sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity
f05b954250
tftsr-devops_investigation/src-tauri
History
Shaun Arman f05b954250
Some checks failed
Test / rust-fmt-check (pull_request) Failing after 1m25s
Details
Test / frontend-typecheck (pull_request) Successful in 1m37s
Details
Test / frontend-tests (pull_request) Successful in 1m36s
Details
Test / rust-clippy (pull_request) Failing after 3m18s
Details
PR Review Automation / review (pull_request) Successful in 4m19s
Details
Test / rust-tests (pull_request) Successful in 4m30s
Details
fix(security): address PR review — move attachment handling to backend, auto-redact PII 
Resolves all four findings from the automated review:

[BLOCKER 1] Attachment PII scan error path left pendingFiles intact,
allowing retry with stale file references. Fix: file content is no
longer held in frontend state at all — PendingFile drops the content
field entirely. logFileIds are captured before setPendingFiles([]) and
passed directly to the backend.

[BLOCKER 2] Raw file content stored in PendingFile.content created a
UI-visible PII surface and a data-residency risk. Fix: frontend never
reads or stores file content. The backend loads file data from disk,
auto-redacts PII in-memory using pii::apply_redactions(), and embeds
the clean text into the AI message. No PII ever touches the frontend.

[WARNING 1] String-based attachment header parsing was fragile and
bypassable. Fix: parsing is gone — backend identifies attachments by
log_file_id, reads them directly from the DB/disk path, and applies
redaction at that level.

[WARNING 2] Error message disclosed PII type list to the caller. Fix:
PII types are logged via tracing::warn only; no type details in the
user-facing error or API response.

Additionally: typed chat messages are now auto-redacted rather than
blocked. scanTextForPiiCmd runs on the typed text; detected spans are
replaced in reverse-offset order before the message is sent to the AI
and stored in the DB. The user sees the redacted form in their chat
bubble.

Architecture:
- chat_message now accepts log_file_ids: Option<Vec<String>>
- Backend reads file → detects PII → redacts in memory → embeds
- Frontend: no readTextFile, no content field, no frontend PII gate
2026-05-31 19:20:46 -05:00
..
.cargo fix: resolve clippy format-args failures and OpenSSL vendoring issue 2026-04-04 15:05:13 -05:00
capabilities chore: add MIT license, security hardening, and repo hygiene 2026-04-07 12:50:13 -05:00
gen/schemas feat: add image attachment support with PII detection 2026-04-08 20:03:34 -05:00
icons fix: replace empty icon placeholder files with real app icons 2026-03-15 20:31:52 -05:00
resources/ollama feat(ui): fix model dropdown, auth prefill, PII persistence, theme toggle, and Ollama bundle 2026-04-05 19:30:41 -05:00
src fix(security): address PR review — move attachment handling to backend, auto-redact PII 2026-05-31 19:20:46 -05:00
build.rs fix: remove invalid --locked flag from cargo commands and fix format string 2026-04-14 20:50:47 -05:00
Cargo.lock feat: attachment DB storage and cross-incident recall 2026-05-31 17:55:47 -05:00
Cargo.toml feat: attachment DB storage and cross-incident recall 2026-05-31 17:55:47 -05:00
tauri.conf.json fix: bump tauri.conf.json version to 0.3.0 2026-05-23 17:36:38 -05:00