Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors.
Made-with: Cursor
Rename custom API format handling from custom_rest to custom_rest with backward compatibility, add guided model selection with custom entry in provider settings, and rebrand app naming to Troubleshooting and RCA Assistant across UI, metadata, and docs.
Made-with: Cursor
## Integration Settings Persistence
- Add database commands to save/load integration configs (base_url, username, project_name, space_key)
- Frontend now loads configs from DB on mount and saves changes automatically
- Fixes issue where settings were lost on app restart
## Persistent Browser Window Architecture
- Integration browser windows now stay open for user browsing and authentication
- Extract fresh cookies before each API call to handle token rotation
- Track open windows in app state (integration_webviews HashMap)
- Windows titled as "{Service} Browser (TFTSR)" for clarity
- Support easy navigation between app and browser windows (Cmd+Tab/Alt+Tab)
- Gracefully handle closed windows with automatic cleanup
## Bug Fixes
- Fix Rust formatting issues across 8 files
- Fix clippy warnings:
- Use is_some_and() instead of map_or() in openai.rs
- Use .to_string() instead of format!() in integrations.rs
- Add missing OptionalExtension import for .optional() method
## Tests
- Add test_integration_config_serialization
- Add test_webview_tracking
- Add test_token_auth_request_serialization
- All 6 integration tests passing
## Files Modified
- src-tauri/src/state.rs: Add integration_webviews tracking
- src-tauri/src/lib.rs: Register 3 new commands, initialize webviews HashMap
- src-tauri/src/commands/integrations.rs: Config persistence, fresh cookie extraction (+151 lines)
- src-tauri/src/integrations/webview_auth.rs: Persistent window behavior
- src/lib/tauriCommands.ts: TypeScript wrappers for new commands
- src/pages/Settings/Integrations.tsx: Load/save configs from DB
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implement three authentication methods for Confluence, ServiceNow, and Azure DevOps:
1. **OAuth2** - Traditional OAuth flow for enterprise SSO environments
2. **Embedded Browser** - Webview-based login that captures session cookies/tokens
- Solves VPN constraints: users authenticate off-VPN via web UI
- Extracted credentials work on-VPN for API calls
- Based on confluence-publisher agent pattern
3. **Manual Token** - Direct API token/PAT input as fallback
**Changes:**
- Add webview_auth.rs module for embedded browser authentication
- Implement authenticate_with_webview and extract_cookies_from_webview commands
- Implement save_manual_token command with validation
- Add AuthMethod enum to support all three modes
- Add RadioGroup UI component for mode selection
- Complete rewrite of Integrations settings page with mode-specific UI
- Add secondary button variant for UI consistency
**VPN-friendly design:**
Users can authenticate via webview when off-VPN (web UI accessible), then use extracted cookies for API calls when on-VPN (API requires VPN). Addresses enterprise SSO limitations where OAuth app registration is blocked.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixes:
- Added shell:allow-open permission to fix OAuth integration flows
- Added user_id field to ProviderConfig for Custom REST provider CORE ID
- Added UI field for user_id when api_format is custom_rest
- Made userId optional in Custom REST provider requests (only sent if provided)
- Added X-msi-genai-client header to Custom REST provider requests
- Updated CSP to include Custom REST provider domains
- Bumped version to 0.2.6
This fixes:
- OAuth error: 'Command plugin:shell|open not allowed by ACL'
- Missing User ID field in Custom REST provider configuration UI
- Extended ProviderConfig with optional custom fields for non-OpenAI APIs
- Added custom_endpoint_path, custom_auth_header, custom_auth_prefix fields
- Added api_format field to distinguish between OpenAI and Custom REST provider formats
- Added session_id field for stateful conversation APIs
- Implemented chat_custom_rest() method in OpenAI provider
- Custom REST provider uses different request format (prompt+sessionId) and response (msg field)
- Updated TypeScript types to match Rust schema
- Added UI controls in Settings/AIProviders for custom provider configuration
- API format selector auto-populates appropriate defaults (OpenAI vs Custom REST provider)
- Backward compatible: existing providers default to OpenAI format
Changed variant from 'outline' to 'secondary' for better visibility
in dark theme. The outline variant had insufficient contrast making
the button difficult to read.
Add professional disclaimer warning that users must accept before
creating issues. Modal appears on first visit to New Issue page.
Disclaimer covers:
- AI can make mistakes and hallucinate
- AI may provide incorrect or outdated information
- Commands may have unintended consequences
- User bears full responsibility for any actions taken
- Best practices for using AI recommendations safely
Features:
- Modal overlay with clear warning sections
- Color-coded sections (red for risks, yellow for responsibility)
- Scrollable content area for long disclaimer
- Acceptance stored in localStorage (persists across sessions)
- Re-shows modal if user tries to create issue without accepting
- Cancel button returns to dashboard
Tested: TypeScript compilation ✓, Rust formatting ✓
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1. Download Button Visibility:
- Changed from variant=outline to default variant (solid background)
- Provides better contrast and icon visibility in both themes
- Removed unnecessary text-foreground class
2. DOCX Export Support:
- Added DOCX export via pandoc conversion
- Writes temp markdown file, converts with pandoc, cleans up
- Returns clear error if pandoc not installed
- Supports same workflow as MD/PDF exports
3. Triaging Status Investigation:
- triaging status is defined in schema and used in dashboard counts
- Currently not automatically set when entering triage
- Kept in filter dropdown as part of the data model
Tested: Rust compilation, TypeScript types, Rust formatting
Note: DOCX export requires pandoc to be installed on the system.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Fix download icons (PDF/DOCX) not visible in dark theme by adding text-foreground class
- Fix "Read-only file system" error by using Downloads directory for exports with proper fallback
- Fix Search button visibility in History page by changing variant and adding icon
- Fix domain-only filtering in History page by adding missing filter.domain handling
- Enhance audit log to capture full transmitted data (provider details, messages, content previews)
- Add dirs crate dependency for cross-platform directory detection
- Add success/error feedback for document exports with file path display
- Update Security page to display pretty-printed JSON audit details
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- domainPrompts.ts: closing }; was inside the Record object after 'automation',
leaving hpe_infra/dell_hardware/identity orphaned outside the object — caused
3 TS1005/TS1109 errors and broke the macOS and all frontend builds
- release.yml: replace multiarch cross-compilation (broken due to WebKit arm64
package conflicts) with --platform linux/arm64 container option so QEMU runs
a native ARM64 image directly — no cross-compilation, no package conflicts
- Triage: move close intent check before the currentIssue guard so closing
works even if the session hasn't fully initialized yet
- Triage: save the user's close reason as a resolution step via addFiveWhyCmd
before marking resolved, ensuring Resolution page is never empty
- App: read version from Tauri getVersion() instead of hardcoded v0.1.1
- db.rs: add get_issue_messages command (joins ai_conversations + ai_messages)
- tauriCommands.ts: fix updateIssueCmd to pass updates as nested object
(was spreading inline — Rust expects {issueId, updates}); fix addFiveWhyCmd
parameter names to match Rust (stepOrder, whyQuestion, answer, evidence);
add getIssueMessagesCmd and IssueMessage interface
- Dashboard: X button on each open issue row to close (mark resolved) inline
- Triage: restore conversation history from DB when revisiting existing issues;
detect close intent patterns and mark issue resolved + navigate home;
auto-save resolution step via addFiveWhyCmd when AI advances why level
- tests: add issueActions.test.ts covering IPC arg structure and close intent
Stat cards showed 0 immediately on mount because openCount was computed
from an empty issues array before the async loadIssues call resolved.
Now shows — during load, a red error banner if the backend call fails,
and a Refresh button. useEffect dependency changed to [] (fires once on
mount, not on every loadIssues reference check).
- NewIssue navigates directly to /triage — log upload is never a blocker
- ChatWindow: paperclip button opens Tauri file dialog; pending files shown
as removable chips above the input; send enabled with files and no text
- Triage: uploads selected files via uploadLogFileCmd, reads text content
(capped at 8KB), appends file contents to AI message for context while
showing only filenames in the chat bubble
- Images/binary files are referenced by name with a prompt for the user
to describe them
- NewIssue: navigate to /issue/:id/logs so log upload step is not skipped
- Dashboard: use issue.category instead of issue.domain (field name matches Rust)
- tests: add historyStore tests covering open count logic and field mapping
Color inheritance was not propagating on macOS WebKit causing dropdown
text to be invisible. Items only appeared when hovered due to
hover:text-accent-foreground being the only color set.
- globals.css: add button reset with -webkit-appearance: none and
-webkit-text-fill-color: currentColor so SelectTrigger text is visible
on macOS WebKit without breaking Tailwind text-* variant overrides
- release.yml: build .app only first, ad-hoc sign it, then create DMG
via hdiutil so the signed .app is inside the DMG (previously codesign
ran after Tauri already sealed the unsigned .app into the DMG)
- globals.css: remove button from WebKit -webkit-text-fill-color override that
was causing button text to be invisible (text color matched background in dark mode)
- Security.tsx: toggle enabled state uses bg-blue-500 instead of bg-primary;
in dark mode --primary is near-white making the white knob invisible
- tauriCommands.ts: fix createIssueCmd to pass flat args (not wrapped in newIssue),
map domain->category, and return Issue instead of IssueDetail
- NewIssue/index.tsx: update call site to use Issue return type directly
- release.yml: add ad-hoc codesign step for macOS .app so Gatekeeper shows
"unidentified developer" instead of "damaged" error
On Linux, WebKit inherits GTK system text colors for form controls,
causing dark-on-dark text in dark mode. Explicitly set color and
-webkit-text-fill-color on inputs/textareas/buttons, and add
color-scheme: dark to .dark so WebKit uses the correct system UI
color scheme.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
