9e8db9dc81
This commit implements two major features: 1. Integration Search as Primary AI Data Source - Confluence, ServiceNow, and Azure DevOps searches execute before AI queries - Search results injected as system context for AI providers - Parallel search execution for performance - Webview-based fetch for HttpOnly cookie support - Persistent browser windows maintain authenticated sessions 2. AI Tool-Calling (Function Calling) - Allows AI to automatically execute functions during conversation - Implemented for OpenAI-compatible providers and Custom REST provider - Created add_ado_comment tool for updating Azure DevOps tickets - Iterative tool-calling loop supports multi-step workflows - Extensible architecture for adding new tools Key Files: - src-tauri/src/ai/tools.rs (NEW) - Tool definitions - src-tauri/src/integrations/*_search.rs (NEW) - Integration search modules - src-tauri/src/integrations/webview_fetch.rs (NEW) - HttpOnly cookie workaround - src-tauri/src/commands/ai.rs - Tool execution and integration search - src-tauri/src/ai/openai.rs - Tool-calling for OpenAI and Custom REST provider - All providers updated with tools parameter support Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
5.1 KiB
Integration Authentication Guide
Overview
The TRCAA application supports three integration authentication methods, with automatic fallback between them:
- API Tokens (Manual) - Recommended ✅
- OAuth 2.0 - Fully automated (when configured)
- Browser Cookies - Partially working ⚠️
Authentication Priority
When you ask an AI question, the system attempts authentication in this order:
1. Extract cookies from persistent browser window
↓ (if fails)
2. Use stored API token from database
↓ (if fails)
3. Skip that integration and log guidance
HttpOnly Cookie Limitation
Problem: Confluence, ServiceNow, and Azure DevOps use HttpOnly cookies for security. These cookies:
- ✅ Exist in the persistent browser window
- ✅ Are sent automatically by the browser
- ❌ Cannot be extracted by JavaScript (security feature)
- ❌ Cannot be used in separate HTTP requests
Impact: Cookie extraction via the persistent browser window fails for HttpOnly cookies, even though you're logged in.
Recommended Solution: Use API Tokens
Confluence Personal Access Token
- Log into Confluence
- Go to Profile → Settings → Personal Access Tokens
- Click Create token
- Copy the generated token
- In TRCAA app:
- Go to Settings → Integrations
- Find your Confluence integration
- Click "Save Manual Token"
- Paste the token
- Token Type:
Bearer
ServiceNow API Key
- Log into ServiceNow
- Go to System Security → Application Registry
- Click New → OAuth API endpoint for external clients
- Configure and generate API key
- In TRCAA app:
- Go to Settings → Integrations
- Find your ServiceNow integration
- Click "Save Manual Token"
- Paste the API key
Azure DevOps Personal Access Token (PAT)
- Log into Azure DevOps
- Click User Settings (top right) → Personal Access Tokens
- Click New Token
- Scopes: Select Read for:
- Code (for wiki)
- Work Items (for work item search)
- Click Create and copy the token
- In TRCAA app:
- Go to Settings → Integrations
- Find your Azure DevOps integration
- Click "Save Manual Token"
- Paste the token
- Token Type:
Bearer
Verification
After adding API tokens, test the integration:
- Open or create an issue
- Go to Triage page
- Ask a question like: "How do I upgrade Vesta NXT to 1.0.12"
- Check the logs for:
INFO Using stored cookies for confluence (count: 1) INFO Found X integration sources for AI context
If successful, the AI response should include:
- Content from internal documentation
- Source citations with URLs
- Links to Confluence/ServiceNow/Azure DevOps pages
Troubleshooting
No search results found
Symptom: AI gives generic answers instead of internal documentation
Check logs for:
WARN Unable to search confluence - no authentication available
Solution: Add an API token (see above)
Cookie extraction timeout
Symptom: Logs show:
WARN Failed to extract cookies from confluence: Timeout extracting cookies
Why: HttpOnly cookies cannot be extracted via JavaScript
Solution: Use API tokens instead
Integration not configured
Symptom: No integration searches at all
Check: Settings → Integrations - ensure integration is added with:
- Base URL configured
- Either browser window open OR API token saved
Future Enhancements
Native Cookie Extraction (Planned)
We plan to implement platform-specific native cookie extraction that can access HttpOnly cookies directly from the webview's cookie store:
- macOS: Use WKWebView's HTTPCookieStore (requires
cocoa/objccrates) - Windows: Use WebView2's cookie manager (requires
windowscrate) - Linux: Use WebKitGTK cookie manager (requires
webkit2gtkbinding)
This will make the persistent browser approach fully automatic, even with HttpOnly cookies.
Webview-Based Search (Experimental)
Another approach is to make search requests FROM within the authenticated webview using JavaScript fetch, which automatically includes HttpOnly cookies. This requires reliable IPC communication between JavaScript and Rust.
Security Notes
Token Storage
API tokens are:
- ✅ Encrypted using AES-256-GCM before storage
- ✅ Hashed (SHA-256) for audit logging
- ✅ Stored in encrypted SQLite database
- ✅ Never exposed to frontend JavaScript
Cookie Storage (when working)
Extracted cookies are:
- ✅ Encrypted before database storage
- ✅ Only retrieved when making API requests
- ✅ Transmitted only over HTTPS
Audit Trail
All integration authentication attempts are logged:
- Cookie extraction attempts
- Token usage
- Search requests
- Authentication failures
Check Settings → Security → Audit Log to review activity.
Summary
For reliable integration search NOW: Use API tokens (Option 1)
For automatic integration search LATER: Native cookie extraction will be implemented in a future update
Current workaround: API tokens provide full functionality without browser dependency