10 Commits

Author	SHA1	Message	Date
Shaun Arman	a2cff014e9	fix(kube): use current-context for kubectl auth; fix SelectValue label display ... ## kubectl credentials still failing after --context fix Root cause: both extract_context() (kube.rs) and upload_kubeconfig() (shell.rs) ignored the kubeconfig's current-context field and always picked contexts[0] from the contexts array. If a kubeconfig has multiple contexts and current-context points to entry N>0, we silently used the wrong context — one that may have empty or expired credentials — causing the 401 "the server has asked for the client to provide credentials" error on every kubectl call. Fixes: - extract_context(): read current-context field first; fall back to contexts[0] only when current-context is absent or empty. - extract_current_context_name(): new helper in kubeconfig.rs using the same line-scanner approach as parse_kubeconfig_contexts (no extra dependencies). - upload_kubeconfig(): use current-context to select the matching context entry when storing context name in kubeconfig_files; falls back to first entry. NOTE: existing kubeconfig rows in the database have the old (wrong) context stored. Re-uploading kubeconfig files after deploying this build will fix them. ## Cluster dropdown still showing UUID Root cause: SelectValue rendered ctx.value (the raw UUID passed to SelectItem's value prop) instead of the display label (SelectItem's children). The custom Select component had no mechanism to mirror a selected item's children into the trigger area. Fix: Select now builds a value→label Map by walking the children tree at render time (collectLabels). The map is memoised on children. SelectValue reads the display label from the map; if found, shows the label; otherwise falls back to the raw value so existing behaviour is preserved for callers that don't need it.	2026-06-07 19:40:53 -05:00
Shaun Arman	fb55601e3b	fix(kube): correct kubectl context, dialog close, icon visibility, cluster name ... 1. kubectl credentials error (41 places in kube.rs) Every kubectl invocation used .env("KUBERNETES_CONTEXT", context) which is not a real kubectl environment variable — kubectl silently ignores it and falls back to whatever current-context is set in the kubeconfig YAML. If that context has expired or wrong credentials the auth failure occurs. Replaced all 41 instances with .arg("--context").arg(context) so kubectl always uses the correct context from the stored kubeconfig. 2. Cluster name still showed UUID (two causes) a) Hotbar read from kubernetesStore.clusters (ClusterInfo[]) which is never populated by the kubeconfig-based flow — always empty, so selectedCluster was always undefined. Removed the Zustand cluster lookup from Hotbar and added a clusterName prop passed from KubernetesPage.tsx (selectedConfig?.name). b) ClusterOverview fell back to showing raw clusterId UUID when clusterName was undefined. Changed subtitle to render conditionally so UUID never shows. 3. Bell dialog had no way to close Custom DialogContent had no X button and no backdrop-click handler. Added X close button (top-right) and backdrop-click-to-close. 4. Hotbar icons invisible in dark mode variant="ghost" only styles hover state with no baseline text color. Added className="text-foreground" to all icon-only ghost buttons.	2026-06-07 18:58:16 -05:00
Shaun Arman	8b227c1837	fix(kube): resolve automated PR review blockers and warnings ... Blockers: - Replace serde_yaml::from_str with serde_json::from_str in all 6 parse_*_json functions (parse_namespaces, parse_pods, parse_services, parse_deployments, parse_statefulsets, parse_daemonsets). Update .as_sequence() → .as_array(), .as_mapping() → .as_object(), and mapping iterator patterns throughout. Explicitly type serde_yaml::Value in extract_context/extract_server_url which legitimately parse YAML. Warnings: - Add containers: Vec<String> to PodInfo struct; parse from spec.containers[].name in parse_pods_json - Fix PodList.tsx to use selectedPod.containers instead of [selectedPod.name] - Fix exec_pod: add optional shell param with allowlist validation (sh/bash/ash/dash); correct arg ordering — -c container now placed before -- separator - Handle empty namespace with --all-namespaces in all 5 list commands - Fix dialog overflow: overflow-hidden → overflow-y-auto on inner div - Memoize namespace options with useMemo in ResourceBrowser Lint cleanup (all pre-existing, surfaced by eslint config fix): - Deduplicate eslint.config.js (was doubled to 272 lines); move ignores to standalone global object; allow console.log in cli section - Remove stale .eslintignore (migrated to eslint.config.js) - Remove unused Card/CardTitle imports from Kubernetes list components - Rename unused props to _clusterId/_namespace in DaemonSetList, ServiceList, StatefulSetList - Fix useEffect/useCallback missing deps in Triage and LogUpload - Remove debug console.log from App.tsx provider auto-test - Rename unused hover prop to _hover in TableRow (ui/index.tsx) - Add #[allow(unused_variables)] to Phase 3 stub Tauri commands - Restore get_pod_logs, scale_deployment, restart_deployment, delete_resource, exec_pod to lib.rs handler registration (were accidentally dropped in Phase 3 expansion) All checks pass: cargo clippy -D warnings, tsc --noEmit, eslint --max-warnings 0, 331 Rust tests, 98 frontend tests.	2026-06-06 23:55:44 -05:00
Shaun Arman	e585415598	feat: implement full Lens-like Kubernetes UI with resource discovery and management ... - Add ResourceBrowser with namespace/resource type tabs for pods, services, deployments, statefulsets, daemonsets - Implement PodList with logs viewer and container selection - Implement ServiceList with cluster IP, type, ports display - Implement DeploymentList with scale and restart operations - Add backend commands: list_namespaces, list_pods, list_services, list_deployments, list_statefulsets, list_daemonsets - Add resource management commands: get_pod_logs, scale_deployment, restart_deployment, delete_resource, exec_pod - Add UI components: Table, Tabs, Dialog, Alert to shared UI library - Update KubernetesPage to use new ResourceBrowser component - All tests passing (331 Rust + 98 frontend) - Build successful in release mode	2026-06-06 23:08:01 -05:00
Shaun Arman	093495a653	feat: full copy from apollo_nxt-trcaa with complete sanitization ... Complete backport of all features from apollo_nxt-trcaa repository: - Three-tier shell execution safety system (Tier 1: auto, Tier 2: approve, Tier 3: deny) - Ollama function calling with tool use support - AI provider tool calling auto-detection - kubectl binary bundling and management - kubeconfig upload and context management - Shell approval modal with real-time UI - MCP protocol HTTP transport with custom headers - Enhanced security audit logging - Comprehensive test coverage (275+ tests) - Updated CI/CD workflows for Gitea Actions - Complete documentation (ADRs, wiki, release notes) Sanitization applied to all files: - Removed all MSI, Motorola, VNXT, Vesta references - Replaced internal infrastructure references with TFTSR equivalents - Updated all URLs and API endpoints - Sanitized commit history references in documentation Technical changes: - New modules: shell/classifier, shell/executor, shell/kubectl, shell/kubeconfig - Enhanced AI providers: ollama.rs, openai.rs with function calling - New Tauri commands: shell execution, kubeconfig management, tool calling detection - Database migrations: shell_execution_audit table - Frontend: ShellApprovalModal, ShellExecution, KubeconfigManager pages - CI/CD: kubectl bundling, multi-platform builds, Gitea Actions integration Version: 1.0.8 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-06-05 14:12:43 -05:00
Shaun Arman	6ebe3612cd	fix: lint fixes and formatting cleanup ... - Fix TypeScript lint errors in setup.ts and LogUpload - Remove unused imports and variables - Fix duplicate Separator exports in ui/index.tsx - Apply cargo fmt formatting to Rust code - Update ESLint configuration	2026-04-09 20:42:40 -05:00
Shaun Arman	32d83df3cf	feat: add multi-mode authentication for integrations (v0.2.10) ... Implement three authentication methods for Confluence, ServiceNow, and Azure DevOps: 1. **OAuth2** - Traditional OAuth flow for enterprise SSO environments 2. **Embedded Browser** - Webview-based login that captures session cookies/tokens - Solves VPN constraints: users authenticate off-VPN via web UI - Extracted credentials work on-VPN for API calls - Based on confluence-publisher agent pattern 3. **Manual Token** - Direct API token/PAT input as fallback **Changes:** - Add webview_auth.rs module for embedded browser authentication - Implement authenticate_with_webview and extract_cookies_from_webview commands - Implement save_manual_token command with validation - Add AuthMethod enum to support all three modes - Add RadioGroup UI component for mode selection - Complete rewrite of Integrations settings page with mode-specific UI - Add secondary button variant for UI consistency **VPN-friendly design:** Users can authenticate via webview when off-VPN (web UI accessible), then use extracted cookies for API calls when on-VPN (API requires VPN). Addresses enterprise SSO limitations where OAuth app registration is blocked. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-04-03 17:26:09 -05:00
Shaun Arman	652418017c	fix: provider test FK error, model pull white screen, RECOMMENDED badge	2026-03-31 07:46:36 -05:00
Shaun Arman	366c564834	fix: add explicit text-foreground to SelectTrigger, SelectValue, and SelectItem ... Color inheritance was not propagating on macOS WebKit causing dropdown text to be invisible. Items only appeared when hovered due to hover:text-accent-foreground being the only color set.	2026-03-30 17:19:34 -05:00
Shaun Arman	8839075805	feat: initial implementation of TFTSR IT Triage & RCA application ... Implements Phases 1-8 of the TFTSR implementation plan. Rust backend (Tauri 2.x, src-tauri/): - Multi-provider AI: OpenAI-compatible, Anthropic, Gemini, Mistral, Ollama - PII detection engine: 11 regex patterns with overlap resolution - SQLCipher AES-256 encrypted database with 10 versioned migrations - 28 Tauri IPC commands for triage, analysis, document, and system ops - Ollama: hardware probe, model recommendations, pull/delete with events - RCA and blameless post-mortem Markdown document generators - PDF export via printpdf - Audit log: SHA-256 hash of every external data send - Integration stubs for Confluence, ServiceNow, Azure DevOps (v0.2) Frontend (React 18 + TypeScript + Vite, src/): - 9 pages: full triage workflow NewIssue→LogUpload→Triage→Resolution→RCA→Postmortem→History+Settings - 7 components: ChatWindow, TriageProgress, PiiDiffViewer, DocEditor, HardwareReport, ModelSelector, UI primitives - 3 Zustand stores: session, settings (persisted), history - Type-safe tauriCommands.ts matching Rust backend types exactly - 8 IT domain system prompts (Linux, Windows, Network, K8s, DB, Virt, HW, Obs) DevOps: - .woodpecker/test.yml: rustfmt, clippy, cargo test, tsc, vitest on every push - .woodpecker/release.yml: linux/amd64 + linux/arm64 builds, Gogs release upload Verified: - cargo check: zero errors - tsc --noEmit: zero errors - vitest run: 13/13 unit tests passing Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>	2026-03-14 22:36:25 -05:00