Skip to content

Releases: aktsmm/ai-browser-bridge-vscode

AI Browser Bridge VS Code 0.1.22

29 Jun 18:22

Choose a tag to compare

AI Browser Bridge VS Code 0.1.22

Highlights

  • Adds server-side prompt-injection guidance around extracted page content before it is routed to LLM providers.
  • Keeps browser page content clearly framed as untrusted data, not instructions, across chat, custom prompt, selection, summarize, and post flows.
  • Updates request handling tests for the new page-context guard.

Verification

  • VS Code extension tests: 44 passed
  • Compile/typecheck: passed
  • Lint: passed
  • Runtime audit: 0 vulnerabilities
  • Full audit: dev-only vulnerabilities remain; runtime audit is clean

Artifact

  • VSIX: copilot-browser-bridge-vscode-0.1.22.vsix
  • Size: 46,298 bytes
  • SHA256: 2D47C30D3363E1190BAD2721F71846F2D12F7B7ADA7D0BBDEAC03E82DC65BD90

VS Code v0.1.18

01 Jun 12:37

Choose a tag to compare

Highlights

  • Prefer VS Code Language Model API in Auto for both chat and browser-agent flows, with Copilot CLI kept as the last answer fallback.
  • Demote the Public Preview Copilot SDK route to experimental diagnostics/fallback and gate it when the VS Code extension host cannot safely start the SDK runtime.
  • Remove provider markers from assistant-visible response text so fallback diagnostics do not appear as model output.
  • Return richer provider capabilities for Chrome Settings, including user-selectable and feature-support flags.
  • Keep model filtering and request authorization behavior aligned with the Chrome bridge contract.

Tests

  • VS Code extension: npm run test, npm run lint, npm run compile, npm audit

Artifact

  • VSIX: copilot-browser-bridge-vscode-0.1.18.vsix
  • Size: 190605723 bytes
  • SHA256: DE4001007DD2DA7AAA35112C1FA33F799D2F151A52AF29DD5BD40C7365AF274C

Marketplace

  • Publish with refreshed VSCE_PAT from the User environment value and verify by tag, GitHub Release, and Marketplace listing. If Marketplace listing lags, do not re-bump or re-publish based on stale UI alone.

v0.1.17

31 May 00:56

Choose a tag to compare

Highlights

  • Add system-prompt safeguards for empty page context so summarize/translate/link-extract/Q&A requests clearly report missing page text.
  • Keep Auto provider order consistency aligned with the Chrome extension checks.
  • Preserve trusted-client request-gate behavior and model filtering while integrating new page-content guardrails.

Tests

  • VS Code extension: npm run test, npm run lint, npm run compile, npm audit

Artifact

  • VSIX: copilot-browser-bridge-vscode-0.1.17.vsix
  • Size: 190605204 bytes
  • SHA256: E7676EDD760DEFF38A194D2CDE5B6A124D77687C28421E11AC8711B0C3A9B418

Marketplace

  • Publish with refreshed VSCE_PAT (User environment value) and verify by tag + GitHub Release + Marketplace listing.
  • If Marketplace listing lags, do not re-bump/re-publish based on stale UI alone.

VS Code v0.1.16

30 May 20:26

Choose a tag to compare

Highlights

  • Add GitHub Copilot SDK provider support with a strict browser-agent-lite prompt boundary and default rejection of SDK tool permission requests.
  • Add GitHub Copilot CLI fallback routing and keep Auto provider order aligned with the Chrome Settings UI.
  • Harden the local bridge request guard for Playwright navigation, evaluate, selectors, text/raw payloads, form fields, and select options.
  • Improve bridge capabilities and provider responses so user-facing model lists hide internal/utility Copilot models.
  • Add cross-extension consistency validation so provider lists and Auto route order cannot drift silently.

Tests

  • Added/updated tests for Copilot SDK prompt/tool boundaries, Auto provider routing, model filtering, bridge request authorization, Playwright parameter guards, and provider consistency.

Artifact

  • VSIX: copilot-browser-bridge-vscode-0.1.16.vsix
  • Size: 190604994 bytes
  • SHA256: BAE4CC5119CE2D8D58BA490C4B2EF1AFAF2EC68486496E3E1DBD7249461766D5

Marketplace

If VSCE_PAT is valid, this VSIX is published to the Marketplace. Otherwise the same VSIX is attached to the GitHub Release and republished after PAT renewal without re-tagging.

VS Code v0.1.15

30 May 12:23

Choose a tag to compare

Highlights

  • Harden the optional agent run_terminal tool further by blocking token-revealing flags (--show-token), output-file flags (--output, -o), Windows drive paths, and UNC paths.
  • Keep the feature read-only and default-off while reducing accidental secret exposure and arbitrary file reads from allowed command prefixes.
  • Hide internal/utility Copilot language models from the /models response so user-facing selectors only show practical model families.

Tests

  • Added regression coverage for blocked token output, output-file flags, and absolute/UNC path reads.
  • Added regression coverage for internal/utility model filtering.

Artifact

  • VSIX: copilot-browser-bridge-vscode-0.1.15.vsix
  • Size: 40,666 bytes
  • SHA256: 962F5927230BF38B68EF8815C40F57DD4AC05BA01107B7789269E5A2F098C8AF

Marketplace

If VSCE_PAT is valid, this VSIX is published to the Marketplace. Otherwise the same VSIX is attached to the GitHub Release and republished after PAT renewal without re-tagging.

VS Code Extension v0.1.14

30 May 08:40

Choose a tag to compare

Highlights

  • Fix the bridge authorization gate: requests with the trusted client header but no Origin header are now accepted. Chrome omits Origin when the extension fetches a host_permissions host (the local bridge), so the previous hard requirement silently broke the side panel (model list, chat).
  • Harden run_terminal validation: block shell metacharacters (;, &, |, >, <, backtick, newline) and command substitution ($(...), ${...}) so an allowed prefix (e.g. git status) can no longer smuggle a second command.
  • Make the Copilot CLI fallback abort-safe: reject immediately without spawning a child process when the request is already aborted, and detach the abort listener / clear the timeout on every settle path.
  • Add Access-Control-Max-Age to CORS preflight responses to avoid redundant round-trips.

Tests

  • New HTTP-level integration test for the authorization gate (401 / 403 / 404 / 200 / preflight).
  • New regression tests for terminal command chaining/substitution and the already-aborted CLI path.

Artifact

  • VSIX: copilot-browser-bridge-vscode-0.1.14.vsix
  • Size: 40,453 bytes
  • SHA256: 9562648C2B59E82A995CB75430288131EDD817AA4BF2E24F721562B9FD6370EA

Marketplace

If VSCE_PAT is valid, this VSIX is published to the Marketplace. Otherwise the same VSIX is attached to the GitHub Release and republished after PAT renewal without re-tagging.

v0.1.13

27 May 18:08

Choose a tag to compare

Highlights

  • Lock down GitHub Copilot CLI fallback: no shell invocation. On Windows, dispatch copilot.ps1 via pwsh -NoProfile -File.
  • Restrict run_terminal to a small read-only allowlist and default the feature OFF (copilotBrowserBridge.enableAgentTerminalTool: false).
  • LM Studio endpoint validation: only loopback (localhost / 127.0.0.0/8 / IPv6 loopback) URLs accepted.
  • Sync README and settings descriptions with the hardened defaults.

Artifact

  • VSIX: copilot-browser-bridge-vscode-0.1.13.vsix
  • Size: 39,077 bytes
  • SHA256: 4932AFE6065F3C9C3470CDA18C1CCAA9E9EC0434A76D64A4334725D7EB1A4601

Marketplace

Marketplace publish is pending VSCE_PAT renewal. The same VSIX attached here will be republished without re-tagging.

v0.1.11

27 May 13:34

Choose a tag to compare

Highlights

  • Added GitHub Copilot CLI fallback and attachment-aware request routing.
  • Synced GitHub Copilot Browser Bridge branding across package metadata, runtime messages, and docs.
  • Strengthened request validation and release packaging consistency.

Artifact

  • File: copilot-browser-bridge-vscode-0.1.11.vsix
  • Size: 40,568 bytes
  • SHA256: 3FDFA774766B6A233AF305B42901F6EA375A4B812E5ACD979402F4354774F967

v0.1.10

27 May 02:00

Choose a tag to compare

Changes

  • Enable copilotBrowserBridge.enableAgentTerminalTool by default.
  • Share Playwright action validation between request guards and server handler.

Validation

  • lint / test / compile passed locally.
  • npm audit passed with 0 vulnerabilities.
  • VSIX packaging hygiene verified locally.

Artifact

  • VSIX: copilot-browser-bridge-vscode-0.1.10.vsix
  • Size: 36,615 bytes
  • SHA256: AF0FF4D38978687B0C1A06E28DEFEE13858A7A5BDCC3336DA4492553CDF607C0

Publish Note

  • VS Code Marketplace publish is currently blocked because VSCE_PAT is expired.

v0.1.9

27 May 01:23

Choose a tag to compare

Changes

  • Enable copilotBrowserBridge.enableAgentTerminalTool by default.
  • Align the runtime fallback default with the setting manifest.
  • Exclude temporary audit and marketplace metadata files from VSIX packaging.

Artifact

  • VSIX: copilot-browser-bridge-vscode-0.1.9.vsix
  • Size: 36,322 bytes
  • SHA256: C96A221E5B7F625B787C6ABDAA8BA9F30EC01E08C887E50F14897EF425372C63