sarman/tftsr-devops_investigation
1
0
Fork 0
Code Issues 1 Pull Requests Actions 34 Packages Projects 3 Releases 9 Wiki Activity
a40bc2304f
tftsr-devops_investigation/src-tauri/src/db/connection.rs

128 lines
3.7 KiB
Rust
Raw Normal View History

feat: initial implementation of TFTSR IT Triage & RCA application Implements Phases 1-8 of the TFTSR implementation plan. Rust backend (Tauri 2.x, src-tauri/): - Multi-provider AI: OpenAI-compatible, Anthropic, Gemini, Mistral, Ollama - PII detection engine: 11 regex patterns with overlap resolution - SQLCipher AES-256 encrypted database with 10 versioned migrations - 28 Tauri IPC commands for triage, analysis, document, and system ops - Ollama: hardware probe, model recommendations, pull/delete with events - RCA and blameless post-mortem Markdown document generators - PDF export via printpdf - Audit log: SHA-256 hash of every external data send - Integration stubs for Confluence, ServiceNow, Azure DevOps (v0.2) Frontend (React 18 + TypeScript + Vite, src/): - 9 pages: full triage workflow NewIssue→LogUpload→Triage→Resolution→RCA→Postmortem→History+Settings - 7 components: ChatWindow, TriageProgress, PiiDiffViewer, DocEditor, HardwareReport, ModelSelector, UI primitives - 3 Zustand stores: session, settings (persisted), history - Type-safe tauriCommands.ts matching Rust backend types exactly - 8 IT domain system prompts (Linux, Windows, Network, K8s, DB, Virt, HW, Obs) DevOps: - .woodpecker/test.yml: rustfmt, clippy, cargo test, tsc, vitest on every push - .woodpecker/release.yml: linux/amd64 + linux/arm64 builds, Gogs release upload Verified: - cargo check: zero errors - tsc --noEmit: zero errors - vitest run: 13/13 unit tests passing Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-03-15 03:36:25 +00:00
use rusqlite::Connection;
use std::path::Path;
feat(rebrand): rename binary to trcaa and auto-generate DB key - Rename Cargo package from 'tftsr' to 'trcaa' — installed command becomes 'trcaa' instead of 'tftsr' - Update app data directories to ~/.local/share/trcaa (Linux), ~/Library/Application Support/trcaa (macOS), %APPDATA%/trcaa (Windows) - Update bundle identifier to com.trcaa.app - Auto-generate per-installation DB encryption key on first launch and persist to <data_dir>/.dbkey (mode 0600 on Unix) — removes the hard requirement for TFTSR_DB_KEY to be set before the app will start
2026-04-05 22:50:16 +00:00
fn generate_key() -> String {
use rand::RngCore;
let mut bytes = [0u8; 32];
rand::rngs::OsRng.fill_bytes(&mut bytes);
hex::encode(bytes)
}
#[cfg(unix)]
fn write_key_file(path: &Path, key: &str) -> anyhow::Result<()> {
use std::io::Write;
use std::os::unix::fs::OpenOptionsExt;
let mut f = std::fs::OpenOptions::new()
.write(true)
.create(true)
.truncate(true)
.mode(0o600)
.open(path)?;
f.write_all(key.as_bytes())?;
Ok(())
}
#[cfg(not(unix))]
fn write_key_file(path: &Path, key: &str) -> anyhow::Result<()> {
std::fs::write(path, key)?;
Ok(())
}
fn get_db_key(data_dir: &Path) -> anyhow::Result<String> {
fix(security): harden secret handling and audit integrity Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors. Made-with: Cursor
2026-04-05 04:37:05 +00:00
if let Ok(key) = std::env::var("TFTSR_DB_KEY") {
if !key.trim().is_empty() {
return Ok(key);
}
}
if cfg!(debug_assertions) {
return Ok("dev-key-change-in-prod".to_string());
}
feat(rebrand): rename binary to trcaa and auto-generate DB key - Rename Cargo package from 'tftsr' to 'trcaa' — installed command becomes 'trcaa' instead of 'tftsr' - Update app data directories to ~/.local/share/trcaa (Linux), ~/Library/Application Support/trcaa (macOS), %APPDATA%/trcaa (Windows) - Update bundle identifier to com.trcaa.app - Auto-generate per-installation DB encryption key on first launch and persist to <data_dir>/.dbkey (mode 0600 on Unix) — removes the hard requirement for TFTSR_DB_KEY to be set before the app will start
2026-04-05 22:50:16 +00:00
// Release: load or auto-generate a per-installation key stored in the
// app data directory. This lets the app work out of the box without
// requiring users to set an environment variable.
let key_path = data_dir.join(".dbkey");
if key_path.exists() {
let key = std::fs::read_to_string(&key_path)?;
let key = key.trim().to_string();
if !key.is_empty() {
return Ok(key);
}
}
let key = generate_key();
std::fs::create_dir_all(data_dir)?;
write_key_file(&key_path, &key)?;
Ok(key)
fix(security): harden secret handling and audit integrity Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors. Made-with: Cursor
2026-04-05 04:37:05 +00:00
}
feat: initial implementation of TFTSR IT Triage & RCA application Implements Phases 1-8 of the TFTSR implementation plan. Rust backend (Tauri 2.x, src-tauri/): - Multi-provider AI: OpenAI-compatible, Anthropic, Gemini, Mistral, Ollama - PII detection engine: 11 regex patterns with overlap resolution - SQLCipher AES-256 encrypted database with 10 versioned migrations - 28 Tauri IPC commands for triage, analysis, document, and system ops - Ollama: hardware probe, model recommendations, pull/delete with events - RCA and blameless post-mortem Markdown document generators - PDF export via printpdf - Audit log: SHA-256 hash of every external data send - Integration stubs for Confluence, ServiceNow, Azure DevOps (v0.2) Frontend (React 18 + TypeScript + Vite, src/): - 9 pages: full triage workflow NewIssue→LogUpload→Triage→Resolution→RCA→Postmortem→History+Settings - 7 components: ChatWindow, TriageProgress, PiiDiffViewer, DocEditor, HardwareReport, ModelSelector, UI primitives - 3 Zustand stores: session, settings (persisted), history - Type-safe tauriCommands.ts matching Rust backend types exactly - 8 IT domain system prompts (Linux, Windows, Network, K8s, DB, Virt, HW, Obs) DevOps: - .woodpecker/test.yml: rustfmt, clippy, cargo test, tsc, vitest on every push - .woodpecker/release.yml: linux/amd64 + linux/arm64 builds, Gogs release upload Verified: - cargo check: zero errors - tsc --noEmit: zero errors - vitest run: 13/13 unit tests passing Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-03-15 03:36:25 +00:00
pub fn open_encrypted_db(path: &Path, key: &str) -> anyhow::Result<Connection> {
let conn = Connection::open(path)?;
fix: set SQLCipher cipher_page_size BEFORE first database access Previously cipher_page_size was set AFTER the verification SELECT, making it a no-op (SQLCipher locks page size on first access). This caused two bugs: 1. Databases were created with the default page size regardless of the setting, then flushed on close using misaligned 4KB mmap pages on 16KB kernel → corrupted file → SQLITE_NOTADB on reopen. 2. Reopening an existing DB used default (potentially wrong) page size for the initial read → decryption failure. Fix: batch all cipher settings (key, page_size, kdf_iter, algorithms) into a single execute_batch call BEFORE the first SELECT. This ensures: - New databases are created with 16KB pages (aligned to Asahi kernel) - Existing 16KB-page databases are reopened with the correct page size - Close/flush operations use properly aligned mmap → no corruption Note: existing 4KB-page databases (from v0.1.0) remain incompatible and must be deleted once on upgrade. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 02:25:43 +00:00
// ALL cipher settings MUST be set before the first database access.
// cipher_page_size in particular must precede any read/write so it takes
// effect for both creation (new DB) and reopening (existing DB).
// 16384 matches 16KB kernel page size (Asahi Linux / Apple Silicon aarch64).
conn.execute_batch(&format!(
"PRAGMA key = '{}';\
PRAGMA cipher_page_size = 16384;\
PRAGMA kdf_iter = 256000;\
PRAGMA cipher_hmac_algorithm = HMAC_SHA512;\
feat: initial implementation of TFTSR IT Triage & RCA application Implements Phases 1-8 of the TFTSR implementation plan. Rust backend (Tauri 2.x, src-tauri/): - Multi-provider AI: OpenAI-compatible, Anthropic, Gemini, Mistral, Ollama - PII detection engine: 11 regex patterns with overlap resolution - SQLCipher AES-256 encrypted database with 10 versioned migrations - 28 Tauri IPC commands for triage, analysis, document, and system ops - Ollama: hardware probe, model recommendations, pull/delete with events - RCA and blameless post-mortem Markdown document generators - PDF export via printpdf - Audit log: SHA-256 hash of every external data send - Integration stubs for Confluence, ServiceNow, Azure DevOps (v0.2) Frontend (React 18 + TypeScript + Vite, src/): - 9 pages: full triage workflow NewIssue→LogUpload→Triage→Resolution→RCA→Postmortem→History+Settings - 7 components: ChatWindow, TriageProgress, PiiDiffViewer, DocEditor, HardwareReport, ModelSelector, UI primitives - 3 Zustand stores: session, settings (persisted), history - Type-safe tauriCommands.ts matching Rust backend types exactly - 8 IT domain system prompts (Linux, Windows, Network, K8s, DB, Virt, HW, Obs) DevOps: - .woodpecker/test.yml: rustfmt, clippy, cargo test, tsc, vitest on every push - .woodpecker/release.yml: linux/amd64 + linux/arm64 builds, Gogs release upload Verified: - cargo check: zero errors - tsc --noEmit: zero errors - vitest run: 13/13 unit tests passing Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-03-15 03:36:25 +00:00
PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA512;",
fix: set SQLCipher cipher_page_size BEFORE first database access Previously cipher_page_size was set AFTER the verification SELECT, making it a no-op (SQLCipher locks page size on first access). This caused two bugs: 1. Databases were created with the default page size regardless of the setting, then flushed on close using misaligned 4KB mmap pages on 16KB kernel → corrupted file → SQLITE_NOTADB on reopen. 2. Reopening an existing DB used default (potentially wrong) page size for the initial read → decryption failure. Fix: batch all cipher settings (key, page_size, kdf_iter, algorithms) into a single execute_batch call BEFORE the first SELECT. This ensures: - New databases are created with 16KB pages (aligned to Asahi kernel) - Existing 16KB-page databases are reopened with the correct page size - Close/flush operations use properly aligned mmap → no corruption Note: existing 4KB-page databases (from v0.1.0) remain incompatible and must be deleted once on upgrade. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 02:25:43 +00:00
key.replace('\'', "''")
))?;
// Verify the key and settings work
conn.execute_batch("SELECT count(*) FROM sqlite_master;")?;
feat: initial implementation of TFTSR IT Triage & RCA application Implements Phases 1-8 of the TFTSR implementation plan. Rust backend (Tauri 2.x, src-tauri/): - Multi-provider AI: OpenAI-compatible, Anthropic, Gemini, Mistral, Ollama - PII detection engine: 11 regex patterns with overlap resolution - SQLCipher AES-256 encrypted database with 10 versioned migrations - 28 Tauri IPC commands for triage, analysis, document, and system ops - Ollama: hardware probe, model recommendations, pull/delete with events - RCA and blameless post-mortem Markdown document generators - PDF export via printpdf - Audit log: SHA-256 hash of every external data send - Integration stubs for Confluence, ServiceNow, Azure DevOps (v0.2) Frontend (React 18 + TypeScript + Vite, src/): - 9 pages: full triage workflow NewIssue→LogUpload→Triage→Resolution→RCA→Postmortem→History+Settings - 7 components: ChatWindow, TriageProgress, PiiDiffViewer, DocEditor, HardwareReport, ModelSelector, UI primitives - 3 Zustand stores: session, settings (persisted), history - Type-safe tauriCommands.ts matching Rust backend types exactly - 8 IT domain system prompts (Linux, Windows, Network, K8s, DB, Virt, HW, Obs) DevOps: - .woodpecker/test.yml: rustfmt, clippy, cargo test, tsc, vitest on every push - .woodpecker/release.yml: linux/amd64 + linux/arm64 builds, Gogs release upload Verified: - cargo check: zero errors - tsc --noEmit: zero errors - vitest run: 13/13 unit tests passing Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-03-15 03:36:25 +00:00
Ok(conn)
}
pub fn open_dev_db(path: &Path) -> anyhow::Result<Connection> {
let conn = Connection::open(path)?;
Ok(conn)
}
pub fn init_db(data_dir: &Path) -> anyhow::Result<Connection> {
std::fs::create_dir_all(data_dir)?;
let db_path = data_dir.join("tftsr.db");
feat(rebrand): rename binary to trcaa and auto-generate DB key - Rename Cargo package from 'tftsr' to 'trcaa' — installed command becomes 'trcaa' instead of 'tftsr' - Update app data directories to ~/.local/share/trcaa (Linux), ~/Library/Application Support/trcaa (macOS), %APPDATA%/trcaa (Windows) - Update bundle identifier to com.trcaa.app - Auto-generate per-installation DB encryption key on first launch and persist to <data_dir>/.dbkey (mode 0600 on Unix) — removes the hard requirement for TFTSR_DB_KEY to be set before the app will start
2026-04-05 22:50:16 +00:00
let key = get_db_key(data_dir)?;
feat: initial implementation of TFTSR IT Triage & RCA application Implements Phases 1-8 of the TFTSR implementation plan. Rust backend (Tauri 2.x, src-tauri/): - Multi-provider AI: OpenAI-compatible, Anthropic, Gemini, Mistral, Ollama - PII detection engine: 11 regex patterns with overlap resolution - SQLCipher AES-256 encrypted database with 10 versioned migrations - 28 Tauri IPC commands for triage, analysis, document, and system ops - Ollama: hardware probe, model recommendations, pull/delete with events - RCA and blameless post-mortem Markdown document generators - PDF export via printpdf - Audit log: SHA-256 hash of every external data send - Integration stubs for Confluence, ServiceNow, Azure DevOps (v0.2) Frontend (React 18 + TypeScript + Vite, src/): - 9 pages: full triage workflow NewIssue→LogUpload→Triage→Resolution→RCA→Postmortem→History+Settings - 7 components: ChatWindow, TriageProgress, PiiDiffViewer, DocEditor, HardwareReport, ModelSelector, UI primitives - 3 Zustand stores: session, settings (persisted), history - Type-safe tauriCommands.ts matching Rust backend types exactly - 8 IT domain system prompts (Linux, Windows, Network, K8s, DB, Virt, HW, Obs) DevOps: - .woodpecker/test.yml: rustfmt, clippy, cargo test, tsc, vitest on every push - .woodpecker/release.yml: linux/amd64 + linux/arm64 builds, Gogs release upload Verified: - cargo check: zero errors - tsc --noEmit: zero errors - vitest run: 13/13 unit tests passing Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-03-15 03:36:25 +00:00
let conn = if cfg!(debug_assertions) {
open_dev_db(&db_path)?
} else {
open_encrypted_db(&db_path, &key)?
};
crate::db::migrations::run_migrations(&conn)?;
Ok(conn)
}
fix(security): harden secret handling and audit integrity Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors. Made-with: Cursor
2026-04-05 04:37:05 +00:00
#[cfg(test)]
mod tests {
use super::*;
feat(rebrand): rename binary to trcaa and auto-generate DB key - Rename Cargo package from 'tftsr' to 'trcaa' — installed command becomes 'trcaa' instead of 'tftsr' - Update app data directories to ~/.local/share/trcaa (Linux), ~/Library/Application Support/trcaa (macOS), %APPDATA%/trcaa (Windows) - Update bundle identifier to com.trcaa.app - Auto-generate per-installation DB encryption key on first launch and persist to <data_dir>/.dbkey (mode 0600 on Unix) — removes the hard requirement for TFTSR_DB_KEY to be set before the app will start
2026-04-05 22:50:16 +00:00
fn temp_dir(name: &str) -> std::path::PathBuf {
let dir = std::env::temp_dir().join(format!("tftsr-test-{}", name));
std::fs::create_dir_all(&dir).unwrap();
dir
}
fix(security): harden secret handling and audit integrity Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors. Made-with: Cursor
2026-04-05 04:37:05 +00:00
#[test]
fn test_get_db_key_uses_env_var_when_present() {
feat(rebrand): rename binary to trcaa and auto-generate DB key - Rename Cargo package from 'tftsr' to 'trcaa' — installed command becomes 'trcaa' instead of 'tftsr' - Update app data directories to ~/.local/share/trcaa (Linux), ~/Library/Application Support/trcaa (macOS), %APPDATA%/trcaa (Windows) - Update bundle identifier to com.trcaa.app - Auto-generate per-installation DB encryption key on first launch and persist to <data_dir>/.dbkey (mode 0600 on Unix) — removes the hard requirement for TFTSR_DB_KEY to be set before the app will start
2026-04-05 22:50:16 +00:00
let dir = temp_dir("env-var");
fix(security): harden secret handling and audit integrity Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors. Made-with: Cursor
2026-04-05 04:37:05 +00:00
std::env::set_var("TFTSR_DB_KEY", "test-db-key");
feat(rebrand): rename binary to trcaa and auto-generate DB key - Rename Cargo package from 'tftsr' to 'trcaa' — installed command becomes 'trcaa' instead of 'tftsr' - Update app data directories to ~/.local/share/trcaa (Linux), ~/Library/Application Support/trcaa (macOS), %APPDATA%/trcaa (Windows) - Update bundle identifier to com.trcaa.app - Auto-generate per-installation DB encryption key on first launch and persist to <data_dir>/.dbkey (mode 0600 on Unix) — removes the hard requirement for TFTSR_DB_KEY to be set before the app will start
2026-04-05 22:50:16 +00:00
let key = get_db_key(&dir).unwrap();
fix(security): harden secret handling and audit integrity Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors. Made-with: Cursor
2026-04-05 04:37:05 +00:00
assert_eq!(key, "test-db-key");
std::env::remove_var("TFTSR_DB_KEY");
}
#[test]
fn test_get_db_key_debug_fallback_for_empty_env() {
feat(rebrand): rename binary to trcaa and auto-generate DB key - Rename Cargo package from 'tftsr' to 'trcaa' — installed command becomes 'trcaa' instead of 'tftsr' - Update app data directories to ~/.local/share/trcaa (Linux), ~/Library/Application Support/trcaa (macOS), %APPDATA%/trcaa (Windows) - Update bundle identifier to com.trcaa.app - Auto-generate per-installation DB encryption key on first launch and persist to <data_dir>/.dbkey (mode 0600 on Unix) — removes the hard requirement for TFTSR_DB_KEY to be set before the app will start
2026-04-05 22:50:16 +00:00
let dir = temp_dir("empty-env");
fix(security): harden secret handling and audit integrity Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors. Made-with: Cursor
2026-04-05 04:37:05 +00:00
std::env::set_var("TFTSR_DB_KEY", " ");
feat(rebrand): rename binary to trcaa and auto-generate DB key - Rename Cargo package from 'tftsr' to 'trcaa' — installed command becomes 'trcaa' instead of 'tftsr' - Update app data directories to ~/.local/share/trcaa (Linux), ~/Library/Application Support/trcaa (macOS), %APPDATA%/trcaa (Windows) - Update bundle identifier to com.trcaa.app - Auto-generate per-installation DB encryption key on first launch and persist to <data_dir>/.dbkey (mode 0600 on Unix) — removes the hard requirement for TFTSR_DB_KEY to be set before the app will start
2026-04-05 22:50:16 +00:00
let key = get_db_key(&dir).unwrap();
fix(security): harden secret handling and audit integrity Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors. Made-with: Cursor
2026-04-05 04:37:05 +00:00
assert_eq!(key, "dev-key-change-in-prod");
std::env::remove_var("TFTSR_DB_KEY");
}
}
Reference in New Issue Copy Permalink