core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/internal/bugseti/updater/download.go
Vi 4debdc1449 feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336) 
* feat: add security logging and fix framework regressions

This commit implements comprehensive security event logging and resolves critical regressions in the core framework.

Security Logging:
- Enhanced `pkg/log` with a `Security` level and helper.
- Added `log.Username()` to consistently identify the executing user.
- Instrumented GitHub CLI auth, Agentic configuration, filesystem sandbox, MCP handlers, and MCP TCP transport with security logs.
- Added `SecurityStyle` to the CLI for consistent visual representation of security events.

UniFi Security (CodeQL):
- Refactored `pkg/unifi` to remove hardcoded `InsecureSkipVerify`, resolving a high-severity alert.
- Added a `--verify-tls` flag and configuration option to control TLS verification.
- Updated command handlers to support the new verification parameter.

Framework Fixes:
- Restored original signatures for `MustServiceFor`, `Config()`, and `Display()` in `pkg/framework/core`, which had been corrupted during a merge.
- Fixed `pkg/framework/framework.go` and `pkg/framework/core/runtime_pkg.go` to match the restored signatures.
- These fixes resolve project-wide compilation errors caused by the signature mismatches.

I encountered significant blockers due to a corrupted state of the `dev` branch after a merge, which introduced breaking changes in the core framework's DI system. I had to manually reconcile these signatures with the expected usage across the codebase to restore build stability.

* feat(mcp): add RAG tools (query, ingest, collections)

Add vector database tools to the MCP server for RAG operations:
- rag_query: Search for relevant documentation using semantic similarity
- rag_ingest: Ingest files or directories into the vector database
- rag_collections: List available collections

Uses existing internal/cmd/rag exports (QueryDocs, IngestDirectory, IngestFile)
and pkg/rag for Qdrant client access. Default collection is "hostuk-docs"
with topK=5 for queries.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(mcp): add metrics tools (record, query)

Add MCP tools for recording and querying AI/security metrics events.
The metrics_record tool writes events to daily JSONL files, and the
metrics_query tool provides aggregated statistics by type, repo, and agent.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat: add 'core mcp serve' command

Add CLI command to start the MCP server for AI tool integration.

- Create internal/cmd/mcpcmd package with serve subcommand
- Support --workspace flag for directory restriction
- Handle SIGINT/SIGTERM for clean shutdown
- Register in full.go build variant

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(ws): add WebSocket hub package for real-time streaming

Add pkg/ws package implementing a hub pattern for WebSocket connections:
- Hub manages client connections, broadcasts, and channel subscriptions
- Client struct represents connected WebSocket clients
- Message types: process_output, process_status, event, error, ping/pong
- Channel-based subscription system (subscribe/unsubscribe)
- SendProcessOutput and SendProcessStatus for process streaming integration
- Full test coverage including concurrency tests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(mcp): add process management and WebSocket MCP tools

Add MCP tools for process management:
- process_start: Start a new external process
- process_stop: Gracefully stop a running process
- process_kill: Force kill a process
- process_list: List all managed processes
- process_output: Get captured process output
- process_input: Send input to process stdin

Add MCP tools for WebSocket:
- ws_start: Start WebSocket server for real-time streaming
- ws_info: Get hub statistics (clients, channels)

Update Service struct with optional process.Service and ws.Hub fields,
new WithProcessService and WithWSHub options, getter methods, and
Shutdown method for cleanup.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(webview): add browser automation package via Chrome DevTools Protocol

Add pkg/webview package for browser automation:
- webview.go: Main interface with Connect, Navigate, Click, Type, QuerySelector, Screenshot, Evaluate
- cdp.go: Chrome DevTools Protocol WebSocket client implementation
- actions.go: DOM action types (Click, Type, Hover, Scroll, etc.) and ActionSequence builder
- console.go: Console message capture and filtering with ConsoleWatcher and ExceptionWatcher
- angular.go: Angular-specific helpers for router navigation, component access, and Zone.js stability

Add MCP tools for webview:
- webview_connect/disconnect: Connection management
- webview_navigate: Page navigation
- webview_click/type/query/wait: DOM interaction
- webview_console: Console output capture
- webview_eval: JavaScript execution
- webview_screenshot: Screenshot capture

Add documentation:
- docs/mcp/angular-testing.md: Guide for Angular application testing

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs: document new packages and BugSETI application

- Update CLAUDE.md with documentation for:
  - pkg/ws (WebSocket hub for real-time streaming)
  - pkg/webview (Browser automation via CDP)
  - pkg/mcp (MCP server tools: process, ws, webview)
  - BugSETI application overview
- Add comprehensive README for BugSETI with:
  - Installation and configuration guide
  - Usage workflow documentation
  - Architecture overview
  - Contributing guidelines

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(bugseti): add BugSETI system tray app with auto-update

BugSETI - Distributed Bug Fixing like SETI@home but for code

Features:
- System tray app with Wails v3
- GitHub issue fetching with label filters
- Issue queue with priority management
- AI context seeding via seed-agent-developer skill
- Automated PR submission flow
- Stats tracking and leaderboard
- Cross-platform notifications
- Self-updating with stable/beta/nightly channels

Includes:
- cmd/bugseti: Main application with Angular frontend
- internal/bugseti: Core services (fetcher, queue, seeder, submit, config, stats, notify)
- internal/bugseti/updater: Auto-update system (checker, downloader, installer)
- .github/workflows/bugseti-release.yml: CI/CD for all platforms

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: resolve import cycle and code duplication

- Remove pkg/log import from pkg/io/local to break import cycle
  (pkg/log/rotation.go imports pkg/io, creating circular dependency)
- Use stderr logging for security events in sandbox escape detection
- Remove unused sync/atomic import from core.go
- Fix duplicate LogSecurity function declarations in cli/log.go
- Update workspace/service.go Crypt() call to match interface

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: update tests for new function signatures and format code

- Update core_test.go: Config(), Display() now panic instead of returning error
- Update runtime_pkg_test.go: sr.Config() now panics instead of returning error
- Update MustServiceFor tests to use assert.Panics
- Format BugSETI, MCP tools, and webview packages with gofmt

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
Co-authored-by: Claude <developers@lethean.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 17:22:05 +00:00

427 lines
9.8 KiB
Go
Raw Blame History

// Package updater provides auto-update functionality for BugSETI.
package updater
import (
"archive/tar"
"archive/zip"
"compress/gzip"
"context"
"crypto/sha256"
"encoding/hex"
"fmt"
"io"
"net/http"
"os"
"path/filepath"
"runtime"
"strings"
)
// DownloadProgress reports download progress.
type DownloadProgress struct {
BytesDownloaded int64 `json:"bytesDownloaded"`
TotalBytes int64 `json:"totalBytes"`
Percent float64 `json:"percent"`
}
// DownloadResult contains the result of a download operation.
type DownloadResult struct {
BinaryPath string `json:"binaryPath"`
Version string `json:"version"`
Checksum string `json:"checksum"`
VerifiedOK bool `json:"verifiedOK"`
}
// Downloader handles downloading and verifying updates.
type Downloader struct {
httpClient *http.Client
stagingDir string
onProgress func(DownloadProgress)
}
// NewDownloader creates a new update downloader.
func NewDownloader() (*Downloader, error) {
// Create staging directory in user's temp dir
stagingDir := filepath.Join(os.TempDir(), "bugseti-updates")
if err := os.MkdirAll(stagingDir, 0755); err != nil {
return nil, fmt.Errorf("failed to create staging directory: %w", err)
}
return &Downloader{
httpClient: &http.Client{},
stagingDir: stagingDir,
}, nil
}
// SetProgressCallback sets a callback for download progress updates.
func (d *Downloader) SetProgressCallback(cb func(DownloadProgress)) {
d.onProgress = cb
}
// Download downloads a release and stages it for installation.
func (d *Downloader) Download(ctx context.Context, release *ReleaseInfo) (*DownloadResult, error) {
result := &DownloadResult{
Version: release.Version,
}
// Prefer archive download for extraction
downloadURL := release.ArchiveURL
if downloadURL == "" {
downloadURL = release.BinaryURL
}
if downloadURL == "" {
return nil, fmt.Errorf("no download URL available for release %s", release.Version)
}
// Download the checksum first if available
var expectedChecksum string
if release.ChecksumURL != "" {
checksum, err := d.downloadChecksum(ctx, release.ChecksumURL)
if err != nil {
// Log but don't fail - checksum verification is optional
fmt.Printf("Warning: could not download checksum: %v\n", err)
} else {
expectedChecksum = checksum
}
}
// Download the file
downloadedPath, err := d.downloadFile(ctx, downloadURL, release.Size)
if err != nil {
return nil, fmt.Errorf("failed to download update: %w", err)
}
// Verify checksum if available
actualChecksum, err := d.calculateChecksum(downloadedPath)
if err != nil {
os.Remove(downloadedPath)
return nil, fmt.Errorf("failed to calculate checksum: %w", err)
}
result.Checksum = actualChecksum
if expectedChecksum != "" {
if actualChecksum != expectedChecksum {
os.Remove(downloadedPath)
return nil, fmt.Errorf("checksum mismatch: expected %s, got %s", expectedChecksum, actualChecksum)
}
result.VerifiedOK = true
}
// Extract if it's an archive
var binaryPath string
if strings.HasSuffix(downloadURL, ".tar.gz") {
binaryPath, err = d.extractTarGz(downloadedPath)
} else if strings.HasSuffix(downloadURL, ".zip") {
binaryPath, err = d.extractZip(downloadedPath)
} else {
// It's a raw binary
binaryPath = downloadedPath
}
if err != nil {
os.Remove(downloadedPath)
return nil, fmt.Errorf("failed to extract archive: %w", err)
}
// Make the binary executable (Unix only)
if runtime.GOOS != "windows" {
if err := os.Chmod(binaryPath, 0755); err != nil {
return nil, fmt.Errorf("failed to make binary executable: %w", err)
}
}
result.BinaryPath = binaryPath
return result, nil
}
// downloadChecksum downloads and parses a checksum file.
func (d *Downloader) downloadChecksum(ctx context.Context, url string) (string, error) {
req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
if err != nil {
return "", err
}
req.Header.Set("User-Agent", "BugSETI-Updater")
resp, err := d.httpClient.Do(req)
if err != nil {
return "", err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return "", fmt.Errorf("HTTP %d", resp.StatusCode)
}
data, err := io.ReadAll(resp.Body)
if err != nil {
return "", err
}
// Checksum file format: "hash filename" or just "hash"
parts := strings.Fields(strings.TrimSpace(string(data)))
if len(parts) == 0 {
return "", fmt.Errorf("empty checksum file")
}
return parts[0], nil
}
// downloadFile downloads a file with progress reporting.
func (d *Downloader) downloadFile(ctx context.Context, url string, expectedSize int64) (string, error) {
req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
if err != nil {
return "", err
}
req.Header.Set("User-Agent", "BugSETI-Updater")
resp, err := d.httpClient.Do(req)
if err != nil {
return "", err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return "", fmt.Errorf("HTTP %d", resp.StatusCode)
}
// Get total size from response or use expected size
totalSize := resp.ContentLength
if totalSize <= 0 {
totalSize = expectedSize
}
// Create output file
filename := filepath.Base(url)
outPath := filepath.Join(d.stagingDir, filename)
out, err := os.Create(outPath)
if err != nil {
return "", err
}
defer out.Close()
// Download with progress
var downloaded int64
buf := make([]byte, 32*1024) // 32KB buffer
for {
select {
case <-ctx.Done():
os.Remove(outPath)
return "", ctx.Err()
default:
}
n, readErr := resp.Body.Read(buf)
if n > 0 {
_, writeErr := out.Write(buf[:n])
if writeErr != nil {
os.Remove(outPath)
return "", writeErr
}
downloaded += int64(n)
// Report progress
if d.onProgress != nil && totalSize > 0 {
d.onProgress(DownloadProgress{
BytesDownloaded: downloaded,
TotalBytes: totalSize,
Percent: float64(downloaded) / float64(totalSize) * 100,
})
}
}
if readErr == io.EOF {
break
}
if readErr != nil {
os.Remove(outPath)
return "", readErr
}
}
return outPath, nil
}
// calculateChecksum calculates the SHA256 checksum of a file.
func (d *Downloader) calculateChecksum(path string) (string, error) {
f, err := os.Open(path)
if err != nil {
return "", err
}
defer f.Close()
h := sha256.New()
if _, err := io.Copy(h, f); err != nil {
return "", err
}
return hex.EncodeToString(h.Sum(nil)), nil
}
// extractTarGz extracts a .tar.gz archive and returns the path to the binary.
func (d *Downloader) extractTarGz(archivePath string) (string, error) {
f, err := os.Open(archivePath)
if err != nil {
return "", err
}
defer f.Close()
gzr, err := gzip.NewReader(f)
if err != nil {
return "", err
}
defer gzr.Close()
tr := tar.NewReader(gzr)
extractDir := filepath.Join(d.stagingDir, "extracted")
os.RemoveAll(extractDir)
if err := os.MkdirAll(extractDir, 0755); err != nil {
return "", err
}
var binaryPath string
binaryName := "bugseti"
if runtime.GOOS == "windows" {
binaryName = "bugseti.exe"
}
for {
header, err := tr.Next()
if err == io.EOF {
break
}
if err != nil {
return "", err
}
target := filepath.Join(extractDir, header.Name)
// Prevent directory traversal
if !strings.HasPrefix(filepath.Clean(target), filepath.Clean(extractDir)) {
return "", fmt.Errorf("invalid file path in archive: %s", header.Name)
}
switch header.Typeflag {
case tar.TypeDir:
if err := os.MkdirAll(target, 0755); err != nil {
return "", err
}
case tar.TypeReg:
// Create parent directory
if err := os.MkdirAll(filepath.Dir(target), 0755); err != nil {
return "", err
}
outFile, err := os.OpenFile(target, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.FileMode(header.Mode))
if err != nil {
return "", err
}
if _, err := io.Copy(outFile, tr); err != nil {
outFile.Close()
return "", err
}
outFile.Close()
// Check if this is the binary we're looking for
if filepath.Base(header.Name) == binaryName {
binaryPath = target
}
}
}
// Clean up archive
os.Remove(archivePath)
if binaryPath == "" {
return "", fmt.Errorf("binary not found in archive")
}
return binaryPath, nil
}
// extractZip extracts a .zip archive and returns the path to the binary.
func (d *Downloader) extractZip(archivePath string) (string, error) {
r, err := zip.OpenReader(archivePath)
if err != nil {
return "", err
}
defer r.Close()
extractDir := filepath.Join(d.stagingDir, "extracted")
os.RemoveAll(extractDir)
if err := os.MkdirAll(extractDir, 0755); err != nil {
return "", err
}
var binaryPath string
binaryName := "bugseti"
if runtime.GOOS == "windows" {
binaryName = "bugseti.exe"
}
for _, f := range r.File {
target := filepath.Join(extractDir, f.Name)
// Prevent directory traversal
if !strings.HasPrefix(filepath.Clean(target), filepath.Clean(extractDir)) {
return "", fmt.Errorf("invalid file path in archive: %s", f.Name)
}
if f.FileInfo().IsDir() {
if err := os.MkdirAll(target, 0755); err != nil {
return "", err
}
continue
}
// Create parent directory
if err := os.MkdirAll(filepath.Dir(target), 0755); err != nil {
return "", err
}
rc, err := f.Open()
if err != nil {
return "", err
}
outFile, err := os.OpenFile(target, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, f.Mode())
if err != nil {
rc.Close()
return "", err
}
_, err = io.Copy(outFile, rc)
rc.Close()
outFile.Close()
if err != nil {
return "", err
}
// Check if this is the binary we're looking for
if filepath.Base(f.Name) == binaryName {
binaryPath = target
}
}
// Clean up archive
os.Remove(archivePath)
if binaryPath == "" {
return "", fmt.Errorf("binary not found in archive")
}
return binaryPath, nil
}
// Cleanup removes all staged files.
func (d *Downloader) Cleanup() error {
return os.RemoveAll(d.stagingDir)
}
// GetStagingDir returns the staging directory path.
func (d *Downloader) GetStagingDir() string {
return d.stagingDir
}
Reference in a new issue View git blame Copy permalink