diff --git a/CHANGELOG.md b/CHANGELOG.md index 9de21515..748094b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,406 +4,46 @@ All notable changes to TFTSR are documented here. Commit types shown: feat, fix, perf, docs, refactor. CI, chore, and build changes are excluded. -## [Unreleased] +## [0.3.6] — 2026-05-31 ### Bug Fixes -- Harden timeline event input validation and atomic writes +- **ci**: Push detached HEAD to master using HEAD:master refspec +- **ci**: Consolidate all auto-tag changelog fixes + +## [0.3.5] — 2026-05-31 + +### Bug Fixes +- **ci**: Changelog job creates release to avoid race with build jobs +- **ci**: Verify tag exists locally before running git-cliff + +## [0.3.4] — 2026-05-31 + +### Bug Fixes +- **ci**: Pass release_tag as job output; fix equal-version case; drop git-describe [skip ci] +- **ai,search**: Load history across all conversations; deep search related tables +- **ci**: Reduce AI review hallucinations in pr-review workflow +- **agentic**: Inline format arg in writeln! to satisfy clippy::uninlined_format_args +- **ci**: Rewrite pr-review to send full file contents instead of diffs +- **ci**: Fix secret scrubbing regex that was deleting legitimate code lines +- **ci**: Add post-generation evidence verification to pr-review +- **ci**: Add codebase index to prompt; verify findings against full repo +- **ci**: Fix backtick command substitution crash in pr-review prompt +- **ci**: Remove concurrency group that silently dropped pr-review runs +- **ci**: Replace heredoc with printf to fix YAML block scalar breakage +- **ci**: Fix grep invalid range and printf invalid option in pr-review +- **ci**: Remove remaining printf -- calls in Analyze with LLM step +- **ci**: Use printf '%s' form to avoid format strings starting with hyphen +- **ci**: Write curl body to file to avoid ARG_MAX limit +- **ci**: Install python3 in pr-review container (ubuntu:22.04 omits it) +- **sudo**: Enforce username scope and singleton row in sudo_config ### Documentation -- Update wiki for timeline events and incident response methodology +- **analysis**: Document zip-slip safety guarantee in extract_docx_text ### Features -- Add timeline_events table, model, and CRUD commands -- Populate RCA and postmortem docs with real timeline data -- Wire incident response methodology into AI and record triage events +- **upload**: Add safe file extension validation and binary text extraction -## [0.2.71] — 2026-04-29 - -### Features -- Add devops-incident-responder agent with domain auto-detection -- Fix auto-tag workflow to use correct tag range for release notes - -## [0.2.65] — 2026-04-15 - -### Bug Fixes -- Add --locked to cargo commands and improve version update script -- Remove invalid --locked flag from cargo commands and fix format string -- **integrations**: Security and correctness improvements -- Correct WIQL syntax and escape_wiql implementation - -### Features -- Implement dynamic versioning from Git tags -- **integrations**: Implement query expansion for semantic search - -### Security -- Fix query expansion issues from PR review -- Address all issues from automated PR review - -## [0.2.63] — 2026-04-13 - -### Bug Fixes -- Add Windows nsis target and update CHANGELOG to v0.2.61 - -## [0.2.61] — 2026-04-13 - -### Bug Fixes -- Remove AppImage from upload artifact patterns - -## [0.2.59] — 2026-04-13 - -### Bug Fixes -- Remove AppImage bundling to fix linux-amd64 build - -## [0.2.57] — 2026-04-13 - -### Bug Fixes -- Add fuse dependency for AppImage support - -### Refactoring -- Remove custom linuxdeploy install per CI CI uses tauri-downloaded version -- Revert to original Dockerfile without manual linuxdeploy installation - -## [0.2.56] — 2026-04-13 - -### Bug Fixes -- Add missing ai_providers columns and fix linux-amd64 build -- Address AI review findings -- Address critical AI review issues - -## [0.2.55] — 2026-04-13 - -### Bug Fixes -- **ci**: Use Gitea file API to push CHANGELOG.md — eliminates non-fast-forward rejection -- **ci**: Harden CHANGELOG.md API push step per review - -## [0.2.54] — 2026-04-13 - -### Bug Fixes -- **ci**: Correct git-cliff archive path in tar extraction - -## [0.2.53] — 2026-04-13 - -### Features -- **ci**: Add automated changelog generation via git-cliff - -## [0.2.52] — 2026-04-13 - -### Bug Fixes -- **ci**: Add APPIMAGE_EXTRACT_AND_RUN to build-linux-amd64 - -## [0.2.51] — 2026-04-13 - -### Bug Fixes -- **ci**: Address AI review — rustup idempotency and cargo --locked -- **ci**: Replace docker:24-cli with alpine + docker-cli in build-images -- **docker**: Add ca-certificates to arm64 base image step 1 -- **ci**: Resolve test.yml failures — Cargo.lock, updated test assertions -- **ci**: Address second AI review — || true, ca-certs, cache@v4, key suffixes - -### Documentation -- **docker**: Expand rebuild trigger comments to include OpenSSL and Tauri CLI - -### Performance -- **ci**: Use pre-baked images and add cargo/npm caching - -## [0.2.50] — 2026-04-12 - -### Bug Fixes -- Rename GITEA_TOKEN to TF_TOKEN to comply with naming restrictions -- Remove actions/checkout to avoid Node.js dependency -- Use ubuntu container with git installed -- Use actions/checkout with token auth and self-hosted runner -- Use IP addresses for internal services -- Simplified workflow syntax -- Add debugging output for Ollamaresponse -- Correct Ollama URL, API endpoint, and JSON construction in pr-review workflow -- Add diagnostics to identify empty Ollama response root cause -- Use bash shell and remove bash-only substring expansion in pr-review -- Restore migration 014, bump version to 0.2.50, harden pr-review workflow -- Harden pr-review workflow and sync versions to 0.2.50 -- Configure container DNS to resolve ollama-ui.tftsr.com -- Harden pr-review workflow — URLs, DNS, correctness and reliability -- Resolve AI review false positives and address high/medium issues -- Replace github.server_url with hardcoded gogs.tftsr.com for container access -- Revert to two-dot diff — three-dot requires merge base unavailable in shallow clone -- Harden pr-review workflow — secret redaction, log safety, auth header - -### Features -- Add automated PR review workflow with Ollama AI - -## [0.2.49] — 2026-04-10 - -### Bug Fixes -- Add missing ai_providers migration (014) - -## [0.2.48] — 2026-04-10 - -### Bug Fixes -- Lint fixes and formatting cleanup - -### Features -- Support GenAI datastore file uploads and fix paste image upload - -## [0.2.47] — 2026-04-09 - -### Bug Fixes -- Use 'provider' argument name to match Rust command signature - -## [0.2.46] — 2026-04-09 - -### Bug Fixes -- Add @types/testing-library__react for TypeScript compilation - -### Update -- Node_modules from npm install - -## [0.2.45] — 2026-04-09 - -### Bug Fixes -- Force single test thread for Rust tests to eliminate race conditions - -## [0.2.43] — 2026-04-09 - -### Bug Fixes -- Fix encryption test race condition with parallel tests -- OpenWebUI provider connection and missing command registrations - -### Features -- Add image attachment support with PII detection - -## [0.2.42] — 2026-04-07 - -### Documentation -- Add AGENTS.md and SECURITY_AUDIT.md - -## [0.2.41] — 2026-04-07 - -### Bug Fixes -- **db,auth**: Auto-generate encryption keys for release builds -- **lint**: Use inline format args in auth.rs -- **lint**: Resolve all clippy warnings for CI compliance -- **fmt**: Apply rustfmt formatting to webview_fetch.rs -- **types**: Replace normalizeApiFormat() calls with direct value - -### Documentation -- **architecture**: Add C4 diagrams, ADRs, and architecture overview - -### Features -- **ai**: Add tool-calling and integration search as AI data source - -## [0.2.40] — 2026-04-06 - -### Bug Fixes -- **ci**: Remove explicit docker.sock mount — act_runner mounts it automatically - -## [0.2.36] — 2026-04-06 - -### Features -- **ci**: Add persistent pre-baked Docker builder images - -## [0.2.35] — 2026-04-06 - -### Bug Fixes -- **ci**: Skip Ollama download on macOS build — runner has no access to GitHub binary assets -- **ci**: Remove all Ollama bundle download steps — use UI download button instead - -### Refactoring -- **ollama**: Remove download/install buttons — show plain install instructions only - -## [0.2.34] — 2026-04-06 - -### Bug Fixes -- **security**: Add path canonicalization and actionable permission error in install_ollama_from_bundle - -### Features -- **ui**: Fix model dropdown, auth prefill, PII persistence, theme toggle, and Ollama bundle - -## [0.2.33] — 2026-04-05 - -### Features -- **rebrand**: Rename binary to trcaa and auto-generate DB key - -## [0.2.32] — 2026-04-05 - -### Bug Fixes -- **ci**: Restrict arm64 bundles to deb,rpm — skip AppImage - -## [0.2.31] — 2026-04-05 - -### Bug Fixes -- **ci**: Set APPIMAGE_EXTRACT_AND_RUN=1 for arm64 AppImage bundling - -## [0.2.30] — 2026-04-05 - -### Bug Fixes -- **ci**: Add make to arm64 host tools for OpenSSL vendored build - -## [0.2.28] — 2026-04-05 - -### Bug Fixes -- **ci**: Use POSIX dot instead of source in arm64 build step - -## [0.2.27] — 2026-04-05 - -### Bug Fixes -- **ci**: Remove GITHUB_PATH append that was breaking arm64 install step - -## [0.2.26] — 2026-04-05 - -### Bug Fixes -- **ci**: Switch build-linux-arm64 to Ubuntu 22.04 with ports mirror - -### Documentation -- Update CI pipeline wiki and add ticket summary for arm64 fix - -## [0.2.25] — 2026-04-05 - -### Bug Fixes -- **ci**: Rebuild apt sources with per-arch entries before arm64 cross-compile install -- **ci**: Add workflow_dispatch and concurrency guard to auto-tag -- **ci**: Replace heredoc with printf in arm64 install step - -## [0.2.24] — 2026-04-05 - -### Bug Fixes -- **ci**: Fix arm64 cross-compile, drop cargo install tauri-cli, move wiki-sync - -## [0.2.23] — 2026-04-05 - -### Bug Fixes -- **ci**: Unblock release jobs and namespace linux artifacts by arch -- **security**: Harden secret handling and audit integrity -- **pii**: Remove lookahead from hostname regex, fix fmt in analysis test -- **security**: Enforce PII redaction before AI log transmission -- **ci**: Unblock release jobs and namespace linux artifacts by arch - -## [0.2.22] — 2026-04-05 - -### Bug Fixes -- **ci**: Run linux arm release natively and enforce arm artifacts - -## [0.2.21] — 2026-04-05 - -### Bug Fixes -- **ci**: Force explicit linux arm64 target for release artifacts - -## [0.2.20] — 2026-04-05 - -### Refactoring -- **ci**: Remove standalone release workflow - -## [0.2.19] — 2026-04-05 - -### Bug Fixes -- **ci**: Guarantee release jobs run after auto-tag -- **ci**: Use stable auto-tag job outputs for release fanout -- **ci**: Run post-tag release builds without job-output gating -- **ci**: Repair auto-tag workflow yaml so jobs trigger - -## [0.2.18] — 2026-04-05 - -### Bug Fixes -- **ci**: Trigger release workflow from auto-tag pushes - -## [0.2.17] — 2026-04-05 - -### Bug Fixes -- **ci**: Harden release asset uploads for reruns - -## [0.2.16] — 2026-04-05 - -### Bug Fixes -- **ci**: Make release artifacts reliable across platforms - -## [0.2.14] — 2026-04-04 - -### Bug Fixes -- Resolve macOS bundle path after app rename - -## [0.2.13] — 2026-04-04 - -### Bug Fixes -- Resolve clippy uninlined_format_args in integrations and related modules -- Resolve clippy format-args failures and OpenSSL vendoring issue - -### Features -- Add custom_rest provider mode and rebrand application name - -## [0.2.12] — 2026-04-04 - -### Bug Fixes -- ARM64 build uses native target instead of cross-compile - -## [0.2.11] — 2026-04-04 - -### Bug Fixes -- Persist integration settings and implement persistent browser windows - -## [0.2.10] — 2026-04-03 - -### Features -- Complete webview cookie extraction implementation - -## [0.2.9] — 2026-04-03 - -### Features -- Add multi-mode authentication for integrations (v0.2.10) - -## [0.2.8] — 2026-04-03 - -### Features -- Add temperature and max_tokens support for Custom REST providers (v0.2.9) - -## [0.2.7] — 2026-04-03 - -### Bug Fixes -- Use Wiki secret for authenticated wiki sync (v0.2.8) - -### Documentation -- Update wiki for v0.2.6 - integrations and Custom REST provider - -### Features -- Add automatic wiki sync to CI workflow (v0.2.7) - -## [0.2.6] — 2026-04-03 - -### Bug Fixes -- Add user_id support and OAuth shell permission (v0.2.6) - -## [0.2.5] — 2026-04-03 - -### Documentation -- Add Custom REST provider documentation - -### Features -- Implement Confluence, ServiceNow, and Azure DevOps REST API clients -- Add Custom REST provider support - -## [0.2.4] — 2026-04-03 - -### Features -- Implement OAuth2 token exchange and AES-256-GCM encryption -- Add OAuth2 Tauri commands for integration authentication -- Implement OAuth2 callback server with automatic token exchange -- Add OAuth2 frontend UI and complete integration flow - -## [0.2.3] — 2026-04-03 - -### Bug Fixes -- Improve Cancel button contrast in AI disclaimer modal - -### Features -- Add database schema for integration credentials and config - -## [0.2.1] — 2026-04-03 - -### Bug Fixes -- Implement native DOCX export without pandoc dependency - -### Features -- Add AI disclaimer modal before creating new issues - -## [0.1.0] — 2026-04-03 +## [0.3.3] — 2026-05-23 ### Bug Fixes - Resolve all clippy lints (uninlined format args, range::contains, push_str single chars) @@ -444,6 +84,103 @@ CI, chore, and build changes are excluded. - Improve release artifact upload error handling - Install jq in Linux/Windows build containers - Improve download button visibility and add DOCX export +- Implement native DOCX export without pandoc dependency +- Improve Cancel button contrast in AI disclaimer modal +- Add user_id support and OAuth shell permission (v0.2.6) +- Use Wiki secret for authenticated wiki sync (v0.2.8) +- Persist integration settings and implement persistent browser windows +- ARM64 build uses native target instead of cross-compile +- Resolve clippy uninlined_format_args in integrations and related modules +- Resolve clippy format-args failures and OpenSSL vendoring issue +- Resolve macOS bundle path after app rename +- **ci**: Make release artifacts reliable across platforms +- **ci**: Harden release asset uploads for reruns +- **ci**: Trigger release workflow from auto-tag pushes +- **ci**: Guarantee release jobs run after auto-tag +- **ci**: Use stable auto-tag job outputs for release fanout +- **ci**: Run post-tag release builds without job-output gating +- **ci**: Repair auto-tag workflow yaml so jobs trigger +- **ci**: Force explicit linux arm64 target for release artifacts +- **ci**: Run linux arm release natively and enforce arm artifacts +- **ci**: Unblock release jobs and namespace linux artifacts by arch +- **security**: Harden secret handling and audit integrity +- **pii**: Remove lookahead from hostname regex, fix fmt in analysis test +- **security**: Enforce PII redaction before AI log transmission +- **ci**: Unblock release jobs and namespace linux artifacts by arch +- **ci**: Fix arm64 cross-compile, drop cargo install tauri-cli, move wiki-sync +- **ci**: Rebuild apt sources with per-arch entries before arm64 cross-compile install +- **ci**: Add workflow_dispatch and concurrency guard to auto-tag +- **ci**: Replace heredoc with printf in arm64 install step +- **ci**: Switch build-linux-arm64 to Ubuntu 22.04 with ports mirror +- **ci**: Remove GITHUB_PATH append that was breaking arm64 install step +- **ci**: Use POSIX dot instead of source in arm64 build step +- **ci**: Add make to arm64 host tools for OpenSSL vendored build +- **ci**: Set APPIMAGE_EXTRACT_AND_RUN=1 for arm64 AppImage bundling +- **ci**: Restrict arm64 bundles to deb,rpm — skip AppImage +- **security**: Add path canonicalization and actionable permission error in install_ollama_from_bundle +- **ci**: Skip Ollama download on macOS build — runner has no access to GitHub binary assets +- **ci**: Remove all Ollama bundle download steps — use UI download button instead +- **ci**: Remove explicit docker.sock mount — act_runner mounts it automatically +- **db,auth**: Auto-generate encryption keys for release builds +- **lint**: Use inline format args in auth.rs +- **lint**: Resolve all clippy warnings for CI compliance +- **fmt**: Apply rustfmt formatting to webview_fetch.rs +- **types**: Replace normalizeApiFormat() calls with direct value +- Fix encryption test race condition with parallel tests +- OpenWebUI provider connection and missing command registrations +- Force single test thread for Rust tests to eliminate race conditions +- Add @types/testing-library__react for TypeScript compilation +- Use 'provider' argument name to match Rust command signature +- Lint fixes and formatting cleanup +- Add missing ai_providers migration (014) +- Rename GITEA_TOKEN to TF_TOKEN to comply with naming restrictions +- Remove actions/checkout to avoid Node.js dependency +- Use ubuntu container with git installed +- Use actions/checkout with token auth and self-hosted runner +- Use IP addresses for internal services +- Simplified workflow syntax +- Add debugging output for Ollamaresponse +- Correct Ollama URL, API endpoint, and JSON construction in pr-review workflow +- Add diagnostics to identify empty Ollama response root cause +- Use bash shell and remove bash-only substring expansion in pr-review +- Restore migration 014, bump version to 0.2.50, harden pr-review workflow +- Harden pr-review workflow and sync versions to 0.2.50 +- Configure container DNS to resolve ollama-ui.tftsr.com +- Harden pr-review workflow — URLs, DNS, correctness and reliability +- Resolve AI review false positives and address high/medium issues +- Replace github.server_url with hardcoded gogs.tftsr.com for container access +- Revert to two-dot diff — three-dot requires merge base unavailable in shallow clone +- Harden pr-review workflow — secret redaction, log safety, auth header +- **ci**: Address AI review — rustup idempotency and cargo --locked +- **ci**: Replace docker:24-cli with alpine + docker-cli in build-images +- **docker**: Add ca-certificates to arm64 base image step 1 +- **ci**: Resolve test.yml failures — Cargo.lock, updated test assertions +- **ci**: Address second AI review — || true, ca-certs, cache@v4, key suffixes +- **ci**: Add APPIMAGE_EXTRACT_AND_RUN to build-linux-amd64 +- **ci**: Correct git-cliff archive path in tar extraction +- **ci**: Use Gitea file API to push CHANGELOG.md — eliminates non-fast-forward rejection +- **ci**: Harden CHANGELOG.md API push step per review +- Add missing ai_providers columns and fix linux-amd64 build +- Address AI review findings +- Address critical AI review issues +- Add fuse dependency for AppImage support +- Remove AppImage bundling to fix linux-amd64 build +- Remove AppImage from upload artifact patterns +- Add Windows nsis target and update CHANGELOG to v0.2.61 +- Add --locked to cargo commands and improve version update script +- Remove invalid --locked flag from cargo commands and fix format string +- **integrations**: Security and correctness improvements +- Correct WIQL syntax and escape_wiql implementation +- Harden timeline event input validation and atomic writes +- **ci**: Switch PR review from Ollama to liteLLM (qwen2.5-72b) +- **test**: Await async data in auditLog test to prevent race condition +- **auto-tag**: Use correct tag range for release notes +- **auto-tag**: Use tea CLI instead of hardcoded tokens +- **ci**: Use qwen3-coder-next model for PR review +- **mcp**: Add timeouts, delete audit log, OAuth state nonce; improve PR review prompt +- **ci**: Replace tea with curl, honour Cargo.toml version [skip ci] +- **ci**: Replace tea CLI with curl in changelog steps; read Cargo.toml for version +- Bump tauri.conf.json version to 0.3.0 ### Documentation - Update PLAN.md with accurate implementation status @@ -455,6 +192,18 @@ CI, chore, and build changes are excluded. - Update README and wiki for Gitea Actions migration - Update README, wiki, and UI version to v0.1.1 - Add LiteLLM + AWS Bedrock integration guide +- Add Custom REST provider documentation +- Update wiki for v0.2.6 - integrations and Custom REST provider +- Update CI pipeline wiki and add ticket summary for arm64 fix +- **architecture**: Add C4 diagrams, ADRs, and architecture overview +- Add AGENTS.md and SECURITY_AUDIT.md +- **docker**: Expand rebuild trigger comments to include OpenSSL and Tauri CLI +- Update wiki for timeline events and incident response methodology +- Clarify changelog exclusion criteria +- Add v0.2.66 changelog entry +- Update CHANGELOG.md for v0.2.68 +- Update CHANGELOG.md for v0.2.69-v0.2.71 +- Update CHANGELOG.md for v0.2.71 ### Features - Initial implementation of TFTSR IT Triage & RCA application @@ -466,8 +215,50 @@ CI, chore, and build changes are excluded. - Close issues, restore history, auto-save resolution steps - Expand domains to 13 — add Telephony, Security/Vault, Public Safety, Application, Automation/CI-CD - Add HPE, Dell, Identity domains + expand k8s/security/observability/VESTA NXT +- Add AI disclaimer modal before creating new issues +- Add database schema for integration credentials and config +- Implement OAuth2 token exchange and AES-256-GCM encryption +- Add OAuth2 Tauri commands for integration authentication +- Implement OAuth2 callback server with automatic token exchange +- Add OAuth2 frontend UI and complete integration flow +- Implement Confluence, ServiceNow, and Azure DevOps REST API clients +- Add Custom REST provider support +- Add automatic wiki sync to CI workflow (v0.2.7) +- Add temperature and max_tokens support for Custom REST providers (v0.2.9) +- Add multi-mode authentication for integrations (v0.2.10) +- Complete webview cookie extraction implementation +- Add custom_rest provider mode and rebrand application name +- **rebrand**: Rename binary to trcaa and auto-generate DB key +- **ui**: Fix model dropdown, auth prefill, PII persistence, theme toggle, and Ollama bundle +- **ci**: Add persistent pre-baked Docker builder images +- **ai**: Add tool-calling and integration search as AI data source +- Add image attachment support with PII detection +- Support GenAI datastore file uploads and fix paste image upload +- Add automated PR review workflow with Ollama AI +- **ci**: Add automated changelog generation via git-cliff +- Implement dynamic versioning from Git tags +- **integrations**: Implement query expansion for semantic search +- Add timeline_events table, model, and CRUD commands +- Populate RCA and postmortem docs with real timeline data +- Wire incident response methodology into AI and record triage events +- **ai**: Add devops-incident-responder agent with domain auto-detection +- **mcp**: Add MCP Server Support with TDD implementation + +### Performance +- **ci**: Use pre-baked images and add cargo/npm caching + +### Refactoring +- **ci**: Remove standalone release workflow +- **ollama**: Remove download/install buttons — show plain install instructions only +- Remove custom linuxdeploy install per CI CI uses tauri-downloaded version +- Revert to original Dockerfile without manual linuxdeploy installation ### Security - Rotate exposed token, redact from PLAN.md, add secret patterns to .gitignore +- Fix query expansion issues from PR review +- Address all issues from automated PR review + +### Update +- Node_modules from npm install