2026-02-05 11:16:23 +00:00
|
|
|
package workspace
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/sha256"
|
|
|
|
|
"encoding/hex"
|
|
|
|
|
"os"
|
|
|
|
|
"path/filepath"
|
|
|
|
|
"sync"
|
|
|
|
|
|
|
|
|
|
core "github.com/host-uk/core/pkg/framework/core"
|
|
|
|
|
"github.com/host-uk/core/pkg/io"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Service implements the core.Workspace interface.
|
|
|
|
|
type Service struct {
|
|
|
|
|
core *core.Core
|
|
|
|
|
activeWorkspace string
|
|
|
|
|
rootPath string
|
|
|
|
|
medium io.Medium
|
|
|
|
|
mu sync.RWMutex
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// New creates a new Workspace service instance.
|
|
|
|
|
func New(c *core.Core) (any, error) {
|
|
|
|
|
home, err := os.UserHomeDir()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, core.E("workspace.New", "failed to determine home directory", err)
|
|
|
|
|
}
|
|
|
|
|
rootPath := filepath.Join(home, ".core", "workspaces")
|
|
|
|
|
|
|
|
|
|
s := &Service{
|
|
|
|
|
core: c,
|
|
|
|
|
rootPath: rootPath,
|
|
|
|
|
medium: io.Local,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := s.medium.EnsureDir(rootPath); err != nil {
|
|
|
|
|
return nil, core.E("workspace.New", "failed to ensure root directory", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return s, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CreateWorkspace creates a new encrypted workspace.
|
|
|
|
|
// Identifier is hashed (SHA-256 as proxy for LTHN) to create the directory name.
|
|
|
|
|
// A PGP keypair is generated using the password.
|
|
|
|
|
func (s *Service) CreateWorkspace(identifier, password string) (string, error) {
|
|
|
|
|
s.mu.Lock()
|
|
|
|
|
defer s.mu.Unlock()
|
|
|
|
|
|
|
|
|
|
// 1. Identification (LTHN hash proxy)
|
|
|
|
|
hash := sha256.Sum256([]byte(identifier))
|
|
|
|
|
wsID := hex.EncodeToString(hash[:])
|
|
|
|
|
wsPath := filepath.Join(s.rootPath, wsID)
|
|
|
|
|
|
|
|
|
|
if s.medium.Exists(wsPath) {
|
|
|
|
|
return "", core.E("workspace.CreateWorkspace", "workspace already exists", nil)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 2. Directory structure
|
|
|
|
|
dirs := []string{"config", "log", "data", "files", "keys"}
|
|
|
|
|
for _, d := range dirs {
|
|
|
|
|
if err := s.medium.EnsureDir(filepath.Join(wsPath, d)); err != nil {
|
|
|
|
|
return "", core.E("workspace.CreateWorkspace", "failed to create directory: "+d, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 3. PGP Keypair generation
|
feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336)
* feat: add security logging and fix framework regressions
This commit implements comprehensive security event logging and resolves critical regressions in the core framework.
Security Logging:
- Enhanced `pkg/log` with a `Security` level and helper.
- Added `log.Username()` to consistently identify the executing user.
- Instrumented GitHub CLI auth, Agentic configuration, filesystem sandbox, MCP handlers, and MCP TCP transport with security logs.
- Added `SecurityStyle` to the CLI for consistent visual representation of security events.
UniFi Security (CodeQL):
- Refactored `pkg/unifi` to remove hardcoded `InsecureSkipVerify`, resolving a high-severity alert.
- Added a `--verify-tls` flag and configuration option to control TLS verification.
- Updated command handlers to support the new verification parameter.
Framework Fixes:
- Restored original signatures for `MustServiceFor`, `Config()`, and `Display()` in `pkg/framework/core`, which had been corrupted during a merge.
- Fixed `pkg/framework/framework.go` and `pkg/framework/core/runtime_pkg.go` to match the restored signatures.
- These fixes resolve project-wide compilation errors caused by the signature mismatches.
I encountered significant blockers due to a corrupted state of the `dev` branch after a merge, which introduced breaking changes in the core framework's DI system. I had to manually reconcile these signatures with the expected usage across the codebase to restore build stability.
* feat(mcp): add RAG tools (query, ingest, collections)
Add vector database tools to the MCP server for RAG operations:
- rag_query: Search for relevant documentation using semantic similarity
- rag_ingest: Ingest files or directories into the vector database
- rag_collections: List available collections
Uses existing internal/cmd/rag exports (QueryDocs, IngestDirectory, IngestFile)
and pkg/rag for Qdrant client access. Default collection is "hostuk-docs"
with topK=5 for queries.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add metrics tools (record, query)
Add MCP tools for recording and querying AI/security metrics events.
The metrics_record tool writes events to daily JSONL files, and the
metrics_query tool provides aggregated statistics by type, repo, and agent.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add 'core mcp serve' command
Add CLI command to start the MCP server for AI tool integration.
- Create internal/cmd/mcpcmd package with serve subcommand
- Support --workspace flag for directory restriction
- Handle SIGINT/SIGTERM for clean shutdown
- Register in full.go build variant
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(ws): add WebSocket hub package for real-time streaming
Add pkg/ws package implementing a hub pattern for WebSocket connections:
- Hub manages client connections, broadcasts, and channel subscriptions
- Client struct represents connected WebSocket clients
- Message types: process_output, process_status, event, error, ping/pong
- Channel-based subscription system (subscribe/unsubscribe)
- SendProcessOutput and SendProcessStatus for process streaming integration
- Full test coverage including concurrency tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add process management and WebSocket MCP tools
Add MCP tools for process management:
- process_start: Start a new external process
- process_stop: Gracefully stop a running process
- process_kill: Force kill a process
- process_list: List all managed processes
- process_output: Get captured process output
- process_input: Send input to process stdin
Add MCP tools for WebSocket:
- ws_start: Start WebSocket server for real-time streaming
- ws_info: Get hub statistics (clients, channels)
Update Service struct with optional process.Service and ws.Hub fields,
new WithProcessService and WithWSHub options, getter methods, and
Shutdown method for cleanup.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(webview): add browser automation package via Chrome DevTools Protocol
Add pkg/webview package for browser automation:
- webview.go: Main interface with Connect, Navigate, Click, Type, QuerySelector, Screenshot, Evaluate
- cdp.go: Chrome DevTools Protocol WebSocket client implementation
- actions.go: DOM action types (Click, Type, Hover, Scroll, etc.) and ActionSequence builder
- console.go: Console message capture and filtering with ConsoleWatcher and ExceptionWatcher
- angular.go: Angular-specific helpers for router navigation, component access, and Zone.js stability
Add MCP tools for webview:
- webview_connect/disconnect: Connection management
- webview_navigate: Page navigation
- webview_click/type/query/wait: DOM interaction
- webview_console: Console output capture
- webview_eval: JavaScript execution
- webview_screenshot: Screenshot capture
Add documentation:
- docs/mcp/angular-testing.md: Guide for Angular application testing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: document new packages and BugSETI application
- Update CLAUDE.md with documentation for:
- pkg/ws (WebSocket hub for real-time streaming)
- pkg/webview (Browser automation via CDP)
- pkg/mcp (MCP server tools: process, ws, webview)
- BugSETI application overview
- Add comprehensive README for BugSETI with:
- Installation and configuration guide
- Usage workflow documentation
- Architecture overview
- Contributing guidelines
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bugseti): add BugSETI system tray app with auto-update
BugSETI - Distributed Bug Fixing like SETI@home but for code
Features:
- System tray app with Wails v3
- GitHub issue fetching with label filters
- Issue queue with priority management
- AI context seeding via seed-agent-developer skill
- Automated PR submission flow
- Stats tracking and leaderboard
- Cross-platform notifications
- Self-updating with stable/beta/nightly channels
Includes:
- cmd/bugseti: Main application with Angular frontend
- internal/bugseti: Core services (fetcher, queue, seeder, submit, config, stats, notify)
- internal/bugseti/updater: Auto-update system (checker, downloader, installer)
- .github/workflows/bugseti-release.yml: CI/CD for all platforms
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: resolve import cycle and code duplication
- Remove pkg/log import from pkg/io/local to break import cycle
(pkg/log/rotation.go imports pkg/io, creating circular dependency)
- Use stderr logging for security events in sandbox escape detection
- Remove unused sync/atomic import from core.go
- Fix duplicate LogSecurity function declarations in cli/log.go
- Update workspace/service.go Crypt() call to match interface
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: update tests for new function signatures and format code
- Update core_test.go: Config(), Display() now panic instead of returning error
- Update runtime_pkg_test.go: sr.Config() now panics instead of returning error
- Update MustServiceFor tests to use assert.Panics
- Format BugSETI, MCP tools, and webview packages with gofmt
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
Co-authored-by: Claude <developers@lethean.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 17:22:05 +00:00
|
|
|
crypt := s.core.Crypt()
|
|
|
|
|
if crypt == nil {
|
|
|
|
|
return "", core.E("workspace.CreateWorkspace", "crypt service not available", nil)
|
2026-02-05 11:16:23 +00:00
|
|
|
}
|
|
|
|
|
privKey, err := crypt.CreateKeyPair(identifier, password)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", core.E("workspace.CreateWorkspace", "failed to generate keys", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Save private key
|
|
|
|
|
if err := s.medium.Write(filepath.Join(wsPath, "keys", "private.key"), privKey); err != nil {
|
|
|
|
|
return "", core.E("workspace.CreateWorkspace", "failed to save private key", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return wsID, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SwitchWorkspace changes the active workspace.
|
|
|
|
|
func (s *Service) SwitchWorkspace(name string) error {
|
|
|
|
|
s.mu.Lock()
|
|
|
|
|
defer s.mu.Unlock()
|
|
|
|
|
|
|
|
|
|
wsPath := filepath.Join(s.rootPath, name)
|
|
|
|
|
if !s.medium.IsDir(wsPath) {
|
|
|
|
|
return core.E("workspace.SwitchWorkspace", "workspace not found: "+name, nil)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
s.activeWorkspace = name
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// WorkspaceFileGet retrieves the content of a file from the active workspace.
|
|
|
|
|
// In a full implementation, this would involve decryption using the workspace key.
|
|
|
|
|
func (s *Service) WorkspaceFileGet(filename string) (string, error) {
|
|
|
|
|
s.mu.RLock()
|
|
|
|
|
defer s.mu.RUnlock()
|
|
|
|
|
|
|
|
|
|
if s.activeWorkspace == "" {
|
|
|
|
|
return "", core.E("workspace.WorkspaceFileGet", "no active workspace", nil)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
path := filepath.Join(s.rootPath, s.activeWorkspace, "files", filename)
|
|
|
|
|
return s.medium.Read(path)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// WorkspaceFileSet saves content to a file in the active workspace.
|
|
|
|
|
// In a full implementation, this would involve encryption using the workspace key.
|
|
|
|
|
func (s *Service) WorkspaceFileSet(filename, content string) error {
|
|
|
|
|
s.mu.Lock()
|
|
|
|
|
defer s.mu.Unlock()
|
|
|
|
|
|
|
|
|
|
if s.activeWorkspace == "" {
|
|
|
|
|
return core.E("workspace.WorkspaceFileSet", "no active workspace", nil)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
path := filepath.Join(s.rootPath, s.activeWorkspace, "files", filename)
|
|
|
|
|
return s.medium.Write(path, content)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// HandleIPCEvents handles workspace-related IPC messages.
|
|
|
|
|
func (s *Service) HandleIPCEvents(c *core.Core, msg core.Message) error {
|
|
|
|
|
switch m := msg.(type) {
|
|
|
|
|
case map[string]any:
|
|
|
|
|
action, _ := m["action"].(string)
|
|
|
|
|
switch action {
|
|
|
|
|
case "workspace.create":
|
|
|
|
|
id, _ := m["identifier"].(string)
|
|
|
|
|
pass, _ := m["password"].(string)
|
|
|
|
|
_, err := s.CreateWorkspace(id, pass)
|
|
|
|
|
return err
|
|
|
|
|
case "workspace.switch":
|
|
|
|
|
name, _ := m["name"].(string)
|
|
|
|
|
return s.SwitchWorkspace(name)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ensure Service implements core.Workspace.
|
|
|
|
|
var _ core.Workspace = (*Service)(nil)
|