feat: Architecture Diagram Generator with Flux.1 Schnell#41
Open
A-VISHAL wants to merge 40 commits into
Open
Conversation
…red architecture - Next.js 16 dashboard with 25 fully active AI tools across 6 categories - Live visual previews: HTML/CSS renders in iframe, Mermaid diagrams render as SVG - Two-tier architecture: Tier 1 (frontend LLM) + Tier 2 (Python services) - Screenshot-to-Code with image upload and base64 processing - Deep Research multi-agent tool via LangGraph - Free tier (5 uses/tool/day) with usage tracking via IndexedDB - Dark/Light theme with Unbounded + Inter typography - Tool history persistence per tool - Real-time token streaming for all tools - Comprehensive docs: frontend tool guide + Python tool guide - Removed legacy projects/ folder (superseded by services/ architecture) - Updated README, CONTRIBUTING.md to reflect actual platform
- Fix TS2307: category-section.tsx import path @/lib/tools -> @/lib/tools/registry - Fix TS2305: category-section.tsx type Tool -> ToolDefinition - Fix TS2304: history-drawer.tsx add missing HistoryDrawerProps interface - Replace all em-dash characters with normal dashes across source and docs
…rkflows - Fix history-drawer.tsx body type: Record<string, string> -> Record<string, unknown> - Remove em-dashes from CI workflow names (ci-tier1.yml, deploy-tier2.yml)
…to warnings - Run biome check --write to auto-fix 56 files (formatting, unused imports) - Downgrade useButtonType, noImgElement, noDangerouslySetInnerHtml to warnings - Set useIgnoreFile: false (no .gitignore inside app/ directory) - Verified locally: tsc --noEmit passes, biome check passes (0 errors)
- Auto-fix 57 formatting errors via biome check --write - Fix catch(err: any) -> catch(err: unknown) in result-viewer - Downgrade noArrayIndexKey to warn for log line rendering - Add .github/scripts/ai_pr_review.py (Kimi K2.6 via Azure Foundry) - Add .github/workflows/pr-review.yml (triggers on all PRs)
- Uses GitHub Pull Request Reviews API for inline comments on specific lines - LLM outputs structured JSON with file paths and line numbers - Comments appear directly on the diff, not as a single general comment - Includes diff position mapping for accurate line targeting - Severity levels: Bug, Security, Performance, Suggestion - Max 10 focused inline comments per review
…ious PRs - Uses pull_request_target instead of pull_request - Always checks out the BASE branch, not the PR branch - Prevents contributors from modifying the review script to exfiltrate API keys - Secrets are now properly exposed since workflow runs from trusted base
feat: Oxtools Code Security Scanner V2 and Json to Schema V2 with Benchmarks
…Y error Next.js Turbopack evaluates route modules during 'Collecting page data' which triggers the OXLO_API_KEY check. Adding dynamic='force-dynamic' tells Next.js to skip static evaluation for this route entirely.
fix: add force-dynamic to API route to prevent build-time OXLO_API_KEY error
The OxBot GitHub App (oxlo-ai) is now live on Vercel and handles all PR reviews. The old GitHub Actions workflow is no longer needed.
cleanup: remove old GitHub Actions OxBot (replaced by GitHub App)
…rk/Oxtools into screenshot_accuracy
…Means + LLM refinement
Resolved conflicts in result-viewer.tsx by accepting HEAD version which includes: - Color palette extraction and display features - Pipeline logs viewer - Extracted colors preview with copy functionality Note: Incoming branch's Edit/Compare tabs and fullscreen editing features should be integrated in a future PR for full feature parity.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR turns Oxtools into a unified “tools hub” with a Next.js UI (Tier 1 prompt tools), a single Dockerized Python runner for Tier 2 tools, and adds new agentic tools (including an architecture-diagram workflow using Flux.1 Schnell).
Changes:
- Added a unified Python tool runner (FastAPI) + consolidated Docker/Compose setup for Tier 1 (Next.js) and Tier 2 (Python tools).
- Added/activated multiple tools (JSON-to-schema V2, deep-research, code-security-scanner V2, color palette/image palette pipeline) and an MV3 Chrome extension for screenshot-to-code UX.
- Added a security-scanner benchmark “vuln_app” fixture under tests (intentionally vulnerable).
Reviewed changes
Copilot reviewed 147 out of 161 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/security-scanner-benchmark/vuln_app/users/views.py | Adds intentionally vulnerable Django-style views for scanner benchmarking. |
| tests/security-scanner-benchmark/vuln_app/users/utils.py | Adds “false sanitizer” and other vulnerable utility helpers for cross-file detection. |
| tests/security-scanner-benchmark/vuln_app/users/models.py | Adds intentionally weak user model for timing/mass-assignment patterns. |
| tests/security-scanner-benchmark/vuln_app/tasks.py | Adds intentionally vulnerable Celery/background task patterns + secrets fixture. |
| tests/security-scanner-benchmark/vuln_app/settings.py | Adds intentionally insecure Django settings fixture + secrets fixture. |
| tests/security-scanner-benchmark/vuln_app/requirements.txt | Pins intentionally vulnerable dependencies for CVE testing. |
| tests/security-scanner-benchmark/vuln_app/middleware.py | Adds intentionally insecure middleware including an exec backdoor (benchmark fixture). |
| tests/security-scanner-benchmark/vuln_app/files/handlers.py | Adds intentionally vulnerable upload/download/XML handlers fixture. |
| services/python-tools/tools/screenshot-to-code/requirements.txt | Defines deps for screenshot-to-code tool inside unified runner. |
| services/python-tools/tools/json-to-schema-v2/tool.py | Adds entrypoint for agentic JSON→schema tool (streaming). |
| services/python-tools/tools/json-to-schema-v2/schema_prompts.py | Adds/refines prompts for architect/reviewer/documenter nodes. |
| services/python-tools/tools/json-to-schema-v2/schema_config.py | Adds config + model fallbacks and size/iteration limits. |
| services/python-tools/tools/json-to-schema-v2/requirements.txt | Adds LangGraph/LangChain deps for JSON-to-schema V2. |
| services/python-tools/tools/image-palette-extractor/requirements.txt | Adds deps for palette extraction/refinement tool. |
| services/python-tools/tools/image-palette-extractor/pipeline.py | Adds LangGraph pipeline orchestration for palette extraction/refinement. |
| services/python-tools/tools/image-palette-extractor/config.py | Adds Oxlo LLM configuration for palette refiner. |
| services/python-tools/tools/deep-research/tool.py | Adds streaming deep-research tool entrypoint. |
| services/python-tools/tools/deep-research/requirements.txt | Pins deps for deep-research tool. |
| services/python-tools/tools/deep-research/prompts.py | Adds prompt templates for planner/searcher/analyzer/verifier/writer. |
| services/python-tools/tools/deep-research/config.py | Adds env + model assignment config for deep-research. |
| services/python-tools/tools/code-security-scanner-v2/tool.py | Adds entrypoint for agentic security scanner v2 with streaming + fallback report. |
| services/python-tools/tools/code-security-scanner-v2/sec_prompts.py | Adds auditor/fixer/reporter prompts emphasizing cross-file analysis. |
| services/python-tools/tools/code-security-scanner-v2/sec_file_parser.py | Adds ZIP + marker-based multi-file parsing for scanner v2. |
| services/python-tools/tools/code-security-scanner-v2/sec_config.py | Adds scanner v2 config constants including limits and model fallbacks. |
| services/python-tools/tools/code-security-scanner-v2/requirements.txt | Adds deps for scanner v2 (langgraph/langchain/bandit/httpx). |
| services/python-tools/tools/_template/tool.py | Adds template tool scaffold for contributors. |
| services/python-tools/tools/_template/requirements.txt | Adds template requirements stub. |
| services/python-tools/requirements.txt | Adds base deps for unified Python runner. |
| services/python-tools/Dockerfile | Builds unified Python tools container and installs per-tool deps. |
| docs/adding-a-python-tool.md | Documents how to add a Tier 2 Python tool. |
| docs/adding-a-frontend-tool.md | Documents how to add a Tier 1 frontend/prompt tool. |
| docker-compose.yml | Adds production compose for Next.js + python-tools runner. |
| docker-compose.dev.yml | Adds dev compose for python-tools runner with mounted tools directory. |
| extension/vite.config.ts | Adds Vite config for browser extension build. |
| extension/tsconfig.json | Adds TS config for extension. |
| extension/tailwind.config.js | Adds Tailwind config for extension UI. |
| extension/src/sidepanel/index.html | Adds sidepanel HTML entrypoint. |
| extension/src/index.css | Adds Tailwind CSS entry. |
| extension/src/content/index.tsx | Adds “magic wand” content script to select an element and send rect to side panel. |
| extension/src/content/authSync.ts | Adds auth token sync from page storage/cookies to extension storage. |
| extension/src/background/index.ts | Adds MV3 service worker handler for screenshot capture requests. |
| extension/postcss.config.js | Adds PostCSS config for Tailwind in extension. |
| extension/package.json | Adds extension package/deps/scripts. |
| extension/manifest.json | Adds MV3 manifest with side panel, content scripts, and permissions. |
| app/tsconfig.json | Adds TS config for the Next.js app. |
| app/src/types/index.ts | Defines tool/category/input config types (incl. files upload). |
| app/src/providers/auth-provider.tsx | Adds client auth provider and usage tracking wiring. |
| app/src/lib/tools/unit-test-generator.ts | Adds tool definition for unit test generation. |
| app/src/lib/tools/ui-to-code.ts | Adds tool definition for UI description → code. |
| app/src/lib/tools/text-formatter.ts | Adds tool definition for text formatting. |
| app/src/lib/tools/sql-converter.ts | Adds tool definition for NL → SQL. |
| app/src/lib/tools/seo-writer.ts | Adds tool definition for SEO metadata generation. |
| app/src/lib/tools/screenshot-to-code.ts | Adds Tier 2 tool definition for screenshot-to-code. |
| app/src/lib/tools/sample-dataset-generator.ts | Adds tool definition for sample dataset generation. |
| app/src/lib/tools/registry.ts | Adds centralized tool registry and category definitions. |
| app/src/lib/tools/regex-explainer.ts | Adds tool definition for regex explanation. |
| app/src/lib/tools/readme-generator.ts | Adds tool definition for README generation. |
| app/src/lib/tools/pr-summarizer.ts | Adds tool definition for PR diff summarization. |
| app/src/lib/tools/pdf-summarizer.ts | Adds tool definition for document summarization. |
| app/src/lib/tools/mock-api-generator.ts | Adds tool definition for mock API data generation. |
| app/src/lib/tools/log-analyzer.ts | Adds tool definition for log analysis. |
| app/src/lib/tools/json-to-schema.ts | Adds tool definition for JSON → schema (v1). |
| app/src/lib/tools/json-to-schema-v2.ts | Adds Tier 2 tool definition for agentic JSON → schema. |
| app/src/lib/tools/grammar-checker.ts | Adds tool definition for grammar/tone checking. |
| app/src/lib/tools/deep-research.ts | Adds Tier 2 tool definition for deep research agent. |
| app/src/lib/tools/csv-insight-generator.ts | Adds tool definition for CSV insights. |
| app/src/lib/tools/css-explainer.ts | Adds tool definition for CSS behavior explanation. |
| app/src/lib/tools/color-palette.ts | Adds Tier 2 tool definition for palette extraction. |
| app/src/lib/tools/code-security-scanner.ts | Adds tool definition for security scanner v1 (single prompt). |
| app/src/lib/tools/code-security-scanner-v2.ts | Adds Tier 2 tool definition for agentic security scanner v2. |
| app/src/lib/tools/code-error-debugger.ts | Adds tool definition for error debugging. |
| app/src/lib/tools/caption-generator.ts | Adds tool definition for social captions. |
| app/src/lib/tools/bug-replayer.ts | Adds tool definition for bug reproduction scripts. |
| app/src/lib/tools/architecture-diagram.ts | Adds architecture diagram tool definition + strict JSON system prompt. |
| app/src/lib/tools/api-validator.ts | Adds tool definition for API schema validation. |
| app/src/lib/tools/api-change-analyzer.ts | Adds tool definition for API schema diffing. |
| app/src/lib/oxlo.ts | Adds Oxlo client helpers + raw Flux image generation via fetch. |
| app/src/lib/models.ts | Adds available model catalog + default image model. |
| app/src/lib/icons.tsx | Adds icon name → component mapping for tool icons. |
| app/src/lib/history-db.ts | Adds IndexedDB tool-run history helpers. |
| app/src/lib/create-tool-route.ts | Adds standardized streaming tool route factory + Oxlo error parsing. |
| app/src/lib/auth.ts | Adds client-side auth helpers and per-tool usage counters. |
| app/src/hooks/use-tool-execution.ts | Adds tool execution hook with timeout/abort + history persistence. |
| app/src/components/usage-counter.tsx | Adds sidebar usage/plan widget. |
| app/src/components/tools/sidebar-placeholder.tsx | Adds SSR placeholder for sidebar to reduce layout shift. |
| app/src/components/tool-layout.tsx | Adds reusable tool page layout wrapper. |
| app/src/components/tool-card.tsx | Adds tool cards for the dashboard grid. |
| app/src/components/theme-provider.tsx | Adds client-side theme management. |
| app/src/components/settings-dialog.tsx | Adds client settings modal for API key storage. |
| app/src/components/model-selector.tsx | Adds model selector UI using AVAILABLE_MODELS. |
| app/src/components/mermaid-renderer.tsx | Adds Mermaid renderer + SVG download. |
| app/src/components/history-drawer.tsx | Adds per-tool history drawer + restore flow. |
| app/src/components/code-editor.tsx | Adds textarea-based code editor with copy + metadata. |
| app/src/components/client-only.tsx | Adds client-only wrapper to avoid hydration mismatches. |
| app/src/components/category-section.tsx | Adds category section UI for tool listing. |
| app/src/components/api-key-prompt.tsx | Adds onboarding prompt to set API key. |
| app/src/app/tools/loading.tsx | Adds loading UI for tools routes. |
| app/src/app/tools/layout.tsx | Adds tools layout with sidebar + auth provider. |
| app/src/app/page.tsx | Redirects root route to /tools. |
| app/src/app/oxtools-theme.css | Adds global theme tokens + typography styles. |
| app/src/app/layout.tsx | Adds root layout with fonts, theme provider, metadata. |
| app/public/favicon.svg | Adds favicon asset. |
| app/postcss.config.mjs | Adds PostCSS config for Tailwind. |
| app/pnpm-workspace.yaml | Adds pnpm workspace config (currently unused by CI). |
| app/package.json | Adds app package config and scripts. |
| app/next.config.ts | Adds rewrite for tier2 streaming proxy to Python runner. |
| app/next-env.d.ts | Adds Next TS references (but currently imports a generated .next file). |
| app/Dockerfile | Adds container build for Next.js app (currently pnpm-based). |
| app/docker-compose.yml | Adds compose for running app container standalone. |
| app/biome.json | Adds Biome formatter/linter configuration. |
| app/.env.example | Adds env template for app. |
| .github/workflows/deploy-tier2.yml | Adds (disabled) workflow to build/push python-tools container. |
| .github/workflows/ci-tier1.yml | Adds CI workflow for Next.js app lint/typecheck/build. |
| .github/CODEOWNERS | Adds codeowners for infra/config paths. |
| .env.example | Adds root env template for OXLO/Tavily keys. |
| projects/template-project/README.md (deleted) | Removes old template project scaffolding. |
| projects/template-project/package.json (deleted) | Removes old template project scaffolding. |
| projects/template-project/oxlo-manifest.json (deleted) | Removes old template project scaffolding. |
| projects/template-project/Dockerfile (deleted) | Removes old template project scaffolding. |
| projects/template-project/docker-compose.yml (deleted) | Removes old template project scaffolding. |
| projects/template-project/.env.example (deleted) | Removes old template project scaffolding. |
| projects/screenshot-to-code/requirements.txt (deleted) | Removes legacy standalone screenshot-to-code project files. |
| projects/screenshot-to-code/oxlo-manifest.json (deleted) | Removes legacy standalone screenshot-to-code project files. |
| projects/screenshot-to-code/Dockerfile (deleted) | Removes legacy standalone screenshot-to-code project files. |
| projects/screenshot-to-code/docker-compose.yml (deleted) | Removes legacy standalone screenshot-to-code project files. |
| projects/screenshot-to-code/.env.example (deleted) | Removes legacy standalone screenshot-to-code project files. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+14
to
+30
| # Enable pnpm via corepack | ||
| RUN corepack enable pnpm | ||
|
|
||
| # --------------------------------------------------------------------------- | ||
| # Dependencies layer (cached unless lock file changes) | ||
| # --------------------------------------------------------------------------- | ||
| FROM base AS deps | ||
| COPY pnpm-lock.yaml package.json ./ | ||
| RUN pnpm install --frozen-lockfile | ||
|
|
||
| # --------------------------------------------------------------------------- | ||
| # Build layer | ||
| # --------------------------------------------------------------------------- | ||
| FROM base AS builder | ||
| COPY --from=deps /app/node_modules ./node_modules | ||
| COPY . . | ||
| RUN pnpm build |
Comment on lines
+20
to
+25
| // Plan limits mapping | ||
| const PLAN_LIMITS: Record<string, number> = { | ||
| free: 500, | ||
| pro: 20, | ||
| premium: 100, | ||
| }; |
Comment on lines
+1
to
+21
| import { Badge } from "@ansospace/ui"; | ||
|
|
||
| import { categories } from "@/lib/tools/registry"; | ||
| import type { ToolCategory, ToolDefinition } from "@/types"; | ||
|
|
||
| import { ToolCard } from "./tool-card"; | ||
|
|
||
| interface CategorySectionProps { | ||
| category: ToolCategory; | ||
| tools: ToolDefinition[]; | ||
| } | ||
|
|
||
| export function CategorySection({ category, tools }: CategorySectionProps) { | ||
| const categoryInfo = categories[category]; | ||
|
|
||
| return ( | ||
| <section className="space-y-5"> | ||
| <div className="flex items-center gap-3"> | ||
| <span className="text-2xl">{categoryInfo.icon}</span> | ||
| <h2 className="text-xl font-semibold tracking-tight text-foreground"> | ||
| {categoryInfo.name} |
Comment on lines
+21
to
+26
| mermaid.initialize({ | ||
| startOnLoad: false, | ||
| theme: "dark", | ||
| securityLevel: "loose", | ||
| flowchart: { useMaxWidth: true, htmlLabels: true, curve: "basis" }, | ||
| }); |
Comment on lines
+28
to
+34
| RUN for dir in tools/*/; do \ | ||
| req="${dir}requirements.txt"; \ | ||
| if [ -f "$req" ]; then \ | ||
| echo "Installing deps for $(basename $dir)..."; \ | ||
| pip install --no-cache-dir -r "$req" || true; \ | ||
| fi; \ | ||
| done |
Comment on lines
+91
to
+112
| files = [] | ||
| try: | ||
| zip_bytes = base64.b64decode(base64_data) | ||
| with zipfile.ZipFile(io.BytesIO(zip_bytes), "r") as zf: | ||
| for info in zf.infolist(): | ||
| # Skip directories, hidden files, __pycache__, node_modules | ||
| if info.is_dir(): | ||
| continue | ||
| basename = os.path.basename(info.filename) | ||
| if basename.startswith(".") or "__pycache__" in info.filename: | ||
| continue | ||
| if "node_modules" in info.filename or ".git/" in info.filename: | ||
| continue | ||
| if info.file_size > MAX_SINGLE_FILE_BYTES: | ||
| logger.warning(f"[ZIP] Skipping {info.filename}: too large ({info.file_size} bytes)") | ||
| continue | ||
| if len(files) >= MAX_FILES: | ||
| logger.warning(f"[ZIP] Max file limit ({MAX_FILES}) reached, stopping extraction") | ||
| break | ||
|
|
||
| try: | ||
| content = zf.read(info.filename).decode("utf-8", errors="replace") |
Comment on lines
+65
to
+67
| # Hardcoded AWS credentials in task file | ||
| AWS_ACCESS_KEY = "AKIAI44QH8DHBEXAMPLE" # CWE-798 | ||
| AWS_SECRET_KEY = "je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY" # CWE-798 |
Comment on lines
+42
to
+44
| # AWS credentials (hardcoded) | ||
| AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE" # CWE-798 | ||
| AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" # CWE-798 |
Comment on lines
+1
to
+11
| export const AVAILABLE_MODELS = [ | ||
| { id: "llama-3.3-70b", name: "Llama 3.3 70B", tier: "Premium", category: "general" }, | ||
| { id: "deepseek-r1-0528", name: "DeepSeek R1", tier: "Premium", category: "reasoning" }, | ||
| { id: "kimi-k2.5", name: "Kimi K2.5", tier: "Premium", category: "general" }, | ||
| { id: "qwen-3-32b", name: "Qwen 3 32B", tier: "Premium", category: "general" }, | ||
| { id: "deepseek-coder-33b", name: "DeepSeek Coder 33B", tier: "Pro", category: "coding" }, | ||
| { id: "deepseek-r1-70b", name: "DeepSeek R1 70B", tier: "Pro", category: "reasoning" }, | ||
| { id: "deepseek-v3.2", name: "DeepSeek V3.2", tier: "Free", category: "general" }, | ||
| { id: "llama-3.2-3b", name: "Llama 3.2 3B", tier: "Free", category: "general" }, | ||
| { id: "mistral-7b", name: "Mistral 7B", tier: "Free", category: "general" }, | ||
| ] as const; |
Comment on lines
+72
to
+75
| // --------------------------------------------------------------------------- | ||
| // Tool Registry - the single source of truth | ||
| // ALL 24 tools are ACTIVE - zero stubs remaining. | ||
| // --------------------------------------------------------------------------- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds AI-powered architecture diagram generator using Flux.1 Schnell image generation via Oxlo API. Single textarea input, enterprise architecture prompt, raw fetch bypassing OpenAI SDK for Flux compatibility.