Potential fix for code scanning alert no. 1: Incomplete URL substring sanitization

[Matiasxth]

Potential fix for https://github.com/Matiasxth/capability-os/security/code-scanning/1

General fix: Instead of checking url.includes("groq.com") and similar substring conditions, parse the URL with the built-in URL class and inspect its hostname. Then compare the hostname (or its suffix) to known domains and hosts in a controlled way. This keeps behavior predictable and removes the possibility of matching tokens in the path, query, fragment, or userinfo sections.

Concrete change in this file:

• Update _detectPreset(url) in ControlCenter.jsx to:
  • Return default "ollama" when url is falsy as before.
  • Safely parse url using new URL(...) inside a try/catch. If parsing fails, fall back to "custom".
  • Extract hostname (e.g., api.groq.com) and match:
    • Groq: host ends with .groq.com or equals groq.com.
    • Ollama: host equals localhost or 127.0.0.1 and port equals "11434" (or, to stay close to existing logic, accept host:port combinations equivalent to the old localhost:11434 / 127.0.0.1:11434 checks).
    • OpenAI: host ends with .openai.com or equals openai.com.
  • Default to "custom" if none match.

This keeps the intended behavior (auto-detect known providers by host) while being robust and avoiding substring-based misclassification. No new imports are required; URL is a standard global in modern browsers and React environments.

Only the _detectPreset function (line 143) needs to be replaced; the rest of the logic using _PRESETS and llmPreset remains unchanged.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.