Go to file

Shaun Arman 05d8b28159 fix(kube): network/config/storage list actions use item.namespace not filter prop Service/Ingress/ConfigMap/Secret/HPA/PVC/ServiceAccount/Role/RoleBinding/ NetworkPolicy/ResourceQuota/LimitRange action handlers now use the resource's own .namespace field instead of the UI filter namespace='all'. Removes the now-unused ns local variable from CronJobList/JobList/ReplicaSetList. 24 new TDD tests verify the correct namespace is passed to getResourceYamlCmd and deleteResourceCmd for each of the 12 affected components.		2026-06-08 22:00:23 -05:00
.cargo	fix: resolve clippy format-args failures and OpenSSL vendoring issue	2026-04-04 15:05:13 -05:00
.docker	fix: revert incorrect sanitization - use 172.0.0.29 for CI runners	2026-06-05 14:52:00 -05:00
.gitea/workflows	fix(ci): cargo fmt kube.rs + switch pr-review to qwen3-coder-next	2026-06-08 20:15:19 -05:00
.idea	feat: initial implementation of TFTSR IT Triage & RCA application	2026-03-14 22:36:25 -05:00
cli	feat: full copy from apollo_nxt-trcaa with complete sanitization	2026-06-05 14:12:43 -05:00
docs	feat(kubernetes): implement Lens Desktop v5 feature-parity UI	2026-06-07 16:41:28 -05:00
scripts	feat(kube): implement 44 new Rust K8s commands + helm binary support	2026-06-08 20:34:01 -05:00
src	fix(kube): network/config/storage list actions use item.namespace not filter prop	2026-06-08 22:00:23 -05:00
src-tauri	fix(kube): add namespace to PodInfo; pod actions use pod.namespace not filter	2026-06-08 21:56:56 -05:00
tests	fix(kube): network/config/storage list actions use item.namespace not filter prop	2026-06-08 22:00:23 -05:00
tickets	fix: comprehensive trcaa→tftsr conversion and URL corrections	2026-06-05 15:38:29 -05:00
.eslintrc.json	fix: lint fixes and formatting cleanup	2026-04-09 20:42:40 -05:00
.gitignore	feat: full copy from apollo_nxt-trcaa with complete sanitization	2026-06-05 14:12:43 -05:00
.renovatebot	chore: create .renovatebot directory	2026-06-05 19:10:49 +00:00
AGENTS.md	feat(k8s): implement clean-room Kubernetes management GUI	2026-06-06 20:27:39 -05:00
CHANGELOG.md	chore: update CHANGELOG.md for v1.1.0 [skip ci]	2026-06-09 02:06:56 +00:00
CLAUDE.md	fix: comprehensive trcaa→tftsr conversion and URL corrections	2026-06-05 15:38:29 -05:00
cliff.toml	fix(ci): exclude internal migration commits from changelog	2026-06-07 17:19:17 -05:00
eslint.config.js	test(kube): fix stale nav section assertions + add research docs	2026-06-08 20:48:02 -05:00
FIX_PLAN.md	feat(k8s): implement clean-room Kubernetes management GUI	2026-06-06 20:27:39 -05:00
freelens-feature-inventory.json	test(kube): fix stale nav section assertions + add research docs	2026-06-08 20:48:02 -05:00
icon.png	chore: update assets and version to 1.0.8	2026-06-05 08:36:57 -05:00
index.html	feat: add custom_rest provider mode and rebrand application name	2026-04-04 15:35:58 -05:00
KUBERNETES_V1.1.0_ASSESSMENT.md	fix(changelog): use tag range for release notes	2026-06-06 15:36:35 -05:00
lens-desktop-v5x-features.md	feat: add Kubernetes Management Implementation Plan	2026-06-07 00:44:01 -05:00
LICENSE	chore: add MIT license, security hardening, and repo hygiene	2026-04-07 12:50:13 -05:00
Makefile	fix: remove remaining proprietary references and fix branding	2026-06-05 16:00:33 -05:00
MCP_SERVER_SUPPORT.md	feat(mcp): add MCP Server Support with TDD implementation	2026-05-23 16:23:48 -05:00
new_banner.png	chore: add new branding assets	2026-06-06 14:08:47 -05:00
package-lock.json	feat(kubernetes): implement Lens Desktop v5 feature-parity UI	2026-06-07 16:41:28 -05:00
package.json	feat(kubernetes): implement Lens Desktop v5 feature-parity UI	2026-06-07 16:41:28 -05:00
postcss.config.js	feat: initial implementation of TFTSR IT Triage & RCA application	2026-03-14 22:36:25 -05:00
README.md	docs: update documentation for Kubernetes Management UI	2026-06-07 11:09:22 -05:00
tailwind.config.ts	feat: initial implementation of TFTSR IT Triage & RCA application	2026-03-14 22:36:25 -05:00
TICKET-attachment-db-storage-recall.md	feat: attachment DB storage and cross-incident recall	2026-05-31 17:55:47 -05:00
TICKET-freelens-feature-inventory.md	test(kube): fix stale nav section assertions + add research docs	2026-06-08 20:48:02 -05:00
ticket-git-cliff-changelog.md	feat(ci): add automated changelog generation via git-cliff	2026-04-12 21:56:16 -05:00
TICKET-kube-pr-review-fixes.md	fix(kube): resolve automated PR review blockers and warnings	2026-06-06 23:55:44 -05:00
TICKET-kube-ui-feature-parity.md	fix(ci): cargo fmt kube.rs + switch pr-review to qwen3-coder-next	2026-06-08 20:15:19 -05:00
TICKET-kubernetes-lens-ui.md	feat(kubernetes): implement Lens Desktop v5 feature-parity UI	2026-06-07 16:41:28 -05:00
TICKET-pii-bypass-chat-attachments.md	fix: audit PII redaction metadata, safe bubble update, update ticket	2026-05-31 20:14:23 -05:00
tsconfig.json	docs: update documentation for Kubernetes Management UI	2026-06-07 11:09:22 -05:00
tsconfig.node.json	feat: initial implementation of TFTSR IT Triage & RCA application	2026-03-14 22:36:25 -05:00
vite.config.ts	feat: initial implementation of TFTSR IT Triage & RCA application	2026-03-14 22:36:25 -05:00
vitest.config.ts	feat: full copy from apollo_nxt-trcaa with complete sanitization	2026-06-05 14:12:43 -05:00

README.md

Troubleshooting and RCA Assistant

A structured, AI-backed desktop tool for IT incident triage, 5-Whys root cause analysis, RCA document generation, and blameless post-mortems. Runs fully offline via Ollama local models, or connects to cloud AI providers.

Built with Tauri 2 (Rust + WebView), React 18, TypeScript, and SQLCipher AES-256 encrypted storage.

CI status: — all checks green (rustfmt · clippy · 64 Rust tests · tsc · vitest)

Features

5-Whys AI Triage — Guided root cause analysis via AI chat, with auto-detection of why levels 1–5
PII Sanitization — Automatic detection and redaction of IPv4/IPv6, emails, tokens, passwords, SSNs, and more before any data leaves the machine
Multi-Provider AI — OpenAI, Anthropic Claude, Google Gemini, Mistral, and local Ollama (offline)
Encrypted Database — SQLCipher AES-256 encrypted SQLite; all issue history stays local
RCA + Post-Mortem Generation — Auto-populated Markdown templates, exportable to .md and .pdf
Ollama Management — Hardware detection, model recommendations, pull/delete models in-app
Audit Trail — Every external data send logged with SHA-256 hash
Domain System Prompts — Pre-built expert context for 8 IT domains (Linux, Windows, Network, Kubernetes, Databases, Virtualization, Hardware, Observability)
Image Attachments — Upload and manage image files with PII detection and mandatory user approval
Integrations (v0.2, coming soon) — Confluence, ServiceNow, Azure DevOps

Supported Domains

Domain	Coverage
Linux	RHEL/OEL, systemd, journald, SELinux, kernel panics
Windows	Event IDs, WinRM, BSOD codes, Server 2019/2022
Network	Fortigate, Cisco IOS, Aruba AOS-CX, Nokia SR-OS, VoIP SIP/RTP
Kubernetes	k3s, OpenShift, CrashLoopBackOff, OOMKill, etcd, Rancher
Databases	PostgreSQL WAL, Redis AOF/RDB, RabbitMQ, MSSQL
Virtualization	Proxmox VE/PBS, VDI sessions
Hardware	HPE Synergy 12000, DL-20/320/360/380, iLO event logs
Observability	Kibana/ECK, Elasticsearch shard failures

Architecture

Component	Technology
App framework	Tauri 2.x (Rust + WebView)
Frontend	React 18 + TypeScript + Vite
UI	Tailwind CSS (custom shadcn-style components)
Database	rusqlite + `bundled-sqlcipher` (AES-256)
Secret storage	`tauri-plugin-stronghold`
State management	Zustand (persisted settings store with API key redaction)
AI providers	reqwest (async HTTP)
PII detection	regex + aho-corasick multi-pattern engine

Prerequisites

System Libraries (Linux — Fedora/RHEL)

sudo dnf install -y \
  glib2-devel gtk3-devel webkit2gtk4.1-devel \
  libsoup3-devel openssl-devel librsvg2-devel

System Libraries (Linux — Debian/Ubuntu)

sudo apt-get install -y \
  libwebkit2gtk-4.1-dev libssl-dev libgtk-3-dev \
  libayatana-appindicator3-dev librsvg2-dev patchelf pkg-config

Toolchain

# Rust (minimum 1.88 — required by cookie_store, time, darling)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source ~/.cargo/env

# Node.js 22+ (via your package manager)
# Verify:
rustc --version   # 1.88+
node --version    # 22+

Getting Started

# Clone
git clone https://gogs.tftsr.com/sarman/tftsr-devops_investigation.git
cd tftsr-devops_investigation
npm install --legacy-peer-deps

# Development mode (hot reload)
source ~/.cargo/env
cargo tauri dev

# Production build
cargo tauri build
# Output: src-tauri/target/release/bundle/

Releases

Pre-built installers are attached to each tagged release:

Platform	Format	Notes
Linux amd64	`.deb`, `.rpm`, `.AppImage`	Standard package or universal AppImage
Windows amd64	`.exe` (NSIS), `.msi`	From cross-compile via mingw-w64
Linux arm64	`.deb`, `.rpm`, `.AppImage`	Built natively on arm64 runner
macOS	—	Requires macOS runner — build locally

AI Provider Setup

Launch the app and go to Settings → AI Providers to add a provider:

Provider	API URL	Notes
OpenAI	`https://api.openai.com/v1`	Requires API key
Anthropic	`https://api.anthropic.com`	Requires API key
Google Gemini	`https://generativelanguage.googleapis.com`	Requires API key
Mistral	`https://api.mistral.ai/v1`	Requires API key
Ollama (local)	`http://localhost:11434`	No key needed — fully offline
Azure OpenAI	`https://<resource>.openai.azure.com/openai/deployments/<deployment>`	Requires API key
AWS Bedrock (via LiteLLM)	`http://localhost:8000/v1`	See LiteLLM + AWS Bedrock below

For offline use, install Ollama and pull a model:

ollama pull llama3.2:3b   # Good for most hardware (≥8 GB RAM)
ollama pull llama3.1:8b   # Better quality (≥16 GB RAM)

Or use Settings → Ollama to pull models directly from within the app.

LiteLLM + AWS Bedrock Setup

To use Claude via AWS Bedrock (ideal for enterprise environments with existing AWS contracts):

Install LiteLLM:
```
pip install litellm[proxy]
```

Create config file at ~/.litellm/config.yaml:

model_list:
  - model_name: bedrock-claude
    litellm_params:
      model: bedrock/us.anthropic.claude-sonnet-4-6
      aws_region_name: us-east-1
      # Optionally specify aws_profile_name if not using default

general_settings:
  master_key: sk-your-secure-key  # Any value for API auth

Start LiteLLM proxy:

nohup litellm --config ~/.litellm/config.yaml --port 8000 > ~/.litellm/litellm.log 2>&1 &

Configure in Troubleshooting and RCA Assistant:
- Provider: OpenAI (OpenAI-compatible)
- Base URL: http://localhost:8000/v1
- API Key: sk-your-secure-key (from config)
- Model: bedrock-claude

For detailed setup including multiple AWS accounts and Claude Code integration, see the LiteLLM + Bedrock wiki page.

Triage Workflow

1. New Issue      → Select domain, enter title and severity
2. Log Upload     → Drag-and-drop log files, review PII redactions
3. Triage         → 5-Whys AI conversation, auto-tracked why levels 1–5
4. Resolution     → Review and confirm each root cause and action
5. RCA            → Auto-generated RCA document, export as MD or PDF
6. Post-Mortem    → Blameless post-mortem document with action items

Project Structure

tftsr/
├── src-tauri/src/
│   ├── ai/           # AI provider clients (OpenAI, Anthropic, Gemini, Mistral, Ollama)
│   ├── pii/          # PII detection + redaction engine
│   ├── db/           # SQLCipher connection, migrations, models
│   ├── ollama/       # Hardware detection, model recommendations, download manager
│   ├── docs/         # RCA + post-mortem generators, PDF/MD exporters
│   ├── integrations/ # Confluence, ServiceNow, Azure DevOps (v0.2 stubs)
│   ├── audit/        # Audit log writer
│   ├── commands/     # Tauri IPC command handlers
│   ├── lib.rs        # App builder, plugin registration, command handler registration
│   └── state.rs      # AppState (DB connection, settings)
├── src/
│   ├── pages/        # Dashboard, NewIssue, LogUpload, Triage, Resolution, RCA, Postmortem, History, Settings, Kubernetes
│   ├── components/   # ChatWindow, TriageProgress, PiiDiffViewer, DocEditor, HardwareReport, ModelSelector, UI, Kubernetes (26 components)
│   ├── stores/       # sessionStore, settingsStore (persisted), historyStore, kubernetesStore
│   ├── lib/          # tauriCommands.ts (typed IPC wrappers), domainPrompts.ts, eventBus.ts
│   └── styles/       # Tailwind + CSS custom properties
├── tests/
│   ├── unit/         # Vitest unit tests (PII, session store, settings store)
│   └── e2e/          # WebdriverIO + tauri-driver E2E skeletons
├── docs/wiki/        # Source of truth for Gitea wiki
└── .gitea/
    └── workflows/
        ├── test.yml     # CI: rustfmt · clippy · cargo test · tsc · vitest (every push/PR)
        └── auto-tag.yml # Auto tag + release: linux/amd64 + windows/amd64 + linux/arm64 + macOS

Testing

# Unit tests (Vitest) — 13/13 passing
npm run test:run

# Frontend coverage
npm run test:coverage

# TypeScript type check
npx tsc --noEmit

# Rust checks — 64/64 tests passing
cargo check --manifest-path src-tauri/Cargo.toml
cargo test --manifest-path src-tauri/Cargo.toml

# E2E tests (requires compiled app binary)
TAURI_BINARY_PATH=./src-tauri/target/release/tftsr npm run test:e2e

CI/CD — Gitea Actions

The project uses Gitea Actions (act_runner v0.3.1) connected to the Gitea instance at gogs.tftsr.com.

Workflow	Trigger	Jobs
`.gitea/workflows/test.yml`	Every push / PR	rustfmt · clippy · cargo test (64) · tsc · vitest (13)
`.gitea/workflows/auto-tag.yml`	Push to `master`	Auto-tag, then build linux/amd64 + windows/amd64 + linux/arm64 + macOS and upload assets

Runners:

Runner	Platform	Host	Purpose
`amd64-docker-runner`	linux/amd64	gitea.tftsr.com (Docker)	Test pipeline + amd64/windows release builds
`arm64-native-runner`	linux/arm64	Local arm64 machine	Native arm64 release builds

Branch protection: master requires a PR approved by sarman, with all 5 CI checks passing before merge.

See CI/CD Pipeline wiki for full infrastructure docs.

Security

Concern	Implementation
API keys / tokens	AES-256-GCM encrypted at rest (backend), not persisted in browser storage
Database at rest	SQLCipher AES-256; key derived via PBKDF2
PII before AI send	Rust-side detection + mandatory user approval in UI
Audit trail	Hash-chained audit entries (`prev_hash` + `entry_hash`) for tamper evidence
Network	`reqwest` with TLS; HTTP blocked by Tauri capability config
Capabilities	Least-privilege: scoped fs access, no arbitrary shell by default
CSP	Strict CSP in `tauri.conf.json`; no inline scripts
Telemetry	None — zero analytics, crash reporting, or usage tracking

Database

All data is stored locally in a SQLCipher-encrypted database at:

OS	Path
Linux	`~/.local/share/tftsr/tftsr.db`
macOS	`~/Library/Application Support/tftsr/tftsr.db`
Windows	`%APPDATA%\tftsr\tftsr.db`

Override with the TRCAA_DATA_DIR (or legacy TRCAA_DATA_DIR) environment variable.

Environment Variables

Variable	Default	Purpose
`TRCAA_DATA_DIR` (or legacy `TRCAA_DATA_DIR`)	Platform data dir	Override database location
`TRCAA_DB_KEY` (or legacy `TRCAA_DB_KEY`)	(none)	Database encryption key (required in release builds)
`TRCAA_ENCRYPTION_KEY` (or legacy `TRCAA_ENCRYPTION_KEY`)	(none)	Credential encryption key (required in release builds)
`RUST_LOG`	`info`	Tracing log level (`debug`, `info`, `warn`, `error`)

Implementation Status

Phase	Description	Status
1	Scaffold & Foundation	✅ Complete
2	Security & Database Layer	✅ Complete
3	PII Sanitization Engine	✅ Complete
4	AI Provider Layer	✅ Complete
5	Ollama Integration	✅ Complete
6	Log Upload & Analysis	✅ Complete
7	5-Whys Triage Engine	✅ Complete
8	RCA & Post-Mortem Generation	✅ Complete
9	History & Search	🔲 Pending
10	Integrations (Confluence, ServiceNow, ADO)	🔲 v0.2
11	CI/CD Pipeline	✅ Complete — Gitea Actions, all checks green
12	Release Packaging	✅ linux/amd64 · linux/arm64 (native) · windows/amd64

Support the Project

If you find this project helpful, consider buying me a coffee:

License

MIT License — see LICENSE for details.

README.md Unescape Escape