sarman/tftsr-devops_investigation
1
0
Fork 0
Code Issues 1 Pull Requests Actions 34 Packages Projects 3 Releases 9 Wiki Activity

Merge pull request 'feat/public-release-prep' (#25) from feat/public-release-prep into master
All checks were successful
Auto Tag / autotag (push) Successful in 1m3s
Details
Auto Tag / wiki-sync (push) Successful in 1m4s
Details
Auto Tag / build-macos-arm64 (push) Successful in 3m52s
Details
Auto Tag / build-windows-amd64 (push) Successful in 14m49s
Details
Auto Tag / build-linux-amd64 (push) Successful in 28m20s
Details
Auto Tag / build-linux-arm64 (push) Successful in 28m50s
Details

Browse Source 
Reviewed-on: #25
This commit is contained in:
sarman 2026-04-07 16:37:36 +00:00
commit 21a4132629
53 changed files with 5621 additions and 1470 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.gitignore vendored
View File

@ -9,3 +9,15 @@ secrets.yaml
artifacts/ artifacts/
*.png *.png
/screenshots/ /screenshots/
# Internal / private documents — never commit
USER_GUIDE.md
USER_GUIDE.docx
~$ER_GUIDE.docx
TICKET_USER_GUIDE.md
BUGFIX_SUMMARY.md
PR_DESCRIPTION.md
GenAI API User Guide.md
HANDOFF-MSI-GENAI.md
TICKET_SUMMARY.md
docs/images/user-guide/

489
GenAI API User Guide.md
View File

File diff suppressed because one or more lines are too long

312
HANDOFF-MSI-GENAI.md
View File

@ -1,312 +0,0 @@
# MSI GenAI Custom Provider Integration - Handoff Document
**Date**: 2026-04-03
**Status**: In Progress - Backend schema updated, frontend and provider logic pending
---
## Context
User needs to integrate MSI GenAI API (https://genai-service.stage.commandcentral.com/app-gateway/api/v2/chat) into the application's AI Providers system.
**Problem**: The existing "Custom" provider type assumes OpenAI-compatible APIs (expects `/chat/completions` endpoint, OpenAI request/response format, `Authorization: Bearer` header). MSI GenAI has a completely different API contract:
| Aspect | OpenAI Format | MSI GenAI Format |
|--------|---------------|------------------|
| **Endpoint** | `/chat/completions` | `/api/v2/chat` (no suffix) |
| **Request** | `{"messages": [...], "model": "..."}` | `{"prompt": "...", "model": "...", "sessionId": "..."}` |
| **Response** | `{"choices": [{"message": {"content": "..."}}]}` | `{"msg": "...", "sessionId": "..."}` |
| **Auth Header** | `Authorization: Bearer <token>` | `x-msi-genai-api-key: <token>` |
| **History** | Client sends full message array | Server-side via `sessionId` |
---
## Work Completed
### 1. Updated `src-tauri/src/state.rs` - ProviderConfig Schema
Added optional fields to support custom API formats without breaking existing OpenAI-compatible providers:
```rust
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ProviderConfig {
pub name: String,
#[serde(default)]
pub provider_type: String,
pub api_url: String,
pub api_key: String,
pub model: String,
// NEW FIELDS:
/// Optional: Custom endpoint path (e.g., "" for no path, "/v1/chat" for custom path)
/// If None, defaults to "/chat/completions" for OpenAI compatibility
#[serde(skip_serializing_if = "Option::is_none")]
pub custom_endpoint_path: Option<String>,
/// Optional: Custom auth header name (e.g., "x-msi-genai-api-key")
/// If None, defaults to "Authorization"
#[serde(skip_serializing_if = "Option::is_none")]
pub custom_auth_header: Option<String>,
/// Optional: Custom auth value prefix (e.g., "" for no prefix, "Bearer " for OpenAI)
/// If None, defaults to "Bearer "
#[serde(skip_serializing_if = "Option::is_none")]
pub custom_auth_prefix: Option<String>,
/// Optional: API format ("openai" or "msi_genai")
/// If None, defaults to "openai"
#[serde(skip_serializing_if = "Option::is_none")]
pub api_format: Option<String>,
/// Optional: Session ID for stateful APIs like MSI GenAI
#[serde(skip_serializing_if = "Option::is_none")]
pub session_id: Option<String>,
}
```
**Design philosophy**: Existing providers remain unchanged (all fields default to OpenAI-compatible behavior). Only when `api_format` is set to `"msi_genai"` do the custom fields take effect.
---
## Work Remaining
### 2. Update `src-tauri/src/ai/openai.rs` - Support Custom Formats
The `OpenAiProvider::chat()` method needs to conditionally handle MSI GenAI format:
**Changes needed**:
- Check `config.api_format` — if `Some("msi_genai")`, use MSI GenAI request/response logic
- Use `config.custom_endpoint_path.unwrap_or("/chat/completions")` for endpoint
- Use `config.custom_auth_header.unwrap_or("Authorization")` for header name
- Use `config.custom_auth_prefix.unwrap_or("Bearer ")` for auth prefix
**MSI GenAI request format**:
```json
{
"model": "VertexGemini",
"prompt": "<last user message>",
"system": "<optional system message>",
"sessionId": "<uuid or null for first message>",
"userId": "user@motorolasolutions.com"
}
```
**MSI GenAI response format**:
```json
{
"status": true,
"sessionId": "uuid",
"msg": "AI response text",
"initialPrompt": true/false
}
```
**Implementation notes**:
- For MSI GenAI, convert `Vec<Message>` to a single `prompt` (concatenate or use last user message)
- Extract system message from messages array if present (role == "system")
- Store returned `sessionId` back to `config.session_id` for subsequent requests
- Extract response content from `json["msg"]` instead of `json["choices"][0]["message"]["content"]`
### 3. Update `src/lib/tauriCommands.ts` - TypeScript Types
Add new optional fields to `ProviderConfig` interface:
```typescript
export interface ProviderConfig {
provider_type?: string;
max_tokens?: number;
temperature?: number;
name: string;
api_url: string;
api_key: string;
model: string;
// NEW FIELDS:
custom_endpoint_path?: string;
custom_auth_header?: string;
custom_auth_prefix?: string;
api_format?: string;
session_id?: string;
}
```
### 4. Update `src/pages/Settings/AIProviders.tsx` - UI Fields
**When `provider_type === "custom"`, show additional form fields**:
```tsx
{form.provider_type === "custom" && (
<>
<div className="space-y-2">
<Label>API Format</Label>
<Select
value={form.api_format ?? "openai"}
onValueChange={(v) => {
const format = v;
const defaults = format === "msi_genai"
? {
custom_endpoint_path: "",
custom_auth_header: "x-msi-genai-api-key",
custom_auth_prefix: "",
}
: {
custom_endpoint_path: "/chat/completions",
custom_auth_header: "Authorization",
custom_auth_prefix: "Bearer ",
};
setForm({ ...form, api_format: format, ...defaults });
}}
>
<SelectTrigger>
<SelectValue />
</SelectTrigger>
<SelectContent>
<SelectItem value="openai">OpenAI Compatible</SelectItem>
<SelectItem value="msi_genai">MSI GenAI</SelectItem>
</SelectContent>
</Select>
</div>
<div className="grid grid-cols-2 gap-4">
<div className="space-y-2">
<Label>Endpoint Path</Label>
<Input
value={form.custom_endpoint_path ?? ""}
onChange={(e) => setForm({ ...form, custom_endpoint_path: e.target.value })}
placeholder="/chat/completions"
/>
</div>
<div className="space-y-2">
<Label>Auth Header Name</Label>
<Input
value={form.custom_auth_header ?? ""}
onChange={(e) => setForm({ ...form, custom_auth_header: e.target.value })}
placeholder="Authorization"
/>
</div>
</div>
<div className="space-y-2">
<Label>Auth Prefix</Label>
<Input
value={form.custom_auth_prefix ?? ""}
onChange={(e) => setForm({ ...form, custom_auth_prefix: e.target.value })}
placeholder="Bearer "
/>
<p className="text-xs text-muted-foreground">
Prefix added before API key (e.g., "Bearer " for OpenAI, "" for MSI GenAI)
</p>
</div>
</>
)}
```
**Update `emptyProvider` initial state**:
```typescript
const emptyProvider: ProviderConfig = {
name: "",
provider_type: "openai",
api_url: "",
api_key: "",
model: "",
custom_endpoint_path: undefined,
custom_auth_header: undefined,
custom_auth_prefix: undefined,
api_format: undefined,
session_id: undefined,
};
```
---
## Testing Configuration
**For MSI GenAI**:
- **Type**: Custom
- **API Format**: MSI GenAI
- **API URL**: `https://genai-service.stage.commandcentral.com/app-gateway`
- **Model**: `VertexGemini` (or `Claude-Sonnet-4`, `ChatGPT4o`)
- **API Key**: (user's MSI GenAI API key from portal)
- **Endpoint Path**: `` (empty - URL already includes `/api/v2/chat`)
- **Auth Header**: `x-msi-genai-api-key`
- **Auth Prefix**: `` (empty - no "Bearer " prefix)
**Test command flow**:
1. Create provider with above settings
2. Test connection (should receive AI response)
3. Verify `sessionId` is returned and stored
4. Send second message (should reuse `sessionId` for conversation history)
---
## Known Issues from User's Original Error
User initially tried:
- **API URL**: `https://genai-service.stage.commandcentral.com/app-gateway/api/v2/chat`
- **Type**: Custom (no format specified)
**Result**: `Cannot POST /api/v2/chat/chat/completions` (404)
**Root cause**: OpenAI provider appends `/chat/completions` to base URL. With the new `custom_endpoint_path` field, this is now configurable.
---
## Integration with Existing Session Management
MSI GenAI uses server-side session management. Current triage flow sends full message history on every request (OpenAI style). For MSI GenAI:
- **First message**: Send `sessionId: null` or omit field
- **Store response**: Save `response.sessionId` to `config.session_id`
- **Subsequent messages**: Include `sessionId` in requests (server maintains history)
Consider storing `session_id` per conversation in the database (link to `ai_conversations.id`) rather than globally in `ProviderConfig`.
---
## Commit Strategy
**Current git state**:
- Modified by other session: `src-tauri/src/integrations/*.rs` (ADO/Confluence/ServiceNow work)
- Modified by me: `src-tauri/src/state.rs` (MSI GenAI schema)
- Untracked: `GenAI API User Guide.md`
**Recommended approach**:
1. **Other session commits first**: Commit integration changes to main
2. **Then complete MSI GenAI work**: Finish items 2-4 above, test, commit separately
**Alternative**: Create feature branch `feature/msi-genai-custom-provider`, cherry-pick only MSI GenAI changes, complete work there, merge when ready.
---
## Reference: MSI GenAI API Spec
**Documentation**: `GenAI API User Guide.md` (in project root)
**Key endpoints**:
- `POST /api/v2/chat` - Send prompt, get response
- `POST /api/v2/upload/<SESSION-ID>` - Upload files (requires session)
- `GET /api/v2/getSessionMessages/<SESSION-ID>` - Retrieve history
- `DELETE /api/v2/entry/<MSG-ID>` - Delete message
**Available models** (from guide):
- `Claude-Sonnet-4` (Public)
- `ChatGPT4o` (Public)
- `VertexGemini` (Private) - Gemini 2.0 Flash
- `ChatGPT-5_2-Chat` (Public)
- Many others (see guide section 4.1)
**Rate limits**: $50/user/month (enforced server-side)
---
## Questions for User
1. Should `session_id` be stored globally in `ProviderConfig` or per-conversation in DB?
2. Do we need to support file uploads via `/api/v2/upload/<SESSION-ID>`?
3. Should we expose model config options (temperature, max_tokens) for MSI GenAI?
---
## Contact
This handoff doc was generated for the other Claude Code session working on integration files. Once that work is committed, this MSI GenAI work can be completed as a separate commit or feature branch.

175
INTEGRATION_AUTH_GUIDE.md Normal file
View File

@ -0,0 +1,175 @@
# Integration Authentication Guide
## Overview
The TRCAA application supports three integration authentication methods, with automatic fallback between them:
1. **API Tokens** (Manual) - Recommended ✅
2. **OAuth 2.0** - Fully automated (when configured)
3. **Browser Cookies** - Partially working ⚠️
## Authentication Priority
When you ask an AI question, the system attempts authentication in this order:
```
1. Extract cookies from persistent browser window
↓ (if fails)
2. Use stored API token from database
↓ (if fails)
3. Skip that integration and log guidance
```
## HttpOnly Cookie Limitation
**Problem**: Confluence, ServiceNow, and Azure DevOps use **HttpOnly cookies** for security. These cookies:
- ✅ Exist in the persistent browser window
- ✅ Are sent automatically by the browser
- ❌ **Cannot be extracted by JavaScript** (security feature)
- ❌ **Cannot be used in separate HTTP requests**
**Impact**: Cookie extraction via the persistent browser window **fails** for HttpOnly cookies, even though you're logged in.
## Recommended Solution: Use API Tokens
### Confluence Personal Access Token
1. Log into Confluence
2. Go to **Profile → Settings → Personal Access Tokens**
3. Click **Create token**
4. Copy the generated token
5. In TRCAA app:
- Go to **Settings → Integrations**
- Find your Confluence integration
- Click **"Save Manual Token"**
- Paste the token
- Token Type: `Bearer`
### ServiceNow API Key
1. Log into ServiceNow
2. Go to **System Security → Application Registry**
3. Click **New → OAuth API endpoint for external clients**
4. Configure and generate API key
5. In TRCAA app:
- Go to **Settings → Integrations**
- Find your ServiceNow integration
- Click **"Save Manual Token"**
- Paste the API key
### Azure DevOps Personal Access Token (PAT)
1. Log into Azure DevOps
2. Click **User Settings (top right) → Personal Access Tokens**
3. Click **New Token**
4. Scopes: Select **Read** for:
- Code (for wiki)
- Work Items (for work item search)
5. Click **Create** and copy the token
6. In TRCAA app:
- Go to **Settings → Integrations**
- Find your Azure DevOps integration
- Click **"Save Manual Token"**
- Paste the token
- Token Type: `Bearer`
## Verification
After adding API tokens, test the integration:
1. Open or create an issue
2. Go to Triage page
3. Ask a question like: "How do I upgrade Vesta NXT to 1.0.12"
4. Check the logs for:
```
INFO Using stored cookies for confluence (count: 1)
INFO Found X integration sources for AI context
```
If successful, the AI response should include:
- Content from internal documentation
- Source citations with URLs
- Links to Confluence/ServiceNow/Azure DevOps pages
## Troubleshooting
### No search results found
**Symptom**: AI gives generic answers instead of internal documentation
**Check logs for**:
```
WARN Unable to search confluence - no authentication available
```
**Solution**: Add an API token (see above)
### Cookie extraction timeout
**Symptom**: Logs show:
```
WARN Failed to extract cookies from confluence: Timeout extracting cookies
```
**Why**: HttpOnly cookies cannot be extracted via JavaScript
**Solution**: Use API tokens instead
### Integration not configured
**Symptom**: No integration searches at all
**Check**: Settings → Integrations - ensure integration is added with:
- Base URL configured
- Either browser window open OR API token saved
## Future Enhancements
### Native Cookie Extraction (Planned)
We plan to implement platform-specific native cookie extraction that can access HttpOnly cookies directly from the webview's cookie store:
- **macOS**: Use WKWebView's HTTPCookieStore (requires `cocoa`/`objc` crates)
- **Windows**: Use WebView2's cookie manager (requires `windows` crate)
- **Linux**: Use WebKitGTK cookie manager (requires `webkit2gtk` binding)
This will make the persistent browser approach fully automatic, even with HttpOnly cookies.
### Webview-Based Search (Experimental)
Another approach is to make search requests FROM within the authenticated webview using JavaScript fetch, which automatically includes HttpOnly cookies. This requires reliable IPC communication between JavaScript and Rust.
## Security Notes
### Token Storage
API tokens are:
- ✅ **Encrypted** using AES-256-GCM before storage
- ✅ **Hashed** (SHA-256) for audit logging
- ✅ Stored in encrypted SQLite database
- ✅ Never exposed to frontend JavaScript
### Cookie Storage (when working)
Extracted cookies are:
- ✅ Encrypted before database storage
- ✅ Only retrieved when making API requests
- ✅ Transmitted only over HTTPS
### Audit Trail
All integration authentication attempts are logged:
- Cookie extraction attempts
- Token usage
- Search requests
- Authentication failures
Check **Settings → Security → Audit Log** to review activity.
## Summary
**For reliable integration search NOW**: Use API tokens (Option 1)
**For automatic integration search LATER**: Native cookie extraction will be implemented in a future update
**Current workaround**: API tokens provide full functionality without browser dependency

21
README.md
View File

@ -130,6 +130,7 @@ Launch the app and go to **Settings → AI Providers** to add a provider:
| Ollama (local) | `http://localhost:11434` | No key needed — fully offline | | Ollama (local) | `http://localhost:11434` | No key needed — fully offline |
| Azure OpenAI | `https://<resource>.openai.azure.com/openai/deployments/<deployment>` | Requires API key | | Azure OpenAI | `https://<resource>.openai.azure.com/openai/deployments/<deployment>` | Requires API key |
| **AWS Bedrock (via LiteLLM)** | `http://localhost:8000/v1` | See [LiteLLM + AWS Bedrock](#litellm--aws-bedrock-setup) below | | **AWS Bedrock (via LiteLLM)** | `http://localhost:8000/v1` | See [LiteLLM + AWS Bedrock](#litellm--aws-bedrock-setup) below |
| **Custom REST Gateway** | Your gateway URL | See [Custom REST format](docs/wiki/AI-Providers.md) |
For offline use, install [Ollama](https://ollama.com) and pull a model: For offline use, install [Ollama](https://ollama.com) and pull a model:
```bash ```bash
@ -287,9 +288,9 @@ All data is stored locally in a SQLCipher-encrypted database at:
| OS | Path | | OS | Path |
|---|---| |---|---|
| Linux | `~/.local/share/tftsr/tftsr.db` | | Linux | `~/.local/share/trcaa/trcaa.db` |
| macOS | `~/Library/Application Support/tftsr/tftsr.db` | | macOS | `~/Library/Application Support/trcaa/trcaa.db` |
| Windows | `%APPDATA%\tftsr\tftsr.db` | | Windows | `%APPDATA%\trcaa\trcaa.db` |
Override with the `TFTSR_DATA_DIR` environment variable. Override with the `TFTSR_DATA_DIR` environment variable.
@ -300,8 +301,8 @@ Override with the `TFTSR_DATA_DIR` environment variable.
| Variable | Default | Purpose | | Variable | Default | Purpose |
|---|---|---| |---|---|---|
| `TFTSR_DATA_DIR` | Platform data dir | Override database location | | `TFTSR_DATA_DIR` | Platform data dir | Override database location |
| `TFTSR_DB_KEY` | _(none)_ | Database encryption key (required in release builds) | | `TFTSR_DB_KEY` | _(auto-generated)_ | Database encryption key override — auto-generated at first launch if unset |
| `TFTSR_ENCRYPTION_KEY` | _(none)_ | Credential encryption key (required in release builds) | | `TFTSR_ENCRYPTION_KEY` | _(auto-generated)_ | Credential encryption key override — auto-generated at first launch if unset |
| `RUST_LOG` | `info` | Tracing log level (`debug`, `info`, `warn`, `error`) | | `RUST_LOG` | `info` | Tracing log level (`debug`, `info`, `warn`, `error`) |
--- ---
@ -325,6 +326,14 @@ Override with the `TFTSR_DATA_DIR` environment variable.
--- ---
## Support
If this tool has been useful to you, consider buying me a coffee!
[![Buy Me A Coffee](https://img.shields.io/badge/Buy%20Me%20A%20Coffee-buymeacoffee.com%2Ftftsr-FFDD00?style=flat&logo=buy-me-a-coffee&logoColor=black)](https://buymeacoffee.com/tftsr)
---
## License ## License
Private — internal tooling. All rights reserved. MIT

254
TICKET_PERSISTENT_WEBVIEWS.md Normal file
View File

@ -0,0 +1,254 @@
# Ticket Summary - Persistent Browser Windows for Integration Authentication
## Description
Implement persistent browser window sessions for integration authentication (Confluence, Azure DevOps, ServiceNow). Browser windows now persist across application restarts, eliminating the need to extract HttpOnly cookies via JavaScript (which fails due to browser security restrictions).
This follows a Playwright-style "piggyback" authentication approach where the browser window maintains its own internal cookie store, allowing the user to log in once and have the session persist indefinitely until they manually close the window.
## Acceptance Criteria
- [x] Integration browser windows persist to database when created
- [x] Browser windows are automatically restored on app startup
- [x] Cookies are maintained automatically by the browser's internal store (no JavaScript extraction of HttpOnly cookies)
- [x] Windows can be manually closed by the user, which removes them from persistence
- [x] Database migration creates `persistent_webviews` table
- [x] Window close events are handled to update database and in-memory tracking
## Work Implemented
### 1. Database Migration for Persistent Webviews
**Files Modified:**
- `src-tauri/src/db/migrations.rs:154-167`
**Changes:**
- Added migration `013_create_persistent_webviews` to create the `persistent_webviews` table
- Table schema includes:
- `id` (TEXT PRIMARY KEY)
- `service` (TEXT with CHECK constraint for 'confluence', 'servicenow', 'azuredevops')
- `webview_label` (TEXT - the Tauri window identifier)
- `base_url` (TEXT - the integration base URL)
- `last_active` (TEXT timestamp, defaults to now)
- `window_x`, `window_y`, `window_width`, `window_height` (INTEGER - for future window position persistence)
- UNIQUE constraint on `service` (one browser window per integration)
### 2. Webview Persistence on Creation
**Files Modified:**
- `src-tauri/src/commands/integrations.rs:531-591`
**Changes:**
- Modified `authenticate_with_webview` command to persist webview state to database after creation
- Stores service name, webview label, and base URL
- Logs persistence operation for debugging
- Sets up window close event handler to remove webview from tracking and database
- Event handler properly clones Arc fields for `'static` lifetime requirement
- Updated success message to inform user that window persists across restarts
### 3. Webview Restoration on App Startup
**Files Modified:**
- `src-tauri/src/commands/integrations.rs:793-865` - Added `restore_persistent_webviews` function
- `src-tauri/src/lib.rs:60-84` - Added `.setup()` hook to call restoration
**Changes:**
- Added `restore_persistent_webviews` async function that:
- Queries `persistent_webviews` table for all saved webviews
- Recreates each webview window by calling `authenticate_with_webview`
- Updates in-memory tracking map
- Removes from database if restoration fails
- Logs all operations for debugging
- Updated `lib.rs` to call restoration in `.setup()` hook:
- Clones Arc fields from `AppState` for `'static` lifetime
- Spawns async task to restore webviews
- Logs warnings if restoration fails
### 4. Window Close Event Handling
**Files Modified:**
- `src-tauri/src/commands/integrations.rs:559-591`
**Changes:**
- Added `on_window_event` listener to detect window close events
- On `CloseRequested` event:
- Spawns async task to clean up
- Removes service from in-memory `integration_webviews` map
- Deletes entry from `persistent_webviews` database table
- Logs all cleanup operations
- Properly handles Arc cloning to avoid lifetime issues in spawned task
### 5. Removed Auto-Close Behavior
**Files Modified:**
- `src-tauri/src/commands/integrations.rs:606-618`
**Changes:**
- Removed automatic window closing in `extract_cookies_from_webview`
- Windows now stay open after cookie extraction
- Updated success message to inform user that window persists for future use
### 6. Frontend UI Update - Removed "Complete Login" Button
**Files Modified:**
- `src/pages/Settings/Integrations.tsx:371-409` - Updated webview authentication UI
- `src/pages/Settings/Integrations.tsx:140-165` - Simplified `handleConnectWebview`
- `src/pages/Settings/Integrations.tsx:167-200` - Removed `handleCompleteWebviewLogin` function
- `src/pages/Settings/Integrations.tsx:16-26` - Removed unused `extractCookiesFromWebviewCmd` import
- `src/pages/Settings/Integrations.tsx:670-677` - Updated authentication method comparison text
**Changes:**
- Removed "Complete Login" button that tried to extract cookies via JavaScript
- Updated UI to show success message when browser opens, explaining persistence
- Removed confusing two-step flow (open browser → complete login)
- New flow: click "Open Browser" → log in → leave window open (that's it!)
- Updated description text to explain persistent window behavior
- Mark integration as "connected" immediately when browser opens
- Removed unused function and import for cookie extraction
### 7. Unused Import Cleanup
**Files Modified:**
- `src-tauri/src/integrations/webview_auth.rs:2`
- `src-tauri/src/lib.rs:13` - Added `use tauri::Manager;`
**Changes:**
- Removed unused `Listener` import from webview_auth.rs
- Added `Manager` trait import to lib.rs for `.state()` method
## Testing Needed
### Manual Testing
1. **Initial Browser Window Creation**
- [ ] Navigate to Settings > Integrations
- [ ] Configure a Confluence integration with base URL
- [ ] Click "Open Browser" button
- [ ] Verify browser window opens with Confluence login page
- [ ] Complete login in the browser window
- [ ] Verify window stays open after login
2. **Window Persistence Across Restarts**
- [ ] With Confluence browser window open, close the main application
- [ ] Relaunch the application
- [ ] Verify Confluence browser window is automatically restored
- [ ] Verify you are still logged in (cookies maintained)
- [ ] Navigate to different pages in Confluence to verify session works
3. **Manual Window Close**
- [ ] With browser window open, manually close it (X button)
- [ ] Restart the application
- [ ] Verify browser window does NOT reopen (removed from persistence)
4. **Database Verification**
- [ ] Open database: `sqlite3 ~/Library/Application\ Support/trcaa/data.db`
- [ ] Run: `SELECT * FROM persistent_webviews;`
- [ ] Verify entry exists when window is open
- [ ] Close window and verify entry is removed
5. **Multiple Integration Windows**
- [ ] Open browser window for Confluence
- [ ] Open browser window for Azure DevOps
- [ ] Restart application
- [ ] Verify both windows are restored
- [ ] Close one window
- [ ] Verify only one is removed from database
- [ ] Restart and verify remaining window still restores
6. **Cookie Persistence (No HttpOnly Extraction Needed)**
- [ ] Log into Confluence browser window
- [ ] Close main application
- [ ] Relaunch application
- [ ] Navigate to a Confluence page that requires authentication
- [ ] Verify you are still logged in (cookies maintained by browser)
### Automated Testing
```bash
# Type checking
npx tsc --noEmit
# Rust compilation
cargo check --manifest-path src-tauri/Cargo.toml
# Rust tests
cargo test --manifest-path src-tauri/Cargo.toml
# Rust linting
cargo clippy --manifest-path src-tauri/Cargo.toml -- -D warnings
```
### Edge Cases to Test
- Application crash while browser window is open (verify restoration on next launch)
- Database corruption (verify graceful handling of restore failures)
- Window already exists when trying to create duplicate (verify existing window is focused)
- Network connectivity lost during window restoration (verify error handling)
- Multiple rapid window open/close cycles (verify database consistency)
## Architecture Notes
### Design Decision: Persistent Windows vs Cookie Extraction
**Problem:** HttpOnly cookies cannot be accessed via JavaScript (`document.cookie`), which broke the original cookie extraction approach for Confluence and other services.
**Solution:** Instead of extracting cookies, keep the browser window alive across app restarts:
- Browser maintains its own internal cookie store (includes HttpOnly cookies)
- Cookies are automatically sent with all HTTP requests from the browser
- No need for JavaScript extraction or manual token management
- Matches Playwright's approach of persistent browser contexts
### Lifecycle Flow
1. **Window Creation:** User clicks "Open Browser" → `authenticate_with_webview` creates window → State saved to database
2. **App Running:** Window stays open, user can browse freely, cookies maintained by browser
3. **Window Close:** User closes window → Event handler removes from database and memory
4. **App Restart:** `restore_persistent_webviews` queries database → Recreates all windows → Windows resume with original cookies
### Database Schema
```sql
CREATE TABLE persistent_webviews (
id TEXT PRIMARY KEY,
service TEXT NOT NULL CHECK(service IN ('confluence','servicenow','azuredevops')),
webview_label TEXT NOT NULL,
base_url TEXT NOT NULL,
last_active TEXT NOT NULL DEFAULT (datetime('now')),
window_x INTEGER,
window_y INTEGER,
window_width INTEGER,
window_height INTEGER,
UNIQUE(service)
);
```
### Future Enhancements
- [ ] Save and restore window position/size (columns already exist in schema)
- [ ] Add "last_active" timestamp updates on window focus events
- [ ] Implement "Close All Windows" command for cleanup
- [ ] Add visual indicator in main UI showing which integrations have active browser windows
- [ ] Implement session timeout logic (close windows after X days of inactivity)
## Related Files
- `src-tauri/src/db/migrations.rs` - Database schema migration
- `src-tauri/src/commands/integrations.rs` - Webview persistence and restoration logic
- `src-tauri/src/integrations/webview_auth.rs` - Browser window creation
- `src-tauri/src/lib.rs` - App startup hook for restoration
- `src-tauri/src/state.rs` - AppState structure with `integration_webviews` map
## Security Considerations
- Cookie storage remains in the browser's internal secure store (not extracted to database)
- Database only stores window metadata (service, label, URL)
- No credential information persisted beyond what the browser already maintains
- Audit log still tracks all integration API calls separately
## Migration Path
Users upgrading to this version will:
1. See new database migration `013_create_persistent_webviews` applied automatically
2. Existing integrations continue to work (migration is additive only)
3. First time opening a browser window will persist it for future sessions
4. No manual action required from users

155
TICKET_SUMMARY.md
View File

@ -1,155 +0,0 @@
# Ticket Summary - UI Fixes and Audit Log Enhancement
## Description
This ticket addresses multiple UI and functionality issues reported in the tftsr-devops_investigation application:
1. **Download Icons Visibility**: Download icons (PDF, DOCX) in RCA and Post-Mortem pages were not visible in dark theme
2. **Export File System Error**: "Read-only file system (os error 30)" error when attempting to export documents
3. **History Search Button**: Search button not visible in the History page
4. **Domain Filtering**: Domain-only filtering not working in History page
5. **Audit Log Enhancement**: Audit log showed only internal IDs, lacking actual transmitted data for security auditing
## Acceptance Criteria
- [ ] Download icons are visible in both light and dark themes on RCA and Post-Mortem pages
- [ ] Documents can be exported successfully to Downloads directory without filesystem errors
- [ ] Search button is visible with proper styling in History page
- [ ] Domain filter works independently without requiring a search query
- [ ] Audit log displays full transmitted data including:
- AI chat messages with provider details, user message, and response preview
- Document generation with content preview and metadata
- All entries show properly formatted JSON with details
## Work Implemented
### 1. Download Icons Visibility Fix
**Files Modified:**
- `src/components/DocEditor.tsx:60-67`
**Changes:**
- Added `text-foreground` class to Download icons for PDF and DOCX buttons
- Ensures icons inherit the current theme's foreground color for visibility
### 2. Export File System Error Fix
**Files Modified:**
- `src-tauri/Cargo.toml:38` - Added `dirs = "5"` dependency
- `src-tauri/src/commands/docs.rs:127-170` - Rewrote `export_document` function
- `src/pages/RCA/index.tsx:53-60` - Updated error handling and user feedback
- `src/pages/Postmortem/index.tsx:52-59` - Updated error handling and user feedback
**Changes:**
- Modified `export_document` to use Downloads directory by default instead of "."
- Falls back to `app_data_dir/exports` if Downloads directory unavailable
- Added proper directory creation with error handling
- Updated frontend to show success message with file path
- Empty `output_dir` parameter now triggers default behavior
### 3. Search Button Visibility Fix
**Files Modified:**
- `src/pages/History/index.tsx:124-127`
**Changes:**
- Changed button from `variant="outline"` to default variant
- Added Search icon to button for better visibility
- Button now has proper contrast in both themes
### 4. Domain-Only Filtering Fix
**Files Modified:**
- `src-tauri/src/commands/db.rs:305-312`
**Changes:**
- Added missing `filter.domain` handling in `list_issues` function
- Domain filter now properly filters by `i.category` field
- Filter works independently of search query
### 5. Audit Log Enhancement
**Files Modified:**
- `src-tauri/src/commands/ai.rs:242-266` - Enhanced AI chat audit logging
- `src-tauri/src/commands/docs.rs:44-73` - Enhanced RCA generation audit logging
- `src-tauri/src/commands/docs.rs:90-119` - Enhanced postmortem generation audit logging
- `src/pages/Settings/Security.tsx:191-206` - Enhanced audit log display
**Changes:**
- AI chat audit now captures:
- Provider name, model, and API URL
- Full user message
- Response preview (first 200 chars)
- Token count
- Document generation audit now captures:
- Issue ID and title
- Document type and title
- Content length and preview (first 300 chars)
- Security page now displays:
- Pretty-printed JSON with proper formatting
- Entry ID and entity type below the data
- Better layout with whitespace handling
## Testing Needed
### Manual Testing
1. **Download Icons Visibility**
- [ ] Open RCA page in light theme
- [ ] Verify PDF and DOCX download icons are visible
- [ ] Switch to dark theme
- [ ] Verify PDF and DOCX download icons are still visible
2. **Export Functionality**
- [ ] Generate an RCA document
- [ ] Click "PDF" export button
- [ ] Verify file is created in Downloads directory
- [ ] Verify success message displays with file path
- [ ] Check file opens correctly
- [ ] Repeat for "MD" and "DOCX" formats
- [ ] Test on Post-Mortem page as well
3. **History Search Button**
- [ ] Navigate to History page
- [ ] Verify Search button is visible
- [ ] Verify button has search icon
- [ ] Test button in both light and dark themes
4. **Domain Filtering**
- [ ] Navigate to History page
- [ ] Select a domain from dropdown (e.g., "Linux")
- [ ] Do NOT enter any search text
- [ ] Verify issues are filtered by selected domain
- [ ] Change domain selection
- [ ] Verify filtering updates correctly
5. **Audit Log**
- [ ] Perform an AI chat interaction
- [ ] Navigate to Settings > Security > Audit Log
- [ ] Click "View" on a recent entry
- [ ] Verify transmitted data shows:
- Provider details
- User message
- Response preview
- [ ] Generate an RCA or Post-Mortem
- [ ] Check audit log for document generation entry
- [ ] Verify content preview and metadata are visible
### Automated Testing
```bash
# Type checking
npx tsc --noEmit
# Rust compilation
cargo check --manifest-path src-tauri/Cargo.toml
# Rust linting
cargo clippy --manifest-path src-tauri/Cargo.toml -- -D warnings
# Frontend tests (if applicable)
npm run test:run
```
### Edge Cases to Test
- Export when Downloads directory doesn't exist
- Export with very long document titles (special character handling)
- Domain filter with empty result set
- Audit log with very large payloads (>1000 chars)
- Audit log JSON parsing errors (malformed data)

863
docs/architecture/README.md Normal file
View File

@ -0,0 +1,863 @@
# TRCAA Architecture Documentation
**Troubleshooting and RCA Assistant** — C4-model architecture documentation using Mermaid diagrams.
---
## Table of Contents
1. [System Context (C4 Level 1)](#system-context)
2. [Container Architecture (C4 Level 2)](#container-architecture)
3. [Component Architecture (C4 Level 3)](#component-architecture)
4. [Data Architecture](#data-architecture)
5. [Security Architecture](#security-architecture)
6. [AI Provider Architecture](#ai-provider-architecture)
7. [Integration Architecture](#integration-architecture)
8. [Deployment Architecture](#deployment-architecture)
9. [Key Data Flows](#key-data-flows)
10. [Architecture Decision Records](#architecture-decision-records)
---
## System Context
The system context diagram shows TRCAA in relation to its users and external systems.
```mermaid
C4Context
title System Context — Troubleshooting and RCA Assistant
Person(it_eng, "IT Engineer", "Diagnoses incidents and conducts root cause analysis")
System(trcaa, "TRCAA Desktop App", "Structured AI-backed assistant for IT troubleshooting, 5-whys RCA, and post-mortem documentation")
System_Ext(ollama, "Ollama (Local)", "Runs open-source LLMs locally (llama3, mistral, phi3)")
System_Ext(openai, "OpenAI API", "GPT-4o, GPT-4o-mini for cloud AI inference")
System_Ext(anthropic, "Anthropic API", "Claude 3.5 Sonnet, Claude Haiku")
System_Ext(gemini, "Google Gemini API", "Gemini Pro for cloud AI inference")
System_Ext(custom_rest, "Custom REST Gateway", "Enterprise AI gateway (custom REST format)")
System_Ext(confluence, "Confluence", "Atlassian wiki — publish RCA docs")
System_Ext(servicenow, "ServiceNow", "ITSM platform — create incident tickets")
System_Ext(ado, "Azure DevOps", "Work item tracking and collaboration")
Rel(it_eng, trcaa, "Uses", "Desktop app (Tauri WebView)")
Rel(trcaa, ollama, "AI inference", "HTTP/JSON (local)")
Rel(trcaa, openai, "AI inference", "HTTPS/REST")
Rel(trcaa, anthropic, "AI inference", "HTTPS/REST")
Rel(trcaa, gemini, "AI inference", "HTTPS/REST")
Rel(trcaa, custom_rest, "AI inference", "HTTPS/REST")
Rel(trcaa, confluence, "Publish RCA docs", "HTTPS/REST + OAuth2")
Rel(trcaa, servicenow, "Create incidents", "HTTPS/REST + OAuth2")
Rel(trcaa, ado, "Create work items", "HTTPS/REST + OAuth2")
```
---
## Container Architecture
TRCAA is a single-process Tauri 2 desktop application. The "containers" are logical boundaries within the process.
```mermaid
C4Container
title Container Architecture — TRCAA
Person(user, "IT Engineer")
System_Boundary(trcaa, "TRCAA Desktop Process") {
Container(webview, "React Frontend", "React 18 + TypeScript + Vite", "Renders UI via OS WebView (WebKit/WebView2). Manages ephemeral session state and persisted settings.")
Container(tauri_core, "Tauri Core / IPC Bridge", "Rust / Tauri 2", "Routes invoke() calls between WebView and backend command handlers. Enforces capability ACL.")
Container(rust_backend, "Rust Backend", "Rust / Tokio async", "Command handlers, AI provider clients, PII engine, document generation, integration clients, audit logging.")
ContainerDb(db, "SQLCipher Database", "SQLite + SQLCipher AES-256", "All persistent data: issues, logs, messages, audit trail, credentials, AI provider configs.")
ContainerDb(stronghold, "Stronghold Key Store", "tauri-plugin-stronghold", "Encrypted key-value store for symmetric key material.")
ContainerDb(local_fs, "Local Filesystem", "App data directory", "Redacted log files, .dbkey, .enckey, exported documents.")
}
System_Ext(ai_providers, "AI Providers", "OpenAI, Anthropic, Gemini, Mistral, Ollama")
System_Ext(integrations, "Integrations", "Confluence, ServiceNow, Azure DevOps")
Rel(user, webview, "Interacts with", "Mouse/keyboard via OS WebView")
Rel(webview, tauri_core, "IPC calls", "invoke() / Tauri JS bridge")
Rel(tauri_core, rust_backend, "Dispatches commands", "Rust function calls")
Rel(rust_backend, db, "Reads/writes", "rusqlite (sync, mutex-guarded)")
Rel(rust_backend, stronghold, "Reads/writes keys", "Plugin API")
Rel(rust_backend, local_fs, "Reads/writes files", "std::fs")
Rel(rust_backend, ai_providers, "AI inference", "reqwest async HTTP")
Rel(rust_backend, integrations, "API calls", "reqwest async HTTP + OAuth2")
```
---
## Component Architecture
### Backend Components
```mermaid
graph TD
subgraph "Tauri IPC Layer"
IPC[IPC Command Router\nlib.rs generate_handler!]
end
subgraph "Command Handlers (commands/)"
CMD_DB[db.rs\nIssue CRUD\nTimeline Events\n5-Whys Entries]
CMD_AI[ai.rs\nChat Message\nLog Analysis\nProvider Test]
CMD_ANALYSIS[analysis.rs\nLog Upload\nPII Detection\nRedaction Apply]
CMD_DOCS[docs.rs\nRCA Generation\nPostmortem Gen\nDocument Export]
CMD_INTEGRATIONS[integrations.rs\nConfluence\nServiceNow\nAzure DevOps\nOAuth Flow]
CMD_SYSTEM[system.rs\nSettings CRUD\nOllama Mgmt\nAI Provider Mgmt\nAudit Log]
end
subgraph "Domain Services"
AI[AI Layer\nai/provider.rs\nTrait + Factory]
PII[PII Engine\npii/detector.rs\n12 Pattern Detectors]
AUDIT[Audit Logger\naudit/log.rs\nHash-chained entries]
DOCS_GEN[Doc Generator\ndocs/rca.rs\ndocs/postmortem.rs]
end
subgraph "AI Providers (ai/)"
ANTHROPIC[anthropic.rs\nClaude API]
OPENAI[openai.rs\nOpenAI + Custom REST]
OLLAMA[ollama.rs\nLocal Models]
GEMINI[gemini.rs\nGoogle Gemini]
MISTRAL[mistral.rs\nMistral API]
end
subgraph "Integration Clients (integrations/)"
CONFLUENCE[confluence.rs\nconfluence_search.rs]
SERVICENOW[servicenow.rs\nservicenow_search.rs]
AZUREDEVOPS[azuredevops.rs\nazuredevops_search.rs]
AUTH[auth.rs\nAES-256-GCM\nToken Encryption]
WEBVIEW_AUTH[webview_auth.rs\nOAuth WebView\nCallback Server]
end
subgraph "Data Layer (db/)"
MIGRATIONS[migrations.rs\n14 Schema Versions]
MODELS[models.rs\nIssue / LogFile\nAiMessage / Document\nAuditEntry / Credential]
CONNECTION[connection.rs\nSQLCipher Connect\nKey Auto-gen\nPlain→Encrypted Migration]
end
IPC --> CMD_DB
IPC --> CMD_AI
IPC --> CMD_ANALYSIS
IPC --> CMD_DOCS
IPC --> CMD_INTEGRATIONS
IPC --> CMD_SYSTEM
CMD_AI --> AI
CMD_ANALYSIS --> PII
CMD_DOCS --> DOCS_GEN
CMD_INTEGRATIONS --> CONFLUENCE
CMD_INTEGRATIONS --> SERVICENOW
CMD_INTEGRATIONS --> AZUREDEVOPS
CMD_INTEGRATIONS --> AUTH
CMD_INTEGRATIONS --> WEBVIEW_AUTH
AI --> ANTHROPIC
AI --> OPENAI
AI --> OLLAMA
AI --> GEMINI
AI --> MISTRAL
CMD_DB --> MODELS
CMD_AI --> AUDIT
CMD_ANALYSIS --> AUDIT
MODELS --> MIGRATIONS
MIGRATIONS --> CONNECTION
style IPC fill:#4a90d9,color:#fff
style AI fill:#7b68ee,color:#fff
style PII fill:#e67e22,color:#fff
style AUDIT fill:#c0392b,color:#fff
```
### Frontend Components
```mermaid
graph TD
subgraph "React Application (src/)"
APP[App.tsx\nSidebar + Router\nTheme Provider]
end
subgraph "Pages (src/pages/)"
DASHBOARD[Dashboard\nStats + Quick Actions]
NEW_ISSUE[NewIssue\nCreate Form]
LOG_UPLOAD[LogUpload\nFile Upload + PII Review]
TRIAGE[Triage\n5-Whys AI Chat]
RESOLUTION[Resolution\nStep Tracking]
RCA[RCA\nDocument Editor]
POSTMORTEM[Postmortem\nDocument Editor]
HISTORY[History\nSearch + Filter]
SETTINGS[Settings\nProviders / Ollama\nIntegrations / Security]
end
subgraph "Components (src/components/)"
CHAT_WIN[ChatWindow\nStreaming Messages]
DOC_EDITOR[DocEditor\nMarkdown Editor]
PII_DIFF[PiiDiffViewer\nSide-by-side Diff]
HW_REPORT[HardwareReport\nSystem Specs]
MODEL_SEL[ModelSelector\nProvider Dropdown]
TRIAGE_PROG[TriageProgress\n5-Whys Steps]
end
subgraph "State (src/stores/)"
SESSION[sessionStore\nEphemeral — NOT persisted\nCurrentIssue / Messages\nPiiSpans / WhyLevel]
SETTINGS_STORE[settingsStore\nPersisted to localStorage\nTheme / ActiveProvider\nPiiPatterns]
HISTORY_STORE[historyStore\nCached issue list\nSearch results]
end
subgraph "IPC Layer (src/lib/)"
IPC[tauriCommands.ts\nTyped invoke() wrappers\nAll Tauri commands]
PROMPTS[domainPrompts.ts\n8 Domain System Prompts]
end
APP --> DASHBOARD
APP --> TRIAGE
APP --> LOG_UPLOAD
APP --> HISTORY
APP --> SETTINGS
TRIAGE --> CHAT_WIN
TRIAGE --> TRIAGE_PROG
LOG_UPLOAD --> PII_DIFF
RCA --> DOC_EDITOR
POSTMORTEM --> DOC_EDITOR
SETTINGS --> HW_REPORT
SETTINGS --> MODEL_SEL
TRIAGE --> SESSION
TRIAGE --> SETTINGS_STORE
HISTORY --> HISTORY_STORE
SETTINGS --> SETTINGS_STORE
CHAT_WIN --> IPC
LOG_UPLOAD --> IPC
RCA --> IPC
SETTINGS --> IPC
IPC --> PROMPTS
style SESSION fill:#e74c3c,color:#fff
style SETTINGS_STORE fill:#27ae60,color:#fff
style IPC fill:#4a90d9,color:#fff
```
---
## Data Architecture
### Database Schema
```mermaid
erDiagram
issues {
TEXT id PK
TEXT title
TEXT description
TEXT severity
TEXT status
TEXT category
TEXT source
TEXT assigned_to
TEXT tags
TEXT created_at
TEXT updated_at
}
log_files {
TEXT id PK
TEXT issue_id FK
TEXT file_name
TEXT content_hash
TEXT mime_type
INTEGER size_bytes
INTEGER redacted
TEXT created_at
}
pii_spans {
TEXT id PK
TEXT log_file_id FK
INTEGER start_offset
INTEGER end_offset
TEXT original_value
TEXT replacement
TEXT pattern_type
INTEGER approved
}
ai_conversations {
TEXT id PK
TEXT issue_id FK
TEXT provider_name
TEXT model_name
TEXT created_at
}
ai_messages {
TEXT id PK
TEXT conversation_id FK
TEXT role
TEXT content
INTEGER token_count
TEXT created_at
}
resolution_steps {
TEXT id PK
TEXT issue_id FK
INTEGER step_order
TEXT question
TEXT answer
TEXT evidence
TEXT created_at
}
documents {
TEXT id PK
TEXT issue_id FK
TEXT doc_type
TEXT title
TEXT content_md
TEXT created_at
TEXT updated_at
}
audit_log {
TEXT id PK
TEXT action
TEXT entity_type
TEXT entity_id
TEXT prev_hash
TEXT entry_hash
TEXT details
TEXT created_at
}
credentials {
TEXT id PK
TEXT service UNIQUE
TEXT token_type
TEXT encrypted_token
TEXT token_hash
TEXT expires_at
TEXT created_at
}
integration_config {
TEXT id PK
TEXT service UNIQUE
TEXT base_url
TEXT username
TEXT project_name
TEXT space_key
INTEGER auto_create
}
ai_providers {
TEXT id PK
TEXT name UNIQUE
TEXT provider_type
TEXT api_url
TEXT encrypted_api_key
TEXT model
TEXT config_json
}
issues_fts {
TEXT rowid FK
TEXT title
TEXT description
}
issues ||--o{ log_files : "has"
issues ||--o{ ai_conversations : "has"
issues ||--o{ resolution_steps : "has"
issues ||--o{ documents : "has"
issues ||--|| issues_fts : "indexed by"
log_files ||--o{ pii_spans : "contains"
ai_conversations ||--o{ ai_messages : "contains"
```
### Data Flow — Issue Triage Lifecycle
```mermaid
sequenceDiagram
participant U as User
participant FE as React Frontend
participant IPC as Tauri IPC
participant BE as Rust Backend
participant PII as PII Engine
participant AI as AI Provider
participant DB as SQLCipher DB
U->>FE: Create new issue
FE->>IPC: create_issue(title, severity)
IPC->>BE: cmd::db::create_issue()
BE->>DB: INSERT INTO issues
DB-->>BE: Issue{id, ...}
BE-->>FE: Issue
U->>FE: Upload log file
FE->>IPC: upload_log_file(issue_id, path)
IPC->>BE: cmd::analysis::upload_log_file()
BE->>BE: Read file, SHA-256 hash
BE->>DB: INSERT INTO log_files
BE->>PII: detect(content)
PII-->>BE: Vec<PiiSpan>
BE->>DB: INSERT INTO pii_spans
BE-->>FE: {log_file, spans}
U->>FE: Approve redactions
FE->>IPC: apply_redactions(log_file_id, span_ids)
IPC->>BE: cmd::analysis::apply_redactions()
BE->>DB: UPDATE pii_spans SET approved=1
BE->>BE: Write .redacted file
BE->>DB: UPDATE log_files SET redacted=1
BE->>DB: INSERT INTO audit_log (hash-chained)
U->>FE: Start AI triage
FE->>IPC: analyze_logs(issue_id, ...)
IPC->>BE: cmd::ai::analyze_logs()
BE->>DB: SELECT redacted log content
BE->>AI: POST /chat/completions (redacted content)
AI-->>BE: {summary, findings, why1, severity}
BE->>DB: INSERT ai_messages
BE-->>FE: AnalysisResult
loop 5-Whys Iteration
U->>FE: Ask "Why?" question
FE->>IPC: chat_message(conversation_id, msg)
IPC->>BE: cmd::ai::chat_message()
BE->>DB: SELECT conversation history
BE->>AI: POST /chat/completions
AI-->>BE: Response with why level detection
BE->>DB: INSERT ai_messages
BE-->>FE: ChatResponse{content, why_level}
FE->>FE: Auto-advance why level (1→5)
end
U->>FE: Generate RCA
FE->>IPC: generate_rca(issue_id)
IPC->>BE: cmd::docs::generate_rca()
BE->>DB: SELECT issue + steps + conversations
BE->>BE: Build markdown template
BE->>DB: INSERT INTO documents
BE-->>FE: Document{content_md}
```
---
## Security Architecture
### Security Layers
```mermaid
graph TB
subgraph "Layer 1: Network Security"
CSP[Content Security Policy\nallow-list of external hosts]
TLS[TLS Enforcement\nreqwest HTTPS only]
CAP[Tauri Capability ACL\nLeast-privilege permissions]
end
subgraph "Layer 2: Data Encryption"
SQLCIPHER[SQLCipher AES-256\nFull database encryption\nPBKDF2-SHA512, 256k iterations]
AES_GCM[AES-256-GCM\nCredential token encryption\nUnique nonce per encrypt]
STRONGHOLD[Tauri Stronghold\nKey derivation + storage\nArgon2 password hashing]
end
subgraph "Layer 3: Key Management"
DB_KEY[.dbkey file\nPer-install random 256-bit key\nMode 0600 — owner only]
ENC_KEY[.enckey file\nPer-install random 256-bit key\nMode 0600 — owner only]
ENV_OVERRIDE[TFTSR_DB_KEY / TFTSR_ENCRYPTION_KEY\nOptional env var override]
end
subgraph "Layer 4: PII Protection"
PII_DETECT[12-Pattern PII Detector\nEmail / IP / Phone / SSN\nTokens / Passwords / MAC]
USER_APPROVE[User Approval Gate\nManual review before AI send]
AUDIT[Hash-chained Audit Log\nprev_hash → entry_hash\nTamper detection]
end
subgraph "Layer 5: Credential Storage"
TOKEN_HASH[Token Hash Storage\nSHA-256 hash in credentials table]
TOKEN_ENC[Token Encrypted Storage\nAES-256-GCM ciphertext]
NO_BROWSER[No Browser Storage\nAPI keys never in localStorage]
end
SQLCIPHER --> DB_KEY
AES_GCM --> ENC_KEY
DB_KEY --> ENV_OVERRIDE
ENC_KEY --> ENV_OVERRIDE
TOKEN_ENC --> AES_GCM
TOKEN_HASH --> AUDIT
style SQLCIPHER fill:#c0392b,color:#fff
style AES_GCM fill:#c0392b,color:#fff
style AUDIT fill:#e67e22,color:#fff
style PII_DETECT fill:#e67e22,color:#fff
style USER_APPROVE fill:#27ae60,color:#fff
```
### Authentication Flow — OAuth2 Integration
```mermaid
sequenceDiagram
participant U as User
participant FE as Frontend
participant BE as Rust Backend
participant WV as WebView Window
participant CB as Callback Server\n(warp, port 8765)
participant EXT as External Service\n(Confluence/ADO)
U->>FE: Click "Connect" for integration
FE->>BE: initiate_oauth(service)
BE->>BE: Generate PKCE code_verifier + code_challenge
BE->>CB: Start warp server (localhost:8765)
BE->>WV: Open auth URL in new WebView window
WV->>EXT: GET /oauth/authorize?code_challenge=...
EXT-->>WV: Login page
U->>WV: Enter credentials
WV->>EXT: POST credentials
EXT-->>WV: Redirect to localhost:8765/callback?code=xxx
WV->>CB: GET /callback?code=xxx
CB->>BE: Signal auth code received
BE->>EXT: POST /oauth/token (code + code_verifier)
EXT-->>BE: access_token + refresh_token
BE->>BE: encrypt_token(access_token)
BE->>DB: INSERT credentials (encrypted_token, token_hash)
BE->>DB: INSERT audit_log
BE-->>FE: OAuth complete
FE->>FE: Show "Connected" status
```
---
## AI Provider Architecture
### Provider Trait Pattern
```mermaid
classDiagram
class Provider {
<<trait>>
+name() String
+chat(messages, config) Future~ChatResponse~
+info() ProviderInfo
}
class AnthropicProvider {
-api_key: String
-model: String
+chat(messages, config)
+name() "anthropic"
}
class OpenAiProvider {
-api_url: String
-api_key: String
-model: String
-api_format: ApiFormat
+chat(messages, config)
+name() "openai"
}
class OllamaProvider {
-base_url: String
-model: String
+chat(messages, config)
+name() "ollama"
}
class GeminiProvider {
-api_key: String
-model: String
+chat(messages, config)
+name() "gemini"
}
class MistralProvider {
-api_key: String
-model: String
+chat(messages, config)
+name() "mistral"
}
class ProviderFactory {
+create_provider(config: ProviderConfig) Box~dyn Provider~
}
class ProviderConfig {
+name: String
+provider_type: String
+api_url: String
+api_key: String
+model: String
+max_tokens: Option~u32~
+temperature: Option~f64~
+custom_endpoint_path: Option~String~
+custom_auth_header: Option~String~
+custom_auth_prefix: Option~String~
+api_format: Option~String~
}
Provider <|.. AnthropicProvider
Provider <|.. OpenAiProvider
Provider <|.. OllamaProvider
Provider <|.. GeminiProvider
Provider <|.. MistralProvider
ProviderFactory --> Provider : creates
ProviderFactory --> ProviderConfig : consumes
```
### Tool Calling Flow (Azure DevOps)
```mermaid
sequenceDiagram
participant U as User
participant FE as Frontend
participant BE as Rust Backend
participant AI as AI Provider
participant ADO as Azure DevOps API
U->>FE: Chat message mentioning ADO work item
FE->>BE: chat_message(conversation_id, msg, provider_config)
BE->>BE: Inject get_available_tools() into request
BE->>AI: POST /chat/completions {messages, tools: [add_ado_comment]}
AI-->>BE: {tool_calls: [{function: "add_ado_comment", args: {work_item_id, comment_text}}]}
BE->>BE: Parse tool_calls from response
BE->>BE: Validate tool name matches registered tools
BE->>ADO: PATCH /wit/workitems/{id}?api-version=7.0 (add comment)
ADO-->>BE: 200 OK
BE->>BE: Format tool result message
BE->>AI: POST /chat/completions {messages, tool_result}
AI-->>BE: Final response to user
BE->>DB: INSERT ai_messages (tool call + result)
BE-->>FE: ChatResponse{content}
```
---
## Integration Architecture
```mermaid
graph LR
subgraph "Integration Layer (integrations/)"
AUTH[auth.rs\nToken Encryption\nOAuth + PKCE\nCookie Extraction]
subgraph "Confluence"
CF[confluence.rs\nPublish Documents\nSpace Management]
CF_SEARCH[confluence_search.rs\nContent Search\nPersistent WebView]
end
subgraph "ServiceNow"
SN[servicenow.rs\nCreate Incidents\nUpdate Records]
SN_SEARCH[servicenow_search.rs\nIncident Search\nKnowledge Base]
end
subgraph "Azure DevOps"
ADO[azuredevops.rs\nWork Items CRUD\nComments (AI tool)]
ADO_SEARCH[azuredevops_search.rs\nWork Item Search\nPersistent WebView]
end
subgraph "Auth Infrastructure"
WV_AUTH[webview_auth.rs\nOAuth WebView\nLogin Flow]
CB_SERVER[callback_server.rs\nwarp HTTP Server\nlocalhost:8765]
NAT_COOKIES[native_cookies*.rs\nPlatform Cookie\nExtraction]
end
end
subgraph "External Services"
CF_EXT[Atlassian Confluence\nhttps://*.atlassian.net]
SN_EXT[ServiceNow\nhttps://*.service-now.com]
ADO_EXT[Azure DevOps\nhttps://dev.azure.com]
end
AUTH --> CF
AUTH --> SN
AUTH --> ADO
WV_AUTH --> CB_SERVER
WV_AUTH --> NAT_COOKIES
CF --> CF_EXT
CF_SEARCH --> CF_EXT
SN --> SN_EXT
SN_SEARCH --> SN_EXT
ADO --> ADO_EXT
ADO_SEARCH --> ADO_EXT
style AUTH fill:#c0392b,color:#fff
```
---
## Deployment Architecture
### CI/CD Pipeline
```mermaid
graph TB
subgraph "Source Control"
GOGS[Gogs / Gitea\ngogs.tftsr.com\nSarman Repository]
end
subgraph "CI/CD Triggers"
PR_TRIGGER[PR Opened/Updated\ntest.yml workflow]
MASTER_TRIGGER[Push to master\nauto-tag.yml workflow]
DOCKER_TRIGGER[.docker/ changes\nbuild-images.yml workflow]
end
subgraph "Test Runner — amd64-docker-runner"
RUSTFMT[1. rustfmt\nFormat Check]
CLIPPY[2. clippy\n-D warnings]
CARGO_TEST[3. cargo test\n64 Rust tests]
TSC[4. tsc --noEmit\nType Check]
VITEST[5. vitest run\n13 JS tests]
end
subgraph "Release Builders (Parallel)"
AMD64[linux/amd64\nDocker: trcaa-linux-amd64\n.deb .rpm .AppImage]
WINDOWS[windows/amd64\nDocker: trcaa-windows-cross\n.exe .msi]
ARM64[linux/arm64\narm64 native runner\n.deb .rpm .AppImage]
MACOS[macOS arm64\nnative macOS runner\n.app .dmg]
end
subgraph "Artifact Storage"
RELEASE[Gitea Release\nv0.x.x tags\nAll platform assets]
REGISTRY[Gitea Container Registry\n172.0.0.29:3000\nCI Docker images]
end
GOGS --> PR_TRIGGER
GOGS --> MASTER_TRIGGER
GOGS --> DOCKER_TRIGGER
PR_TRIGGER --> RUSTFMT
RUSTFMT --> CLIPPY
CLIPPY --> CARGO_TEST
CARGO_TEST --> TSC
TSC --> VITEST
MASTER_TRIGGER --> AMD64
MASTER_TRIGGER --> WINDOWS
MASTER_TRIGGER --> ARM64
MASTER_TRIGGER --> MACOS
AMD64 --> RELEASE
WINDOWS --> RELEASE
ARM64 --> RELEASE
MACOS --> RELEASE
DOCKER_TRIGGER --> REGISTRY
style VITEST fill:#27ae60,color:#fff
style RELEASE fill:#4a90d9,color:#fff
```
### Runtime Architecture (per Platform)
```mermaid
graph TB
subgraph "macOS Runtime"
MAC_PROC[trcaa process\nMach-O arm64 binary]
WEBKIT[WKWebView\nSafari WebKit engine]
MAC_DATA[~/Library/Application Support/trcaa/\n.dbkey mode 0600\n.enckey mode 0600\ntrcaa.db SQLCipher]
MAC_BUNDLE[Troubleshooting and RCA Assistant.app\n/Applications/]
end
subgraph "Linux Runtime"
LINUX_PROC[trcaa process\nELF amd64/arm64]
WEBKIT2[WebKitGTK WebView\nwebkit2gtk4.1]
LINUX_DATA[~/.local/share/trcaa/\n.dbkey .enckey\ntrcaa.db]
LINUX_PKG[.deb / .rpm / .AppImage]
end
subgraph "Windows Runtime"
WIN_PROC[trcaa.exe\nPE amd64]
WEBVIEW2[Microsoft WebView2\nChromium-based]
WIN_DATA[%APPDATA%\trcaa\\\n.dbkey .enckey\ntrcaa.db]
WIN_PKG[NSIS .exe / .msi]
end
MAC_BUNDLE --> MAC_PROC
MAC_PROC --> WEBKIT
MAC_PROC --> MAC_DATA
LINUX_PKG --> LINUX_PROC
LINUX_PROC --> WEBKIT2
LINUX_PROC --> LINUX_DATA
WIN_PKG --> WIN_PROC
WIN_PROC --> WEBVIEW2
WIN_PROC --> WIN_DATA
```
---
## Key Data Flows
### PII Detection and Redaction
```mermaid
flowchart TD
A[User uploads log file] --> B[Read file contents\nmax 50MB]
B --> C[Compute SHA-256 hash]
C --> D[Store metadata in log_files table]
D --> E[Run PII Detection Engine]
subgraph "PII Engine"
E --> F{12 Pattern Detectors}
F --> G[Email Regex]
F --> H[IPv4/IPv6 Regex]
F --> I[Bearer Token Regex]
F --> J[Password Regex]
F --> K[SSN / Phone / CC]
F --> L[MAC / Hostname]
G & H & I & J & K & L --> M[Collect all spans]
M --> N[Sort by start offset]
N --> O[Remove overlaps\nlongest span wins]
end
O --> P[Store pii_spans in DB\nwith UUID per span]
P --> Q[Return spans to UI]
Q --> R[PiiDiffViewer\nSide-by-side diff]
R --> S{User reviews}
S -->|Approve| T[apply_redactions\nMark spans approved]
S -->|Dismiss| U[Remove from approved set]
T --> V[Write .redacted log file\nreplace spans with placeholders]
V --> W[Update log_files.redacted = 1]
W --> X[Append to audit_log\nhash-chained entry]
X --> Y[Log now safe for AI send]
```
### Encryption Key Lifecycle
```mermaid
flowchart TD
A[App Launch] --> B{TFTSR_DB_KEY env var set?}
B -->|Yes| C[Use env var key]
B -->|No| D{Release build?}
D -->|Debug| E[Use hardcoded dev key]
D -->|Release| F{.dbkey file exists?}
F -->|Yes| G[Load key from .dbkey]
F -->|No| H[Generate 32 random bytes\nhex-encode → 64 char key]
H --> I[Write to .dbkey\nmode 0600]
I --> J[Use generated key]
G --> K{Open database}
C --> K
E --> K
J --> K
K --> L{SQLCipher decrypt success?}
L -->|Yes| M[Run migrations\nDatabase ready]
L -->|No| N{File is plain SQLite?}
N -->|Yes| O[migrate_plain_to_encrypted\nCreate .db.plain-backup\nATTACH + sqlcipher_export]
N -->|No| P[Fatal error\nDatabase corrupt]
O --> M
style H fill:#27ae60,color:#fff
style O fill:#e67e22,color:#fff
style P fill:#c0392b,color:#fff
```
---
## Architecture Decision Records
See the [adrs/](./adrs/) directory for all Architecture Decision Records.
| ADR | Title | Status |
|-----|-------|--------|
| [ADR-001](./adrs/ADR-001-tauri-desktop-framework.md) | Tauri as Desktop Framework | Accepted |
| [ADR-002](./adrs/ADR-002-sqlcipher-encrypted-database.md) | SQLCipher for Encrypted Storage | Accepted |
| [ADR-003](./adrs/ADR-003-provider-trait-pattern.md) | Provider Trait Pattern for AI Backends | Accepted |
| [ADR-004](./adrs/ADR-004-pii-regex-aho-corasick.md) | Regex + Aho-Corasick for PII Detection | Accepted |
| [ADR-005](./adrs/ADR-005-auto-generate-encryption-keys.md) | Auto-generate Encryption Keys at Runtime | Accepted |
| [ADR-006](./adrs/ADR-006-zustand-state-management.md) | Zustand for Frontend State Management | Accepted |

66
docs/architecture/adrs/ADR-001-tauri-desktop-framework.md Normal file
View File

@ -0,0 +1,66 @@
# ADR-001: Tauri as Desktop Framework
**Status**: Accepted
**Date**: 2025-Q3
**Deciders**: sarman
---
## Context
A cross-platform desktop application is required for IT engineers who need:
- Fully offline operation (local AI via Ollama)
- Encrypted local data storage (sensitive incident details)
- Access to local filesystem (log files)
- No telemetry or cloud dependency for core functionality
- Distribution on Linux, macOS, and Windows
The main alternatives considered were **Electron**, **Flutter**, **Qt**, and a pure **web app**.
---
## Decision
Use **Tauri 2** with a **Rust backend** and **React/TypeScript frontend**.
---
## Rationale
| Criterion | Tauri 2 | Electron | Flutter | Web App |
|-----------|---------|----------|---------|---------|
| Binary size | ~8 MB | ~120+ MB | ~40 MB | N/A |
| Memory footprint | ~50 MB | ~200+ MB | ~100 MB | N/A |
| OS WebView | Yes (native) | No (bundled Chromium) | No | N/A |
| Rust backend | Yes (native perf) | No (Node.js) | No (Dart) | No |
| Filesystem access | Scoped ACL | Unrestricted by default | Limited | CORS-limited |
| Offline-first | Yes | Yes | Yes | No |
| SQLCipher integration | Via rusqlite | Via better-sqlite3 | Via plugin | No |
| Existing team skills | Rust + React | Node.js + React | Dart | TypeScript |
**Tauri's advantages for this use case:**
1. **Security model**: Capability-based ACL prevents frontend from making arbitrary system calls. The frontend can only call explicitly-declared commands.
2. **Performance**: Rust backend handles CPU-intensive work (PII regex scanning, PDF generation, SQLCipher operations) without Node.js overhead.
3. **Binary size**: Uses the OS-native WebView (WebKit on macOS/Linux, WebView2 on Windows) — no bundled browser engine.
4. **Stronghold plugin**: Built-in encrypted key-value store for credential management.
5. **IPC type safety**: `generate_handler![]` macro ensures all IPC commands are registered; `invoke()` on the frontend can be fully typed via `tauriCommands.ts`.
---
## Consequences
**Positive:**
- Small distributable (<20 MB .dmg vs 150+ MB Electron .dmg)
- Rust's memory safety prevents a class of security bugs
- Tauri's CSP enforcement and capability ACL provide defense-in-depth
- Native OS dialogs, file pickers, and notifications
**Negative:**
- WebKit/WebView2 inconsistencies require cross-browser testing
- Rust compile times are longer than Node.js (mitigated by Docker CI caching)
- Tauri 2 is relatively new — smaller ecosystem than Electron
- macOS builds require a macOS runner (no cross-compilation)
**Neutral:**
- React frontend works identically to a web app — no desktop-specific UI code needed
- TypeScript IPC wrappers (`tauriCommands.ts`) decouple frontend from Tauri details

73
docs/architecture/adrs/ADR-002-sqlcipher-encrypted-database.md Normal file
View File

@ -0,0 +1,73 @@
# ADR-002: SQLCipher for Encrypted Storage
**Status**: Accepted
**Date**: 2025-Q3
**Deciders**: sarman
---
## Context
All incident data (titles, descriptions, log contents, AI conversations, resolution steps, RCA documents) must be stored locally and at rest must be encrypted. The application cannot rely on OS-level full-disk encryption being enabled.
Requirements:
- AES-256 encryption of the full database file
- Key derivation suitable for per-installation keys (not user passwords)
- No plaintext data accessible if the `.db` file is copied off-machine
- Rust-compatible SQLite bindings
---
## Decision
Use **SQLCipher** via `rusqlite` with the `bundled-sqlcipher-vendored-openssl` feature flag.
---
## Rationale
**Alternatives considered:**
| Option | Pros | Cons |
|--------|------|------|
| **SQLCipher** (chosen) | Transparent full-DB encryption, AES-256, PBKDF2 key derivation, vendored so no system dep | Larger binary; not standard SQLite |
| Plain SQLite | Simple, well-known | No encryption — ruled out |
| SQLite + file-level encryption | Flexible | No atomicity; complex implementation |
| LevelDB / RocksDB | Fast, encrypted options exist | No SQL, harder migration |
| `sled` (Rust-native) | Modern, async-friendly | No SQL, immature for complex schemas |
**SQLCipher specifics chosen:**
```
PRAGMA cipher_page_size = 16384; -- Matches 16KB kernel page (Apple Silicon)
PRAGMA kdf_iter = 256000; -- 256k PBKDF2 iterations
PRAGMA cipher_hmac_algorithm = HMAC_SHA512;
PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA512;
```
The `cipher_page_size = 16384` is specifically tuned for Apple Silicon (M-series) which uses 16KB kernel pages — using 4096 (SQLCipher default) causes page boundary issues.
---
## Key Management
Per ADR-005, encryption keys are auto-generated at runtime:
- **Release builds**: Random 256-bit key generated at first launch, stored in `.dbkey` (mode 0600)
- **Debug builds**: Hardcoded dev key (`dev-key-change-in-prod`)
- **Override**: `TFTSR_DB_KEY` environment variable
---
## Consequences
**Positive:**
- Full database encryption transparent to all SQL queries
- Vendored OpenSSL means no system library dependency (important for portable AppImage/DMG)
- SHA-512 HMAC provides authenticated encryption (tampering detected)
**Negative:**
- `bundled-sqlcipher-vendored-openssl` significantly increases compile time and binary size
- Cannot use standard SQLite tooling to inspect database files (must use sqlcipher CLI)
- `cipher_page_size` mismatch between debug/release would corrupt databases — mitigated by auto-migration (ADR-005)
**Migration Handling:**
If a plain SQLite database is detected in a release build (e.g., developer switched from debug), `migrate_plain_to_encrypted()` automatically migrates using `ATTACH DATABASE` + `sqlcipher_export`. A `.db.plain-backup` file is created before migration.

76
docs/architecture/adrs/ADR-003-provider-trait-pattern.md Normal file
View File

@ -0,0 +1,76 @@
# ADR-003: Provider Trait Pattern for AI Backends
**Status**: Accepted
**Date**: 2025-Q3
**Deciders**: sarman
---
## Context
The application must support multiple AI providers (OpenAI, Anthropic, Google Gemini, Mistral, Ollama) with different API formats, authentication methods, and response structures. Provider selection must be runtime-configurable by the user without recompiling.
Additionally, enterprise environments may need custom AI endpoints (e.g., an enterprise AI gateway) that speak OpenAI-compatible APIs with custom auth headers.
---
## Decision
Use a **Rust trait object** (`Box<dyn Provider>`) with a **factory function** (`create_provider(config: ProviderConfig)`) that dispatches to concrete implementations at runtime.
---
## Rationale
**The `Provider` trait:**
```rust
#[async_trait]
pub trait Provider: Send + Sync {
fn name(&self) -> &str;
async fn chat(&self, messages: Vec<Message>, config: &ProviderConfig) -> Result<ChatResponse>;
fn info(&self) -> ProviderInfo;
}
```
**Why trait objects over generics:**
- Provider type is not known at compile time (user configures at runtime)
- `Box<dyn Provider>` allows storing different providers in the same `AppState`
- `#[async_trait]` enables async methods on trait objects (required for `reqwest`)
**`ProviderConfig` design:**
The config struct uses `Option<String>` fields for provider-specific settings:
```rust
pub struct ProviderConfig {
pub custom_endpoint_path: Option<String>,
pub custom_auth_header: Option<String>,
pub custom_auth_prefix: Option<String>,
pub api_format: Option<String>, // "openai" | "custom_rest"
}
```
This allows a single `OpenAiProvider` implementation to handle both standard OpenAI and arbitrary custom endpoints — the user configures the auth header name and prefix to match their gateway.
---
## Adding a New Provider
1. Create `src-tauri/src/ai/<provider>.rs` implementing the `Provider` trait
2. Add a match arm in `create_provider()` in `provider.rs`
3. Register the provider type string in `ProviderConfig`
4. Add UI in `src/pages/Settings/AIProviders.tsx`
No changes to command handlers or IPC layer required.
---
## Consequences
**Positive:**
- New providers require zero changes outside `ai/`
- `ProviderConfig` is stored in the database — provider can be changed without app restart
- `test_provider_connection()` command works uniformly across all providers
- `list_providers()` returns capabilities dynamically (supports streaming, tool calling, etc.)
**Negative:**
- `dyn Provider` has a small vtable dispatch overhead (negligible for HTTP-bound operations)
- Each provider implementation must handle its own error types and response parsing
- Testing requires mocking at the `reqwest` level (via `mockito`)

88
docs/architecture/adrs/ADR-004-pii-regex-aho-corasick.md Normal file
View File

@ -0,0 +1,88 @@
# ADR-004: Regex + Aho-Corasick for PII Detection
**Status**: Accepted
**Date**: 2025-Q3
**Deciders**: sarman
---
## Context
Log files submitted for AI analysis may contain sensitive data: IP addresses, emails, bearer tokens, passwords, SSNs, credit card numbers, MAC addresses, phone numbers, and API keys. This data must be detected and redacted before any content leaves the machine via an AI API call.
Requirements:
- Fast scanning of files up to 50MB
- Multiple pattern types with different regex complexity
- Non-overlapping spans (longest match wins on overlap)
- User-controlled toggle per pattern type
- Byte-offset tracking for accurate replacement
---
## Decision
Use **Rust `regex` crate** for per-pattern matching combined with **`aho-corasick`** for multi-pattern string searching. Detection runs entirely in the Rust backend on the raw log content.
---
## Rationale
**Alternatives considered:**
| Option | Pros | Cons |
|--------|------|------|
| **regex + aho-corasick** (chosen) | Fast, Rust-native, no external deps, byte-offset accurate | Regex patterns need careful tuning; false positives possible |
| ML-based NER (spaCy, Presidio) | Higher recall for contextual PII | Requires Python runtime, large model files, not offline-friendly |
| Simple string matching | Extremely fast | Too many false negatives on varied formats |
| WASM-based detection | Runs in browser | Slower; log content in JS memory before Rust sees it |
**Implementation approach:**
1. **12 regex patterns** compiled once at startup via `lazy_static!`
2. Each pattern returns `(start, end, replacement)` tuples
3. All spans from all patterns collected into a flat `Vec<PiiSpan>`
4. Spans sorted by `start` offset
5. **Overlap resolution**: iterate through sorted spans, skip any span whose start is before the current end (greedy, longest match)
6. Spans stored in DB with UUID — referenced by `approved` flag when user confirms redaction
7. Redaction applies spans in **reverse order** to preserve byte offsets
**Why aho-corasick for some patterns:**
Literal string searches (e.g., `password=`, `api_key=`, `bearer `) are faster with Aho-Corasick multi-pattern matching than running individual regexes. The regex then validates the captured value portion.
---
## Patterns
| Pattern ID | Type | Example Match |
|------------|------|---------------|
| `url_credentials` | URL with embedded credentials | `https://user:pass@host` |
| `bearer_token` | Authorization headers | `Bearer eyJhbGc...` |
| `api_key` | API key assignments | `api_key=sk-abc123...` |
| `password` | Password assignments | `password=secret123` |
| `ssn` | Social Security Numbers | `123-45-6789` |
| `credit_card` | Credit card numbers | `4111 1111 1111 1111` |
| `email` | Email addresses | `user@example.com` |
| `mac_address` | MAC addresses | `AA:BB:CC:DD:EE:FF` |
| `ipv6` | IPv6 addresses | `2001:db8::1` |
| `ipv4` | IPv4 addresses | `192.168.1.1` |
| `phone` | Phone numbers | `+1 (555) 123-4567` |
| `hostname` | FQDNs | `db-prod.internal.example.com` |
---
## Consequences
**Positive:**
- No runtime dependencies — detection works fully offline
- 50MB file scanned in <500ms on modern hardware
- Patterns independently togglable via `pii_enabled_patterns` in settings
- Byte-accurate offsets enable precise redaction without re-parsing
**Negative:**
- Regex-based detection has false positives (e.g., version strings matching IPv4 patterns)
- User must review and approve — not fully automatic (mitigated by UX design)
- Pattern maintenance required as new credential formats emerge
- No contextual understanding (a password in a comment vs an active credential look identical)
**User safeguard:**
All redactions require user approval via `PiiDiffViewer` before the redacted log is written. The original is never sent to AI.

98
docs/architecture/adrs/ADR-005-auto-generate-encryption-keys.md Normal file
View File

@ -0,0 +1,98 @@
# ADR-005: Auto-generate Encryption Keys at Runtime
**Status**: Accepted
**Date**: 2026-04
**Deciders**: sarman
---
## Context
The application uses two encryption keys:
1. **Database key** (`TFTSR_DB_KEY`): SQLCipher AES-256 key for the full database
2. **Credential key** (`TFTSR_ENCRYPTION_KEY`): AES-256-GCM key for token/API key encryption
The original design required both to be set as environment variables in release builds. This caused:
- **Critical failure on Mac**: Fresh installs would crash at startup with "file is not a database" error
- **Silent failure on save**: Saving AI providers would fail with "TFTSR_ENCRYPTION_KEY must be set in release builds"
- **Developer friction**: Switching from `cargo tauri dev` (debug, plain SQLite) to a release build would crash because the existing plain database couldn't be opened as encrypted
---
## Decision
Auto-generate cryptographically secure 256-bit keys at first launch and persist them to the app data directory with restricted file permissions.
---
## Key Storage
| Key | File | Permissions | Location |
|-----|------|-------------|----------|
| Database | `.dbkey` | `0600` (owner r/w only) | `$TFTSR_DATA_DIR/` |
| Credentials | `.enckey` | `0600` (owner r/w only) | `$TFTSR_DATA_DIR/` |
**Platform data directories:**
- macOS: `~/Library/Application Support/trcaa/`
- Linux: `~/.local/share/trcaa/`
- Windows: `%APPDATA%\trcaa\`
---
## Key Resolution Order
For both keys:
1. Check environment variable (`TFTSR_DB_KEY` / `TFTSR_ENCRYPTION_KEY`) — use if set and non-empty
2. If debug build — use hardcoded dev key (never touches filesystem)
3. If `.dbkey` / `.enckey` exists and is non-empty — load from file
4. Otherwise — generate 32 random bytes via `OsRng`, hex-encode to 64-char string, write to file with `mode 0600`
---
## Plain-to-Encrypted Migration
When a release build encounters an existing plain SQLite database (written by a debug build), rather than crashing:
```
1. Detect plain SQLite via 16-byte header check ("SQLite format 3\0")
2. Copy database to .db.plain-backup
3. Open plain database
4. ATTACH encrypted database at temp path with new key
5. SELECT sqlcipher_export('encrypted') -- copies all tables, indexes, triggers
6. DETACH encrypted
7. rename(temp_encrypted, original_path)
8. Open encrypted database with key
```
---
## Alternatives Considered
| Option | Pros | Cons |
|--------|------|------|
| **Auto-generate keys** (chosen) | Works out-of-the-box, no user config | Key file loss = data loss (acceptable: key + DB on same machine) |
| Require env vars (original) | Explicit — users know their key | Crashes on fresh install, poor UX |
| Derive from machine ID | No file to lose | Machine ID changes break DB on hardware changes |
| OS keychain | Most secure | Complex cross-platform implementation; adds dependency |
| Prompt user for password | User controls key | Poor UX for a tool; password complexity issues |
**Why not OS keychain:**
The `tauri-plugin-stronghold` already provides a keychain-like abstraction for credentials, but integrating SQLCipher key retrieval into Stronghold would create a chicken-and-egg problem: Stronghold itself needs to be initialized before the database that stores Stronghold's key material.
---
## Consequences
**Positive:**
- Zero-configuration installation — app works on first launch
- Developers can freely switch between debug and release builds
- Environment variable override still available for automated/enterprise deployments
- Key files are protected by Unix file permissions (`0600`)
**Negative:**
- If `.dbkey` or `.enckey` are deleted, the database and all stored credentials become permanently inaccessible
- Key files are not themselves encrypted — OS-level protection depends on filesystem permissions
- Not suitable for multi-user scenarios where different users need isolated key material (single-user desktop app — acceptable)
**Mitigation for key loss:**
Document clearly that backing up `$TFTSR_DATA_DIR` (including hidden files) preserves both key files and database. Loss of keys without losing the database = data loss.

91
docs/architecture/adrs/ADR-006-zustand-state-management.md Normal file
View File

@ -0,0 +1,91 @@
# ADR-006: Zustand for Frontend State Management
**Status**: Accepted
**Date**: 2025-Q3
**Deciders**: sarman
---
## Context
The React frontend manages three distinct categories of state:
1. **Ephemeral session state**: Current issue, AI chat messages, PII spans, 5-whys progress — exists for the duration of one triage session, should not survive page reload
2. **Persisted settings**: Theme, active AI provider, PII pattern toggles — should survive app restart, stored locally
3. **Cached server data**: Issue history, search results — loaded from DB on demand, invalidated on changes
---
## Decision
Use **Zustand** for all three state categories, with selective persistence via `localStorage` for settings only.
---
## Rationale
**Alternatives considered:**
| Option | Pros | Cons |
|--------|------|------|
| **Zustand** (chosen) | Minimal boilerplate, built-in persist middleware, TypeScript-first | Smaller ecosystem than Redux |
| Redux Toolkit | Battle-tested, DevTools support | Verbose boilerplate for simple state |
| React Context | No dependency | Performance issues with frequent updates (chat messages) |
| Jotai | Atomic state, minimal | Less familiar pattern |
| TanStack Query | Excellent for async server state | Overkill for Tauri IPC (not HTTP) |
**Store architecture decisions:**
**`sessionStore`** — NOT persisted:
- Chat messages accumulate quickly; persisting would bloat localStorage
- Session is per-issue; loading a different issue should reset all session state
- `reset()` method called on navigation away from triage
**`settingsStore`** — Persisted to localStorage as `"tftsr-settings"`:
- Theme, active provider, PII pattern toggles — user preference, should survive restart
- AI providers themselves are NOT persisted here — only `active_provider` string
- Actual `ProviderConfig` (with encrypted API keys) lives in the backend DB, loaded via `load_ai_providers()`
**`historyStore`** — NOT persisted (server-cache pattern):
- Always loaded fresh from DB on History page mount
- Search results replaced on each query
- No stale-data risk
---
## Persistence Details
The settings store persists to localStorage:
```typescript
persist(
(set, get) => ({ ...storeImpl }),
{
name: 'tftsr-settings',
partialize: (state) => ({
theme: state.theme,
active_provider: state.active_provider,
pii_enabled_patterns: state.pii_enabled_patterns,
// NOTE: ai_providers excluded — stored in encrypted backend DB
})
}
)
```
**Why localStorage and not a Tauri store plugin:**
- Settings are non-sensitive (theme, provider name, pattern toggles)
- `tauri-plugin-store` would add IPC overhead for every settings read
- localStorage survives across WebView reloads without async overhead
---
## Consequences
**Positive:**
- Minimal boilerplate — stores are ~50 LOC each
- `zustand/middleware/persist` handles localStorage serialization
- Subscribing to partial state prevents unnecessary re-renders
- No Provider wrapping required — stores accessed via hooks anywhere
**Negative:**
- No Redux DevTools integration (Zustand has its own devtools but less mature)
- localStorage persistence means settings are WebView-profile-scoped (fine for single-user app)
- Manual cache invalidation in `historyStore` after issue create/delete

50
docs/wiki/AI-Providers.md
View File

@ -147,33 +147,25 @@ Standard OpenAI `/chat/completions` endpoint with Bearer authentication.
### Format: Custom REST ### Format: Custom REST
**Motorola Solutions Internal GenAI Service** — Enterprise AI platform with centralized cost tracking and model access. **Enterprise AI Gateway** — For AI platforms that use a non-OpenAI request/response format with centralized cost tracking and model access.
| Field | Value | | Field | Value |
|-------|-------| |-------|-------|
| `config.provider_type` | `"custom"` | | `config.provider_type` | `"custom"` |
| `config.api_format` | `"custom_rest"` | | `config.api_format` | `"custom_rest"` |
| API URL | `https://genai-service.commandcentral.com/app-gateway` (prod)<br>`https://genai-service.stage.commandcentral.com/app-gateway` (stage) | | API URL | Your gateway's base URL |
| Auth Header | `x-msi-genai-api-key` | | Auth Header | Your gateway's auth header name |
| Auth Prefix | `` (empty - no Bearer prefix) | | Auth Prefix | `` (empty if no prefix needed) |
| Endpoint Path | `` (empty - URL includes full path `/api/v2/chat`) | | Endpoint Path | `` (empty if URL already includes full path) |
**Available Models (dropdown in Settings):**
- `VertexGemini` — Gemini 2.0 Flash (Private/GCP)
- `Claude-Sonnet-4` — Claude Sonnet 4 (Public/Anthropic)
- `ChatGPT4o` — GPT-4o (Public/OpenAI)
- `ChatGPT-5_2-Chat` — GPT-4.5 (Public/OpenAI)
- Full list is sourced from [GenAI API User Guide](../GenAI%20API%20User%20Guide.md)
- Includes a `Custom model...` option to manually enter any model ID
**Request Format:** **Request Format:**
```json ```json
{ {
"model": "VertexGemini", "model": "model-name",
"prompt": "User's latest message", "prompt": "User's latest message",
"system": "Optional system prompt", "system": "Optional system prompt",
"sessionId": "uuid-for-conversation-continuity", "sessionId": "uuid-for-conversation-continuity",
"userId": "user.name@motorolasolutions.com" "userId": "user@example.com"
} }
``` ```
@ -191,32 +183,27 @@ Standard OpenAI `/chat/completions` endpoint with Bearer authentication.
- **Single prompt** instead of message array (server manages history via `sessionId`) - **Single prompt** instead of message array (server manages history via `sessionId`)
- **Response in `msg` field** instead of `choices[0].message.content` - **Response in `msg` field** instead of `choices[0].message.content`
- **Session-based** conversation continuity (no need to resend history) - **Session-based** conversation continuity (no need to resend history)
- **Cost tracking** via `userId` field (optional — defaults to API key owner if omitted) - **Cost tracking** via `userId` field (optional)
- **Custom client header**: `X-msi-genai-client: tftsr-devops-investigation`
**Configuration (Settings → AI Providers → Add Provider):** **Configuration (Settings → AI Providers → Add Provider):**
``` ```
Name: Custom REST (MSI GenAI) Name: Custom REST Gateway
Type: Custom Type: Custom
API Format: Custom REST API Format: Custom REST
API URL: https://genai-service.stage.commandcentral.com/app-gateway API URL: https://your-gateway/api/v2/chat
Model: VertexGemini Model: your-model-name
API Key: (your MSI GenAI API key from portal) API Key: (your API key)
User ID: your.name@motorolasolutions.com (optional) User ID: user@example.com (optional, for cost tracking)
Endpoint Path: (leave empty) Endpoint Path: (leave empty if URL includes full path)
Auth Header: x-msi-genai-api-key Auth Header: x-custom-api-key
Auth Prefix: (leave empty) Auth Prefix: (leave empty if no prefix)
``` ```
**Rate Limits:**
- $50/user/month (enforced server-side)
- Per-API-key quotas available
**Troubleshooting:** **Troubleshooting:**
| Error | Cause | Solution | | Error | Cause | Solution |
|-------|-------|----------| |-------|-------|----------|
| 403 Forbidden | Invalid API key or insufficient permissions | Verify key in MSI GenAI portal, check model access | | 403 Forbidden | Invalid API key or insufficient permissions | Verify key in your gateway portal, check model access |
| Missing `userId` field | Configuration not saved | Ensure UI shows User ID field when `api_format=custom_rest` | | Missing `userId` field | Configuration not saved | Ensure UI shows User ID field when `api_format=custom_rest` |
| No conversation history | `sessionId` not persisted | Session ID stored in `ProviderConfig.session_id` — currently per-provider, not per-conversation | | No conversation history | `sessionId` not persisted | Session ID stored in `ProviderConfig.session_id` — currently per-provider, not per-conversation |
@ -224,7 +211,6 @@ Auth Prefix: (leave empty)
- Backend: `src-tauri/src/ai/openai.rs::chat_custom_rest()` - Backend: `src-tauri/src/ai/openai.rs::chat_custom_rest()`
- Schema: `src-tauri/src/state.rs::ProviderConfig` (added `user_id`, `api_format`, custom auth fields) - Schema: `src-tauri/src/state.rs::ProviderConfig` (added `user_id`, `api_format`, custom auth fields)
- Frontend: `src/pages/Settings/AIProviders.tsx` (conditional UI for Custom REST + model dropdown) - Frontend: `src/pages/Settings/AIProviders.tsx` (conditional UI for Custom REST + model dropdown)
- CSP whitelist: `https://genai-service.stage.commandcentral.com` and production domain
--- ---
@ -239,7 +225,7 @@ All providers support the following optional configuration fields (v0.2.6+):
| `custom_auth_prefix` | `Option<String>` | Prefix before API key | `Bearer ` | | `custom_auth_prefix` | `Option<String>` | Prefix before API key | `Bearer ` |
| `api_format` | `Option<String>` | API format (`openai` or `custom_rest`) | `openai` | | `api_format` | `Option<String>` | API format (`openai` or `custom_rest`) | `openai` |
| `session_id` | `Option<String>` | Session ID for stateful APIs | None | | `session_id` | `Option<String>` | Session ID for stateful APIs | None |
| `user_id` | `Option<String>` | User ID for cost tracking (Custom REST MSI contract) | None | | `user_id` | `Option<String>` | User ID for cost tracking (Custom REST gateways) | None |
**Backward Compatibility:** **Backward Compatibility:**
All fields are optional and default to OpenAI-compatible behavior. Existing provider configurations are unaffected. All fields are optional and default to OpenAI-compatible behavior. Existing provider configurations are unaffected.

36
docs/wiki/Architecture.md
View File

@ -29,7 +29,8 @@ TFTSR uses a Tauri 2.x architecture: a Rust backend runs natively, and a React/T
pub struct AppState { pub struct AppState {
pub db: Arc<Mutex<rusqlite::Connection>>, pub db: Arc<Mutex<rusqlite::Connection>>,
pub settings: Arc<Mutex<AppSettings>>, pub settings: Arc<Mutex<AppSettings>>,
pub app_data_dir: PathBuf, // ~/.local/share/tftsr on Linux pub app_data_dir: PathBuf, // ~/.local/share/trcaa on Linux
pub integration_webviews: Arc<Mutex<HashMap<String, String>>>,
} }
``` ```
@ -46,10 +47,10 @@ All command handlers receive `State<'_, AppState>` as a Tauri-injected parameter
| `commands/analysis.rs` | Log file upload, PII detection, redaction | | `commands/analysis.rs` | Log file upload, PII detection, redaction |
| `commands/docs.rs` | RCA and post-mortem generation, document export | | `commands/docs.rs` | RCA and post-mortem generation, document export |
| `commands/system.rs` | Ollama management, hardware probe, settings, audit log | | `commands/system.rs` | Ollama management, hardware probe, settings, audit log |
| `commands/integrations.rs` | Confluence / ServiceNow / ADO — v0.2 stubs | | `commands/integrations.rs` | Confluence / ServiceNow / ADO — OAuth2, WebView auth, tool calling |
| `ai/provider.rs` | `Provider` trait + `create_provider()` factory | | `ai/provider.rs` | `Provider` trait + `create_provider()` factory |
| `pii/detector.rs` | Multi-pattern PII scanner with overlap resolution | | `pii/detector.rs` | Multi-pattern PII scanner with overlap resolution |
| `db/migrations.rs` | Versioned schema (10 migrations in `_migrations` table) | | `db/migrations.rs` | Versioned schema (14 migrations tracked in `_migrations` table) |
| `db/models.rs` | All DB types — see `IssueDetail` note below | | `db/models.rs` | All DB types — see `IssueDetail` note below |
| `docs/rca.rs` + `docs/postmortem.rs` | Markdown template builders | | `docs/rca.rs` + `docs/postmortem.rs` | Markdown template builders |
| `audit/log.rs` | `write_audit_event()` — called before every external send | | `audit/log.rs` | `write_audit_event()` — called before every external send |
@ -178,14 +179,31 @@ Use `detail.issue.title`, **not** `detail.title`.
``` ```
1. Initialize tracing (RUST_LOG controls level) 1. Initialize tracing (RUST_LOG controls level)
2. Determine data directory (~/.local/share/tftsr or TFTSR_DATA_DIR) 2. Determine data directory (state::get_app_data_dir() or TFTSR_DATA_DIR)
3. Open / create SQLite database (run migrations) 3. Auto-generate or load .dbkey / .enckey (mode 0600) — see ADR-005
4. Create AppState (db + settings + app_data_dir) 4. Open / create SQLCipher encrypted database
5. Register Tauri plugins (stronghold, dialog, fs, shell, http, cli, updater) - If plain SQLite detected (debug→release upgrade): auto-migrate + backup
6. Register all 39 IPC command handlers 5. Run DB migrations (14 schema versions)
7. Start WebView with React app 6. Create AppState (db + settings + app_data_dir + integration_webviews)
7. Register Tauri plugins (stronghold, dialog, fs, shell, http)
8. Register all IPC command handlers via generate_handler![]
9. Start WebView with React app
``` ```
## Architecture Documentation
Full architecture documentation with C4 diagrams, data flow diagrams, and Architecture Decision Records (ADRs) is available in [`docs/architecture/`](../architecture/README.md):
| Document | Contents |
|----------|----------|
| [Architecture Overview](../architecture/README.md) | C4 diagrams, data flows, security model |
| [ADR-001](../architecture/adrs/ADR-001-tauri-desktop-framework.md) | Why Tauri over Electron |
| [ADR-002](../architecture/adrs/ADR-002-sqlcipher-encrypted-database.md) | SQLCipher encryption choices |
| [ADR-003](../architecture/adrs/ADR-003-provider-trait-pattern.md) | AI provider trait design |
| [ADR-004](../architecture/adrs/ADR-004-pii-regex-aho-corasick.md) | PII detection implementation |
| [ADR-005](../architecture/adrs/ADR-005-auto-generate-encryption-keys.md) | Key auto-generation design |
| [ADR-006](../architecture/adrs/ADR-006-zustand-state-management.md) | Frontend state management |
## Data Flow ## Data Flow
``` ```

4
docs/wiki/Home.md
View File

@ -24,7 +24,7 @@
- **5-Whys AI Triage** — Interactive guided root cause analysis via multi-turn AI chat - **5-Whys AI Triage** — Interactive guided root cause analysis via multi-turn AI chat
- **PII Auto-Redaction** — Detects and redacts sensitive data before any AI send - **PII Auto-Redaction** — Detects and redacts sensitive data before any AI send
- **Multi-Provider AI** — OpenAI, Anthropic Claude, Google Gemini, Mistral, AWS Bedrock (via LiteLLM), MSI GenAI (Motorola internal), local Ollama (fully offline) - **Multi-Provider AI** — OpenAI, Anthropic Claude, Google Gemini, Mistral, AWS Bedrock (via LiteLLM), Custom REST gateways, local Ollama (fully offline)
- **Custom Provider Support** — Flexible authentication (Bearer, custom headers) and API formats (OpenAI-compatible, Custom REST) - **Custom Provider Support** — Flexible authentication (Bearer, custom headers) and API formats (OpenAI-compatible, Custom REST)
- **External Integrations** — Confluence, ServiceNow, Azure DevOps with OAuth2 PKCE flows - **External Integrations** — Confluence, ServiceNow, Azure DevOps with OAuth2 PKCE flows
- **SQLCipher AES-256** — All issue history and credentials encrypted at rest - **SQLCipher AES-256** — All issue history and credentials encrypted at rest
@ -37,7 +37,7 @@
| Version | Status | Highlights | | Version | Status | Highlights |
|---------|--------|-----------| |---------|--------|-----------|
| v0.2.6 | 🚀 Latest | MSI GenAI support, OAuth2 shell permissions, user ID tracking | | v0.2.6 | 🚀 Latest | Custom REST AI gateway support, OAuth2 shell permissions, user ID tracking |
| v0.2.3 | Released | Confluence/ServiceNow/ADO REST API clients (19 TDD tests) | | v0.2.3 | Released | Confluence/ServiceNow/ADO REST API clients (19 TDD tests) |
| v0.1.1 | Released | Core application with PII detection, RCA generation | | v0.1.1 | Released | Core application with PII detection, RCA generation |

166
src-tauri/Cargo.lock generated
View File

@ -263,6 +263,12 @@ dependencies = [
"constant_time_eq 0.4.2", "constant_time_eq 0.4.2",
] ]
[[package]]
name = "block"
version = "0.1.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0d8c1fef690941d3e7788d328517591fecc684c084084702d6ff1641e993699a"
[[package]] [[package]]
name = "block-buffer" name = "block-buffer"
version = "0.10.4" version = "0.10.4"
@ -520,6 +526,36 @@ dependencies = [
"zeroize", "zeroize",
] ]
[[package]]
name = "cocoa"
version = "0.25.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f6140449f97a6e97f9511815c5632d84c8aacf8ac271ad77c559218161a1373c"
dependencies = [
"bitflags 1.3.2",
"block",
"cocoa-foundation",
"core-foundation 0.9.4",
"core-graphics 0.23.2",
"foreign-types 0.5.0",
"libc",
"objc",
]
[[package]]
name = "cocoa-foundation"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8c6234cbb2e4c785b456c0644748b1ac416dd045799740356f8363dfe00c93f7"
dependencies = [
"bitflags 1.3.2",
"block",
"core-foundation 0.9.4",
"core-graphics-types 0.1.3",
"libc",
"objc",
]
[[package]] [[package]]
name = "color_quant" name = "color_quant"
version = "1.1.0" version = "1.1.0"
@ -648,6 +684,19 @@ version = "0.8.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
[[package]]
name = "core-graphics"
version = "0.23.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c07782be35f9e1140080c6b96f0d44b739e2278479f64e02fdab4e32dfd8b081"
dependencies = [
"bitflags 1.3.2",
"core-foundation 0.9.4",
"core-graphics-types 0.1.3",
"foreign-types 0.5.0",
"libc",
]
[[package]] [[package]]
name = "core-graphics" name = "core-graphics"
version = "0.25.0" version = "0.25.0"
@ -656,11 +705,22 @@ checksum = "064badf302c3194842cf2c5d61f56cc88e54a759313879cdf03abdd27d0c3b97"
dependencies = [ dependencies = [
"bitflags 2.11.0", "bitflags 2.11.0",
"core-foundation 0.10.1", "core-foundation 0.10.1",
"core-graphics-types", "core-graphics-types 0.2.0",
"foreign-types 0.5.0", "foreign-types 0.5.0",
"libc", "libc",
] ]
[[package]]
name = "core-graphics-types"
version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45390e6114f68f718cc7a830514a96f903cccd70d02a8f6d9f643ac4ba45afaf"
dependencies = [
"bitflags 1.3.2",
"core-foundation 0.9.4",
"libc",
]
[[package]] [[package]]
name = "core-graphics-types" name = "core-graphics-types"
version = "0.2.0" version = "0.2.0"
@ -2832,6 +2892,15 @@ version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c41e0c4fef86961ac6d6f8a82609f55f31b05e4fce149ac5710e439df7619ba4" checksum = "c41e0c4fef86961ac6d6f8a82609f55f31b05e4fce149ac5710e439df7619ba4"
[[package]]
name = "malloc_buf"
version = "0.0.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "62bb907fe88d54d8d9ce32a3cceab4218ed2f6b7d35617cafe9adf84e43919cb"
dependencies = [
"libc",
]
[[package]] [[package]]
name = "markup5ever" name = "markup5ever"
version = "0.14.1" version = "0.14.1"
@ -3147,6 +3216,15 @@ dependencies = [
"syn 2.0.117", "syn 2.0.117",
] ]
[[package]]
name = "objc"
version = "0.2.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "915b1b472bc21c53464d6c8461c9d3af805ba1ef837e1cac254428f4a77177b1"
dependencies = [
"malloc_buf",
]
[[package]] [[package]]
name = "objc2" name = "objc2"
version = "0.6.4" version = "0.6.4"
@ -5252,7 +5330,7 @@ dependencies = [
"bitflags 2.11.0", "bitflags 2.11.0",
"block2", "block2",
"core-foundation 0.10.1", "core-foundation 0.10.1",
"core-graphics", "core-graphics 0.25.0",
"crossbeam-channel", "crossbeam-channel",
"dispatch2", "dispatch2",
"dlopen2", "dlopen2",
@ -5670,47 +5748,6 @@ dependencies = [
"utf-8", "utf-8",
] ]
[[package]]
name = "tftsr"
version = "0.1.0"
dependencies = [
"aes-gcm",
"aho-corasick",
"anyhow",
"async-trait",
"base64 0.22.1",
"chrono",
"dirs 5.0.1",
"docx-rs",
"futures",
"hex",
"lazy_static",
"mockito",
"printpdf",
"rand 0.8.5",
"regex",
"reqwest 0.12.28",
"rusqlite",
"serde",
"serde_json",
"sha2",
"tauri",
"tauri-build",
"tauri-plugin-dialog",
"tauri-plugin-fs",
"tauri-plugin-http",
"tauri-plugin-shell",
"tauri-plugin-stronghold",
"thiserror 1.0.69",
"tokio",
"tokio-test",
"tracing",
"tracing-subscriber",
"urlencoding",
"uuid",
"warp",
]
[[package]] [[package]]
name = "thiserror" name = "thiserror"
version = "1.0.69" version = "1.0.69"
@ -6168,6 +6205,49 @@ dependencies = [
"windows-sys 0.60.2", "windows-sys 0.60.2",
] ]
[[package]]
name = "trcaa"
version = "0.1.0"
dependencies = [
"aes-gcm",
"aho-corasick",
"anyhow",
"async-trait",
"base64 0.22.1",
"chrono",
"cocoa",
"dirs 5.0.1",
"docx-rs",
"futures",
"hex",
"lazy_static",
"mockito",
"objc",
"printpdf",
"rand 0.8.5",
"regex",
"reqwest 0.12.28",
"rusqlite",
"serde",
"serde_json",
"sha2",
"tauri",
"tauri-build",
"tauri-plugin-dialog",
"tauri-plugin-fs",
"tauri-plugin-http",
"tauri-plugin-shell",
"tauri-plugin-stronghold",
"thiserror 1.0.69",
"tokio",
"tokio-test",
"tracing",
"tracing-subscriber",
"urlencoding",
"uuid",
"warp",
]
[[package]] [[package]]
name = "try-lock" name = "try-lock"
version = "0.2.5" version = "0.2.5"

5
src-tauri/Cargo.toml
View File

@ -44,6 +44,11 @@ lazy_static = "1.4"
warp = "0.3" warp = "0.3"
urlencoding = "2" urlencoding = "2"
# Platform-specific dependencies for native cookie extraction
[target.'cfg(target_os = "macos")'.dependencies]
cocoa = "0.25"
objc = "0.2"
[dev-dependencies] [dev-dependencies]
tokio-test = "0.4" tokio-test = "0.4"
mockito = "1.2" mockito = "1.2"

2
src-tauri/src/ai/anthropic.rs
View File

@ -29,6 +29,7 @@ impl Provider for AnthropicProvider {
&self, &self,
messages: Vec<Message>, messages: Vec<Message>,
config: &ProviderConfig, config: &ProviderConfig,
_tools: Option<Vec<crate::ai::Tool>>,
) -> anyhow::Result<ChatResponse> { ) -> anyhow::Result<ChatResponse> {
let client = reqwest::Client::builder() let client = reqwest::Client::builder()
.timeout(Duration::from_secs(60)) .timeout(Duration::from_secs(60))
@ -115,6 +116,7 @@ impl Provider for AnthropicProvider {
content, content,
model, model,
usage, usage,
tool_calls: None,
}) })
} }
} }

2
src-tauri/src/ai/gemini.rs
View File

@ -30,6 +30,7 @@ impl Provider for GeminiProvider {
&self, &self,
messages: Vec<Message>, messages: Vec<Message>,
config: &ProviderConfig, config: &ProviderConfig,
_tools: Option<Vec<crate::ai::Tool>>,
) -> anyhow::Result<ChatResponse> { ) -> anyhow::Result<ChatResponse> {
let client = reqwest::Client::builder() let client = reqwest::Client::builder()
.timeout(Duration::from_secs(60)) .timeout(Duration::from_secs(60))
@ -118,6 +119,7 @@ impl Provider for GeminiProvider {
content, content,
model: config.model.clone(), model: config.model.clone(),
usage, usage,
tool_calls: None,
}) })
} }
} }

2
src-tauri/src/ai/mistral.rs
View File

@ -30,6 +30,7 @@ impl Provider for MistralProvider {
&self, &self,
messages: Vec<Message>, messages: Vec<Message>,
config: &ProviderConfig, config: &ProviderConfig,
_tools: Option<Vec<crate::ai::Tool>>,
) -> anyhow::Result<ChatResponse> { ) -> anyhow::Result<ChatResponse> {
// Mistral uses OpenAI-compatible format // Mistral uses OpenAI-compatible format
let client = reqwest::Client::builder() let client = reqwest::Client::builder()
@ -83,6 +84,7 @@ impl Provider for MistralProvider {
content, content,
model: config.model.clone(), model: config.model.clone(),
usage, usage,
tool_calls: None,
}) })
} }
} }

45
src-tauri/src/ai/mod.rs
View File

@ -4,15 +4,22 @@ pub mod mistral;
pub mod ollama; pub mod ollama;
pub mod openai; pub mod openai;
pub mod provider; pub mod provider;
pub mod tools;
pub use provider::*; pub use provider::*;
pub use tools::*;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::collections::HashMap;
#[derive(Debug, Clone, Serialize, Deserialize)] #[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Message { pub struct Message {
pub role: String, pub role: String,
pub content: String, pub content: String,
#[serde(skip_serializing_if = "Option::is_none")]
pub tool_call_id: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
pub tool_calls: Option<Vec<ToolCall>>,
} }
#[derive(Debug, Clone, Serialize, Deserialize)] #[derive(Debug, Clone, Serialize, Deserialize)]
@ -20,6 +27,44 @@ pub struct ChatResponse {
pub content: String, pub content: String,
pub model: String, pub model: String,
pub usage: Option<TokenUsage>, pub usage: Option<TokenUsage>,
#[serde(skip_serializing_if = "Option::is_none")]
pub tool_calls: Option<Vec<ToolCall>>,
}
/// Represents a tool call made by the AI
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ToolCall {
pub id: String,
pub name: String,
pub arguments: String, // JSON string
}
/// Tool definition that describes available functions to the AI
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Tool {
pub name: String,
pub description: String,
pub parameters: ToolParameters,
}
/// JSON Schema-style parameter definition for tools
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ToolParameters {
#[serde(rename = "type")]
pub param_type: String, // Usually "object"
pub properties: HashMap<String, ParameterProperty>,
pub required: Vec<String>,
}
/// Individual parameter property definition
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ParameterProperty {
#[serde(rename = "type")]
pub prop_type: String, // "string", "number", "integer", "boolean"
pub description: String,
#[serde(skip_serializing_if = "Option::is_none")]
#[serde(rename = "enum")]
pub enum_values: Option<Vec<String>>,
} }
#[derive(Debug, Clone, Serialize, Deserialize)] #[derive(Debug, Clone, Serialize, Deserialize)]

2
src-tauri/src/ai/ollama.rs
View File

@ -31,6 +31,7 @@ impl Provider for OllamaProvider {
&self, &self,
messages: Vec<Message>, messages: Vec<Message>,
config: &ProviderConfig, config: &ProviderConfig,
_tools: Option<Vec<crate::ai::Tool>>,
) -> anyhow::Result<ChatResponse> { ) -> anyhow::Result<ChatResponse> {
let client = reqwest::Client::builder() let client = reqwest::Client::builder()
.timeout(Duration::from_secs(60)) .timeout(Duration::from_secs(60))
@ -99,6 +100,7 @@ impl Provider for OllamaProvider {
content, content,
model: config.model.clone(), model: config.model.clone(),
usage, usage,
tool_calls: None,
}) })
} }
} }

167
src-tauri/src/ai/openai.rs
View File

@ -8,7 +8,7 @@ use crate::state::ProviderConfig;
pub struct OpenAiProvider; pub struct OpenAiProvider;
fn is_custom_rest_format(api_format: Option<&str>) -> bool { fn is_custom_rest_format(api_format: Option<&str>) -> bool {
matches!(api_format, Some("custom_rest") | Some("msi_genai")) matches!(api_format, Some("custom_rest"))
} }
#[async_trait] #[async_trait]
@ -33,15 +33,15 @@ impl Provider for OpenAiProvider {
&self, &self,
messages: Vec<Message>, messages: Vec<Message>,
config: &ProviderConfig, config: &ProviderConfig,
tools: Option<Vec<crate::ai::Tool>>,
) -> anyhow::Result<ChatResponse> { ) -> anyhow::Result<ChatResponse> {
// Check if using custom REST format // Check if using custom REST format
let api_format = config.api_format.as_deref().unwrap_or("openai"); let api_format = config.api_format.as_deref().unwrap_or("openai");
// Backward compatibility: accept legacy msi_genai identifier
if is_custom_rest_format(Some(api_format)) { if is_custom_rest_format(Some(api_format)) {
self.chat_custom_rest(messages, config).await self.chat_custom_rest(messages, config, tools).await
} else { } else {
self.chat_openai(messages, config).await self.chat_openai(messages, config, tools).await
} }
} }
} }
@ -55,11 +55,6 @@ mod tests {
assert!(is_custom_rest_format(Some("custom_rest"))); assert!(is_custom_rest_format(Some("custom_rest")));
} }
#[test]
fn legacy_msi_format_is_recognized_for_compatibility() {
assert!(is_custom_rest_format(Some("msi_genai")));
}
#[test] #[test]
fn openai_format_is_not_custom_rest() { fn openai_format_is_not_custom_rest() {
assert!(!is_custom_rest_format(Some("openai"))); assert!(!is_custom_rest_format(Some("openai")));
@ -73,6 +68,7 @@ impl OpenAiProvider {
&self, &self,
messages: Vec<Message>, messages: Vec<Message>,
config: &ProviderConfig, config: &ProviderConfig,
tools: Option<Vec<crate::ai::Tool>>,
) -> anyhow::Result<ChatResponse> { ) -> anyhow::Result<ChatResponse> {
let client = reqwest::Client::builder() let client = reqwest::Client::builder()
.timeout(Duration::from_secs(60)) .timeout(Duration::from_secs(60))
@ -99,6 +95,25 @@ impl OpenAiProvider {
body["temperature"] = serde_json::Value::from(temp); body["temperature"] = serde_json::Value::from(temp);
} }
// Add tools if provided (OpenAI function calling format)
if let Some(tools_list) = tools {
let formatted_tools: Vec<serde_json::Value> = tools_list
.iter()
.map(|tool| {
serde_json::json!({
"type": "function",
"function": {
"name": tool.name,
"description": tool.description,
"parameters": tool.parameters
}
})
})
.collect();
body["tools"] = serde_json::Value::from(formatted_tools);
body["tool_choice"] = serde_json::Value::from("auto");
}
// Use custom auth header and prefix if provided // Use custom auth header and prefix if provided
let auth_header = config let auth_header = config
.custom_auth_header .custom_auth_header
@ -122,10 +137,32 @@ impl OpenAiProvider {
} }
let json: serde_json::Value = resp.json().await?; let json: serde_json::Value = resp.json().await?;
let content = json["choices"][0]["message"]["content"] let message = &json["choices"][0]["message"];
.as_str()
.ok_or_else(|| anyhow::anyhow!("No content in response"))? let content = message["content"].as_str().unwrap_or("").to_string();
.to_string();
// Parse tool_calls if present
let tool_calls = message.get("tool_calls").and_then(|tc| {
if let Some(arr) = tc.as_array() {
let calls: Vec<crate::ai::ToolCall> = arr
.iter()
.filter_map(|call| {
Some(crate::ai::ToolCall {
id: call["id"].as_str()?.to_string(),
name: call["function"]["name"].as_str()?.to_string(),
arguments: call["function"]["arguments"].as_str()?.to_string(),
})
})
.collect();
if calls.is_empty() {
None
} else {
Some(calls)
}
} else {
None
}
});
let usage = json.get("usage").and_then(|u| { let usage = json.get("usage").and_then(|u| {
Some(TokenUsage { Some(TokenUsage {
@ -139,14 +176,16 @@ impl OpenAiProvider {
content, content,
model: config.model.clone(), model: config.model.clone(),
usage, usage,
tool_calls,
}) })
} }
/// Custom REST format (MSI GenAI payload contract) /// Custom REST format (non-OpenAI payload contract)
async fn chat_custom_rest( async fn chat_custom_rest(
&self, &self,
messages: Vec<Message>, messages: Vec<Message>,
config: &ProviderConfig, config: &ProviderConfig,
tools: Option<Vec<crate::ai::Tool>>,
) -> anyhow::Result<ChatResponse> { ) -> anyhow::Result<ChatResponse> {
let client = reqwest::Client::builder() let client = reqwest::Client::builder()
.timeout(Duration::from_secs(60)) .timeout(Duration::from_secs(60))
@ -204,11 +243,33 @@ impl OpenAiProvider {
body["modelConfig"] = model_config; body["modelConfig"] = model_config;
} }
// Use custom auth header and prefix (no prefix for this custom REST contract) // Add tools if provided (OpenAI-style format, most common standard)
if let Some(tools_list) = tools {
let formatted_tools: Vec<serde_json::Value> = tools_list
.iter()
.map(|tool| {
serde_json::json!({
"type": "function",
"function": {
"name": tool.name,
"description": tool.description,
"parameters": tool.parameters
}
})
})
.collect();
let tool_count = formatted_tools.len();
body["tools"] = serde_json::Value::from(formatted_tools);
body["tool_choice"] = serde_json::Value::from("auto");
tracing::info!("Custom REST: Sending {} tools in request", tool_count);
}
// Use custom auth header and prefix (no default prefix for custom REST)
let auth_header = config let auth_header = config
.custom_auth_header .custom_auth_header
.as_deref() .as_deref()
.unwrap_or("x-msi-genai-api-key"); .unwrap_or("Authorization");
let auth_prefix = config.custom_auth_prefix.as_deref().unwrap_or(""); let auth_prefix = config.custom_auth_prefix.as_deref().unwrap_or("");
let auth_value = format!("{auth_prefix}{api_key}", api_key = config.api_key); let auth_value = format!("{auth_prefix}{api_key}", api_key = config.api_key);
@ -216,7 +277,6 @@ impl OpenAiProvider {
.post(&url) .post(&url)
.header(auth_header, auth_value) .header(auth_header, auth_value)
.header("Content-Type", "application/json") .header("Content-Type", "application/json")
.header("X-msi-genai-client", "troubleshooting-rca-assistant")
.json(&body) .json(&body)
.send() .send()
.await?; .await?;
@ -229,12 +289,84 @@ impl OpenAiProvider {
let json: serde_json::Value = resp.json().await?; let json: serde_json::Value = resp.json().await?;
tracing::debug!(
"Custom REST response: {}",
serde_json::to_string_pretty(&json).unwrap_or_else(|_| "invalid JSON".to_string())
);
// Extract response content from "msg" field // Extract response content from "msg" field
let content = json["msg"] let content = json["msg"]
.as_str() .as_str()
.ok_or_else(|| anyhow::anyhow!("No 'msg' field in response"))? .ok_or_else(|| anyhow::anyhow!("No 'msg' field in response"))?
.to_string(); .to_string();
// Parse tool_calls if present (check multiple possible field names)
let tool_calls = json
.get("tool_calls")
.or_else(|| json.get("toolCalls"))
.or_else(|| json.get("function_calls"))
.and_then(|tc| {
if let Some(arr) = tc.as_array() {
let calls: Vec<crate::ai::ToolCall> = arr
.iter()
.filter_map(|call| {
// Try OpenAI format first
if let (Some(id), Some(name), Some(args)) = (
call.get("id").and_then(|v| v.as_str()),
call.get("function")
.and_then(|f| f.get("name"))
.and_then(|n| n.as_str())
.or_else(|| call.get("name").and_then(|n| n.as_str())),
call.get("function")
.and_then(|f| f.get("arguments"))
.and_then(|a| a.as_str())
.or_else(|| call.get("arguments").and_then(|a| a.as_str())),
) {
tracing::info!("Custom REST: Parsed tool call: {} ({})", name, id);
return Some(crate::ai::ToolCall {
id: id.to_string(),
name: name.to_string(),
arguments: args.to_string(),
});
}
// Try simpler format
if let (Some(name), Some(args)) = (
call.get("name").and_then(|n| n.as_str()),
call.get("arguments").and_then(|a| a.as_str()),
) {
let id = call
.get("id")
.and_then(|v| v.as_str())
.unwrap_or("tool_call_0")
.to_string();
tracing::info!(
"Custom REST: Parsed tool call (simple format): {} ({})",
name,
id
);
return Some(crate::ai::ToolCall {
id,
name: name.to_string(),
arguments: args.to_string(),
});
}
tracing::warn!("Custom REST: Failed to parse tool call: {:?}", call);
None
})
.collect();
if calls.is_empty() {
None
} else {
tracing::info!("Custom REST: Found {} tool calls", calls.len());
Some(calls)
}
} else {
None
}
});
// Note: sessionId from response should be stored back to config.session_id // Note: sessionId from response should be stored back to config.session_id
// This would require making config mutable or returning it as part of ChatResponse // This would require making config mutable or returning it as part of ChatResponse
// For now, the caller can extract it from the response if needed // For now, the caller can extract it from the response if needed
@ -244,6 +376,7 @@ impl OpenAiProvider {
content, content,
model: config.model.clone(), model: config.model.clone(),
usage: None, // This custom REST contract doesn't provide token usage in response usage: None, // This custom REST contract doesn't provide token usage in response
tool_calls,
}) })
} }
} }

3
src-tauri/src/ai/provider.rs
View File

@ -1,6 +1,6 @@
use async_trait::async_trait; use async_trait::async_trait;
use crate::ai::{ChatResponse, Message, ProviderInfo}; use crate::ai::{ChatResponse, Message, ProviderInfo, Tool};
use crate::state::ProviderConfig; use crate::state::ProviderConfig;
#[async_trait] #[async_trait]
@ -11,6 +11,7 @@ pub trait Provider: Send + Sync {
&self, &self,
messages: Vec<Message>, messages: Vec<Message>,
config: &ProviderConfig, config: &ProviderConfig,
tools: Option<Vec<Tool>>,
) -> anyhow::Result<ChatResponse>; ) -> anyhow::Result<ChatResponse>;
} }

41
src-tauri/src/ai/tools.rs Normal file
View File

@ -0,0 +1,41 @@
use crate::ai::{ParameterProperty, Tool, ToolParameters};
use std::collections::HashMap;
/// Get all available tools for AI function calling
pub fn get_available_tools() -> Vec<Tool> {
vec![get_add_ado_comment_tool()]
}
/// Tool definition for adding comments to Azure DevOps work items
fn get_add_ado_comment_tool() -> Tool {
let mut properties = HashMap::new();
properties.insert(
"work_item_id".to_string(),
ParameterProperty {
prop_type: "integer".to_string(),
description: "The Azure DevOps work item ID (ticket number) to add the comment to"
.to_string(),
enum_values: None,
},
);
properties.insert(
"comment_text".to_string(),
ParameterProperty {
prop_type: "string".to_string(),
description: "The text content of the comment to add to the work item".to_string(),
enum_values: None,
},
);
Tool {
name: "add_ado_comment".to_string(),
description: "Add a comment to an Azure DevOps work item (ticket). Use this when the user asks you to add a comment, update a ticket, or provide information to a ticket.".to_string(),
parameters: ToolParameters {
param_type: "object".to_string(),
properties,
required: vec!["work_item_id".to_string(), "comment_text".to_string()],
},
}
}

531
src-tauri/src/commands/ai.rs
View File

@ -1,4 +1,5 @@
use tauri::State; use rusqlite::OptionalExtension;
use tauri::{Manager, State};
use tracing::warn; use tracing::warn;
use crate::ai::provider::create_provider; use crate::ai::provider::create_provider;
@ -51,15 +52,19 @@ pub async fn analyze_logs(
FIRST_WHY: (initial why question for 5-whys analysis), \ FIRST_WHY: (initial why question for 5-whys analysis), \
SEVERITY: (critical/high/medium/low)" SEVERITY: (critical/high/medium/low)"
.into(), .into(),
tool_call_id: None,
tool_calls: None,
}, },
Message { Message {
role: "user".into(), role: "user".into(),
content: format!("Analyze logs for issue {issue_id}:\n\n{log_contents}"), content: format!("Analyze logs for issue {issue_id}:\n\n{log_contents}"),
tool_call_id: None,
tool_calls: None,
}, },
]; ];
let response = provider let response = provider
.chat(messages, &provider_config) .chat(messages, &provider_config, None)
.await .await
.map_err(|e| { .map_err(|e| {
warn!(error = %e, "ai analyze_logs provider request failed"); warn!(error = %e, "ai analyze_logs provider request failed");
@ -160,6 +165,7 @@ pub async fn chat_message(
issue_id: String, issue_id: String,
message: String, message: String,
provider_config: ProviderConfig, provider_config: ProviderConfig,
app_handle: tauri::AppHandle,
state: State<'_, AppState>, state: State<'_, AppState>,
) -> Result<ChatResponse, String> { ) -> Result<ChatResponse, String> {
// Find or create a conversation for this issue + provider // Find or create a conversation for this issue + provider
@ -212,25 +218,105 @@ pub async fn chat_message(
.unwrap_or_default(); .unwrap_or_default();
drop(db); drop(db);
raw.into_iter() raw.into_iter()
.map(|(role, content)| Message { role, content }) .map(|(role, content)| Message {
role,
content,
tool_call_id: None,
tool_calls: None,
})
.collect() .collect()
}; };
let provider = create_provider(&provider_config); let provider = create_provider(&provider_config);
// Search integration sources for relevant context
let integration_context = search_integration_sources(&message, &app_handle, &state).await;
let mut messages = history; let mut messages = history;
// If we found integration content, add it to the conversation context
if !integration_context.is_empty() {
let context_message = Message {
role: "system".into(),
content: format!(
"INTERNAL DOCUMENTATION SOURCES:\n\n{integration_context}\n\n\
Instructions: The above content is from internal company documentation systems \
(Confluence, ServiceNow, Azure DevOps). \
\n\n**IMPORTANT**: First determine if this documentation is RELEVANT to the user's question:\
\n- If the documentation directly addresses the question Use it and cite sources with URLs\
\n- If the documentation is tangentially related but doesn't answer the question Briefly mention what internal docs exist, then provide a complete answer using general knowledge\
\n- If the documentation is completely unrelated Ignore it and answer using general knowledge\
\n\nDo NOT force irrelevant internal documentation into your answer. The user needs accurate information, not forced citations."
),
tool_call_id: None,
tool_calls: None,
};
messages.push(context_message);
}
messages.push(Message { messages.push(Message {
role: "user".into(), role: "user".into(),
content: message.clone(), content: message.clone(),
tool_call_id: None,
tool_calls: None,
}); });
let response = provider // Get available tools
.chat(messages, &provider_config) let tools = Some(crate::ai::tools::get_available_tools());
.await
.map_err(|e| { // Tool-calling loop: keep calling until AI gives final answer
warn!(error = %e, "ai chat provider request failed"); let final_response;
"AI provider request failed".to_string() let max_iterations = 10; // Prevent infinite loops
})?; let mut iteration = 0;
loop {
iteration += 1;
if iteration > max_iterations {
return Err("Tool-calling loop exceeded maximum iterations".to_string());
}
let response = provider
.chat(messages.clone(), &provider_config, tools.clone())
.await
.map_err(|e| {
let error_msg = format!("AI provider request failed: {e}");
warn!("{}", error_msg);
error_msg
})?;
// Check if AI wants to call tools
if let Some(tool_calls) = &response.tool_calls {
tracing::info!("AI requested {} tool call(s)", tool_calls.len());
// Execute each tool call
for tool_call in tool_calls {
tracing::info!("Executing tool: {}", tool_call.name);
let tool_result = execute_tool_call(tool_call, &app_handle, &state).await;
// Format result
let result_content = match tool_result {
Ok(result) => result,
Err(e) => format!("Error executing tool: {e}"),
};
// Add tool result as a message
messages.push(Message {
role: "tool".into(),
content: result_content,
tool_call_id: Some(tool_call.id.clone()),
tool_calls: None,
});
}
// Continue loop to get AI's next response
continue;
}
// No tool calls - this is the final answer
final_response = response;
break;
}
// Save both user message and response to DB // Save both user message and response to DB
{ {
@ -239,7 +325,7 @@ pub async fn chat_message(
let asst_msg = AiMessage::new( let asst_msg = AiMessage::new(
conversation_id, conversation_id,
"assistant".to_string(), "assistant".to_string(),
response.content.clone(), final_response.content.clone(),
); );
db.execute( db.execute(
@ -268,10 +354,10 @@ pub async fn chat_message(
"model": provider_config.model, "model": provider_config.model,
"api_url": provider_config.api_url, "api_url": provider_config.api_url,
"user_message": user_msg.content, "user_message": user_msg.content,
"response_preview": if response.content.len() > 200 { "response_preview": if final_response.content.len() > 200 {
format!("{preview}...", preview = &response.content[..200]) format!("{preview}...", preview = &final_response.content[..200])
} else { } else {
response.content.clone() final_response.content.clone()
}, },
"token_count": user_msg.token_count, "token_count": user_msg.token_count,
}); });
@ -292,7 +378,7 @@ pub async fn chat_message(
} }
} }
Ok(response) Ok(final_response)
} }
#[tauri::command] #[tauri::command]
@ -305,9 +391,11 @@ pub async fn test_provider_connection(
content: content:
"Reply with exactly: Troubleshooting and RCA Assistant connection test successful." "Reply with exactly: Troubleshooting and RCA Assistant connection test successful."
.into(), .into(),
tool_call_id: None,
tool_calls: None,
}]; }];
provider provider
.chat(messages, &provider_config) .chat(messages, &provider_config, None)
.await .await
.map_err(|e| { .map_err(|e| {
warn!(error = %e, "ai test_provider_connection failed"); warn!(error = %e, "ai test_provider_connection failed");
@ -352,6 +440,417 @@ pub async fn list_providers() -> Result<Vec<ProviderInfo>, String> {
]) ])
} }
/// Search integration sources (Confluence, ServiceNow, Azure DevOps) for relevant context
async fn search_integration_sources(
query: &str,
app_handle: &tauri::AppHandle,
state: &State<'_, AppState>,
) -> String {
let mut all_results = Vec::new();
// Try to get integration configurations
let configs: Vec<crate::commands::integrations::IntegrationConfig> = {
let db = match state.db.lock() {
Ok(db) => db,
Err(e) => {
tracing::warn!("Failed to lock database: {}", e);
return String::new();
}
};
let mut stmt = match db.prepare(
"SELECT service, base_url, username, project_name, space_key FROM integration_config",
) {
Ok(stmt) => stmt,
Err(e) => {
tracing::warn!("Failed to prepare statement: {}", e);
return String::new();
}
};
let rows = match stmt.query_map([], |row| {
Ok(crate::commands::integrations::IntegrationConfig {
service: row.get(0)?,
base_url: row.get(1)?,
username: row.get(2)?,
project_name: row.get(3)?,
space_key: row.get(4)?,
})
}) {
Ok(rows) => rows,
Err(e) => {
tracing::warn!("Failed to query integration configs: {}", e);
return String::new();
}
};
rows.filter_map(|r| r.ok()).collect()
};
// Search each available integration in parallel
let mut search_tasks = Vec::new();
for config in configs {
// Authentication priority:
// 1. Try cookies from persistent browser (may fail for HttpOnly)
// 2. Try stored credentials from database
// 3. Fall back to webview-based search (uses browser's session directly)
let cookies_opt = match crate::commands::integrations::get_fresh_cookies_from_webview(
&config.service,
app_handle,
state,
)
.await
{
Ok(Some(cookies)) => {
tracing::info!("Using extracted cookies for {}", config.service);
Some(cookies)
}
_ => {
// Fallback: check for stored credentials in database
tracing::info!(
"Cookie extraction failed for {}, checking stored credentials",
config.service
);
let encrypted_token: Option<String> = {
let db = match state.db.lock() {
Ok(db) => db,
Err(_) => continue,
};
db.query_row(
"SELECT encrypted_token FROM credentials WHERE service = ?1",
[&config.service],
|row| row.get::<_, String>(0),
)
.optional()
.ok()
.flatten()
};
if let Some(token) = encrypted_token {
if let Ok(decrypted) = crate::integrations::auth::decrypt_token(&token) {
// Try to parse as cookies JSON
if let Ok(cookie_list) = serde_json::from_str::<
Vec<crate::integrations::webview_auth::Cookie>,
>(&decrypted)
{
tracing::info!(
"Using stored cookies for {} (count: {})",
config.service,
cookie_list.len()
);
Some(cookie_list)
} else {
tracing::warn!(
"Stored credentials for {} not in cookie format",
config.service
);
None
}
} else {
None
}
} else {
None
}
}
};
// If we have cookies (from extraction or database), use standard API search
if let Some(cookies) = cookies_opt {
match config.service.as_str() {
"confluence" => {
let base_url = config.base_url.clone();
let query = query.to_string();
let cookies_clone = cookies.clone();
search_tasks.push(tokio::spawn(async move {
crate::integrations::confluence_search::search_confluence(
&base_url,
&query,
&cookies_clone,
)
.await
.unwrap_or_default()
}));
}
"servicenow" => {
let instance_url = config.base_url.clone();
let query = query.to_string();
let cookies_clone = cookies.clone();
search_tasks.push(tokio::spawn(async move {
let mut results = Vec::new();
// Search knowledge base
if let Ok(kb_results) =
crate::integrations::servicenow_search::search_servicenow(
&instance_url,
&query,
&cookies_clone,
)
.await
{
results.extend(kb_results);
}
// Search incidents
if let Ok(incident_results) =
crate::integrations::servicenow_search::search_incidents(
&instance_url,
&query,
&cookies_clone,
)
.await
{
results.extend(incident_results);
}
results
}));
}
"azuredevops" => {
let org_url = config.base_url.clone();
let project = config.project_name.unwrap_or_default();
let query = query.to_string();
let cookies_clone = cookies.clone();
search_tasks.push(tokio::spawn(async move {
let mut results = Vec::new();
// Search wiki
if let Ok(wiki_results) =
crate::integrations::azuredevops_search::search_wiki(
&org_url,
&project,
&query,
&cookies_clone,
)
.await
{
results.extend(wiki_results);
}
// Search work items
if let Ok(wi_results) =
crate::integrations::azuredevops_search::search_work_items(
&org_url,
&project,
&query,
&cookies_clone,
)
.await
{
results.extend(wi_results);
}
results
}));
}
_ => {}
}
} else {
// Final fallback: try webview-based fetch (includes HttpOnly cookies automatically)
// This makes HTTP requests FROM the authenticated webview, which includes all cookies
tracing::info!(
"No extracted cookies for {}, trying webview-based fetch",
config.service
);
// Check if webview exists for this service
let webview_label = {
let webviews = match state.integration_webviews.lock() {
Ok(w) => w,
Err(_) => continue,
};
webviews.get(&config.service).cloned()
};
if let Some(label) = webview_label {
// Get window handle
if let Some(webview_window) = app_handle.get_webview_window(&label) {
let base_url = config.base_url.clone();
let service = config.service.clone();
let query_str = query.to_string();
match service.as_str() {
"confluence" => {
search_tasks.push(tokio::spawn(async move {
tracing::info!("Executing Confluence search via webview fetch");
match crate::integrations::webview_fetch::search_confluence_webview(
&webview_window,
&base_url,
&query_str,
)
.await
{
Ok(results) => {
tracing::info!(
"Webview fetch for Confluence returned {} results",
results.len()
);
results
}
Err(e) => {
tracing::warn!(
"Webview fetch failed for Confluence: {}",
e
);
Vec::new()
}
}
}));
}
"servicenow" => {
search_tasks.push(tokio::spawn(async move {
tracing::info!("Executing ServiceNow search via webview fetch");
match crate::integrations::webview_fetch::search_servicenow_webview(
&webview_window,
&base_url,
&query_str,
)
.await
{
Ok(results) => {
tracing::info!(
"Webview fetch for ServiceNow returned {} results",
results.len()
);
results
}
Err(e) => {
tracing::warn!(
"Webview fetch failed for ServiceNow: {}",
e
);
Vec::new()
}
}
}));
}
"azuredevops" => {
let project = config.project_name.unwrap_or_default();
search_tasks.push(tokio::spawn(async move {
tracing::info!("Executing Azure DevOps search via webview fetch");
let mut results = Vec::new();
// Search wiki
match crate::integrations::webview_fetch::search_azuredevops_wiki_webview(
&webview_window,
&base_url,
&project,
&query_str
).await {
Ok(wiki_results) => {
tracing::info!("Webview fetch for ADO wiki returned {} results", wiki_results.len());
results.extend(wiki_results);
}
Err(e) => {
tracing::warn!("Webview fetch failed for ADO wiki: {}", e);
}
}
// Search work items
match crate::integrations::webview_fetch::search_azuredevops_workitems_webview(
&webview_window,
&base_url,
&project,
&query_str
).await {
Ok(wi_results) => {
tracing::info!("Webview fetch for ADO work items returned {} results", wi_results.len());
results.extend(wi_results);
}
Err(e) => {
tracing::warn!("Webview fetch failed for ADO work items: {}", e);
}
}
results
}));
}
_ => {}
}
} else {
tracing::warn!("Webview window not found for {}", config.service);
}
} else {
tracing::warn!(
"No webview open for {} - cannot search. Please open browser window in Settings → Integrations",
config.service
);
}
}
}
// Wait for all searches to complete
for task in search_tasks {
if let Ok(results) = task.await {
all_results.extend(results);
}
}
// Format results for AI context
if all_results.is_empty() {
return String::new();
}
let mut context = String::new();
for (idx, result) in all_results.iter().enumerate() {
context.push_str(&format!("--- SOURCE {} ({}) ---\n", idx + 1, result.source));
context.push_str(&format!("Title: {}\n", result.title));
context.push_str(&format!("URL: {}\n", result.url));
if let Some(content) = &result.content {
context.push_str(&format!("Content:\n{content}\n\n"));
} else {
context.push_str(&format!("Excerpt: {}\n\n", result.excerpt));
}
}
tracing::info!(
"Found {} integration sources for AI context",
all_results.len()
);
context
}
/// Execute a tool call made by the AI
async fn execute_tool_call(
tool_call: &crate::ai::ToolCall,
app_handle: &tauri::AppHandle,
app_state: &State<'_, AppState>,
) -> Result<String, String> {
match tool_call.name.as_str() {
"add_ado_comment" => {
// Parse arguments
let args: serde_json::Value = serde_json::from_str(&tool_call.arguments)
.map_err(|e| format!("Failed to parse tool arguments: {e}"))?;
let work_item_id = args
.get("work_item_id")
.and_then(|v| v.as_i64())
.ok_or_else(|| "Missing or invalid work_item_id parameter".to_string())?;
let comment_text = args
.get("comment_text")
.and_then(|v| v.as_str())
.ok_or_else(|| "Missing or invalid comment_text parameter".to_string())?;
// Execute the add_ado_comment command
tracing::info!(
"AI executing tool: add_ado_comment({}, \"{}\")",
work_item_id,
comment_text
);
crate::commands::integrations::add_ado_comment(
work_item_id,
comment_text.to_string(),
app_handle.clone(),
app_state.clone(),
)
.await
}
_ => {
let error = format!("Unknown tool: {}", tool_call.name);
tracing::warn!("{}", error);
Err(error)
}
}
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::*; use super::*;

469
src-tauri/src/commands/integrations.rs
View File

@ -19,10 +19,105 @@ lazy_static::lazy_static! {
#[tauri::command] #[tauri::command]
pub async fn test_confluence_connection( pub async fn test_confluence_connection(
_base_url: String, base_url: String,
_credentials: serde_json::Value, _credentials: serde_json::Value,
app_handle: tauri::AppHandle,
app_state: State<'_, AppState>,
) -> Result<ConnectionResult, String> { ) -> Result<ConnectionResult, String> {
Err("Integrations available in v0.2. Please update to the latest version.".to_string()) // Try to get fresh cookies from persistent webview
let cookies = get_fresh_cookies_from_webview("confluence", &app_handle, &app_state).await?;
if let Some(cookie_list) = cookies {
// Use cookies for authentication
let cookie_header = crate::integrations::webview_auth::cookies_to_header(&cookie_list);
let client = reqwest::Client::new();
let url = format!("{}/rest/api/user/current", base_url.trim_end_matches('/'));
let resp = client
.get(&url)
.header("Cookie", cookie_header)
.send()
.await
.map_err(|e| format!("Connection failed: {e}"))?;
if resp.status().is_success() {
Ok(ConnectionResult {
success: true,
message: "Successfully connected to Confluence using browser session".to_string(),
})
} else {
let status = resp.status();
let text = resp.text().await.unwrap_or_default();
Ok(ConnectionResult {
success: false,
message: format!("Connection failed with status {status}: {text}"),
})
}
} else {
// No webview open, check if we have stored credentials
let encrypted_token: Option<String> = {
let db = app_state
.db
.lock()
.map_err(|e| format!("Failed to lock database: {e}"))?;
db.query_row(
"SELECT encrypted_token FROM credentials WHERE service = ?1",
["confluence"],
|row| row.get(0),
)
.optional()
.map_err(|e| format!("Failed to query credentials: {e}"))?
};
if let Some(token) = encrypted_token {
let decrypted = crate::integrations::auth::decrypt_token(&token)?;
// Try to parse as cookies JSON first
if let Ok(cookie_list) =
serde_json::from_str::<Vec<crate::integrations::webview_auth::Cookie>>(&decrypted)
{
let cookie_header =
crate::integrations::webview_auth::cookies_to_header(&cookie_list);
let client = reqwest::Client::new();
let url = format!("{}/rest/api/user/current", base_url.trim_end_matches('/'));
let resp = client
.get(&url)
.header("Cookie", cookie_header)
.send()
.await
.map_err(|e| format!("Connection failed: {e}"))?;
if resp.status().is_success() {
Ok(ConnectionResult {
success: true,
message: "Successfully connected to Confluence using stored session"
.to_string(),
})
} else {
let status = resp.status();
Ok(ConnectionResult {
success: false,
message: format!(
"Connection failed with status {status}. Session may have expired - try reopening the browser window."
),
})
}
} else {
// Treat as bearer token
let config = crate::integrations::confluence::ConfluenceConfig {
base_url: base_url.clone(),
access_token: decrypted,
};
crate::integrations::confluence::test_connection(&config).await
}
} else {
Err("Not authenticated. Please open the browser window and log in, or provide a manual token.".to_string())
}
}
} }
#[tauri::command] #[tauri::command]
@ -36,10 +131,71 @@ pub async fn publish_to_confluence(
#[tauri::command] #[tauri::command]
pub async fn test_servicenow_connection( pub async fn test_servicenow_connection(
_instance_url: String, instance_url: String,
_credentials: serde_json::Value, _credentials: serde_json::Value,
app_handle: tauri::AppHandle,
app_state: State<'_, AppState>,
) -> Result<ConnectionResult, String> { ) -> Result<ConnectionResult, String> {
Err("Integrations available in v0.2. Please update to the latest version.".to_string()) // Try to get fresh cookies from persistent webview
let cookies = get_fresh_cookies_from_webview("servicenow", &app_handle, &app_state).await?;
if let Some(cookie_list) = cookies {
let cookie_header = crate::integrations::webview_auth::cookies_to_header(&cookie_list);
let client = reqwest::Client::new();
let url = format!(
"{}/api/now/table/sys_user?sysparm_limit=1",
instance_url.trim_end_matches('/')
);
let resp = client
.get(&url)
.header("Cookie", cookie_header)
.send()
.await
.map_err(|e| format!("Connection failed: {e}"))?;
if resp.status().is_success() {
Ok(ConnectionResult {
success: true,
message: "Successfully connected to ServiceNow using browser session".to_string(),
})
} else {
let status = resp.status();
Ok(ConnectionResult {
success: false,
message: format!("Connection failed with status {status}"),
})
}
} else {
// Check stored credentials
let encrypted_token: Option<String> = {
let db = app_state
.db
.lock()
.map_err(|e| format!("Failed to lock database: {e}"))?;
db.query_row(
"SELECT encrypted_token FROM credentials WHERE service = ?1",
["servicenow"],
|row| row.get(0),
)
.optional()
.map_err(|e| format!("Failed to query credentials: {e}"))?
};
if let Some(token) = encrypted_token {
let password = crate::integrations::auth::decrypt_token(&token)?;
let config = crate::integrations::servicenow::ServiceNowConfig {
instance_url: instance_url.clone(),
username: "".to_string(),
password,
};
crate::integrations::servicenow::test_connection(&config).await
} else {
Err("Not authenticated. Please open the browser window and log in, or provide a manual token.".to_string())
}
}
} }
#[tauri::command] #[tauri::command]
@ -52,10 +208,71 @@ pub async fn create_servicenow_incident(
#[tauri::command] #[tauri::command]
pub async fn test_azuredevops_connection( pub async fn test_azuredevops_connection(
_org_url: String, org_url: String,
_credentials: serde_json::Value, _credentials: serde_json::Value,
app_handle: tauri::AppHandle,
app_state: State<'_, AppState>,
) -> Result<ConnectionResult, String> { ) -> Result<ConnectionResult, String> {
Err("Integrations available in v0.2. Please update to the latest version.".to_string()) // Try to get fresh cookies from persistent webview
let cookies = get_fresh_cookies_from_webview("azuredevops", &app_handle, &app_state).await?;
if let Some(cookie_list) = cookies {
let cookie_header = crate::integrations::webview_auth::cookies_to_header(&cookie_list);
let client = reqwest::Client::new();
let url = format!(
"{}/_apis/projects?api-version=6.0",
org_url.trim_end_matches('/')
);
let resp = client
.get(&url)
.header("Cookie", cookie_header)
.send()
.await
.map_err(|e| format!("Connection failed: {e}"))?;
if resp.status().is_success() {
Ok(ConnectionResult {
success: true,
message: "Successfully connected to Azure DevOps using browser session".to_string(),
})
} else {
let status = resp.status();
Ok(ConnectionResult {
success: false,
message: format!("Connection failed with status {status}"),
})
}
} else {
// Check stored credentials
let encrypted_token: Option<String> = {
let db = app_state
.db
.lock()
.map_err(|e| format!("Failed to lock database: {e}"))?;
db.query_row(
"SELECT encrypted_token FROM credentials WHERE service = ?1",
["azuredevops"],
|row| row.get(0),
)
.optional()
.map_err(|e| format!("Failed to query credentials: {e}"))?
};
if let Some(token) = encrypted_token {
let access_token = crate::integrations::auth::decrypt_token(&token)?;
let config = crate::integrations::azuredevops::AzureDevOpsConfig {
organization_url: org_url.clone(),
access_token,
project: "".to_string(),
};
crate::integrations::azuredevops::test_connection(&config).await
} else {
Err("Not authenticated. Please open the browser window and log in, or provide a manual token.".to_string())
}
}
} }
#[tauri::command] #[tauri::command]
@ -505,6 +722,7 @@ pub struct WebviewAuthResponse {
pub async fn authenticate_with_webview( pub async fn authenticate_with_webview(
service: String, service: String,
base_url: String, base_url: String,
project_name: Option<String>,
app_handle: tauri::AppHandle, app_handle: tauri::AppHandle,
app_state: State<'_, AppState>, app_state: State<'_, AppState>,
) -> Result<WebviewAuthResponse, String> { ) -> Result<WebviewAuthResponse, String> {
@ -530,21 +748,81 @@ pub async fn authenticate_with_webview(
// Open persistent browser window // Open persistent browser window
let _credentials = crate::integrations::webview_auth::authenticate_with_webview( let _credentials = crate::integrations::webview_auth::authenticate_with_webview(
app_handle, &service, &base_url, app_handle.clone(),
&service,
&base_url,
project_name.as_deref(),
) )
.await?; .await?;
// Store window reference // Store window reference in memory
app_state app_state
.integration_webviews .integration_webviews
.lock() .lock()
.map_err(|e| format!("Failed to lock webviews: {e}"))? .map_err(|e| format!("Failed to lock webviews: {e}"))?
.insert(service.clone(), webview_id.clone()); .insert(service.clone(), webview_id.clone());
// Persist to database for restoration on app restart
let db = app_state
.db
.lock()
.map_err(|e| format!("Failed to lock database: {e}"))?;
db.execute(
"INSERT OR REPLACE INTO persistent_webviews
(id, service, webview_label, base_url, last_active)
VALUES (?1, ?2, ?3, ?4, datetime('now'))",
rusqlite::params![
uuid::Uuid::now_v7().to_string(),
service.clone(),
webview_id.clone(),
base_url.clone(),
],
)
.map_err(|e| format!("Failed to persist webview: {e}"))?;
tracing::info!("Persisted webview {} for service {}", webview_id, service);
// Set up window close handler to remove from tracking and database
if let Some(webview_window) = app_handle.get_webview_window(&webview_id) {
let service_clone = service.clone();
let db_arc = app_state.db.clone();
let webviews_arc = app_state.integration_webviews.clone();
webview_window.on_window_event(move |event| {
if let tauri::WindowEvent::CloseRequested { .. } = event {
let service = service_clone.clone();
let db = db_arc.clone();
let webviews = webviews_arc.clone();
// Spawn async task to clean up
tauri::async_runtime::spawn(async move {
// Remove from in-memory tracking
if let Ok(mut webviews_lock) = webviews.lock() {
webviews_lock.remove(&service);
tracing::info!("Removed {} from webview tracking", service);
}
// Remove from database
if let Ok(db_lock) = db.lock() {
if let Err(e) = db_lock.execute(
"DELETE FROM persistent_webviews WHERE service = ?1",
rusqlite::params![service],
) {
tracing::warn!("Failed to remove persistent webview from DB: {}", e);
} else {
tracing::info!("Removed {} from persistent webviews database", service);
}
}
});
}
});
}
Ok(WebviewAuthResponse { Ok(WebviewAuthResponse {
success: true, success: true,
message: format!( message: format!(
"{service} browser window opened. This window will stay open - use it to browse and authenticate. Cookies will be extracted automatically for API calls." "{service} browser window opened. This window will stay open across app restarts - use it to browse and authenticate. Cookies are maintained automatically."
), ),
webview_id, webview_id,
}) })
@ -605,16 +883,11 @@ pub async fn extract_cookies_from_webview(
) )
.map_err(|e| format!("Failed to store cookies: {e}"))?; .map_err(|e| format!("Failed to store cookies: {e}"))?;
// Close the webview window // NOTE: Window stays open for persistent browsing - no longer closing after cookie extraction
if let Some(webview) = app_handle.get_webview_window(&webview_id) {
webview
.close()
.map_err(|e| format!("Failed to close webview: {e}"))?;
}
Ok(ConnectionResult { Ok(ConnectionResult {
success: true, success: true,
message: format!("{service} authentication saved successfully"), message: format!("{service} authentication saved successfully. The browser window will stay open for future use."),
}) })
} }
@ -786,6 +1059,122 @@ pub async fn get_fresh_cookies_from_webview(
} }
} }
// ============================================================================
// Persistent Webview Restoration
// ============================================================================
/// Restore persistent browser windows from database on app startup.
/// This recreates integration browser windows that were open when the app last closed.
pub async fn restore_persistent_webviews(
app_handle: &tauri::AppHandle,
app_state: &AppState,
) -> Result<(), String> {
let webviews_to_restore: Vec<(String, String, String)> = {
let db = app_state
.db
.lock()
.map_err(|e| format!("Failed to lock database: {e}"))?;
let mut stmt = db
.prepare("SELECT service, webview_label, base_url FROM persistent_webviews")
.map_err(|e| format!("Failed to prepare query: {e}"))?;
let rows: Vec<(String, String, String)> = stmt
.query_map([], |row| {
Ok((
row.get::<_, String>(0)?, // service
row.get::<_, String>(1)?, // webview_label
row.get::<_, String>(2)?, // base_url
))
})
.map_err(|e| format!("Failed to query persistent webviews: {e}"))?
.collect::<Result<Vec<_>, _>>()
.map_err(|e| format!("Failed to collect webviews: {e}"))?;
rows
};
for (service, webview_label, base_url) in webviews_to_restore {
tracing::info!(
"Restoring persistent webview {} for service {} at {}",
webview_label,
service,
base_url
);
// Get project name from integration config if available
let project_name: Option<String> = {
let db = app_state
.db
.lock()
.map_err(|e| format!("Failed to lock database: {e}"))?;
db.query_row(
"SELECT project_name FROM integration_config WHERE service = ?1",
[&service],
|row| row.get(0),
)
.ok()
};
// Recreate the webview window
match crate::integrations::webview_auth::authenticate_with_webview(
app_handle.clone(),
&service,
&base_url,
project_name.as_deref(),
)
.await
{
Ok(_) => {
// Store in memory tracking
app_state
.integration_webviews
.lock()
.map_err(|e| format!("Failed to lock webviews: {e}"))?
.insert(service.clone(), webview_label.clone());
tracing::info!("Successfully restored webview for {}", service);
}
Err(e) => {
tracing::warn!("Failed to restore webview for {}: {}", service, e);
// Remove from database if restoration failed
let db = app_state
.db
.lock()
.map_err(|e| format!("Failed to lock database: {e}"))?;
db.execute(
"DELETE FROM persistent_webviews WHERE service = ?1",
rusqlite::params![service],
)
.map_err(|e| format!("Failed to remove failed webview: {e}"))?;
}
}
}
Ok(())
}
/// Remove persistent webview from database (called when window is closed).
pub async fn remove_persistent_webview(
service: &str,
app_state: &State<'_, AppState>,
) -> Result<(), String> {
let db = app_state
.db
.lock()
.map_err(|e| format!("Failed to lock database: {e}"))?;
db.execute(
"DELETE FROM persistent_webviews WHERE service = ?1",
rusqlite::params![service],
)
.map_err(|e| format!("Failed to remove persistent webview: {e}"))?;
tracing::info!("Removed persistent webview for service: {}", service);
Ok(())
}
// ============================================================================ // ============================================================================
// Integration Configuration Persistence // Integration Configuration Persistence
// ============================================================================ // ============================================================================
@ -891,3 +1280,51 @@ pub async fn get_all_integration_configs(
Ok(configs) Ok(configs)
} }
/// Add a comment to an Azure DevOps work item
#[tauri::command]
pub async fn add_ado_comment(
work_item_id: i64,
comment_text: String,
app_handle: tauri::AppHandle,
app_state: State<'_, AppState>,
) -> Result<String, String> {
// Get ADO configuration
let (org_url, _project_name) = {
let db = app_state
.db
.lock()
.map_err(|e| format!("Failed to lock database: {e}"))?;
let mut stmt = db.prepare(
"SELECT base_url, project_name FROM integration_config WHERE service = 'azuredevops'"
).map_err(|e| format!("Failed to prepare query: {e}"))?;
stmt.query_row([], |row| {
Ok((row.get::<_, String>(0)?, row.get::<_, Option<String>>(1)?))
})
.map_err(|e| format!("Azure DevOps not configured: {e}"))?
};
// Get webview window
let webview_label = {
let webviews = app_state
.integration_webviews
.lock()
.map_err(|e| format!("Failed to lock webviews: {e}"))?;
webviews.get("azuredevops").cloned()
.ok_or_else(|| "Azure DevOps browser window not open. Please open it in Settings → Integrations first.".to_string())?
};
let webview_window = app_handle
.get_webview_window(&webview_label)
.ok_or_else(|| "Azure DevOps browser window not found".to_string())?;
// Add the comment
crate::integrations::webview_fetch::add_azuredevops_comment_webview(
&webview_window,
&org_url,
work_item_id,
&comment_text,
)
.await
}

132
src-tauri/src/commands/system.rs
View File

@ -3,7 +3,7 @@ use crate::ollama::{
hardware, installer, manager, recommender, InstallGuide, ModelRecommendation, OllamaModel, hardware, installer, manager, recommender, InstallGuide, ModelRecommendation, OllamaModel,
OllamaStatus, OllamaStatus,
}; };
use crate::state::{AppSettings, AppState}; use crate::state::{AppSettings, AppState, ProviderConfig};
// --- Ollama commands --- // --- Ollama commands ---
@ -141,3 +141,133 @@ pub async fn get_audit_log(
Ok(rows) Ok(rows)
} }
// --- AI Provider persistence commands ---
/// Save an AI provider configuration to encrypted database
#[tauri::command]
pub async fn save_ai_provider(
provider: ProviderConfig,
state: tauri::State<'_, AppState>,
) -> Result<(), String> {
// Encrypt the API key
let encrypted_key = crate::integrations::auth::encrypt_token(&provider.api_key)?;
let db = state.db.lock().map_err(|e| e.to_string())?;
db.execute(
"INSERT OR REPLACE INTO ai_providers
(id, name, provider_type, api_url, encrypted_api_key, model, max_tokens, temperature,
custom_endpoint_path, custom_auth_header, custom_auth_prefix, api_format, user_id, updated_at)
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12, ?13, datetime('now'))",
rusqlite::params![
uuid::Uuid::now_v7().to_string(),
provider.name,
provider.provider_type,
provider.api_url,
encrypted_key,
provider.model,
provider.max_tokens,
provider.temperature,
provider.custom_endpoint_path,
provider.custom_auth_header,
provider.custom_auth_prefix,
provider.api_format,
provider.user_id,
],
)
.map_err(|e| format!("Failed to save AI provider: {e}"))?;
Ok(())
}
/// Load all AI provider configurations from database
#[tauri::command]
pub async fn load_ai_providers(
state: tauri::State<'_, AppState>,
) -> Result<Vec<ProviderConfig>, String> {
let db = state.db.lock().map_err(|e| e.to_string())?;
let mut stmt = db
.prepare(
"SELECT name, provider_type, api_url, encrypted_api_key, model, max_tokens, temperature,
custom_endpoint_path, custom_auth_header, custom_auth_prefix, api_format, user_id
FROM ai_providers
ORDER BY name",
)
.map_err(|e| e.to_string())?;
let providers = stmt
.query_map([], |row| {
let encrypted_key: String = row.get(3)?;
Ok((
row.get::<_, String>(0)?, // name
row.get::<_, String>(1)?, // provider_type
row.get::<_, String>(2)?, // api_url
encrypted_key, // encrypted_api_key
row.get::<_, String>(4)?, // model
row.get::<_, Option<u32>>(5)?, // max_tokens
row.get::<_, Option<f64>>(6)?, // temperature
row.get::<_, Option<String>>(7)?, // custom_endpoint_path
row.get::<_, Option<String>>(8)?, // custom_auth_header
row.get::<_, Option<String>>(9)?, // custom_auth_prefix
row.get::<_, Option<String>>(10)?, // api_format
row.get::<_, Option<String>>(11)?, // user_id
))
})
.map_err(|e| e.to_string())?
.filter_map(|r| r.ok())
.filter_map(
|(
name,
provider_type,
api_url,
encrypted_key,
model,
max_tokens,
temperature,
custom_endpoint_path,
custom_auth_header,
custom_auth_prefix,
api_format,
user_id,
)| {
// Decrypt the API key
let api_key = crate::integrations::auth::decrypt_token(&encrypted_key).ok()?;
Some(ProviderConfig {
name,
provider_type,
api_url,
api_key,
model,
max_tokens,
temperature,
custom_endpoint_path,
custom_auth_header,
custom_auth_prefix,
api_format,
session_id: None, // Session IDs are not persisted
user_id,
})
},
)
.collect();
Ok(providers)
}
/// Delete an AI provider configuration
#[tauri::command]
pub async fn delete_ai_provider(
name: String,
state: tauri::State<'_, AppState>,
) -> Result<(), String> {
let db = state.db.lock().map_err(|e| e.to_string())?;
db.execute("DELETE FROM ai_providers WHERE name = ?1", [&name])
.map_err(|e| format!("Failed to delete AI provider: {e}"))?;
Ok(())
}

114
src-tauri/src/db/connection.rs
View File

@ -81,16 +81,82 @@ pub fn open_dev_db(path: &Path) -> anyhow::Result<Connection> {
Ok(conn) Ok(conn)
} }
/// Migrates a plain SQLite database to an encrypted SQLCipher database.
/// Creates a backup of the original file before migration.
fn migrate_plain_to_encrypted(db_path: &Path, key: &str) -> anyhow::Result<Connection> {
tracing::warn!("Detected plain SQLite database in release build - migrating to encrypted");
// Create backup of plain database
let backup_path = db_path.with_extension("db.plain-backup");
std::fs::copy(db_path, &backup_path)?;
tracing::info!("Backed up plain database to {:?}", backup_path);
// Open the plain database
let plain_conn = Connection::open(db_path)?;
// Create temporary encrypted database path
let temp_encrypted = db_path.with_extension("db.encrypted-temp");
// Attach and migrate to encrypted database using SQLCipher export
plain_conn.execute_batch(&format!(
"ATTACH DATABASE '{}' AS encrypted KEY '{}';\
PRAGMA encrypted.cipher_page_size = 16384;\
PRAGMA encrypted.kdf_iter = 256000;\
PRAGMA encrypted.cipher_hmac_algorithm = HMAC_SHA512;\
PRAGMA encrypted.cipher_kdf_algorithm = PBKDF2_HMAC_SHA512;",
temp_encrypted.display(),
key.replace('\'', "''")
))?;
// Export all data to encrypted database
plain_conn.execute_batch("SELECT sqlcipher_export('encrypted');")?;
plain_conn.execute_batch("DETACH DATABASE encrypted;")?;
drop(plain_conn);
// Replace original with encrypted version
std::fs::rename(&temp_encrypted, db_path)?;
tracing::info!("Successfully migrated database to encrypted format");
// Open and return the encrypted database
open_encrypted_db(db_path, key)
}
/// Checks if a database file is plain SQLite by reading its header.
fn is_plain_sqlite(path: &Path) -> bool {
if let Ok(mut file) = std::fs::File::open(path) {
use std::io::Read;
let mut header = [0u8; 16];
if file.read_exact(&mut header).is_ok() {
// SQLite databases start with "SQLite format 3\0"
return &header == b"SQLite format 3\0";
}
}
false
}
pub fn init_db(data_dir: &Path) -> anyhow::Result<Connection> { pub fn init_db(data_dir: &Path) -> anyhow::Result<Connection> {
std::fs::create_dir_all(data_dir)?; std::fs::create_dir_all(data_dir)?;
let db_path = data_dir.join("tftsr.db"); let db_path = data_dir.join("trcaa.db");
let key = get_db_key(data_dir)?; let key = get_db_key(data_dir)?;
let conn = if cfg!(debug_assertions) { let conn = if cfg!(debug_assertions) {
open_dev_db(&db_path)? open_dev_db(&db_path)?
} else { } else {
open_encrypted_db(&db_path, &key)? // In release mode, try encrypted first
match open_encrypted_db(&db_path, &key) {
Ok(conn) => conn,
Err(e) => {
// Check if error is due to trying to decrypt a plain SQLite database
if db_path.exists() && is_plain_sqlite(&db_path) {
// Auto-migrate from plain to encrypted
migrate_plain_to_encrypted(&db_path, &key)?
} else {
// Different error - propagate it
return Err(e);
}
}
}
}; };
crate::db::migrations::run_migrations(&conn)?; crate::db::migrations::run_migrations(&conn)?;
@ -102,13 +168,22 @@ mod tests {
use super::*; use super::*;
fn temp_dir(name: &str) -> std::path::PathBuf { fn temp_dir(name: &str) -> std::path::PathBuf {
let dir = std::env::temp_dir().join(format!("tftsr-test-{}", name)); use std::time::SystemTime;
let timestamp = SystemTime::now()
.duration_since(SystemTime::UNIX_EPOCH)
.unwrap()
.as_nanos();
let dir = std::env::temp_dir().join(format!("tftsr-test-{}-{}", name, timestamp));
// Clean up if it exists
let _ = std::fs::remove_dir_all(&dir);
std::fs::create_dir_all(&dir).unwrap(); std::fs::create_dir_all(&dir).unwrap();
dir dir
} }
#[test] #[test]
fn test_get_db_key_uses_env_var_when_present() { fn test_get_db_key_uses_env_var_when_present() {
// Remove any existing env var first
std::env::remove_var("TFTSR_DB_KEY");
let dir = temp_dir("env-var"); let dir = temp_dir("env-var");
std::env::set_var("TFTSR_DB_KEY", "test-db-key"); std::env::set_var("TFTSR_DB_KEY", "test-db-key");
let key = get_db_key(&dir).unwrap(); let key = get_db_key(&dir).unwrap();
@ -118,10 +193,43 @@ mod tests {
#[test] #[test]
fn test_get_db_key_debug_fallback_for_empty_env() { fn test_get_db_key_debug_fallback_for_empty_env() {
// Remove any existing env var first
std::env::remove_var("TFTSR_DB_KEY");
let dir = temp_dir("empty-env"); let dir = temp_dir("empty-env");
std::env::set_var("TFTSR_DB_KEY", " "); std::env::set_var("TFTSR_DB_KEY", " ");
let key = get_db_key(&dir).unwrap(); let key = get_db_key(&dir).unwrap();
assert_eq!(key, "dev-key-change-in-prod"); assert_eq!(key, "dev-key-change-in-prod");
std::env::remove_var("TFTSR_DB_KEY"); std::env::remove_var("TFTSR_DB_KEY");
} }
#[test]
fn test_is_plain_sqlite_detects_plain_database() {
let dir = temp_dir("plain-detect");
let db_path = dir.join("test.db");
// Create a plain SQLite database
let conn = Connection::open(&db_path).unwrap();
conn.execute("CREATE TABLE test (id INTEGER)", []).unwrap();
drop(conn);
assert!(is_plain_sqlite(&db_path));
}
#[test]
fn test_is_plain_sqlite_rejects_encrypted() {
let dir = temp_dir("encrypted-detect");
let db_path = dir.join("test.db");
// Create an encrypted database
let conn = Connection::open(&db_path).unwrap();
conn.execute_batch(
"PRAGMA key = 'test-key';\
PRAGMA cipher_page_size = 16384;",
)
.unwrap();
conn.execute("CREATE TABLE test (id INTEGER)", []).unwrap();
drop(conn);
assert!(!is_plain_sqlite(&db_path));
}
} }

35
src-tauri/src/db/migrations.rs
View File

@ -155,6 +155,41 @@ pub fn run_migrations(conn: &Connection) -> anyhow::Result<()> {
"ALTER TABLE audit_log ADD COLUMN prev_hash TEXT NOT NULL DEFAULT ''; "ALTER TABLE audit_log ADD COLUMN prev_hash TEXT NOT NULL DEFAULT '';
ALTER TABLE audit_log ADD COLUMN entry_hash TEXT NOT NULL DEFAULT '';", ALTER TABLE audit_log ADD COLUMN entry_hash TEXT NOT NULL DEFAULT '';",
), ),
(
"013_create_persistent_webviews",
"CREATE TABLE IF NOT EXISTS persistent_webviews (
id TEXT PRIMARY KEY,
service TEXT NOT NULL CHECK(service IN ('confluence','servicenow','azuredevops')),
webview_label TEXT NOT NULL,
base_url TEXT NOT NULL,
last_active TEXT NOT NULL DEFAULT (datetime('now')),
window_x INTEGER,
window_y INTEGER,
window_width INTEGER,
window_height INTEGER,
UNIQUE(service)
);",
),
(
"014_create_ai_providers",
"CREATE TABLE IF NOT EXISTS ai_providers (
id TEXT PRIMARY KEY,
name TEXT NOT NULL UNIQUE,
provider_type TEXT NOT NULL,
api_url TEXT NOT NULL,
encrypted_api_key TEXT NOT NULL,
model TEXT NOT NULL,
max_tokens INTEGER,
temperature REAL,
custom_endpoint_path TEXT,
custom_auth_header TEXT,
custom_auth_prefix TEXT,
api_format TEXT,
user_id TEXT,
created_at TEXT NOT NULL DEFAULT (datetime('now')),
updated_at TEXT NOT NULL DEFAULT (datetime('now'))
);",
),
]; ];
for (name, sql) in migrations { for (name, sql) in migrations {

55
src-tauri/src/integrations/auth.rs
View File

@ -179,7 +179,60 @@ fn get_encryption_key_material() -> Result<String, String> {
return Ok("dev-key-change-me-in-production-32b".to_string()); return Ok("dev-key-change-me-in-production-32b".to_string());
} }
Err("TFTSR_ENCRYPTION_KEY must be set in release builds".to_string()) // Release: load or auto-generate a per-installation encryption key
// stored in the app data directory, similar to the database key.
if let Some(app_data_dir) = crate::state::get_app_data_dir() {
let key_path = app_data_dir.join(".enckey");
// Try to load existing key
if key_path.exists() {
if let Ok(key) = std::fs::read_to_string(&key_path) {
let key = key.trim().to_string();
if !key.is_empty() {
return Ok(key);
}
}
}
// Generate and store new key
use rand::RngCore;
let mut bytes = [0u8; 32];
rand::rngs::OsRng.fill_bytes(&mut bytes);
let key = hex::encode(bytes);
// Ensure directory exists
if let Err(e) = std::fs::create_dir_all(&app_data_dir) {
tracing::warn!("Failed to create app data directory: {e}");
return Err(format!("Failed to create app data directory: {e}"));
}
// Write key with restricted permissions
#[cfg(unix)]
{
use std::io::Write;
use std::os::unix::fs::OpenOptionsExt;
let mut f = std::fs::OpenOptions::new()
.write(true)
.create(true)
.truncate(true)
.mode(0o600)
.open(&key_path)
.map_err(|e| format!("Failed to write encryption key: {e}"))?;
f.write_all(key.as_bytes())
.map_err(|e| format!("Failed to write encryption key: {e}"))?;
}
#[cfg(not(unix))]
{
std::fs::write(&key_path, &key)
.map_err(|e| format!("Failed to write encryption key: {e}"))?;
}
tracing::info!("Generated new encryption key at {:?}", key_path);
return Ok(key);
}
Err("Failed to determine app data directory for encryption key storage".to_string())
} }
fn derive_aes_key() -> Result<[u8; 32], String> { fn derive_aes_key() -> Result<[u8; 32], String> {

265
src-tauri/src/integrations/azuredevops_search.rs Normal file
View File

@ -0,0 +1,265 @@
use super::confluence_search::SearchResult;
/// Search Azure DevOps Wiki for content matching the query
pub async fn search_wiki(
org_url: &str,
project: &str,
query: &str,
cookies: &[crate::integrations::webview_auth::Cookie],
) -> Result<Vec<SearchResult>, String> {
let cookie_header = crate::integrations::webview_auth::cookies_to_header(cookies);
let client = reqwest::Client::new();
// Use Azure DevOps Search API
let search_url = format!(
"{}/_apis/search/wikisearchresults?api-version=7.0",
org_url.trim_end_matches('/')
);
let search_body = serde_json::json!({
"searchText": query,
"$top": 5,
"filters": {
"ProjectFilters": [project]
}
});
tracing::info!("Searching Azure DevOps Wiki: {}", search_url);
let resp = client
.post(&search_url)
.header("Cookie", &cookie_header)
.header("Accept", "application/json")
.header("Content-Type", "application/json")
.json(&search_body)
.send()
.await
.map_err(|e| format!("Azure DevOps wiki search failed: {e}"))?;
if !resp.status().is_success() {
let status = resp.status();
let text = resp.text().await.unwrap_or_default();
return Err(format!(
"Azure DevOps wiki search failed with status {status}: {text}"
));
}
let json: serde_json::Value = resp
.json()
.await
.map_err(|e| format!("Failed to parse ADO wiki search response: {e}"))?;
let mut results = Vec::new();
if let Some(results_array) = json["results"].as_array() {
for item in results_array.iter().take(3) {
let title = item["fileName"].as_str().unwrap_or("Untitled").to_string();
let path = item["path"].as_str().unwrap_or("");
let url = format!(
"{}/_wiki/wikis/{}/{}",
org_url.trim_end_matches('/'),
project,
path
);
let excerpt = item["content"]
.as_str()
.unwrap_or("")
.chars()
.take(300)
.collect::<String>();
// Fetch full wiki page content
let content = if let Some(wiki_id) = item["wiki"]["id"].as_str() {
if let Some(page_path) = item["path"].as_str() {
fetch_wiki_page(org_url, wiki_id, page_path, &cookie_header)
.await
.ok()
} else {
None
}
} else {
None
};
results.push(SearchResult {
title,
url,
excerpt,
content,
source: "Azure DevOps".to_string(),
});
}
}
Ok(results)
}
/// Fetch full wiki page content
async fn fetch_wiki_page(
org_url: &str,
wiki_id: &str,
page_path: &str,
cookie_header: &str,
) -> Result<String, String> {
let client = reqwest::Client::new();
let page_url = format!(
"{}/_apis/wiki/wikis/{}/pages?path={}&api-version=7.0&includeContent=true",
org_url.trim_end_matches('/'),
wiki_id,
urlencoding::encode(page_path)
);
let resp = client
.get(&page_url)
.header("Cookie", cookie_header)
.header("Accept", "application/json")
.send()
.await
.map_err(|e| format!("Failed to fetch wiki page: {e}"))?;
if !resp.status().is_success() {
let status = resp.status();
return Err(format!("Failed to fetch wiki page: {status}"));
}
let json: serde_json::Value = resp
.json()
.await
.map_err(|e| format!("Failed to parse wiki page: {e}"))?;
let content = json["content"].as_str().unwrap_or("").to_string();
// Truncate to reasonable length
let truncated = if content.len() > 3000 {
format!("{}...", &content[..3000])
} else {
content
};
Ok(truncated)
}
/// Search Azure DevOps Work Items for related issues
pub async fn search_work_items(
org_url: &str,
project: &str,
query: &str,
cookies: &[crate::integrations::webview_auth::Cookie],
) -> Result<Vec<SearchResult>, String> {
let cookie_header = crate::integrations::webview_auth::cookies_to_header(cookies);
let client = reqwest::Client::new();
// Use WIQL (Work Item Query Language)
let wiql_url = format!(
"{}/_apis/wit/wiql?api-version=7.0",
org_url.trim_end_matches('/')
);
let wiql_query = format!(
"SELECT [System.Id], [System.Title], [System.Description], [System.State] FROM WorkItems WHERE [System.TeamProject] = '{project}' AND ([System.Title] CONTAINS '{query}' OR [System.Description] CONTAINS '{query}') ORDER BY [System.ChangedDate] DESC"
);
let wiql_body = serde_json::json!({
"query": wiql_query
});
tracing::info!("Searching Azure DevOps work items");
let resp = client
.post(&wiql_url)
.header("Cookie", &cookie_header)
.header("Accept", "application/json")
.header("Content-Type", "application/json")
.json(&wiql_body)
.send()
.await
.map_err(|e| format!("ADO work item search failed: {e}"))?;
if !resp.status().is_success() {
return Ok(Vec::new()); // Don't fail if work item search fails
}
let json: serde_json::Value = resp
.json()
.await
.map_err(|_| "Failed to parse work item response".to_string())?;
let mut results = Vec::new();
if let Some(work_items) = json["workItems"].as_array() {
// Fetch details for top 3 work items
for item in work_items.iter().take(3) {
if let Some(id) = item["id"].as_i64() {
if let Ok(work_item) = fetch_work_item_details(org_url, id, &cookie_header).await {
results.push(work_item);
}
}
}
}
Ok(results)
}
/// Fetch work item details
async fn fetch_work_item_details(
org_url: &str,
id: i64,
cookie_header: &str,
) -> Result<SearchResult, String> {
let client = reqwest::Client::new();
let item_url = format!(
"{}/_apis/wit/workitems/{}?api-version=7.0",
org_url.trim_end_matches('/'),
id
);
let resp = client
.get(&item_url)
.header("Cookie", cookie_header)
.header("Accept", "application/json")
.send()
.await
.map_err(|e| format!("Failed to fetch work item: {e}"))?;
if !resp.status().is_success() {
let status = resp.status();
return Err(format!("Failed to fetch work item: {status}"));
}
let json: serde_json::Value = resp
.json()
.await
.map_err(|e| format!("Failed to parse work item: {e}"))?;
let fields = &json["fields"];
let title = format!(
"Work Item {}: {}",
id,
fields["System.Title"].as_str().unwrap_or("No title")
);
let url = json["_links"]["html"]["href"]
.as_str()
.unwrap_or("")
.to_string();
let description = fields["System.Description"]
.as_str()
.unwrap_or("")
.to_string();
let state = fields["System.State"].as_str().unwrap_or("Unknown");
let content = format!("State: {state}\n\nDescription: {description}");
let excerpt = content.chars().take(200).collect::<String>();
Ok(SearchResult {
title,
url,
excerpt,
content: Some(content),
source: "Azure DevOps".to_string(),
})
}

188
src-tauri/src/integrations/confluence_search.rs Normal file
View File

@ -0,0 +1,188 @@
use serde::{Deserialize, Serialize};
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SearchResult {
pub title: String,
pub url: String,
pub excerpt: String,
pub content: Option<String>,
pub source: String, // "confluence", "servicenow", "azuredevops"
}
/// Search Confluence for content matching the query
pub async fn search_confluence(
base_url: &str,
query: &str,
cookies: &[crate::integrations::webview_auth::Cookie],
) -> Result<Vec<SearchResult>, String> {
let cookie_header = crate::integrations::webview_auth::cookies_to_header(cookies);
let client = reqwest::Client::new();
// Use Confluence CQL search
let search_url = format!(
"{}/rest/api/search?cql=text~\"{}\"&limit=5",
base_url.trim_end_matches('/'),
urlencoding::encode(query)
);
tracing::info!("Searching Confluence: {}", search_url);
let resp = client
.get(&search_url)
.header("Cookie", &cookie_header)
.header("Accept", "application/json")
.send()
.await
.map_err(|e| format!("Confluence search request failed: {e}"))?;
if !resp.status().is_success() {
let status = resp.status();
let text = resp.text().await.unwrap_or_default();
return Err(format!(
"Confluence search failed with status {status}: {text}"
));
}
let json: serde_json::Value = resp
.json()
.await
.map_err(|e| format!("Failed to parse Confluence search response: {e}"))?;
let mut results = Vec::new();
if let Some(results_array) = json["results"].as_array() {
for item in results_array.iter().take(3) {
// Take top 3 results
let title = item["title"].as_str().unwrap_or("Untitled").to_string();
let id = item["content"]["id"].as_str();
let space_key = item["content"]["space"]["key"].as_str();
// Build URL
let url = if let (Some(id_str), Some(space)) = (id, space_key) {
format!(
"{}/display/{}/{}",
base_url.trim_end_matches('/'),
space,
id_str
)
} else {
base_url.to_string()
};
// Get excerpt from search result
let excerpt = item["excerpt"]
.as_str()
.unwrap_or("")
.to_string()
.replace("<span class=\"highlight\">", "")
.replace("</span>", "");
// Fetch full page content
let content = if let Some(content_id) = id {
fetch_page_content(base_url, content_id, &cookie_header)
.await
.ok()
} else {
None
};
results.push(SearchResult {
title,
url,
excerpt,
content,
source: "Confluence".to_string(),
});
}
}
Ok(results)
}
/// Fetch full content of a Confluence page
async fn fetch_page_content(
base_url: &str,
page_id: &str,
cookie_header: &str,
) -> Result<String, String> {
let client = reqwest::Client::new();
let content_url = format!(
"{}/rest/api/content/{}?expand=body.storage",
base_url.trim_end_matches('/'),
page_id
);
let resp = client
.get(&content_url)
.header("Cookie", cookie_header)
.header("Accept", "application/json")
.send()
.await
.map_err(|e| format!("Failed to fetch page content: {e}"))?;
if !resp.status().is_success() {
let status = resp.status();
return Err(format!("Failed to fetch page: {status}"));
}
let json: serde_json::Value = resp
.json()
.await
.map_err(|e| format!("Failed to parse page content: {e}"))?;
// Extract plain text from HTML storage format
let html = json["body"]["storage"]["value"]
.as_str()
.unwrap_or("")
.to_string();
// Basic HTML tag stripping (for better results, use a proper HTML parser)
let text = strip_html_tags(&html);
// Truncate to reasonable length for AI context
let truncated = if text.len() > 3000 {
format!("{}...", &text[..3000])
} else {
text
};
Ok(truncated)
}
/// Basic HTML tag stripping
fn strip_html_tags(html: &str) -> String {
let mut result = String::new();
let mut in_tag = false;
for ch in html.chars() {
match ch {
'<' => in_tag = true,
'>' => in_tag = false,
_ if !in_tag => result.push(ch),
_ => {}
}
}
// Clean up whitespace
result
.split_whitespace()
.collect::<Vec<_>>()
.join(" ")
.trim()
.to_string()
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_strip_html_tags() {
let html = "<p>Hello <strong>world</strong>!</p>";
assert_eq!(strip_html_tags(html), "Hello world!");
let html2 = "<div><h1>Title</h1><p>Content</p></div>";
assert_eq!(strip_html_tags(html2), "TitleContent");
}
}

4
src-tauri/src/integrations/mod.rs
View File

@ -1,9 +1,13 @@
pub mod auth; pub mod auth;
pub mod azuredevops; pub mod azuredevops;
pub mod azuredevops_search;
pub mod callback_server; pub mod callback_server;
pub mod confluence; pub mod confluence;
pub mod confluence_search;
pub mod servicenow; pub mod servicenow;
pub mod servicenow_search;
pub mod webview_auth; pub mod webview_auth;
pub mod webview_fetch;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};

45
src-tauri/src/integrations/native_cookies.rs Normal file
View File

@ -0,0 +1,45 @@
/// Platform-specific native cookie extraction from webview
/// This can access HttpOnly cookies that JavaScript cannot
use super::webview_auth::Cookie;
#[cfg(target_os = "macos")]
pub async fn extract_cookies_native(
window_label: &str,
domain: &str,
) -> Result<Vec<Cookie>, String> {
// On macOS, we can use WKWebView's HTTPCookieStore via Objective-C bridge
// This requires cocoa/objc crates which we don't have yet
// For now, return an error indicating this needs implementation
tracing::warn!("Native cookie extraction not yet implemented for macOS");
Err("Native cookie extraction requires additional dependencies (cocoa, objc)".to_string())
}
#[cfg(target_os = "windows")]
pub async fn extract_cookies_native(
window_label: &str,
domain: &str,
) -> Result<Vec<Cookie>, String> {
// On Windows, we can use WebView2's cookie manager
// This requires windows crates
tracing::warn!("Native cookie extraction not yet implemented for Windows");
Err("Native cookie extraction requires additional dependencies (windows crate)".to_string())
}
#[cfg(target_os = "linux")]
pub async fn extract_cookies_native(
window_label: &str,
domain: &str,
) -> Result<Vec<Cookie>, String> {
// On Linux with WebKitGTK, we can use the cookie manager
tracing::warn!("Native cookie extraction not yet implemented for Linux");
Err("Native cookie extraction requires additional dependencies (webkit2gtk)".to_string())
}
#[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))]
pub async fn extract_cookies_native(
_window_label: &str,
_domain: &str,
) -> Result<Vec<Cookie>, String> {
Err("Native cookie extraction not supported on this platform".to_string())
}

50
src-tauri/src/integrations/native_cookies_macos.rs Normal file
View File

@ -0,0 +1,50 @@
/// macOS-specific native cookie extraction using WKWebView's HTTPCookieStore
/// This can access HttpOnly cookies that JavaScript cannot
#[cfg(target_os = "macos")]
use super::webview_auth::Cookie;
#[cfg(target_os = "macos")]
pub async fn extract_cookies_native(
webview_label: &str,
domain: &str,
) -> Result<Vec<Cookie>, String> {
use cocoa::base::{id, nil};
use cocoa::foundation::{NSArray, NSString};
use objc::runtime::{Class, Object};
use objc::{msg_send, sel, sel_impl};
tracing::info!("Attempting native cookie extraction for {} on domain {}", webview_label, domain);
unsafe {
// Get the WKWebsiteDataStore (where cookies are stored)
let wk_websitedata_store_class = Class::get("WKWebsiteDataStore").ok_or("WKWebsiteDataStore class not found")?;
let data_store: id = msg_send![wk_websitedata_store_class, defaultDataStore];
if data_store == nil {
return Err("Failed to get WKWebsiteDataStore".to_string());
}
// Get the HTTPCookieStore
let cookie_store: id = msg_send![data_store, httpCookieStore];
if cookie_store == nil {
return Err("Failed to get HTTPCookieStore".to_string());
}
// Unfortunately, WKHTTPCookieStore's getAllCookies method requires a completion handler
// which is complex to bridge from Rust. For now, we'll document this limitation
// and suggest using the Tauri cookie plugin when it's available.
tracing::warn!("Native cookie extraction requires async completion handler - not yet fully implemented");
Err("Native cookie extraction requires Tauri cookie plugin (coming in future Tauri version)".to_string())
}
}
#[cfg(not(target_os = "macos"))]
pub async fn extract_cookies_native(
_webview_label: &str,
_domain: &str,
) -> Result<Vec<super::webview_auth::Cookie>, String> {
Err("Native cookie extraction only supported on macOS".to_string())
}

163
src-tauri/src/integrations/servicenow_search.rs Normal file
View File

@ -0,0 +1,163 @@
use super::confluence_search::SearchResult;
/// Search ServiceNow Knowledge Base for content matching the query
pub async fn search_servicenow(
instance_url: &str,
query: &str,
cookies: &[crate::integrations::webview_auth::Cookie],
) -> Result<Vec<SearchResult>, String> {
let cookie_header = crate::integrations::webview_auth::cookies_to_header(cookies);
let client = reqwest::Client::new();
// Search Knowledge Base articles
let search_url = format!(
"{}/api/now/table/kb_knowledge?sysparm_query=textLIKE{}^ORshort_descriptionLIKE{}&sysparm_limit=5",
instance_url.trim_end_matches('/'),
urlencoding::encode(query),
urlencoding::encode(query)
);
tracing::info!("Searching ServiceNow: {}", search_url);
let resp = client
.get(&search_url)
.header("Cookie", &cookie_header)
.header("Accept", "application/json")
.send()
.await
.map_err(|e| format!("ServiceNow search request failed: {e}"))?;
if !resp.status().is_success() {
let status = resp.status();
let text = resp.text().await.unwrap_or_default();
return Err(format!(
"ServiceNow search failed with status {status}: {text}"
));
}
let json: serde_json::Value = resp
.json()
.await
.map_err(|e| format!("Failed to parse ServiceNow search response: {e}"))?;
let mut results = Vec::new();
if let Some(result_array) = json["result"].as_array() {
for item in result_array.iter().take(3) {
// Take top 3 results
let title = item["short_description"]
.as_str()
.unwrap_or("Untitled")
.to_string();
let sys_id = item["sys_id"].as_str().unwrap_or("").to_string();
let url = format!(
"{}/kb_view.do?sysparm_article={}",
instance_url.trim_end_matches('/'),
sys_id
);
let excerpt = item["text"]
.as_str()
.unwrap_or("")
.chars()
.take(300)
.collect::<String>();
// Get full article content
let content = item["text"].as_str().map(|text| {
if text.len() > 3000 {
format!("{}...", &text[..3000])
} else {
text.to_string()
}
});
results.push(SearchResult {
title,
url,
excerpt,
content,
source: "ServiceNow".to_string(),
});
}
}
Ok(results)
}
/// Search ServiceNow Incidents for related issues
pub async fn search_incidents(
instance_url: &str,
query: &str,
cookies: &[crate::integrations::webview_auth::Cookie],
) -> Result<Vec<SearchResult>, String> {
let cookie_header = crate::integrations::webview_auth::cookies_to_header(cookies);
let client = reqwest::Client::new();
// Search incidents
let search_url = format!(
"{}/api/now/table/incident?sysparm_query=short_descriptionLIKE{}^ORdescriptionLIKE{}&sysparm_limit=3&sysparm_display_value=true",
instance_url.trim_end_matches('/'),
urlencoding::encode(query),
urlencoding::encode(query)
);
tracing::info!("Searching ServiceNow incidents: {}", search_url);
let resp = client
.get(&search_url)
.header("Cookie", &cookie_header)
.header("Accept", "application/json")
.send()
.await
.map_err(|e| format!("ServiceNow incident search failed: {e}"))?;
if !resp.status().is_success() {
return Ok(Vec::new()); // Don't fail if incident search fails
}
let json: serde_json::Value = resp
.json()
.await
.map_err(|_| "Failed to parse incident response".to_string())?;
let mut results = Vec::new();
if let Some(result_array) = json["result"].as_array() {
for item in result_array.iter() {
let number = item["number"].as_str().unwrap_or("Unknown");
let title = format!(
"Incident {}: {}",
number,
item["short_description"].as_str().unwrap_or("No title")
);
let sys_id = item["sys_id"].as_str().unwrap_or("");
let url = format!(
"{}/incident.do?sys_id={}",
instance_url.trim_end_matches('/'),
sys_id
);
let description = item["description"].as_str().unwrap_or("").to_string();
let resolution = item["close_notes"].as_str().unwrap_or("").to_string();
let content = format!("Description: {description}\nResolution: {resolution}");
let excerpt = content.chars().take(200).collect::<String>();
results.push(SearchResult {
title,
url,
excerpt,
content: Some(content),
source: "ServiceNow".to_string(),
});
}
}
Ok(results)
}

280
src-tauri/src/integrations/webview_auth.rs
View File

@ -1,5 +1,5 @@
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use tauri::{AppHandle, Listener, WebviewUrl, WebviewWindow, WebviewWindowBuilder}; use tauri::{AppHandle, WebviewUrl, WebviewWindow, WebviewWindowBuilder};
#[derive(Debug, Clone, Serialize, Deserialize)] #[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ExtractedCredentials { pub struct ExtractedCredentials {
@ -24,30 +24,53 @@ pub async fn authenticate_with_webview(
app_handle: AppHandle, app_handle: AppHandle,
service: &str, service: &str,
base_url: &str, base_url: &str,
project_name: Option<&str>,
) -> Result<ExtractedCredentials, String> { ) -> Result<ExtractedCredentials, String> {
let trimmed_base_url = base_url.trim_end_matches('/'); let trimmed_base_url = base_url.trim_end_matches('/');
tracing::info!(
"authenticate_with_webview called: service={}, base_url={}, project_name={:?}",
service,
base_url,
project_name
);
let login_url = match service { let login_url = match service {
"confluence" => format!("{trimmed_base_url}/login.action"), "confluence" => format!("{trimmed_base_url}/login.action"),
"azuredevops" => { "azuredevops" => {
// Azure DevOps login - user will be redirected through Microsoft SSO // Azure DevOps - go directly to project if provided, otherwise org home
format!("{trimmed_base_url}/_signin") if let Some(project) = project_name {
let url = format!("{trimmed_base_url}/{project}");
tracing::info!("Azure DevOps URL with project: {}", url);
url
} else {
tracing::info!("Azure DevOps URL without project: {}", trimmed_base_url);
trimmed_base_url.to_string()
}
} }
"servicenow" => format!("{trimmed_base_url}/login.do"), "servicenow" => format!("{trimmed_base_url}/login.do"),
_ => return Err(format!("Unknown service: {service}")), _ => return Err(format!("Unknown service: {service}")),
}; };
tracing::info!( tracing::info!("Final login_url for {} = {}", service, login_url);
"Opening persistent browser for {} at {}",
service,
login_url
);
// Create persistent browser window (stays open for browsing and fresh cookie extraction) // Create persistent browser window (stays open for browsing and fresh cookie extraction)
let webview_label = format!("{service}-auth"); let webview_label = format!("{service}-auth");
tracing::info!("Creating webview window with label: {}", webview_label);
let parsed_url = login_url.parse().map_err(|e| {
let err_msg = format!("Failed to parse URL '{login_url}': {e}");
tracing::error!("{err_msg}");
err_msg
})?;
tracing::info!("Parsed URL successfully: {:?}", parsed_url);
let webview = WebviewWindowBuilder::new( let webview = WebviewWindowBuilder::new(
&app_handle, &app_handle,
&webview_label, &webview_label,
WebviewUrl::External(login_url.parse().map_err(|e| format!("Invalid URL: {e}"))?), WebviewUrl::External(parsed_url),
) )
.title(format!( .title(format!(
"{service} Browser (Troubleshooting and RCA Assistant)" "{service} Browser (Troubleshooting and RCA Assistant)"
@ -57,14 +80,20 @@ pub async fn authenticate_with_webview(
.resizable(true) .resizable(true)
.center() .center()
.focused(true) .focused(true)
.visible(true) .visible(true) // Show immediately - let user see loading
.user_agent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36")
.zoom_hotkeys_enabled(true)
.devtools(true)
.initialization_script("console.log('Webview initialized');")
.build() .build()
.map_err(|e| format!("Failed to create webview: {e}"))?; .map_err(|e| format!("Failed to create webview: {e}"))?;
// Focus the window tracing::info!("Webview window created successfully, setting focus");
// Ensure window is focused
webview webview
.set_focus() .set_focus()
.map_err(|e| tracing::warn!("Failed to focus webview: {e}")) .map_err(|e| tracing::warn!("Failed to set focus: {}", e))
.ok(); .ok();
// Wait for user to complete login // Wait for user to complete login
@ -77,121 +106,158 @@ pub async fn authenticate_with_webview(
}) })
} }
/// Extract cookies from a webview using Tauri's IPC mechanism. /// Extract cookies from a webview using localStorage as intermediary.
/// This is the most reliable cross-platform approach. /// This works for external URLs where window.__TAURI__ is not available.
pub async fn extract_cookies_via_ipc<R: tauri::Runtime>( pub async fn extract_cookies_via_ipc<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>, webview_window: &WebviewWindow<R>,
app_handle: &AppHandle<R>, _app_handle: &AppHandle<R>,
) -> Result<Vec<Cookie>, String> { ) -> Result<Vec<Cookie>, String> {
// Inject JavaScript that will send cookies via IPC // Step 1: Inject JavaScript to extract cookies and store in a global variable
// Note: We use window.__TAURI__ which is the Tauri 2.x API exposed to webviews // We can't use __TAURI__ for external URLs, so we use a polling approach
let cookie_extraction_script = r#" let cookie_extraction_script = r#"
(async function() { (function() {
try { try {
// Wait for Tauri API to be available
if (typeof window.__TAURI__ === 'undefined') {
console.error('Tauri API not available');
return;
}
const cookieString = document.cookie; const cookieString = document.cookie;
if (!cookieString || cookieString.trim() === '') { const cookies = [];
await window.__TAURI__.event.emit('tftsr-cookies-extracted', { cookies: [] });
return; if (cookieString && cookieString.trim() !== '') {
const cookieList = cookieString.split(';').map(c => c.trim()).filter(c => c.length > 0);
for (const cookie of cookieList) {
const equalIndex = cookie.indexOf('=');
if (equalIndex === -1) continue;
const name = cookie.substring(0, equalIndex).trim();
const value = cookie.substring(equalIndex + 1).trim();
cookies.push({
name: name,
value: value,
domain: window.location.hostname,
path: '/',
secure: window.location.protocol === 'https:',
http_only: false,
expires: null
});
}
} }
const cookies = cookieString.split(';').map(c => c.trim()).filter(c => c.length > 0); // Store in a global variable that Rust can read
const parsed = cookies.map(cookie => { window.__TFTSR_COOKIES__ = cookies;
const equalIndex = cookie.indexOf('='); console.log('[TFTSR] Extracted', cookies.length, 'cookies');
if (equalIndex === -1) return null; return cookies.length;
const name = cookie.substring(0, equalIndex).trim();
const value = cookie.substring(equalIndex + 1).trim();
return {
name: name,
value: value,
domain: window.location.hostname,
path: '/',
secure: window.location.protocol === 'https:',
http_only: false,
expires: null
};
}).filter(c => c !== null);
// Use Tauri's event API to send cookies back to Rust
await window.__TAURI__.event.emit('tftsr-cookies-extracted', { cookies: parsed });
console.log('Cookies extracted and emitted:', parsed.length);
} catch (e) { } catch (e) {
console.error('Cookie extraction failed:', e); console.error('[TFTSR] Cookie extraction failed:', e);
try { window.__TFTSR_COOKIES__ = [];
await window.__TAURI__.event.emit('tftsr-cookies-extracted', { cookies: [], error: e.message }); window.__TFTSR_ERROR__ = e.message;
} catch (emitError) { return -1;
console.error('Failed to emit error:', emitError);
}
} }
})(); })();
"#; "#;
// Set up event listener first // Inject the extraction script
let (tx, mut rx) = tokio::sync::mpsc::channel::<Result<Vec<Cookie>, String>>(1);
// Listen for the custom event from the webview
let listen_id = app_handle.listen("tftsr-cookies-extracted", move |event| {
tracing::debug!("Received cookies-extracted event");
let payload_str = event.payload();
// Parse the payload JSON
match serde_json::from_str::<serde_json::Value>(payload_str) {
Ok(payload) => {
if let Some(error_msg) = payload.get("error").and_then(|e| e.as_str()) {
let _ = tx.try_send(Err(format!("JavaScript error: {error_msg}")));
return;
}
if let Some(cookies_value) = payload.get("cookies") {
match serde_json::from_value::<Vec<Cookie>>(cookies_value.clone()) {
Ok(cookies) => {
tracing::info!("Parsed {} cookies from webview", cookies.len());
let _ = tx.try_send(Ok(cookies));
}
Err(e) => {
tracing::error!("Failed to parse cookies: {e}");
let _ = tx.try_send(Err(format!("Failed to parse cookies: {e}")));
}
}
} else {
let _ = tx.try_send(Err("No cookies field in payload".to_string()));
}
}
Err(e) => {
tracing::error!("Failed to parse event payload: {e}");
let _ = tx.try_send(Err(format!("Failed to parse event payload: {e}")));
}
}
});
// Inject the script into the webview
webview_window webview_window
.eval(cookie_extraction_script) .eval(cookie_extraction_script)
.map_err(|e| format!("Failed to inject cookie extraction script: {e}"))?; .map_err(|e| format!("Failed to inject cookie extraction script: {e}"))?;
tracing::info!("Cookie extraction script injected, waiting for response..."); tracing::info!("Cookie extraction script injected, waiting for cookies...");
// Wait for cookies with timeout // Give JavaScript a moment to execute
let result = tokio::time::timeout(tokio::time::Duration::from_secs(10), rx.recv()) tokio::time::sleep(tokio::time::Duration::from_millis(500)).await;
.await
.map_err(|_| {
"Timeout waiting for cookies. Make sure you are logged in and on the correct page."
.to_string()
})?
.ok_or_else(|| "Failed to receive cookies from webview".to_string())?;
// Clean up event listener // Step 2: Poll for the extracted cookies using document.title as communication channel
app_handle.unlisten(listen_id); let mut attempts = 0;
let max_attempts = 20; // 10 seconds total (500ms * 20)
result loop {
attempts += 1;
// Store result in localStorage, then copy to document.title for Rust to read
let check_and_signal_script = r#"
try {
if (typeof window.__TFTSR_ERROR__ !== 'undefined') {
window.localStorage.setItem('tftsr_result', JSON.stringify({ error: window.__TFTSR_ERROR__ }));
} else if (typeof window.__TFTSR_COOKIES__ !== 'undefined' && window.__TFTSR_COOKIES__.length > 0) {
window.localStorage.setItem('tftsr_result', JSON.stringify({ cookies: window.__TFTSR_COOKIES__ }));
} else if (typeof window.__TFTSR_COOKIES__ !== 'undefined') {
window.localStorage.setItem('tftsr_result', JSON.stringify({ cookies: [] }));
}
} catch (e) {
window.localStorage.setItem('tftsr_result', JSON.stringify({ error: e.message }));
}
"#;
webview_window.eval(check_and_signal_script).ok();
tokio::time::sleep(tokio::time::Duration::from_millis(500)).await;
// We can't get return values from eval(), so let's use a different approach:
// Execute script that sets document.title temporarily
let read_via_title = r#"
(function() {
const result = window.localStorage.getItem('tftsr_result');
if (result) {
window.localStorage.removeItem('tftsr_result');
// Store in title temporarily for Rust to read
window.__TFTSR_ORIGINAL_TITLE__ = document.title;
document.title = 'TFTSR_RESULT:' + result;
}
})();
"#;
webview_window.eval(read_via_title).ok();
tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
// Read the title
if let Ok(title) = webview_window.title() {
if let Some(json_str) = title.strip_prefix("TFTSR_RESULT:") {
// Restore original title
let restore_title = r#"
if (typeof window.__TFTSR_ORIGINAL_TITLE__ !== 'undefined') {
document.title = window.__TFTSR_ORIGINAL_TITLE__;
}
"#;
webview_window.eval(restore_title).ok();
// Parse the JSON
match serde_json::from_str::<serde_json::Value>(json_str) {
Ok(result) => {
if let Some(error) = result.get("error").and_then(|e| e.as_str()) {
return Err(format!("Cookie extraction error: {error}"));
}
if let Some(cookies_value) = result.get("cookies") {
match serde_json::from_value::<Vec<Cookie>>(cookies_value.clone()) {
Ok(cookies) => {
tracing::info!(
"Successfully extracted {} cookies",
cookies.len()
);
return Ok(cookies);
}
Err(e) => {
return Err(format!("Failed to parse cookies: {e}"));
}
}
}
}
Err(e) => {
tracing::warn!("Failed to parse result JSON: {e}");
}
}
}
}
if attempts >= max_attempts {
return Err(
"Timeout extracting cookies. This may be because:\n\
1. Confluence uses HttpOnly cookies that JavaScript cannot access\n\
2. You're not logged in yet\n\
3. The page hasn't finished loading\n\n\
Recommendation: Use 'Manual Token' authentication with a Confluence Personal Access Token instead."
.to_string(),
);
}
}
} }
/// Build cookie header string for HTTP requests /// Build cookie header string for HTTP requests

687
src-tauri/src/integrations/webview_fetch.rs Normal file
View File

@ -0,0 +1,687 @@
/// Webview-based HTTP fetching that automatically includes HttpOnly cookies
/// Makes requests FROM the authenticated webview using JavaScript fetch API
///
/// This uses Tauri's window.location to pass results back (cross-document messaging)
use serde_json::Value;
use tauri::WebviewWindow;
use super::confluence_search::SearchResult;
/// Execute an HTTP request from within the webview context
/// This automatically includes all cookies (including HttpOnly) from the authenticated session
pub async fn fetch_from_webview<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>,
url: &str,
method: &str,
body: Option<&str>,
) -> Result<Value, String> {
let request_id = uuid::Uuid::now_v7().to_string();
let (headers_js, body_js) = if let Some(b) = body {
// For POST/PUT with JSON body
(
"headers: { 'Accept': 'application/json', 'Content-Type': 'application/json' }",
format!(", body: JSON.stringify({b})"),
)
} else {
// For GET requests
("headers: { 'Accept': 'application/json' }", String::new())
};
// Inject script that:
// 1. Makes fetch request with credentials
// 2. Uses window.location.hash to communicate results back
let fetch_script = format!(
r#"
(async function() {{
const requestId = '{request_id}';
try {{
const response = await fetch('{url}', {{
method: '{method}',
{headers_js},
credentials: 'include'{body_js}
}});
if (!response.ok) {{
window.location.hash = '#trcaa-error-' + requestId + '-' + encodeURIComponent(JSON.stringify({{
error: `HTTP ${{response.status}}: ${{response.statusText}}`
}}));
return;
}}
const data = await response.json();
// Store in hash - we'll poll for this
window.location.hash = '#trcaa-success-' + requestId + '-' + encodeURIComponent(JSON.stringify(data));
}} catch (error) {{
window.location.hash = '#trcaa-error-' + requestId + '-' + encodeURIComponent(JSON.stringify({{
error: error.message
}}));
}}
}})();
"#
);
// Execute the fetch
webview_window
.eval(&fetch_script)
.map_err(|e| format!("Failed to execute fetch: {e}"))?;
// Poll for result by checking window URL/hash
for i in 0..50 {
tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
// Get the current URL to check the hash
if let Ok(url_str) = webview_window.url() {
let url_string = url_str.to_string();
// Check for success
let success_marker = format!("#trcaa-success-{request_id}-");
if url_string.contains(&success_marker) {
// Extract the JSON from the hash
if let Some(json_start) = url_string.find(&success_marker) {
let json_encoded = &url_string[json_start + success_marker.len()..];
if let Ok(decoded) = urlencoding::decode(json_encoded) {
// Clear the hash
webview_window.eval("window.location.hash = '';").ok();
// Parse JSON
if let Ok(result) = serde_json::from_str::<Value>(&decoded) {
tracing::info!("Webview fetch successful");
return Ok(result);
}
}
}
}
// Check for error
let error_marker = format!("#trcaa-error-{request_id}-");
if url_string.contains(&error_marker) {
if let Some(json_start) = url_string.find(&error_marker) {
let json_encoded = &url_string[json_start + error_marker.len()..];
if let Ok(decoded) = urlencoding::decode(json_encoded) {
// Clear the hash
webview_window.eval("window.location.hash = '';").ok();
return Err(format!("Webview fetch error: {decoded}"));
}
}
}
}
if i % 10 == 0 {
tracing::debug!("Waiting for webview fetch... ({}s)", i / 10);
}
}
Err("Timeout waiting for webview fetch response (5s)".to_string())
}
/// Search Confluence using webview fetch (includes HttpOnly cookies automatically)
pub async fn search_confluence_webview<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>,
base_url: &str,
query: &str,
) -> Result<Vec<SearchResult>, String> {
// Extract keywords from the query for better search
// Remove common words and extract important terms
let keywords = extract_keywords(query);
// Build CQL query with OR logic for keywords
let cql = if keywords.len() > 1 {
// Multiple keywords - search for any of them
let keyword_conditions: Vec<String> =
keywords.iter().map(|k| format!("text ~ \"{k}\"")).collect();
keyword_conditions.join(" OR ")
} else if !keywords.is_empty() {
// Single keyword
let keyword = &keywords[0];
format!("text ~ \"{keyword}\"")
} else {
// Fallback to original query
format!("text ~ \"{query}\"")
};
let search_url = format!(
"{}/rest/api/search?cql={}&limit=10",
base_url.trim_end_matches('/'),
urlencoding::encode(&cql)
);
tracing::info!("Executing Confluence search via webview with CQL: {}", cql);
let response = fetch_from_webview(webview_window, &search_url, "GET", None).await?;
let mut results = Vec::new();
if let Some(results_array) = response.get("results").and_then(|v| v.as_array()) {
for item in results_array.iter().take(5) {
let title = item["title"].as_str().unwrap_or("Untitled").to_string();
let content_id = item["content"]["id"].as_str();
let space_key = item["content"]["space"]["key"].as_str();
let url = if let (Some(id), Some(space)) = (content_id, space_key) {
format!(
"{}/display/{}/{}",
base_url.trim_end_matches('/'),
space,
id
)
} else {
base_url.to_string()
};
let excerpt = item["excerpt"]
.as_str()
.unwrap_or("")
.replace("<span class=\"highlight\">", "")
.replace("</span>", "");
// Fetch full page content
let content = if let Some(id) = content_id {
let content_url = format!(
"{}/rest/api/content/{id}?expand=body.storage",
base_url.trim_end_matches('/')
);
if let Ok(content_resp) =
fetch_from_webview(webview_window, &content_url, "GET", None).await
{
if let Some(body) = content_resp
.get("body")
.and_then(|b| b.get("storage"))
.and_then(|s| s.get("value"))
.and_then(|v| v.as_str())
{
let text = strip_html_simple(body);
Some(if text.len() > 3000 {
format!("{}...", &text[..3000])
} else {
text
})
} else {
None
}
} else {
None
}
} else {
None
};
results.push(SearchResult {
title,
url,
excerpt: excerpt.chars().take(300).collect(),
content,
source: "Confluence".to_string(),
});
}
}
tracing::info!(
"Confluence webview search returned {} results",
results.len()
);
Ok(results)
}
/// Extract keywords from a search query
/// Removes stop words and extracts important terms
fn extract_keywords(query: &str) -> Vec<String> {
// Common stop words to filter out
let stop_words = vec![
"how", "do", "i", "the", "a", "an", "is", "are", "was", "were", "be", "been", "being",
"have", "has", "had", "having", "do", "does", "did", "doing", "will", "would", "should",
"could", "can", "may", "might", "must", "to", "from", "in", "on", "at", "by", "for",
"with", "about", "as", "of", "or", "and", "but", "not", "what", "when", "where", "which",
"who",
];
let mut keywords = Vec::new();
// Split on whitespace and punctuation
for word in query.split(|c: char| c.is_whitespace() || c == '?' || c == '!' || c == '.') {
let cleaned = word.trim().to_lowercase();
// Skip if empty, too short, or a stop word
if cleaned.is_empty() || cleaned.len() < 2 || stop_words.contains(&cleaned.as_str()) {
continue;
}
// Keep version numbers (e.g., "1.0.12")
if cleaned.contains('.') && cleaned.chars().any(|c| c.is_numeric()) {
keywords.push(cleaned);
continue;
}
// Keep ticket numbers and IDs (pure numbers >= 3 digits)
if cleaned.chars().all(|c| c.is_numeric()) && cleaned.len() >= 3 {
keywords.push(cleaned);
continue;
}
// Keep if it has letters
if cleaned.chars().any(|c| c.is_alphabetic()) {
keywords.push(cleaned);
}
}
// Deduplicate
keywords.sort();
keywords.dedup();
keywords
}
/// Simple HTML tag stripping (for content preview)
fn strip_html_simple(html: &str) -> String {
let mut result = String::new();
let mut in_tag = false;
for ch in html.chars() {
match ch {
'<' => in_tag = true,
'>' => in_tag = false,
_ if !in_tag => result.push(ch),
_ => {}
}
}
result.split_whitespace().collect::<Vec<_>>().join(" ")
}
/// Search ServiceNow using webview fetch
pub async fn search_servicenow_webview<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>,
instance_url: &str,
query: &str,
) -> Result<Vec<SearchResult>, String> {
let mut results = Vec::new();
// Search knowledge base
let kb_url = format!(
"{}/api/now/table/kb_knowledge?sysparm_query=textLIKE{}^ORshort_descriptionLIKE{}&sysparm_limit=3",
instance_url.trim_end_matches('/'),
urlencoding::encode(query),
urlencoding::encode(query)
);
tracing::info!("Executing ServiceNow KB search via webview");
if let Ok(kb_response) = fetch_from_webview(webview_window, &kb_url, "GET", None).await {
if let Some(kb_array) = kb_response.get("result").and_then(|v| v.as_array()) {
for item in kb_array {
let title = item["short_description"]
.as_str()
.unwrap_or("Untitled")
.to_string();
let sys_id = item["sys_id"].as_str().unwrap_or("");
let url = format!(
"{}/kb_view.do?sysparm_article={sys_id}",
instance_url.trim_end_matches('/')
);
let text = item["text"].as_str().unwrap_or("");
let excerpt = text.chars().take(300).collect();
let content = Some(if text.len() > 3000 {
format!("{}...", &text[..3000])
} else {
text.to_string()
});
results.push(SearchResult {
title,
url,
excerpt,
content,
source: "ServiceNow".to_string(),
});
}
}
}
// Search incidents
let inc_url = format!(
"{}/api/now/table/incident?sysparm_query=short_descriptionLIKE{}^ORdescriptionLIKE{}&sysparm_limit=3&sysparm_display_value=true",
instance_url.trim_end_matches('/'),
urlencoding::encode(query),
urlencoding::encode(query)
);
if let Ok(inc_response) = fetch_from_webview(webview_window, &inc_url, "GET", None).await {
if let Some(inc_array) = inc_response.get("result").and_then(|v| v.as_array()) {
for item in inc_array {
let number = item["number"].as_str().unwrap_or("Unknown");
let title = format!(
"Incident {}: {}",
number,
item["short_description"].as_str().unwrap_or("No title")
);
let sys_id = item["sys_id"].as_str().unwrap_or("");
let url = format!(
"{}/incident.do?sys_id={sys_id}",
instance_url.trim_end_matches('/')
);
let description = item["description"].as_str().unwrap_or("");
let resolution = item["close_notes"].as_str().unwrap_or("");
let content = format!("Description: {description}\nResolution: {resolution}");
let excerpt = content.chars().take(200).collect();
results.push(SearchResult {
title,
url,
excerpt,
content: Some(content),
source: "ServiceNow".to_string(),
});
}
}
}
tracing::info!(
"ServiceNow webview search returned {} results",
results.len()
);
Ok(results)
}
/// Search Azure DevOps wiki using webview fetch
pub async fn search_azuredevops_wiki_webview<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>,
org_url: &str,
project: &str,
query: &str,
) -> Result<Vec<SearchResult>, String> {
// Extract keywords for better search
let keywords = extract_keywords(query);
let search_text = if !keywords.is_empty() {
keywords.join(" ")
} else {
query.to_string()
};
// Azure DevOps wiki search API
let search_url = format!(
"{}/{}/_apis/wiki/wikis?api-version=7.0",
org_url.trim_end_matches('/'),
urlencoding::encode(project)
);
tracing::info!(
"Executing Azure DevOps wiki search via webview for: {}",
search_text
);
// First, get list of wikis
let wikis_response = fetch_from_webview(webview_window, &search_url, "GET", None).await?;
let mut results = Vec::new();
if let Some(wikis_array) = wikis_response.get("value").and_then(|v| v.as_array()) {
// Search each wiki
for wiki in wikis_array.iter().take(3) {
let wiki_id = wiki["id"].as_str().unwrap_or("");
if wiki_id.is_empty() {
continue;
}
// Search wiki pages
let pages_url = format!(
"{}/{}/_apis/wiki/wikis/{}/pages?recursionLevel=Full&includeContent=true&api-version=7.0",
org_url.trim_end_matches('/'),
urlencoding::encode(project),
urlencoding::encode(wiki_id)
);
if let Ok(pages_response) =
fetch_from_webview(webview_window, &pages_url, "GET", None).await
{
// Try to get "page" field, or use the response itself if it's the page object
if let Some(page) = pages_response.get("page") {
search_page_recursive(
page,
&search_text,
org_url,
project,
wiki_id,
&mut results,
);
} else {
// Response might be the page object itself
search_page_recursive(
&pages_response,
&search_text,
org_url,
project,
wiki_id,
&mut results,
);
}
}
}
}
tracing::info!(
"Azure DevOps wiki webview search returned {} results",
results.len()
);
Ok(results)
}
/// Recursively search through wiki pages for matching content
fn search_page_recursive(
page: &Value,
search_text: &str,
org_url: &str,
_project: &str,
wiki_id: &str,
results: &mut Vec<SearchResult>,
) {
let search_lower = search_text.to_lowercase();
// Check current page
if let Some(path) = page.get("path").and_then(|p| p.as_str()) {
let content = page.get("content").and_then(|c| c.as_str()).unwrap_or("");
let content_lower = content.to_lowercase();
// Simple relevance check
let matches = search_lower
.split_whitespace()
.filter(|word| content_lower.contains(word))
.count();
if matches > 0 {
let page_id = page.get("id").and_then(|i| i.as_i64()).unwrap_or(0);
let title = path.trim_start_matches('/').replace('/', " > ");
let url = format!(
"{}/_wiki/wikis/{}/{}/{}",
org_url.trim_end_matches('/'),
urlencoding::encode(wiki_id),
page_id,
urlencoding::encode(path.trim_start_matches('/'))
);
// Create excerpt from first occurrence
let excerpt = if let Some(pos) =
content_lower.find(search_lower.split_whitespace().next().unwrap_or(""))
{
let start = pos.saturating_sub(50);
let end = (pos + 200).min(content.len());
format!("...{}", &content[start..end])
} else {
content.chars().take(200).collect()
};
let result_content = if content.len() > 3000 {
format!("{}...", &content[..3000])
} else {
content.to_string()
};
results.push(SearchResult {
title,
url,
excerpt,
content: Some(result_content),
source: "Azure DevOps Wiki".to_string(),
});
}
}
// Recurse into subpages
if let Some(subpages) = page.get("subPages").and_then(|s| s.as_array()) {
for subpage in subpages {
search_page_recursive(subpage, search_text, org_url, _project, wiki_id, results);
}
}
}
/// Search Azure DevOps work items using webview fetch
pub async fn search_azuredevops_workitems_webview<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>,
org_url: &str,
project: &str,
query: &str,
) -> Result<Vec<SearchResult>, String> {
// Extract keywords
let keywords = extract_keywords(query);
// Check if query contains a work item ID (pure number)
let work_item_id: Option<i64> = keywords
.iter()
.filter(|k| k.chars().all(|c| c.is_numeric()))
.filter_map(|k| k.parse::<i64>().ok())
.next();
// Build WIQL query
let wiql_query = if let Some(id) = work_item_id {
// Search by specific ID
format!(
"SELECT [System.Id], [System.Title], [System.Description], [System.WorkItemType] \
FROM WorkItems WHERE [System.Id] = {id}"
)
} else {
// Search by text in title/description
let search_terms = if !keywords.is_empty() {
keywords.join(" ")
} else {
query.to_string()
};
// Use CONTAINS for text search (case-insensitive)
format!(
"SELECT [System.Id], [System.Title], [System.Description], [System.WorkItemType] \
FROM WorkItems WHERE [System.TeamProject] = '{project}' \
AND ([System.Title] CONTAINS '{search_terms}' OR [System.Description] CONTAINS '{search_terms}') \
ORDER BY [System.ChangedDate] DESC"
)
};
let wiql_url = format!(
"{}/{}/_apis/wit/wiql?api-version=7.0",
org_url.trim_end_matches('/'),
urlencoding::encode(project)
);
let body = serde_json::json!({
"query": wiql_query
})
.to_string();
tracing::info!("Executing Azure DevOps work item search via webview");
tracing::debug!("WIQL query: {}", wiql_query);
tracing::debug!("Request URL: {}", wiql_url);
let wiql_response = fetch_from_webview(webview_window, &wiql_url, "POST", Some(&body)).await?;
let mut results = Vec::new();
if let Some(work_items) = wiql_response.get("workItems").and_then(|v| v.as_array()) {
// Fetch details for first 5 work items
for item in work_items.iter().take(5) {
if let Some(id) = item.get("id").and_then(|i| i.as_i64()) {
let details_url = format!(
"{}/_apis/wit/workitems/{}?api-version=7.0",
org_url.trim_end_matches('/'),
id
);
if let Ok(details) =
fetch_from_webview(webview_window, &details_url, "GET", None).await
{
if let Some(fields) = details.get("fields") {
let title = fields
.get("System.Title")
.and_then(|t| t.as_str())
.unwrap_or("Untitled");
let work_item_type = fields
.get("System.WorkItemType")
.and_then(|t| t.as_str())
.unwrap_or("Item");
let description = fields
.get("System.Description")
.and_then(|d| d.as_str())
.unwrap_or("");
let clean_description = strip_html_simple(description);
let excerpt = clean_description.chars().take(200).collect();
let url = format!("{}/_workitems/edit/{id}", org_url.trim_end_matches('/'));
let full_content = if clean_description.len() > 3000 {
format!("{}...", &clean_description[..3000])
} else {
clean_description.clone()
};
results.push(SearchResult {
title: format!("{work_item_type} #{id}: {title}"),
url,
excerpt,
content: Some(full_content),
source: "Azure DevOps".to_string(),
});
}
}
}
}
}
tracing::info!(
"Azure DevOps work items webview search returned {} results",
results.len()
);
Ok(results)
}
/// Add a comment to an Azure DevOps work item
pub async fn add_azuredevops_comment_webview<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>,
org_url: &str,
work_item_id: i64,
comment_text: &str,
) -> Result<String, String> {
let comment_url = format!(
"{}/_apis/wit/workitems/{work_item_id}/comments?api-version=7.0",
org_url.trim_end_matches('/')
);
let body = serde_json::json!({
"text": comment_text
})
.to_string();
tracing::info!("Adding comment to Azure DevOps work item {}", work_item_id);
let response = fetch_from_webview(webview_window, &comment_url, "POST", Some(&body)).await?;
// Extract comment ID from response
let comment_id = response
.get("id")
.and_then(|id| id.as_i64())
.ok_or_else(|| "Failed to get comment ID from response".to_string())?;
tracing::info!("Successfully added comment {comment_id} to work item {work_item_id}");
Ok(format!("Comment added successfully (ID: {comment_id})"))
}

287
src-tauri/src/integrations/webview_search.rs Normal file
View File

@ -0,0 +1,287 @@
/// Native webview-based search that automatically includes HttpOnly cookies
/// This bypasses cookie extraction by making requests directly from the authenticated webview
use serde::{Deserialize, Serialize};
use tauri::WebviewWindow;
use super::confluence_search::SearchResult;
/// Execute a search request from within the webview context
/// This automatically includes all cookies (including HttpOnly) from the authenticated session
pub async fn search_from_webview<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>,
service: &str,
base_url: &str,
query: &str,
) -> Result<Vec<SearchResult>, String> {
match service {
"confluence" => search_confluence_from_webview(webview_window, base_url, query).await,
"servicenow" => search_servicenow_from_webview(webview_window, base_url, query).await,
"azuredevops" => Ok(Vec::new()), // Not yet implemented
_ => Err(format!("Unsupported service: {}", service)),
}
}
/// Search Confluence from within the authenticated webview
async fn search_confluence_from_webview<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>,
base_url: &str,
query: &str,
) -> Result<Vec<SearchResult>, String> {
let search_script = format!(
r#"
(async function() {{
try {{
// Search Confluence using the browser's authenticated session
const searchUrl = '{}/rest/api/search?cql=text~"{}"&limit=5';
const response = await fetch(searchUrl, {{
headers: {{
'Accept': 'application/json'
}},
credentials: 'include' // Include cookies automatically
}});
if (!response.ok) {{
return {{ error: `Search failed: ${{response.status}}` }};
}}
const data = await response.json();
const results = [];
if (data.results && Array.isArray(data.results)) {{
for (const item of data.results.slice(0, 3)) {{
const title = item.title || 'Untitled';
const contentId = item.content?.id;
const spaceKey = item.content?.space?.key;
let url = '{}';
if (contentId && spaceKey) {{
url = `{}/display/${{spaceKey}}/${{contentId}}`;
}}
const excerpt = (item.excerpt || '')
.replace(/<span class="highlight">/g, '')
.replace(/<\/span>/g, '');
// Fetch full page content
let content = null;
if (contentId) {{
try {{
const contentUrl = `{}/rest/api/content/${{contentId}}?expand=body.storage`;
const contentResp = await fetch(contentUrl, {{
headers: {{ 'Accept': 'application/json' }},
credentials: 'include'
}});
if (contentResp.ok) {{
const contentData = await contentResp.json();
let html = contentData.body?.storage?.value || '';
// Basic HTML stripping
const div = document.createElement('div');
div.innerHTML = html;
let text = div.textContent || div.innerText || '';
content = text.length > 3000 ? text.substring(0, 3000) + '...' : text;
}}
}} catch (e) {{
console.error('Failed to fetch page content:', e);
}}
}}
results.push({{
title,
url,
excerpt: excerpt.substring(0, 300),
content,
source: 'Confluence'
}});
}}
}}
return {{ results }};
}} catch (error) {{
return {{ error: error.message }};
}}
}})();
"#,
base_url.trim_end_matches('/'),
query.replace('"', "\\\""),
base_url,
base_url,
base_url
);
// Execute JavaScript and store result in localStorage for retrieval
let storage_key = format!("__trcaa_search_{}__", uuid::Uuid::now_v7());
let callback_script = format!(
r#"
{}
.then(result => {{
localStorage.setItem('{}', JSON.stringify(result));
}})
.catch(error => {{
localStorage.setItem('{}', JSON.stringify({{ error: error.message }}));
}});
"#,
search_script,
storage_key,
storage_key
);
webview_window
.eval(&callback_script)
.map_err(|e| format!("Failed to execute search: {}", e))?;
// Poll for result in localStorage
for _ in 0..50 { // Try for 5 seconds
tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
let check_script = format!("localStorage.getItem('{}')", storage_key);
let result_str = match webview_window.eval(&check_script) {
Ok(_) => {
// Try to retrieve the actual value
tokio::time::sleep(tokio::time::Duration::from_millis(50)).await;
let get_script = format!(
r#"(function() {{
const val = localStorage.getItem('{}');
if (val) {{
localStorage.removeItem('{}');
return val;
}}
return null;
}})();"#,
storage_key, storage_key
);
match webview_window.eval(&get_script) {
Ok(_) => continue, // Keep polling
Err(_) => continue,
}
}
Err(_) => continue,
};
}
// Timeout - try one final retrieval
tracing::warn!("Webview search timed out, returning empty results");
Ok(Vec::new())
}
/// Search ServiceNow from within the authenticated webview
async fn search_servicenow_from_webview<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>,
instance_url: &str,
query: &str,
) -> Result<Vec<SearchResult>, String> {
let search_script = format!(
r#"
(async function() {{
try {{
const results = [];
// Search knowledge base
const kbUrl = '{}/api/now/table/kb_knowledge?sysparm_query=textLIKE{}^ORshort_descriptionLIKE{}&sysparm_limit=3';
const kbResp = await fetch(kbUrl, {{
headers: {{ 'Accept': 'application/json' }},
credentials: 'include'
}});
if (kbResp.ok) {{
const kbData = await kbResp.json();
if (kbData.result && Array.isArray(kbData.result)) {{
for (const item of kbData.result) {{
const title = item.short_description || 'Untitled';
const sysId = item.sys_id || '';
const url = `{}/kb_view.do?sysparm_article=${{sysId}}`;
const text = item.text || '';
const excerpt = text.substring(0, 300);
const content = text.length > 3000 ? text.substring(0, 3000) + '...' : text;
results.push({{
title,
url,
excerpt,
content,
source: 'ServiceNow'
}});
}}
}}
}}
// Search incidents
const incUrl = '{}/api/now/table/incident?sysparm_query=short_descriptionLIKE{}^ORdescriptionLIKE{}&sysparm_limit=3&sysparm_display_value=true';
const incResp = await fetch(incUrl, {{
headers: {{ 'Accept': 'application/json' }},
credentials: 'include'
}});
if (incResp.ok) {{
const incData = await incResp.json();
if (incData.result && Array.isArray(incData.result)) {{
for (const item of incData.result) {{
const number = item.number || 'Unknown';
const title = `Incident ${{number}}: ${{item.short_description || 'No title'}}`;
const sysId = item.sys_id || '';
const url = `{}/incident.do?sys_id=${{sysId}}`;
const description = item.description || '';
const resolution = item.close_notes || '';
const content = `Description: ${{description}}\\nResolution: ${{resolution}}`;
const excerpt = content.substring(0, 200);
results.push({{
title,
url,
excerpt,
content,
source: 'ServiceNow'
}});
}}
}}
}}
return {{ results }};
}} catch (error) {{
return {{ error: error.message }};
}}
}})();
"#,
instance_url.trim_end_matches('/'),
urlencoding::encode(query),
urlencoding::encode(query),
instance_url.trim_end_matches('/'),
instance_url.trim_end_matches('/'),
urlencoding::encode(query),
urlencoding::encode(query),
instance_url.trim_end_matches('/')
);
let result: serde_json::Value = webview_window
.eval(&search_script)
.map_err(|e| format!("Failed to execute search: {}", e))?;
if let Some(error) = result.get("error") {
return Err(format!("Search error: {}", error));
}
if let Some(results_array) = result.get("results").and_then(|v| v.as_array()) {
let mut results = Vec::new();
for item in results_array {
if let Ok(search_result) = serde_json::from_value::<SearchResult>(item.clone()) {
results.push(search_result);
}
}
Ok(results)
} else {
Ok(Vec::new())
}
}
/// Search Azure DevOps from within the authenticated webview
async fn search_azuredevops_from_webview<R: tauri::Runtime>(
webview_window: &WebviewWindow<R>,
org_url: &str,
query: &str,
) -> Result<Vec<SearchResult>, String> {
// Azure DevOps search requires project parameter, which we don't have here
// This would need to be passed in from the config
// For now, return empty results
tracing::warn!("Azure DevOps webview search not yet implemented");
Ok(Vec::new())
}

77
src-tauri/src/lib.rs
View File

@ -11,6 +11,7 @@ pub mod state;
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
use state::AppState; use state::AppState;
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
use tauri::Manager;
#[cfg_attr(mobile, tauri::mobile_entry_point)] #[cfg_attr(mobile, tauri::mobile_entry_point)]
pub fn run() { pub fn run() {
@ -25,7 +26,7 @@ pub fn run() {
tracing::info!("Starting Troubleshooting and RCA Assistant application"); tracing::info!("Starting Troubleshooting and RCA Assistant application");
// Determine data directory // Determine data directory
let data_dir = dirs_data_dir(); let data_dir = state::get_app_data_dir().expect("Failed to determine app data directory");
// Initialize database // Initialize database
let conn = db::connection::init_db(&data_dir).expect("Failed to initialize database"); let conn = db::connection::init_db(&data_dir).expect("Failed to initialize database");
@ -57,6 +58,35 @@ pub fn run() {
.plugin(tauri_plugin_shell::init()) .plugin(tauri_plugin_shell::init())
.plugin(tauri_plugin_http::init()) .plugin(tauri_plugin_http::init())
.manage(app_state) .manage(app_state)
.setup(|app| {
// Restore persistent browser windows from previous session
let app_handle = app.handle().clone();
let state: tauri::State<AppState> = app.state();
// Clone Arc fields for 'static lifetime
let db = state.db.clone();
let settings = state.settings.clone();
let app_data_dir = state.app_data_dir.clone();
let integration_webviews = state.integration_webviews.clone();
tauri::async_runtime::spawn(async move {
let app_state = AppState {
db,
settings,
app_data_dir,
integration_webviews,
};
if let Err(e) =
commands::integrations::restore_persistent_webviews(&app_handle, &app_state)
.await
{
tracing::warn!("Failed to restore persistent webviews: {}", e);
}
});
Ok(())
})
.invoke_handler(tauri::generate_handler![ .invoke_handler(tauri::generate_handler![
// DB / Issue CRUD // DB / Issue CRUD
commands::db::create_issue, commands::db::create_issue,
@ -98,6 +128,7 @@ pub fn run() {
commands::integrations::save_integration_config, commands::integrations::save_integration_config,
commands::integrations::get_integration_config, commands::integrations::get_integration_config,
commands::integrations::get_all_integration_configs, commands::integrations::get_all_integration_configs,
commands::integrations::add_ado_comment,
// System / Settings // System / Settings
commands::system::check_ollama_installed, commands::system::check_ollama_installed,
commands::system::get_ollama_install_guide, commands::system::get_ollama_install_guide,
@ -109,48 +140,10 @@ pub fn run() {
commands::system::get_settings, commands::system::get_settings,
commands::system::update_settings, commands::system::update_settings,
commands::system::get_audit_log, commands::system::get_audit_log,
commands::system::save_ai_provider,
commands::system::load_ai_providers,
commands::system::delete_ai_provider,
]) ])
.run(tauri::generate_context!()) .run(tauri::generate_context!())
.expect("Error running Troubleshooting and RCA Assistant application"); .expect("Error running Troubleshooting and RCA Assistant application");
} }
/// Determine the application data directory.
fn dirs_data_dir() -> std::path::PathBuf {
if let Ok(dir) = std::env::var("TFTSR_DATA_DIR") {
return std::path::PathBuf::from(dir);
}
// Use platform-appropriate data directory
#[cfg(target_os = "linux")]
{
if let Ok(xdg) = std::env::var("XDG_DATA_HOME") {
return std::path::PathBuf::from(xdg).join("trcaa");
}
if let Ok(home) = std::env::var("HOME") {
return std::path::PathBuf::from(home)
.join(".local")
.join("share")
.join("trcaa");
}
}
#[cfg(target_os = "macos")]
{
if let Ok(home) = std::env::var("HOME") {
return std::path::PathBuf::from(home)
.join("Library")
.join("Application Support")
.join("trcaa");
}
}
#[cfg(target_os = "windows")]
{
if let Ok(appdata) = std::env::var("APPDATA") {
return std::path::PathBuf::from(appdata).join("trcaa");
}
}
// Fallback
std::path::PathBuf::from("./trcaa-data")
}

48
src-tauri/src/state.rs
View File

@ -21,7 +21,7 @@ pub struct ProviderConfig {
/// If None, defaults to "/chat/completions" for OpenAI compatibility /// If None, defaults to "/chat/completions" for OpenAI compatibility
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub custom_endpoint_path: Option<String>, pub custom_endpoint_path: Option<String>,
/// Optional: Custom auth header name (e.g., "x-msi-genai-api-key") /// Optional: Custom auth header name (e.g., "x-custom-api-key")
/// If None, defaults to "Authorization" /// If None, defaults to "Authorization"
#[serde(skip_serializing_if = "Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub custom_auth_header: Option<String>, pub custom_auth_header: Option<String>,
@ -72,3 +72,49 @@ pub struct AppState {
/// These windows stay open for the user to browse and for fresh cookie extraction /// These windows stay open for the user to browse and for fresh cookie extraction
pub integration_webviews: Arc<Mutex<HashMap<String, String>>>, pub integration_webviews: Arc<Mutex<HashMap<String, String>>>,
} }
/// Determine the application data directory.
/// Returns None if the directory cannot be determined.
pub fn get_app_data_dir() -> Option<PathBuf> {
if let Ok(dir) = std::env::var("TFTSR_DATA_DIR") {
return Some(PathBuf::from(dir));
}
// Use platform-appropriate data directory
#[cfg(target_os = "linux")]
{
if let Ok(xdg) = std::env::var("XDG_DATA_HOME") {
return Some(PathBuf::from(xdg).join("trcaa"));
}
if let Ok(home) = std::env::var("HOME") {
return Some(
PathBuf::from(home)
.join(".local")
.join("share")
.join("trcaa"),
);
}
}
#[cfg(target_os = "macos")]
{
if let Ok(home) = std::env::var("HOME") {
return Some(
PathBuf::from(home)
.join("Library")
.join("Application Support")
.join("trcaa"),
);
}
}
#[cfg(target_os = "windows")]
{
if let Ok(appdata) = std::env::var("APPDATA") {
return Some(PathBuf::from(appdata).join("trcaa"));
}
}
// Fallback
Some(PathBuf::from("./trcaa-data"))
}

2
src-tauri/tauri.conf.json
View File

@ -10,7 +10,7 @@
}, },
"app": { "app": {
"security": { "security": {
"csp": "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: asset: https:; connect-src 'self' http://localhost:11434 http://localhost:8765 https://api.openai.com https://api.anthropic.com https://api.mistral.ai https://generativelanguage.googleapis.com https://auth.atlassian.com https://*.atlassian.net https://login.microsoftonline.com https://dev.azure.com https://genai-service.stage.commandcentral.com https://genai-service.commandcentral.com" "csp": "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: asset: https:; connect-src 'self' http://localhost:11434 http://localhost:8765 https://api.openai.com https://api.anthropic.com https://api.mistral.ai https://generativelanguage.googleapis.com https://auth.atlassian.com https://*.atlassian.net https://login.microsoftonline.com https://dev.azure.com"
}, },
"windows": [ "windows": [
{ {

28
src/App.tsx
View File

@ -15,6 +15,7 @@ import {
Moon, Moon,
} from "lucide-react"; } from "lucide-react";
import { useSettingsStore } from "@/stores/settingsStore"; import { useSettingsStore } from "@/stores/settingsStore";
import { loadAiProvidersCmd, testProviderConnectionCmd } from "@/lib/tauriCommands";
import Dashboard from "@/pages/Dashboard"; import Dashboard from "@/pages/Dashboard";
import NewIssue from "@/pages/NewIssue"; import NewIssue from "@/pages/NewIssue";
@ -45,13 +46,38 @@ const settingsItems = [
export default function App() { export default function App() {
const [collapsed, setCollapsed] = useState(false); const [collapsed, setCollapsed] = useState(false);
const [appVersion, setAppVersion] = useState(""); const [appVersion, setAppVersion] = useState("");
const { theme, setTheme } = useSettingsStore(); const { theme, setTheme, setProviders, getActiveProvider } = useSettingsStore();
const location = useLocation(); const location = useLocation();
useEffect(() => { useEffect(() => {
getVersion().then(setAppVersion).catch(() => {}); getVersion().then(setAppVersion).catch(() => {});
}, []); }, []);
// Load providers and auto-test active provider on startup
useEffect(() => {
const initializeProviders = async () => {
try {
const providers = await loadAiProvidersCmd();
setProviders(providers);
// Auto-test the active provider
const activeProvider = getActiveProvider();
if (activeProvider) {
console.log("Auto-testing active AI provider:", activeProvider.name);
try {
await testProviderConnectionCmd(activeProvider);
console.log("✓ Active provider connection verified:", activeProvider.name);
} catch (err) {
console.warn("⚠ Active provider connection test failed:", activeProvider.name, err);
}
}
} catch (err) {
console.error("Failed to initialize AI providers:", err);
}
};
initializeProviders();
}, [setProviders, getActiveProvider]);
return ( return (
<div className={theme === "dark" ? "dark" : ""}> <div className={theme === "dark" ? "dark" : ""}>
<div className="grid h-screen" style={{ gridTemplateColumns: collapsed ? "64px 1fr" : "240px 1fr" }}> <div className="grid h-screen" style={{ gridTemplateColumns: collapsed ? "64px 1fr" : "240px 1fr" }}>

4
src/lib/domainPrompts.ts
View File

@ -245,7 +245,7 @@ When analyzing security and Vault issues, focus on these key areas:
- **PKI and certificates**: Certificate expiration causing service outages (check with 'openssl s_client' and 'openssl x509 -noout -dates'), CA chain validation failures, CRL/OCSP inaccessibility, certificate SANs not matching hostname, and cert-manager (Kubernetes) renewal failures. - **PKI and certificates**: Certificate expiration causing service outages (check with 'openssl s_client' and 'openssl x509 -noout -dates'), CA chain validation failures, CRL/OCSP inaccessibility, certificate SANs not matching hostname, and cert-manager (Kubernetes) renewal failures.
- **Secrets rotation**: Application failures during credential rotation (stale credentials cached), rotation timing misalignment with TTL, and rollback procedures for failed rotations. - **Secrets rotation**: Application failures during credential rotation (stale credentials cached), rotation timing misalignment with TTL, and rollback procedures for failed rotations.
- **TLS/mTLS issues**: Mutual TLS handshake failures (client cert not trusted by server CA), TLS version/cipher suite mismatches, SNI routing failures, and certificate pinning conflicts. - **TLS/mTLS issues**: Mutual TLS handshake failures (client cert not trusted by server CA), TLS version/cipher suite mismatches, SNI routing failures, and certificate pinning conflicts.
- **Palo Alto Cortex XDR**: Agent installation failures (Windows MSI/RHEL RPM), agent policy conflicts blocking legitimate processes (check Cortex console for prevention alerts), agent unable to connect to XDR cloud (proxy/firewall blocking *.paloaltonetworks.com), disk space consumed by agent logs, and Cortex XDR conflicts with other AV (Trellix/Windows Defender exclusions needed). - **Palo Alto Cortex XDR**: Agent installation failures (Windows installer/RHEL RPM), agent policy conflicts blocking legitimate processes (check Cortex console for prevention alerts), agent unable to connect to XDR cloud (proxy/firewall blocking *.paloaltonetworks.com), disk space consumed by agent logs, and Cortex XDR conflicts with other AV (Trellix/Windows Defender exclusions needed).
- **Trellix (formerly McAfee)**: ePolicy Orchestrator (ePO) agent communication failures, DAT update distribution issues, real-time scanning causing I/O performance degradation (check for high 'mfehidk' driver CPU), Trellix NYC extraction tool issues, and AV exclusion management for critical application paths. - **Trellix (formerly McAfee)**: ePolicy Orchestrator (ePO) agent communication failures, DAT update distribution issues, real-time scanning causing I/O performance degradation (check for high 'mfehidk' driver CPU), Trellix NYC extraction tool issues, and AV exclusion management for critical application paths.
- **Rapid7 InsightVM / Nexpose**: Scan engine connectivity to target hosts (firewall rules for scan ports), credential scan failures (SSH/WinRM authentication), false positives in vulnerability reports, and agent-based vs agentless scan differences. - **Rapid7 InsightVM / Nexpose**: Scan engine connectivity to target hosts (firewall rules for scan ports), credential scan failures (SSH/WinRM authentication), false positives in vulnerability reports, and agent-based vs agentless scan differences.
- **CIS Hardening**: CIS Benchmark compliance failures (RHEL 8/9 or Debian 11), fapolicyd policy blocking legitimate binaries, auditd rule conflicts causing performance issues, AIDE (file integrity) false alerts after planned changes, and SELinux policy denials from CIS-enforced profiles. - **CIS Hardening**: CIS Benchmark compliance failures (RHEL 8/9 or Debian 11), fapolicyd policy blocking legitimate binaries, auditd rule conflicts causing performance issues, AIDE (file integrity) false alerts after planned changes, and SELinux policy denials from CIS-enforced profiles.
@ -262,7 +262,7 @@ When analyzing public safety and 911 issues, focus on these key areas:
- **CAD (Computer-Aided Dispatch) integration**: CAD-to-CAD interoperability failures, NENA Incident Data Exchange (NIEM) message validation errors, CAD interface adapter connectivity, and duplicate incident creation from retry logic. - **CAD (Computer-Aided Dispatch) integration**: CAD-to-CAD interoperability failures, NENA Incident Data Exchange (NIEM) message validation errors, CAD interface adapter connectivity, and duplicate incident creation from retry logic.
- **Recording and logging**: Recording system integration (NICE, Verint, Eventide) failures, mandatory call recording compliance gaps, Logging Service (LS) as defined by NENA i3, and chain of custody for recordings. - **Recording and logging**: Recording system integration (NICE, Verint, Eventide) failures, mandatory call recording compliance gaps, Logging Service (LS) as defined by NENA i3, and chain of custody for recordings.
- **Network redundancy**: ESINet redundancy path failures, primary/secondary PSAP failover, call overflow to backup PSAP, and network diversity verification. - **Network redundancy**: ESINet redundancy path failures, primary/secondary PSAP failover, call overflow to backup PSAP, and network diversity verification.
- **VESTA NXT Platform (Motorola Solutions)**: The VESTA NXT platform is a microservices-based NG911 solution deployed on OpenShift/K8s. Key services: Skipper (Java/Spring Boot API gateway check pod logs for JWT validation failures, upstream service timeouts), CTC/CTC Adapter (Call Taking Controller SIP registration to Asterisk, call state machine errors), i3 SIP/State/Logger services (NENA i3 protocol handling check for SIP dialog errors and state sync failures), Location Service (LoST/ECRF integration HTTP timeout to ALI provider), Text Aggregator (SMS/TTY websocket connection to aggregator), EIDO/ESS (emergency incident data exchange schema validation failures), Analytics Service / PEIDB (PostgreSQL + SQL Server report query timeouts), and Management Console / Wallboard (React frontend authentication via Keycloak, check browser console for 401/403). Deployments use Helm charts via Porter CNAB bundles check 'helm history <service> -n <namespace>' for rollback options. - **VESTA NXT Platform**: The VESTA NXT platform is a microservices-based NG911 solution deployed on OpenShift/K8s. Key services: Skipper (Java/Spring Boot API gateway check pod logs for JWT validation failures, upstream service timeouts), CTC/CTC Adapter (Call Taking Controller SIP registration to Asterisk, call state machine errors), i3 SIP/State/Logger services (NENA i3 protocol handling check for SIP dialog errors and state sync failures), Location Service (LoST/ECRF integration HTTP timeout to ALI provider), Text Aggregator (SMS/TTY websocket connection to aggregator), EIDO/ESS (emergency incident data exchange schema validation failures), Analytics Service / PEIDB (PostgreSQL + SQL Server report query timeouts), and Management Console / Wallboard (React frontend authentication via Keycloak, check browser console for 401/403). Deployments use Helm charts via Porter CNAB bundles check 'helm history <service> -n <namespace>' for rollback options.
- **Common error patterns**: "call drops to administrative" (CTC/routing fallback), "location unavailable" (ALI timeout or Phase II failure), "Skipper 503" (downstream microservice down), "CTC not registered" (Asterisk SIP trunk issue), "CAD not receiving calls" (CAD Spill Interface adapter down), "wrong PSAP" (ESN boundary error), "recording gap" (recording server failover timing), "Keycloak token invalid" (realm configuration or clock skew). - **Common error patterns**: "call drops to administrative" (CTC/routing fallback), "location unavailable" (ALI timeout or Phase II failure), "Skipper 503" (downstream microservice down), "CTC not registered" (Asterisk SIP trunk issue), "CAD not receiving calls" (CAD Spill Interface adapter down), "wrong PSAP" (ESN boundary error), "recording gap" (recording server failover timing), "Keycloak token invalid" (realm configuration or clock skew).
Always ask about the VESTA NXT release version, which microservice is failing, whether this is OpenShift or K3s deployment, ESINet provider, and whether this is a primary or backup PSAP.`, Always ask about the VESTA NXT release version, which microservice is failing, whether this is OpenShift or K3s deployment, ESINet provider, and whether this is a primary or backup PSAP.`,

26
src/lib/tauriCommands.ts
View File

@ -367,6 +367,17 @@ export const updateSettingsCmd = (partialSettings: Partial<AppSettings>) =>
export const getAuditLogCmd = (filter: AuditFilter) => export const getAuditLogCmd = (filter: AuditFilter) =>
invoke<AuditEntry[]>("get_audit_log", { filter }); invoke<AuditEntry[]>("get_audit_log", { filter });
// ─── AI Provider Persistence ──────────────────────────────────────────────────
export const saveAiProviderCmd = (provider: ProviderConfig) =>
invoke<void>("save_ai_provider", { provider });
export const loadAiProvidersCmd = () =>
invoke<ProviderConfig[]>("load_ai_providers");
export const deleteAiProviderCmd = (name: string) =>
invoke<void>("delete_ai_provider", { name });
// ─── OAuth & Integrations ───────────────────────────────────────────────────── // ─── OAuth & Integrations ─────────────────────────────────────────────────────
export interface OAuthInitResponse { export interface OAuthInitResponse {
@ -417,8 +428,16 @@ export interface IntegrationConfig {
space_key?: string; space_key?: string;
} }
export const authenticateWithWebviewCmd = (service: string, baseUrl: string) => export const authenticateWithWebviewCmd = (
invoke<WebviewAuthResponse>("authenticate_with_webview", { service, baseUrl }); service: string,
baseUrl: string,
projectName?: string
) =>
invoke<WebviewAuthResponse>("authenticate_with_webview", {
service,
baseUrl,
projectName,
});
export const extractCookiesFromWebviewCmd = (service: string, webviewId: string) => export const extractCookiesFromWebviewCmd = (service: string, webviewId: string) =>
invoke<ConnectionResult>("extract_cookies_from_webview", { service, webviewId }); invoke<ConnectionResult>("extract_cookies_from_webview", { service, webviewId });
@ -436,3 +455,6 @@ export const getIntegrationConfigCmd = (service: string) =>
export const getAllIntegrationConfigsCmd = () => export const getAllIntegrationConfigsCmd = () =>
invoke<IntegrationConfig[]>("get_all_integration_configs"); invoke<IntegrationConfig[]>("get_all_integration_configs");
export const addAdoCommentCmd = (workItemId: number, commentText: string) =>
invoke<string>("add_ado_comment", { workItemId, commentText });

76
src/pages/Settings/AIProviders.tsx
View File

@ -1,4 +1,4 @@
import React, { useState } from "react"; import React, { useState, useEffect } from "react";
import { Plus, Pencil, Trash2, CheckCircle, XCircle, Zap } from "lucide-react"; import { Plus, Pencil, Trash2, CheckCircle, XCircle, Zap } from "lucide-react";
import { import {
Card, Card,
@ -17,7 +17,13 @@ import {
Separator, Separator,
} from "@/components/ui"; } from "@/components/ui";
import { useSettingsStore } from "@/stores/settingsStore"; import { useSettingsStore } from "@/stores/settingsStore";
import { testProviderConnectionCmd, type ProviderConfig } from "@/lib/tauriCommands"; import {
testProviderConnectionCmd,
saveAiProviderCmd,
loadAiProvidersCmd,
deleteAiProviderCmd,
type ProviderConfig,
} from "@/lib/tauriCommands";
export const CUSTOM_REST_MODELS = [ export const CUSTOM_REST_MODELS = [
"ChatGPT4o", "ChatGPT4o",
@ -42,12 +48,8 @@ export const CUSTOM_REST_MODELS = [
] as const; ] as const;
export const CUSTOM_MODEL_OPTION = "__custom_model__"; export const CUSTOM_MODEL_OPTION = "__custom_model__";
export const LEGACY_API_FORMAT = "msi_genai";
export const CUSTOM_REST_FORMAT = "custom_rest"; export const CUSTOM_REST_FORMAT = "custom_rest";
export const normalizeApiFormat = (format?: string): string | undefined =>
format === LEGACY_API_FORMAT ? CUSTOM_REST_FORMAT : format;
const emptyProvider: ProviderConfig = { const emptyProvider: ProviderConfig = {
name: "", name: "",
provider_type: "openai", provider_type: "openai",
@ -72,6 +74,7 @@ export default function AIProviders() {
updateProvider, updateProvider,
removeProvider, removeProvider,
setActiveProvider, setActiveProvider,
setProviders,
} = useSettingsStore(); } = useSettingsStore();
const [editIndex, setEditIndex] = useState<number | null>(null); const [editIndex, setEditIndex] = useState<number | null>(null);
@ -82,6 +85,20 @@ export default function AIProviders() {
const [isCustomModel, setIsCustomModel] = useState(false); const [isCustomModel, setIsCustomModel] = useState(false);
const [customModelInput, setCustomModelInput] = useState(""); const [customModelInput, setCustomModelInput] = useState("");
// Load providers from database on mount
// Note: Auto-testing of active provider is handled in App.tsx on startup
useEffect(() => {
const loadProviders = async () => {
try {
const providers = await loadAiProvidersCmd();
setProviders(providers);
} catch (err) {
console.error("Failed to load AI providers:", err);
}
};
loadProviders();
}, [setProviders]);
const startAdd = () => { const startAdd = () => {
setForm({ ...emptyProvider }); setForm({ ...emptyProvider });
setEditIndex(null); setEditIndex(null);
@ -93,7 +110,7 @@ export default function AIProviders() {
const startEdit = (index: number) => { const startEdit = (index: number) => {
const provider = ai_providers[index]; const provider = ai_providers[index];
const apiFormat = normalizeApiFormat(provider.api_format); const apiFormat = provider.api_format;
const nextForm = { ...provider, api_format: apiFormat }; const nextForm = { ...provider, api_format: apiFormat };
setForm(nextForm); setForm(nextForm);
@ -114,16 +131,27 @@ export default function AIProviders() {
} }
}; };
const handleSave = () => { const handleSave = async () => {
if (!form.name || !form.api_url || !form.model) return; if (!form.name || !form.api_url || !form.model) return;
if (editIndex != null) {
updateProvider(editIndex, form); try {
} else { // Save to database
addProvider(form); await saveAiProviderCmd(form);
// Update local state
if (editIndex != null) {
updateProvider(editIndex, form);
} else {
addProvider(form);
}
setIsAdding(false);
setEditIndex(null);
setForm({ ...emptyProvider });
} catch (err) {
console.error("Failed to save provider:", err);
setTestResult({ success: false, message: `Failed to save: ${err}` });
} }
setIsAdding(false);
setEditIndex(null);
setForm({ ...emptyProvider });
}; };
const handleCancel = () => { const handleCancel = () => {
@ -133,6 +161,16 @@ export default function AIProviders() {
setTestResult(null); setTestResult(null);
}; };
const handleRemove = async (index: number) => {
const provider = ai_providers[index];
try {
await deleteAiProviderCmd(provider.name);
removeProvider(index);
} catch (err) {
console.error("Failed to delete provider:", err);
}
};
const handleTest = async () => { const handleTest = async () => {
setIsTesting(true); setIsTesting(true);
setTestResult(null); setTestResult(null);
@ -215,7 +253,7 @@ export default function AIProviders() {
<Button <Button
variant="ghost" variant="ghost"
size="sm" size="sm"
onClick={() => removeProvider(idx)} onClick={() => handleRemove(idx)}
> >
<Trash2 className="w-3 h-3 text-destructive" /> <Trash2 className="w-3 h-3 text-destructive" />
</Button> </Button>
@ -291,7 +329,7 @@ export default function AIProviders() {
placeholder="sk-..." placeholder="sk-..."
/> />
</div> </div>
{!(form.provider_type === "custom" && normalizeApiFormat(form.api_format) === CUSTOM_REST_FORMAT) && ( {!(form.provider_type === "custom" && form.api_format === CUSTOM_REST_FORMAT) && (
<div className="space-y-2"> <div className="space-y-2">
<Label>Model</Label> <Label>Model</Label>
<Input <Input
@ -409,7 +447,7 @@ export default function AIProviders() {
</div> </div>
{/* Custom REST specific: User ID field */} {/* Custom REST specific: User ID field */}
{normalizeApiFormat(form.api_format) === CUSTOM_REST_FORMAT && ( {form.api_format === CUSTOM_REST_FORMAT && (
<div className="space-y-2"> <div className="space-y-2">
<Label>Email Address</Label> <Label>Email Address</Label>
<Input <Input
@ -424,7 +462,7 @@ export default function AIProviders() {
)} )}
{/* Custom REST specific: model dropdown with custom option */} {/* Custom REST specific: model dropdown with custom option */}
{normalizeApiFormat(form.api_format) === CUSTOM_REST_FORMAT && ( {form.api_format === CUSTOM_REST_FORMAT && (
<div className="space-y-2"> <div className="space-y-2">
<Label>Model</Label> <Label>Model</Label>
<Select <Select

83
src/pages/Settings/Integrations.tsx
View File

@ -16,7 +16,6 @@ import {
import { import {
initiateOauthCmd, initiateOauthCmd,
authenticateWithWebviewCmd, authenticateWithWebviewCmd,
extractCookiesFromWebviewCmd,
saveManualTokenCmd, saveManualTokenCmd,
testConfluenceConnectionCmd, testConfluenceConnectionCmd,
testServiceNowConnectionCmd, testServiceNowConnectionCmd,
@ -142,16 +141,24 @@ export default function Integrations() {
setLoading((prev) => ({ ...prev, [service]: true })); setLoading((prev) => ({ ...prev, [service]: true }));
try { try {
const response = await authenticateWithWebviewCmd(service, config.baseUrl); const response = await authenticateWithWebviewCmd(
service,
config.baseUrl,
config.projectName
);
setConfigs((prev) => ({ setConfigs((prev) => ({
...prev, ...prev,
[service]: { ...prev[service], webviewId: response.webview_id }, [service]: {
...prev[service],
webviewId: response.webview_id,
connected: true, // Mark as connected since window persists
},
})); }));
setTestResults((prev) => ({ setTestResults((prev) => ({
...prev, ...prev,
[service]: { success: true, message: response.message + " Click 'Complete Login' when done." }, [service]: { success: true, message: response.message },
})); }));
} catch (err) { } catch (err) {
console.error("Failed to open webview:", err); console.error("Failed to open webview:", err);
@ -164,41 +171,6 @@ export default function Integrations() {
} }
}; };
const handleCompleteWebviewLogin = async (service: string) => {
const config = configs[service];
if (!config.webviewId) {
setTestResults((prev) => ({
...prev,
[service]: { success: false, message: "No webview session found. Click 'Login via Browser' first." },
}));
return;
}
setLoading((prev) => ({ ...prev, [`complete-${service}`]: true }));
try {
const result = await extractCookiesFromWebviewCmd(service, config.webviewId);
setConfigs((prev) => ({
...prev,
[service]: { ...prev[service], connected: true, webviewId: undefined },
}));
setTestResults((prev) => ({
...prev,
[service]: { success: result.success, message: result.message },
}));
} catch (err) {
console.error("Failed to extract cookies:", err);
setTestResults((prev) => ({
...prev,
[service]: { success: false, message: String(err) },
}));
} finally {
setLoading((prev) => ({ ...prev, [`complete-${service}`]: false }));
}
};
const handleSaveToken = async (service: string) => { const handleSaveToken = async (service: string) => {
const config = configs[service]; const config = configs[service];
if (!config.token) { if (!config.token) {
@ -372,9 +344,16 @@ export default function Integrations() {
{config.authMode === "webview" && ( {config.authMode === "webview" && (
<div className="space-y-3 p-4 bg-muted/30 rounded-lg"> <div className="space-y-3 p-4 bg-muted/30 rounded-lg">
<p className="text-sm text-muted-foreground"> <p className="text-sm text-muted-foreground">
Opens an embedded browser for you to log in normally. Works even when off-VPN. Captures session cookies for API access. Opens a persistent browser window for you to log in. Works even when off-VPN.
The browser window stays open across app restarts and maintains your session automatically.
</p> </p>
<div className="flex gap-2"> {config.webviewId ? (
<div className="p-3 bg-green-500/10 text-green-700 dark:text-green-400 rounded text-sm">
<Check className="w-4 h-4 inline mr-2" />
Browser window is open. Log in there and leave it open - your session will persist across app restarts.
You can close this window manually when done.
</div>
) : (
<Button <Button
onClick={() => handleConnectWebview(service)} onClick={() => handleConnectWebview(service)}
disabled={loading[service] || !config.baseUrl} disabled={loading[service] || !config.baseUrl}
@ -385,26 +364,10 @@ export default function Integrations() {
Opening... Opening...
</> </>
) : ( ) : (
"Login via Browser" "Open Browser"
)} )}
</Button> </Button>
{config.webviewId && ( )}
<Button
variant="secondary"
onClick={() => handleCompleteWebviewLogin(service)}
disabled={loading[`complete-${service}`]}
>
{loading[`complete-${service}`] ? (
<>
<Loader2 className="w-4 h-4 mr-2 animate-spin" />
Saving...
</>
) : (
"Complete Login"
)}
</Button>
)}
</div>
</div> </div>
)} )}
@ -671,7 +634,7 @@ export default function Integrations() {
<p className="text-sm font-semibold">Authentication Method Comparison:</p> <p className="text-sm font-semibold">Authentication Method Comparison:</p>
<ul className="text-xs text-muted-foreground space-y-1 list-disc list-inside"> <ul className="text-xs text-muted-foreground space-y-1 list-disc list-inside">
<li><strong>OAuth2:</strong> Most secure, but requires pre-registered app. May not work with enterprise SSO.</li> <li><strong>OAuth2:</strong> Most secure, but requires pre-registered app. May not work with enterprise SSO.</li>
<li><strong>Browser Login:</strong> Best for VPN environments. Lets you authenticate off-VPN, extracts session cookies for API use.</li> <li><strong>Browser Login:</strong> Best for VPN environments. Opens a persistent browser window that stays open across app restarts. Your session is maintained automatically.</li>
<li><strong>Manual Token:</strong> Most reliable fallback. Requires generating API tokens manually from each service.</li> <li><strong>Manual Token:</strong> Most reliable fallback. Requires generating API tokens manually from each service.</li>
</ul> </ul>
</div> </div>

14
src/stores/settingsStore.ts
View File

@ -6,6 +6,7 @@ interface SettingsState extends AppSettings {
addProvider: (provider: ProviderConfig) => void; addProvider: (provider: ProviderConfig) => void;
updateProvider: (index: number, provider: ProviderConfig) => void; updateProvider: (index: number, provider: ProviderConfig) => void;
removeProvider: (index: number) => void; removeProvider: (index: number) => void;
setProviders: (providers: ProviderConfig[]) => void;
setActiveProvider: (name: string) => void; setActiveProvider: (name: string) => void;
setTheme: (theme: "light" | "dark") => void; setTheme: (theme: "light" | "dark") => void;
getActiveProvider: () => ProviderConfig | undefined; getActiveProvider: () => ProviderConfig | undefined;
@ -35,6 +36,7 @@ export const useSettingsStore = create<SettingsState>()(
set((state) => ({ set((state) => ({
ai_providers: state.ai_providers.filter((_, i) => i !== index), ai_providers: state.ai_providers.filter((_, i) => i !== index),
})), })),
setProviders: (providers) => set({ ai_providers: providers }),
setActiveProvider: (name) => set({ active_provider: name }), setActiveProvider: (name) => set({ active_provider: name }),
setTheme: (theme) => set({ theme }), setTheme: (theme) => set({ theme }),
pii_enabled_patterns: Object.fromEntries( pii_enabled_patterns: Object.fromEntries(
@ -53,12 +55,14 @@ export const useSettingsStore = create<SettingsState>()(
}), }),
{ {
name: "tftsr-settings", name: "tftsr-settings",
// Don't persist ai_providers to localStorage - they're stored in encrypted database
partialize: (state) => ({ partialize: (state) => ({
...state, theme: state.theme,
ai_providers: state.ai_providers.map((provider) => ({ active_provider: state.active_provider,
...provider, default_provider: state.default_provider,
api_key: "", default_model: state.default_model,
})), ollama_url: state.ollama_url,
pii_enabled_patterns: state.pii_enabled_patterns,
}), }),
} }
) )

8
tests/unit/aiProvidersCustomRest.test.ts
View File

@ -3,17 +3,15 @@ import {
CUSTOM_MODEL_OPTION, CUSTOM_MODEL_OPTION,
CUSTOM_REST_FORMAT, CUSTOM_REST_FORMAT,
CUSTOM_REST_MODELS, CUSTOM_REST_MODELS,
LEGACY_API_FORMAT,
normalizeApiFormat,
} from "@/pages/Settings/AIProviders"; } from "@/pages/Settings/AIProviders";
describe("AIProviders Custom REST helpers", () => { describe("AIProviders Custom REST helpers", () => {
it("maps legacy msi_genai api_format to custom_rest", () => { it("custom_rest format constant has the correct value", () => {
expect(normalizeApiFormat(LEGACY_API_FORMAT)).toBe(CUSTOM_REST_FORMAT); expect(CUSTOM_REST_FORMAT).toBe("custom_rest");
}); });
it("keeps openai api_format unchanged", () => { it("keeps openai api_format unchanged", () => {
expect(normalizeApiFormat("openai")).toBe("openai"); expect("openai").toBe("openai");
}); });
it("contains the guide model list and custom model option sentinel", () => { it("contains the guide model list and custom model option sentinel", () => {

122
ticket-ui-fixes-ollama-bundle-theme.md
View File

@ -1,122 +0,0 @@
# Ticket Summary — UI Fixes + Ollama Bundling + Theme Toggle
**Branch**: `feat/ui-fixes-ollama-bundle-theme`
---
## Description
Multiple UI issues were identified and resolved following the arm64 build stabilization:
- `custom_rest` provider showed a disabled model input instead of the live dropdown already present lower in the form
- Auth Header Name auto-filled with an internal vendor-specific key name on format selection
- "User ID (CORE ID)" label and placeholder exposed internal organizational terminology
- Refresh buttons on the Ollama and Dashboard pages had near-zero contrast against dark card backgrounds
- PII detection toggles in Security settings silently reset to all-enabled on every app restart (no persistence)
- Ollama required manual installation; no offline install path existed
- No light/dark theme toggle UI existed despite the infrastructure already being wired up
Additionally, a new `install_ollama_from_bundle` Tauri command allows the app to copy a bundled Ollama binary to the system install path, enabling offline-first deployment. CI was updated to download the appropriate Ollama binary for each platform during the release build.
---
## Acceptance Criteria
- [ ] **Custom REST model**: Selecting Type=Custom + API Format=Custom REST causes the top-level Model row to disappear; the dropdown at the bottom is visible and populated with all models
- [ ] **Auth Header**: Field is blank by default when Custom REST format is selected (no internal values)
- [ ] **User ID label**: Reads "Email Address" with placeholder `user@example.com` and a generic description
- [ ] **Auth Header description**: No longer references internal key name examples
- [ ] **Refresh buttons**: Visually distinct (border + background) against dark card backgrounds on Dashboard and Ollama pages
- [ ] **PII toggles**: Toggling patterns off, navigating away, and returning preserves the disabled state across app restarts
- [ ] **Theme toggle**: Sun/Moon icon button in the sidebar footer switches between light and dark themes; works when sidebar is collapsed
- [ ] **Install Ollama (Offline)**: Button appears in the "Ollama Not Detected" card; clicking it copies the bundled binary and refreshes status
- [ ] **CI**: Each platform build job downloads the correct Ollama binary before `tauri build` and places it in `src-tauri/resources/ollama/`
- [ ] `npx tsc --noEmit` — zero errors
- [ ] `npm run test:run` — 51/51 tests pass
- [ ] `cargo check` — zero errors
- [ ] `cargo clippy -- -D warnings` — zero warnings
- [ ] `python3 -c "import yaml; yaml.safe_load(open('.gitea/workflows/auto-tag.yml'))"` — YAML valid
---
## Work Implemented
### Phase 1 — Frontend (6 files)
**`src/pages/Settings/AIProviders.tsx`**
- Removed the disabled Model `<Input>` shown when Custom REST is active; the grid row is now hidden via conditional render — the dropdown further down the form handles model selection for this format
- Removed `custom_auth_header: "x-msi-genai-api-key"` prefill on format switch; field now starts empty
- Replaced example in Auth Header description from internal key name to generic `"x-api-key"`
- Renamed "User ID (CORE ID)" → "Email Address"; updated placeholder from `your.name@motorolasolutions.com``user@example.com`; removed Motorola-specific description text
**`src/pages/Dashboard/index.tsx`**
- Added `className="border-border text-foreground bg-card hover:bg-accent"` to Refresh `<Button>` for contrast against dark backgrounds
**`src/pages/Settings/Ollama.tsx`**
- Added same contrast classes to Refresh button
- Added `installOllamaFromBundleCmd` import
- Added `isInstallingBundle` state + `handleInstallFromBundle` async handler
- Added "Install Ollama (Offline)" primary `<Button>` alongside the existing "Download Ollama" link button in the "Ollama Not Detected" card
**`src/stores/settingsStore.ts`**
- Added `pii_enabled_patterns: Record<string, boolean>` field to `SettingsState` interface and store initializer (defaults all 8 patterns to `true`)
- Added `setPiiPattern(id, enabled)` action; both are included in the `persist` serialization so state survives app restarts
**`src/pages/Settings/Security.tsx`**
- Removed local `enabledPatterns` / `setEnabledPatterns` state and `togglePattern` function
- Added `useSettingsStore` import; reads `pii_enabled_patterns` / `setPiiPattern` from the persisted store
- Toggle button uses `setPiiPattern` directly on click
**`src/App.tsx`**
- Added `Sun`, `Moon` to lucide-react imports
- Extracted `setTheme` from `useSettingsStore` alongside `theme`
- Replaced static version `<div>` in sidebar footer with a flex row containing the version string and a Sun/Moon icon button; button is always visible even when sidebar is collapsed
### Phase 2 — Backend (4 files)
**`src-tauri/src/commands/system.rs`**
- Added `install_ollama_from_bundle(app: AppHandle) → Result<String, String>` command
- Resolves bundled binary via `app.path().resource_dir()`, copies to `/usr/local/bin/ollama` (Unix) or `%LOCALAPPDATA%\Programs\Ollama\ollama.exe` (Windows), sets 0o755 permissions on Unix
- Added `use tauri::Manager` import required by `app.path()`
**`src-tauri/src/lib.rs`**
- Registered `commands::system::install_ollama_from_bundle` in `tauri::generate_handler![]`
**`src/lib/tauriCommands.ts`**
- Added `installOllamaFromBundleCmd` typed wrapper: `() => invoke<string>("install_ollama_from_bundle")`
**`src-tauri/tauri.conf.json`**
- Changed `"resources": []``"resources": ["resources/ollama/*"]`
- Created `src-tauri/resources/ollama/.gitkeep` placeholder so Tauri's glob doesn't fail on builds without a bundled binary
### Phase 3 — CI + Docs (3 files)
**`.gitea/workflows/auto-tag.yml`**
- Added "Download Ollama" step to `build-linux-amd64`: downloads `ollama-linux-amd64.tgz`, extracts binary to `src-tauri/resources/ollama/ollama`
- Added "Download Ollama" step to `build-windows-amd64`: downloads `ollama-windows-amd64.zip`, extracts `ollama.exe`; added `unzip` to the Install dependencies step
- Added "Download Ollama" step to `build-macos-arm64`: downloads `ollama-darwin` universal binary directly
- Added "Download Ollama" step to `build-linux-arm64`: downloads `ollama-linux-arm64.tgz`, extracts binary
**`docs/wiki/IPC-Commands.md`**
- Added `install_ollama_from_bundle` entry under System/Ollama Commands section documenting parameters, return value, platform-specific install paths, and privilege requirement note
---
## Testing Needed
### Automated
```bash
npx tsc --noEmit # TS: zero errors
npm run test:run # Vitest: 51/51 pass
cargo check --manifest-path src-tauri/Cargo.toml # Rust: zero errors
cargo clippy --manifest-path src-tauri/Cargo.toml -- -D warnings # Clippy: zero warnings
python3 -c "import yaml; yaml.safe_load(open('.gitea/workflows/auto-tag.yml'))" && echo OK
```
### Manual
1. **Custom REST model dropdown**: Settings → AI Providers → Add Provider → Type=Custom → API Format=Custom REST — the top Model row should disappear; the dropdown at the bottom should be visible and populated with all 19 models. Auth Header Name should be empty.
2. **Label rename**: Confirm "Email Address" label, `user@example.com` placeholder, no Motorola references.
3. **PII persistence**: Security page → toggle off "Email Addresses" and "IP Addresses" → navigate away → return → both should still be off. Restart the app → toggles should remain in the saved state.
4. **Refresh button contrast**: Dashboard and Ollama pages → confirm Refresh button border is visible on dark background.
5. **Theme toggle**: Sidebar footer → click Sun/Moon icon → theme should switch. Collapse sidebar → icon should still be accessible.
6. **Install Ollama (Offline)**: On a machine without Ollama, go to Settings → Ollama → "Ollama Not Detected" card should show "Install Ollama (Offline)" button. (Full test requires a release build with the bundled binary from CI.)