Claude 4.5 (11-13), Grok (14-15), OpenRouter (16-19) All tests passing: 45/45 ✓
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Key Highlights:
🤖 OpenRouter Integration
🎨 Svelte UI Rewrite
⚡ Production Optimizations
Checklist:
gradle testGo)?golangci-lint runthis requires golangci-lint)?