Skip to content

VS Code Extension v0.1.14

Choose a tag to compare

@aktsmm aktsmm released this 30 May 08:40

Highlights

  • Fix the bridge authorization gate: requests with the trusted client header but no Origin header are now accepted. Chrome omits Origin when the extension fetches a host_permissions host (the local bridge), so the previous hard requirement silently broke the side panel (model list, chat).
  • Harden run_terminal validation: block shell metacharacters (;, &, |, >, <, backtick, newline) and command substitution ($(...), ${...}) so an allowed prefix (e.g. git status) can no longer smuggle a second command.
  • Make the Copilot CLI fallback abort-safe: reject immediately without spawning a child process when the request is already aborted, and detach the abort listener / clear the timeout on every settle path.
  • Add Access-Control-Max-Age to CORS preflight responses to avoid redundant round-trips.

Tests

  • New HTTP-level integration test for the authorization gate (401 / 403 / 404 / 200 / preflight).
  • New regression tests for terminal command chaining/substitution and the already-aborted CLI path.

Artifact

  • VSIX: copilot-browser-bridge-vscode-0.1.14.vsix
  • Size: 40,453 bytes
  • SHA256: 9562648C2B59E82A995CB75430288131EDD817AA4BF2E24F721562B9FD6370EA

Marketplace

If VSCE_PAT is valid, this VSIX is published to the Marketplace. Otherwise the same VSIX is attached to the GitHub Release and republished after PAT renewal without re-tagging.