TanStack
OSS
ai
Sign in / Sign up
Open main menu
ai
GitHub
Overview
Runs
Analytics
Loading workspace stats
Loading workspace insights...
Statistics interval
7 days
30 days
Latest CI Pipeline Executions
Status
Fix filter
Filter
Fuzzy
Filter range
Sort by
Sort by
Start time
Sort ascending
Sort descending
Succeeded
byok-package
93f2d0f7 ci: apply automated fixes
by autofix-ci...
a
Failed
byok-package
93f2d0f7 Merge 31a8d7242de37f7129fe902c454923fb2c5291ad into 084c9e4a64215e352d14ce4f844c641fd5de8326
by Tom Beckenham
T
Succeeded
byok-package
ca92c273 feat(byok): add byokFetcher for the fetcher transport Mirrors withByok (which targets the connection transport) for the fetcher transport used by useChat/useGeneration. Hands the fetcher body fresh BYOK headers + a missing-key-aware fetch, covering both a plain fetch call and a TanStack Start server function (via call-site headers). Keys still travel in the x-byok-<provider> header, never the body. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
by Tom Beckenham
T
Succeeded
byok-package
ca92c273 Merge 1c9cdc3779e153be66eca98109c4ccdc0018db12 into 084c9e4a64215e352d14ce4f844c641fd5de8326
by Tom Beckenham
T
Succeeded
byok-package
e477d3b1 refactor(byok): drop vendor branding from wire and storage identifiers The BYOK header prefix, IndexedDB name, passkey relying-party name, and HKDF label all hardcoded "tanstack". None of these need the vendor name: the header is a private protocol between this package's own client and server (both resolve it via byokHeaderName), and the storage identifiers are already overridable per instance. Neutral defaults let the toolkit read as reusable rather than TanStack-specific. - header prefix: x-tanstack-byok- -> x-byok- - IndexedDB default: tanstack-byok -> byok - passkey rpName: "TanStack AI BYOK" -> "BYOK" - HKDF info label: tanstack-byok:keyring:v1 -> byok:keyring:v1 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
by Tom Beckenham
T
Failed
byok-package
e477d3b1 Merge e0233be7cadf74e70434ddbac7ec8dd029007bda into 084c9e4a64215e352d14ce4f844c641fd5de8326
by Tom Beckenham
T
Succeeded
byok-package
e92593a5 Merge cd6251ef9f54095f0f87f22f45e1aa396ecea77b into e3de949575eac8301c0449afa3a91ef450e9580b
by Tom Beckenham
T
Succeeded
byok-package
e92593a5 feat(byok): add withByok connection helper — prompt to add/unlock key on byokMissing The SSE adapter throws a generic HTTP error on non-2xx without the body, so useChat's error can't identify the missing provider. withByok wires the provider's fetchClient option to peek at the relay's byokMissing 401 body: - withByok(getKeys, { onMissingKey }) attaches byokHeaders per request and invokes onMissingKey(provider) when the relay returns byokMissing - byokFetch is the lower-level fetch wrapper; both exported from root + /react - root now re-exports isByokMissingBody / ByokMissingBody Example: /api/tanchat returns byokMissing(provider) when it has no server env key and no BYOK header (instead of a generic 500); the front page uses withByok, and onMissingKey opens the (now controllable) key dialog focused on that provider — or, if the key is saved-but-locked, calls unlock() instead. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
by Tom Beckenham
T
Succeeded
byok-package
e156b156 feat(byok): surface saved keys as "locked" after refresh (peek); example uses passkey Persistent storage can now report presence without decrypting, so the UI knows keys exist after a refresh: - KeyringStorage gains optional peek() → { provider: last-4 } - passkeyStorage stores an unencrypted provider→last-4 sidecar next to the ciphertext and reads it via peek() with no unlock ceremony - new KeyStatus 'locked'; ByokProvider peeks on mount to mark saved keys locked (with last-4); unlock() promotes them to 'set' on decrypt Example front page now uses passkey-encrypted storage when a platform authenticator is available (else memory). The key dialog shows locked keys with a lock + last-4 and an "Unlock saved keys" action; the model-bar warning distinguishes "no key" from "saved but locked → Unlock". Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
by Tom Beckenham
T
Succeeded
byok-package
e156b156 Merge acc46f0c750e9d176cc245245b65fd47f11594e0 into e3de949575eac8301c0449afa3a91ef450e9580b
by Tom Beckenham
T
Succeeded
byok-package
8691a191 feat(example): integrate BYOK into the main chat with a key icon + env-key alerts Replaces the standalone /byok demo page with front-page integration: - key icon in the model bar opens a dark-themed dialog for per-provider keys (last-4 only), matching the app theme - getEnvKeyStatus server fn reports which providers have a server env key (booleans only, never the value); the key icon shows an amber dot and a banner warns when the selected model's provider has no key - api/tanchat prefers a per-request BYOK header key over env per provider (withByok helper); connection attaches byokHeaders(keys) Removes the old /byok route + api.byok-chat.ts + nav link. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
by Tom Beckenham
T
Succeeded
byok-package
8691a191 Merge e7bbd8f14b45e0a0951abff44e330eb91cce0ecf into e3de949575eac8301c0449afa3a91ef450e9580b
by Tom Beckenham
T
Succeeded
byok-package
078bbc89 ci: apply automated fixes
by autofix-ci...
a
Succeeded
byok-package
078bbc89 Merge 44b5d8bca1b6fbef81b8bff5c6e99a51c728508c into e3de949575eac8301c0449afa3a91ef450e9580b
by Tom Beckenham
T
Succeeded
byok-package
74748dc0 Merge f085322652fdc6c708ffb52608e2eda9f05b1a38 into e3de949575eac8301c0449afa3a91ef450e9580b
by Tom Beckenham
T
Succeeded
byok-package
74748dc0 test(byok): add E2E coverage for the BYOK relay flow New testing/e2e /byok route + /api/byok-chat relay + byok.spec.ts: - key rides in the x-tanstack-byok-openai header, is absent from the request body, streams the aimock response, and the manager shows only the last-4 - missing key → byokMissing 401 surfaced as an error, no answer produced Keyring is hydrated via a preloaded storage (the same load() path passkey storage uses), so the flow is deterministic without a live WebAuthn ceremony (passkey crypto + locked/unlock are covered by package unit tests). Adds an apiKeyOverride to the e2e createTextAdapter and a byok-masked test hook to ByokKeyManager. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
by Tom Beckenham
T
Succeeded
byok-package
6a897e3c feat(byok): wire BYOK into ts-react-chat example; add passkey rpId option - New /byok route: ByokProvider (passkey storage where supported, else memory) + ByokKeyManager + a minimal chat that attaches byokHeaders(keys) - New /api/byok-chat relay: reads the key via getByokKey(request, provider), builds the adapter with create{Openai,Anthropic,Gemini}Chat(model, apiKey), returns byokMissing() when absent — stateless, no persist/log - passkeyStorage gains an rpId option; by default the passkey binds to the current origin (no hardcoded/central domain) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
by Tom Beckenham
T
Succeeded
byok-package
6a897e3c Merge d5fd473ddc09f736427582352ce792c72a9b6e1d into e3de949575eac8301c0449afa3a91ef450e9580b
by Tom Beckenham
T
Succeeded
byok-package
9b7c0fe1 feat(byok): passkey-encrypted storage; drop plaintext localStorage Replace the plaintext localStorage tier with passkey-encrypted persistence (WebAuthn PRF -> HKDF -> AES-256-GCM ciphertext in IndexedDB), unwrapped on demand with a biometric/PIN tap. Fully client-side; protects at-rest, not live in-page XSS (documented). - passkeyStorage() + isPasskeyStorageSupported() feature detection - KeyringStorage gains optional `unlockable` + `warning` - ByokProvider: `locked`/`unlock` so unlockable storage never prompts on mount; hydrates on explicit unlock or first save - ByokKeyManager: unlock banner + storage-specific warning - memoryStorage() remains the default; no plaintext persistence exists Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
by Tom Beckenham
T
Succeeded
byok-package
9b7c0fe1 Merge f03089b9f67816166f460ed841539d33ab8e3e1d into e3de949575eac8301c0449afa3a91ef450e9580b
by Tom Beckenham
T
Previous page
Previous
Next
Next page