This commit implements two major features:
1. Integration Search as Primary AI Data Source
- Confluence, ServiceNow, and Azure DevOps searches execute before AI queries
- Search results injected as system context for AI providers
- Parallel search execution for performance
- Webview-based fetch for HttpOnly cookie support
- Persistent browser windows maintain authenticated sessions
2. AI Tool-Calling (Function Calling)
- Allows AI to automatically execute functions during conversation
- Implemented for OpenAI-compatible providers and MSI GenAI
- Created add_ado_comment tool for updating Azure DevOps tickets
- Iterative tool-calling loop supports multi-step workflows
- Extensible architecture for adding new tools
Key Files:
- src-tauri/src/ai/tools.rs (NEW) - Tool definitions
- src-tauri/src/integrations/*_search.rs (NEW) - Integration search modules
- src-tauri/src/integrations/webview_fetch.rs (NEW) - HttpOnly cookie workaround
- src-tauri/src/commands/ai.rs - Tool execution and integration search
- src-tauri/src/ai/openai.rs - Tool-calling for OpenAI and MSI GenAI
- All providers updated with tools parameter support
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add three Dockerfiles under .docker/ and a build-images.yml workflow that
pushes them to the local Gitea container registry (172.0.0.29:3000).
Each image pre-installs all system deps, Node.js 22, and the Rust cross-
compilation target so release builds can skip apt-get entirely:
trcaa-linux-amd64:rust1.88-node22 — webkit2gtk, gtk3, all Tauri deps
trcaa-windows-cross:rust1.88-node22 — mingw-w64, nsis, Windows target
trcaa-linux-arm64:rust1.88-node22 — arm64 multiarch dev libs, Rust 1.88
build-images.yml triggers automatically when .docker/ changes on master
and supports workflow_dispatch for manual/first-time builds.
auto-tag.yml is NOT changed in this commit — switch it to use the new
images in the follow-up PR (after images are pushed to the registry).
One-time server setup required before first use:
echo '{"insecure-registries":["172.0.0.29:3000"]}' \
| sudo tee /etc/docker/daemon.json && sudo systemctl restart docker
- AIProviders: hide top model row when custom_rest active (dropdown lower in form handles it);
clear auth header prefill on format switch; rename User ID / CORE ID → Email Address
- Dashboard + Ollama: add border-border/bg-card classes to Refresh buttons for dark-bg contrast
- Security + settingsStore: wire PII toggle state to persisted Zustand store so pattern
selections survive app restarts
- App: add Sun/Moon theme toggle button to sidebar footer (always visible when collapsed)
- system.rs: add install_ollama_from_bundle command (copies bundled binary to /usr/local/bin)
- auto-tag.yml: add Download Ollama step to all 4 platform build jobs with SHA256 verification
- tauri.conf.json: add resources/ollama/* to bundle resources
- docs: add install_ollama_from_bundle to IPC-Commands wiki
Security: CI download steps verify SHA256 against Ollama's published sha256sums.txt before bundling.
- Rename Cargo package from 'tftsr' to 'trcaa' — installed command
becomes 'trcaa' instead of 'tftsr'
- Update app data directories to ~/.local/share/trcaa (Linux),
~/Library/Application Support/trcaa (macOS), %APPDATA%/trcaa (Windows)
- Update bundle identifier to com.trcaa.app
- Auto-generate per-installation DB encryption key on first launch and
persist to <data_dir>/.dbkey (mode 0600 on Unix) — removes the hard
requirement for TFTSR_DB_KEY to be set before the app will start
linuxdeploy-aarch64.AppImage cannot be reliably executed in a cross-
compile context (amd64 host, aarch64 target) even with QEMU binfmt
and APPIMAGE_EXTRACT_AND_RUN. The .deb and .rpm cover all major arm64
Linux distros. An arm64 AppImage can be added later via a native
arm64 build job if required.
linuxdeploy and its plugins are themselves AppImages. Inside a Docker
container FUSE is unavailable, so they cannot self-mount. Setting
APPIMAGE_EXTRACT_AND_RUN=1 causes them to extract to a temp directory
and run directly, bypassing the FUSE requirement.
The act runner executes run: blocks with sh (dash), not bash.
'source' is a bash built-in; POSIX sh uses '.' instead.
Co-Authored-By: fix/arm64-source-sh <noreply@local>
$GITHUB_PATH is unset in this Gitea Actions environment, causing the
echo redirect to fail with a non-zero exit, which killed the Install
dependencies step before the Build step could run.
The append was unnecessary — the Build step already sources
$HOME/.cargo/env as its first line, which puts Cargo's bin dir in PATH.
Co-Authored-By: fix/yaml-heredoc-indent <noreply@local>
Documents the Ubuntu 22.04 + ports.ubuntu.com approach for arm64
cross-compilation and adds a Known Issues entry explaining the Debian
single-mirror multiarch root cause that was replaced.
Co-Authored-By: fix/yaml-heredoc-indent <noreply@local>
The Debian single-mirror multiarch approach causes irreconcilable
apt dependency conflicts when both amd64 and arm64 point at the same
repo: the binary-all index is duplicated and certain -dev package pairs
lack Multi-Arch: same. This produces "held broken packages" regardless
of sources.list tweaks.
Ubuntu 22.04 routes arm64 through ports.ubuntu.com/ubuntu-ports, a
separate mirror from archive.ubuntu.com (amd64). This eliminates all
cross-arch index overlaps. Rust is installed via rustup since it is not
pre-installed in the Ubuntu base image. libayatana-appindicator3-dev
is dropped — no tray icon is used by this application.
Co-Authored-By: fix/yaml-heredoc-indent <noreply@local>
YAML block scalars end when a line is found with less indentation than
the scalar's own indent level. The heredoc body was at column 0 while
the rest of the run: block was at column 10, causing Gitea's YAML parser
to reject the entire workflow file with:
yaml: line 412: could not find expected ':'
This silently invalidated auto-tag.yml on every push to master since the
apt-sources commit was merged, which is why PR#9 and PR#10 merges produced
no action runs.
Fix: replace the heredoc with a printf that stays within the block scalar's
indentation so the YAML remains valid.
Gitea 1.22 silently drops a push event for a workflow when a run for that
same workflow+branch is already in progress. This caused the PR#9 merge to
master to produce no auto-tag run.
- workflow_dispatch: allows manual triggering via API when an event is dropped
- concurrency group (cancel-in-progress: false): causes Gitea to queue a second
run rather than discard it when one is already active
rust:1.88-slim (Debian Bookworm) uses DEB822-format sources which have no arch
restriction. After dpkg --add-architecture arm64, apt tries to resolve deps for
both amd64 and arm64 simultaneously and hits 'held broken packages' conflicts on
shared -dev packages.
Fix: remove debian.sources and write a clean sources.list that pins amd64 repos
to [arch=amd64] and arm64 repos to [arch=arm64]. This gives apt a clear,
non-conflicting view of each architecture's package set.
build-linux-arm64: switch from QEMU-emulated linux-arm64 runner to cross-compile
on linux-amd64 using aarch64-linux-gnu toolchain. Removes the uname -m arch guard
that was causing the job to exit immediately (QEMU reports x86_64 as kernel arch),
and fixes the artifact path to the explicit target directory.
All build jobs: replace `cargo install tauri-cli --locked` with `npx tauri build`,
using the pre-compiled @tauri-apps/cli binary from devDependencies. Eliminates the
20-30 min Tauri CLI recompilation on every run.
wiki-sync: move from test.yml to auto-tag.yml. test.yml only fires on pull_request
events so the `if: github.ref == 'refs/heads/master'` guard was never true and the
wiki was never updated. auto-tag.yml triggers on push to master, so wiki sync now
runs on every merge.
Update releaseWorkflowCrossPlatformArtifacts.test.ts to match the new workflow.
analyze_logs() was reading the original log file from disk and sending its
full contents to external AI providers, completely bypassing the redaction
pipeline. The redacted flag in log_files and the .redacted file on disk were
written by apply_redactions() but never consulted on the read path.
Fix: query the redacted column alongside file_path. If the file has not been
redacted, return an error to the caller before any AI provider call is made.
When redacted, read from {path}.redacted instead of the original.
Adds redacted_path_for() helper and two unit tests covering the rejection
and happy-path cases.
Rust's `regex` crate does not support lookaround assertions. The hostname
pattern `(?=.{1,253}\b)` caused a panic on every `PiiDetector::new()` call,
failing all four PII detector tests in CI (rust-fmt-check, rust-clippy,
rust-tests). Removed the lookahead; the remaining pattern correctly matches
valid FQDNs without the RFC 1035 length pre-check.
Also reformatted analysis.rs:253 to satisfy `rustfmt` (line break after `=`).
All 127 Rust tests pass and `cargo fmt --check` and `cargo clippy -- -D
warnings` are clean.
Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors.
Made-with: Cursor
Drop fragile job-condition gates that were blocking release jobs, and upload linux artifacts with arch-prefixed release asset names so amd64 and arm64 outputs can coexist even when bundle filenames are identical.
Made-with: Cursor
Drop fragile job-condition gates that were blocking release jobs, and upload linux artifacts with arch-prefixed release asset names so amd64 and arm64 outputs can coexist even when bundle filenames are identical.
Made-with: Cursor
Avoid cross-compiling GTK/glib on the arm release job by building natively on ARM64 hosts, add an explicit architecture guard, and restrict uploads to arm64/aarch64 artifact filenames so amd64 outputs cannot be published as arm releases.
Made-with: Cursor
Build linux arm64 bundles with --target aarch64-unknown-linux-gnu and upload from the target-specific bundle path so arm64 releases cannot accidentally publish amd64 artifacts.
Made-with: Cursor
Delete .gitea/workflows/release.yml and keep release orchestration in auto-tag.yml only, then update related workflow tests and docs to reference the unified pipeline.
Made-with: Cursor
Remove auto-tag job output dependencies and conditional gates so release build jobs always run after autotag completes, resolving skipped fan-out caused by output/if evaluation issues in Gitea Actions.
Made-with: Cursor
Rename the auto-tag job id to a non-hyphenated identifier and update needs/output references so dependent release jobs evaluate conditions correctly and reliably run after tagging.
Made-with: Cursor
