orcs-oss/orcs-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: crypto.randomUUID for IDs, Azure Foundry detection, safety filter visibility

Browse Source 
Three targeted fixes:

1. Replace Math.random() with crypto.randomUUID() for message and tool
   call IDs in both openaiShim.ts and codexShim.ts. Math.random() is
   not cryptographically secure and predictable in seeded environments.

2. Anchor Azure endpoint detection to parsed hostname instead of raw
   URL regex. Adds support for Azure AI Foundry (services.ai.azure.com)
   alongside existing cognitiveservices and openai Azure endpoints.
   Prevents SSRF-style bypass via path segments.

3. Surface content safety filter blocks to the user. When Gemini or
   Azure returns finish_reason 'content_filter' or 'safety', emit a
   visible text block '[Content blocked by provider safety filter]'
   instead of silently returning empty/truncated content with
   stop_reason 'end_turn'. Applied to both streaming and non-streaming.
This commit is contained in:
Juan Camilo
2026-04-02 16:14:35 +02:00
parent 3353101e83
commit 5d6443799a
2 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/services/api/codexShim.ts
View File

@@ -85,7 +85,7 @@ function makeUsage(usage?: {
}
function makeMessageId(): string {
return `msg_${Math.random().toString(36).slice(2)}${Date.now().toString(36)}`
return `msg_${crypto.randomUUID().replace(/-/g, '')}`
}
function normalizeToolUseId(toolUseId: string | undefined): {