NTP: ntp image generation & web search by sashalavron · Pull Request #2613 · duckduckgo/content-scope-scripts

sashalavron · 2026-04-07T15:06:20Z

Asana Task/Github Issue:

Description

Introduced a Tools dropdown menu in the omnibar toolbar with toggleable "Create Image" and "Web Search" tools, each showing an active chip when selected
Image generation mode changes the input placeholder, hides the model selector, suppresses recent chats, and sends a mode: 'image-generation' payload on submit
Web search mode sends a toolChoice: ['WebSearch’] in the submit payload
Image attachment is now allowed when image generation is active (regardless of model support), using a paperclip icon instead of the previous image icon
Added full keyboard navigation to both the Tools menu and the existing Model dropdown
Extracted shared dropdown positioning and open/close logic into a reusable useDropdown hook, simplifying both the model selector and tools menu
Lifted selected-model resolution into a shared useSelectedModel hook so both the toolbar and submit handler use the same source of truth
Added new config flags enableImageGeneration and enableWebSearch to control tool availability

Screenshots:

New tools menu:

Active chip state:

Testing Steps

Mocked NTP - http://localhost:3210/new-tab?omnibar.mode=ai&omnibar.enableAi=true&omnibar.enableAiChatTools=true&omnibar.enableImageGeneration=true&omnibar.enableWebSearch=true
Browser

Open NTP
Click Tools button — dropdown shows "Create Image" and "Web Search"
Select Create Image — chip appears, placeholder changes, model selector hides, paperclip attach button visible, recent chats hidden
Select Web Search — chip appears, model selector stays visible
Click active chip — tool deactivates, UI returns to default state

Checklist

Please tick all that apply:

I have tested this change locally
I have tested this change locally in all supported browsers
This change will be visible to users
I have added automated tests that cover this change
I have ensured the change is gated by config
This change was covered by a ship review
This change was covered by a tech design
Any dependent config has been merged

Note

Medium Risk
Changes AI chat submission payload semantics and toolbar state (new mode/toolChoice, model selection/attachments behavior), which could affect backend expectations and UX flows, but is gated by config flags and covered by integration/screenshot tests.

Overview
Adds a Tools dropdown to the NTP AI omnibar, with toggleable Create Image and Web Search modes that display an active chip and adjust the chat UI (image-generation updates placeholders, hides model selector, suppresses recent chats).

Updates AI chat submission construction to optionally include mode: "image-generation", toolChoice: ["WebSearch"], conditional modelId, and images; also allows image attachments during image-generation regardless of model support and swaps the attachment icon to PaperclipIcon.

Refactors dropdown behavior into a shared useDropdown hook, centralizes model resolution via useSelectedModel, improves keyboard navigation/accessibility for both the tools menu and model picker, and extends config/schema/docs/types/tests for enableImageGeneration and enableWebSearch.

^{Reviewed by Cursor Bugbot for commit 7cc9695. Bugbot is set up for automated code reviews on this repo. Configure here.}

github-actions · 2026-04-07T15:07:41Z

[Beta] Generated file diff

Time updated: Wed, 15 Apr 2026 11:58:23 GMT

Apple

    - apple/pages/new-tab/dist/index.css

apple/pages/new-tab/dist/index.js
apple/pages/new-tab/locales/en/new-tab.json

File has changed

Integration

    - integration/pages/new-tab/dist/index.css

integration/pages/new-tab/dist/index.js
integration/pages/new-tab/locales/en/new-tab.json

File has changed

Windows

    - windows/pages/new-tab/dist/index.css

windows/pages/new-tab/dist/index.js
windows/pages/new-tab/locales/en/new-tab.json

File has changed

github-actions · 2026-04-07T15:16:58Z

⚠️ Cursor review was not successful.

This PR requires a manual review and approval from a member of one of the following teams:

@duckduckgo/content-scope-scripts-owners
@duckduckgo/apple-devs
@duckduckgo/android-devs
@duckduckgo/team-windows-development
@duckduckgo/extension-owners
@duckduckgo/config-aor
@duckduckgo/breakage-aor
@duckduckgo/breakage

github-actions · 2026-04-07T20:57:58Z

Build Branch


Branch	`pr-releases/alavrenchuk/ntp-image-generation`
Commit	`db94a237e7`
Updated	April 15, 2026 at 11:57:49 AM UTC

Static preview entry points

Docs: docs/index.html
Static pages: build/integration/pages/index.html
Integration pages: injected/integration-test/test-pages/index.html

QR codes (mobile preview)

Entry point	QR code
Docs
Static pages
Integration pages

Integration commands

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#pr-releases/alavrenchuk/ntp-image-generation

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", branch: "pr-releases/alavrenchuk/ntp-image-generation")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/alavrenchuk/ntp-image-generation
git -C submodules/content-scope-scripts checkout origin/pr-releases/alavrenchuk/ntp-image-generation

Pin to exact commit

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#db94a237e7f78936c1d583cddf3f6ee706bffcc7

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", revision: "db94a237e7f78936c1d583cddf3f6ee706bffcc7")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/alavrenchuk/ntp-image-generation
git -C submodules/content-scope-scripts checkout db94a237e7f78936c1d583cddf3f6ee706bffcc7

cursor

Stale comment

Web Compatibility Assessment

special-pages/pages/new-tab/app/omnibar/components/chat-tools/useDropdown.js (1040-1044) — warning: click-outside logic treats any click inside the trigger button’s parent container as “inside” (buttonRef.current?.parentElement?.contains(target)). After reusing this hook for ToolsMenu, that parent also contains the active tool chip, so chip interactions can leave the dropdown open in an inconsistent state (menu remains visible when users expect it to close). This is a UI behavior regression risk from generalized dropdown containment logic.

Security Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (170-195, 231-242) — warning: image attachment submission is now gated by canAttachImages = selectedModelSupportsImages || imageGenerationMode, which allows images payloads whenever image generation mode is active, independent of enableAiChatTools. This expands the privileged omnibar_submitChat payload surface compared with prior behavior and weakens config isolation between model-tools rollout and image payload rollout.

special-pages/pages/new-tab/messages/omnibar_submitChat.notify.json (21-45) — info: mode is schema-enumerated (chat / image-generation) and payload composition remains explicit (chat, target, optional modelId/images), with no nativeData forwarding pattern introduced.

Risk Level

Medium Risk — no injected-wrapper or bridge-origin changes, but this PR introduces new chat submission modes/payload shaping plus shared dropdown behavior changes that can cause user-visible regressions and broaden config-gated message paths.

Recommendations

Tighten dropdown outside-click detection in useDropdown to button-only containment (buttonRef.current?.contains(target)) and add an explicit allowlist only where required.

Decide and enforce intended gating for image attachments: if attachments should require enableAiChatTools, include that flag in canAttachImages / submit-path checks; if current behavior is intentional, codify it with an explicit integration test for enableImageGeneration=true + enableAiChatTools=false.

Add a regression test that opens Tools menu, clicks the active chip, and verifies dropdown close state (aria-expanded=false, menu hidden).

_{Sent by Cursor Automation: Web compat and sec}

cursor

Stale comment

Web Compatibility Assessment

special-pages/pages/new-tab/app/omnibar/components/chat-tools/tools-menu/ToolsMenu.js (109-123) — warning: Menu options are interactive via onClick on <li role="menuitemcheckbox"> but are not keyboard-focusable and have no keyboard handlers (Enter/Space/arrow navigation). In embedded browser contexts this is a compatibility regression for keyboard-only users and AT flows, and it diverges from expected role="menu" interaction contracts.

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (198-213) — info: Submit payload construction remains explicit and type-shaped (chat, target, optional mode/modelId/toolChoice/images), with no API shimming/prototype overrides involved. I did not find web-API fidelity risks (toString/descriptors/prototype chain) in this PR.

Security Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (205-213) — info: Outgoing omnibar_submitChat params are built from an explicit allowlist (no spread of page-derived objects), which helps prevent accidental reserved-field leakage such as nativeData.

special-pages/pages/new-tab/messages/omnibar_submitChat.notify.json (21-53) — info: New mode and toolChoice fields are schema-defined and constrained (enum values), reducing malformed payload surface.

No direct transport/origin/message-secret regressions were found in this diff.

Risk Level

Medium Risk — This PR introduces new privileged message payload fields and new UI state paths (tool toggles + image-generation mode), but does not modify injected wrappers, captured globals, DDGProxy, or bridge/origin validation logic.

Recommendations

Make ToolsMenu keyboard-complete: use focusable menu items (<button> inside <li> or tabindex="0"), add onKeyDown handling (Enter/Space toggle, Escape close, optional arrow-key roving focus), and add integration tests for keyboard activation.

Extend payload-shape tests to cover new schema keys under enabled flags (mode, toolChoice) and explicitly assert no extra keys (including absence of nativeData).

Add a negative test that when enableImageGeneration/enableWebSearch are off, submitting chat cannot include mode/toolChoice even after UI interactions.

_{Sent by Cursor Automation: Web compat and sec}

cursor

Stale comment

Web Compatibility Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (approximately lines 171-220) — warning: activeTool is local state and is not reconciled when remote config flags change (enableImageGeneration / enableWebSearch). If config disables a tool mid-session, availableTools can drop to empty (UI hides), but submit logic still uses stale activeTool and sends mode: "image-generation" or toolChoice: ["WebSearch"]. This creates stale-config behavior and can cause unexpected backend rejection or mismatched UI/submit semantics.

Security Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (approximately lines 177-213) — error: config-gated behavior can continue after remote disable because submit payload derives from activeTool state rather than currently enabled config/tool list. This weakens the rollback/kill-switch guarantee for newly introduced tool capabilities (mode and toolChoice), which should stop immediately when config is turned off.

Risk Level

High Risk — new tool capability is correctly behind flags at initial render, but current logic allows stale enabled state to persist through config updates, undermining dynamic rollback safety.

Recommendations

Clear or validate activeTool whenever available tool flags change (e.g., useEffect that sets activeTool to null if it is no longer in availableTools).

Add a final submit-time guard that only includes mode/toolChoice when the corresponding flag is currently enabled.

Add an integration test covering config subscription updates: enable tool, activate it, push config update disabling it, assert next omnibar_submitChat payload omits disabled fields.

_{Sent by Cursor Automation: Web compat and sec}

cursor

Stale comment

Web Compatibility Assessment

warning — special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (approx 177-213, 220-250): activeTool drives submit payload (mode / toolChoice) but is not reconciled against updated config flags. availableTools only gates rendering of ToolsMenu; if config flips enableImageGeneration/enableWebSearch to false after a tool is already selected, stale tool state can still affect submissions. This weakens remote rollback behavior and can cause backend/UI contract mismatch.

Security Assessment

warning — special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (approx 198-213): config trust boundary is partially bypassed at submit time. Feature flags are treated as UI visibility controls, but payload fields can still be emitted from stale local state (mode: "image-generation", toolChoice: ["WebSearch"]) after server-side disable. For security-sensitive rollbacks, payload construction should be hard-gated by current config.

Risk Level

Medium Risk — no injected-wrapper/prototype/messaging transport changes, but there is a real config-gating gap that can undermine remote disable semantics for newly added tools.

Recommendations

In AiChatContent, clear invalid tool state whenever availableTools changes (e.g., useEffect to setActiveTool(null) when current activeTool is no longer allowed).

Add submit-time hard gates: only include mode/toolChoice when corresponding current config flags are true.

Add an integration test that activates a tool, then simulates config update disabling that tool, and verifies outgoing omnibar_submitChat omits tool-specific fields.

_{Sent by Cursor Automation: Web compat and sec}

cursor

Stale comment

Web Compatibility Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (AiChatContent, approx. 171-216, 224-257) - severity: warning
activeTool is local state and is not reconciled when remote config flags change. If enableImageGeneration or enableWebSearch is switched off while a tool is active, UI state can remain in the now-disabled mode (e.g., image-generation placeholder/chip/model-selector suppression) until submit/reload. This can produce stale UI behavior during live config rollbacks.

Security Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (handleSubmit, approx. 202-216) - severity: error
mode / toolChoice are derived only from activeTool, not from current config flags. After a remote disable, a previously selected tool can still be submitted (mode: "image-generation" or toolChoice: ["WebSearch"]) until local state is reset. This weakens config kill-switch guarantees under the Configuration Trust / Config-gated features threat model.

Risk Level

Medium Risk - The PR introduces new submit-path controls and config-gated behavior; most changes are UI-focused, but the stale tool-state path can bypass intended runtime disable semantics.

Recommendations

Gate effective tool state by current config at render and submit time (e.g., effectiveImageGenerationActive = activeTool === 'image-generation' && state.config?.enableImageGeneration === true, same for web search).

Add a reconciliation effect that clears activeTool when its corresponding config flag is turned off.

Add an integration test covering config update after tool selection (disable flag via config subscription, then verify submit payload omits disabled mode/toolChoice).

_{Sent by Cursor Automation: Web compat and sec}

cursor

Stale comment

Web Compatibility Assessment

No findings.

I did not identify browser API shimming/wrapper changes, prototype tampering, or cross-frame behavior changes in this PR.

The changes are scoped to special-pages/pages/new-tab UI logic, schema updates, and integration/screenshot tests.

Keyboard navigation additions for dropdowns (ModelDropdown, ToolsMenu) are covered by new integration tests and preserve expected submit payload behavior.

Security Assessment

No findings.

No changes to injected feature wrappers, captured-globals, message-bridge secret/origin checks, or postMessage trust boundaries.

New omnibar_submitChat fields (mode, toolChoice) are explicitly schema-constrained, and constructed from fixed internal values in UI state ("image-generation", "WebSearch"), not raw page input.

No new dynamic code execution, external network fetches, or unsafe forwarding of arbitrary objects into native messaging were introduced.

Risk Level

Medium Risk — this PR adds new omnibar behavior and new submit payload fields (mode, toolChoice) in a privileged special page path; although I found no concrete regressions/vulns, behavior and contract surface area increased.

Recommendations

Add a focused integration assertion that when enableWebSearch/enableImageGeneration are disabled via config update at runtime, active tool state is cleared before submit (defensive against stale UI state during config churn).

Add a contract test at the messaging boundary to assert unknown toolChoice/mode values are rejected (or dropped) end-to-end, not only type-constrained in TS/schema generation.

Add one UI regression test for dropdown positioning/closing under viewport resize + scroll while open to reduce platform-specific WebView behavior drift.

_{Sent by Cursor Automation: Web compat and sec}

cursor

Stale comment

Web Compatibility Assessment

No compatibility regressions identified in the changed lines.

Verified AiChatContent state transitions for tool toggles and submit payload assembly (special-pages/pages/new-tab/app/omnibar/components/Omnibar.js).

Verified dropdown behavior refactor preserves close-on-outside-click and keyboard interaction semantics for both model selector and tools menu (special-pages/pages/new-tab/app/omnibar/components/chat-tools/useDropdown.js, special-pages/pages/new-tab/app/omnibar/components/chat-tools/model-selector/ModelDropdown.js, special-pages/pages/new-tab/app/omnibar/components/chat-tools/tools-menu/ToolsMenu.js).

Verified new config flags are feature-gated and default false in schema (special-pages/pages/new-tab/messages/types/omnibar-config.json).

Security Assessment

No exploitable security vulnerabilities identified in the changed lines.

No new dynamic code execution (eval/Function) or cross-origin messaging primitives were introduced.

omnibar_submitChat payload construction remains explicit and does not spread untrusted objects, so there is no observed nativeData forwarding pattern (special-pages/pages/new-tab/app/omnibar/components/Omnibar.js).

New message schema fields (mode, toolChoice) are constrained by enums (special-pages/pages/new-tab/messages/omnibar_submitChat.notify.json).

Risk Level

Medium Risk — this PR changes chat submission contract and toolbar interaction state (tools/model/image attachment paths), but does not touch injected API shims, wrapper utilities, or bridge/origin validation logic.

Recommendations

Add schema-level exclusivity for SubmitChatAction so invalid combinations are rejected early (e.g., mode: "image-generation" with incompatible toolChoice) using oneOf in omnibar_submitChat.notify.json.

Add one integration test covering tool switching with attachments (image generation -> web search -> submit) and assert exact submitted keys to prevent future payload drift.

Consider adding additionalProperties: false at the top level of omnibar_submitChat.notify.json to harden message-boundary contracts.

_{Sent by Cursor Automation: Web compat and sec}

cursor

Stale comment

Web Compatibility Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (lines 203-216) — warning
The submit payload builder can send images and toolChoice: ['WebSearch'] together when the selected model supports image upload. If backend handling expects these to be mutually exclusive (or only supports images for image-generation/chat), this can create request-shape regressions that are hard to rollback quickly.

special-pages/pages/new-tab/app/omnibar/components/chat-tools/tools-menu/ToolsMenu.module.css (lines 206-217) — info
text-box-edge / text-box-trim are still non-standard across embedded WebView engines. Unsupported engines ignore them, but this can cause text vertical alignment drift/clipping differences between platforms.

Security Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (lines 203-216), special-pages/pages/new-tab/messages/omnibar_submitChat.notify.json (lines 21-53) — warning
SubmitChatAction currently allows combined mode, toolChoice, and images without conditional validation. From a threat-model perspective, that broad payload surface increases the chance of forwarding richer user data than intended when tools (like web search) are enabled. Even if backend currently rejects unsafe combinations, client-side constraints should fail closed.

Risk Level

Medium Risk — this PR introduces new tooling modes and expands chat submission schema/payload semantics; no injected API shims or message-bridge security primitives were changed, but request-shape expansion can still produce compatibility/privacy regressions.

Recommendations

Add a fail-closed guard in AiChatContent.handleSubmit to enforce allowed combinations explicitly (e.g., block toolChoice + images unless that contract is intentionally supported).

Encode the same rule in omnibar_submitChat.notify.json using conditional schema constraints (if/then), so transport validation matches UI intent.

Add an integration test for web-search + image attachment that asserts the expected behavior (either attachment stripped/rejected, or explicitly allowed and validated).

Add CSS fallback for label alignment that does not rely on text-box-* properties, or gate those declarations behind platform checks if exact rendering is required.

_{Sent by Cursor Automation: Web compat and sec}

cursor

Stale comment

Web Compatibility Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (AiChatContent, around 160-221) + special-pages/pages/new-tab/app/omnibar/components/useSelectedModel.js (6-17) — warning

handleSubmit() now derives modelId from selectedModel read from state.config.selectedModelId via useSelectedModel(), whereas the previous implementation used a local ref updated immediately on model selection. setSelectedModelId() is dispatched through native messaging and config subscription, so a fast “select model -> submit” interaction can send the previous/default model.

This is a behavior regression risk for real users (wrong model on first submit), and current tests cover selector UI state but not immediate post-selection submit payload consistency.

Security Assessment

No direct security vulnerabilities identified in changed lines.

mode/toolChoice additions are enum-constrained in special-pages/pages/new-tab/messages/omnibar_submitChat.notify.json, and tool activation is config-gated in Omnibar.js, which keeps payload shape bounded.

Risk Level

Medium Risk — this PR is scoped to special-pages/new-tab (not injected wrapper internals), but it changes chat submission payload composition and introduces an async model-selection data flow that can cause incorrect runtime behavior.

Recommendations

Restore synchronous model selection source-of-truth for submit payload (e.g., keep a local selectedModelId ref/state in AiChatContent, updated from selector callback) instead of depending solely on async config propagation.

Add an integration test: select a different model and immediately submit chat; assert omnibar_submitChat carries the newly selected modelId.

Add a regression test for tool+model interactions (e.g., toggle web search, change model, submit immediately) to ensure toolChoice and modelId stay coherent under rapid input.

_{Sent by Cursor Automation: Web compat and sec}

moon0326 · 2026-04-10T19:27:11Z

Thank you for working on this @sashalavron 👍

I left a few minor comments. Otherwise, everything looks good to me.

cursor

Stale comment

Web Compatibility Assessment

No web-compat regressions found in the changed lines. The PR is scoped to special-pages/pages/new-tab UI/state/message-shape updates and does not modify injected script wrappers, prototype shims, or page-world API overrides.

Security Assessment

No direct security vulnerabilities found in the changed lines.

No new postMessage usage, bridge/origin validation changes, or captured-global-sensitive injected runtime paths were introduced.

omnibar_submitChat payload construction in special-pages/pages/new-tab/app/omnibar/components/Omnibar.js is allowlist-style (explicit fields only), which avoids accidental forwarding of reserved fields like nativeData.

Risk Level

Medium Risk — this introduces new behavior and payload fields (mode, toolChoice) in privileged new-tab messaging paths, but does not alter core injected runtime security primitives (wrapper-utils, captured-globals, DDGProxy, message-bridge internals).

Recommendations

Add one integration assertion that submits after tool toggling sequences and verifies no stale optional fields leak (e.g., mode/toolChoice absent when inactive).

Extend the existing schema-field allowlist test in special-pages/pages/new-tab/app/omnibar/integration-tests/omnibar.spec.js to explicitly cover the new optional keys (mode, toolChoice) in active-tool cases.

Add a negative-path integration test that verifies image attachments are not included when image-related capability is inactive, even after prior image-generation interactions.

_{Sent by Cursor Automation: Web compat and sec}

cursor

Stale comment

Web Compatibility Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (174-195, 208-223) — warning: activeTool is stateful and used to drive submit payload/UX, but it is not reconciled against the current config-derived availableTools. If remote config disables enableImageGeneration/enableWebSearch while the tab is open, stale activeTool can still affect behavior (e.g., mode/tool payload and hidden recent-chats/model-selector state), creating a runtime mismatch with current feature flags.

Security Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (174-195, 208-223) — error: submit-time gating relies on stale local activeTool rather than current config booleans. This weakens the rollback/kill-switch model for config-gated capabilities: a tool activated before disable can continue emitting mode: 'image-generation' or toolChoice: ['WebSearch'] after config is turned off for that page instance.

Risk Level

Medium Risk — the PR introduces new privileged submit fields (mode, toolChoice) and new config-gated behavior; current tool-state reconciliation leaves a rollback gap in long-lived tabs.

Recommendations

In AiChatContent, derive an effectiveActiveTool from availableTools (e.g., availableTools.includes(activeTool) ? activeTool : null) and use that value for all UI/submit logic.

Add an effect that clears stale tool state when config flags change (setActiveTool(null) when active tool is no longer available).

Add an integration test that enables a tool, then flips its config flag off at runtime, and asserts omnibar_submitChat no longer includes mode/toolChoice from the disabled tool.

_{Sent by Cursor Automation: Web compat and sec}

- Introduced new tests for image generation functionality, including scenarios for generating images, opening the tools menu, and activating image generation. - Added corresponding screenshot snapshots for each test case to ensure visual consistency across different themes (light and dark). - Enhanced the existing test suite for the new tab page to improve coverage of the omnibar's AI capabilities. These changes enhance the testing framework for the omnibar, ensuring robust validation of image generation features and improving overall test reliability.

- Deleted the CreateImageTool component and its CSS module, streamlining the codebase by removing unused features. - Updated the omnibar mock transport configuration to maintain consistency after the removal of image generation capabilities. These changes simplify the omnibar's functionality and improve overall maintainability.

- Introduced a new "Web Search" tool in the omnibar, allowing users to perform web searches directly from the AI chat interface. - Updated the ToolsMenu component to include the new web search option, complete with labels and descriptions. - Enhanced the AiChatContent component to manage the active tool state, integrating web search functionality into the chat submission process. - Added integration tests to validate the web search feature, ensuring proper UI behavior and functionality. - Updated relevant TypeScript types and configuration to support the new web search capabilities. These changes improve the omnibar's functionality, providing users with additional tools for enhanced interaction and information retrieval.

- Updated the PaperclipIcon component to replace the previous SVG path with a new design, enhancing visual clarity. - Modified CSS styles for tool buttons in the ImageAttachment and ToolsMenu components, changing background properties to improve UI consistency and user interaction. - Adjusted border-radius and padding for buttons to create a more cohesive look across the omnibar. These changes enhance the overall user experience by providing a more polished and consistent interface in the AI chat environment.

- Adjusted the CSS for the checkmark in the ToolsMenu component, modifying its dimensions and positioning for better visual alignment. - Reduced the font size of the checkmark icon and refined its placement to enhance the overall appearance and consistency within the UI. These changes contribute to a more polished and user-friendly interface in the omnibar.

- Eliminated the dark theme background property from the ModelSelector component's CSS, simplifying the styling and ensuring consistency across themes. - This change contributes to a more uniform appearance in the omnibar, enhancing the overall user experience.

- Added properties for text-box-edge and text-box-trim in the ToolsMenu component's CSS to improve text overflow handling. - These changes ensure better visual presentation of menu items, enhancing the overall user experience in the omnibar.

- Modified the CSS for the selected menu item in the ToolsMenu component, changing the background color to accent primary and text color to white for better visibility. - Adjusted the description text color to a semi-transparent white, improving readability and visual hierarchy within the menu. These changes enhance the user experience by providing clearer feedback on selected items in the omnibar.

- Added focus-visible styles to menu items in the ToolsMenu component, improving accessibility and user feedback during keyboard navigation. - Updated the background and border properties for menu items to ensure a consistent appearance and better interaction experience. - Adjusted checkmark visibility on focus to enhance clarity for selected items. These changes contribute to a more user-friendly and accessible interface in the omnibar.

- Added keyboard navigation support to the ModelDropdown and ToolsMenu components, allowing users to navigate options using arrow keys and select items with Enter. - Implemented focus management for dropdowns to improve accessibility and user experience during interactions. - Updated CSS styles for active and selected menu items to provide clearer visual feedback during navigation. These changes enhance the overall usability of the omnibar, making it more accessible and user-friendly for keyboard users.

…CSS Updates - Introduced a clearActiveIndex function in both ModelDropdown and ToolsMenu components to reset the active index on mouse leave, improving user interaction. - Updated CSS styles for active and selected menu items in both components, changing text colors to enhance visibility and consistency across the interface. - These changes contribute to a more intuitive and user-friendly experience in the omnibar, particularly for keyboard and mouse navigation.

…election handling - Updated the condition for selecting items in both ModelDropdown and ToolsMenu components to ensure the active index is within the bounds of the available models and tools. - This change enhances the robustness of keyboard navigation and selection, preventing potential errors when the active index exceeds the available options.

- Modified the AI chat input field placeholder to "Ask anything privately" for clarity. - Changed the Web Search tool description to "Source answers from the web" to better reflect its functionality. - Added a new placeholder for image generation mode when an image is attached, enhancing user experience during image-related queries.

- Changed the background color of active tool chips to a more subtle rgba value for improved visibility. - Updated hover and active states for menu items to provide clearer feedback in both light and dark themes. - These changes enhance user interaction and visual consistency within the ToolsMenu component.

…shot assets - Changed the chat input field placeholder from "Ask privately" to "Ask anything privately" to enhance user understanding. - Updated multiple screenshot assets for the omnibar to reflect recent design changes and ensure consistency across light and dark themes.

…eration - Added a new method `imageGenerationWithAttachmentInput` to the OmnibarPage class for better handling of image-related queries. - Updated the integration test to utilize the new input method, improving clarity and functionality during image generation tests.

…ility - Increased the font size of the checkmark in the ToolsMenu component from 11px to 13px to enhance visibility and user feedback. - This change contributes to a clearer interface, ensuring users can easily identify selected items in the menu.

- Changed the font weight of labels in the ToolsMenu component from 500 to 400 for a more consistent and readable appearance. - This adjustment enhances the overall visual clarity of the menu items, contributing to a better user experience.

- Replaced existing screenshot assets for various omnibar states, including active, rest, and tools menu open scenarios, to reflect recent design updates. - Ensured consistency across dark and light themes for improved visual accuracy in integration tests.

…ion and web search features - Deleted the QA_SPEC.md, TASK_SPEC.md, and TECH_DESIGN.md files as they are no longer needed following recent updates to the omnibar functionality. - This cleanup helps streamline the project documentation and reduces redundancy in feature specifications.

- Removed hover styles for menu items in both ModelSelector and ToolsMenu components to simplify interaction feedback. - This cleanup enhances the visual consistency and reduces unnecessary complexity in the CSS, contributing to a more streamlined user experience.

cursor

Stale comment

Web Compatibility Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (canAttachImages + toolbarLeft usage): warning
ImageUploadButton is now shown whenever imageGenerationActive is true, independent of state.config?.enableAiChatTools. That diverges from the existing config contract (enableAiChatTools is documented as the feature flag for model selector + image attachments). This can cause rollout inconsistency where image attachments appear in configurations that intended AI chat tools to remain off.

special-pages/pages/new-tab/messages/omnibar_submitChat.notify.json and special-pages/pages/new-tab/types/new-tab.ts: info
Added mode and toolChoice are optional and enum-constrained, so existing callers remain backward-compatible at the message contract level.

Security Assessment

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (canAttachImages derivation and submit assembly): warning
Configuration-trust risk: attachment capability can be activated via enableImageGeneration without requiring the prior enableAiChatTools gate, reducing rollback granularity of the original kill switch for attachments.

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js (handleSubmit action creation): info
Outbound payload is assembled from an explicit object literal (no spread of untrusted objects), so this change does not introduce a nativeData leakage path.

Risk Level

Medium Risk — this PR is mostly UI/schema work, but it introduces new submission controls and payload fields, and currently weakens the existing feature-flag boundary for image attachments.

Recommendations

Gate image attachments behind enableAiChatTools as well (or introduce an explicit enableImageAttachments flag) so rollout/rollback controls stay precise.

Add an integration test for enableImageGeneration=true + enableAiChatTools=false asserting attachment UI is hidden and submission omits images.

Alternative if decoupling is intentional: update omnibar-config docs/descriptions to reflect the new gate model and add a test locking that behavior.

_{Sent by Cursor Automation: Web compat and sec}

- Introduced detailed parameters for the omnibar's AI chat functionality, including options for enabling AI, customizing settings, and managing chat tools. - Updated the omnibar widget documentation to reflect new fields and example payloads for various chat modes, enhancing clarity for developers. - This addition improves the overall documentation for the omnibar, facilitating better understanding and implementation of AI chat features.

cursor

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 7cc9695. Configure here.}

cursor

Web Compatibility Assessment

No compatibility regressions found in the changed runtime paths.

special-pages/pages/new-tab/app/omnibar/components/Omnibar.js + special-pages/pages/new-tab/app/omnibar/components/chat-tools/*: info — changes are UI/state flow and payload shaping in Special Pages (not injected page-world API overrides), so there is no new wrapper/prototype/API-surface risk from the hostile-page model.

Security Assessment

special-pages/pages/new-tab/messages/omnibar_submitChat.notify.json (top-level schema object, lines 4-55) — warning
- The schema does not set "additionalProperties": false at the top level. This leaves the privileged message boundary permissive for unexpected keys (including future accidental passthroughs like nativeData), weakening message contract hardening.
special-pages/pages/new-tab/messages/omnibar_submitChat.notify.json (toolChoice, lines 26-33) — warning
- toolChoice is declared as an unrestricted array with enum-constrained items, but without cardinality controls (maxItems, uniqueItems). Current code only sends one tool, but schema-level enforcement should match that contract to prevent oversized/duplicate payloads at the boundary.

Risk Level

Medium Risk — this PR does not touch injected wrapper utilities/captured globals/message-bridge, but it does expand a privileged Special Pages messaging surface (omnibar_submitChat) with new optional fields and currently permissive schema constraints.

Recommendations

Add "additionalProperties": false to the top-level omnibar_submitChat schema object.
Constrain toolChoice with "maxItems": 1 and "uniqueItems": true (or model it as a single enum string if only one tool can ever be active).
Add a schema validation test that rejects unknown top-level keys for omnibar_submitChat and rejects oversized/duplicate toolChoice arrays.
Optional hardening alternative: enforce an explicit outbound payload sanitizer before notify('omnibar_submitChat', params) so only allowlisted keys are forwarded, even if schema constraints regress later.

_{Sent by Cursor Automation: Web compat and sec}

github-actions bot added the semver-patch Bug fix / internal — no release needed label Apr 7, 2026

github-actions bot added semver-minor New feature — triggers minor version bump and removed semver-patch Bug fix / internal — no release needed labels Apr 7, 2026

cursor bot reviewed Apr 7, 2026

View reviewed changes

cursor bot reviewed Apr 8, 2026

View reviewed changes

sashalavron force-pushed the alavrenchuk/ntp-image-generation branch from 29a0c4b to dc4896f Compare April 8, 2026 17:38

cursor bot reviewed Apr 8, 2026

View reviewed changes