Add creative-chat endpoint and frontend integration; switch defaults to Dashscope settings

[esclipse]

Motivation

• Provide an AI-assisted creative chat flow that returns HTML snippets suitable for the rich-text editor so generated content can be appended directly to the editor.
• Surface a backend endpoint that centralizes model calls and response sanitization to reduce client-side parsing and improve reliability.
• Allow operators to configure API key, base URL and model from the UI and environment variables and default to a Dashscope-compatible endpoint for out-of-the-box use.

Description

• Added app/api/creative-chat/route.ts which creates an OpenAI-compatible client, applies a SYSTEM_PROMPT, sanitizes incoming chat messages, calls the chat completion API, and returns the assistant HTML fragment.
• Wired frontend chat UI in app/translate/page.tsx to support ChatMessage.role, isChatting, chatError, enter-to-send, loading/disabled states, role-labelled chat history, and automatic appending of assistant HTML into the editor.
• Passed user-provided settings (apiKey, baseURL, model) from the settings modal to the new endpoint and updated client-side error handling for network/response failures.
• Switched server defaults in route.ts to read OPENAI_API_KEY, OPENAI_BASE_URL, and OPENAI_MODEL from the environment and fall back to the Dashscope-compatible values (https://dashscope.aliyuncs.com/compatible-mode/v1 and qwen3-plus).

Testing

• Started the dev server with npm run dev and confirmed the /translate page served correctly (previous run).
• Executed an automated Playwright script that navigated to /translate, submitted a chat message and captured artifacts/creative-chat.png, with the frontend chat flow and UI updates functioning as expected but the backend external model call failing with ENETUNREACH.
• No additional automated tests were run for the recent defaults update.

---

Codex Task

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
mcp-test	Ready	Preview, Comment	Dec 31, 2025 3:53am

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Remove hard-coded API key default

The server route embeds a literal API key as the fallback for DEFAULT_API_KEY. If this code is shipped or shared, that credential is exposed to anyone with repo or bundle access and can be abused for unauthorized API usage and billing. This should instead require an environment-provided key (and fail fast when missing) or use a non-secret placeholder that never leaves development.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Block user-controlled baseURL from receiving server key

The API allows callers to pass settings.baseURL from the request body while createClient falls back to the server’s default API key when settings.apiKey is omitted. If this endpoint is reachable by untrusted clients, a caller can set baseURL to an attacker-controlled host and receive the Authorization header containing the server key. Consider whitelisting allowed base URLs or requiring an explicit API key whenever a custom base URL is supplied.

Useful? React with 👍 / 👎.