mirror of
https://github.com/screentinker/screentinker.git
synced 2026-06-15 02:33:15 -06:00
0ba36949cf
Competitor pressure (Mandoe 'AI Magic Create'): prompt -> signage. We answer it in a way that's actually BETTER for signage and costs the operator nothing. Key idea: don't generate raw images (AI garbles text - fatal for menus/promos). The LLM returns a STRUCTURED design spec (headline, supporting text, accent shapes, palette) that the existing Designer renders with real fonts - crisp and fully editable. Reuses the whole Designer. BYOK, fully under the customer's control: each workspace configures its own OpenAI-COMPATIBLE endpoint + key - OpenAI cloud OR self-hosted (Ollama / LM Studio / llama.cpp). Operator bears zero AI cost/liability. - server/lib/secretbox.js: AES-256-GCM for the key at rest (never returned). - routes/ai.js: GET/PUT /api/ai/settings (admin; key write-only) + POST /generate-design (editor+). Output is strictly validated/normalized (cap count, clamp ranges, px->%, strip HTML, validate colors) - never trust the model. SSRF guard: hosted instances block private/internal targets; self-hosted (the whole point of local AI) may point at localhost/LAN. - Designer: an 'AI generate' panel (prompt + Generate) + a settings modal. Verified end-to-end against local Ollama (llama3.1:8b): prompt -> editable design on the canvas. Unit tests cover normalization + the SSRF guard. Suite 61/61. Phase 2 (next): AI background images (OpenAI images / AUTOMATIC1111). |
||
|---|---|---|
| .. | ||
| admin-users.test.js | ||
| ai-design.test.js | ||
| branding.test.js | ||
| operator-permissions.test.js | ||
| schema-check.test.js | ||
| security-fixes.test.js | ||
| tenant-cascade-migration.test.js | ||
| user-deletion.test.js | ||
| widget-render-xss.test.js | ||