tftsr-devops_investigation

sarman/tftsr-devops_investigation

Fork 0

Commit Graph

Author	SHA1	Message	Date
Shaun Arman	01474fb5f2	feat: implement OAuth2 token exchange and AES-256-GCM encryption Phase 2.2: OAuth2 flow - Part 1 (Token exchange + encryption) Implemented: - OAuth2 authorization code exchange with PKCE * Real HTTP POST to token endpoint * Parses access_token, refresh_token, expires_in, token_type * Calculates expires_at timestamp - AES-256-GCM token encryption * Uses TFTSR_ENCRYPTION_KEY env var (or dev default) * Random nonce per encryption (12 bytes) * Base64-encoded output with nonce prepended * Proper key derivation (32 bytes) - Updated credential storage * store_pat() now encrypts tokens before DB storage * get_pat() decrypts tokens on retrieval * Stores both token_hash (audit) and encrypted_token (actual) Dependencies added: - mockito 1.7.2 (dev) - HTTP mocking for tests - aes-gcm 0.10 - AES-256-GCM encryption - rand 0.8 - Cryptographically secure RNG TDD tests (20 passing with --test-threads=1): - OAuth exchange: success, missing token, HTTP error, network error - Encryption: roundtrip, different nonces, invalid data, wrong key - PAT storage: store/retrieve, nonexistent service, replacement Note: Tests require single-threaded execution due to env var test isolation. This is acceptable for CI/CD.	2026-04-03 14:32:17 -05:00
Shaun Arman	8839075805	feat: initial implementation of TFTSR IT Triage & RCA application Implements Phases 1-8 of the TFTSR implementation plan. Rust backend (Tauri 2.x, src-tauri/): - Multi-provider AI: OpenAI-compatible, Anthropic, Gemini, Mistral, Ollama - PII detection engine: 11 regex patterns with overlap resolution - SQLCipher AES-256 encrypted database with 10 versioned migrations - 28 Tauri IPC commands for triage, analysis, document, and system ops - Ollama: hardware probe, model recommendations, pull/delete with events - RCA and blameless post-mortem Markdown document generators - PDF export via printpdf - Audit log: SHA-256 hash of every external data send - Integration stubs for Confluence, ServiceNow, Azure DevOps (v0.2) Frontend (React 18 + TypeScript + Vite, src/): - 9 pages: full triage workflow NewIssue→LogUpload→Triage→Resolution→RCA→Postmortem→History+Settings - 7 components: ChatWindow, TriageProgress, PiiDiffViewer, DocEditor, HardwareReport, ModelSelector, UI primitives - 3 Zustand stores: session, settings (persisted), history - Type-safe tauriCommands.ts matching Rust backend types exactly - 8 IT domain system prompts (Linux, Windows, Network, K8s, DB, Virt, HW, Obs) DevOps: - .woodpecker/test.yml: rustfmt, clippy, cargo test, tsc, vitest on every push - .woodpecker/release.yml: linux/amd64 + linux/arm64 builds, Gogs release upload Verified: - cargo check: zero errors - tsc --noEmit: zero errors - vitest run: 13/13 unit tests passing Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>	2026-03-14 22:36:25 -05:00

Author

SHA1

Message

Date

Shaun Arman

01474fb5f2

feat: implement OAuth2 token exchange and AES-256-GCM encryption

Phase 2.2: OAuth2 flow - Part 1 (Token exchange + encryption)

Implemented:
- OAuth2 authorization code exchange with PKCE
  * Real HTTP POST to token endpoint
  * Parses access_token, refresh_token, expires_in, token_type
  * Calculates expires_at timestamp

- AES-256-GCM token encryption
  * Uses TFTSR_ENCRYPTION_KEY env var (or dev default)
  * Random nonce per encryption (12 bytes)
  * Base64-encoded output with nonce prepended
  * Proper key derivation (32 bytes)

- Updated credential storage
  * store_pat() now encrypts tokens before DB storage
  * get_pat() decrypts tokens on retrieval
  * Stores both token_hash (audit) and encrypted_token (actual)

Dependencies added:
- mockito 1.7.2 (dev) - HTTP mocking for tests
- aes-gcm 0.10 - AES-256-GCM encryption
- rand 0.8 - Cryptographically secure RNG

TDD tests (20 passing with --test-threads=1):
- OAuth exchange: success, missing token, HTTP error, network error
- Encryption: roundtrip, different nonces, invalid data, wrong key
- PAT storage: store/retrieve, nonexistent service, replacement

Note: Tests require single-threaded execution due to env var
test isolation. This is acceptable for CI/CD.

2026-04-03 14:32:17 -05:00

Shaun Arman

8839075805

feat: initial implementation of TFTSR IT Triage & RCA application

Implements Phases 1-8 of the TFTSR implementation plan.

Rust backend (Tauri 2.x, src-tauri/):
- Multi-provider AI: OpenAI-compatible, Anthropic, Gemini, Mistral, Ollama
- PII detection engine: 11 regex patterns with overlap resolution
- SQLCipher AES-256 encrypted database with 10 versioned migrations
- 28 Tauri IPC commands for triage, analysis, document, and system ops
- Ollama: hardware probe, model recommendations, pull/delete with events
- RCA and blameless post-mortem Markdown document generators
- PDF export via printpdf
- Audit log: SHA-256 hash of every external data send
- Integration stubs for Confluence, ServiceNow, Azure DevOps (v0.2)

Frontend (React 18 + TypeScript + Vite, src/):
- 9 pages: full triage workflow NewIssue→LogUpload→Triage→Resolution→RCA→Postmortem→History+Settings
- 7 components: ChatWindow, TriageProgress, PiiDiffViewer, DocEditor, HardwareReport, ModelSelector, UI primitives
- 3 Zustand stores: session, settings (persisted), history
- Type-safe tauriCommands.ts matching Rust backend types exactly
- 8 IT domain system prompts (Linux, Windows, Network, K8s, DB, Virt, HW, Obs)

DevOps:
- .woodpecker/test.yml: rustfmt, clippy, cargo test, tsc, vitest on every push
- .woodpecker/release.yml: linux/amd64 + linux/arm64 builds, Gogs release upload

Verified:
- cargo check: zero errors
- tsc --noEmit: zero errors
- vitest run: 13/13 unit tests passing

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

2026-03-14 22:36:25 -05:00

2 Commits