Promote Keiko 0.1.4 to main

[oscharko]

Summary

Promotes dev to main for Keiko 0.1.4 release hardening.

Refs N/A

Scope

• In scope: merge the green dev release state into main.
• Out of scope: additional code changes, npm publication before main is updated.

Product Impact

• UI or user workflow
• CLI or developer workflow
• Core generation engine
• Evidence, audit, or compliance artifact
• Security or supply chain
• Packaging, release, or npm publication
• Documentation or repository hygiene
• No user-facing behavior change

Verification

Required:

• Required GitHub checks pass before merge.
• Local verification commands or rationale are listed below.

Local verification:

npm run format:check
npm run lint
npm run typecheck
npm test
npm --prefix ui test -- --run
npm audit --audit-level=high
npm --prefix ui audit --audit-level=high
npm run prepack

Select only what applies:

• UI behavior manually verified or covered by tests.
• CLI behavior verified with command output or tests.
• Core logic covered by unit, integration, property, or fixture tests.
• Security-sensitive change reviewed for trust boundaries, secrets, external calls, and generated artifacts.
• Supply-chain or package-surface change verified with package, license, lockfile, SBOM, or npm dry-run checks.
• Documentation or Markdown change verified by the repository link check or a targeted local equivalent.
• Release-impacting change verified with npm run prepack and package-surface checks.
• Not applicable items are explained below.

Not applicable rationale:

• No linked GitHub issue was provided for this release-hardening pass.

Review And Closure

• The PR implements only the linked issue scope.
• Actionable review findings are fixed or explicitly dispositioned.
• Unresolved review threads are resolved before merge.
• Checks are repeated after the latest pushed fix.
• Issue acceptance criteria and closure evidence are updated only where evidence exists.
• Use Resolves #<issue_number> only when this PR should close the issue.

Risk Notes

This PR only promotes already-green dev state to main for the 0.1.4 release.

[Copilot]

Pull request overview

Promotes the 0.1.4 release state from dev to main, including gateway setup hardening (custom API-key header support, stricter URL/model validation, safer HTTP JSON handling), sandbox security tightening for git, documentation updates, and version alignment across packages/tests.

Changes:

• Bump core/UI package versions and propagate HARNESS_VERSION / SDK_VERSION to 0.1.4 across fixtures/tests.
• Add optional custom API-key header support end-to-end (UI → BFF → gateway adapter), plus LiteLLM /model/info discovery and stricter baseUrl/deployment/model-id validation.
• Harden operational/security surfaces (HTTP JSON size caps, tighter git sandbox deny-flags, PID file permission mode), with expanded test coverage and updated docs/runbooks.

Reviewed changes

Copilot reviewed 37 out of 39 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
ui/package.json	Bump UI package version to 0.1.4.
ui/package-lock.json	Lockfile updates (incl. deep-is range change).
ui/lib/types.ts	Mirror BFF contract: add credentialHeaderName to safe provider config.
ui/lib/api.ts	Extend gateway setup input to support optional apiKeyHeaderName.
ui/app/components/desktop/windows/PlaceholderBody.tsx	Update placeholder comment wording.
ui/app/components/desktop/modals/GatewaySetupDialog.tsx	Add API-key header field; Azure Foundry deployment requirement; updated guidance text.
ui/app/components/desktop/modals/GatewaySetupDialog.test.tsx	New UI tests for Azure deployment requirement and custom header submission.
tests/ui/read-handlers.test.ts	Update harness version fixture to 0.1.4.
tests/ui/gateway-setup.test.ts	Add gateway-setup validation and discovery/security tests (URL, headers, model limits, LiteLLM).
tests/ui/deps.test.ts	Add env-only custom API key header coverage.
tests/tools/sandbox.test.ts	Add regression tests for git external-command injection vectors.
tests/harness/sinks.test.ts	Update harness version fixture to 0.1.4.
tests/harness/fingerprint.test.ts	Update harness version fixture to 0.1.4.
tests/gateway/openai-adapter.test.ts	Add adapter tests for custom credential headers (Bearer vs raw token).
tests/gateway/http.test.ts	Add tests for gatewayFetch and capped JSON reading helpers.
tests/gateway/config.test.ts	Add config tests for header normalization/validation and baseUrl query/fragment rejection.
tests/cli/verify.test.ts	Update package version fixture to 0.1.4.
tests/cli/evidence.test.ts	Update harness version fixture to 0.1.4.
tests/audit/retention.test.ts	Update harness version fixture to 0.1.4.
tests/audit/report.test.ts	Update harness version fixture to 0.1.4.
tests/audit/persist.test.ts	Update harness version fixture to 0.1.4.
tests/audit/integration.test.ts	Update harness version fixture to 0.1.4.
tests/audit/index-api.test.ts	Update harness version fixture to 0.1.4.
tests/audit/build.test.ts	Update harness version fixture to 0.1.4.
src/ui/gateway-setup.ts	Add custom header support, LiteLLM discovery path, stricter validation, and safer JSON parsing.
src/ui/deps.ts	Update model discovery seam signature to include optional header name.
src/tools/types.ts	Tighten git sandbox deny-flags for external-driver/code-exec vectors.
src/sdk/index.ts	Bump SDK_VERSION to 0.1.4.
src/harness/session.ts	Bump HARNESS_VERSION to 0.1.4.
src/gateway/types.ts	Add optional apiKeyHeaderName to provider config type.
src/gateway/openai-adapter.ts	Support custom API-key headers and use capped JSON reader.
src/gateway/index.ts	Re-export header helpers and baseUrl validation.
src/gateway/http.ts	Add response size cap + readJsonCapped helper.
src/gateway/config.ts	Add header normalization/validation, baseUrl query/fragment checks, loopback hardening, safe projection updates.
src/cli/lifecycle.ts	Write PID file with restrictive permissions (mode 0600).
README.md	Update product/gateway setup docs including custom header and discovery behavior.
package.json	Bump root package version to 0.1.4.
package-lock.json	Lockfile updates (incl. deep-is range change).
docs/ui-runbook.md	Update UI runbook with custom header support and updated setup guidance.

Files not reviewed (1)

• ui/package-lock.json: Language not supported

Comments suppressed due to low confidence (1)

ui/app/components/desktop/modals/GatewaySetupDialog.tsx:61

• The success path schedules window.location.reload() via setTimeout. In the jsdom test environment this call can throw (navigation not implemented) after the test finishes, causing flaky or failing UI unit tests (e.g. GatewaySetupDialog.test.tsx hits this path). Consider guarding the reload call so it can’t crash non-browser environments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.