diff --git a/.gitignore b/.gitignore index 3aec03c3..c9de3730 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,15 @@ secrets.yaml artifacts/ *.png /screenshots/ + +# Internal / private documents β€” never commit +USER_GUIDE.md +USER_GUIDE.docx +~$ER_GUIDE.docx +TICKET_USER_GUIDE.md +BUGFIX_SUMMARY.md +PR_DESCRIPTION.md +GenAI API User Guide.md +HANDOFF-MSI-GENAI.md +TICKET_SUMMARY.md +docs/images/user-guide/ diff --git a/GenAI API User Guide.md b/GenAI API User Guide.md deleted file mode 100644 index ffb4370b..00000000 --- a/GenAI API User Guide.md +++ /dev/null @@ -1,489 +0,0 @@ - - -**A User Guide to GenAI API** - -**Revision:** 3.4 - -**Change History** - -| Date | Version | Author | Changes | -| :---- | :---- | :---- | :---- | -| 08-22-2023 | 1.0 | Dipjyoti Bisharad | Initial Draft | -| 08-24-2023 | 1.1 | Jahnavi Alike | Updated sessionId usage process. | -| 12-12-2023 | 1.2 | Sunil Vurandur | Updated details on different model types | -| 03-28-2024 | 1.3 | Jahnavi Alike | Text rearrangement | -| 04-23-2024 | 1.4 | Dipjyoti Bisharad | Introduced additional args field in response | -| 05-08-2024 | 2.0 | Dipjyoti Bisharad | Updated to v2 of chat API | -| 05-17-2024 | 2.1 | Dipjyoti Bisharad | Added Gemini 1.5 Pro | -| 06-25-2024 | 2.2 | Dipjyoti Bisharad | Added disclaimer on omitting the userId from payload | -| 06-27-2024 | 2.3 | Dipjyoti Bisharad | Added the datastoreId to the request payload. Introduced GPT 4 Omni, Claude Sonnet. Replaced Gemini 1.5 Pro with Gemini 1.5 Flash. Deprecation of legacy /chat. | -| 07-10-2024 | 2.4 | Dipjyoti Bisharad | Added modelConfig in the chat payload. Added application identifier x-msi-genai-client in header. Upload files to a chat session | -| 08-09-2024 | 2.5 | Dipjyoti Bisharad | Added note regarding impersonation with API keys | -| 08-12-2024 | 2.6 | Dipjyoti Bisharad | Added userId usage for the /upload endpoint | -| 09-16-2024 | 2.7 | Dipjyoti Bisharad | Added endpoints for delete message and retrieve session messages | -| 11-15-2024 | 2.8 | Dipjyoti Bisharad | Updated contacts | -| 11-18-2024 | 2.9 | Girish Manivel | Added API error codes | -| 01-09-2025 | 3.0 | Anjali Kamath | Added Init Datastore API details | -| 01-15-2025 | 3.1 | Vibin Jacob | Added default Model config values | -| 01-30-2025 | 3.2 | Vibin Jacob | Added Nova Lite | -| 03-04-2025 | 3.3 | Anjali Kamath | Updated Model details | -| 03-27-2025 | 3.4 | Vibin Jacob | Updated Model details | -| 05-12-2025 | 3.5 | Vibin Jacob | Google Search Agent | - -# - -# **People** {#people} - -| Name | Role | Email | -| ----- | ----- | ----- | -| Manminder Kaur Sardarni | Dev Manager | manminderkaur.sardarni@motorolasolutions.com | -| Suma Rebbapragada | Product Manager | lakshmisuma.rebbapragada@motorolasolutions.com | -| Anjali Kamath | Lead Engineer | anjali.kamath@motorolasolutions.com | -| Sri Chand Jasti | Sr Mgr, IT AIML | srichand.jasti@motorolasolutions.com | - -**Table of Contents** ---- - -**[People 3](#people)** - -[**1\. Abstract 5**](#abstract) - -[2\. The API Key 5](#the-api-key) - -[**3\. Properties of the API Key 7**](#properties-of-the-api-key) - -[**4\. API Reference 7**](#api-reference) - -[4.1. Chat Endpoint 7](#chat-endpoint) - -[4.2. File upload Endpoint 10](#file-upload-endpoint) - -[4.3. Get Session Messages Endpoint 11](#get-session-messages/datastore-files-endpoint) - -[4.4. Delete Message Endpoint 12](#delete-message-endpoint) - -4.5. Initialise Datastore Endpoint 13 - -1. # Abstract {#abstract} - -This document is a user guide to interact with the API provided by MSI GenAI, which can be used to programmatically send a prompt and receive a response from AI Models. The endpoint can do session management, so the user needs to pass only the current prompt and session ID (more details below), and the past contexts will be automatically retained. - -The API is exposed at the following link: [https://genai-service.stage.commandcentral.com/app-gateway/api/v2/chat](https://genai-service.stage.commandcentral.com/app-gateway/api/v2/chat) - -To interact with the API, an API key is required, which can be obtained from the steps listed below. - -**Note: In this v2 release, the endpoint has been changed to /api/v2/chat, which will support a long-lived API key. The former endpoint /chat stands deprecated.** - -2. # The API Key {#the-api-key} - -Follow these steps to get an API key for the endpoint. - -1. Log in to the [MSI GenAI Portal](https://msi-genai.stage.commandcentral.com/login) -2. After logging in, click on the name in the top right corner of the screen and click on the **Generate API Key**. - ![][image1] -3. Click on the **Copy & Close** button. This automatically copies the token to the clipboard. This token will be visible only once and is not saved or logged anywhere in the backend - ![][image2] -4. ~~The token for the legacy /chat endpoint can be obtained by clicking the **Auth Token (Legacy)** button.~~ - -**NOTE:** API usage cost is limited to $50 per user/month. The user’s keys will be disabled once they cross the limit in a normal scenario. - -3. # Properties of the API Key {#properties-of-the-api-key} - -1) Visible only once. -2) Valid for 3 months. -3) The API key CANNOT be used to request content on behalf of other users, however, the owner of the key shall always be logged for audit purposes. - API keys will ordinarily not be able to request content on behalf of other users. Reach out to any of the contacts listed if a key has to be revoked. -4) Upcoming feature to allow customizing the token validity as well as self-service token revocation. - -4. # API Reference {#api-reference} - - 1. ## Chat Endpoint {#chat-endpoint} - - - -* Host: [https://genai-service.stage.commandcentral.com/app-gateway](https://genai-service.stage.commandcentral.com/app-gateway) -* Endpoint: /api/v2/chat -* HTTP Type: POSTHeaders: - **x-msi-genai-api-key: \** - Content-Type: application/json - X-msi-genai-client (optional): \ - -* Request Body: - { - "userId": "core-id@motorolasolutions.com", - "model": "VertexGemini", - "prompt": "Who plays the best piano?", - "system": "", - "sessionId": "c2e07ae5-4d6b-48e6-b035-6a8aefb57321", - "datastoreId": "a1c0e7f2-a01a-4ee4-b5fb-e3362bd1f302", - "modelConfig": { - "temperature": 0.5, - "max\_tokens": 800, - "top\_p": 1, - "frequency\_penalty": 0, - "presence\_penalty": 0 - } - } - - -The different fields of the request body have the following usage. - -* userId (optional): The email address of the user in the **CORE ID** format. - **Note:** *In case this field is not provided with the payload, all the usages and subsequent costs will be mapped to the user who created the token.* -* model (mandatory): The model to be used for the AI. The following options are available: -- Use model: **ChatGPT4o** to access GPT4 Omni -- Use model: **ChatGPT4o-mini** to access GPT4o Omni Mini -- Use model: **ChatGPT-o3-mini** to access GPT o3 Omni -- Use model: **Gemini-2\_0-Flash-001** to access Gemini 2.0 Flash -- Use model: **Gemini-2\_5-Flash** to access Gemini 2.5 Flash -- Use model: **Claude-Sonnet-3\_7** to access Claude-Sonnet 3.7. -- Use model: **Openai-gpt-4\_1-mini** to access OpenAI GPT 4.1 Mini. -- Use model: **Openai-o4-mini** to access OpenAI o4 Mini. -- Use model: **Claude-Sonnet-4** to access Claude Sonnet 4\. -- Use model: **ChatGPT-o3-pro** to access ChatGPT o3 Pro. -- Use model: **OpenAI-ChatGPT-4\_1** to access OpenAI ChatGPT 4.1. -- Use model: **OpenAI-GPT-4\_1-Nano** to access OpenAI ChatGPT 4.1 Nano. -- Use model: **ChatGPT-5** to access OpenAI ChatGPT5 -- Use model: **VertexGemini** to access Gemini 2.0 Flash 001 -- Use model: **ChatGPT-5\_1** to access ChatGPT 5.1 -- Use model: **ChatGPT-5\_1-chat** to access ChatGPT 5.1 Chat -- Use model: **ChatGPT-5\_2-Chat** to access ChatGPT 5.2 Chat -- Use model: **Gemini-3\_Pro-Preview** to access Gemini 3.1 Pro -- Use model: **Gemini-3\_1-flash-lite-preview** to access Gemini 3.1 Flash Lite - - - **File uploads are currently supported for models VertexGemini, ChatGPT4o, and Claude-Sonnet (Claude-Sonnet supports image files only)** - - - - - -* Supported Files - 1. - -| Model | Supported Files Extensions | -| :---- | :---- | -| **Gemini-3\_Pro-Preview** | **Image:** JPEG, JPG, PNG or WEBP format. **Video:** MP4, WEBM, MKV or MOV format. **Document:** PDF or TXT format. **Audio:** MP3, MPGA, WAV, WEBM, M4A, OPUS, AAC, FLAC or PCM format. | -| **ChatGPT 4o** | Text, image | -| **ChatGPT 4.1 Mini** | text and vision | -| **ChatGPT 5.2 Chat** | | -| **ChatGPT o4 Mini** | Text, image | -| **Claude Sonnet 4** | | - - 2. Check model Access and privacy for model accessibility -* prompt (mandatory): The plain text query. -* sessionId (optional): All the messages linked to a sessionId are treated as part of the same conversation. **The sessionId should not be passed for the first message.** The AI engine generates a session ID after the first successful prompt, and that value should be used in subsequent API calls. -* system (optional): Optional system message that can be configured for the model. It will only work with the models that support it. Ignored for non-supported models. -* datastoreId (optional): Optional DatastoreId that can be passed to refer to the files of a datastore within your chat session. -* modelConfig (optional): Expert settings to tune the model parameters. - If model parameters are not mentioned in the request payload, they will set by default as below: - - temperature: 0.7 - max\_tokens:(800 Azure OpenAI),(4000 Gemini),(1024 AWS) - top\_p: 1.0 - Top\_k: (NA Azure OpenAI), (32 Gemini), (250 AWS) - frequency\_penalty: 0 - presence\_penalty:0 - - - -* Response Body: - { - "status": true, - "success": true, - "sessionId": String, - "sessionTitle": String, - "msg": Text, - "valid\_response": Boolean, - "initialPrompt": Boolean, - "args": JSON - } - - -The different fields of the response body have the following usage. - -* status: states whether the API call is successful or not -* success: always true (internal reference key). -* sessionId: UUID for a session. One can use the same sessionId to maintain a conversation in the same session -* sessionTitle: Title created for the session -* msg: Actual response from AI models for users prompt -* valid\_response: always true (internal reference key). -* initialPrompt: states whether the user is starting a new session or an old one. If the user sends a message for the first time in a new session, then this will be true; else false. -* args: Contains metadata about the response - -* Error Response Body: - -{ - status: false, - msg: String (Error Msg) -} - -The curl command for the request looks like this: - -curl \-X POST \-H "x-msi-genai-api-key: \" \-H "Content-Type: application/json" https://genai-service.stage.commandcentral.com/app-gateway/api/v2/chat \-d '{"userId": "String", "model": "String", "prompt": "Text", "sessionId": "String", "datastoreId": "String"}' - -Here, - -- \-X refers to the HTTP Method we want to use -- \-H refers to a header, you can use multiple headers by using multiple β€˜-H’ -- \-d refers to the data or body of the request - - 2. ## File upload Endpoint {#file-upload-endpoint} - - -* Host: \-5 -* Endpoint: /api/v2/upload/\?userId=\@motorolasolutions.com -* HTTP Type: POST -* Headers: - **x-msi-genai-api-key: \** - Content-Type: multipart/form-data - X-msi-genai-client (optional): \ - -**Note:** - -* The SESSION-ID is mandatory, and hence a file **CANNOT** be the first message in chat history. Obtain a session id by initiating a chat session specified in 4.1 -* The userId is optional and by default is set to the user who created the token. -* The owner of the SESSION-ID should match the userId - -The curl command for the request looks like this: - -curl \-X POST \--location 'https://genai-service.stage.commandcentral.com/app-gateway/api/v2/upload/\' \\ -\--header 'x-msi-genai-api-key: \' \\ -\--form 'file=@"/var/pdf/myfile.pdf"' - -3. ## Get Session Messages/Datastore Files Endpoint {#get-session-messages/datastore-files-endpoint} - - - -* Host: [https://genai-service.stage.commandcentral.com/app-gateway](https://genai-service.stage.commandcentral.com/app-gateway) -* Endpoint: /api/v2/getSessionMessages/\?userId=\@motorolasolutions.com\&page=1\&limit=10 -* HTTP Type: GET -* Headers: - **x-msi-genai-api-key: \** - X-msi-genai-client (optional): \ - -**Note:** - -* The SESSION-ID is mandatory. For Datastores, pass the datastore id as SESSION-ID. -* The userId is optional and by default is set to the user who created the token. -* The owner of the SESSION-ID should match the userId. -* The page & limit are optional and meant for pagination for large message sessions. By default, all messages are returned. - -The curl command for the request looks like this: - -curl \-X GET \--location 'https://genai-service.stage.commandcentral.com/app-gateway/api/v2/getSessionMessages/\?page=1\&limit=2' \\ -\--header 'x-msi-genai-api-key: \' - -The response structure is - -``` -{ - "status": true, - "TotalSessionLength": "134", - "data": [ -, - { - "id": 1, - "msg": "hi", - "role": "user", - "type": "text" - }, - { - "id": 2, - "msg": "Hi! 😊 How can I assist you today? \n", - "role": "assistant", - "type": "text" - } - ] -} -``` - -**Note:** - -* The status will be true if the data is successfully retrieved; false otherwise -* The TotalSessionLength gives the total number of messages in the specified session. -* The data has the list of messages (as per page and limit specified, if any) ordered by increasing order of chronology (most recent message is at the last of the array). -* Each msg has a unique id which can be used to delete the message from the session. - - 4. ## Delete Message Endpoint {#delete-message-endpoint} - - -* Host: [https://genai-service.stage.commandcentral.com/app-gateway](https://genai-service.stage.commandcentral.com/app-gateway) -* Endpoint: /api/v2/entry/\?userId=\@motorolasolutions.com -* HTTP Type: DELETE -* Headers: - **x-msi-genai-api-key: \** - X-msi-genai-client (optional): \ - -**Note:** - -* The MSG-ID is mandatory -* The userId is optional and by default is set to the user who created the token. -* The owner of the MSG-ID should match the userId - - -The curl command for the request looks like this: - -curl \-X DELETE \--location 'https://genai-service.stage.commandcentral.com/app-gateway/api/v2/entry/\' \\ -\--header 'x-msi-genai-api-key: \' - -5. ## Initialise Datastore Endpoint - - Host: [https://genai-service.stage.commandcentral.com/app-gateway](https://genai-service.stage.commandcentral.com/app-gateway) - - Endpoint: /api/v2/initDataStore/datastore/\ - - HTTP Type: POST - - Headers: - - **x-msi-genai-api-key: \** - - X-msi-genai-client (optional): \ - -**Note:** - -* The DATASTORE-NAME is mandatory -* Datastore ID can be retrieved from the response payload -* You can upload files to the datastore using the file upload endpoint. - - -The curl command for the request looks like this: - -curl \-X POST \--location 'genai-service.stage.commandcentral.com/app-gateway/api/v2/initDataStore/datastore/\' \\ -\--header 'x-msi-genai-api-key: \' - -6. ## Get Chat Sessions Endpoint - -* Host: [https://genai-service.stage.commandcentral.com/app-gateway](https://genai-service.stage.commandcentral.com/app-gateway) -* Endpoint: /api/v2/getChatSessions/\ -* HTTP Type: GET -* Headers: - **x-msi-genai-api-key: \** - X-msi-genai-client (optional): \ - -**Note:** - -* The MODEL is mandatory PARAMETER. - -The curl command for the request looks like this: - -curl \-X GET \--location 'https://genai-service.stage.commandcentral.com/app-gateway/api/v2/getChatSessions/\' \\ -\--header 'x-msi-genai-api-key: \' - -The response structure is - -``` -{ - "status": true, - "msg": "Session fetched successfully", - "data": [ -, - { - "sessionId": "7cads-a9123-1a1ddd", - "sessionTittle": "hi", - "sessionchatinstruction": "", - "total_tokens": 0 - }, - { - "sessionId": "8bads-a9123-1a1ddd", - "sessionTittle": "why is sky blue", - "sessionchatinstruction": "", - "total_tokens": 0 - }, - ], - "user_cost": "0" -} -``` - -**Note:** - -* The status will be true if the data is successfully retrieved; false otherwise -* The user\_cost will return the monthly usage cost value of the portal. -* The data has the list of messages (as per page and limit specified, if any) ordered by increasing order of chronology (most recent message is at the last of the array). -* Each sessionTitle has a unique sessionId - -# - -5. # API Error Codes - -| General Error Codes | | -| ----- | :---- | -| 400 Bad Request | The request was malformed or contained invalid parameters. | -| 401 Unauthorized | The user is not authenticated or lacks permission to perform the requested action. | -| 403 Forbidden | The user is authenticated but lacks the necessary permissions for the requested action. | -| 404 Not Found | The requested resource (model, user, API key, session, etc.) was not found. | -| 405 Method Not Allowed | The requested method (GET, POST, PUT, DELETE) is not allowed for the resource. | -| 409 Conflict | The requested action cannot be completed due to a conflict, such as attempting to create a duplicate resource. | -| 500 Internal Server Error | An unexpected error occurred on the server. | -| 502 Bad Gateway | The server received an invalid response from a downstream server. | -| 503 Service Unavailable | The server is currently unavailable. | - -| Error Codes Breakdown | | -| :---: | ----- | - -**fileHandlerService:** - -| uploadFile | | -| :---- | :---- | -| 400 | Invalid Datastore ID. | -| 500 | Error while uploading the file. | -| **deleteMessage** | | -| 400 | Invalid request, missing msgId. | -| 401 | Unauthorized. | -| 404 | Message not found. | -| 500 | Internal error while deleting the message. | - -**usersHandler:** - -| getSessionMessages | | -| :---- | :---- | -| 400 | Invalid request body, missing sessionId. | -| 401 | Unauthorized access to the session. | -| 500 | Internal error while fetching session messages. | -| **chat** | | -| 400 | Invalid request, missing model or prompt, or model not found. | -| 500 | Internal error while processing the chat request. | - -**Error Response Format:** - -All error responses follow a consistent format: -json -{ -"status": false, -"msg": "Error message. Correlation ID: \" -} - -**Note:** - -* \ is a unique identifier for the request. -* The error field might be present in certain error responses, providing additional details about the error. - -6. # Model Access & Privacy - -### - -| Model Name (ID) | Friendly Name | Privacy Status | -| :---- | :---- | :---- | -| ChatGPT4o | GPT4 Omni | **Public** | -| ChatGPT4o-mini | GPT4o Omni Mini | **Private** | -| ChatGPT-o3-mini | GPT o3 Omni | **Private** | -| Gemini-2\_0-Flash-001 | Gemini 2.0 Flash | **Private** | -| Gemini-2\_5-Flash | Gemini 2.5 Flash | **Private** | -| Claude-Sonnet-3\_7 | Claude-Sonnet 3.7 | **Private** | -| Openai-gpt-4\_1-mini | OpenAI GPT 4.1 Mini | **Private** | -| Openai-o4-mini | OpenAI o4 Mini | **Public** | -| Claude-Sonnet-4 | Claude Sonnet 4 | **Public** | -| ChatGPT-o3-pro | ChatGPT o3 Pro | **Private** | -| OpenAI-ChatGPT-4\_1 | OpenAI ChatGPT 4.1 | **Private** | -| OpenAI-GPT-4\_1-Nano | OpenAI ChatGPT 4.1 Nano | **Private** | -| ChatGPT-5 | OpenAI ChatGPT5 | **Private** | -| VertexGemini | Gemini 2.0 Flash 001 | **Private** | -| ChatGPT-5\_1 | ChatGPT 5.1 | **Private** | -| ChatGPT-5\_1-chat | ChatGPT 5.1 Chat | **Private** | -| ChatGPT-5\_2-Chat | ChatGPT 5.2 Chat | **Public** | -| Gemini-3\_Pro-Preview | Gemini 3 Pro | **Private** | - -[image1]: - -[image2]: \ No newline at end of file diff --git a/HANDOFF-MSI-GENAI.md b/HANDOFF-MSI-GENAI.md deleted file mode 100644 index a85fe01f..00000000 --- a/HANDOFF-MSI-GENAI.md +++ /dev/null @@ -1,312 +0,0 @@ -# MSI GenAI Custom Provider Integration - Handoff Document - -**Date**: 2026-04-03 -**Status**: In Progress - Backend schema updated, frontend and provider logic pending - ---- - -## Context - -User needs to integrate MSI GenAI API (https://genai-service.stage.commandcentral.com/app-gateway/api/v2/chat) into the application's AI Providers system. - -**Problem**: The existing "Custom" provider type assumes OpenAI-compatible APIs (expects `/chat/completions` endpoint, OpenAI request/response format, `Authorization: Bearer` header). MSI GenAI has a completely different API contract: - -| Aspect | OpenAI Format | MSI GenAI Format | -|--------|---------------|------------------| -| **Endpoint** | `/chat/completions` | `/api/v2/chat` (no suffix) | -| **Request** | `{"messages": [...], "model": "..."}` | `{"prompt": "...", "model": "...", "sessionId": "..."}` | -| **Response** | `{"choices": [{"message": {"content": "..."}}]}` | `{"msg": "...", "sessionId": "..."}` | -| **Auth Header** | `Authorization: Bearer ` | `x-msi-genai-api-key: ` | -| **History** | Client sends full message array | Server-side via `sessionId` | - ---- - -## Work Completed - -### 1. Updated `src-tauri/src/state.rs` - ProviderConfig Schema - -Added optional fields to support custom API formats without breaking existing OpenAI-compatible providers: - -```rust -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct ProviderConfig { - pub name: String, - #[serde(default)] - pub provider_type: String, - pub api_url: String, - pub api_key: String, - pub model: String, - - // NEW FIELDS: - /// Optional: Custom endpoint path (e.g., "" for no path, "/v1/chat" for custom path) - /// If None, defaults to "/chat/completions" for OpenAI compatibility - #[serde(skip_serializing_if = "Option::is_none")] - pub custom_endpoint_path: Option, - - /// Optional: Custom auth header name (e.g., "x-msi-genai-api-key") - /// If None, defaults to "Authorization" - #[serde(skip_serializing_if = "Option::is_none")] - pub custom_auth_header: Option, - - /// Optional: Custom auth value prefix (e.g., "" for no prefix, "Bearer " for OpenAI) - /// If None, defaults to "Bearer " - #[serde(skip_serializing_if = "Option::is_none")] - pub custom_auth_prefix: Option, - - /// Optional: API format ("openai" or "msi_genai") - /// If None, defaults to "openai" - #[serde(skip_serializing_if = "Option::is_none")] - pub api_format: Option, - - /// Optional: Session ID for stateful APIs like MSI GenAI - #[serde(skip_serializing_if = "Option::is_none")] - pub session_id: Option, -} -``` - -**Design philosophy**: Existing providers remain unchanged (all fields default to OpenAI-compatible behavior). Only when `api_format` is set to `"msi_genai"` do the custom fields take effect. - ---- - -## Work Remaining - -### 2. Update `src-tauri/src/ai/openai.rs` - Support Custom Formats - -The `OpenAiProvider::chat()` method needs to conditionally handle MSI GenAI format: - -**Changes needed**: -- Check `config.api_format` β€” if `Some("msi_genai")`, use MSI GenAI request/response logic -- Use `config.custom_endpoint_path.unwrap_or("/chat/completions")` for endpoint -- Use `config.custom_auth_header.unwrap_or("Authorization")` for header name -- Use `config.custom_auth_prefix.unwrap_or("Bearer ")` for auth prefix - -**MSI GenAI request format**: -```json -{ - "model": "VertexGemini", - "prompt": "", - "system": "", - "sessionId": "", - "userId": "user@motorolasolutions.com" -} -``` - -**MSI GenAI response format**: -```json -{ - "status": true, - "sessionId": "uuid", - "msg": "AI response text", - "initialPrompt": true/false -} -``` - -**Implementation notes**: -- For MSI GenAI, convert `Vec` to a single `prompt` (concatenate or use last user message) -- Extract system message from messages array if present (role == "system") -- Store returned `sessionId` back to `config.session_id` for subsequent requests -- Extract response content from `json["msg"]` instead of `json["choices"][0]["message"]["content"]` - -### 3. Update `src/lib/tauriCommands.ts` - TypeScript Types - -Add new optional fields to `ProviderConfig` interface: - -```typescript -export interface ProviderConfig { - provider_type?: string; - max_tokens?: number; - temperature?: number; - name: string; - api_url: string; - api_key: string; - model: string; - - // NEW FIELDS: - custom_endpoint_path?: string; - custom_auth_header?: string; - custom_auth_prefix?: string; - api_format?: string; - session_id?: string; -} -``` - -### 4. Update `src/pages/Settings/AIProviders.tsx` - UI Fields - -**When `provider_type === "custom"`, show additional form fields**: - -```tsx -{form.provider_type === "custom" && ( - <> -
- - -
- -
-
- - setForm({ ...form, custom_endpoint_path: e.target.value })} - placeholder="/chat/completions" - /> -
-
- - setForm({ ...form, custom_auth_header: e.target.value })} - placeholder="Authorization" - /> -
-
- -
- - setForm({ ...form, custom_auth_prefix: e.target.value })} - placeholder="Bearer " - /> -

- Prefix added before API key (e.g., "Bearer " for OpenAI, "" for MSI GenAI) -

-
- -)} -``` - -**Update `emptyProvider` initial state**: -```typescript -const emptyProvider: ProviderConfig = { - name: "", - provider_type: "openai", - api_url: "", - api_key: "", - model: "", - custom_endpoint_path: undefined, - custom_auth_header: undefined, - custom_auth_prefix: undefined, - api_format: undefined, - session_id: undefined, -}; -``` - ---- - -## Testing Configuration - -**For MSI GenAI**: -- **Type**: Custom -- **API Format**: MSI GenAI -- **API URL**: `https://genai-service.stage.commandcentral.com/app-gateway` -- **Model**: `VertexGemini` (or `Claude-Sonnet-4`, `ChatGPT4o`) -- **API Key**: (user's MSI GenAI API key from portal) -- **Endpoint Path**: `` (empty - URL already includes `/api/v2/chat`) -- **Auth Header**: `x-msi-genai-api-key` -- **Auth Prefix**: `` (empty - no "Bearer " prefix) - -**Test command flow**: -1. Create provider with above settings -2. Test connection (should receive AI response) -3. Verify `sessionId` is returned and stored -4. Send second message (should reuse `sessionId` for conversation history) - ---- - -## Known Issues from User's Original Error - -User initially tried: -- **API URL**: `https://genai-service.stage.commandcentral.com/app-gateway/api/v2/chat` -- **Type**: Custom (no format specified) - -**Result**: `Cannot POST /api/v2/chat/chat/completions` (404) - -**Root cause**: OpenAI provider appends `/chat/completions` to base URL. With the new `custom_endpoint_path` field, this is now configurable. - ---- - -## Integration with Existing Session Management - -MSI GenAI uses server-side session management. Current triage flow sends full message history on every request (OpenAI style). For MSI GenAI: - -- **First message**: Send `sessionId: null` or omit field -- **Store response**: Save `response.sessionId` to `config.session_id` -- **Subsequent messages**: Include `sessionId` in requests (server maintains history) - -Consider storing `session_id` per conversation in the database (link to `ai_conversations.id`) rather than globally in `ProviderConfig`. - ---- - -## Commit Strategy - -**Current git state**: -- Modified by other session: `src-tauri/src/integrations/*.rs` (ADO/Confluence/ServiceNow work) -- Modified by me: `src-tauri/src/state.rs` (MSI GenAI schema) -- Untracked: `GenAI API User Guide.md` - -**Recommended approach**: -1. **Other session commits first**: Commit integration changes to main -2. **Then complete MSI GenAI work**: Finish items 2-4 above, test, commit separately - -**Alternative**: Create feature branch `feature/msi-genai-custom-provider`, cherry-pick only MSI GenAI changes, complete work there, merge when ready. - ---- - -## Reference: MSI GenAI API Spec - -**Documentation**: `GenAI API User Guide.md` (in project root) - -**Key endpoints**: -- `POST /api/v2/chat` - Send prompt, get response -- `POST /api/v2/upload/` - Upload files (requires session) -- `GET /api/v2/getSessionMessages/` - Retrieve history -- `DELETE /api/v2/entry/` - Delete message - -**Available models** (from guide): -- `Claude-Sonnet-4` (Public) -- `ChatGPT4o` (Public) -- `VertexGemini` (Private) - Gemini 2.0 Flash -- `ChatGPT-5_2-Chat` (Public) -- Many others (see guide section 4.1) - -**Rate limits**: $50/user/month (enforced server-side) - ---- - -## Questions for User - -1. Should `session_id` be stored globally in `ProviderConfig` or per-conversation in DB? -2. Do we need to support file uploads via `/api/v2/upload/`? -3. Should we expose model config options (temperature, max_tokens) for MSI GenAI? - ---- - -## Contact - -This handoff doc was generated for the other Claude Code session working on integration files. Once that work is committed, this MSI GenAI work can be completed as a separate commit or feature branch. diff --git a/INTEGRATION_AUTH_GUIDE.md b/INTEGRATION_AUTH_GUIDE.md new file mode 100644 index 00000000..a9be0a27 --- /dev/null +++ b/INTEGRATION_AUTH_GUIDE.md @@ -0,0 +1,175 @@ +# Integration Authentication Guide + +## Overview + +The TRCAA application supports three integration authentication methods, with automatic fallback between them: + +1. **API Tokens** (Manual) - Recommended βœ… +2. **OAuth 2.0** - Fully automated (when configured) +3. **Browser Cookies** - Partially working ⚠️ + +## Authentication Priority + +When you ask an AI question, the system attempts authentication in this order: + +``` +1. Extract cookies from persistent browser window + ↓ (if fails) +2. Use stored API token from database + ↓ (if fails) +3. Skip that integration and log guidance +``` + +## HttpOnly Cookie Limitation + +**Problem**: Confluence, ServiceNow, and Azure DevOps use **HttpOnly cookies** for security. These cookies: +- βœ… Exist in the persistent browser window +- βœ… Are sent automatically by the browser +- ❌ **Cannot be extracted by JavaScript** (security feature) +- ❌ **Cannot be used in separate HTTP requests** + +**Impact**: Cookie extraction via the persistent browser window **fails** for HttpOnly cookies, even though you're logged in. + +## Recommended Solution: Use API Tokens + +### Confluence Personal Access Token + +1. Log into Confluence +2. Go to **Profile β†’ Settings β†’ Personal Access Tokens** +3. Click **Create token** +4. Copy the generated token +5. In TRCAA app: + - Go to **Settings β†’ Integrations** + - Find your Confluence integration + - Click **"Save Manual Token"** + - Paste the token + - Token Type: `Bearer` + +### ServiceNow API Key + +1. Log into ServiceNow +2. Go to **System Security β†’ Application Registry** +3. Click **New β†’ OAuth API endpoint for external clients** +4. Configure and generate API key +5. In TRCAA app: + - Go to **Settings β†’ Integrations** + - Find your ServiceNow integration + - Click **"Save Manual Token"** + - Paste the API key + +### Azure DevOps Personal Access Token (PAT) + +1. Log into Azure DevOps +2. Click **User Settings (top right) β†’ Personal Access Tokens** +3. Click **New Token** +4. Scopes: Select **Read** for: + - Code (for wiki) + - Work Items (for work item search) +5. Click **Create** and copy the token +6. In TRCAA app: + - Go to **Settings β†’ Integrations** + - Find your Azure DevOps integration + - Click **"Save Manual Token"** + - Paste the token + - Token Type: `Bearer` + +## Verification + +After adding API tokens, test the integration: + +1. Open or create an issue +2. Go to Triage page +3. Ask a question like: "How do I upgrade Vesta NXT to 1.0.12" +4. Check the logs for: + ``` + INFO Using stored cookies for confluence (count: 1) + INFO Found X integration sources for AI context + ``` + +If successful, the AI response should include: +- Content from internal documentation +- Source citations with URLs +- Links to Confluence/ServiceNow/Azure DevOps pages + +## Troubleshooting + +### No search results found + +**Symptom**: AI gives generic answers instead of internal documentation + +**Check logs for**: +``` +WARN Unable to search confluence - no authentication available +``` + +**Solution**: Add an API token (see above) + +### Cookie extraction timeout + +**Symptom**: Logs show: +``` +WARN Failed to extract cookies from confluence: Timeout extracting cookies +``` + +**Why**: HttpOnly cookies cannot be extracted via JavaScript + +**Solution**: Use API tokens instead + +### Integration not configured + +**Symptom**: No integration searches at all + +**Check**: Settings β†’ Integrations - ensure integration is added with: +- Base URL configured +- Either browser window open OR API token saved + +## Future Enhancements + +### Native Cookie Extraction (Planned) + +We plan to implement platform-specific native cookie extraction that can access HttpOnly cookies directly from the webview's cookie store: + +- **macOS**: Use WKWebView's HTTPCookieStore (requires `cocoa`/`objc` crates) +- **Windows**: Use WebView2's cookie manager (requires `windows` crate) +- **Linux**: Use WebKitGTK cookie manager (requires `webkit2gtk` binding) + +This will make the persistent browser approach fully automatic, even with HttpOnly cookies. + +### Webview-Based Search (Experimental) + +Another approach is to make search requests FROM within the authenticated webview using JavaScript fetch, which automatically includes HttpOnly cookies. This requires reliable IPC communication between JavaScript and Rust. + +## Security Notes + +### Token Storage + +API tokens are: +- βœ… **Encrypted** using AES-256-GCM before storage +- βœ… **Hashed** (SHA-256) for audit logging +- βœ… Stored in encrypted SQLite database +- βœ… Never exposed to frontend JavaScript + +### Cookie Storage (when working) + +Extracted cookies are: +- βœ… Encrypted before database storage +- βœ… Only retrieved when making API requests +- βœ… Transmitted only over HTTPS + +### Audit Trail + +All integration authentication attempts are logged: +- Cookie extraction attempts +- Token usage +- Search requests +- Authentication failures + +Check **Settings β†’ Security β†’ Audit Log** to review activity. + +## Summary + +**For reliable integration search NOW**: Use API tokens (Option 1) + +**For automatic integration search LATER**: Native cookie extraction will be implemented in a future update + +**Current workaround**: API tokens provide full functionality without browser dependency diff --git a/README.md b/README.md index 64cb5ca8..426b1140 100644 --- a/README.md +++ b/README.md @@ -130,6 +130,7 @@ Launch the app and go to **Settings β†’ AI Providers** to add a provider: | Ollama (local) | `http://localhost:11434` | No key needed β€” fully offline | | Azure OpenAI | `https://.openai.azure.com/openai/deployments/` | Requires API key | | **AWS Bedrock (via LiteLLM)** | `http://localhost:8000/v1` | See [LiteLLM + AWS Bedrock](#litellm--aws-bedrock-setup) below | +| **Custom REST Gateway** | Your gateway URL | See [Custom REST format](docs/wiki/AI-Providers.md) | For offline use, install [Ollama](https://ollama.com) and pull a model: ```bash @@ -287,9 +288,9 @@ All data is stored locally in a SQLCipher-encrypted database at: | OS | Path | |---|---| -| Linux | `~/.local/share/tftsr/tftsr.db` | -| macOS | `~/Library/Application Support/tftsr/tftsr.db` | -| Windows | `%APPDATA%\tftsr\tftsr.db` | +| Linux | `~/.local/share/trcaa/trcaa.db` | +| macOS | `~/Library/Application Support/trcaa/trcaa.db` | +| Windows | `%APPDATA%\trcaa\trcaa.db` | Override with the `TFTSR_DATA_DIR` environment variable. @@ -300,8 +301,8 @@ Override with the `TFTSR_DATA_DIR` environment variable. | Variable | Default | Purpose | |---|---|---| | `TFTSR_DATA_DIR` | Platform data dir | Override database location | -| `TFTSR_DB_KEY` | _(none)_ | Database encryption key (required in release builds) | -| `TFTSR_ENCRYPTION_KEY` | _(none)_ | Credential encryption key (required in release builds) | +| `TFTSR_DB_KEY` | _(auto-generated)_ | Database encryption key override β€” auto-generated at first launch if unset | +| `TFTSR_ENCRYPTION_KEY` | _(auto-generated)_ | Credential encryption key override β€” auto-generated at first launch if unset | | `RUST_LOG` | `info` | Tracing log level (`debug`, `info`, `warn`, `error`) | --- @@ -325,6 +326,14 @@ Override with the `TFTSR_DATA_DIR` environment variable. --- +## Support + +If this tool has been useful to you, consider buying me a coffee! + +[![Buy Me A Coffee](https://img.shields.io/badge/Buy%20Me%20A%20Coffee-buymeacoffee.com%2Ftftsr-FFDD00?style=flat&logo=buy-me-a-coffee&logoColor=black)](https://buymeacoffee.com/tftsr) + +--- + ## License -Private β€” internal tooling. All rights reserved. +MIT diff --git a/TICKET_PERSISTENT_WEBVIEWS.md b/TICKET_PERSISTENT_WEBVIEWS.md new file mode 100644 index 00000000..e5db94b9 --- /dev/null +++ b/TICKET_PERSISTENT_WEBVIEWS.md @@ -0,0 +1,254 @@ +# Ticket Summary - Persistent Browser Windows for Integration Authentication + +## Description + +Implement persistent browser window sessions for integration authentication (Confluence, Azure DevOps, ServiceNow). Browser windows now persist across application restarts, eliminating the need to extract HttpOnly cookies via JavaScript (which fails due to browser security restrictions). + +This follows a Playwright-style "piggyback" authentication approach where the browser window maintains its own internal cookie store, allowing the user to log in once and have the session persist indefinitely until they manually close the window. + +## Acceptance Criteria + +- [x] Integration browser windows persist to database when created +- [x] Browser windows are automatically restored on app startup +- [x] Cookies are maintained automatically by the browser's internal store (no JavaScript extraction of HttpOnly cookies) +- [x] Windows can be manually closed by the user, which removes them from persistence +- [x] Database migration creates `persistent_webviews` table +- [x] Window close events are handled to update database and in-memory tracking + +## Work Implemented + +### 1. Database Migration for Persistent Webviews + +**Files Modified:** +- `src-tauri/src/db/migrations.rs:154-167` + +**Changes:** +- Added migration `013_create_persistent_webviews` to create the `persistent_webviews` table +- Table schema includes: + - `id` (TEXT PRIMARY KEY) + - `service` (TEXT with CHECK constraint for 'confluence', 'servicenow', 'azuredevops') + - `webview_label` (TEXT - the Tauri window identifier) + - `base_url` (TEXT - the integration base URL) + - `last_active` (TEXT timestamp, defaults to now) + - `window_x`, `window_y`, `window_width`, `window_height` (INTEGER - for future window position persistence) + - UNIQUE constraint on `service` (one browser window per integration) + +### 2. Webview Persistence on Creation + +**Files Modified:** +- `src-tauri/src/commands/integrations.rs:531-591` + +**Changes:** +- Modified `authenticate_with_webview` command to persist webview state to database after creation +- Stores service name, webview label, and base URL +- Logs persistence operation for debugging +- Sets up window close event handler to remove webview from tracking and database +- Event handler properly clones Arc fields for `'static` lifetime requirement +- Updated success message to inform user that window persists across restarts + +### 3. Webview Restoration on App Startup + +**Files Modified:** +- `src-tauri/src/commands/integrations.rs:793-865` - Added `restore_persistent_webviews` function +- `src-tauri/src/lib.rs:60-84` - Added `.setup()` hook to call restoration + +**Changes:** +- Added `restore_persistent_webviews` async function that: + - Queries `persistent_webviews` table for all saved webviews + - Recreates each webview window by calling `authenticate_with_webview` + - Updates in-memory tracking map + - Removes from database if restoration fails + - Logs all operations for debugging +- Updated `lib.rs` to call restoration in `.setup()` hook: + - Clones Arc fields from `AppState` for `'static` lifetime + - Spawns async task to restore webviews + - Logs warnings if restoration fails + +### 4. Window Close Event Handling + +**Files Modified:** +- `src-tauri/src/commands/integrations.rs:559-591` + +**Changes:** +- Added `on_window_event` listener to detect window close events +- On `CloseRequested` event: + - Spawns async task to clean up + - Removes service from in-memory `integration_webviews` map + - Deletes entry from `persistent_webviews` database table + - Logs all cleanup operations +- Properly handles Arc cloning to avoid lifetime issues in spawned task + +### 5. Removed Auto-Close Behavior + +**Files Modified:** +- `src-tauri/src/commands/integrations.rs:606-618` + +**Changes:** +- Removed automatic window closing in `extract_cookies_from_webview` +- Windows now stay open after cookie extraction +- Updated success message to inform user that window persists for future use + +### 6. Frontend UI Update - Removed "Complete Login" Button + +**Files Modified:** +- `src/pages/Settings/Integrations.tsx:371-409` - Updated webview authentication UI +- `src/pages/Settings/Integrations.tsx:140-165` - Simplified `handleConnectWebview` +- `src/pages/Settings/Integrations.tsx:167-200` - Removed `handleCompleteWebviewLogin` function +- `src/pages/Settings/Integrations.tsx:16-26` - Removed unused `extractCookiesFromWebviewCmd` import +- `src/pages/Settings/Integrations.tsx:670-677` - Updated authentication method comparison text + +**Changes:** +- Removed "Complete Login" button that tried to extract cookies via JavaScript +- Updated UI to show success message when browser opens, explaining persistence +- Removed confusing two-step flow (open browser β†’ complete login) +- New flow: click "Open Browser" β†’ log in β†’ leave window open (that's it!) +- Updated description text to explain persistent window behavior +- Mark integration as "connected" immediately when browser opens +- Removed unused function and import for cookie extraction + +### 7. Unused Import Cleanup + +**Files Modified:** +- `src-tauri/src/integrations/webview_auth.rs:2` +- `src-tauri/src/lib.rs:13` - Added `use tauri::Manager;` + +**Changes:** +- Removed unused `Listener` import from webview_auth.rs +- Added `Manager` trait import to lib.rs for `.state()` method + +## Testing Needed + +### Manual Testing + +1. **Initial Browser Window Creation** + - [ ] Navigate to Settings > Integrations + - [ ] Configure a Confluence integration with base URL + - [ ] Click "Open Browser" button + - [ ] Verify browser window opens with Confluence login page + - [ ] Complete login in the browser window + - [ ] Verify window stays open after login + +2. **Window Persistence Across Restarts** + - [ ] With Confluence browser window open, close the main application + - [ ] Relaunch the application + - [ ] Verify Confluence browser window is automatically restored + - [ ] Verify you are still logged in (cookies maintained) + - [ ] Navigate to different pages in Confluence to verify session works + +3. **Manual Window Close** + - [ ] With browser window open, manually close it (X button) + - [ ] Restart the application + - [ ] Verify browser window does NOT reopen (removed from persistence) + +4. **Database Verification** + - [ ] Open database: `sqlite3 ~/Library/Application\ Support/trcaa/data.db` + - [ ] Run: `SELECT * FROM persistent_webviews;` + - [ ] Verify entry exists when window is open + - [ ] Close window and verify entry is removed + +5. **Multiple Integration Windows** + - [ ] Open browser window for Confluence + - [ ] Open browser window for Azure DevOps + - [ ] Restart application + - [ ] Verify both windows are restored + - [ ] Close one window + - [ ] Verify only one is removed from database + - [ ] Restart and verify remaining window still restores + +6. **Cookie Persistence (No HttpOnly Extraction Needed)** + - [ ] Log into Confluence browser window + - [ ] Close main application + - [ ] Relaunch application + - [ ] Navigate to a Confluence page that requires authentication + - [ ] Verify you are still logged in (cookies maintained by browser) + +### Automated Testing + +```bash +# Type checking +npx tsc --noEmit + +# Rust compilation +cargo check --manifest-path src-tauri/Cargo.toml + +# Rust tests +cargo test --manifest-path src-tauri/Cargo.toml + +# Rust linting +cargo clippy --manifest-path src-tauri/Cargo.toml -- -D warnings +``` + +### Edge Cases to Test + +- Application crash while browser window is open (verify restoration on next launch) +- Database corruption (verify graceful handling of restore failures) +- Window already exists when trying to create duplicate (verify existing window is focused) +- Network connectivity lost during window restoration (verify error handling) +- Multiple rapid window open/close cycles (verify database consistency) + +## Architecture Notes + +### Design Decision: Persistent Windows vs Cookie Extraction + +**Problem:** HttpOnly cookies cannot be accessed via JavaScript (`document.cookie`), which broke the original cookie extraction approach for Confluence and other services. + +**Solution:** Instead of extracting cookies, keep the browser window alive across app restarts: +- Browser maintains its own internal cookie store (includes HttpOnly cookies) +- Cookies are automatically sent with all HTTP requests from the browser +- No need for JavaScript extraction or manual token management +- Matches Playwright's approach of persistent browser contexts + +### Lifecycle Flow + +1. **Window Creation:** User clicks "Open Browser" β†’ `authenticate_with_webview` creates window β†’ State saved to database +2. **App Running:** Window stays open, user can browse freely, cookies maintained by browser +3. **Window Close:** User closes window β†’ Event handler removes from database and memory +4. **App Restart:** `restore_persistent_webviews` queries database β†’ Recreates all windows β†’ Windows resume with original cookies + +### Database Schema + +```sql +CREATE TABLE persistent_webviews ( + id TEXT PRIMARY KEY, + service TEXT NOT NULL CHECK(service IN ('confluence','servicenow','azuredevops')), + webview_label TEXT NOT NULL, + base_url TEXT NOT NULL, + last_active TEXT NOT NULL DEFAULT (datetime('now')), + window_x INTEGER, + window_y INTEGER, + window_width INTEGER, + window_height INTEGER, + UNIQUE(service) +); +``` + +### Future Enhancements + +- [ ] Save and restore window position/size (columns already exist in schema) +- [ ] Add "last_active" timestamp updates on window focus events +- [ ] Implement "Close All Windows" command for cleanup +- [ ] Add visual indicator in main UI showing which integrations have active browser windows +- [ ] Implement session timeout logic (close windows after X days of inactivity) + +## Related Files + +- `src-tauri/src/db/migrations.rs` - Database schema migration +- `src-tauri/src/commands/integrations.rs` - Webview persistence and restoration logic +- `src-tauri/src/integrations/webview_auth.rs` - Browser window creation +- `src-tauri/src/lib.rs` - App startup hook for restoration +- `src-tauri/src/state.rs` - AppState structure with `integration_webviews` map + +## Security Considerations + +- Cookie storage remains in the browser's internal secure store (not extracted to database) +- Database only stores window metadata (service, label, URL) +- No credential information persisted beyond what the browser already maintains +- Audit log still tracks all integration API calls separately + +## Migration Path + +Users upgrading to this version will: +1. See new database migration `013_create_persistent_webviews` applied automatically +2. Existing integrations continue to work (migration is additive only) +3. First time opening a browser window will persist it for future sessions +4. No manual action required from users diff --git a/TICKET_SUMMARY.md b/TICKET_SUMMARY.md deleted file mode 100644 index 78a7a424..00000000 --- a/TICKET_SUMMARY.md +++ /dev/null @@ -1,155 +0,0 @@ -# Ticket Summary - UI Fixes and Audit Log Enhancement - -## Description - -This ticket addresses multiple UI and functionality issues reported in the tftsr-devops_investigation application: - -1. **Download Icons Visibility**: Download icons (PDF, DOCX) in RCA and Post-Mortem pages were not visible in dark theme -2. **Export File System Error**: "Read-only file system (os error 30)" error when attempting to export documents -3. **History Search Button**: Search button not visible in the History page -4. **Domain Filtering**: Domain-only filtering not working in History page -5. **Audit Log Enhancement**: Audit log showed only internal IDs, lacking actual transmitted data for security auditing - -## Acceptance Criteria - -- [ ] Download icons are visible in both light and dark themes on RCA and Post-Mortem pages -- [ ] Documents can be exported successfully to Downloads directory without filesystem errors -- [ ] Search button is visible with proper styling in History page -- [ ] Domain filter works independently without requiring a search query -- [ ] Audit log displays full transmitted data including: - - AI chat messages with provider details, user message, and response preview - - Document generation with content preview and metadata - - All entries show properly formatted JSON with details - -## Work Implemented - -### 1. Download Icons Visibility Fix -**Files Modified:** -- `src/components/DocEditor.tsx:60-67` - -**Changes:** -- Added `text-foreground` class to Download icons for PDF and DOCX buttons -- Ensures icons inherit the current theme's foreground color for visibility - -### 2. Export File System Error Fix -**Files Modified:** -- `src-tauri/Cargo.toml:38` - Added `dirs = "5"` dependency -- `src-tauri/src/commands/docs.rs:127-170` - Rewrote `export_document` function -- `src/pages/RCA/index.tsx:53-60` - Updated error handling and user feedback -- `src/pages/Postmortem/index.tsx:52-59` - Updated error handling and user feedback - -**Changes:** -- Modified `export_document` to use Downloads directory by default instead of "." -- Falls back to `app_data_dir/exports` if Downloads directory unavailable -- Added proper directory creation with error handling -- Updated frontend to show success message with file path -- Empty `output_dir` parameter now triggers default behavior - -### 3. Search Button Visibility Fix -**Files Modified:** -- `src/pages/History/index.tsx:124-127` - -**Changes:** -- Changed button from `variant="outline"` to default variant -- Added Search icon to button for better visibility -- Button now has proper contrast in both themes - -### 4. Domain-Only Filtering Fix -**Files Modified:** -- `src-tauri/src/commands/db.rs:305-312` - -**Changes:** -- Added missing `filter.domain` handling in `list_issues` function -- Domain filter now properly filters by `i.category` field -- Filter works independently of search query - -### 5. Audit Log Enhancement -**Files Modified:** -- `src-tauri/src/commands/ai.rs:242-266` - Enhanced AI chat audit logging -- `src-tauri/src/commands/docs.rs:44-73` - Enhanced RCA generation audit logging -- `src-tauri/src/commands/docs.rs:90-119` - Enhanced postmortem generation audit logging -- `src/pages/Settings/Security.tsx:191-206` - Enhanced audit log display - -**Changes:** -- AI chat audit now captures: - - Provider name, model, and API URL - - Full user message - - Response preview (first 200 chars) - - Token count -- Document generation audit now captures: - - Issue ID and title - - Document type and title - - Content length and preview (first 300 chars) -- Security page now displays: - - Pretty-printed JSON with proper formatting - - Entry ID and entity type below the data - - Better layout with whitespace handling - -## Testing Needed - -### Manual Testing - -1. **Download Icons Visibility** - - [ ] Open RCA page in light theme - - [ ] Verify PDF and DOCX download icons are visible - - [ ] Switch to dark theme - - [ ] Verify PDF and DOCX download icons are still visible - -2. **Export Functionality** - - [ ] Generate an RCA document - - [ ] Click "PDF" export button - - [ ] Verify file is created in Downloads directory - - [ ] Verify success message displays with file path - - [ ] Check file opens correctly - - [ ] Repeat for "MD" and "DOCX" formats - - [ ] Test on Post-Mortem page as well - -3. **History Search Button** - - [ ] Navigate to History page - - [ ] Verify Search button is visible - - [ ] Verify button has search icon - - [ ] Test button in both light and dark themes - -4. **Domain Filtering** - - [ ] Navigate to History page - - [ ] Select a domain from dropdown (e.g., "Linux") - - [ ] Do NOT enter any search text - - [ ] Verify issues are filtered by selected domain - - [ ] Change domain selection - - [ ] Verify filtering updates correctly - -5. **Audit Log** - - [ ] Perform an AI chat interaction - - [ ] Navigate to Settings > Security > Audit Log - - [ ] Click "View" on a recent entry - - [ ] Verify transmitted data shows: - - Provider details - - User message - - Response preview - - [ ] Generate an RCA or Post-Mortem - - [ ] Check audit log for document generation entry - - [ ] Verify content preview and metadata are visible - -### Automated Testing - -```bash -# Type checking -npx tsc --noEmit - -# Rust compilation -cargo check --manifest-path src-tauri/Cargo.toml - -# Rust linting -cargo clippy --manifest-path src-tauri/Cargo.toml -- -D warnings - -# Frontend tests (if applicable) -npm run test:run -``` - -### Edge Cases to Test - -- Export when Downloads directory doesn't exist -- Export with very long document titles (special character handling) -- Domain filter with empty result set -- Audit log with very large payloads (>1000 chars) -- Audit log JSON parsing errors (malformed data) diff --git a/docs/architecture/README.md b/docs/architecture/README.md new file mode 100644 index 00000000..3dc8b37b --- /dev/null +++ b/docs/architecture/README.md @@ -0,0 +1,863 @@ +# TRCAA Architecture Documentation + +**Troubleshooting and RCA Assistant** β€” C4-model architecture documentation using Mermaid diagrams. + +--- + +## Table of Contents + +1. [System Context (C4 Level 1)](#system-context) +2. [Container Architecture (C4 Level 2)](#container-architecture) +3. [Component Architecture (C4 Level 3)](#component-architecture) +4. [Data Architecture](#data-architecture) +5. [Security Architecture](#security-architecture) +6. [AI Provider Architecture](#ai-provider-architecture) +7. [Integration Architecture](#integration-architecture) +8. [Deployment Architecture](#deployment-architecture) +9. [Key Data Flows](#key-data-flows) +10. [Architecture Decision Records](#architecture-decision-records) + +--- + +## System Context + +The system context diagram shows TRCAA in relation to its users and external systems. + +```mermaid +C4Context + title System Context β€” Troubleshooting and RCA Assistant + + Person(it_eng, "IT Engineer", "Diagnoses incidents and conducts root cause analysis") + + System(trcaa, "TRCAA Desktop App", "Structured AI-backed assistant for IT troubleshooting, 5-whys RCA, and post-mortem documentation") + + System_Ext(ollama, "Ollama (Local)", "Runs open-source LLMs locally (llama3, mistral, phi3)") + System_Ext(openai, "OpenAI API", "GPT-4o, GPT-4o-mini for cloud AI inference") + System_Ext(anthropic, "Anthropic API", "Claude 3.5 Sonnet, Claude Haiku") + System_Ext(gemini, "Google Gemini API", "Gemini Pro for cloud AI inference") + System_Ext(custom_rest, "Custom REST Gateway", "Enterprise AI gateway (custom REST format)") + + System_Ext(confluence, "Confluence", "Atlassian wiki β€” publish RCA docs") + System_Ext(servicenow, "ServiceNow", "ITSM platform β€” create incident tickets") + System_Ext(ado, "Azure DevOps", "Work item tracking and collaboration") + + Rel(it_eng, trcaa, "Uses", "Desktop app (Tauri WebView)") + Rel(trcaa, ollama, "AI inference", "HTTP/JSON (local)") + Rel(trcaa, openai, "AI inference", "HTTPS/REST") + Rel(trcaa, anthropic, "AI inference", "HTTPS/REST") + Rel(trcaa, gemini, "AI inference", "HTTPS/REST") + Rel(trcaa, custom_rest, "AI inference", "HTTPS/REST") + Rel(trcaa, confluence, "Publish RCA docs", "HTTPS/REST + OAuth2") + Rel(trcaa, servicenow, "Create incidents", "HTTPS/REST + OAuth2") + Rel(trcaa, ado, "Create work items", "HTTPS/REST + OAuth2") +``` + +--- + +## Container Architecture + +TRCAA is a single-process Tauri 2 desktop application. The "containers" are logical boundaries within the process. + +```mermaid +C4Container + title Container Architecture β€” TRCAA + + Person(user, "IT Engineer") + + System_Boundary(trcaa, "TRCAA Desktop Process") { + Container(webview, "React Frontend", "React 18 + TypeScript + Vite", "Renders UI via OS WebView (WebKit/WebView2). Manages ephemeral session state and persisted settings.") + Container(tauri_core, "Tauri Core / IPC Bridge", "Rust / Tauri 2", "Routes invoke() calls between WebView and backend command handlers. Enforces capability ACL.") + Container(rust_backend, "Rust Backend", "Rust / Tokio async", "Command handlers, AI provider clients, PII engine, document generation, integration clients, audit logging.") + ContainerDb(db, "SQLCipher Database", "SQLite + SQLCipher AES-256", "All persistent data: issues, logs, messages, audit trail, credentials, AI provider configs.") + ContainerDb(stronghold, "Stronghold Key Store", "tauri-plugin-stronghold", "Encrypted key-value store for symmetric key material.") + ContainerDb(local_fs, "Local Filesystem", "App data directory", "Redacted log files, .dbkey, .enckey, exported documents.") + } + + System_Ext(ai_providers, "AI Providers", "OpenAI, Anthropic, Gemini, Mistral, Ollama") + System_Ext(integrations, "Integrations", "Confluence, ServiceNow, Azure DevOps") + + Rel(user, webview, "Interacts with", "Mouse/keyboard via OS WebView") + Rel(webview, tauri_core, "IPC calls", "invoke() / Tauri JS bridge") + Rel(tauri_core, rust_backend, "Dispatches commands", "Rust function calls") + Rel(rust_backend, db, "Reads/writes", "rusqlite (sync, mutex-guarded)") + Rel(rust_backend, stronghold, "Reads/writes keys", "Plugin API") + Rel(rust_backend, local_fs, "Reads/writes files", "std::fs") + Rel(rust_backend, ai_providers, "AI inference", "reqwest async HTTP") + Rel(rust_backend, integrations, "API calls", "reqwest async HTTP + OAuth2") +``` + +--- + +## Component Architecture + +### Backend Components + +```mermaid +graph TD + subgraph "Tauri IPC Layer" + IPC[IPC Command Router\nlib.rs generate_handler!] + end + + subgraph "Command Handlers (commands/)" + CMD_DB[db.rs\nIssue CRUD\nTimeline Events\n5-Whys Entries] + CMD_AI[ai.rs\nChat Message\nLog Analysis\nProvider Test] + CMD_ANALYSIS[analysis.rs\nLog Upload\nPII Detection\nRedaction Apply] + CMD_DOCS[docs.rs\nRCA Generation\nPostmortem Gen\nDocument Export] + CMD_INTEGRATIONS[integrations.rs\nConfluence\nServiceNow\nAzure DevOps\nOAuth Flow] + CMD_SYSTEM[system.rs\nSettings CRUD\nOllama Mgmt\nAI Provider Mgmt\nAudit Log] + end + + subgraph "Domain Services" + AI[AI Layer\nai/provider.rs\nTrait + Factory] + PII[PII Engine\npii/detector.rs\n12 Pattern Detectors] + AUDIT[Audit Logger\naudit/log.rs\nHash-chained entries] + DOCS_GEN[Doc Generator\ndocs/rca.rs\ndocs/postmortem.rs] + end + + subgraph "AI Providers (ai/)" + ANTHROPIC[anthropic.rs\nClaude API] + OPENAI[openai.rs\nOpenAI + Custom REST] + OLLAMA[ollama.rs\nLocal Models] + GEMINI[gemini.rs\nGoogle Gemini] + MISTRAL[mistral.rs\nMistral API] + end + + subgraph "Integration Clients (integrations/)" + CONFLUENCE[confluence.rs\nconfluence_search.rs] + SERVICENOW[servicenow.rs\nservicenow_search.rs] + AZUREDEVOPS[azuredevops.rs\nazuredevops_search.rs] + AUTH[auth.rs\nAES-256-GCM\nToken Encryption] + WEBVIEW_AUTH[webview_auth.rs\nOAuth WebView\nCallback Server] + end + + subgraph "Data Layer (db/)" + MIGRATIONS[migrations.rs\n14 Schema Versions] + MODELS[models.rs\nIssue / LogFile\nAiMessage / Document\nAuditEntry / Credential] + CONNECTION[connection.rs\nSQLCipher Connect\nKey Auto-gen\nPlainβ†’Encrypted Migration] + end + + IPC --> CMD_DB + IPC --> CMD_AI + IPC --> CMD_ANALYSIS + IPC --> CMD_DOCS + IPC --> CMD_INTEGRATIONS + IPC --> CMD_SYSTEM + + CMD_AI --> AI + CMD_ANALYSIS --> PII + CMD_DOCS --> DOCS_GEN + CMD_INTEGRATIONS --> CONFLUENCE + CMD_INTEGRATIONS --> SERVICENOW + CMD_INTEGRATIONS --> AZUREDEVOPS + CMD_INTEGRATIONS --> AUTH + CMD_INTEGRATIONS --> WEBVIEW_AUTH + + AI --> ANTHROPIC + AI --> OPENAI + AI --> OLLAMA + AI --> GEMINI + AI --> MISTRAL + + CMD_DB --> MODELS + CMD_AI --> AUDIT + CMD_ANALYSIS --> AUDIT + MODELS --> MIGRATIONS + MIGRATIONS --> CONNECTION + + style IPC fill:#4a90d9,color:#fff + style AI fill:#7b68ee,color:#fff + style PII fill:#e67e22,color:#fff + style AUDIT fill:#c0392b,color:#fff +``` + +### Frontend Components + +```mermaid +graph TD + subgraph "React Application (src/)" + APP[App.tsx\nSidebar + Router\nTheme Provider] + end + + subgraph "Pages (src/pages/)" + DASHBOARD[Dashboard\nStats + Quick Actions] + NEW_ISSUE[NewIssue\nCreate Form] + LOG_UPLOAD[LogUpload\nFile Upload + PII Review] + TRIAGE[Triage\n5-Whys AI Chat] + RESOLUTION[Resolution\nStep Tracking] + RCA[RCA\nDocument Editor] + POSTMORTEM[Postmortem\nDocument Editor] + HISTORY[History\nSearch + Filter] + SETTINGS[Settings\nProviders / Ollama\nIntegrations / Security] + end + + subgraph "Components (src/components/)" + CHAT_WIN[ChatWindow\nStreaming Messages] + DOC_EDITOR[DocEditor\nMarkdown Editor] + PII_DIFF[PiiDiffViewer\nSide-by-side Diff] + HW_REPORT[HardwareReport\nSystem Specs] + MODEL_SEL[ModelSelector\nProvider Dropdown] + TRIAGE_PROG[TriageProgress\n5-Whys Steps] + end + + subgraph "State (src/stores/)" + SESSION[sessionStore\nEphemeral β€” NOT persisted\nCurrentIssue / Messages\nPiiSpans / WhyLevel] + SETTINGS_STORE[settingsStore\nPersisted to localStorage\nTheme / ActiveProvider\nPiiPatterns] + HISTORY_STORE[historyStore\nCached issue list\nSearch results] + end + + subgraph "IPC Layer (src/lib/)" + IPC[tauriCommands.ts\nTyped invoke() wrappers\nAll Tauri commands] + PROMPTS[domainPrompts.ts\n8 Domain System Prompts] + end + + APP --> DASHBOARD + APP --> TRIAGE + APP --> LOG_UPLOAD + APP --> HISTORY + APP --> SETTINGS + + TRIAGE --> CHAT_WIN + TRIAGE --> TRIAGE_PROG + LOG_UPLOAD --> PII_DIFF + RCA --> DOC_EDITOR + POSTMORTEM --> DOC_EDITOR + SETTINGS --> HW_REPORT + SETTINGS --> MODEL_SEL + + TRIAGE --> SESSION + TRIAGE --> SETTINGS_STORE + HISTORY --> HISTORY_STORE + SETTINGS --> SETTINGS_STORE + + CHAT_WIN --> IPC + LOG_UPLOAD --> IPC + RCA --> IPC + SETTINGS --> IPC + + IPC --> PROMPTS + + style SESSION fill:#e74c3c,color:#fff + style SETTINGS_STORE fill:#27ae60,color:#fff + style IPC fill:#4a90d9,color:#fff +``` + +--- + +## Data Architecture + +### Database Schema + +```mermaid +erDiagram + issues { + TEXT id PK + TEXT title + TEXT description + TEXT severity + TEXT status + TEXT category + TEXT source + TEXT assigned_to + TEXT tags + TEXT created_at + TEXT updated_at + } + log_files { + TEXT id PK + TEXT issue_id FK + TEXT file_name + TEXT content_hash + TEXT mime_type + INTEGER size_bytes + INTEGER redacted + TEXT created_at + } + pii_spans { + TEXT id PK + TEXT log_file_id FK + INTEGER start_offset + INTEGER end_offset + TEXT original_value + TEXT replacement + TEXT pattern_type + INTEGER approved + } + ai_conversations { + TEXT id PK + TEXT issue_id FK + TEXT provider_name + TEXT model_name + TEXT created_at + } + ai_messages { + TEXT id PK + TEXT conversation_id FK + TEXT role + TEXT content + INTEGER token_count + TEXT created_at + } + resolution_steps { + TEXT id PK + TEXT issue_id FK + INTEGER step_order + TEXT question + TEXT answer + TEXT evidence + TEXT created_at + } + documents { + TEXT id PK + TEXT issue_id FK + TEXT doc_type + TEXT title + TEXT content_md + TEXT created_at + TEXT updated_at + } + audit_log { + TEXT id PK + TEXT action + TEXT entity_type + TEXT entity_id + TEXT prev_hash + TEXT entry_hash + TEXT details + TEXT created_at + } + credentials { + TEXT id PK + TEXT service UNIQUE + TEXT token_type + TEXT encrypted_token + TEXT token_hash + TEXT expires_at + TEXT created_at + } + integration_config { + TEXT id PK + TEXT service UNIQUE + TEXT base_url + TEXT username + TEXT project_name + TEXT space_key + INTEGER auto_create + } + ai_providers { + TEXT id PK + TEXT name UNIQUE + TEXT provider_type + TEXT api_url + TEXT encrypted_api_key + TEXT model + TEXT config_json + } + issues_fts { + TEXT rowid FK + TEXT title + TEXT description + } + + issues ||--o{ log_files : "has" + issues ||--o{ ai_conversations : "has" + issues ||--o{ resolution_steps : "has" + issues ||--o{ documents : "has" + issues ||--|| issues_fts : "indexed by" + log_files ||--o{ pii_spans : "contains" + ai_conversations ||--o{ ai_messages : "contains" +``` + +### Data Flow β€” Issue Triage Lifecycle + +```mermaid +sequenceDiagram + participant U as User + participant FE as React Frontend + participant IPC as Tauri IPC + participant BE as Rust Backend + participant PII as PII Engine + participant AI as AI Provider + participant DB as SQLCipher DB + + U->>FE: Create new issue + FE->>IPC: create_issue(title, severity) + IPC->>BE: cmd::db::create_issue() + BE->>DB: INSERT INTO issues + DB-->>BE: Issue{id, ...} + BE-->>FE: Issue + + U->>FE: Upload log file + FE->>IPC: upload_log_file(issue_id, path) + IPC->>BE: cmd::analysis::upload_log_file() + BE->>BE: Read file, SHA-256 hash + BE->>DB: INSERT INTO log_files + BE->>PII: detect(content) + PII-->>BE: Vec + BE->>DB: INSERT INTO pii_spans + BE-->>FE: {log_file, spans} + + U->>FE: Approve redactions + FE->>IPC: apply_redactions(log_file_id, span_ids) + IPC->>BE: cmd::analysis::apply_redactions() + BE->>DB: UPDATE pii_spans SET approved=1 + BE->>BE: Write .redacted file + BE->>DB: UPDATE log_files SET redacted=1 + BE->>DB: INSERT INTO audit_log (hash-chained) + + U->>FE: Start AI triage + FE->>IPC: analyze_logs(issue_id, ...) + IPC->>BE: cmd::ai::analyze_logs() + BE->>DB: SELECT redacted log content + BE->>AI: POST /chat/completions (redacted content) + AI-->>BE: {summary, findings, why1, severity} + BE->>DB: INSERT ai_messages + BE-->>FE: AnalysisResult + + loop 5-Whys Iteration + U->>FE: Ask "Why?" question + FE->>IPC: chat_message(conversation_id, msg) + IPC->>BE: cmd::ai::chat_message() + BE->>DB: SELECT conversation history + BE->>AI: POST /chat/completions + AI-->>BE: Response with why level detection + BE->>DB: INSERT ai_messages + BE-->>FE: ChatResponse{content, why_level} + FE->>FE: Auto-advance why level (1β†’5) + end + + U->>FE: Generate RCA + FE->>IPC: generate_rca(issue_id) + IPC->>BE: cmd::docs::generate_rca() + BE->>DB: SELECT issue + steps + conversations + BE->>BE: Build markdown template + BE->>DB: INSERT INTO documents + BE-->>FE: Document{content_md} +``` + +--- + +## Security Architecture + +### Security Layers + +```mermaid +graph TB + subgraph "Layer 1: Network Security" + CSP[Content Security Policy\nallow-list of external hosts] + TLS[TLS Enforcement\nreqwest HTTPS only] + CAP[Tauri Capability ACL\nLeast-privilege permissions] + end + + subgraph "Layer 2: Data Encryption" + SQLCIPHER[SQLCipher AES-256\nFull database encryption\nPBKDF2-SHA512, 256k iterations] + AES_GCM[AES-256-GCM\nCredential token encryption\nUnique nonce per encrypt] + STRONGHOLD[Tauri Stronghold\nKey derivation + storage\nArgon2 password hashing] + end + + subgraph "Layer 3: Key Management" + DB_KEY[.dbkey file\nPer-install random 256-bit key\nMode 0600 β€” owner only] + ENC_KEY[.enckey file\nPer-install random 256-bit key\nMode 0600 β€” owner only] + ENV_OVERRIDE[TFTSR_DB_KEY / TFTSR_ENCRYPTION_KEY\nOptional env var override] + end + + subgraph "Layer 4: PII Protection" + PII_DETECT[12-Pattern PII Detector\nEmail / IP / Phone / SSN\nTokens / Passwords / MAC] + USER_APPROVE[User Approval Gate\nManual review before AI send] + AUDIT[Hash-chained Audit Log\nprev_hash β†’ entry_hash\nTamper detection] + end + + subgraph "Layer 5: Credential Storage" + TOKEN_HASH[Token Hash Storage\nSHA-256 hash in credentials table] + TOKEN_ENC[Token Encrypted Storage\nAES-256-GCM ciphertext] + NO_BROWSER[No Browser Storage\nAPI keys never in localStorage] + end + + SQLCIPHER --> DB_KEY + AES_GCM --> ENC_KEY + DB_KEY --> ENV_OVERRIDE + ENC_KEY --> ENV_OVERRIDE + TOKEN_ENC --> AES_GCM + TOKEN_HASH --> AUDIT + + style SQLCIPHER fill:#c0392b,color:#fff + style AES_GCM fill:#c0392b,color:#fff + style AUDIT fill:#e67e22,color:#fff + style PII_DETECT fill:#e67e22,color:#fff + style USER_APPROVE fill:#27ae60,color:#fff +``` + +### Authentication Flow β€” OAuth2 Integration + +```mermaid +sequenceDiagram + participant U as User + participant FE as Frontend + participant BE as Rust Backend + participant WV as WebView Window + participant CB as Callback Server\n(warp, port 8765) + participant EXT as External Service\n(Confluence/ADO) + + U->>FE: Click "Connect" for integration + FE->>BE: initiate_oauth(service) + BE->>BE: Generate PKCE code_verifier + code_challenge + BE->>CB: Start warp server (localhost:8765) + BE->>WV: Open auth URL in new WebView window + WV->>EXT: GET /oauth/authorize?code_challenge=... + EXT-->>WV: Login page + U->>WV: Enter credentials + WV->>EXT: POST credentials + EXT-->>WV: Redirect to localhost:8765/callback?code=xxx + WV->>CB: GET /callback?code=xxx + CB->>BE: Signal auth code received + BE->>EXT: POST /oauth/token (code + code_verifier) + EXT-->>BE: access_token + refresh_token + BE->>BE: encrypt_token(access_token) + BE->>DB: INSERT credentials (encrypted_token, token_hash) + BE->>DB: INSERT audit_log + BE-->>FE: OAuth complete + FE->>FE: Show "Connected" status +``` + +--- + +## AI Provider Architecture + +### Provider Trait Pattern + +```mermaid +classDiagram + class Provider { + <> + +name() String + +chat(messages, config) Future~ChatResponse~ + +info() ProviderInfo + } + + class AnthropicProvider { + -api_key: String + -model: String + +chat(messages, config) + +name() "anthropic" + } + + class OpenAiProvider { + -api_url: String + -api_key: String + -model: String + -api_format: ApiFormat + +chat(messages, config) + +name() "openai" + } + + class OllamaProvider { + -base_url: String + -model: String + +chat(messages, config) + +name() "ollama" + } + + class GeminiProvider { + -api_key: String + -model: String + +chat(messages, config) + +name() "gemini" + } + + class MistralProvider { + -api_key: String + -model: String + +chat(messages, config) + +name() "mistral" + } + + class ProviderFactory { + +create_provider(config: ProviderConfig) Box~dyn Provider~ + } + + class ProviderConfig { + +name: String + +provider_type: String + +api_url: String + +api_key: String + +model: String + +max_tokens: Option~u32~ + +temperature: Option~f64~ + +custom_endpoint_path: Option~String~ + +custom_auth_header: Option~String~ + +custom_auth_prefix: Option~String~ + +api_format: Option~String~ + } + + Provider <|.. AnthropicProvider + Provider <|.. OpenAiProvider + Provider <|.. OllamaProvider + Provider <|.. GeminiProvider + Provider <|.. MistralProvider + ProviderFactory --> Provider : creates + ProviderFactory --> ProviderConfig : consumes +``` + +### Tool Calling Flow (Azure DevOps) + +```mermaid +sequenceDiagram + participant U as User + participant FE as Frontend + participant BE as Rust Backend + participant AI as AI Provider + participant ADO as Azure DevOps API + + U->>FE: Chat message mentioning ADO work item + FE->>BE: chat_message(conversation_id, msg, provider_config) + BE->>BE: Inject get_available_tools() into request + BE->>AI: POST /chat/completions {messages, tools: [add_ado_comment]} + AI-->>BE: {tool_calls: [{function: "add_ado_comment", args: {work_item_id, comment_text}}]} + BE->>BE: Parse tool_calls from response + BE->>BE: Validate tool name matches registered tools + BE->>ADO: PATCH /wit/workitems/{id}?api-version=7.0 (add comment) + ADO-->>BE: 200 OK + BE->>BE: Format tool result message + BE->>AI: POST /chat/completions {messages, tool_result} + AI-->>BE: Final response to user + BE->>DB: INSERT ai_messages (tool call + result) + BE-->>FE: ChatResponse{content} +``` + +--- + +## Integration Architecture + +```mermaid +graph LR + subgraph "Integration Layer (integrations/)" + AUTH[auth.rs\nToken Encryption\nOAuth + PKCE\nCookie Extraction] + + subgraph "Confluence" + CF[confluence.rs\nPublish Documents\nSpace Management] + CF_SEARCH[confluence_search.rs\nContent Search\nPersistent WebView] + end + + subgraph "ServiceNow" + SN[servicenow.rs\nCreate Incidents\nUpdate Records] + SN_SEARCH[servicenow_search.rs\nIncident Search\nKnowledge Base] + end + + subgraph "Azure DevOps" + ADO[azuredevops.rs\nWork Items CRUD\nComments (AI tool)] + ADO_SEARCH[azuredevops_search.rs\nWork Item Search\nPersistent WebView] + end + + subgraph "Auth Infrastructure" + WV_AUTH[webview_auth.rs\nOAuth WebView\nLogin Flow] + CB_SERVER[callback_server.rs\nwarp HTTP Server\nlocalhost:8765] + NAT_COOKIES[native_cookies*.rs\nPlatform Cookie\nExtraction] + end + end + + subgraph "External Services" + CF_EXT[Atlassian Confluence\nhttps://*.atlassian.net] + SN_EXT[ServiceNow\nhttps://*.service-now.com] + ADO_EXT[Azure DevOps\nhttps://dev.azure.com] + end + + AUTH --> CF + AUTH --> SN + AUTH --> ADO + WV_AUTH --> CB_SERVER + WV_AUTH --> NAT_COOKIES + + CF --> CF_EXT + CF_SEARCH --> CF_EXT + SN --> SN_EXT + SN_SEARCH --> SN_EXT + ADO --> ADO_EXT + ADO_SEARCH --> ADO_EXT + + style AUTH fill:#c0392b,color:#fff +``` + +--- + +## Deployment Architecture + +### CI/CD Pipeline + +```mermaid +graph TB + subgraph "Source Control" + GOGS[Gogs / Gitea\ngogs.tftsr.com\nSarman Repository] + end + + subgraph "CI/CD Triggers" + PR_TRIGGER[PR Opened/Updated\ntest.yml workflow] + MASTER_TRIGGER[Push to master\nauto-tag.yml workflow] + DOCKER_TRIGGER[.docker/ changes\nbuild-images.yml workflow] + end + + subgraph "Test Runner β€” amd64-docker-runner" + RUSTFMT[1. rustfmt\nFormat Check] + CLIPPY[2. clippy\n-D warnings] + CARGO_TEST[3. cargo test\n64 Rust tests] + TSC[4. tsc --noEmit\nType Check] + VITEST[5. vitest run\n13 JS tests] + end + + subgraph "Release Builders (Parallel)" + AMD64[linux/amd64\nDocker: trcaa-linux-amd64\n.deb .rpm .AppImage] + WINDOWS[windows/amd64\nDocker: trcaa-windows-cross\n.exe .msi] + ARM64[linux/arm64\narm64 native runner\n.deb .rpm .AppImage] + MACOS[macOS arm64\nnative macOS runner\n.app .dmg] + end + + subgraph "Artifact Storage" + RELEASE[Gitea Release\nv0.x.x tags\nAll platform assets] + REGISTRY[Gitea Container Registry\n172.0.0.29:3000\nCI Docker images] + end + + GOGS --> PR_TRIGGER + GOGS --> MASTER_TRIGGER + GOGS --> DOCKER_TRIGGER + + PR_TRIGGER --> RUSTFMT + RUSTFMT --> CLIPPY + CLIPPY --> CARGO_TEST + CARGO_TEST --> TSC + TSC --> VITEST + + MASTER_TRIGGER --> AMD64 + MASTER_TRIGGER --> WINDOWS + MASTER_TRIGGER --> ARM64 + MASTER_TRIGGER --> MACOS + + AMD64 --> RELEASE + WINDOWS --> RELEASE + ARM64 --> RELEASE + MACOS --> RELEASE + + DOCKER_TRIGGER --> REGISTRY + + style VITEST fill:#27ae60,color:#fff + style RELEASE fill:#4a90d9,color:#fff +``` + +### Runtime Architecture (per Platform) + +```mermaid +graph TB + subgraph "macOS Runtime" + MAC_PROC[trcaa process\nMach-O arm64 binary] + WEBKIT[WKWebView\nSafari WebKit engine] + MAC_DATA[~/Library/Application Support/trcaa/\n.dbkey mode 0600\n.enckey mode 0600\ntrcaa.db SQLCipher] + MAC_BUNDLE[Troubleshooting and RCA Assistant.app\n/Applications/] + end + + subgraph "Linux Runtime" + LINUX_PROC[trcaa process\nELF amd64/arm64] + WEBKIT2[WebKitGTK WebView\nwebkit2gtk4.1] + LINUX_DATA[~/.local/share/trcaa/\n.dbkey .enckey\ntrcaa.db] + LINUX_PKG[.deb / .rpm / .AppImage] + end + + subgraph "Windows Runtime" + WIN_PROC[trcaa.exe\nPE amd64] + WEBVIEW2[Microsoft WebView2\nChromium-based] + WIN_DATA[%APPDATA%\trcaa\\\n.dbkey .enckey\ntrcaa.db] + WIN_PKG[NSIS .exe / .msi] + end + + MAC_BUNDLE --> MAC_PROC + MAC_PROC --> WEBKIT + MAC_PROC --> MAC_DATA + + LINUX_PKG --> LINUX_PROC + LINUX_PROC --> WEBKIT2 + LINUX_PROC --> LINUX_DATA + + WIN_PKG --> WIN_PROC + WIN_PROC --> WEBVIEW2 + WIN_PROC --> WIN_DATA +``` + +--- + +## Key Data Flows + +### PII Detection and Redaction + +```mermaid +flowchart TD + A[User uploads log file] --> B[Read file contents\nmax 50MB] + B --> C[Compute SHA-256 hash] + C --> D[Store metadata in log_files table] + D --> E[Run PII Detection Engine] + + subgraph "PII Engine" + E --> F{12 Pattern Detectors} + F --> G[Email Regex] + F --> H[IPv4/IPv6 Regex] + F --> I[Bearer Token Regex] + F --> J[Password Regex] + F --> K[SSN / Phone / CC] + F --> L[MAC / Hostname] + G & H & I & J & K & L --> M[Collect all spans] + M --> N[Sort by start offset] + N --> O[Remove overlaps\nlongest span wins] + end + + O --> P[Store pii_spans in DB\nwith UUID per span] + P --> Q[Return spans to UI] + Q --> R[PiiDiffViewer\nSide-by-side diff] + R --> S{User reviews} + S -->|Approve| T[apply_redactions\nMark spans approved] + S -->|Dismiss| U[Remove from approved set] + T --> V[Write .redacted log file\nreplace spans with placeholders] + V --> W[Update log_files.redacted = 1] + W --> X[Append to audit_log\nhash-chained entry] + X --> Y[Log now safe for AI send] +``` + +### Encryption Key Lifecycle + +```mermaid +flowchart TD + A[App Launch] --> B{TFTSR_DB_KEY env var set?} + B -->|Yes| C[Use env var key] + B -->|No| D{Release build?} + D -->|Debug| E[Use hardcoded dev key] + D -->|Release| F{.dbkey file exists?} + F -->|Yes| G[Load key from .dbkey] + F -->|No| H[Generate 32 random bytes\nhex-encode β†’ 64 char key] + H --> I[Write to .dbkey\nmode 0600] + I --> J[Use generated key] + + G --> K{Open database} + C --> K + E --> K + J --> K + + K --> L{SQLCipher decrypt success?} + L -->|Yes| M[Run migrations\nDatabase ready] + L -->|No| N{File is plain SQLite?} + N -->|Yes| O[migrate_plain_to_encrypted\nCreate .db.plain-backup\nATTACH + sqlcipher_export] + N -->|No| P[Fatal error\nDatabase corrupt] + O --> M + + style H fill:#27ae60,color:#fff + style O fill:#e67e22,color:#fff + style P fill:#c0392b,color:#fff +``` + +--- + +## Architecture Decision Records + +See the [adrs/](./adrs/) directory for all Architecture Decision Records. + +| ADR | Title | Status | +|-----|-------|--------| +| [ADR-001](./adrs/ADR-001-tauri-desktop-framework.md) | Tauri as Desktop Framework | Accepted | +| [ADR-002](./adrs/ADR-002-sqlcipher-encrypted-database.md) | SQLCipher for Encrypted Storage | Accepted | +| [ADR-003](./adrs/ADR-003-provider-trait-pattern.md) | Provider Trait Pattern for AI Backends | Accepted | +| [ADR-004](./adrs/ADR-004-pii-regex-aho-corasick.md) | Regex + Aho-Corasick for PII Detection | Accepted | +| [ADR-005](./adrs/ADR-005-auto-generate-encryption-keys.md) | Auto-generate Encryption Keys at Runtime | Accepted | +| [ADR-006](./adrs/ADR-006-zustand-state-management.md) | Zustand for Frontend State Management | Accepted | diff --git a/docs/architecture/adrs/ADR-001-tauri-desktop-framework.md b/docs/architecture/adrs/ADR-001-tauri-desktop-framework.md new file mode 100644 index 00000000..f0910bd5 --- /dev/null +++ b/docs/architecture/adrs/ADR-001-tauri-desktop-framework.md @@ -0,0 +1,66 @@ +# ADR-001: Tauri as Desktop Framework + +**Status**: Accepted +**Date**: 2025-Q3 +**Deciders**: sarman + +--- + +## Context + +A cross-platform desktop application is required for IT engineers who need: +- Fully offline operation (local AI via Ollama) +- Encrypted local data storage (sensitive incident details) +- Access to local filesystem (log files) +- No telemetry or cloud dependency for core functionality +- Distribution on Linux, macOS, and Windows + +The main alternatives considered were **Electron**, **Flutter**, **Qt**, and a pure **web app**. + +--- + +## Decision + +Use **Tauri 2** with a **Rust backend** and **React/TypeScript frontend**. + +--- + +## Rationale + +| Criterion | Tauri 2 | Electron | Flutter | Web App | +|-----------|---------|----------|---------|---------| +| Binary size | ~8 MB | ~120+ MB | ~40 MB | N/A | +| Memory footprint | ~50 MB | ~200+ MB | ~100 MB | N/A | +| OS WebView | Yes (native) | No (bundled Chromium) | No | N/A | +| Rust backend | Yes (native perf) | No (Node.js) | No (Dart) | No | +| Filesystem access | Scoped ACL | Unrestricted by default | Limited | CORS-limited | +| Offline-first | Yes | Yes | Yes | No | +| SQLCipher integration | Via rusqlite | Via better-sqlite3 | Via plugin | No | +| Existing team skills | Rust + React | Node.js + React | Dart | TypeScript | + +**Tauri's advantages for this use case:** +1. **Security model**: Capability-based ACL prevents frontend from making arbitrary system calls. The frontend can only call explicitly-declared commands. +2. **Performance**: Rust backend handles CPU-intensive work (PII regex scanning, PDF generation, SQLCipher operations) without Node.js overhead. +3. **Binary size**: Uses the OS-native WebView (WebKit on macOS/Linux, WebView2 on Windows) β€” no bundled browser engine. +4. **Stronghold plugin**: Built-in encrypted key-value store for credential management. +5. **IPC type safety**: `generate_handler![]` macro ensures all IPC commands are registered; `invoke()` on the frontend can be fully typed via `tauriCommands.ts`. + +--- + +## Consequences + +**Positive:** +- Small distributable (<20 MB .dmg vs 150+ MB Electron .dmg) +- Rust's memory safety prevents a class of security bugs +- Tauri's CSP enforcement and capability ACL provide defense-in-depth +- Native OS dialogs, file pickers, and notifications + +**Negative:** +- WebKit/WebView2 inconsistencies require cross-browser testing +- Rust compile times are longer than Node.js (mitigated by Docker CI caching) +- Tauri 2 is relatively new β€” smaller ecosystem than Electron +- macOS builds require a macOS runner (no cross-compilation) + +**Neutral:** +- React frontend works identically to a web app β€” no desktop-specific UI code needed +- TypeScript IPC wrappers (`tauriCommands.ts`) decouple frontend from Tauri details diff --git a/docs/architecture/adrs/ADR-002-sqlcipher-encrypted-database.md b/docs/architecture/adrs/ADR-002-sqlcipher-encrypted-database.md new file mode 100644 index 00000000..8f23f6e6 --- /dev/null +++ b/docs/architecture/adrs/ADR-002-sqlcipher-encrypted-database.md @@ -0,0 +1,73 @@ +# ADR-002: SQLCipher for Encrypted Storage + +**Status**: Accepted +**Date**: 2025-Q3 +**Deciders**: sarman + +--- + +## Context + +All incident data (titles, descriptions, log contents, AI conversations, resolution steps, RCA documents) must be stored locally and at rest must be encrypted. The application cannot rely on OS-level full-disk encryption being enabled. + +Requirements: +- AES-256 encryption of the full database file +- Key derivation suitable for per-installation keys (not user passwords) +- No plaintext data accessible if the `.db` file is copied off-machine +- Rust-compatible SQLite bindings + +--- + +## Decision + +Use **SQLCipher** via `rusqlite` with the `bundled-sqlcipher-vendored-openssl` feature flag. + +--- + +## Rationale + +**Alternatives considered:** + +| Option | Pros | Cons | +|--------|------|------| +| **SQLCipher** (chosen) | Transparent full-DB encryption, AES-256, PBKDF2 key derivation, vendored so no system dep | Larger binary; not standard SQLite | +| Plain SQLite | Simple, well-known | No encryption β€” ruled out | +| SQLite + file-level encryption | Flexible | No atomicity; complex implementation | +| LevelDB / RocksDB | Fast, encrypted options exist | No SQL, harder migration | +| `sled` (Rust-native) | Modern, async-friendly | No SQL, immature for complex schemas | + +**SQLCipher specifics chosen:** +``` +PRAGMA cipher_page_size = 16384; -- Matches 16KB kernel page (Apple Silicon) +PRAGMA kdf_iter = 256000; -- 256k PBKDF2 iterations +PRAGMA cipher_hmac_algorithm = HMAC_SHA512; +PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA512; +``` + +The `cipher_page_size = 16384` is specifically tuned for Apple Silicon (M-series) which uses 16KB kernel pages β€” using 4096 (SQLCipher default) causes page boundary issues. + +--- + +## Key Management + +Per ADR-005, encryption keys are auto-generated at runtime: +- **Release builds**: Random 256-bit key generated at first launch, stored in `.dbkey` (mode 0600) +- **Debug builds**: Hardcoded dev key (`dev-key-change-in-prod`) +- **Override**: `TFTSR_DB_KEY` environment variable + +--- + +## Consequences + +**Positive:** +- Full database encryption transparent to all SQL queries +- Vendored OpenSSL means no system library dependency (important for portable AppImage/DMG) +- SHA-512 HMAC provides authenticated encryption (tampering detected) + +**Negative:** +- `bundled-sqlcipher-vendored-openssl` significantly increases compile time and binary size +- Cannot use standard SQLite tooling to inspect database files (must use sqlcipher CLI) +- `cipher_page_size` mismatch between debug/release would corrupt databases β€” mitigated by auto-migration (ADR-005) + +**Migration Handling:** +If a plain SQLite database is detected in a release build (e.g., developer switched from debug), `migrate_plain_to_encrypted()` automatically migrates using `ATTACH DATABASE` + `sqlcipher_export`. A `.db.plain-backup` file is created before migration. diff --git a/docs/architecture/adrs/ADR-003-provider-trait-pattern.md b/docs/architecture/adrs/ADR-003-provider-trait-pattern.md new file mode 100644 index 00000000..c611bb8d --- /dev/null +++ b/docs/architecture/adrs/ADR-003-provider-trait-pattern.md @@ -0,0 +1,76 @@ +# ADR-003: Provider Trait Pattern for AI Backends + +**Status**: Accepted +**Date**: 2025-Q3 +**Deciders**: sarman + +--- + +## Context + +The application must support multiple AI providers (OpenAI, Anthropic, Google Gemini, Mistral, Ollama) with different API formats, authentication methods, and response structures. Provider selection must be runtime-configurable by the user without recompiling. + +Additionally, enterprise environments may need custom AI endpoints (e.g., an enterprise AI gateway) that speak OpenAI-compatible APIs with custom auth headers. + +--- + +## Decision + +Use a **Rust trait object** (`Box`) with a **factory function** (`create_provider(config: ProviderConfig)`) that dispatches to concrete implementations at runtime. + +--- + +## Rationale + +**The `Provider` trait:** +```rust +#[async_trait] +pub trait Provider: Send + Sync { + fn name(&self) -> &str; + async fn chat(&self, messages: Vec, config: &ProviderConfig) -> Result; + fn info(&self) -> ProviderInfo; +} +``` + +**Why trait objects over generics:** +- Provider type is not known at compile time (user configures at runtime) +- `Box` allows storing different providers in the same `AppState` +- `#[async_trait]` enables async methods on trait objects (required for `reqwest`) + +**`ProviderConfig` design:** +The config struct uses `Option` fields for provider-specific settings: +```rust +pub struct ProviderConfig { + pub custom_endpoint_path: Option, + pub custom_auth_header: Option, + pub custom_auth_prefix: Option, + pub api_format: Option, // "openai" | "custom_rest" +} +``` +This allows a single `OpenAiProvider` implementation to handle both standard OpenAI and arbitrary custom endpoints β€” the user configures the auth header name and prefix to match their gateway. + +--- + +## Adding a New Provider + +1. Create `src-tauri/src/ai/.rs` implementing the `Provider` trait +2. Add a match arm in `create_provider()` in `provider.rs` +3. Register the provider type string in `ProviderConfig` +4. Add UI in `src/pages/Settings/AIProviders.tsx` + +No changes to command handlers or IPC layer required. + +--- + +## Consequences + +**Positive:** +- New providers require zero changes outside `ai/` +- `ProviderConfig` is stored in the database β€” provider can be changed without app restart +- `test_provider_connection()` command works uniformly across all providers +- `list_providers()` returns capabilities dynamically (supports streaming, tool calling, etc.) + +**Negative:** +- `dyn Provider` has a small vtable dispatch overhead (negligible for HTTP-bound operations) +- Each provider implementation must handle its own error types and response parsing +- Testing requires mocking at the `reqwest` level (via `mockito`) diff --git a/docs/architecture/adrs/ADR-004-pii-regex-aho-corasick.md b/docs/architecture/adrs/ADR-004-pii-regex-aho-corasick.md new file mode 100644 index 00000000..6158c911 --- /dev/null +++ b/docs/architecture/adrs/ADR-004-pii-regex-aho-corasick.md @@ -0,0 +1,88 @@ +# ADR-004: Regex + Aho-Corasick for PII Detection + +**Status**: Accepted +**Date**: 2025-Q3 +**Deciders**: sarman + +--- + +## Context + +Log files submitted for AI analysis may contain sensitive data: IP addresses, emails, bearer tokens, passwords, SSNs, credit card numbers, MAC addresses, phone numbers, and API keys. This data must be detected and redacted before any content leaves the machine via an AI API call. + +Requirements: +- Fast scanning of files up to 50MB +- Multiple pattern types with different regex complexity +- Non-overlapping spans (longest match wins on overlap) +- User-controlled toggle per pattern type +- Byte-offset tracking for accurate replacement + +--- + +## Decision + +Use **Rust `regex` crate** for per-pattern matching combined with **`aho-corasick`** for multi-pattern string searching. Detection runs entirely in the Rust backend on the raw log content. + +--- + +## Rationale + +**Alternatives considered:** + +| Option | Pros | Cons | +|--------|------|------| +| **regex + aho-corasick** (chosen) | Fast, Rust-native, no external deps, byte-offset accurate | Regex patterns need careful tuning; false positives possible | +| ML-based NER (spaCy, Presidio) | Higher recall for contextual PII | Requires Python runtime, large model files, not offline-friendly | +| Simple string matching | Extremely fast | Too many false negatives on varied formats | +| WASM-based detection | Runs in browser | Slower; log content in JS memory before Rust sees it | + +**Implementation approach:** + +1. **12 regex patterns** compiled once at startup via `lazy_static!` +2. Each pattern returns `(start, end, replacement)` tuples +3. All spans from all patterns collected into a flat `Vec` +4. Spans sorted by `start` offset +5. **Overlap resolution**: iterate through sorted spans, skip any span whose start is before the current end (greedy, longest match) +6. Spans stored in DB with UUID β€” referenced by `approved` flag when user confirms redaction +7. Redaction applies spans in **reverse order** to preserve byte offsets + +**Why aho-corasick for some patterns:** +Literal string searches (e.g., `password=`, `api_key=`, `bearer `) are faster with Aho-Corasick multi-pattern matching than running individual regexes. The regex then validates the captured value portion. + +--- + +## Patterns + +| Pattern ID | Type | Example Match | +|------------|------|---------------| +| `url_credentials` | URL with embedded credentials | `https://user:pass@host` | +| `bearer_token` | Authorization headers | `Bearer eyJhbGc...` | +| `api_key` | API key assignments | `api_key=sk-abc123...` | +| `password` | Password assignments | `password=secret123` | +| `ssn` | Social Security Numbers | `123-45-6789` | +| `credit_card` | Credit card numbers | `4111 1111 1111 1111` | +| `email` | Email addresses | `user@example.com` | +| `mac_address` | MAC addresses | `AA:BB:CC:DD:EE:FF` | +| `ipv6` | IPv6 addresses | `2001:db8::1` | +| `ipv4` | IPv4 addresses | `192.168.1.1` | +| `phone` | Phone numbers | `+1 (555) 123-4567` | +| `hostname` | FQDNs | `db-prod.internal.example.com` | + +--- + +## Consequences + +**Positive:** +- No runtime dependencies β€” detection works fully offline +- 50MB file scanned in <500ms on modern hardware +- Patterns independently togglable via `pii_enabled_patterns` in settings +- Byte-accurate offsets enable precise redaction without re-parsing + +**Negative:** +- Regex-based detection has false positives (e.g., version strings matching IPv4 patterns) +- User must review and approve β€” not fully automatic (mitigated by UX design) +- Pattern maintenance required as new credential formats emerge +- No contextual understanding (a password in a comment vs an active credential look identical) + +**User safeguard:** +All redactions require user approval via `PiiDiffViewer` before the redacted log is written. The original is never sent to AI. diff --git a/docs/architecture/adrs/ADR-005-auto-generate-encryption-keys.md b/docs/architecture/adrs/ADR-005-auto-generate-encryption-keys.md new file mode 100644 index 00000000..23008864 --- /dev/null +++ b/docs/architecture/adrs/ADR-005-auto-generate-encryption-keys.md @@ -0,0 +1,98 @@ +# ADR-005: Auto-generate Encryption Keys at Runtime + +**Status**: Accepted +**Date**: 2026-04 +**Deciders**: sarman + +--- + +## Context + +The application uses two encryption keys: +1. **Database key** (`TFTSR_DB_KEY`): SQLCipher AES-256 key for the full database +2. **Credential key** (`TFTSR_ENCRYPTION_KEY`): AES-256-GCM key for token/API key encryption + +The original design required both to be set as environment variables in release builds. This caused: +- **Critical failure on Mac**: Fresh installs would crash at startup with "file is not a database" error +- **Silent failure on save**: Saving AI providers would fail with "TFTSR_ENCRYPTION_KEY must be set in release builds" +- **Developer friction**: Switching from `cargo tauri dev` (debug, plain SQLite) to a release build would crash because the existing plain database couldn't be opened as encrypted + +--- + +## Decision + +Auto-generate cryptographically secure 256-bit keys at first launch and persist them to the app data directory with restricted file permissions. + +--- + +## Key Storage + +| Key | File | Permissions | Location | +|-----|------|-------------|----------| +| Database | `.dbkey` | `0600` (owner r/w only) | `$TFTSR_DATA_DIR/` | +| Credentials | `.enckey` | `0600` (owner r/w only) | `$TFTSR_DATA_DIR/` | + +**Platform data directories:** +- macOS: `~/Library/Application Support/trcaa/` +- Linux: `~/.local/share/trcaa/` +- Windows: `%APPDATA%\trcaa\` + +--- + +## Key Resolution Order + +For both keys: +1. Check environment variable (`TFTSR_DB_KEY` / `TFTSR_ENCRYPTION_KEY`) β€” use if set and non-empty +2. If debug build β€” use hardcoded dev key (never touches filesystem) +3. If `.dbkey` / `.enckey` exists and is non-empty β€” load from file +4. Otherwise β€” generate 32 random bytes via `OsRng`, hex-encode to 64-char string, write to file with `mode 0600` + +--- + +## Plain-to-Encrypted Migration + +When a release build encounters an existing plain SQLite database (written by a debug build), rather than crashing: + +``` +1. Detect plain SQLite via 16-byte header check ("SQLite format 3\0") +2. Copy database to .db.plain-backup +3. Open plain database +4. ATTACH encrypted database at temp path with new key +5. SELECT sqlcipher_export('encrypted') -- copies all tables, indexes, triggers +6. DETACH encrypted +7. rename(temp_encrypted, original_path) +8. Open encrypted database with key +``` + +--- + +## Alternatives Considered + +| Option | Pros | Cons | +|--------|------|------| +| **Auto-generate keys** (chosen) | Works out-of-the-box, no user config | Key file loss = data loss (acceptable: key + DB on same machine) | +| Require env vars (original) | Explicit β€” users know their key | Crashes on fresh install, poor UX | +| Derive from machine ID | No file to lose | Machine ID changes break DB on hardware changes | +| OS keychain | Most secure | Complex cross-platform implementation; adds dependency | +| Prompt user for password | User controls key | Poor UX for a tool; password complexity issues | + +**Why not OS keychain:** +The `tauri-plugin-stronghold` already provides a keychain-like abstraction for credentials, but integrating SQLCipher key retrieval into Stronghold would create a chicken-and-egg problem: Stronghold itself needs to be initialized before the database that stores Stronghold's key material. + +--- + +## Consequences + +**Positive:** +- Zero-configuration installation β€” app works on first launch +- Developers can freely switch between debug and release builds +- Environment variable override still available for automated/enterprise deployments +- Key files are protected by Unix file permissions (`0600`) + +**Negative:** +- If `.dbkey` or `.enckey` are deleted, the database and all stored credentials become permanently inaccessible +- Key files are not themselves encrypted β€” OS-level protection depends on filesystem permissions +- Not suitable for multi-user scenarios where different users need isolated key material (single-user desktop app β€” acceptable) + +**Mitigation for key loss:** +Document clearly that backing up `$TFTSR_DATA_DIR` (including hidden files) preserves both key files and database. Loss of keys without losing the database = data loss. diff --git a/docs/architecture/adrs/ADR-006-zustand-state-management.md b/docs/architecture/adrs/ADR-006-zustand-state-management.md new file mode 100644 index 00000000..a51c5512 --- /dev/null +++ b/docs/architecture/adrs/ADR-006-zustand-state-management.md @@ -0,0 +1,91 @@ +# ADR-006: Zustand for Frontend State Management + +**Status**: Accepted +**Date**: 2025-Q3 +**Deciders**: sarman + +--- + +## Context + +The React frontend manages three distinct categories of state: +1. **Ephemeral session state**: Current issue, AI chat messages, PII spans, 5-whys progress β€” exists for the duration of one triage session, should not survive page reload +2. **Persisted settings**: Theme, active AI provider, PII pattern toggles β€” should survive app restart, stored locally +3. **Cached server data**: Issue history, search results β€” loaded from DB on demand, invalidated on changes + +--- + +## Decision + +Use **Zustand** for all three state categories, with selective persistence via `localStorage` for settings only. + +--- + +## Rationale + +**Alternatives considered:** + +| Option | Pros | Cons | +|--------|------|------| +| **Zustand** (chosen) | Minimal boilerplate, built-in persist middleware, TypeScript-first | Smaller ecosystem than Redux | +| Redux Toolkit | Battle-tested, DevTools support | Verbose boilerplate for simple state | +| React Context | No dependency | Performance issues with frequent updates (chat messages) | +| Jotai | Atomic state, minimal | Less familiar pattern | +| TanStack Query | Excellent for async server state | Overkill for Tauri IPC (not HTTP) | + +**Store architecture decisions:** + +**`sessionStore`** β€” NOT persisted: +- Chat messages accumulate quickly; persisting would bloat localStorage +- Session is per-issue; loading a different issue should reset all session state +- `reset()` method called on navigation away from triage + +**`settingsStore`** β€” Persisted to localStorage as `"tftsr-settings"`: +- Theme, active provider, PII pattern toggles β€” user preference, should survive restart +- AI providers themselves are NOT persisted here β€” only `active_provider` string +- Actual `ProviderConfig` (with encrypted API keys) lives in the backend DB, loaded via `load_ai_providers()` + +**`historyStore`** β€” NOT persisted (server-cache pattern): +- Always loaded fresh from DB on History page mount +- Search results replaced on each query +- No stale-data risk + +--- + +## Persistence Details + +The settings store persists to localStorage: +```typescript +persist( + (set, get) => ({ ...storeImpl }), + { + name: 'tftsr-settings', + partialize: (state) => ({ + theme: state.theme, + active_provider: state.active_provider, + pii_enabled_patterns: state.pii_enabled_patterns, + // NOTE: ai_providers excluded β€” stored in encrypted backend DB + }) + } +) +``` + +**Why localStorage and not a Tauri store plugin:** +- Settings are non-sensitive (theme, provider name, pattern toggles) +- `tauri-plugin-store` would add IPC overhead for every settings read +- localStorage survives across WebView reloads without async overhead + +--- + +## Consequences + +**Positive:** +- Minimal boilerplate β€” stores are ~50 LOC each +- `zustand/middleware/persist` handles localStorage serialization +- Subscribing to partial state prevents unnecessary re-renders +- No Provider wrapping required β€” stores accessed via hooks anywhere + +**Negative:** +- No Redux DevTools integration (Zustand has its own devtools but less mature) +- localStorage persistence means settings are WebView-profile-scoped (fine for single-user app) +- Manual cache invalidation in `historyStore` after issue create/delete diff --git a/docs/wiki/AI-Providers.md b/docs/wiki/AI-Providers.md index 74c1f40d..037d9649 100644 --- a/docs/wiki/AI-Providers.md +++ b/docs/wiki/AI-Providers.md @@ -147,33 +147,25 @@ Standard OpenAI `/chat/completions` endpoint with Bearer authentication. ### Format: Custom REST -**Motorola Solutions Internal GenAI Service** β€” Enterprise AI platform with centralized cost tracking and model access. +**Enterprise AI Gateway** β€” For AI platforms that use a non-OpenAI request/response format with centralized cost tracking and model access. | Field | Value | |-------|-------| | `config.provider_type` | `"custom"` | | `config.api_format` | `"custom_rest"` | -| API URL | `https://genai-service.commandcentral.com/app-gateway` (prod)
`https://genai-service.stage.commandcentral.com/app-gateway` (stage) | -| Auth Header | `x-msi-genai-api-key` | -| Auth Prefix | `` (empty - no Bearer prefix) | -| Endpoint Path | `` (empty - URL includes full path `/api/v2/chat`) | - -**Available Models (dropdown in Settings):** -- `VertexGemini` β€” Gemini 2.0 Flash (Private/GCP) -- `Claude-Sonnet-4` β€” Claude Sonnet 4 (Public/Anthropic) -- `ChatGPT4o` β€” GPT-4o (Public/OpenAI) -- `ChatGPT-5_2-Chat` β€” GPT-4.5 (Public/OpenAI) -- Full list is sourced from [GenAI API User Guide](../GenAI%20API%20User%20Guide.md) -- Includes a `Custom model...` option to manually enter any model ID +| API URL | Your gateway's base URL | +| Auth Header | Your gateway's auth header name | +| Auth Prefix | `` (empty if no prefix needed) | +| Endpoint Path | `` (empty if URL already includes full path) | **Request Format:** ```json { - "model": "VertexGemini", + "model": "model-name", "prompt": "User's latest message", "system": "Optional system prompt", "sessionId": "uuid-for-conversation-continuity", - "userId": "user.name@motorolasolutions.com" + "userId": "user@example.com" } ``` @@ -191,32 +183,27 @@ Standard OpenAI `/chat/completions` endpoint with Bearer authentication. - **Single prompt** instead of message array (server manages history via `sessionId`) - **Response in `msg` field** instead of `choices[0].message.content` - **Session-based** conversation continuity (no need to resend history) -- **Cost tracking** via `userId` field (optional β€” defaults to API key owner if omitted) -- **Custom client header**: `X-msi-genai-client: tftsr-devops-investigation` +- **Cost tracking** via `userId` field (optional) **Configuration (Settings β†’ AI Providers β†’ Add Provider):** ``` -Name: Custom REST (MSI GenAI) +Name: Custom REST Gateway Type: Custom API Format: Custom REST -API URL: https://genai-service.stage.commandcentral.com/app-gateway -Model: VertexGemini -API Key: (your MSI GenAI API key from portal) -User ID: your.name@motorolasolutions.com (optional) -Endpoint Path: (leave empty) -Auth Header: x-msi-genai-api-key -Auth Prefix: (leave empty) +API URL: https://your-gateway/api/v2/chat +Model: your-model-name +API Key: (your API key) +User ID: user@example.com (optional, for cost tracking) +Endpoint Path: (leave empty if URL includes full path) +Auth Header: x-custom-api-key +Auth Prefix: (leave empty if no prefix) ``` -**Rate Limits:** -- $50/user/month (enforced server-side) -- Per-API-key quotas available - **Troubleshooting:** | Error | Cause | Solution | |-------|-------|----------| -| 403 Forbidden | Invalid API key or insufficient permissions | Verify key in MSI GenAI portal, check model access | +| 403 Forbidden | Invalid API key or insufficient permissions | Verify key in your gateway portal, check model access | | Missing `userId` field | Configuration not saved | Ensure UI shows User ID field when `api_format=custom_rest` | | No conversation history | `sessionId` not persisted | Session ID stored in `ProviderConfig.session_id` β€” currently per-provider, not per-conversation | @@ -224,7 +211,6 @@ Auth Prefix: (leave empty) - Backend: `src-tauri/src/ai/openai.rs::chat_custom_rest()` - Schema: `src-tauri/src/state.rs::ProviderConfig` (added `user_id`, `api_format`, custom auth fields) - Frontend: `src/pages/Settings/AIProviders.tsx` (conditional UI for Custom REST + model dropdown) -- CSP whitelist: `https://genai-service.stage.commandcentral.com` and production domain --- @@ -239,7 +225,7 @@ All providers support the following optional configuration fields (v0.2.6+): | `custom_auth_prefix` | `Option` | Prefix before API key | `Bearer ` | | `api_format` | `Option` | API format (`openai` or `custom_rest`) | `openai` | | `session_id` | `Option` | Session ID for stateful APIs | None | -| `user_id` | `Option` | User ID for cost tracking (Custom REST MSI contract) | None | +| `user_id` | `Option` | User ID for cost tracking (Custom REST gateways) | None | **Backward Compatibility:** All fields are optional and default to OpenAI-compatible behavior. Existing provider configurations are unaffected. diff --git a/docs/wiki/Architecture.md b/docs/wiki/Architecture.md index 0cb4284c..2a3a0593 100644 --- a/docs/wiki/Architecture.md +++ b/docs/wiki/Architecture.md @@ -29,7 +29,8 @@ TFTSR uses a Tauri 2.x architecture: a Rust backend runs natively, and a React/T pub struct AppState { pub db: Arc>, pub settings: Arc>, - pub app_data_dir: PathBuf, // ~/.local/share/tftsr on Linux + pub app_data_dir: PathBuf, // ~/.local/share/trcaa on Linux + pub integration_webviews: Arc>>, } ``` @@ -46,10 +47,10 @@ All command handlers receive `State<'_, AppState>` as a Tauri-injected parameter | `commands/analysis.rs` | Log file upload, PII detection, redaction | | `commands/docs.rs` | RCA and post-mortem generation, document export | | `commands/system.rs` | Ollama management, hardware probe, settings, audit log | -| `commands/integrations.rs` | Confluence / ServiceNow / ADO β€” v0.2 stubs | +| `commands/integrations.rs` | Confluence / ServiceNow / ADO β€” OAuth2, WebView auth, tool calling | | `ai/provider.rs` | `Provider` trait + `create_provider()` factory | | `pii/detector.rs` | Multi-pattern PII scanner with overlap resolution | -| `db/migrations.rs` | Versioned schema (10 migrations in `_migrations` table) | +| `db/migrations.rs` | Versioned schema (14 migrations tracked in `_migrations` table) | | `db/models.rs` | All DB types β€” see `IssueDetail` note below | | `docs/rca.rs` + `docs/postmortem.rs` | Markdown template builders | | `audit/log.rs` | `write_audit_event()` β€” called before every external send | @@ -178,14 +179,31 @@ Use `detail.issue.title`, **not** `detail.title`. ``` 1. Initialize tracing (RUST_LOG controls level) -2. Determine data directory (~/.local/share/tftsr or TFTSR_DATA_DIR) -3. Open / create SQLite database (run migrations) -4. Create AppState (db + settings + app_data_dir) -5. Register Tauri plugins (stronghold, dialog, fs, shell, http, cli, updater) -6. Register all 39 IPC command handlers -7. Start WebView with React app +2. Determine data directory (state::get_app_data_dir() or TFTSR_DATA_DIR) +3. Auto-generate or load .dbkey / .enckey (mode 0600) β€” see ADR-005 +4. Open / create SQLCipher encrypted database + - If plain SQLite detected (debugβ†’release upgrade): auto-migrate + backup +5. Run DB migrations (14 schema versions) +6. Create AppState (db + settings + app_data_dir + integration_webviews) +7. Register Tauri plugins (stronghold, dialog, fs, shell, http) +8. Register all IPC command handlers via generate_handler![] +9. Start WebView with React app ``` +## Architecture Documentation + +Full architecture documentation with C4 diagrams, data flow diagrams, and Architecture Decision Records (ADRs) is available in [`docs/architecture/`](../architecture/README.md): + +| Document | Contents | +|----------|----------| +| [Architecture Overview](../architecture/README.md) | C4 diagrams, data flows, security model | +| [ADR-001](../architecture/adrs/ADR-001-tauri-desktop-framework.md) | Why Tauri over Electron | +| [ADR-002](../architecture/adrs/ADR-002-sqlcipher-encrypted-database.md) | SQLCipher encryption choices | +| [ADR-003](../architecture/adrs/ADR-003-provider-trait-pattern.md) | AI provider trait design | +| [ADR-004](../architecture/adrs/ADR-004-pii-regex-aho-corasick.md) | PII detection implementation | +| [ADR-005](../architecture/adrs/ADR-005-auto-generate-encryption-keys.md) | Key auto-generation design | +| [ADR-006](../architecture/adrs/ADR-006-zustand-state-management.md) | Frontend state management | + ## Data Flow ``` diff --git a/docs/wiki/Home.md b/docs/wiki/Home.md index fe15cb0c..58074eb5 100644 --- a/docs/wiki/Home.md +++ b/docs/wiki/Home.md @@ -24,7 +24,7 @@ - **5-Whys AI Triage** β€” Interactive guided root cause analysis via multi-turn AI chat - **PII Auto-Redaction** β€” Detects and redacts sensitive data before any AI send -- **Multi-Provider AI** β€” OpenAI, Anthropic Claude, Google Gemini, Mistral, AWS Bedrock (via LiteLLM), MSI GenAI (Motorola internal), local Ollama (fully offline) +- **Multi-Provider AI** β€” OpenAI, Anthropic Claude, Google Gemini, Mistral, AWS Bedrock (via LiteLLM), Custom REST gateways, local Ollama (fully offline) - **Custom Provider Support** β€” Flexible authentication (Bearer, custom headers) and API formats (OpenAI-compatible, Custom REST) - **External Integrations** β€” Confluence, ServiceNow, Azure DevOps with OAuth2 PKCE flows - **SQLCipher AES-256** β€” All issue history and credentials encrypted at rest @@ -37,7 +37,7 @@ | Version | Status | Highlights | |---------|--------|-----------| -| v0.2.6 | πŸš€ Latest | MSI GenAI support, OAuth2 shell permissions, user ID tracking | +| v0.2.6 | πŸš€ Latest | Custom REST AI gateway support, OAuth2 shell permissions, user ID tracking | | v0.2.3 | Released | Confluence/ServiceNow/ADO REST API clients (19 TDD tests) | | v0.1.1 | Released | Core application with PII detection, RCA generation | diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index fb04237f..040c818d 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -263,6 +263,12 @@ dependencies = [ "constant_time_eq 0.4.2", ] +[[package]] +name = "block" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d8c1fef690941d3e7788d328517591fecc684c084084702d6ff1641e993699a" + [[package]] name = "block-buffer" version = "0.10.4" @@ -520,6 +526,36 @@ dependencies = [ "zeroize", ] +[[package]] +name = "cocoa" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6140449f97a6e97f9511815c5632d84c8aacf8ac271ad77c559218161a1373c" +dependencies = [ + "bitflags 1.3.2", + "block", + "cocoa-foundation", + "core-foundation 0.9.4", + "core-graphics 0.23.2", + "foreign-types 0.5.0", + "libc", + "objc", +] + +[[package]] +name = "cocoa-foundation" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c6234cbb2e4c785b456c0644748b1ac416dd045799740356f8363dfe00c93f7" +dependencies = [ + "bitflags 1.3.2", + "block", + "core-foundation 0.9.4", + "core-graphics-types 0.1.3", + "libc", + "objc", +] + [[package]] name = "color_quant" version = "1.1.0" @@ -648,6 +684,19 @@ version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" +[[package]] +name = "core-graphics" +version = "0.23.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c07782be35f9e1140080c6b96f0d44b739e2278479f64e02fdab4e32dfd8b081" +dependencies = [ + "bitflags 1.3.2", + "core-foundation 0.9.4", + "core-graphics-types 0.1.3", + "foreign-types 0.5.0", + "libc", +] + [[package]] name = "core-graphics" version = "0.25.0" @@ -656,11 +705,22 @@ checksum = "064badf302c3194842cf2c5d61f56cc88e54a759313879cdf03abdd27d0c3b97" dependencies = [ "bitflags 2.11.0", "core-foundation 0.10.1", - "core-graphics-types", + "core-graphics-types 0.2.0", "foreign-types 0.5.0", "libc", ] +[[package]] +name = "core-graphics-types" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45390e6114f68f718cc7a830514a96f903cccd70d02a8f6d9f643ac4ba45afaf" +dependencies = [ + "bitflags 1.3.2", + "core-foundation 0.9.4", + "libc", +] + [[package]] name = "core-graphics-types" version = "0.2.0" @@ -2832,6 +2892,15 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c41e0c4fef86961ac6d6f8a82609f55f31b05e4fce149ac5710e439df7619ba4" +[[package]] +name = "malloc_buf" +version = "0.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62bb907fe88d54d8d9ce32a3cceab4218ed2f6b7d35617cafe9adf84e43919cb" +dependencies = [ + "libc", +] + [[package]] name = "markup5ever" version = "0.14.1" @@ -3147,6 +3216,15 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "objc" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "915b1b472bc21c53464d6c8461c9d3af805ba1ef837e1cac254428f4a77177b1" +dependencies = [ + "malloc_buf", +] + [[package]] name = "objc2" version = "0.6.4" @@ -5252,7 +5330,7 @@ dependencies = [ "bitflags 2.11.0", "block2", "core-foundation 0.10.1", - "core-graphics", + "core-graphics 0.25.0", "crossbeam-channel", "dispatch2", "dlopen2", @@ -5670,47 +5748,6 @@ dependencies = [ "utf-8", ] -[[package]] -name = "tftsr" -version = "0.1.0" -dependencies = [ - "aes-gcm", - "aho-corasick", - "anyhow", - "async-trait", - "base64 0.22.1", - "chrono", - "dirs 5.0.1", - "docx-rs", - "futures", - "hex", - "lazy_static", - "mockito", - "printpdf", - "rand 0.8.5", - "regex", - "reqwest 0.12.28", - "rusqlite", - "serde", - "serde_json", - "sha2", - "tauri", - "tauri-build", - "tauri-plugin-dialog", - "tauri-plugin-fs", - "tauri-plugin-http", - "tauri-plugin-shell", - "tauri-plugin-stronghold", - "thiserror 1.0.69", - "tokio", - "tokio-test", - "tracing", - "tracing-subscriber", - "urlencoding", - "uuid", - "warp", -] - [[package]] name = "thiserror" version = "1.0.69" @@ -6168,6 +6205,49 @@ dependencies = [ "windows-sys 0.60.2", ] +[[package]] +name = "trcaa" +version = "0.1.0" +dependencies = [ + "aes-gcm", + "aho-corasick", + "anyhow", + "async-trait", + "base64 0.22.1", + "chrono", + "cocoa", + "dirs 5.0.1", + "docx-rs", + "futures", + "hex", + "lazy_static", + "mockito", + "objc", + "printpdf", + "rand 0.8.5", + "regex", + "reqwest 0.12.28", + "rusqlite", + "serde", + "serde_json", + "sha2", + "tauri", + "tauri-build", + "tauri-plugin-dialog", + "tauri-plugin-fs", + "tauri-plugin-http", + "tauri-plugin-shell", + "tauri-plugin-stronghold", + "thiserror 1.0.69", + "tokio", + "tokio-test", + "tracing", + "tracing-subscriber", + "urlencoding", + "uuid", + "warp", +] + [[package]] name = "try-lock" version = "0.2.5" diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index 43526339..410aed5a 100644 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -44,6 +44,11 @@ lazy_static = "1.4" warp = "0.3" urlencoding = "2" +# Platform-specific dependencies for native cookie extraction +[target.'cfg(target_os = "macos")'.dependencies] +cocoa = "0.25" +objc = "0.2" + [dev-dependencies] tokio-test = "0.4" mockito = "1.2" diff --git a/src-tauri/src/ai/anthropic.rs b/src-tauri/src/ai/anthropic.rs index d03599e6..cc329cf4 100644 --- a/src-tauri/src/ai/anthropic.rs +++ b/src-tauri/src/ai/anthropic.rs @@ -29,6 +29,7 @@ impl Provider for AnthropicProvider { &self, messages: Vec, config: &ProviderConfig, + _tools: Option>, ) -> anyhow::Result { let client = reqwest::Client::builder() .timeout(Duration::from_secs(60)) @@ -115,6 +116,7 @@ impl Provider for AnthropicProvider { content, model, usage, + tool_calls: None, }) } } diff --git a/src-tauri/src/ai/gemini.rs b/src-tauri/src/ai/gemini.rs index 57db263d..27cc8422 100644 --- a/src-tauri/src/ai/gemini.rs +++ b/src-tauri/src/ai/gemini.rs @@ -30,6 +30,7 @@ impl Provider for GeminiProvider { &self, messages: Vec, config: &ProviderConfig, + _tools: Option>, ) -> anyhow::Result { let client = reqwest::Client::builder() .timeout(Duration::from_secs(60)) @@ -118,6 +119,7 @@ impl Provider for GeminiProvider { content, model: config.model.clone(), usage, + tool_calls: None, }) } } diff --git a/src-tauri/src/ai/mistral.rs b/src-tauri/src/ai/mistral.rs index 5d3a0841..f1a6745c 100644 --- a/src-tauri/src/ai/mistral.rs +++ b/src-tauri/src/ai/mistral.rs @@ -30,6 +30,7 @@ impl Provider for MistralProvider { &self, messages: Vec, config: &ProviderConfig, + _tools: Option>, ) -> anyhow::Result { // Mistral uses OpenAI-compatible format let client = reqwest::Client::builder() @@ -83,6 +84,7 @@ impl Provider for MistralProvider { content, model: config.model.clone(), usage, + tool_calls: None, }) } } diff --git a/src-tauri/src/ai/mod.rs b/src-tauri/src/ai/mod.rs index e6541626..cb9d82bb 100644 --- a/src-tauri/src/ai/mod.rs +++ b/src-tauri/src/ai/mod.rs @@ -4,15 +4,22 @@ pub mod mistral; pub mod ollama; pub mod openai; pub mod provider; +pub mod tools; pub use provider::*; +pub use tools::*; use serde::{Deserialize, Serialize}; +use std::collections::HashMap; #[derive(Debug, Clone, Serialize, Deserialize)] pub struct Message { pub role: String, pub content: String, + #[serde(skip_serializing_if = "Option::is_none")] + pub tool_call_id: Option, + #[serde(skip_serializing_if = "Option::is_none")] + pub tool_calls: Option>, } #[derive(Debug, Clone, Serialize, Deserialize)] @@ -20,6 +27,44 @@ pub struct ChatResponse { pub content: String, pub model: String, pub usage: Option, + #[serde(skip_serializing_if = "Option::is_none")] + pub tool_calls: Option>, +} + +/// Represents a tool call made by the AI +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct ToolCall { + pub id: String, + pub name: String, + pub arguments: String, // JSON string +} + +/// Tool definition that describes available functions to the AI +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct Tool { + pub name: String, + pub description: String, + pub parameters: ToolParameters, +} + +/// JSON Schema-style parameter definition for tools +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct ToolParameters { + #[serde(rename = "type")] + pub param_type: String, // Usually "object" + pub properties: HashMap, + pub required: Vec, +} + +/// Individual parameter property definition +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct ParameterProperty { + #[serde(rename = "type")] + pub prop_type: String, // "string", "number", "integer", "boolean" + pub description: String, + #[serde(skip_serializing_if = "Option::is_none")] + #[serde(rename = "enum")] + pub enum_values: Option>, } #[derive(Debug, Clone, Serialize, Deserialize)] diff --git a/src-tauri/src/ai/ollama.rs b/src-tauri/src/ai/ollama.rs index 9fc9a0c4..54b3a331 100644 --- a/src-tauri/src/ai/ollama.rs +++ b/src-tauri/src/ai/ollama.rs @@ -31,6 +31,7 @@ impl Provider for OllamaProvider { &self, messages: Vec, config: &ProviderConfig, + _tools: Option>, ) -> anyhow::Result { let client = reqwest::Client::builder() .timeout(Duration::from_secs(60)) @@ -99,6 +100,7 @@ impl Provider for OllamaProvider { content, model: config.model.clone(), usage, + tool_calls: None, }) } } diff --git a/src-tauri/src/ai/openai.rs b/src-tauri/src/ai/openai.rs index 0b3a8d42..9fd327a0 100644 --- a/src-tauri/src/ai/openai.rs +++ b/src-tauri/src/ai/openai.rs @@ -8,7 +8,7 @@ use crate::state::ProviderConfig; pub struct OpenAiProvider; fn is_custom_rest_format(api_format: Option<&str>) -> bool { - matches!(api_format, Some("custom_rest") | Some("msi_genai")) + matches!(api_format, Some("custom_rest")) } #[async_trait] @@ -33,15 +33,15 @@ impl Provider for OpenAiProvider { &self, messages: Vec, config: &ProviderConfig, + tools: Option>, ) -> anyhow::Result { // Check if using custom REST format let api_format = config.api_format.as_deref().unwrap_or("openai"); - // Backward compatibility: accept legacy msi_genai identifier if is_custom_rest_format(Some(api_format)) { - self.chat_custom_rest(messages, config).await + self.chat_custom_rest(messages, config, tools).await } else { - self.chat_openai(messages, config).await + self.chat_openai(messages, config, tools).await } } } @@ -55,11 +55,6 @@ mod tests { assert!(is_custom_rest_format(Some("custom_rest"))); } - #[test] - fn legacy_msi_format_is_recognized_for_compatibility() { - assert!(is_custom_rest_format(Some("msi_genai"))); - } - #[test] fn openai_format_is_not_custom_rest() { assert!(!is_custom_rest_format(Some("openai"))); @@ -73,6 +68,7 @@ impl OpenAiProvider { &self, messages: Vec, config: &ProviderConfig, + tools: Option>, ) -> anyhow::Result { let client = reqwest::Client::builder() .timeout(Duration::from_secs(60)) @@ -99,6 +95,25 @@ impl OpenAiProvider { body["temperature"] = serde_json::Value::from(temp); } + // Add tools if provided (OpenAI function calling format) + if let Some(tools_list) = tools { + let formatted_tools: Vec = tools_list + .iter() + .map(|tool| { + serde_json::json!({ + "type": "function", + "function": { + "name": tool.name, + "description": tool.description, + "parameters": tool.parameters + } + }) + }) + .collect(); + body["tools"] = serde_json::Value::from(formatted_tools); + body["tool_choice"] = serde_json::Value::from("auto"); + } + // Use custom auth header and prefix if provided let auth_header = config .custom_auth_header @@ -122,10 +137,32 @@ impl OpenAiProvider { } let json: serde_json::Value = resp.json().await?; - let content = json["choices"][0]["message"]["content"] - .as_str() - .ok_or_else(|| anyhow::anyhow!("No content in response"))? - .to_string(); + let message = &json["choices"][0]["message"]; + + let content = message["content"].as_str().unwrap_or("").to_string(); + + // Parse tool_calls if present + let tool_calls = message.get("tool_calls").and_then(|tc| { + if let Some(arr) = tc.as_array() { + let calls: Vec = arr + .iter() + .filter_map(|call| { + Some(crate::ai::ToolCall { + id: call["id"].as_str()?.to_string(), + name: call["function"]["name"].as_str()?.to_string(), + arguments: call["function"]["arguments"].as_str()?.to_string(), + }) + }) + .collect(); + if calls.is_empty() { + None + } else { + Some(calls) + } + } else { + None + } + }); let usage = json.get("usage").and_then(|u| { Some(TokenUsage { @@ -139,14 +176,16 @@ impl OpenAiProvider { content, model: config.model.clone(), usage, + tool_calls, }) } - /// Custom REST format (MSI GenAI payload contract) + /// Custom REST format (non-OpenAI payload contract) async fn chat_custom_rest( &self, messages: Vec, config: &ProviderConfig, + tools: Option>, ) -> anyhow::Result { let client = reqwest::Client::builder() .timeout(Duration::from_secs(60)) @@ -204,11 +243,33 @@ impl OpenAiProvider { body["modelConfig"] = model_config; } - // Use custom auth header and prefix (no prefix for this custom REST contract) + // Add tools if provided (OpenAI-style format, most common standard) + if let Some(tools_list) = tools { + let formatted_tools: Vec = tools_list + .iter() + .map(|tool| { + serde_json::json!({ + "type": "function", + "function": { + "name": tool.name, + "description": tool.description, + "parameters": tool.parameters + } + }) + }) + .collect(); + let tool_count = formatted_tools.len(); + body["tools"] = serde_json::Value::from(formatted_tools); + body["tool_choice"] = serde_json::Value::from("auto"); + + tracing::info!("Custom REST: Sending {} tools in request", tool_count); + } + + // Use custom auth header and prefix (no default prefix for custom REST) let auth_header = config .custom_auth_header .as_deref() - .unwrap_or("x-msi-genai-api-key"); + .unwrap_or("Authorization"); let auth_prefix = config.custom_auth_prefix.as_deref().unwrap_or(""); let auth_value = format!("{auth_prefix}{api_key}", api_key = config.api_key); @@ -216,7 +277,6 @@ impl OpenAiProvider { .post(&url) .header(auth_header, auth_value) .header("Content-Type", "application/json") - .header("X-msi-genai-client", "troubleshooting-rca-assistant") .json(&body) .send() .await?; @@ -229,12 +289,84 @@ impl OpenAiProvider { let json: serde_json::Value = resp.json().await?; + tracing::debug!( + "Custom REST response: {}", + serde_json::to_string_pretty(&json).unwrap_or_else(|_| "invalid JSON".to_string()) + ); + // Extract response content from "msg" field let content = json["msg"] .as_str() .ok_or_else(|| anyhow::anyhow!("No 'msg' field in response"))? .to_string(); + // Parse tool_calls if present (check multiple possible field names) + let tool_calls = json + .get("tool_calls") + .or_else(|| json.get("toolCalls")) + .or_else(|| json.get("function_calls")) + .and_then(|tc| { + if let Some(arr) = tc.as_array() { + let calls: Vec = arr + .iter() + .filter_map(|call| { + // Try OpenAI format first + if let (Some(id), Some(name), Some(args)) = ( + call.get("id").and_then(|v| v.as_str()), + call.get("function") + .and_then(|f| f.get("name")) + .and_then(|n| n.as_str()) + .or_else(|| call.get("name").and_then(|n| n.as_str())), + call.get("function") + .and_then(|f| f.get("arguments")) + .and_then(|a| a.as_str()) + .or_else(|| call.get("arguments").and_then(|a| a.as_str())), + ) { + tracing::info!("Custom REST: Parsed tool call: {} ({})", name, id); + return Some(crate::ai::ToolCall { + id: id.to_string(), + name: name.to_string(), + arguments: args.to_string(), + }); + } + + // Try simpler format + if let (Some(name), Some(args)) = ( + call.get("name").and_then(|n| n.as_str()), + call.get("arguments").and_then(|a| a.as_str()), + ) { + let id = call + .get("id") + .and_then(|v| v.as_str()) + .unwrap_or("tool_call_0") + .to_string(); + tracing::info!( + "Custom REST: Parsed tool call (simple format): {} ({})", + name, + id + ); + return Some(crate::ai::ToolCall { + id, + name: name.to_string(), + arguments: args.to_string(), + }); + } + + tracing::warn!("Custom REST: Failed to parse tool call: {:?}", call); + None + }) + .collect(); + if calls.is_empty() { + None + } else { + tracing::info!("Custom REST: Found {} tool calls", calls.len()); + Some(calls) + } + } else { + None + } + }); + // Note: sessionId from response should be stored back to config.session_id // This would require making config mutable or returning it as part of ChatResponse // For now, the caller can extract it from the response if needed @@ -244,6 +376,7 @@ impl OpenAiProvider { content, model: config.model.clone(), usage: None, // This custom REST contract doesn't provide token usage in response + tool_calls, }) } } diff --git a/src-tauri/src/ai/provider.rs b/src-tauri/src/ai/provider.rs index 931318de..87190f4d 100644 --- a/src-tauri/src/ai/provider.rs +++ b/src-tauri/src/ai/provider.rs @@ -1,6 +1,6 @@ use async_trait::async_trait; -use crate::ai::{ChatResponse, Message, ProviderInfo}; +use crate::ai::{ChatResponse, Message, ProviderInfo, Tool}; use crate::state::ProviderConfig; #[async_trait] @@ -11,6 +11,7 @@ pub trait Provider: Send + Sync { &self, messages: Vec, config: &ProviderConfig, + tools: Option>, ) -> anyhow::Result; } diff --git a/src-tauri/src/ai/tools.rs b/src-tauri/src/ai/tools.rs new file mode 100644 index 00000000..b6a85450 --- /dev/null +++ b/src-tauri/src/ai/tools.rs @@ -0,0 +1,41 @@ +use crate::ai::{ParameterProperty, Tool, ToolParameters}; +use std::collections::HashMap; + +/// Get all available tools for AI function calling +pub fn get_available_tools() -> Vec { + vec![get_add_ado_comment_tool()] +} + +/// Tool definition for adding comments to Azure DevOps work items +fn get_add_ado_comment_tool() -> Tool { + let mut properties = HashMap::new(); + + properties.insert( + "work_item_id".to_string(), + ParameterProperty { + prop_type: "integer".to_string(), + description: "The Azure DevOps work item ID (ticket number) to add the comment to" + .to_string(), + enum_values: None, + }, + ); + + properties.insert( + "comment_text".to_string(), + ParameterProperty { + prop_type: "string".to_string(), + description: "The text content of the comment to add to the work item".to_string(), + enum_values: None, + }, + ); + + Tool { + name: "add_ado_comment".to_string(), + description: "Add a comment to an Azure DevOps work item (ticket). Use this when the user asks you to add a comment, update a ticket, or provide information to a ticket.".to_string(), + parameters: ToolParameters { + param_type: "object".to_string(), + properties, + required: vec!["work_item_id".to_string(), "comment_text".to_string()], + }, + } +} diff --git a/src-tauri/src/commands/ai.rs b/src-tauri/src/commands/ai.rs index 2843bfeb..9becd0eb 100644 --- a/src-tauri/src/commands/ai.rs +++ b/src-tauri/src/commands/ai.rs @@ -1,4 +1,5 @@ -use tauri::State; +use rusqlite::OptionalExtension; +use tauri::{Manager, State}; use tracing::warn; use crate::ai::provider::create_provider; @@ -51,15 +52,19 @@ pub async fn analyze_logs( FIRST_WHY: (initial why question for 5-whys analysis), \ SEVERITY: (critical/high/medium/low)" .into(), + tool_call_id: None, + tool_calls: None, }, Message { role: "user".into(), content: format!("Analyze logs for issue {issue_id}:\n\n{log_contents}"), + tool_call_id: None, + tool_calls: None, }, ]; let response = provider - .chat(messages, &provider_config) + .chat(messages, &provider_config, None) .await .map_err(|e| { warn!(error = %e, "ai analyze_logs provider request failed"); @@ -160,6 +165,7 @@ pub async fn chat_message( issue_id: String, message: String, provider_config: ProviderConfig, + app_handle: tauri::AppHandle, state: State<'_, AppState>, ) -> Result { // Find or create a conversation for this issue + provider @@ -212,25 +218,105 @@ pub async fn chat_message( .unwrap_or_default(); drop(db); raw.into_iter() - .map(|(role, content)| Message { role, content }) + .map(|(role, content)| Message { + role, + content, + tool_call_id: None, + tool_calls: None, + }) .collect() }; let provider = create_provider(&provider_config); + // Search integration sources for relevant context + let integration_context = search_integration_sources(&message, &app_handle, &state).await; + let mut messages = history; + + // If we found integration content, add it to the conversation context + if !integration_context.is_empty() { + let context_message = Message { + role: "system".into(), + content: format!( + "INTERNAL DOCUMENTATION SOURCES:\n\n{integration_context}\n\n\ + Instructions: The above content is from internal company documentation systems \ + (Confluence, ServiceNow, Azure DevOps). \ + \n\n**IMPORTANT**: First determine if this documentation is RELEVANT to the user's question:\ + \n- If the documentation directly addresses the question β†’ Use it and cite sources with URLs\ + \n- If the documentation is tangentially related but doesn't answer the question β†’ Briefly mention what internal docs exist, then provide a complete answer using general knowledge\ + \n- If the documentation is completely unrelated β†’ Ignore it and answer using general knowledge\ + \n\nDo NOT force irrelevant internal documentation into your answer. The user needs accurate information, not forced citations." + ), + tool_call_id: None, + tool_calls: None, + }; + messages.push(context_message); + } + messages.push(Message { role: "user".into(), content: message.clone(), + tool_call_id: None, + tool_calls: None, }); - let response = provider - .chat(messages, &provider_config) - .await - .map_err(|e| { - warn!(error = %e, "ai chat provider request failed"); - "AI provider request failed".to_string() - })?; + // Get available tools + let tools = Some(crate::ai::tools::get_available_tools()); + + // Tool-calling loop: keep calling until AI gives final answer + let final_response; + let max_iterations = 10; // Prevent infinite loops + let mut iteration = 0; + + loop { + iteration += 1; + if iteration > max_iterations { + return Err("Tool-calling loop exceeded maximum iterations".to_string()); + } + + let response = provider + .chat(messages.clone(), &provider_config, tools.clone()) + .await + .map_err(|e| { + let error_msg = format!("AI provider request failed: {e}"); + warn!("{}", error_msg); + error_msg + })?; + + // Check if AI wants to call tools + if let Some(tool_calls) = &response.tool_calls { + tracing::info!("AI requested {} tool call(s)", tool_calls.len()); + + // Execute each tool call + for tool_call in tool_calls { + tracing::info!("Executing tool: {}", tool_call.name); + + let tool_result = execute_tool_call(tool_call, &app_handle, &state).await; + + // Format result + let result_content = match tool_result { + Ok(result) => result, + Err(e) => format!("Error executing tool: {e}"), + }; + + // Add tool result as a message + messages.push(Message { + role: "tool".into(), + content: result_content, + tool_call_id: Some(tool_call.id.clone()), + tool_calls: None, + }); + } + + // Continue loop to get AI's next response + continue; + } + + // No tool calls - this is the final answer + final_response = response; + break; + } // Save both user message and response to DB { @@ -239,7 +325,7 @@ pub async fn chat_message( let asst_msg = AiMessage::new( conversation_id, "assistant".to_string(), - response.content.clone(), + final_response.content.clone(), ); db.execute( @@ -268,10 +354,10 @@ pub async fn chat_message( "model": provider_config.model, "api_url": provider_config.api_url, "user_message": user_msg.content, - "response_preview": if response.content.len() > 200 { - format!("{preview}...", preview = &response.content[..200]) + "response_preview": if final_response.content.len() > 200 { + format!("{preview}...", preview = &final_response.content[..200]) } else { - response.content.clone() + final_response.content.clone() }, "token_count": user_msg.token_count, }); @@ -292,7 +378,7 @@ pub async fn chat_message( } } - Ok(response) + Ok(final_response) } #[tauri::command] @@ -305,9 +391,11 @@ pub async fn test_provider_connection( content: "Reply with exactly: Troubleshooting and RCA Assistant connection test successful." .into(), + tool_call_id: None, + tool_calls: None, }]; provider - .chat(messages, &provider_config) + .chat(messages, &provider_config, None) .await .map_err(|e| { warn!(error = %e, "ai test_provider_connection failed"); @@ -352,6 +440,417 @@ pub async fn list_providers() -> Result, String> { ]) } +/// Search integration sources (Confluence, ServiceNow, Azure DevOps) for relevant context +async fn search_integration_sources( + query: &str, + app_handle: &tauri::AppHandle, + state: &State<'_, AppState>, +) -> String { + let mut all_results = Vec::new(); + + // Try to get integration configurations + let configs: Vec = { + let db = match state.db.lock() { + Ok(db) => db, + Err(e) => { + tracing::warn!("Failed to lock database: {}", e); + return String::new(); + } + }; + + let mut stmt = match db.prepare( + "SELECT service, base_url, username, project_name, space_key FROM integration_config", + ) { + Ok(stmt) => stmt, + Err(e) => { + tracing::warn!("Failed to prepare statement: {}", e); + return String::new(); + } + }; + + let rows = match stmt.query_map([], |row| { + Ok(crate::commands::integrations::IntegrationConfig { + service: row.get(0)?, + base_url: row.get(1)?, + username: row.get(2)?, + project_name: row.get(3)?, + space_key: row.get(4)?, + }) + }) { + Ok(rows) => rows, + Err(e) => { + tracing::warn!("Failed to query integration configs: {}", e); + return String::new(); + } + }; + + rows.filter_map(|r| r.ok()).collect() + }; + + // Search each available integration in parallel + let mut search_tasks = Vec::new(); + + for config in configs { + // Authentication priority: + // 1. Try cookies from persistent browser (may fail for HttpOnly) + // 2. Try stored credentials from database + // 3. Fall back to webview-based search (uses browser's session directly) + + let cookies_opt = match crate::commands::integrations::get_fresh_cookies_from_webview( + &config.service, + app_handle, + state, + ) + .await + { + Ok(Some(cookies)) => { + tracing::info!("Using extracted cookies for {}", config.service); + Some(cookies) + } + _ => { + // Fallback: check for stored credentials in database + tracing::info!( + "Cookie extraction failed for {}, checking stored credentials", + config.service + ); + let encrypted_token: Option = { + let db = match state.db.lock() { + Ok(db) => db, + Err(_) => continue, + }; + db.query_row( + "SELECT encrypted_token FROM credentials WHERE service = ?1", + [&config.service], + |row| row.get::<_, String>(0), + ) + .optional() + .ok() + .flatten() + }; + + if let Some(token) = encrypted_token { + if let Ok(decrypted) = crate::integrations::auth::decrypt_token(&token) { + // Try to parse as cookies JSON + if let Ok(cookie_list) = serde_json::from_str::< + Vec, + >(&decrypted) + { + tracing::info!( + "Using stored cookies for {} (count: {})", + config.service, + cookie_list.len() + ); + Some(cookie_list) + } else { + tracing::warn!( + "Stored credentials for {} not in cookie format", + config.service + ); + None + } + } else { + None + } + } else { + None + } + } + }; + + // If we have cookies (from extraction or database), use standard API search + if let Some(cookies) = cookies_opt { + match config.service.as_str() { + "confluence" => { + let base_url = config.base_url.clone(); + let query = query.to_string(); + let cookies_clone = cookies.clone(); + search_tasks.push(tokio::spawn(async move { + crate::integrations::confluence_search::search_confluence( + &base_url, + &query, + &cookies_clone, + ) + .await + .unwrap_or_default() + })); + } + "servicenow" => { + let instance_url = config.base_url.clone(); + let query = query.to_string(); + let cookies_clone = cookies.clone(); + search_tasks.push(tokio::spawn(async move { + let mut results = Vec::new(); + // Search knowledge base + if let Ok(kb_results) = + crate::integrations::servicenow_search::search_servicenow( + &instance_url, + &query, + &cookies_clone, + ) + .await + { + results.extend(kb_results); + } + // Search incidents + if let Ok(incident_results) = + crate::integrations::servicenow_search::search_incidents( + &instance_url, + &query, + &cookies_clone, + ) + .await + { + results.extend(incident_results); + } + results + })); + } + "azuredevops" => { + let org_url = config.base_url.clone(); + let project = config.project_name.unwrap_or_default(); + let query = query.to_string(); + let cookies_clone = cookies.clone(); + search_tasks.push(tokio::spawn(async move { + let mut results = Vec::new(); + // Search wiki + if let Ok(wiki_results) = + crate::integrations::azuredevops_search::search_wiki( + &org_url, + &project, + &query, + &cookies_clone, + ) + .await + { + results.extend(wiki_results); + } + // Search work items + if let Ok(wi_results) = + crate::integrations::azuredevops_search::search_work_items( + &org_url, + &project, + &query, + &cookies_clone, + ) + .await + { + results.extend(wi_results); + } + results + })); + } + _ => {} + } + } else { + // Final fallback: try webview-based fetch (includes HttpOnly cookies automatically) + // This makes HTTP requests FROM the authenticated webview, which includes all cookies + tracing::info!( + "No extracted cookies for {}, trying webview-based fetch", + config.service + ); + + // Check if webview exists for this service + let webview_label = { + let webviews = match state.integration_webviews.lock() { + Ok(w) => w, + Err(_) => continue, + }; + webviews.get(&config.service).cloned() + }; + + if let Some(label) = webview_label { + // Get window handle + if let Some(webview_window) = app_handle.get_webview_window(&label) { + let base_url = config.base_url.clone(); + let service = config.service.clone(); + let query_str = query.to_string(); + + match service.as_str() { + "confluence" => { + search_tasks.push(tokio::spawn(async move { + tracing::info!("Executing Confluence search via webview fetch"); + match crate::integrations::webview_fetch::search_confluence_webview( + &webview_window, + &base_url, + &query_str, + ) + .await + { + Ok(results) => { + tracing::info!( + "Webview fetch for Confluence returned {} results", + results.len() + ); + results + } + Err(e) => { + tracing::warn!( + "Webview fetch failed for Confluence: {}", + e + ); + Vec::new() + } + } + })); + } + "servicenow" => { + search_tasks.push(tokio::spawn(async move { + tracing::info!("Executing ServiceNow search via webview fetch"); + match crate::integrations::webview_fetch::search_servicenow_webview( + &webview_window, + &base_url, + &query_str, + ) + .await + { + Ok(results) => { + tracing::info!( + "Webview fetch for ServiceNow returned {} results", + results.len() + ); + results + } + Err(e) => { + tracing::warn!( + "Webview fetch failed for ServiceNow: {}", + e + ); + Vec::new() + } + } + })); + } + "azuredevops" => { + let project = config.project_name.unwrap_or_default(); + search_tasks.push(tokio::spawn(async move { + tracing::info!("Executing Azure DevOps search via webview fetch"); + let mut results = Vec::new(); + + // Search wiki + match crate::integrations::webview_fetch::search_azuredevops_wiki_webview( + &webview_window, + &base_url, + &project, + &query_str + ).await { + Ok(wiki_results) => { + tracing::info!("Webview fetch for ADO wiki returned {} results", wiki_results.len()); + results.extend(wiki_results); + } + Err(e) => { + tracing::warn!("Webview fetch failed for ADO wiki: {}", e); + } + } + + // Search work items + match crate::integrations::webview_fetch::search_azuredevops_workitems_webview( + &webview_window, + &base_url, + &project, + &query_str + ).await { + Ok(wi_results) => { + tracing::info!("Webview fetch for ADO work items returned {} results", wi_results.len()); + results.extend(wi_results); + } + Err(e) => { + tracing::warn!("Webview fetch failed for ADO work items: {}", e); + } + } + + results + })); + } + _ => {} + } + } else { + tracing::warn!("Webview window not found for {}", config.service); + } + } else { + tracing::warn!( + "No webview open for {} - cannot search. Please open browser window in Settings β†’ Integrations", + config.service + ); + } + } + } + + // Wait for all searches to complete + for task in search_tasks { + if let Ok(results) = task.await { + all_results.extend(results); + } + } + + // Format results for AI context + if all_results.is_empty() { + return String::new(); + } + + let mut context = String::new(); + for (idx, result) in all_results.iter().enumerate() { + context.push_str(&format!("--- SOURCE {} ({}) ---\n", idx + 1, result.source)); + context.push_str(&format!("Title: {}\n", result.title)); + context.push_str(&format!("URL: {}\n", result.url)); + + if let Some(content) = &result.content { + context.push_str(&format!("Content:\n{content}\n\n")); + } else { + context.push_str(&format!("Excerpt: {}\n\n", result.excerpt)); + } + } + + tracing::info!( + "Found {} integration sources for AI context", + all_results.len() + ); + context +} + +/// Execute a tool call made by the AI +async fn execute_tool_call( + tool_call: &crate::ai::ToolCall, + app_handle: &tauri::AppHandle, + app_state: &State<'_, AppState>, +) -> Result { + match tool_call.name.as_str() { + "add_ado_comment" => { + // Parse arguments + let args: serde_json::Value = serde_json::from_str(&tool_call.arguments) + .map_err(|e| format!("Failed to parse tool arguments: {e}"))?; + + let work_item_id = args + .get("work_item_id") + .and_then(|v| v.as_i64()) + .ok_or_else(|| "Missing or invalid work_item_id parameter".to_string())?; + + let comment_text = args + .get("comment_text") + .and_then(|v| v.as_str()) + .ok_or_else(|| "Missing or invalid comment_text parameter".to_string())?; + + // Execute the add_ado_comment command + tracing::info!( + "AI executing tool: add_ado_comment({}, \"{}\")", + work_item_id, + comment_text + ); + crate::commands::integrations::add_ado_comment( + work_item_id, + comment_text.to_string(), + app_handle.clone(), + app_state.clone(), + ) + .await + } + _ => { + let error = format!("Unknown tool: {}", tool_call.name); + tracing::warn!("{}", error); + Err(error) + } + } +} + #[cfg(test)] mod tests { use super::*; diff --git a/src-tauri/src/commands/integrations.rs b/src-tauri/src/commands/integrations.rs index 9cf4f878..4226bfd3 100644 --- a/src-tauri/src/commands/integrations.rs +++ b/src-tauri/src/commands/integrations.rs @@ -19,10 +19,105 @@ lazy_static::lazy_static! { #[tauri::command] pub async fn test_confluence_connection( - _base_url: String, + base_url: String, _credentials: serde_json::Value, + app_handle: tauri::AppHandle, + app_state: State<'_, AppState>, ) -> Result { - Err("Integrations available in v0.2. Please update to the latest version.".to_string()) + // Try to get fresh cookies from persistent webview + let cookies = get_fresh_cookies_from_webview("confluence", &app_handle, &app_state).await?; + + if let Some(cookie_list) = cookies { + // Use cookies for authentication + let cookie_header = crate::integrations::webview_auth::cookies_to_header(&cookie_list); + + let client = reqwest::Client::new(); + let url = format!("{}/rest/api/user/current", base_url.trim_end_matches('/')); + + let resp = client + .get(&url) + .header("Cookie", cookie_header) + .send() + .await + .map_err(|e| format!("Connection failed: {e}"))?; + + if resp.status().is_success() { + Ok(ConnectionResult { + success: true, + message: "Successfully connected to Confluence using browser session".to_string(), + }) + } else { + let status = resp.status(); + let text = resp.text().await.unwrap_or_default(); + Ok(ConnectionResult { + success: false, + message: format!("Connection failed with status {status}: {text}"), + }) + } + } else { + // No webview open, check if we have stored credentials + let encrypted_token: Option = { + let db = app_state + .db + .lock() + .map_err(|e| format!("Failed to lock database: {e}"))?; + + db.query_row( + "SELECT encrypted_token FROM credentials WHERE service = ?1", + ["confluence"], + |row| row.get(0), + ) + .optional() + .map_err(|e| format!("Failed to query credentials: {e}"))? + }; + + if let Some(token) = encrypted_token { + let decrypted = crate::integrations::auth::decrypt_token(&token)?; + + // Try to parse as cookies JSON first + if let Ok(cookie_list) = + serde_json::from_str::>(&decrypted) + { + let cookie_header = + crate::integrations::webview_auth::cookies_to_header(&cookie_list); + + let client = reqwest::Client::new(); + let url = format!("{}/rest/api/user/current", base_url.trim_end_matches('/')); + + let resp = client + .get(&url) + .header("Cookie", cookie_header) + .send() + .await + .map_err(|e| format!("Connection failed: {e}"))?; + + if resp.status().is_success() { + Ok(ConnectionResult { + success: true, + message: "Successfully connected to Confluence using stored session" + .to_string(), + }) + } else { + let status = resp.status(); + Ok(ConnectionResult { + success: false, + message: format!( + "Connection failed with status {status}. Session may have expired - try reopening the browser window." + ), + }) + } + } else { + // Treat as bearer token + let config = crate::integrations::confluence::ConfluenceConfig { + base_url: base_url.clone(), + access_token: decrypted, + }; + crate::integrations::confluence::test_connection(&config).await + } + } else { + Err("Not authenticated. Please open the browser window and log in, or provide a manual token.".to_string()) + } + } } #[tauri::command] @@ -36,10 +131,71 @@ pub async fn publish_to_confluence( #[tauri::command] pub async fn test_servicenow_connection( - _instance_url: String, + instance_url: String, _credentials: serde_json::Value, + app_handle: tauri::AppHandle, + app_state: State<'_, AppState>, ) -> Result { - Err("Integrations available in v0.2. Please update to the latest version.".to_string()) + // Try to get fresh cookies from persistent webview + let cookies = get_fresh_cookies_from_webview("servicenow", &app_handle, &app_state).await?; + + if let Some(cookie_list) = cookies { + let cookie_header = crate::integrations::webview_auth::cookies_to_header(&cookie_list); + + let client = reqwest::Client::new(); + let url = format!( + "{}/api/now/table/sys_user?sysparm_limit=1", + instance_url.trim_end_matches('/') + ); + + let resp = client + .get(&url) + .header("Cookie", cookie_header) + .send() + .await + .map_err(|e| format!("Connection failed: {e}"))?; + + if resp.status().is_success() { + Ok(ConnectionResult { + success: true, + message: "Successfully connected to ServiceNow using browser session".to_string(), + }) + } else { + let status = resp.status(); + Ok(ConnectionResult { + success: false, + message: format!("Connection failed with status {status}"), + }) + } + } else { + // Check stored credentials + let encrypted_token: Option = { + let db = app_state + .db + .lock() + .map_err(|e| format!("Failed to lock database: {e}"))?; + + db.query_row( + "SELECT encrypted_token FROM credentials WHERE service = ?1", + ["servicenow"], + |row| row.get(0), + ) + .optional() + .map_err(|e| format!("Failed to query credentials: {e}"))? + }; + + if let Some(token) = encrypted_token { + let password = crate::integrations::auth::decrypt_token(&token)?; + let config = crate::integrations::servicenow::ServiceNowConfig { + instance_url: instance_url.clone(), + username: "".to_string(), + password, + }; + crate::integrations::servicenow::test_connection(&config).await + } else { + Err("Not authenticated. Please open the browser window and log in, or provide a manual token.".to_string()) + } + } } #[tauri::command] @@ -52,10 +208,71 @@ pub async fn create_servicenow_incident( #[tauri::command] pub async fn test_azuredevops_connection( - _org_url: String, + org_url: String, _credentials: serde_json::Value, + app_handle: tauri::AppHandle, + app_state: State<'_, AppState>, ) -> Result { - Err("Integrations available in v0.2. Please update to the latest version.".to_string()) + // Try to get fresh cookies from persistent webview + let cookies = get_fresh_cookies_from_webview("azuredevops", &app_handle, &app_state).await?; + + if let Some(cookie_list) = cookies { + let cookie_header = crate::integrations::webview_auth::cookies_to_header(&cookie_list); + + let client = reqwest::Client::new(); + let url = format!( + "{}/_apis/projects?api-version=6.0", + org_url.trim_end_matches('/') + ); + + let resp = client + .get(&url) + .header("Cookie", cookie_header) + .send() + .await + .map_err(|e| format!("Connection failed: {e}"))?; + + if resp.status().is_success() { + Ok(ConnectionResult { + success: true, + message: "Successfully connected to Azure DevOps using browser session".to_string(), + }) + } else { + let status = resp.status(); + Ok(ConnectionResult { + success: false, + message: format!("Connection failed with status {status}"), + }) + } + } else { + // Check stored credentials + let encrypted_token: Option = { + let db = app_state + .db + .lock() + .map_err(|e| format!("Failed to lock database: {e}"))?; + + db.query_row( + "SELECT encrypted_token FROM credentials WHERE service = ?1", + ["azuredevops"], + |row| row.get(0), + ) + .optional() + .map_err(|e| format!("Failed to query credentials: {e}"))? + }; + + if let Some(token) = encrypted_token { + let access_token = crate::integrations::auth::decrypt_token(&token)?; + let config = crate::integrations::azuredevops::AzureDevOpsConfig { + organization_url: org_url.clone(), + access_token, + project: "".to_string(), + }; + crate::integrations::azuredevops::test_connection(&config).await + } else { + Err("Not authenticated. Please open the browser window and log in, or provide a manual token.".to_string()) + } + } } #[tauri::command] @@ -505,6 +722,7 @@ pub struct WebviewAuthResponse { pub async fn authenticate_with_webview( service: String, base_url: String, + project_name: Option, app_handle: tauri::AppHandle, app_state: State<'_, AppState>, ) -> Result { @@ -530,21 +748,81 @@ pub async fn authenticate_with_webview( // Open persistent browser window let _credentials = crate::integrations::webview_auth::authenticate_with_webview( - app_handle, &service, &base_url, + app_handle.clone(), + &service, + &base_url, + project_name.as_deref(), ) .await?; - // Store window reference + // Store window reference in memory app_state .integration_webviews .lock() .map_err(|e| format!("Failed to lock webviews: {e}"))? .insert(service.clone(), webview_id.clone()); + // Persist to database for restoration on app restart + let db = app_state + .db + .lock() + .map_err(|e| format!("Failed to lock database: {e}"))?; + + db.execute( + "INSERT OR REPLACE INTO persistent_webviews + (id, service, webview_label, base_url, last_active) + VALUES (?1, ?2, ?3, ?4, datetime('now'))", + rusqlite::params![ + uuid::Uuid::now_v7().to_string(), + service.clone(), + webview_id.clone(), + base_url.clone(), + ], + ) + .map_err(|e| format!("Failed to persist webview: {e}"))?; + + tracing::info!("Persisted webview {} for service {}", webview_id, service); + + // Set up window close handler to remove from tracking and database + if let Some(webview_window) = app_handle.get_webview_window(&webview_id) { + let service_clone = service.clone(); + let db_arc = app_state.db.clone(); + let webviews_arc = app_state.integration_webviews.clone(); + + webview_window.on_window_event(move |event| { + if let tauri::WindowEvent::CloseRequested { .. } = event { + let service = service_clone.clone(); + let db = db_arc.clone(); + let webviews = webviews_arc.clone(); + + // Spawn async task to clean up + tauri::async_runtime::spawn(async move { + // Remove from in-memory tracking + if let Ok(mut webviews_lock) = webviews.lock() { + webviews_lock.remove(&service); + tracing::info!("Removed {} from webview tracking", service); + } + + // Remove from database + if let Ok(db_lock) = db.lock() { + if let Err(e) = db_lock.execute( + "DELETE FROM persistent_webviews WHERE service = ?1", + rusqlite::params![service], + ) { + tracing::warn!("Failed to remove persistent webview from DB: {}", e); + } else { + tracing::info!("Removed {} from persistent webviews database", service); + } + } + }); + } + }); + } + Ok(WebviewAuthResponse { success: true, message: format!( - "{service} browser window opened. This window will stay open - use it to browse and authenticate. Cookies will be extracted automatically for API calls." + "{service} browser window opened. This window will stay open across app restarts - use it to browse and authenticate. Cookies are maintained automatically." ), webview_id, }) @@ -605,16 +883,11 @@ pub async fn extract_cookies_from_webview( ) .map_err(|e| format!("Failed to store cookies: {e}"))?; - // Close the webview window - if let Some(webview) = app_handle.get_webview_window(&webview_id) { - webview - .close() - .map_err(|e| format!("Failed to close webview: {e}"))?; - } + // NOTE: Window stays open for persistent browsing - no longer closing after cookie extraction Ok(ConnectionResult { success: true, - message: format!("{service} authentication saved successfully"), + message: format!("{service} authentication saved successfully. The browser window will stay open for future use."), }) } @@ -786,6 +1059,122 @@ pub async fn get_fresh_cookies_from_webview( } } +// ============================================================================ +// Persistent Webview Restoration +// ============================================================================ + +/// Restore persistent browser windows from database on app startup. +/// This recreates integration browser windows that were open when the app last closed. +pub async fn restore_persistent_webviews( + app_handle: &tauri::AppHandle, + app_state: &AppState, +) -> Result<(), String> { + let webviews_to_restore: Vec<(String, String, String)> = { + let db = app_state + .db + .lock() + .map_err(|e| format!("Failed to lock database: {e}"))?; + + let mut stmt = db + .prepare("SELECT service, webview_label, base_url FROM persistent_webviews") + .map_err(|e| format!("Failed to prepare query: {e}"))?; + + let rows: Vec<(String, String, String)> = stmt + .query_map([], |row| { + Ok(( + row.get::<_, String>(0)?, // service + row.get::<_, String>(1)?, // webview_label + row.get::<_, String>(2)?, // base_url + )) + }) + .map_err(|e| format!("Failed to query persistent webviews: {e}"))? + .collect::, _>>() + .map_err(|e| format!("Failed to collect webviews: {e}"))?; + + rows + }; + + for (service, webview_label, base_url) in webviews_to_restore { + tracing::info!( + "Restoring persistent webview {} for service {} at {}", + webview_label, + service, + base_url + ); + + // Get project name from integration config if available + let project_name: Option = { + let db = app_state + .db + .lock() + .map_err(|e| format!("Failed to lock database: {e}"))?; + db.query_row( + "SELECT project_name FROM integration_config WHERE service = ?1", + [&service], + |row| row.get(0), + ) + .ok() + }; + + // Recreate the webview window + match crate::integrations::webview_auth::authenticate_with_webview( + app_handle.clone(), + &service, + &base_url, + project_name.as_deref(), + ) + .await + { + Ok(_) => { + // Store in memory tracking + app_state + .integration_webviews + .lock() + .map_err(|e| format!("Failed to lock webviews: {e}"))? + .insert(service.clone(), webview_label.clone()); + + tracing::info!("Successfully restored webview for {}", service); + } + Err(e) => { + tracing::warn!("Failed to restore webview for {}: {}", service, e); + // Remove from database if restoration failed + let db = app_state + .db + .lock() + .map_err(|e| format!("Failed to lock database: {e}"))?; + + db.execute( + "DELETE FROM persistent_webviews WHERE service = ?1", + rusqlite::params![service], + ) + .map_err(|e| format!("Failed to remove failed webview: {e}"))?; + } + } + } + + Ok(()) +} + +/// Remove persistent webview from database (called when window is closed). +pub async fn remove_persistent_webview( + service: &str, + app_state: &State<'_, AppState>, +) -> Result<(), String> { + let db = app_state + .db + .lock() + .map_err(|e| format!("Failed to lock database: {e}"))?; + + db.execute( + "DELETE FROM persistent_webviews WHERE service = ?1", + rusqlite::params![service], + ) + .map_err(|e| format!("Failed to remove persistent webview: {e}"))?; + + tracing::info!("Removed persistent webview for service: {}", service); + Ok(()) +} + // ============================================================================ // Integration Configuration Persistence // ============================================================================ @@ -891,3 +1280,51 @@ pub async fn get_all_integration_configs( Ok(configs) } + +/// Add a comment to an Azure DevOps work item +#[tauri::command] +pub async fn add_ado_comment( + work_item_id: i64, + comment_text: String, + app_handle: tauri::AppHandle, + app_state: State<'_, AppState>, +) -> Result { + // Get ADO configuration + let (org_url, _project_name) = { + let db = app_state + .db + .lock() + .map_err(|e| format!("Failed to lock database: {e}"))?; + let mut stmt = db.prepare( + "SELECT base_url, project_name FROM integration_config WHERE service = 'azuredevops'" + ).map_err(|e| format!("Failed to prepare query: {e}"))?; + + stmt.query_row([], |row| { + Ok((row.get::<_, String>(0)?, row.get::<_, Option>(1)?)) + }) + .map_err(|e| format!("Azure DevOps not configured: {e}"))? + }; + + // Get webview window + let webview_label = { + let webviews = app_state + .integration_webviews + .lock() + .map_err(|e| format!("Failed to lock webviews: {e}"))?; + webviews.get("azuredevops").cloned() + .ok_or_else(|| "Azure DevOps browser window not open. Please open it in Settings β†’ Integrations first.".to_string())? + }; + + let webview_window = app_handle + .get_webview_window(&webview_label) + .ok_or_else(|| "Azure DevOps browser window not found".to_string())?; + + // Add the comment + crate::integrations::webview_fetch::add_azuredevops_comment_webview( + &webview_window, + &org_url, + work_item_id, + &comment_text, + ) + .await +} diff --git a/src-tauri/src/commands/system.rs b/src-tauri/src/commands/system.rs index a74846df..40cd21e5 100644 --- a/src-tauri/src/commands/system.rs +++ b/src-tauri/src/commands/system.rs @@ -3,7 +3,7 @@ use crate::ollama::{ hardware, installer, manager, recommender, InstallGuide, ModelRecommendation, OllamaModel, OllamaStatus, }; -use crate::state::{AppSettings, AppState}; +use crate::state::{AppSettings, AppState, ProviderConfig}; // --- Ollama commands --- @@ -141,3 +141,133 @@ pub async fn get_audit_log( Ok(rows) } + +// --- AI Provider persistence commands --- + +/// Save an AI provider configuration to encrypted database +#[tauri::command] +pub async fn save_ai_provider( + provider: ProviderConfig, + state: tauri::State<'_, AppState>, +) -> Result<(), String> { + // Encrypt the API key + let encrypted_key = crate::integrations::auth::encrypt_token(&provider.api_key)?; + + let db = state.db.lock().map_err(|e| e.to_string())?; + + db.execute( + "INSERT OR REPLACE INTO ai_providers + (id, name, provider_type, api_url, encrypted_api_key, model, max_tokens, temperature, + custom_endpoint_path, custom_auth_header, custom_auth_prefix, api_format, user_id, updated_at) + VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12, ?13, datetime('now'))", + rusqlite::params![ + uuid::Uuid::now_v7().to_string(), + provider.name, + provider.provider_type, + provider.api_url, + encrypted_key, + provider.model, + provider.max_tokens, + provider.temperature, + provider.custom_endpoint_path, + provider.custom_auth_header, + provider.custom_auth_prefix, + provider.api_format, + provider.user_id, + ], + ) + .map_err(|e| format!("Failed to save AI provider: {e}"))?; + + Ok(()) +} + +/// Load all AI provider configurations from database +#[tauri::command] +pub async fn load_ai_providers( + state: tauri::State<'_, AppState>, +) -> Result, String> { + let db = state.db.lock().map_err(|e| e.to_string())?; + + let mut stmt = db + .prepare( + "SELECT name, provider_type, api_url, encrypted_api_key, model, max_tokens, temperature, + custom_endpoint_path, custom_auth_header, custom_auth_prefix, api_format, user_id + FROM ai_providers + ORDER BY name", + ) + .map_err(|e| e.to_string())?; + + let providers = stmt + .query_map([], |row| { + let encrypted_key: String = row.get(3)?; + + Ok(( + row.get::<_, String>(0)?, // name + row.get::<_, String>(1)?, // provider_type + row.get::<_, String>(2)?, // api_url + encrypted_key, // encrypted_api_key + row.get::<_, String>(4)?, // model + row.get::<_, Option>(5)?, // max_tokens + row.get::<_, Option>(6)?, // temperature + row.get::<_, Option>(7)?, // custom_endpoint_path + row.get::<_, Option>(8)?, // custom_auth_header + row.get::<_, Option>(9)?, // custom_auth_prefix + row.get::<_, Option>(10)?, // api_format + row.get::<_, Option>(11)?, // user_id + )) + }) + .map_err(|e| e.to_string())? + .filter_map(|r| r.ok()) + .filter_map( + |( + name, + provider_type, + api_url, + encrypted_key, + model, + max_tokens, + temperature, + custom_endpoint_path, + custom_auth_header, + custom_auth_prefix, + api_format, + user_id, + )| { + // Decrypt the API key + let api_key = crate::integrations::auth::decrypt_token(&encrypted_key).ok()?; + + Some(ProviderConfig { + name, + provider_type, + api_url, + api_key, + model, + max_tokens, + temperature, + custom_endpoint_path, + custom_auth_header, + custom_auth_prefix, + api_format, + session_id: None, // Session IDs are not persisted + user_id, + }) + }, + ) + .collect(); + + Ok(providers) +} + +/// Delete an AI provider configuration +#[tauri::command] +pub async fn delete_ai_provider( + name: String, + state: tauri::State<'_, AppState>, +) -> Result<(), String> { + let db = state.db.lock().map_err(|e| e.to_string())?; + + db.execute("DELETE FROM ai_providers WHERE name = ?1", [&name]) + .map_err(|e| format!("Failed to delete AI provider: {e}"))?; + + Ok(()) +} diff --git a/src-tauri/src/db/connection.rs b/src-tauri/src/db/connection.rs index 3b1a8052..3b6fe83b 100644 --- a/src-tauri/src/db/connection.rs +++ b/src-tauri/src/db/connection.rs @@ -81,16 +81,82 @@ pub fn open_dev_db(path: &Path) -> anyhow::Result { Ok(conn) } +/// Migrates a plain SQLite database to an encrypted SQLCipher database. +/// Creates a backup of the original file before migration. +fn migrate_plain_to_encrypted(db_path: &Path, key: &str) -> anyhow::Result { + tracing::warn!("Detected plain SQLite database in release build - migrating to encrypted"); + + // Create backup of plain database + let backup_path = db_path.with_extension("db.plain-backup"); + std::fs::copy(db_path, &backup_path)?; + tracing::info!("Backed up plain database to {:?}", backup_path); + + // Open the plain database + let plain_conn = Connection::open(db_path)?; + + // Create temporary encrypted database path + let temp_encrypted = db_path.with_extension("db.encrypted-temp"); + + // Attach and migrate to encrypted database using SQLCipher export + plain_conn.execute_batch(&format!( + "ATTACH DATABASE '{}' AS encrypted KEY '{}';\ + PRAGMA encrypted.cipher_page_size = 16384;\ + PRAGMA encrypted.kdf_iter = 256000;\ + PRAGMA encrypted.cipher_hmac_algorithm = HMAC_SHA512;\ + PRAGMA encrypted.cipher_kdf_algorithm = PBKDF2_HMAC_SHA512;", + temp_encrypted.display(), + key.replace('\'', "''") + ))?; + + // Export all data to encrypted database + plain_conn.execute_batch("SELECT sqlcipher_export('encrypted');")?; + plain_conn.execute_batch("DETACH DATABASE encrypted;")?; + drop(plain_conn); + + // Replace original with encrypted version + std::fs::rename(&temp_encrypted, db_path)?; + tracing::info!("Successfully migrated database to encrypted format"); + + // Open and return the encrypted database + open_encrypted_db(db_path, key) +} + +/// Checks if a database file is plain SQLite by reading its header. +fn is_plain_sqlite(path: &Path) -> bool { + if let Ok(mut file) = std::fs::File::open(path) { + use std::io::Read; + let mut header = [0u8; 16]; + if file.read_exact(&mut header).is_ok() { + // SQLite databases start with "SQLite format 3\0" + return &header == b"SQLite format 3\0"; + } + } + false +} + pub fn init_db(data_dir: &Path) -> anyhow::Result { std::fs::create_dir_all(data_dir)?; - let db_path = data_dir.join("tftsr.db"); + let db_path = data_dir.join("trcaa.db"); let key = get_db_key(data_dir)?; let conn = if cfg!(debug_assertions) { open_dev_db(&db_path)? } else { - open_encrypted_db(&db_path, &key)? + // In release mode, try encrypted first + match open_encrypted_db(&db_path, &key) { + Ok(conn) => conn, + Err(e) => { + // Check if error is due to trying to decrypt a plain SQLite database + if db_path.exists() && is_plain_sqlite(&db_path) { + // Auto-migrate from plain to encrypted + migrate_plain_to_encrypted(&db_path, &key)? + } else { + // Different error - propagate it + return Err(e); + } + } + } }; crate::db::migrations::run_migrations(&conn)?; @@ -102,13 +168,22 @@ mod tests { use super::*; fn temp_dir(name: &str) -> std::path::PathBuf { - let dir = std::env::temp_dir().join(format!("tftsr-test-{}", name)); + use std::time::SystemTime; + let timestamp = SystemTime::now() + .duration_since(SystemTime::UNIX_EPOCH) + .unwrap() + .as_nanos(); + let dir = std::env::temp_dir().join(format!("tftsr-test-{}-{}", name, timestamp)); + // Clean up if it exists + let _ = std::fs::remove_dir_all(&dir); std::fs::create_dir_all(&dir).unwrap(); dir } #[test] fn test_get_db_key_uses_env_var_when_present() { + // Remove any existing env var first + std::env::remove_var("TFTSR_DB_KEY"); let dir = temp_dir("env-var"); std::env::set_var("TFTSR_DB_KEY", "test-db-key"); let key = get_db_key(&dir).unwrap(); @@ -118,10 +193,43 @@ mod tests { #[test] fn test_get_db_key_debug_fallback_for_empty_env() { + // Remove any existing env var first + std::env::remove_var("TFTSR_DB_KEY"); let dir = temp_dir("empty-env"); std::env::set_var("TFTSR_DB_KEY", " "); let key = get_db_key(&dir).unwrap(); assert_eq!(key, "dev-key-change-in-prod"); std::env::remove_var("TFTSR_DB_KEY"); } + + #[test] + fn test_is_plain_sqlite_detects_plain_database() { + let dir = temp_dir("plain-detect"); + let db_path = dir.join("test.db"); + + // Create a plain SQLite database + let conn = Connection::open(&db_path).unwrap(); + conn.execute("CREATE TABLE test (id INTEGER)", []).unwrap(); + drop(conn); + + assert!(is_plain_sqlite(&db_path)); + } + + #[test] + fn test_is_plain_sqlite_rejects_encrypted() { + let dir = temp_dir("encrypted-detect"); + let db_path = dir.join("test.db"); + + // Create an encrypted database + let conn = Connection::open(&db_path).unwrap(); + conn.execute_batch( + "PRAGMA key = 'test-key';\ + PRAGMA cipher_page_size = 16384;", + ) + .unwrap(); + conn.execute("CREATE TABLE test (id INTEGER)", []).unwrap(); + drop(conn); + + assert!(!is_plain_sqlite(&db_path)); + } } diff --git a/src-tauri/src/db/migrations.rs b/src-tauri/src/db/migrations.rs index 938e53fc..22c992a8 100644 --- a/src-tauri/src/db/migrations.rs +++ b/src-tauri/src/db/migrations.rs @@ -155,6 +155,41 @@ pub fn run_migrations(conn: &Connection) -> anyhow::Result<()> { "ALTER TABLE audit_log ADD COLUMN prev_hash TEXT NOT NULL DEFAULT ''; ALTER TABLE audit_log ADD COLUMN entry_hash TEXT NOT NULL DEFAULT '';", ), + ( + "013_create_persistent_webviews", + "CREATE TABLE IF NOT EXISTS persistent_webviews ( + id TEXT PRIMARY KEY, + service TEXT NOT NULL CHECK(service IN ('confluence','servicenow','azuredevops')), + webview_label TEXT NOT NULL, + base_url TEXT NOT NULL, + last_active TEXT NOT NULL DEFAULT (datetime('now')), + window_x INTEGER, + window_y INTEGER, + window_width INTEGER, + window_height INTEGER, + UNIQUE(service) + );", + ), + ( + "014_create_ai_providers", + "CREATE TABLE IF NOT EXISTS ai_providers ( + id TEXT PRIMARY KEY, + name TEXT NOT NULL UNIQUE, + provider_type TEXT NOT NULL, + api_url TEXT NOT NULL, + encrypted_api_key TEXT NOT NULL, + model TEXT NOT NULL, + max_tokens INTEGER, + temperature REAL, + custom_endpoint_path TEXT, + custom_auth_header TEXT, + custom_auth_prefix TEXT, + api_format TEXT, + user_id TEXT, + created_at TEXT NOT NULL DEFAULT (datetime('now')), + updated_at TEXT NOT NULL DEFAULT (datetime('now')) + );", + ), ]; for (name, sql) in migrations { diff --git a/src-tauri/src/integrations/auth.rs b/src-tauri/src/integrations/auth.rs index 2634a37f..889afb48 100644 --- a/src-tauri/src/integrations/auth.rs +++ b/src-tauri/src/integrations/auth.rs @@ -179,7 +179,60 @@ fn get_encryption_key_material() -> Result { return Ok("dev-key-change-me-in-production-32b".to_string()); } - Err("TFTSR_ENCRYPTION_KEY must be set in release builds".to_string()) + // Release: load or auto-generate a per-installation encryption key + // stored in the app data directory, similar to the database key. + if let Some(app_data_dir) = crate::state::get_app_data_dir() { + let key_path = app_data_dir.join(".enckey"); + + // Try to load existing key + if key_path.exists() { + if let Ok(key) = std::fs::read_to_string(&key_path) { + let key = key.trim().to_string(); + if !key.is_empty() { + return Ok(key); + } + } + } + + // Generate and store new key + use rand::RngCore; + let mut bytes = [0u8; 32]; + rand::rngs::OsRng.fill_bytes(&mut bytes); + let key = hex::encode(bytes); + + // Ensure directory exists + if let Err(e) = std::fs::create_dir_all(&app_data_dir) { + tracing::warn!("Failed to create app data directory: {e}"); + return Err(format!("Failed to create app data directory: {e}")); + } + + // Write key with restricted permissions + #[cfg(unix)] + { + use std::io::Write; + use std::os::unix::fs::OpenOptionsExt; + let mut f = std::fs::OpenOptions::new() + .write(true) + .create(true) + .truncate(true) + .mode(0o600) + .open(&key_path) + .map_err(|e| format!("Failed to write encryption key: {e}"))?; + f.write_all(key.as_bytes()) + .map_err(|e| format!("Failed to write encryption key: {e}"))?; + } + + #[cfg(not(unix))] + { + std::fs::write(&key_path, &key) + .map_err(|e| format!("Failed to write encryption key: {e}"))?; + } + + tracing::info!("Generated new encryption key at {:?}", key_path); + return Ok(key); + } + + Err("Failed to determine app data directory for encryption key storage".to_string()) } fn derive_aes_key() -> Result<[u8; 32], String> { diff --git a/src-tauri/src/integrations/azuredevops_search.rs b/src-tauri/src/integrations/azuredevops_search.rs new file mode 100644 index 00000000..9aabced4 --- /dev/null +++ b/src-tauri/src/integrations/azuredevops_search.rs @@ -0,0 +1,265 @@ +use super::confluence_search::SearchResult; + +/// Search Azure DevOps Wiki for content matching the query +pub async fn search_wiki( + org_url: &str, + project: &str, + query: &str, + cookies: &[crate::integrations::webview_auth::Cookie], +) -> Result, String> { + let cookie_header = crate::integrations::webview_auth::cookies_to_header(cookies); + let client = reqwest::Client::new(); + + // Use Azure DevOps Search API + let search_url = format!( + "{}/_apis/search/wikisearchresults?api-version=7.0", + org_url.trim_end_matches('/') + ); + + let search_body = serde_json::json!({ + "searchText": query, + "$top": 5, + "filters": { + "ProjectFilters": [project] + } + }); + + tracing::info!("Searching Azure DevOps Wiki: {}", search_url); + + let resp = client + .post(&search_url) + .header("Cookie", &cookie_header) + .header("Accept", "application/json") + .header("Content-Type", "application/json") + .json(&search_body) + .send() + .await + .map_err(|e| format!("Azure DevOps wiki search failed: {e}"))?; + + if !resp.status().is_success() { + let status = resp.status(); + let text = resp.text().await.unwrap_or_default(); + return Err(format!( + "Azure DevOps wiki search failed with status {status}: {text}" + )); + } + + let json: serde_json::Value = resp + .json() + .await + .map_err(|e| format!("Failed to parse ADO wiki search response: {e}"))?; + + let mut results = Vec::new(); + + if let Some(results_array) = json["results"].as_array() { + for item in results_array.iter().take(3) { + let title = item["fileName"].as_str().unwrap_or("Untitled").to_string(); + + let path = item["path"].as_str().unwrap_or(""); + let url = format!( + "{}/_wiki/wikis/{}/{}", + org_url.trim_end_matches('/'), + project, + path + ); + + let excerpt = item["content"] + .as_str() + .unwrap_or("") + .chars() + .take(300) + .collect::(); + + // Fetch full wiki page content + let content = if let Some(wiki_id) = item["wiki"]["id"].as_str() { + if let Some(page_path) = item["path"].as_str() { + fetch_wiki_page(org_url, wiki_id, page_path, &cookie_header) + .await + .ok() + } else { + None + } + } else { + None + }; + + results.push(SearchResult { + title, + url, + excerpt, + content, + source: "Azure DevOps".to_string(), + }); + } + } + + Ok(results) +} + +/// Fetch full wiki page content +async fn fetch_wiki_page( + org_url: &str, + wiki_id: &str, + page_path: &str, + cookie_header: &str, +) -> Result { + let client = reqwest::Client::new(); + let page_url = format!( + "{}/_apis/wiki/wikis/{}/pages?path={}&api-version=7.0&includeContent=true", + org_url.trim_end_matches('/'), + wiki_id, + urlencoding::encode(page_path) + ); + + let resp = client + .get(&page_url) + .header("Cookie", cookie_header) + .header("Accept", "application/json") + .send() + .await + .map_err(|e| format!("Failed to fetch wiki page: {e}"))?; + + if !resp.status().is_success() { + let status = resp.status(); + return Err(format!("Failed to fetch wiki page: {status}")); + } + + let json: serde_json::Value = resp + .json() + .await + .map_err(|e| format!("Failed to parse wiki page: {e}"))?; + + let content = json["content"].as_str().unwrap_or("").to_string(); + + // Truncate to reasonable length + let truncated = if content.len() > 3000 { + format!("{}...", &content[..3000]) + } else { + content + }; + + Ok(truncated) +} + +/// Search Azure DevOps Work Items for related issues +pub async fn search_work_items( + org_url: &str, + project: &str, + query: &str, + cookies: &[crate::integrations::webview_auth::Cookie], +) -> Result, String> { + let cookie_header = crate::integrations::webview_auth::cookies_to_header(cookies); + let client = reqwest::Client::new(); + + // Use WIQL (Work Item Query Language) + let wiql_url = format!( + "{}/_apis/wit/wiql?api-version=7.0", + org_url.trim_end_matches('/') + ); + + let wiql_query = format!( + "SELECT [System.Id], [System.Title], [System.Description], [System.State] FROM WorkItems WHERE [System.TeamProject] = '{project}' AND ([System.Title] CONTAINS '{query}' OR [System.Description] CONTAINS '{query}') ORDER BY [System.ChangedDate] DESC" + ); + + let wiql_body = serde_json::json!({ + "query": wiql_query + }); + + tracing::info!("Searching Azure DevOps work items"); + + let resp = client + .post(&wiql_url) + .header("Cookie", &cookie_header) + .header("Accept", "application/json") + .header("Content-Type", "application/json") + .json(&wiql_body) + .send() + .await + .map_err(|e| format!("ADO work item search failed: {e}"))?; + + if !resp.status().is_success() { + return Ok(Vec::new()); // Don't fail if work item search fails + } + + let json: serde_json::Value = resp + .json() + .await + .map_err(|_| "Failed to parse work item response".to_string())?; + + let mut results = Vec::new(); + + if let Some(work_items) = json["workItems"].as_array() { + // Fetch details for top 3 work items + for item in work_items.iter().take(3) { + if let Some(id) = item["id"].as_i64() { + if let Ok(work_item) = fetch_work_item_details(org_url, id, &cookie_header).await { + results.push(work_item); + } + } + } + } + + Ok(results) +} + +/// Fetch work item details +async fn fetch_work_item_details( + org_url: &str, + id: i64, + cookie_header: &str, +) -> Result { + let client = reqwest::Client::new(); + let item_url = format!( + "{}/_apis/wit/workitems/{}?api-version=7.0", + org_url.trim_end_matches('/'), + id + ); + + let resp = client + .get(&item_url) + .header("Cookie", cookie_header) + .header("Accept", "application/json") + .send() + .await + .map_err(|e| format!("Failed to fetch work item: {e}"))?; + + if !resp.status().is_success() { + let status = resp.status(); + return Err(format!("Failed to fetch work item: {status}")); + } + + let json: serde_json::Value = resp + .json() + .await + .map_err(|e| format!("Failed to parse work item: {e}"))?; + + let fields = &json["fields"]; + let title = format!( + "Work Item {}: {}", + id, + fields["System.Title"].as_str().unwrap_or("No title") + ); + + let url = json["_links"]["html"]["href"] + .as_str() + .unwrap_or("") + .to_string(); + + let description = fields["System.Description"] + .as_str() + .unwrap_or("") + .to_string(); + + let state = fields["System.State"].as_str().unwrap_or("Unknown"); + let content = format!("State: {state}\n\nDescription: {description}"); + + let excerpt = content.chars().take(200).collect::(); + + Ok(SearchResult { + title, + url, + excerpt, + content: Some(content), + source: "Azure DevOps".to_string(), + }) +} diff --git a/src-tauri/src/integrations/confluence_search.rs b/src-tauri/src/integrations/confluence_search.rs new file mode 100644 index 00000000..1d814e2f --- /dev/null +++ b/src-tauri/src/integrations/confluence_search.rs @@ -0,0 +1,188 @@ +use serde::{Deserialize, Serialize}; + +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct SearchResult { + pub title: String, + pub url: String, + pub excerpt: String, + pub content: Option, + pub source: String, // "confluence", "servicenow", "azuredevops" +} + +/// Search Confluence for content matching the query +pub async fn search_confluence( + base_url: &str, + query: &str, + cookies: &[crate::integrations::webview_auth::Cookie], +) -> Result, String> { + let cookie_header = crate::integrations::webview_auth::cookies_to_header(cookies); + let client = reqwest::Client::new(); + + // Use Confluence CQL search + let search_url = format!( + "{}/rest/api/search?cql=text~\"{}\"&limit=5", + base_url.trim_end_matches('/'), + urlencoding::encode(query) + ); + + tracing::info!("Searching Confluence: {}", search_url); + + let resp = client + .get(&search_url) + .header("Cookie", &cookie_header) + .header("Accept", "application/json") + .send() + .await + .map_err(|e| format!("Confluence search request failed: {e}"))?; + + if !resp.status().is_success() { + let status = resp.status(); + let text = resp.text().await.unwrap_or_default(); + return Err(format!( + "Confluence search failed with status {status}: {text}" + )); + } + + let json: serde_json::Value = resp + .json() + .await + .map_err(|e| format!("Failed to parse Confluence search response: {e}"))?; + + let mut results = Vec::new(); + + if let Some(results_array) = json["results"].as_array() { + for item in results_array.iter().take(3) { + // Take top 3 results + let title = item["title"].as_str().unwrap_or("Untitled").to_string(); + + let id = item["content"]["id"].as_str(); + let space_key = item["content"]["space"]["key"].as_str(); + + // Build URL + let url = if let (Some(id_str), Some(space)) = (id, space_key) { + format!( + "{}/display/{}/{}", + base_url.trim_end_matches('/'), + space, + id_str + ) + } else { + base_url.to_string() + }; + + // Get excerpt from search result + let excerpt = item["excerpt"] + .as_str() + .unwrap_or("") + .to_string() + .replace("", "") + .replace("", ""); + + // Fetch full page content + let content = if let Some(content_id) = id { + fetch_page_content(base_url, content_id, &cookie_header) + .await + .ok() + } else { + None + }; + + results.push(SearchResult { + title, + url, + excerpt, + content, + source: "Confluence".to_string(), + }); + } + } + + Ok(results) +} + +/// Fetch full content of a Confluence page +async fn fetch_page_content( + base_url: &str, + page_id: &str, + cookie_header: &str, +) -> Result { + let client = reqwest::Client::new(); + let content_url = format!( + "{}/rest/api/content/{}?expand=body.storage", + base_url.trim_end_matches('/'), + page_id + ); + + let resp = client + .get(&content_url) + .header("Cookie", cookie_header) + .header("Accept", "application/json") + .send() + .await + .map_err(|e| format!("Failed to fetch page content: {e}"))?; + + if !resp.status().is_success() { + let status = resp.status(); + return Err(format!("Failed to fetch page: {status}")); + } + + let json: serde_json::Value = resp + .json() + .await + .map_err(|e| format!("Failed to parse page content: {e}"))?; + + // Extract plain text from HTML storage format + let html = json["body"]["storage"]["value"] + .as_str() + .unwrap_or("") + .to_string(); + + // Basic HTML tag stripping (for better results, use a proper HTML parser) + let text = strip_html_tags(&html); + + // Truncate to reasonable length for AI context + let truncated = if text.len() > 3000 { + format!("{}...", &text[..3000]) + } else { + text + }; + + Ok(truncated) +} + +/// Basic HTML tag stripping +fn strip_html_tags(html: &str) -> String { + let mut result = String::new(); + let mut in_tag = false; + + for ch in html.chars() { + match ch { + '<' => in_tag = true, + '>' => in_tag = false, + _ if !in_tag => result.push(ch), + _ => {} + } + } + + // Clean up whitespace + result + .split_whitespace() + .collect::>() + .join(" ") + .trim() + .to_string() +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_strip_html_tags() { + let html = "

Hello world!

"; + assert_eq!(strip_html_tags(html), "Hello world!"); + + let html2 = "

Title

Content

"; + assert_eq!(strip_html_tags(html2), "TitleContent"); + } +} diff --git a/src-tauri/src/integrations/mod.rs b/src-tauri/src/integrations/mod.rs index aee0264a..ab81db96 100644 --- a/src-tauri/src/integrations/mod.rs +++ b/src-tauri/src/integrations/mod.rs @@ -1,9 +1,13 @@ pub mod auth; pub mod azuredevops; +pub mod azuredevops_search; pub mod callback_server; pub mod confluence; +pub mod confluence_search; pub mod servicenow; +pub mod servicenow_search; pub mod webview_auth; +pub mod webview_fetch; use serde::{Deserialize, Serialize}; diff --git a/src-tauri/src/integrations/native_cookies.rs b/src-tauri/src/integrations/native_cookies.rs new file mode 100644 index 00000000..f2c3f71a --- /dev/null +++ b/src-tauri/src/integrations/native_cookies.rs @@ -0,0 +1,45 @@ +/// Platform-specific native cookie extraction from webview +/// This can access HttpOnly cookies that JavaScript cannot + +use super::webview_auth::Cookie; + +#[cfg(target_os = "macos")] +pub async fn extract_cookies_native( + window_label: &str, + domain: &str, +) -> Result, String> { + // On macOS, we can use WKWebView's HTTPCookieStore via Objective-C bridge + // This requires cocoa/objc crates which we don't have yet + // For now, return an error indicating this needs implementation + tracing::warn!("Native cookie extraction not yet implemented for macOS"); + Err("Native cookie extraction requires additional dependencies (cocoa, objc)".to_string()) +} + +#[cfg(target_os = "windows")] +pub async fn extract_cookies_native( + window_label: &str, + domain: &str, +) -> Result, String> { + // On Windows, we can use WebView2's cookie manager + // This requires windows crates + tracing::warn!("Native cookie extraction not yet implemented for Windows"); + Err("Native cookie extraction requires additional dependencies (windows crate)".to_string()) +} + +#[cfg(target_os = "linux")] +pub async fn extract_cookies_native( + window_label: &str, + domain: &str, +) -> Result, String> { + // On Linux with WebKitGTK, we can use the cookie manager + tracing::warn!("Native cookie extraction not yet implemented for Linux"); + Err("Native cookie extraction requires additional dependencies (webkit2gtk)".to_string()) +} + +#[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))] +pub async fn extract_cookies_native( + _window_label: &str, + _domain: &str, +) -> Result, String> { + Err("Native cookie extraction not supported on this platform".to_string()) +} diff --git a/src-tauri/src/integrations/native_cookies_macos.rs b/src-tauri/src/integrations/native_cookies_macos.rs new file mode 100644 index 00000000..aa1c552b --- /dev/null +++ b/src-tauri/src/integrations/native_cookies_macos.rs @@ -0,0 +1,50 @@ +/// macOS-specific native cookie extraction using WKWebView's HTTPCookieStore +/// This can access HttpOnly cookies that JavaScript cannot + +#[cfg(target_os = "macos")] +use super::webview_auth::Cookie; + +#[cfg(target_os = "macos")] +pub async fn extract_cookies_native( + webview_label: &str, + domain: &str, +) -> Result, String> { + use cocoa::base::{id, nil}; + use cocoa::foundation::{NSArray, NSString}; + use objc::runtime::{Class, Object}; + use objc::{msg_send, sel, sel_impl}; + + tracing::info!("Attempting native cookie extraction for {} on domain {}", webview_label, domain); + + unsafe { + // Get the WKWebsiteDataStore (where cookies are stored) + let wk_websitedata_store_class = Class::get("WKWebsiteDataStore").ok_or("WKWebsiteDataStore class not found")?; + let data_store: id = msg_send![wk_websitedata_store_class, defaultDataStore]; + + if data_store == nil { + return Err("Failed to get WKWebsiteDataStore".to_string()); + } + + // Get the HTTPCookieStore + let cookie_store: id = msg_send![data_store, httpCookieStore]; + + if cookie_store == nil { + return Err("Failed to get HTTPCookieStore".to_string()); + } + + // Unfortunately, WKHTTPCookieStore's getAllCookies method requires a completion handler + // which is complex to bridge from Rust. For now, we'll document this limitation + // and suggest using the Tauri cookie plugin when it's available. + + tracing::warn!("Native cookie extraction requires async completion handler - not yet fully implemented"); + Err("Native cookie extraction requires Tauri cookie plugin (coming in future Tauri version)".to_string()) + } +} + +#[cfg(not(target_os = "macos"))] +pub async fn extract_cookies_native( + _webview_label: &str, + _domain: &str, +) -> Result, String> { + Err("Native cookie extraction only supported on macOS".to_string()) +} diff --git a/src-tauri/src/integrations/servicenow_search.rs b/src-tauri/src/integrations/servicenow_search.rs new file mode 100644 index 00000000..15e52105 --- /dev/null +++ b/src-tauri/src/integrations/servicenow_search.rs @@ -0,0 +1,163 @@ +use super::confluence_search::SearchResult; + +/// Search ServiceNow Knowledge Base for content matching the query +pub async fn search_servicenow( + instance_url: &str, + query: &str, + cookies: &[crate::integrations::webview_auth::Cookie], +) -> Result, String> { + let cookie_header = crate::integrations::webview_auth::cookies_to_header(cookies); + let client = reqwest::Client::new(); + + // Search Knowledge Base articles + let search_url = format!( + "{}/api/now/table/kb_knowledge?sysparm_query=textLIKE{}^ORshort_descriptionLIKE{}&sysparm_limit=5", + instance_url.trim_end_matches('/'), + urlencoding::encode(query), + urlencoding::encode(query) + ); + + tracing::info!("Searching ServiceNow: {}", search_url); + + let resp = client + .get(&search_url) + .header("Cookie", &cookie_header) + .header("Accept", "application/json") + .send() + .await + .map_err(|e| format!("ServiceNow search request failed: {e}"))?; + + if !resp.status().is_success() { + let status = resp.status(); + let text = resp.text().await.unwrap_or_default(); + return Err(format!( + "ServiceNow search failed with status {status}: {text}" + )); + } + + let json: serde_json::Value = resp + .json() + .await + .map_err(|e| format!("Failed to parse ServiceNow search response: {e}"))?; + + let mut results = Vec::new(); + + if let Some(result_array) = json["result"].as_array() { + for item in result_array.iter().take(3) { + // Take top 3 results + let title = item["short_description"] + .as_str() + .unwrap_or("Untitled") + .to_string(); + + let sys_id = item["sys_id"].as_str().unwrap_or("").to_string(); + + let url = format!( + "{}/kb_view.do?sysparm_article={}", + instance_url.trim_end_matches('/'), + sys_id + ); + + let excerpt = item["text"] + .as_str() + .unwrap_or("") + .chars() + .take(300) + .collect::(); + + // Get full article content + let content = item["text"].as_str().map(|text| { + if text.len() > 3000 { + format!("{}...", &text[..3000]) + } else { + text.to_string() + } + }); + + results.push(SearchResult { + title, + url, + excerpt, + content, + source: "ServiceNow".to_string(), + }); + } + } + + Ok(results) +} + +/// Search ServiceNow Incidents for related issues +pub async fn search_incidents( + instance_url: &str, + query: &str, + cookies: &[crate::integrations::webview_auth::Cookie], +) -> Result, String> { + let cookie_header = crate::integrations::webview_auth::cookies_to_header(cookies); + let client = reqwest::Client::new(); + + // Search incidents + let search_url = format!( + "{}/api/now/table/incident?sysparm_query=short_descriptionLIKE{}^ORdescriptionLIKE{}&sysparm_limit=3&sysparm_display_value=true", + instance_url.trim_end_matches('/'), + urlencoding::encode(query), + urlencoding::encode(query) + ); + + tracing::info!("Searching ServiceNow incidents: {}", search_url); + + let resp = client + .get(&search_url) + .header("Cookie", &cookie_header) + .header("Accept", "application/json") + .send() + .await + .map_err(|e| format!("ServiceNow incident search failed: {e}"))?; + + if !resp.status().is_success() { + return Ok(Vec::new()); // Don't fail if incident search fails + } + + let json: serde_json::Value = resp + .json() + .await + .map_err(|_| "Failed to parse incident response".to_string())?; + + let mut results = Vec::new(); + + if let Some(result_array) = json["result"].as_array() { + for item in result_array.iter() { + let number = item["number"].as_str().unwrap_or("Unknown"); + let title = format!( + "Incident {}: {}", + number, + item["short_description"].as_str().unwrap_or("No title") + ); + + let sys_id = item["sys_id"].as_str().unwrap_or(""); + let url = format!( + "{}/incident.do?sys_id={}", + instance_url.trim_end_matches('/'), + sys_id + ); + + let description = item["description"].as_str().unwrap_or("").to_string(); + + let resolution = item["close_notes"].as_str().unwrap_or("").to_string(); + + let content = format!("Description: {description}\nResolution: {resolution}"); + + let excerpt = content.chars().take(200).collect::(); + + results.push(SearchResult { + title, + url, + excerpt, + content: Some(content), + source: "ServiceNow".to_string(), + }); + } + } + + Ok(results) +} diff --git a/src-tauri/src/integrations/webview_auth.rs b/src-tauri/src/integrations/webview_auth.rs index 8fdb8d82..3247cbaa 100644 --- a/src-tauri/src/integrations/webview_auth.rs +++ b/src-tauri/src/integrations/webview_auth.rs @@ -1,5 +1,5 @@ use serde::{Deserialize, Serialize}; -use tauri::{AppHandle, Listener, WebviewUrl, WebviewWindow, WebviewWindowBuilder}; +use tauri::{AppHandle, WebviewUrl, WebviewWindow, WebviewWindowBuilder}; #[derive(Debug, Clone, Serialize, Deserialize)] pub struct ExtractedCredentials { @@ -24,30 +24,53 @@ pub async fn authenticate_with_webview( app_handle: AppHandle, service: &str, base_url: &str, + project_name: Option<&str>, ) -> Result { let trimmed_base_url = base_url.trim_end_matches('/'); + + tracing::info!( + "authenticate_with_webview called: service={}, base_url={}, project_name={:?}", + service, + base_url, + project_name + ); + let login_url = match service { "confluence" => format!("{trimmed_base_url}/login.action"), "azuredevops" => { - // Azure DevOps login - user will be redirected through Microsoft SSO - format!("{trimmed_base_url}/_signin") + // Azure DevOps - go directly to project if provided, otherwise org home + if let Some(project) = project_name { + let url = format!("{trimmed_base_url}/{project}"); + tracing::info!("Azure DevOps URL with project: {}", url); + url + } else { + tracing::info!("Azure DevOps URL without project: {}", trimmed_base_url); + trimmed_base_url.to_string() + } } "servicenow" => format!("{trimmed_base_url}/login.do"), _ => return Err(format!("Unknown service: {service}")), }; - tracing::info!( - "Opening persistent browser for {} at {}", - service, - login_url - ); + tracing::info!("Final login_url for {} = {}", service, login_url); // Create persistent browser window (stays open for browsing and fresh cookie extraction) let webview_label = format!("{service}-auth"); + + tracing::info!("Creating webview window with label: {}", webview_label); + + let parsed_url = login_url.parse().map_err(|e| { + let err_msg = format!("Failed to parse URL '{login_url}': {e}"); + tracing::error!("{err_msg}"); + err_msg + })?; + + tracing::info!("Parsed URL successfully: {:?}", parsed_url); + let webview = WebviewWindowBuilder::new( &app_handle, &webview_label, - WebviewUrl::External(login_url.parse().map_err(|e| format!("Invalid URL: {e}"))?), + WebviewUrl::External(parsed_url), ) .title(format!( "{service} Browser (Troubleshooting and RCA Assistant)" @@ -57,14 +80,20 @@ pub async fn authenticate_with_webview( .resizable(true) .center() .focused(true) - .visible(true) + .visible(true) // Show immediately - let user see loading + .user_agent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36") + .zoom_hotkeys_enabled(true) + .devtools(true) + .initialization_script("console.log('Webview initialized');") .build() .map_err(|e| format!("Failed to create webview: {e}"))?; - // Focus the window + tracing::info!("Webview window created successfully, setting focus"); + + // Ensure window is focused webview .set_focus() - .map_err(|e| tracing::warn!("Failed to focus webview: {e}")) + .map_err(|e| tracing::warn!("Failed to set focus: {}", e)) .ok(); // Wait for user to complete login @@ -77,121 +106,158 @@ pub async fn authenticate_with_webview( }) } -/// Extract cookies from a webview using Tauri's IPC mechanism. -/// This is the most reliable cross-platform approach. +/// Extract cookies from a webview using localStorage as intermediary. +/// This works for external URLs where window.__TAURI__ is not available. pub async fn extract_cookies_via_ipc( webview_window: &WebviewWindow, - app_handle: &AppHandle, + _app_handle: &AppHandle, ) -> Result, String> { - // Inject JavaScript that will send cookies via IPC - // Note: We use window.__TAURI__ which is the Tauri 2.x API exposed to webviews + // Step 1: Inject JavaScript to extract cookies and store in a global variable + // We can't use __TAURI__ for external URLs, so we use a polling approach let cookie_extraction_script = r#" - (async function() { + (function() { try { - // Wait for Tauri API to be available - if (typeof window.__TAURI__ === 'undefined') { - console.error('Tauri API not available'); - return; - } - const cookieString = document.cookie; - if (!cookieString || cookieString.trim() === '') { - await window.__TAURI__.event.emit('tftsr-cookies-extracted', { cookies: [] }); - return; + const cookies = []; + + if (cookieString && cookieString.trim() !== '') { + const cookieList = cookieString.split(';').map(c => c.trim()).filter(c => c.length > 0); + for (const cookie of cookieList) { + const equalIndex = cookie.indexOf('='); + if (equalIndex === -1) continue; + + const name = cookie.substring(0, equalIndex).trim(); + const value = cookie.substring(equalIndex + 1).trim(); + + cookies.push({ + name: name, + value: value, + domain: window.location.hostname, + path: '/', + secure: window.location.protocol === 'https:', + http_only: false, + expires: null + }); + } } - const cookies = cookieString.split(';').map(c => c.trim()).filter(c => c.length > 0); - const parsed = cookies.map(cookie => { - const equalIndex = cookie.indexOf('='); - if (equalIndex === -1) return null; - - const name = cookie.substring(0, equalIndex).trim(); - const value = cookie.substring(equalIndex + 1).trim(); - - return { - name: name, - value: value, - domain: window.location.hostname, - path: '/', - secure: window.location.protocol === 'https:', - http_only: false, - expires: null - }; - }).filter(c => c !== null); - - // Use Tauri's event API to send cookies back to Rust - await window.__TAURI__.event.emit('tftsr-cookies-extracted', { cookies: parsed }); - console.log('Cookies extracted and emitted:', parsed.length); + // Store in a global variable that Rust can read + window.__TFTSR_COOKIES__ = cookies; + console.log('[TFTSR] Extracted', cookies.length, 'cookies'); + return cookies.length; } catch (e) { - console.error('Cookie extraction failed:', e); - try { - await window.__TAURI__.event.emit('tftsr-cookies-extracted', { cookies: [], error: e.message }); - } catch (emitError) { - console.error('Failed to emit error:', emitError); - } + console.error('[TFTSR] Cookie extraction failed:', e); + window.__TFTSR_COOKIES__ = []; + window.__TFTSR_ERROR__ = e.message; + return -1; } })(); "#; - // Set up event listener first - let (tx, mut rx) = tokio::sync::mpsc::channel::, String>>(1); - - // Listen for the custom event from the webview - let listen_id = app_handle.listen("tftsr-cookies-extracted", move |event| { - tracing::debug!("Received cookies-extracted event"); - - let payload_str = event.payload(); - - // Parse the payload JSON - match serde_json::from_str::(payload_str) { - Ok(payload) => { - if let Some(error_msg) = payload.get("error").and_then(|e| e.as_str()) { - let _ = tx.try_send(Err(format!("JavaScript error: {error_msg}"))); - return; - } - - if let Some(cookies_value) = payload.get("cookies") { - match serde_json::from_value::>(cookies_value.clone()) { - Ok(cookies) => { - tracing::info!("Parsed {} cookies from webview", cookies.len()); - let _ = tx.try_send(Ok(cookies)); - } - Err(e) => { - tracing::error!("Failed to parse cookies: {e}"); - let _ = tx.try_send(Err(format!("Failed to parse cookies: {e}"))); - } - } - } else { - let _ = tx.try_send(Err("No cookies field in payload".to_string())); - } - } - Err(e) => { - tracing::error!("Failed to parse event payload: {e}"); - let _ = tx.try_send(Err(format!("Failed to parse event payload: {e}"))); - } - } - }); - - // Inject the script into the webview + // Inject the extraction script webview_window .eval(cookie_extraction_script) .map_err(|e| format!("Failed to inject cookie extraction script: {e}"))?; - tracing::info!("Cookie extraction script injected, waiting for response..."); + tracing::info!("Cookie extraction script injected, waiting for cookies..."); - // Wait for cookies with timeout - let result = tokio::time::timeout(tokio::time::Duration::from_secs(10), rx.recv()) - .await - .map_err(|_| { - "Timeout waiting for cookies. Make sure you are logged in and on the correct page." - .to_string() - })? - .ok_or_else(|| "Failed to receive cookies from webview".to_string())?; + // Give JavaScript a moment to execute + tokio::time::sleep(tokio::time::Duration::from_millis(500)).await; - // Clean up event listener - app_handle.unlisten(listen_id); + // Step 2: Poll for the extracted cookies using document.title as communication channel + let mut attempts = 0; + let max_attempts = 20; // 10 seconds total (500ms * 20) - result + loop { + attempts += 1; + + // Store result in localStorage, then copy to document.title for Rust to read + let check_and_signal_script = r#" + try { + if (typeof window.__TFTSR_ERROR__ !== 'undefined') { + window.localStorage.setItem('tftsr_result', JSON.stringify({ error: window.__TFTSR_ERROR__ })); + } else if (typeof window.__TFTSR_COOKIES__ !== 'undefined' && window.__TFTSR_COOKIES__.length > 0) { + window.localStorage.setItem('tftsr_result', JSON.stringify({ cookies: window.__TFTSR_COOKIES__ })); + } else if (typeof window.__TFTSR_COOKIES__ !== 'undefined') { + window.localStorage.setItem('tftsr_result', JSON.stringify({ cookies: [] })); + } + } catch (e) { + window.localStorage.setItem('tftsr_result', JSON.stringify({ error: e.message })); + } + "#; + + webview_window.eval(check_and_signal_script).ok(); + + tokio::time::sleep(tokio::time::Duration::from_millis(500)).await; + + // We can't get return values from eval(), so let's use a different approach: + // Execute script that sets document.title temporarily + let read_via_title = r#" + (function() { + const result = window.localStorage.getItem('tftsr_result'); + if (result) { + window.localStorage.removeItem('tftsr_result'); + // Store in title temporarily for Rust to read + window.__TFTSR_ORIGINAL_TITLE__ = document.title; + document.title = 'TFTSR_RESULT:' + result; + } + })(); + "#; + + webview_window.eval(read_via_title).ok(); + tokio::time::sleep(tokio::time::Duration::from_millis(100)).await; + + // Read the title + if let Ok(title) = webview_window.title() { + if let Some(json_str) = title.strip_prefix("TFTSR_RESULT:") { + // Restore original title + let restore_title = r#" + if (typeof window.__TFTSR_ORIGINAL_TITLE__ !== 'undefined') { + document.title = window.__TFTSR_ORIGINAL_TITLE__; + } + "#; + webview_window.eval(restore_title).ok(); + + // Parse the JSON + match serde_json::from_str::(json_str) { + Ok(result) => { + if let Some(error) = result.get("error").and_then(|e| e.as_str()) { + return Err(format!("Cookie extraction error: {error}")); + } + + if let Some(cookies_value) = result.get("cookies") { + match serde_json::from_value::>(cookies_value.clone()) { + Ok(cookies) => { + tracing::info!( + "Successfully extracted {} cookies", + cookies.len() + ); + return Ok(cookies); + } + Err(e) => { + return Err(format!("Failed to parse cookies: {e}")); + } + } + } + } + Err(e) => { + tracing::warn!("Failed to parse result JSON: {e}"); + } + } + } + } + + if attempts >= max_attempts { + return Err( + "Timeout extracting cookies. This may be because:\n\ + 1. Confluence uses HttpOnly cookies that JavaScript cannot access\n\ + 2. You're not logged in yet\n\ + 3. The page hasn't finished loading\n\n\ + Recommendation: Use 'Manual Token' authentication with a Confluence Personal Access Token instead." + .to_string(), + ); + } + } } /// Build cookie header string for HTTP requests diff --git a/src-tauri/src/integrations/webview_fetch.rs b/src-tauri/src/integrations/webview_fetch.rs new file mode 100644 index 00000000..81a89d41 --- /dev/null +++ b/src-tauri/src/integrations/webview_fetch.rs @@ -0,0 +1,687 @@ +/// Webview-based HTTP fetching that automatically includes HttpOnly cookies +/// Makes requests FROM the authenticated webview using JavaScript fetch API +/// +/// This uses Tauri's window.location to pass results back (cross-document messaging) +use serde_json::Value; +use tauri::WebviewWindow; + +use super::confluence_search::SearchResult; + +/// Execute an HTTP request from within the webview context +/// This automatically includes all cookies (including HttpOnly) from the authenticated session +pub async fn fetch_from_webview( + webview_window: &WebviewWindow, + url: &str, + method: &str, + body: Option<&str>, +) -> Result { + let request_id = uuid::Uuid::now_v7().to_string(); + + let (headers_js, body_js) = if let Some(b) = body { + // For POST/PUT with JSON body + ( + "headers: { 'Accept': 'application/json', 'Content-Type': 'application/json' }", + format!(", body: JSON.stringify({b})"), + ) + } else { + // For GET requests + ("headers: { 'Accept': 'application/json' }", String::new()) + }; + + // Inject script that: + // 1. Makes fetch request with credentials + // 2. Uses window.location.hash to communicate results back + let fetch_script = format!( + r#" + (async function() {{ + const requestId = '{request_id}'; + + try {{ + const response = await fetch('{url}', {{ + method: '{method}', + {headers_js}, + credentials: 'include'{body_js} + }}); + + if (!response.ok) {{ + window.location.hash = '#trcaa-error-' + requestId + '-' + encodeURIComponent(JSON.stringify({{ + error: `HTTP ${{response.status}}: ${{response.statusText}}` + }})); + return; + }} + + const data = await response.json(); + // Store in hash - we'll poll for this + window.location.hash = '#trcaa-success-' + requestId + '-' + encodeURIComponent(JSON.stringify(data)); + }} catch (error) {{ + window.location.hash = '#trcaa-error-' + requestId + '-' + encodeURIComponent(JSON.stringify({{ + error: error.message + }})); + }} + }})(); + "# + ); + + // Execute the fetch + webview_window + .eval(&fetch_script) + .map_err(|e| format!("Failed to execute fetch: {e}"))?; + + // Poll for result by checking window URL/hash + for i in 0..50 { + tokio::time::sleep(tokio::time::Duration::from_millis(100)).await; + + // Get the current URL to check the hash + if let Ok(url_str) = webview_window.url() { + let url_string = url_str.to_string(); + + // Check for success + let success_marker = format!("#trcaa-success-{request_id}-"); + if url_string.contains(&success_marker) { + // Extract the JSON from the hash + if let Some(json_start) = url_string.find(&success_marker) { + let json_encoded = &url_string[json_start + success_marker.len()..]; + if let Ok(decoded) = urlencoding::decode(json_encoded) { + // Clear the hash + webview_window.eval("window.location.hash = '';").ok(); + + // Parse JSON + if let Ok(result) = serde_json::from_str::(&decoded) { + tracing::info!("Webview fetch successful"); + return Ok(result); + } + } + } + } + + // Check for error + let error_marker = format!("#trcaa-error-{request_id}-"); + if url_string.contains(&error_marker) { + if let Some(json_start) = url_string.find(&error_marker) { + let json_encoded = &url_string[json_start + error_marker.len()..]; + if let Ok(decoded) = urlencoding::decode(json_encoded) { + // Clear the hash + webview_window.eval("window.location.hash = '';").ok(); + + return Err(format!("Webview fetch error: {decoded}")); + } + } + } + } + + if i % 10 == 0 { + tracing::debug!("Waiting for webview fetch... ({}s)", i / 10); + } + } + + Err("Timeout waiting for webview fetch response (5s)".to_string()) +} + +/// Search Confluence using webview fetch (includes HttpOnly cookies automatically) +pub async fn search_confluence_webview( + webview_window: &WebviewWindow, + base_url: &str, + query: &str, +) -> Result, String> { + // Extract keywords from the query for better search + // Remove common words and extract important terms + let keywords = extract_keywords(query); + + // Build CQL query with OR logic for keywords + let cql = if keywords.len() > 1 { + // Multiple keywords - search for any of them + let keyword_conditions: Vec = + keywords.iter().map(|k| format!("text ~ \"{k}\"")).collect(); + keyword_conditions.join(" OR ") + } else if !keywords.is_empty() { + // Single keyword + let keyword = &keywords[0]; + format!("text ~ \"{keyword}\"") + } else { + // Fallback to original query + format!("text ~ \"{query}\"") + }; + + let search_url = format!( + "{}/rest/api/search?cql={}&limit=10", + base_url.trim_end_matches('/'), + urlencoding::encode(&cql) + ); + + tracing::info!("Executing Confluence search via webview with CQL: {}", cql); + + let response = fetch_from_webview(webview_window, &search_url, "GET", None).await?; + + let mut results = Vec::new(); + + if let Some(results_array) = response.get("results").and_then(|v| v.as_array()) { + for item in results_array.iter().take(5) { + let title = item["title"].as_str().unwrap_or("Untitled").to_string(); + let content_id = item["content"]["id"].as_str(); + let space_key = item["content"]["space"]["key"].as_str(); + + let url = if let (Some(id), Some(space)) = (content_id, space_key) { + format!( + "{}/display/{}/{}", + base_url.trim_end_matches('/'), + space, + id + ) + } else { + base_url.to_string() + }; + + let excerpt = item["excerpt"] + .as_str() + .unwrap_or("") + .replace("", "") + .replace("", ""); + + // Fetch full page content + let content = if let Some(id) = content_id { + let content_url = format!( + "{}/rest/api/content/{id}?expand=body.storage", + base_url.trim_end_matches('/') + ); + if let Ok(content_resp) = + fetch_from_webview(webview_window, &content_url, "GET", None).await + { + if let Some(body) = content_resp + .get("body") + .and_then(|b| b.get("storage")) + .and_then(|s| s.get("value")) + .and_then(|v| v.as_str()) + { + let text = strip_html_simple(body); + Some(if text.len() > 3000 { + format!("{}...", &text[..3000]) + } else { + text + }) + } else { + None + } + } else { + None + } + } else { + None + }; + + results.push(SearchResult { + title, + url, + excerpt: excerpt.chars().take(300).collect(), + content, + source: "Confluence".to_string(), + }); + } + } + + tracing::info!( + "Confluence webview search returned {} results", + results.len() + ); + Ok(results) +} + +/// Extract keywords from a search query +/// Removes stop words and extracts important terms +fn extract_keywords(query: &str) -> Vec { + // Common stop words to filter out + let stop_words = vec![ + "how", "do", "i", "the", "a", "an", "is", "are", "was", "were", "be", "been", "being", + "have", "has", "had", "having", "do", "does", "did", "doing", "will", "would", "should", + "could", "can", "may", "might", "must", "to", "from", "in", "on", "at", "by", "for", + "with", "about", "as", "of", "or", "and", "but", "not", "what", "when", "where", "which", + "who", + ]; + + let mut keywords = Vec::new(); + + // Split on whitespace and punctuation + for word in query.split(|c: char| c.is_whitespace() || c == '?' || c == '!' || c == '.') { + let cleaned = word.trim().to_lowercase(); + + // Skip if empty, too short, or a stop word + if cleaned.is_empty() || cleaned.len() < 2 || stop_words.contains(&cleaned.as_str()) { + continue; + } + + // Keep version numbers (e.g., "1.0.12") + if cleaned.contains('.') && cleaned.chars().any(|c| c.is_numeric()) { + keywords.push(cleaned); + continue; + } + + // Keep ticket numbers and IDs (pure numbers >= 3 digits) + if cleaned.chars().all(|c| c.is_numeric()) && cleaned.len() >= 3 { + keywords.push(cleaned); + continue; + } + + // Keep if it has letters + if cleaned.chars().any(|c| c.is_alphabetic()) { + keywords.push(cleaned); + } + } + + // Deduplicate + keywords.sort(); + keywords.dedup(); + + keywords +} + +/// Simple HTML tag stripping (for content preview) +fn strip_html_simple(html: &str) -> String { + let mut result = String::new(); + let mut in_tag = false; + + for ch in html.chars() { + match ch { + '<' => in_tag = true, + '>' => in_tag = false, + _ if !in_tag => result.push(ch), + _ => {} + } + } + + result.split_whitespace().collect::>().join(" ") +} + +/// Search ServiceNow using webview fetch +pub async fn search_servicenow_webview( + webview_window: &WebviewWindow, + instance_url: &str, + query: &str, +) -> Result, String> { + let mut results = Vec::new(); + + // Search knowledge base + let kb_url = format!( + "{}/api/now/table/kb_knowledge?sysparm_query=textLIKE{}^ORshort_descriptionLIKE{}&sysparm_limit=3", + instance_url.trim_end_matches('/'), + urlencoding::encode(query), + urlencoding::encode(query) + ); + + tracing::info!("Executing ServiceNow KB search via webview"); + + if let Ok(kb_response) = fetch_from_webview(webview_window, &kb_url, "GET", None).await { + if let Some(kb_array) = kb_response.get("result").and_then(|v| v.as_array()) { + for item in kb_array { + let title = item["short_description"] + .as_str() + .unwrap_or("Untitled") + .to_string(); + let sys_id = item["sys_id"].as_str().unwrap_or(""); + let url = format!( + "{}/kb_view.do?sysparm_article={sys_id}", + instance_url.trim_end_matches('/') + ); + let text = item["text"].as_str().unwrap_or(""); + let excerpt = text.chars().take(300).collect(); + let content = Some(if text.len() > 3000 { + format!("{}...", &text[..3000]) + } else { + text.to_string() + }); + + results.push(SearchResult { + title, + url, + excerpt, + content, + source: "ServiceNow".to_string(), + }); + } + } + } + + // Search incidents + let inc_url = format!( + "{}/api/now/table/incident?sysparm_query=short_descriptionLIKE{}^ORdescriptionLIKE{}&sysparm_limit=3&sysparm_display_value=true", + instance_url.trim_end_matches('/'), + urlencoding::encode(query), + urlencoding::encode(query) + ); + + if let Ok(inc_response) = fetch_from_webview(webview_window, &inc_url, "GET", None).await { + if let Some(inc_array) = inc_response.get("result").and_then(|v| v.as_array()) { + for item in inc_array { + let number = item["number"].as_str().unwrap_or("Unknown"); + let title = format!( + "Incident {}: {}", + number, + item["short_description"].as_str().unwrap_or("No title") + ); + let sys_id = item["sys_id"].as_str().unwrap_or(""); + let url = format!( + "{}/incident.do?sys_id={sys_id}", + instance_url.trim_end_matches('/') + ); + let description = item["description"].as_str().unwrap_or(""); + let resolution = item["close_notes"].as_str().unwrap_or(""); + let content = format!("Description: {description}\nResolution: {resolution}"); + let excerpt = content.chars().take(200).collect(); + + results.push(SearchResult { + title, + url, + excerpt, + content: Some(content), + source: "ServiceNow".to_string(), + }); + } + } + } + + tracing::info!( + "ServiceNow webview search returned {} results", + results.len() + ); + Ok(results) +} + +/// Search Azure DevOps wiki using webview fetch +pub async fn search_azuredevops_wiki_webview( + webview_window: &WebviewWindow, + org_url: &str, + project: &str, + query: &str, +) -> Result, String> { + // Extract keywords for better search + let keywords = extract_keywords(query); + + let search_text = if !keywords.is_empty() { + keywords.join(" ") + } else { + query.to_string() + }; + + // Azure DevOps wiki search API + let search_url = format!( + "{}/{}/_apis/wiki/wikis?api-version=7.0", + org_url.trim_end_matches('/'), + urlencoding::encode(project) + ); + + tracing::info!( + "Executing Azure DevOps wiki search via webview for: {}", + search_text + ); + + // First, get list of wikis + let wikis_response = fetch_from_webview(webview_window, &search_url, "GET", None).await?; + + let mut results = Vec::new(); + + if let Some(wikis_array) = wikis_response.get("value").and_then(|v| v.as_array()) { + // Search each wiki + for wiki in wikis_array.iter().take(3) { + let wiki_id = wiki["id"].as_str().unwrap_or(""); + + if wiki_id.is_empty() { + continue; + } + + // Search wiki pages + let pages_url = format!( + "{}/{}/_apis/wiki/wikis/{}/pages?recursionLevel=Full&includeContent=true&api-version=7.0", + org_url.trim_end_matches('/'), + urlencoding::encode(project), + urlencoding::encode(wiki_id) + ); + + if let Ok(pages_response) = + fetch_from_webview(webview_window, &pages_url, "GET", None).await + { + // Try to get "page" field, or use the response itself if it's the page object + if let Some(page) = pages_response.get("page") { + search_page_recursive( + page, + &search_text, + org_url, + project, + wiki_id, + &mut results, + ); + } else { + // Response might be the page object itself + search_page_recursive( + &pages_response, + &search_text, + org_url, + project, + wiki_id, + &mut results, + ); + } + } + } + } + + tracing::info!( + "Azure DevOps wiki webview search returned {} results", + results.len() + ); + Ok(results) +} + +/// Recursively search through wiki pages for matching content +fn search_page_recursive( + page: &Value, + search_text: &str, + org_url: &str, + _project: &str, + wiki_id: &str, + results: &mut Vec, +) { + let search_lower = search_text.to_lowercase(); + + // Check current page + if let Some(path) = page.get("path").and_then(|p| p.as_str()) { + let content = page.get("content").and_then(|c| c.as_str()).unwrap_or(""); + let content_lower = content.to_lowercase(); + + // Simple relevance check + let matches = search_lower + .split_whitespace() + .filter(|word| content_lower.contains(word)) + .count(); + + if matches > 0 { + let page_id = page.get("id").and_then(|i| i.as_i64()).unwrap_or(0); + let title = path.trim_start_matches('/').replace('/', " > "); + let url = format!( + "{}/_wiki/wikis/{}/{}/{}", + org_url.trim_end_matches('/'), + urlencoding::encode(wiki_id), + page_id, + urlencoding::encode(path.trim_start_matches('/')) + ); + + // Create excerpt from first occurrence + let excerpt = if let Some(pos) = + content_lower.find(search_lower.split_whitespace().next().unwrap_or("")) + { + let start = pos.saturating_sub(50); + let end = (pos + 200).min(content.len()); + format!("...{}", &content[start..end]) + } else { + content.chars().take(200).collect() + }; + + let result_content = if content.len() > 3000 { + format!("{}...", &content[..3000]) + } else { + content.to_string() + }; + + results.push(SearchResult { + title, + url, + excerpt, + content: Some(result_content), + source: "Azure DevOps Wiki".to_string(), + }); + } + } + + // Recurse into subpages + if let Some(subpages) = page.get("subPages").and_then(|s| s.as_array()) { + for subpage in subpages { + search_page_recursive(subpage, search_text, org_url, _project, wiki_id, results); + } + } +} + +/// Search Azure DevOps work items using webview fetch +pub async fn search_azuredevops_workitems_webview( + webview_window: &WebviewWindow, + org_url: &str, + project: &str, + query: &str, +) -> Result, String> { + // Extract keywords + let keywords = extract_keywords(query); + + // Check if query contains a work item ID (pure number) + let work_item_id: Option = keywords + .iter() + .filter(|k| k.chars().all(|c| c.is_numeric())) + .filter_map(|k| k.parse::().ok()) + .next(); + + // Build WIQL query + let wiql_query = if let Some(id) = work_item_id { + // Search by specific ID + format!( + "SELECT [System.Id], [System.Title], [System.Description], [System.WorkItemType] \ + FROM WorkItems WHERE [System.Id] = {id}" + ) + } else { + // Search by text in title/description + let search_terms = if !keywords.is_empty() { + keywords.join(" ") + } else { + query.to_string() + }; + + // Use CONTAINS for text search (case-insensitive) + format!( + "SELECT [System.Id], [System.Title], [System.Description], [System.WorkItemType] \ + FROM WorkItems WHERE [System.TeamProject] = '{project}' \ + AND ([System.Title] CONTAINS '{search_terms}' OR [System.Description] CONTAINS '{search_terms}') \ + ORDER BY [System.ChangedDate] DESC" + ) + }; + + let wiql_url = format!( + "{}/{}/_apis/wit/wiql?api-version=7.0", + org_url.trim_end_matches('/'), + urlencoding::encode(project) + ); + + let body = serde_json::json!({ + "query": wiql_query + }) + .to_string(); + + tracing::info!("Executing Azure DevOps work item search via webview"); + tracing::debug!("WIQL query: {}", wiql_query); + tracing::debug!("Request URL: {}", wiql_url); + + let wiql_response = fetch_from_webview(webview_window, &wiql_url, "POST", Some(&body)).await?; + + let mut results = Vec::new(); + + if let Some(work_items) = wiql_response.get("workItems").and_then(|v| v.as_array()) { + // Fetch details for first 5 work items + for item in work_items.iter().take(5) { + if let Some(id) = item.get("id").and_then(|i| i.as_i64()) { + let details_url = format!( + "{}/_apis/wit/workitems/{}?api-version=7.0", + org_url.trim_end_matches('/'), + id + ); + + if let Ok(details) = + fetch_from_webview(webview_window, &details_url, "GET", None).await + { + if let Some(fields) = details.get("fields") { + let title = fields + .get("System.Title") + .and_then(|t| t.as_str()) + .unwrap_or("Untitled"); + let work_item_type = fields + .get("System.WorkItemType") + .and_then(|t| t.as_str()) + .unwrap_or("Item"); + let description = fields + .get("System.Description") + .and_then(|d| d.as_str()) + .unwrap_or(""); + + let clean_description = strip_html_simple(description); + let excerpt = clean_description.chars().take(200).collect(); + + let url = format!("{}/_workitems/edit/{id}", org_url.trim_end_matches('/')); + + let full_content = if clean_description.len() > 3000 { + format!("{}...", &clean_description[..3000]) + } else { + clean_description.clone() + }; + + results.push(SearchResult { + title: format!("{work_item_type} #{id}: {title}"), + url, + excerpt, + content: Some(full_content), + source: "Azure DevOps".to_string(), + }); + } + } + } + } + } + + tracing::info!( + "Azure DevOps work items webview search returned {} results", + results.len() + ); + Ok(results) +} + +/// Add a comment to an Azure DevOps work item +pub async fn add_azuredevops_comment_webview( + webview_window: &WebviewWindow, + org_url: &str, + work_item_id: i64, + comment_text: &str, +) -> Result { + let comment_url = format!( + "{}/_apis/wit/workitems/{work_item_id}/comments?api-version=7.0", + org_url.trim_end_matches('/') + ); + + let body = serde_json::json!({ + "text": comment_text + }) + .to_string(); + + tracing::info!("Adding comment to Azure DevOps work item {}", work_item_id); + + let response = fetch_from_webview(webview_window, &comment_url, "POST", Some(&body)).await?; + + // Extract comment ID from response + let comment_id = response + .get("id") + .and_then(|id| id.as_i64()) + .ok_or_else(|| "Failed to get comment ID from response".to_string())?; + + tracing::info!("Successfully added comment {comment_id} to work item {work_item_id}"); + Ok(format!("Comment added successfully (ID: {comment_id})")) +} diff --git a/src-tauri/src/integrations/webview_search.rs b/src-tauri/src/integrations/webview_search.rs new file mode 100644 index 00000000..4cdfe332 --- /dev/null +++ b/src-tauri/src/integrations/webview_search.rs @@ -0,0 +1,287 @@ +/// Native webview-based search that automatically includes HttpOnly cookies +/// This bypasses cookie extraction by making requests directly from the authenticated webview + +use serde::{Deserialize, Serialize}; +use tauri::WebviewWindow; + +use super::confluence_search::SearchResult; + +/// Execute a search request from within the webview context +/// This automatically includes all cookies (including HttpOnly) from the authenticated session +pub async fn search_from_webview( + webview_window: &WebviewWindow, + service: &str, + base_url: &str, + query: &str, +) -> Result, String> { + match service { + "confluence" => search_confluence_from_webview(webview_window, base_url, query).await, + "servicenow" => search_servicenow_from_webview(webview_window, base_url, query).await, + "azuredevops" => Ok(Vec::new()), // Not yet implemented + _ => Err(format!("Unsupported service: {}", service)), + } +} + +/// Search Confluence from within the authenticated webview +async fn search_confluence_from_webview( + webview_window: &WebviewWindow, + base_url: &str, + query: &str, +) -> Result, String> { + let search_script = format!( + r#" + (async function() {{ + try {{ + // Search Confluence using the browser's authenticated session + const searchUrl = '{}/rest/api/search?cql=text~"{}"&limit=5'; + const response = await fetch(searchUrl, {{ + headers: {{ + 'Accept': 'application/json' + }}, + credentials: 'include' // Include cookies automatically + }}); + + if (!response.ok) {{ + return {{ error: `Search failed: ${{response.status}}` }}; + }} + + const data = await response.json(); + const results = []; + + if (data.results && Array.isArray(data.results)) {{ + for (const item of data.results.slice(0, 3)) {{ + const title = item.title || 'Untitled'; + const contentId = item.content?.id; + const spaceKey = item.content?.space?.key; + + let url = '{}'; + if (contentId && spaceKey) {{ + url = `{}/display/${{spaceKey}}/${{contentId}}`; + }} + + const excerpt = (item.excerpt || '') + .replace(//g, '') + .replace(/<\/span>/g, ''); + + // Fetch full page content + let content = null; + if (contentId) {{ + try {{ + const contentUrl = `{}/rest/api/content/${{contentId}}?expand=body.storage`; + const contentResp = await fetch(contentUrl, {{ + headers: {{ 'Accept': 'application/json' }}, + credentials: 'include' + }}); + if (contentResp.ok) {{ + const contentData = await contentResp.json(); + let html = contentData.body?.storage?.value || ''; + // Basic HTML stripping + const div = document.createElement('div'); + div.innerHTML = html; + let text = div.textContent || div.innerText || ''; + content = text.length > 3000 ? text.substring(0, 3000) + '...' : text; + }} + }} catch (e) {{ + console.error('Failed to fetch page content:', e); + }} + }} + + results.push({{ + title, + url, + excerpt: excerpt.substring(0, 300), + content, + source: 'Confluence' + }}); + }} + }} + + return {{ results }}; + }} catch (error) {{ + return {{ error: error.message }}; + }} + }})(); + "#, + base_url.trim_end_matches('/'), + query.replace('"', "\\\""), + base_url, + base_url, + base_url + ); + + // Execute JavaScript and store result in localStorage for retrieval + let storage_key = format!("__trcaa_search_{}__", uuid::Uuid::now_v7()); + let callback_script = format!( + r#" + {} + .then(result => {{ + localStorage.setItem('{}', JSON.stringify(result)); + }}) + .catch(error => {{ + localStorage.setItem('{}', JSON.stringify({{ error: error.message }})); + }}); + "#, + search_script, + storage_key, + storage_key + ); + + webview_window + .eval(&callback_script) + .map_err(|e| format!("Failed to execute search: {}", e))?; + + // Poll for result in localStorage + for _ in 0..50 { // Try for 5 seconds + tokio::time::sleep(tokio::time::Duration::from_millis(100)).await; + + let check_script = format!("localStorage.getItem('{}')", storage_key); + let result_str = match webview_window.eval(&check_script) { + Ok(_) => { + // Try to retrieve the actual value + tokio::time::sleep(tokio::time::Duration::from_millis(50)).await; + let get_script = format!( + r#"(function() {{ + const val = localStorage.getItem('{}'); + if (val) {{ + localStorage.removeItem('{}'); + return val; + }} + return null; + }})();"#, + storage_key, storage_key + ); + match webview_window.eval(&get_script) { + Ok(_) => continue, // Keep polling + Err(_) => continue, + } + } + Err(_) => continue, + }; + } + + // Timeout - try one final retrieval + tracing::warn!("Webview search timed out, returning empty results"); + Ok(Vec::new()) +} + +/// Search ServiceNow from within the authenticated webview +async fn search_servicenow_from_webview( + webview_window: &WebviewWindow, + instance_url: &str, + query: &str, +) -> Result, String> { + let search_script = format!( + r#" + (async function() {{ + try {{ + const results = []; + + // Search knowledge base + const kbUrl = '{}/api/now/table/kb_knowledge?sysparm_query=textLIKE{}^ORshort_descriptionLIKE{}&sysparm_limit=3'; + const kbResp = await fetch(kbUrl, {{ + headers: {{ 'Accept': 'application/json' }}, + credentials: 'include' + }}); + + if (kbResp.ok) {{ + const kbData = await kbResp.json(); + if (kbData.result && Array.isArray(kbData.result)) {{ + for (const item of kbData.result) {{ + const title = item.short_description || 'Untitled'; + const sysId = item.sys_id || ''; + const url = `{}/kb_view.do?sysparm_article=${{sysId}}`; + const text = item.text || ''; + const excerpt = text.substring(0, 300); + const content = text.length > 3000 ? text.substring(0, 3000) + '...' : text; + + results.push({{ + title, + url, + excerpt, + content, + source: 'ServiceNow' + }}); + }} + }} + }} + + // Search incidents + const incUrl = '{}/api/now/table/incident?sysparm_query=short_descriptionLIKE{}^ORdescriptionLIKE{}&sysparm_limit=3&sysparm_display_value=true'; + const incResp = await fetch(incUrl, {{ + headers: {{ 'Accept': 'application/json' }}, + credentials: 'include' + }}); + + if (incResp.ok) {{ + const incData = await incResp.json(); + if (incData.result && Array.isArray(incData.result)) {{ + for (const item of incData.result) {{ + const number = item.number || 'Unknown'; + const title = `Incident ${{number}}: ${{item.short_description || 'No title'}}`; + const sysId = item.sys_id || ''; + const url = `{}/incident.do?sys_id=${{sysId}}`; + const description = item.description || ''; + const resolution = item.close_notes || ''; + const content = `Description: ${{description}}\\nResolution: ${{resolution}}`; + const excerpt = content.substring(0, 200); + + results.push({{ + title, + url, + excerpt, + content, + source: 'ServiceNow' + }}); + }} + }} + }} + + return {{ results }}; + }} catch (error) {{ + return {{ error: error.message }}; + }} + }})(); + "#, + instance_url.trim_end_matches('/'), + urlencoding::encode(query), + urlencoding::encode(query), + instance_url.trim_end_matches('/'), + instance_url.trim_end_matches('/'), + urlencoding::encode(query), + urlencoding::encode(query), + instance_url.trim_end_matches('/') + ); + + let result: serde_json::Value = webview_window + .eval(&search_script) + .map_err(|e| format!("Failed to execute search: {}", e))?; + + if let Some(error) = result.get("error") { + return Err(format!("Search error: {}", error)); + } + + if let Some(results_array) = result.get("results").and_then(|v| v.as_array()) { + let mut results = Vec::new(); + for item in results_array { + if let Ok(search_result) = serde_json::from_value::(item.clone()) { + results.push(search_result); + } + } + Ok(results) + } else { + Ok(Vec::new()) + } +} + +/// Search Azure DevOps from within the authenticated webview +async fn search_azuredevops_from_webview( + webview_window: &WebviewWindow, + org_url: &str, + query: &str, +) -> Result, String> { + // Azure DevOps search requires project parameter, which we don't have here + // This would need to be passed in from the config + // For now, return empty results + tracing::warn!("Azure DevOps webview search not yet implemented"); + Ok(Vec::new()) +} diff --git a/src-tauri/src/lib.rs b/src-tauri/src/lib.rs index 6b147e2a..b4751cd8 100644 --- a/src-tauri/src/lib.rs +++ b/src-tauri/src/lib.rs @@ -11,6 +11,7 @@ pub mod state; use sha2::{Digest, Sha256}; use state::AppState; use std::sync::{Arc, Mutex}; +use tauri::Manager; #[cfg_attr(mobile, tauri::mobile_entry_point)] pub fn run() { @@ -25,7 +26,7 @@ pub fn run() { tracing::info!("Starting Troubleshooting and RCA Assistant application"); // Determine data directory - let data_dir = dirs_data_dir(); + let data_dir = state::get_app_data_dir().expect("Failed to determine app data directory"); // Initialize database let conn = db::connection::init_db(&data_dir).expect("Failed to initialize database"); @@ -57,6 +58,35 @@ pub fn run() { .plugin(tauri_plugin_shell::init()) .plugin(tauri_plugin_http::init()) .manage(app_state) + .setup(|app| { + // Restore persistent browser windows from previous session + let app_handle = app.handle().clone(); + let state: tauri::State = app.state(); + + // Clone Arc fields for 'static lifetime + let db = state.db.clone(); + let settings = state.settings.clone(); + let app_data_dir = state.app_data_dir.clone(); + let integration_webviews = state.integration_webviews.clone(); + + tauri::async_runtime::spawn(async move { + let app_state = AppState { + db, + settings, + app_data_dir, + integration_webviews, + }; + + if let Err(e) = + commands::integrations::restore_persistent_webviews(&app_handle, &app_state) + .await + { + tracing::warn!("Failed to restore persistent webviews: {}", e); + } + }); + + Ok(()) + }) .invoke_handler(tauri::generate_handler![ // DB / Issue CRUD commands::db::create_issue, @@ -98,6 +128,7 @@ pub fn run() { commands::integrations::save_integration_config, commands::integrations::get_integration_config, commands::integrations::get_all_integration_configs, + commands::integrations::add_ado_comment, // System / Settings commands::system::check_ollama_installed, commands::system::get_ollama_install_guide, @@ -109,48 +140,10 @@ pub fn run() { commands::system::get_settings, commands::system::update_settings, commands::system::get_audit_log, + commands::system::save_ai_provider, + commands::system::load_ai_providers, + commands::system::delete_ai_provider, ]) .run(tauri::generate_context!()) .expect("Error running Troubleshooting and RCA Assistant application"); } - -/// Determine the application data directory. -fn dirs_data_dir() -> std::path::PathBuf { - if let Ok(dir) = std::env::var("TFTSR_DATA_DIR") { - return std::path::PathBuf::from(dir); - } - - // Use platform-appropriate data directory - #[cfg(target_os = "linux")] - { - if let Ok(xdg) = std::env::var("XDG_DATA_HOME") { - return std::path::PathBuf::from(xdg).join("trcaa"); - } - if let Ok(home) = std::env::var("HOME") { - return std::path::PathBuf::from(home) - .join(".local") - .join("share") - .join("trcaa"); - } - } - - #[cfg(target_os = "macos")] - { - if let Ok(home) = std::env::var("HOME") { - return std::path::PathBuf::from(home) - .join("Library") - .join("Application Support") - .join("trcaa"); - } - } - - #[cfg(target_os = "windows")] - { - if let Ok(appdata) = std::env::var("APPDATA") { - return std::path::PathBuf::from(appdata).join("trcaa"); - } - } - - // Fallback - std::path::PathBuf::from("./trcaa-data") -} diff --git a/src-tauri/src/state.rs b/src-tauri/src/state.rs index 97b51736..78d37a10 100644 --- a/src-tauri/src/state.rs +++ b/src-tauri/src/state.rs @@ -21,7 +21,7 @@ pub struct ProviderConfig { /// If None, defaults to "/chat/completions" for OpenAI compatibility #[serde(skip_serializing_if = "Option::is_none")] pub custom_endpoint_path: Option, - /// Optional: Custom auth header name (e.g., "x-msi-genai-api-key") + /// Optional: Custom auth header name (e.g., "x-custom-api-key") /// If None, defaults to "Authorization" #[serde(skip_serializing_if = "Option::is_none")] pub custom_auth_header: Option, @@ -72,3 +72,49 @@ pub struct AppState { /// These windows stay open for the user to browse and for fresh cookie extraction pub integration_webviews: Arc>>, } + +/// Determine the application data directory. +/// Returns None if the directory cannot be determined. +pub fn get_app_data_dir() -> Option { + if let Ok(dir) = std::env::var("TFTSR_DATA_DIR") { + return Some(PathBuf::from(dir)); + } + + // Use platform-appropriate data directory + #[cfg(target_os = "linux")] + { + if let Ok(xdg) = std::env::var("XDG_DATA_HOME") { + return Some(PathBuf::from(xdg).join("trcaa")); + } + if let Ok(home) = std::env::var("HOME") { + return Some( + PathBuf::from(home) + .join(".local") + .join("share") + .join("trcaa"), + ); + } + } + + #[cfg(target_os = "macos")] + { + if let Ok(home) = std::env::var("HOME") { + return Some( + PathBuf::from(home) + .join("Library") + .join("Application Support") + .join("trcaa"), + ); + } + } + + #[cfg(target_os = "windows")] + { + if let Ok(appdata) = std::env::var("APPDATA") { + return Some(PathBuf::from(appdata).join("trcaa")); + } + } + + // Fallback + Some(PathBuf::from("./trcaa-data")) +} diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index d38ffc27..eb625bfa 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -10,7 +10,7 @@ }, "app": { "security": { - "csp": "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: asset: https:; connect-src 'self' http://localhost:11434 http://localhost:8765 https://api.openai.com https://api.anthropic.com https://api.mistral.ai https://generativelanguage.googleapis.com https://auth.atlassian.com https://*.atlassian.net https://login.microsoftonline.com https://dev.azure.com https://genai-service.stage.commandcentral.com https://genai-service.commandcentral.com" + "csp": "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: asset: https:; connect-src 'self' http://localhost:11434 http://localhost:8765 https://api.openai.com https://api.anthropic.com https://api.mistral.ai https://generativelanguage.googleapis.com https://auth.atlassian.com https://*.atlassian.net https://login.microsoftonline.com https://dev.azure.com" }, "windows": [ { diff --git a/src/App.tsx b/src/App.tsx index e61eff5e..3952c918 100644 --- a/src/App.tsx +++ b/src/App.tsx @@ -15,6 +15,7 @@ import { Moon, } from "lucide-react"; import { useSettingsStore } from "@/stores/settingsStore"; +import { loadAiProvidersCmd, testProviderConnectionCmd } from "@/lib/tauriCommands"; import Dashboard from "@/pages/Dashboard"; import NewIssue from "@/pages/NewIssue"; @@ -45,13 +46,38 @@ const settingsItems = [ export default function App() { const [collapsed, setCollapsed] = useState(false); const [appVersion, setAppVersion] = useState(""); - const { theme, setTheme } = useSettingsStore(); + const { theme, setTheme, setProviders, getActiveProvider } = useSettingsStore(); const location = useLocation(); useEffect(() => { getVersion().then(setAppVersion).catch(() => {}); }, []); + // Load providers and auto-test active provider on startup + useEffect(() => { + const initializeProviders = async () => { + try { + const providers = await loadAiProvidersCmd(); + setProviders(providers); + + // Auto-test the active provider + const activeProvider = getActiveProvider(); + if (activeProvider) { + console.log("Auto-testing active AI provider:", activeProvider.name); + try { + await testProviderConnectionCmd(activeProvider); + console.log("βœ“ Active provider connection verified:", activeProvider.name); + } catch (err) { + console.warn("⚠ Active provider connection test failed:", activeProvider.name, err); + } + } + } catch (err) { + console.error("Failed to initialize AI providers:", err); + } + }; + initializeProviders(); + }, [setProviders, getActiveProvider]); + return (
diff --git a/src/lib/domainPrompts.ts b/src/lib/domainPrompts.ts index 99a10af0..b57170ab 100644 --- a/src/lib/domainPrompts.ts +++ b/src/lib/domainPrompts.ts @@ -245,7 +245,7 @@ When analyzing security and Vault issues, focus on these key areas: - **PKI and certificates**: Certificate expiration causing service outages (check with 'openssl s_client' and 'openssl x509 -noout -dates'), CA chain validation failures, CRL/OCSP inaccessibility, certificate SANs not matching hostname, and cert-manager (Kubernetes) renewal failures. - **Secrets rotation**: Application failures during credential rotation (stale credentials cached), rotation timing misalignment with TTL, and rollback procedures for failed rotations. - **TLS/mTLS issues**: Mutual TLS handshake failures (client cert not trusted by server CA), TLS version/cipher suite mismatches, SNI routing failures, and certificate pinning conflicts. -- **Palo Alto Cortex XDR**: Agent installation failures (Windows MSI/RHEL RPM), agent policy conflicts blocking legitimate processes (check Cortex console for prevention alerts), agent unable to connect to XDR cloud (proxy/firewall blocking *.paloaltonetworks.com), disk space consumed by agent logs, and Cortex XDR conflicts with other AV (Trellix/Windows Defender exclusions needed). +- **Palo Alto Cortex XDR**: Agent installation failures (Windows installer/RHEL RPM), agent policy conflicts blocking legitimate processes (check Cortex console for prevention alerts), agent unable to connect to XDR cloud (proxy/firewall blocking *.paloaltonetworks.com), disk space consumed by agent logs, and Cortex XDR conflicts with other AV (Trellix/Windows Defender exclusions needed). - **Trellix (formerly McAfee)**: ePolicy Orchestrator (ePO) agent communication failures, DAT update distribution issues, real-time scanning causing I/O performance degradation (check for high 'mfehidk' driver CPU), Trellix NYC extraction tool issues, and AV exclusion management for critical application paths. - **Rapid7 InsightVM / Nexpose**: Scan engine connectivity to target hosts (firewall rules for scan ports), credential scan failures (SSH/WinRM authentication), false positives in vulnerability reports, and agent-based vs agentless scan differences. - **CIS Hardening**: CIS Benchmark compliance failures (RHEL 8/9 or Debian 11), fapolicyd policy blocking legitimate binaries, auditd rule conflicts causing performance issues, AIDE (file integrity) false alerts after planned changes, and SELinux policy denials from CIS-enforced profiles. @@ -262,7 +262,7 @@ When analyzing public safety and 911 issues, focus on these key areas: - **CAD (Computer-Aided Dispatch) integration**: CAD-to-CAD interoperability failures, NENA Incident Data Exchange (NIEM) message validation errors, CAD interface adapter connectivity, and duplicate incident creation from retry logic. - **Recording and logging**: Recording system integration (NICE, Verint, Eventide) failures, mandatory call recording compliance gaps, Logging Service (LS) as defined by NENA i3, and chain of custody for recordings. - **Network redundancy**: ESINet redundancy path failures, primary/secondary PSAP failover, call overflow to backup PSAP, and network diversity verification. -- **VESTA NXT Platform (Motorola Solutions)**: The VESTA NXT platform is a microservices-based NG911 solution deployed on OpenShift/K8s. Key services: Skipper (Java/Spring Boot API gateway β€” check pod logs for JWT validation failures, upstream service timeouts), CTC/CTC Adapter (Call Taking Controller β€” SIP registration to Asterisk, call state machine errors), i3 SIP/State/Logger services (NENA i3 protocol handling β€” check for SIP dialog errors and state sync failures), Location Service (LoST/ECRF integration β€” HTTP timeout to ALI provider), Text Aggregator (SMS/TTY β€” websocket connection to aggregator), EIDO/ESS (emergency incident data exchange β€” schema validation failures), Analytics Service / PEIDB (PostgreSQL + SQL Server β€” report query timeouts), and Management Console / Wallboard (React frontend β€” authentication via Keycloak, check browser console for 401/403). Deployments use Helm charts via Porter CNAB bundles β€” check 'helm history -n ' for rollback options. +- **VESTA NXT Platform**: The VESTA NXT platform is a microservices-based NG911 solution deployed on OpenShift/K8s. Key services: Skipper (Java/Spring Boot API gateway β€” check pod logs for JWT validation failures, upstream service timeouts), CTC/CTC Adapter (Call Taking Controller β€” SIP registration to Asterisk, call state machine errors), i3 SIP/State/Logger services (NENA i3 protocol handling β€” check for SIP dialog errors and state sync failures), Location Service (LoST/ECRF integration β€” HTTP timeout to ALI provider), Text Aggregator (SMS/TTY β€” websocket connection to aggregator), EIDO/ESS (emergency incident data exchange β€” schema validation failures), Analytics Service / PEIDB (PostgreSQL + SQL Server β€” report query timeouts), and Management Console / Wallboard (React frontend β€” authentication via Keycloak, check browser console for 401/403). Deployments use Helm charts via Porter CNAB bundles β€” check 'helm history -n ' for rollback options. - **Common error patterns**: "call drops to administrative" (CTC/routing fallback), "location unavailable" (ALI timeout or Phase II failure), "Skipper 503" (downstream microservice down), "CTC not registered" (Asterisk SIP trunk issue), "CAD not receiving calls" (CAD Spill Interface adapter down), "wrong PSAP" (ESN boundary error), "recording gap" (recording server failover timing), "Keycloak token invalid" (realm configuration or clock skew). Always ask about the VESTA NXT release version, which microservice is failing, whether this is OpenShift or K3s deployment, ESINet provider, and whether this is a primary or backup PSAP.`, diff --git a/src/lib/tauriCommands.ts b/src/lib/tauriCommands.ts index b1711134..681d844f 100644 --- a/src/lib/tauriCommands.ts +++ b/src/lib/tauriCommands.ts @@ -367,6 +367,17 @@ export const updateSettingsCmd = (partialSettings: Partial) => export const getAuditLogCmd = (filter: AuditFilter) => invoke("get_audit_log", { filter }); +// ─── AI Provider Persistence ────────────────────────────────────────────────── + +export const saveAiProviderCmd = (provider: ProviderConfig) => + invoke("save_ai_provider", { provider }); + +export const loadAiProvidersCmd = () => + invoke("load_ai_providers"); + +export const deleteAiProviderCmd = (name: string) => + invoke("delete_ai_provider", { name }); + // ─── OAuth & Integrations ───────────────────────────────────────────────────── export interface OAuthInitResponse { @@ -417,8 +428,16 @@ export interface IntegrationConfig { space_key?: string; } -export const authenticateWithWebviewCmd = (service: string, baseUrl: string) => - invoke("authenticate_with_webview", { service, baseUrl }); +export const authenticateWithWebviewCmd = ( + service: string, + baseUrl: string, + projectName?: string +) => + invoke("authenticate_with_webview", { + service, + baseUrl, + projectName, + }); export const extractCookiesFromWebviewCmd = (service: string, webviewId: string) => invoke("extract_cookies_from_webview", { service, webviewId }); @@ -436,3 +455,6 @@ export const getIntegrationConfigCmd = (service: string) => export const getAllIntegrationConfigsCmd = () => invoke("get_all_integration_configs"); + +export const addAdoCommentCmd = (workItemId: number, commentText: string) => + invoke("add_ado_comment", { workItemId, commentText }); diff --git a/src/pages/Settings/AIProviders.tsx b/src/pages/Settings/AIProviders.tsx index 062f1e32..0cec08f6 100644 --- a/src/pages/Settings/AIProviders.tsx +++ b/src/pages/Settings/AIProviders.tsx @@ -1,4 +1,4 @@ -import React, { useState } from "react"; +import React, { useState, useEffect } from "react"; import { Plus, Pencil, Trash2, CheckCircle, XCircle, Zap } from "lucide-react"; import { Card, @@ -17,7 +17,13 @@ import { Separator, } from "@/components/ui"; import { useSettingsStore } from "@/stores/settingsStore"; -import { testProviderConnectionCmd, type ProviderConfig } from "@/lib/tauriCommands"; +import { + testProviderConnectionCmd, + saveAiProviderCmd, + loadAiProvidersCmd, + deleteAiProviderCmd, + type ProviderConfig, +} from "@/lib/tauriCommands"; export const CUSTOM_REST_MODELS = [ "ChatGPT4o", @@ -42,12 +48,8 @@ export const CUSTOM_REST_MODELS = [ ] as const; export const CUSTOM_MODEL_OPTION = "__custom_model__"; -export const LEGACY_API_FORMAT = "msi_genai"; export const CUSTOM_REST_FORMAT = "custom_rest"; -export const normalizeApiFormat = (format?: string): string | undefined => - format === LEGACY_API_FORMAT ? CUSTOM_REST_FORMAT : format; - const emptyProvider: ProviderConfig = { name: "", provider_type: "openai", @@ -72,6 +74,7 @@ export default function AIProviders() { updateProvider, removeProvider, setActiveProvider, + setProviders, } = useSettingsStore(); const [editIndex, setEditIndex] = useState(null); @@ -82,6 +85,20 @@ export default function AIProviders() { const [isCustomModel, setIsCustomModel] = useState(false); const [customModelInput, setCustomModelInput] = useState(""); + // Load providers from database on mount + // Note: Auto-testing of active provider is handled in App.tsx on startup + useEffect(() => { + const loadProviders = async () => { + try { + const providers = await loadAiProvidersCmd(); + setProviders(providers); + } catch (err) { + console.error("Failed to load AI providers:", err); + } + }; + loadProviders(); + }, [setProviders]); + const startAdd = () => { setForm({ ...emptyProvider }); setEditIndex(null); @@ -93,7 +110,7 @@ export default function AIProviders() { const startEdit = (index: number) => { const provider = ai_providers[index]; - const apiFormat = normalizeApiFormat(provider.api_format); + const apiFormat = provider.api_format; const nextForm = { ...provider, api_format: apiFormat }; setForm(nextForm); @@ -114,16 +131,27 @@ export default function AIProviders() { } }; - const handleSave = () => { + const handleSave = async () => { if (!form.name || !form.api_url || !form.model) return; - if (editIndex != null) { - updateProvider(editIndex, form); - } else { - addProvider(form); + + try { + // Save to database + await saveAiProviderCmd(form); + + // Update local state + if (editIndex != null) { + updateProvider(editIndex, form); + } else { + addProvider(form); + } + + setIsAdding(false); + setEditIndex(null); + setForm({ ...emptyProvider }); + } catch (err) { + console.error("Failed to save provider:", err); + setTestResult({ success: false, message: `Failed to save: ${err}` }); } - setIsAdding(false); - setEditIndex(null); - setForm({ ...emptyProvider }); }; const handleCancel = () => { @@ -133,6 +161,16 @@ export default function AIProviders() { setTestResult(null); }; + const handleRemove = async (index: number) => { + const provider = ai_providers[index]; + try { + await deleteAiProviderCmd(provider.name); + removeProvider(index); + } catch (err) { + console.error("Failed to delete provider:", err); + } + }; + const handleTest = async () => { setIsTesting(true); setTestResult(null); @@ -215,7 +253,7 @@ export default function AIProviders() { @@ -291,7 +329,7 @@ export default function AIProviders() { placeholder="sk-..." />
- {!(form.provider_type === "custom" && normalizeApiFormat(form.api_format) === CUSTOM_REST_FORMAT) && ( + {!(form.provider_type === "custom" && form.api_format === CUSTOM_REST_FORMAT) && (
{/* Custom REST specific: User ID field */} - {normalizeApiFormat(form.api_format) === CUSTOM_REST_FORMAT && ( + {form.api_format === CUSTOM_REST_FORMAT && (
` shown when Custom REST is active; the grid row is now hidden via conditional render β€” the dropdown further down the form handles model selection for this format -- Removed `custom_auth_header: "x-msi-genai-api-key"` prefill on format switch; field now starts empty -- Replaced example in Auth Header description from internal key name to generic `"x-api-key"` -- Renamed "User ID (CORE ID)" β†’ "Email Address"; updated placeholder from `your.name@motorolasolutions.com` β†’ `user@example.com`; removed Motorola-specific description text - -**`src/pages/Dashboard/index.tsx`** -- Added `className="border-border text-foreground bg-card hover:bg-accent"` to Refresh `