diff --git a/Architecture.md b/Architecture.md index 2a3a059..ce6089b 100644 --- a/Architecture.md +++ b/Architecture.md @@ -29,8 +29,7 @@ TFTSR uses a Tauri 2.x architecture: a Rust backend runs natively, and a React/T pub struct AppState { pub db: Arc>, pub settings: Arc>, - pub app_data_dir: PathBuf, // ~/.local/share/trcaa on Linux - pub integration_webviews: Arc>>, + pub app_data_dir: PathBuf, // ~/.local/share/tftsr on Linux } ``` @@ -47,10 +46,11 @@ All command handlers receive `State<'_, AppState>` as a Tauri-injected parameter | `commands/analysis.rs` | Log file upload, PII detection, redaction | | `commands/docs.rs` | RCA and post-mortem generation, document export | | `commands/system.rs` | Ollama management, hardware probe, settings, audit log | -| `commands/integrations.rs` | Confluence / ServiceNow / ADO — OAuth2, WebView auth, tool calling | +| `commands/image.rs` | Image attachment upload, list, delete, paste | +| `commands/integrations.rs` | Confluence / ServiceNow / ADO — v0.2 stubs | | `ai/provider.rs` | `Provider` trait + `create_provider()` factory | | `pii/detector.rs` | Multi-pattern PII scanner with overlap resolution | -| `db/migrations.rs` | Versioned schema (14 migrations tracked in `_migrations` table) | +| `db/migrations.rs` | Versioned schema (12 migrations in `_migrations` table) | | `db/models.rs` | All DB types — see `IssueDetail` note below | | `docs/rca.rs` + `docs/postmortem.rs` | Markdown template builders | | `audit/log.rs` | `write_audit_event()` — called before every external send | @@ -75,6 +75,7 @@ src-tauri/src/ │ ├── analysis.rs │ ├── docs.rs │ ├── system.rs +│ ├── image.rs │ └── integrations.rs ├── pii/ │ ├── patterns.rs @@ -179,30 +180,22 @@ Use `detail.issue.title`, **not** `detail.title`. ``` 1. Initialize tracing (RUST_LOG controls level) -2. Determine data directory (state::get_app_data_dir() or TFTSR_DATA_DIR) -3. Auto-generate or load .dbkey / .enckey (mode 0600) — see ADR-005 -4. Open / create SQLCipher encrypted database - - If plain SQLite detected (debug→release upgrade): auto-migrate + backup -5. Run DB migrations (14 schema versions) -6. Create AppState (db + settings + app_data_dir + integration_webviews) -7. Register Tauri plugins (stronghold, dialog, fs, shell, http) -8. Register all IPC command handlers via generate_handler![] -9. Start WebView with React app +2. Determine data directory (~/.local/share/tftsr or TFTSR_DATA_DIR) +3. Open / create SQLite database (run migrations) +4. Create AppState (db + settings + app_data_dir) +5. Register Tauri plugins (stronghold, dialog, fs, shell, http, cli, updater) +6. Register all 39 IPC command handlers +7. Start WebView with React app ``` -## Architecture Documentation +## Image Attachments -Full architecture documentation with C4 diagrams, data flow diagrams, and Architecture Decision Records (ADRs) is available in [`docs/architecture/`](../architecture/README.md): +The app supports uploading and managing image files (screenshots, diagrams) as attachments: -| Document | Contents | -|----------|----------| -| [Architecture Overview](../architecture/README.md) | C4 diagrams, data flows, security model | -| [ADR-001](../architecture/adrs/ADR-001-tauri-desktop-framework.md) | Why Tauri over Electron | -| [ADR-002](../architecture/adrs/ADR-002-sqlcipher-encrypted-database.md) | SQLCipher encryption choices | -| [ADR-003](../architecture/adrs/ADR-003-provider-trait-pattern.md) | AI provider trait design | -| [ADR-004](../architecture/adrs/ADR-004-pii-regex-aho-corasick.md) | PII detection implementation | -| [ADR-005](../architecture/adrs/ADR-005-auto-generate-encryption-keys.md) | Key auto-generation design | -| [ADR-006](../architecture/adrs/ADR-006-zustand-state-management.md) | Frontend state management | +1. **Upload** via `upload_image_attachmentCmd()` or `upload_paste_imageCmd()` (clipboard paste) +2. **PII detection** runs automatically on upload +3. **User approval** required before image is stored +4. **Database storage** in `image_attachments` table with SHA-256 hash ## Data Flow diff --git a/Database.md b/Database.md index 68b5104..adcd0c2 100644 --- a/Database.md +++ b/Database.md @@ -2,7 +2,7 @@ ## Overview -TFTSR uses **SQLite** via `rusqlite` with the `bundled-sqlcipher` feature for AES-256 encryption in production. 11 versioned migrations are tracked in the `_migrations` table. +TFTSR uses **SQLite** via `rusqlite` with the `bundled-sqlcipher` feature for AES-256 encryption in production. 12 versioned migrations are tracked in the `_migrations` table. **DB file location:** `{app_data_dir}/tftsr.db` @@ -211,6 +211,29 @@ CREATE TABLE integration_config ( ); ``` +### 012 — image_attachments (v0.2.7+) + +```sql +CREATE TABLE image_attachments ( + id TEXT PRIMARY KEY, + issue_id TEXT NOT NULL REFERENCES issues(id) ON DELETE CASCADE, + file_name TEXT NOT NULL, + file_path TEXT NOT NULL DEFAULT '', + file_size INTEGER NOT NULL DEFAULT 0, + mime_type TEXT NOT NULL DEFAULT 'image/png', + upload_hash TEXT NOT NULL DEFAULT '', + uploaded_at TEXT NOT NULL DEFAULT (datetime('now')), + pii_warning_acknowledged INTEGER NOT NULL DEFAULT 1, + is_paste INTEGER NOT NULL DEFAULT 0 +); +``` + +**Features:** +- Image file metadata stored in database +- `upload_hash`: SHA-256 hash of file content (for deduplication) +- `pii_warning_acknowledged`: User confirmation that PII may be present +- `is_paste`: Flag for screenshots copied from clipboard + **Encryption:** - OAuth2 tokens encrypted with AES-256-GCM - Key derived from `TFTSR_DB_KEY` environment variable diff --git a/Home.md b/Home.md index 58074eb..954ce22 100644 --- a/Home.md +++ b/Home.md @@ -32,12 +32,14 @@ - **Ollama Management** — Hardware detection, model recommendations, in-app model management - **Audit Trail** — Every external data send logged with SHA-256 hash - **Domain-Specific Prompts** — 8 IT domains: Linux, Windows, Network, Kubernetes, Databases, Virtualization, Hardware, Observability +- **Image Attachments** — Upload and manage image files with PII detection and mandatory user approval ## Releases | Version | Status | Highlights | |---------|--------|-----------| | v0.2.6 | 🚀 Latest | Custom REST AI gateway support, OAuth2 shell permissions, user ID tracking | +| v0.2.5 | Released | Image attachments with PII detection and approval workflow | | v0.2.3 | Released | Confluence/ServiceNow/ADO REST API clients (19 TDD tests) | | v0.1.1 | Released | Core application with PII detection, RCA generation | diff --git a/IPC-Commands.md b/IPC-Commands.md index d0b6649..ad93146 100644 --- a/IPC-Commands.md +++ b/IPC-Commands.md @@ -99,6 +99,34 @@ Rewrites file content with approved redactions. Records SHA-256 in audit log. Re --- +## Image Attachment Commands + +### `upload_image_attachment` +```typescript +uploadImageAttachmentCmd(issueId: string, filePath: string, piiWarningAcknowledged: boolean) → ImageAttachment +``` +Uploads an image file. Computes SHA-256, stores metadata in DB. Returns `ImageAttachment` record. + +### `list_image_attachments` +```typescript +listImageAttachmentsCmd(issueId: string) → ImageAttachment[] +``` +Lists all image attachments for an issue. + +### `delete_image_attachment` +```typescript +deleteImageAttachmentCmd(imageId: string) → void +``` +Deletes an image attachment from disk and database. + +### `upload_paste_image` +```typescript +uploadPasteImageCmd(issueId: string, base64Data: string, fileName: string, piiWarningAcknowledged: boolean) → ImageAttachment +``` +Uploads an image from clipboard paste (base64). Returns `ImageAttachment` record. + +--- + ## AI Commands ### `analyze_logs`