Workflow changes:
- Switch Ollama to https://ollama-ui.tftsr.com/ollama/v1 (OpenAI-compat)
with OLLAMA_API_KEY secret — removes hardcoded internal IP
- Update endpoint to /chat/completions and response parsing to
.choices[0].message.content for OpenAI-compat format
- Add concurrency block to prevent racing on same PR number
- Add shell: bash + set -euo pipefail to all steps
- Add TF_TOKEN presence validation before posting review
- Add --max-time 30 and HTTP status check to comment POST curl
- Redact common secret patterns from diff before sending to Ollama
- Add binary diff warning via grep for "^Binary files"
- Add UTC timestamps to Ollama call and review post log lines
- Add always-run Cleanup step to remove /tmp artifacts
Version consistency:
- Sync Cargo.toml and package.json from 0.1.0 to 0.2.50 to match
tauri.conf.json
- Restore 014_create_ai_providers migration and tests missing due to
branch diverging from master before PR #34 merged
- Bump version from 0.2.10 to 0.2.50 to match master and avoid regression
- Trim diff input to 20 KB to prevent Ollama token overflow
- Add --max-time 120 to curl to prevent workflow hanging indefinitely
- Fix OLLAMA_URL to point at actual Ollama server (172.0.1.42:11434)
- Fix API path from /v1/chat to /api/chat (Ollama native endpoint)
- Fix response parsing from OpenAI format to Ollama native (.message.content)
- Use jq to safely construct JSON bodies in both Analyze and Post steps
- Add HTTP status code check and response body logging for diagnostics
- Re-add migration 014_create_ai_providers to create ai_providers table
- Add test_create_ai_providers_table() to verify table schema
- Add test_store_and_retrieve_ai_provider() to verify CRUD operations
- Bump version to 0.2.49 in tauri.conf.json
Fixes missing AI provider data when upgrading from v0.2.42
- Add use_datastore_upload field to ProviderConfig for enabling datastore uploads
- Add upload_file_to_datastore and upload_file_to_datastore_any commands
- Add upload_log_file_by_content and upload_image_attachment_by_content commands for drag-and-drop without file paths
- Add multipart/form-data support for file uploads to GenAI datastore
- Add support for image/bmp MIME type in image validation
- Add x-generic-api-key header support for GenAI API authentication
This addresses:
- Paste fails to attach screenshot (clipboard)
- File upload fails with 500 error when using GenAI API
- GenAI datastore upload endpoint support for non-text files
- Update saveAiProviderCmd to pass { provider: config } instead of { config }
The Rust command expects 'provider' parameter, but frontend was sending 'config'.
This mismatch caused 'invalid args provider for command save_ai_provider' error.
- Add --test-threads=1 flag to all Rust test commands
- Update .gitea/workflows/test.yml to use serial test execution
- Update AGENTS.md to reflect the serial test requirement
Environment variable modifications in Rust tests cause race conditions
when tests run in parallel because std::env is shared global state.
- Use test-specific key derivation instead of env vars
- Add helper functions encrypt_token_with_key/decrypt_token_with_key
- Avoid conflicts when tests run in parallel
- Add debug logging to OpenAI provider for troubleshooting
- Trim trailing periods from model names
- Fix HTTP error handling to capture response details
- Register missing AI provider commands (save/load/delete)
- Fix authenticateWithWebviewCmd to accept optional projectName parameter
License:
- Add MIT LICENSE file (Copyright 2025 Shaun Arman)
- Add MIT badge and Support/Buy-Me-A-Coffee section to README
- Update license section from private to MIT with attribution note
Security (from pre-release audit):
- Remove unscoped fs:allow-read and fs:allow-write from Tauri capabilities
(H5: unscoped fs permissions undermined filesystem sandboxing; the
scoped app/temp variants already cover all required paths)
- Add SECURITY_AUDIT.md to .gitignore
Repo hygiene:
- Untrack src-tauri/target/ (6347 build artifacts that should never
have been committed; .gitignore already listed the path)
- Update .gitignore: remove vendor-specific filenames, replace with
generic internal-doc patterns (TICKET_*.md, ~$*.docx, etc.)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The normalizeApiFormat helper (which mapped the legacy format identifier
to custom_rest) was removed but still referenced in 4 call sites.
Replace each call with the underlying value directly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Delete internal vendor API documentation and handoff docs
- Remove vendor-specific AI gateway URLs from CSP whitelist
- Replace vendor-specific log prefixes and comments with generic 'Custom REST'
- Remove vendor-specific default auth header from custom REST implementation
- Remove vendor-specific client header from HTTP requests
- Remove backward-compat vendor format identifier from is_custom_rest_format()
- Remove LEGACY_API_FORMAT constant and normalizeApiFormat() helper
- Update test to not reference legacy format identifier
- Update wiki docs to use generic enterprise gateway configuration
- Update architecture diagrams and ADR-003 to remove vendor references
- Add Buy Me A Coffee link to README
- Update .gitignore to exclude internal user guide and ticket files
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Comprehensive architecture documentation covering:
- docs/architecture/README.md: Full C4 model diagrams (system context,
container, component), data flow sequences, security architecture,
AI provider class diagram, CI/CD pipeline, and deployment diagrams.
All diagrams use Mermaid for version-controlled diagram-as-code.
- docs/architecture/adrs/ADR-001: Tauri vs Electron decision rationale
- docs/architecture/adrs/ADR-002: SQLCipher encryption choices and
cipher_page_size=16384 rationale for Apple Silicon
- docs/architecture/adrs/ADR-003: Provider trait + factory pattern
- docs/architecture/adrs/ADR-004: Regex + Aho-Corasick PII detection
- docs/architecture/adrs/ADR-005: Auto-generate encryption keys at
runtime (documents the fix from PR #24)
- docs/architecture/adrs/ADR-006: Zustand state management rationale
- docs/wiki/Architecture.md: Updated module table (14 migrations, not
10), corrected integrations description, updated startup sequence to
reflect key auto-generation, added links to new ADR docs.
- README.md: Fixed stale database paths (tftsr → trcaa) and updated
env var descriptions to reflect auto-generation behavior.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fixes clippy::uninlined_format_args warnings by using inline
variable formatting (e.g., {e} instead of {}, e).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixes two critical issues preventing Mac release builds from working:
1. Database encryption key auto-generation: Release builds now
auto-generate and persist the SQLCipher encryption key to
~/.../trcaa/.dbkey (mode 0600) instead of requiring the
TFTSR_DB_KEY env var. This prevents 'file is not a database'
errors when users don't set the env var.
2. Plain SQLite to encrypted migration: When a release build
encounters a plain SQLite database (from a previous debug build),
it now automatically migrates it to encrypted SQLCipher format
using ATTACH DATABASE + sqlcipher_export. Creates a backup at
.db.plain-backup before migration.
3. Credential encryption key auto-generation: Applied the same
pattern to TFTSR_ENCRYPTION_KEY for encrypting AI provider API
keys and integration tokens. Release builds now auto-generate
and persist to ~/.../trcaa/.enckey (mode 0600) instead of
failing with 'TFTSR_ENCRYPTION_KEY must be set'.
4. Refactored app data directory helper: Moved dirs_data_dir()
from lib.rs to state.rs as get_app_data_dir() so it can be
reused by both database and auth modules.
Testing:
- All unit tests pass (db::connection::tests + integrations::auth::tests)
- Verified manual migration from plain to encrypted database
- No clippy warnings
Impact: Users installing the Mac release build will now have a
working app out-of-the-box without needing to set environment
variables. Developers switching from debug to release builds will
have their databases automatically migrated.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit implements two major features:
1. Integration Search as Primary AI Data Source
- Confluence, ServiceNow, and Azure DevOps searches execute before AI queries
- Search results injected as system context for AI providers
- Parallel search execution for performance
- Webview-based fetch for HttpOnly cookie support
- Persistent browser windows maintain authenticated sessions
2. AI Tool-Calling (Function Calling)
- Allows AI to automatically execute functions during conversation
- Implemented for OpenAI-compatible providers and Custom REST provider
- Created add_ado_comment tool for updating Azure DevOps tickets
- Iterative tool-calling loop supports multi-step workflows
- Extensible architecture for adding new tools
Key Files:
- src-tauri/src/ai/tools.rs (NEW) - Tool definitions
- src-tauri/src/integrations/*_search.rs (NEW) - Integration search modules
- src-tauri/src/integrations/webview_fetch.rs (NEW) - HttpOnly cookie workaround
- src-tauri/src/commands/ai.rs - Tool execution and integration search
- src-tauri/src/ai/openai.rs - Tool-calling for OpenAI and Custom REST provider
- All providers updated with tools parameter support
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
