core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/internal/bugseti/updater/install.go
Vi 4debdc1449 feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336) 
* feat: add security logging and fix framework regressions

This commit implements comprehensive security event logging and resolves critical regressions in the core framework.

Security Logging:
- Enhanced `pkg/log` with a `Security` level and helper.
- Added `log.Username()` to consistently identify the executing user.
- Instrumented GitHub CLI auth, Agentic configuration, filesystem sandbox, MCP handlers, and MCP TCP transport with security logs.
- Added `SecurityStyle` to the CLI for consistent visual representation of security events.

UniFi Security (CodeQL):
- Refactored `pkg/unifi` to remove hardcoded `InsecureSkipVerify`, resolving a high-severity alert.
- Added a `--verify-tls` flag and configuration option to control TLS verification.
- Updated command handlers to support the new verification parameter.

Framework Fixes:
- Restored original signatures for `MustServiceFor`, `Config()`, and `Display()` in `pkg/framework/core`, which had been corrupted during a merge.
- Fixed `pkg/framework/framework.go` and `pkg/framework/core/runtime_pkg.go` to match the restored signatures.
- These fixes resolve project-wide compilation errors caused by the signature mismatches.

I encountered significant blockers due to a corrupted state of the `dev` branch after a merge, which introduced breaking changes in the core framework's DI system. I had to manually reconcile these signatures with the expected usage across the codebase to restore build stability.

* feat(mcp): add RAG tools (query, ingest, collections)

Add vector database tools to the MCP server for RAG operations:
- rag_query: Search for relevant documentation using semantic similarity
- rag_ingest: Ingest files or directories into the vector database
- rag_collections: List available collections

Uses existing internal/cmd/rag exports (QueryDocs, IngestDirectory, IngestFile)
and pkg/rag for Qdrant client access. Default collection is "hostuk-docs"
with topK=5 for queries.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(mcp): add metrics tools (record, query)

Add MCP tools for recording and querying AI/security metrics events.
The metrics_record tool writes events to daily JSONL files, and the
metrics_query tool provides aggregated statistics by type, repo, and agent.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat: add 'core mcp serve' command

Add CLI command to start the MCP server for AI tool integration.

- Create internal/cmd/mcpcmd package with serve subcommand
- Support --workspace flag for directory restriction
- Handle SIGINT/SIGTERM for clean shutdown
- Register in full.go build variant

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(ws): add WebSocket hub package for real-time streaming

Add pkg/ws package implementing a hub pattern for WebSocket connections:
- Hub manages client connections, broadcasts, and channel subscriptions
- Client struct represents connected WebSocket clients
- Message types: process_output, process_status, event, error, ping/pong
- Channel-based subscription system (subscribe/unsubscribe)
- SendProcessOutput and SendProcessStatus for process streaming integration
- Full test coverage including concurrency tests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(mcp): add process management and WebSocket MCP tools

Add MCP tools for process management:
- process_start: Start a new external process
- process_stop: Gracefully stop a running process
- process_kill: Force kill a process
- process_list: List all managed processes
- process_output: Get captured process output
- process_input: Send input to process stdin

Add MCP tools for WebSocket:
- ws_start: Start WebSocket server for real-time streaming
- ws_info: Get hub statistics (clients, channels)

Update Service struct with optional process.Service and ws.Hub fields,
new WithProcessService and WithWSHub options, getter methods, and
Shutdown method for cleanup.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(webview): add browser automation package via Chrome DevTools Protocol

Add pkg/webview package for browser automation:
- webview.go: Main interface with Connect, Navigate, Click, Type, QuerySelector, Screenshot, Evaluate
- cdp.go: Chrome DevTools Protocol WebSocket client implementation
- actions.go: DOM action types (Click, Type, Hover, Scroll, etc.) and ActionSequence builder
- console.go: Console message capture and filtering with ConsoleWatcher and ExceptionWatcher
- angular.go: Angular-specific helpers for router navigation, component access, and Zone.js stability

Add MCP tools for webview:
- webview_connect/disconnect: Connection management
- webview_navigate: Page navigation
- webview_click/type/query/wait: DOM interaction
- webview_console: Console output capture
- webview_eval: JavaScript execution
- webview_screenshot: Screenshot capture

Add documentation:
- docs/mcp/angular-testing.md: Guide for Angular application testing

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs: document new packages and BugSETI application

- Update CLAUDE.md with documentation for:
  - pkg/ws (WebSocket hub for real-time streaming)
  - pkg/webview (Browser automation via CDP)
  - pkg/mcp (MCP server tools: process, ws, webview)
  - BugSETI application overview
- Add comprehensive README for BugSETI with:
  - Installation and configuration guide
  - Usage workflow documentation
  - Architecture overview
  - Contributing guidelines

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(bugseti): add BugSETI system tray app with auto-update

BugSETI - Distributed Bug Fixing like SETI@home but for code

Features:
- System tray app with Wails v3
- GitHub issue fetching with label filters
- Issue queue with priority management
- AI context seeding via seed-agent-developer skill
- Automated PR submission flow
- Stats tracking and leaderboard
- Cross-platform notifications
- Self-updating with stable/beta/nightly channels

Includes:
- cmd/bugseti: Main application with Angular frontend
- internal/bugseti: Core services (fetcher, queue, seeder, submit, config, stats, notify)
- internal/bugseti/updater: Auto-update system (checker, downloader, installer)
- .github/workflows/bugseti-release.yml: CI/CD for all platforms

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: resolve import cycle and code duplication

- Remove pkg/log import from pkg/io/local to break import cycle
  (pkg/log/rotation.go imports pkg/io, creating circular dependency)
- Use stderr logging for security events in sandbox escape detection
- Remove unused sync/atomic import from core.go
- Fix duplicate LogSecurity function declarations in cli/log.go
- Update workspace/service.go Crypt() call to match interface

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: update tests for new function signatures and format code

- Update core_test.go: Config(), Display() now panic instead of returning error
- Update runtime_pkg_test.go: sr.Config() now panics instead of returning error
- Update MustServiceFor tests to use assert.Panics
- Format BugSETI, MCP tools, and webview packages with gofmt

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
Co-authored-by: Claude <developers@lethean.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 17:22:05 +00:00

284 lines
7.7 KiB
Go
Raw Blame History

// Package updater provides auto-update functionality for BugSETI.
package updater
import (
"fmt"
"os"
"os/exec"
"path/filepath"
"runtime"
"syscall"
)
// InstallResult contains the result of an installation.
type InstallResult struct {
Success bool `json:"success"`
OldPath string `json:"oldPath"`
NewPath string `json:"newPath"`
BackupPath string `json:"backupPath"`
RestartNeeded bool `json:"restartNeeded"`
Error string `json:"error,omitempty"`
}
// Installer handles installing updates and restarting the application.
type Installer struct {
executablePath string
}
// NewInstaller creates a new installer.
func NewInstaller() (*Installer, error) {
execPath, err := os.Executable()
if err != nil {
return nil, fmt.Errorf("failed to get executable path: %w", err)
}
// Resolve symlinks to get the real path
execPath, err = filepath.EvalSymlinks(execPath)
if err != nil {
return nil, fmt.Errorf("failed to resolve executable path: %w", err)
}
return &Installer{
executablePath: execPath,
}, nil
}
// Install replaces the current binary with the new one.
func (i *Installer) Install(newBinaryPath string) (*InstallResult, error) {
result := &InstallResult{
OldPath: i.executablePath,
NewPath: newBinaryPath,
RestartNeeded: true,
}
// Verify the new binary exists and is executable
if _, err := os.Stat(newBinaryPath); err != nil {
result.Error = fmt.Sprintf("new binary not found: %v", err)
return result, fmt.Errorf("new binary not found: %w", err)
}
// Create backup of current binary
backupPath := i.executablePath + ".bak"
result.BackupPath = backupPath
// Platform-specific installation
var err error
switch runtime.GOOS {
case "windows":
err = i.installWindows(newBinaryPath, backupPath)
default:
err = i.installUnix(newBinaryPath, backupPath)
}
if err != nil {
result.Error = err.Error()
return result, err
}
result.Success = true
return result, nil
}
// installUnix performs the installation on Unix-like systems.
func (i *Installer) installUnix(newBinaryPath, backupPath string) error {
// Remove old backup if exists
os.Remove(backupPath)
// Rename current binary to backup
if err := os.Rename(i.executablePath, backupPath); err != nil {
return fmt.Errorf("failed to backup current binary: %w", err)
}
// Copy new binary to target location
// We use copy instead of rename in case they're on different filesystems
if err := copyFile(newBinaryPath, i.executablePath); err != nil {
// Try to restore backup
os.Rename(backupPath, i.executablePath)
return fmt.Errorf("failed to install new binary: %w", err)
}
// Make executable
if err := os.Chmod(i.executablePath, 0755); err != nil {
// Try to restore backup
os.Remove(i.executablePath)
os.Rename(backupPath, i.executablePath)
return fmt.Errorf("failed to make binary executable: %w", err)
}
return nil
}
// installWindows performs the installation on Windows.
// On Windows, we can't replace a running executable, so we use a different approach:
// 1. Rename current executable to .old
// 2. Copy new executable to target location
// 3. On next start, clean up the .old file
func (i *Installer) installWindows(newBinaryPath, backupPath string) error {
// Remove old backup if exists
os.Remove(backupPath)
// On Windows, we can rename the running executable
if err := os.Rename(i.executablePath, backupPath); err != nil {
return fmt.Errorf("failed to backup current binary: %w", err)
}
// Copy new binary to target location
if err := copyFile(newBinaryPath, i.executablePath); err != nil {
// Try to restore backup
os.Rename(backupPath, i.executablePath)
return fmt.Errorf("failed to install new binary: %w", err)
}
return nil
}
// Restart restarts the application with the new binary.
func (i *Installer) Restart() error {
args := os.Args
env := os.Environ()
switch runtime.GOOS {
case "windows":
return i.restartWindows(args, env)
default:
return i.restartUnix(args, env)
}
}
// restartUnix restarts the application on Unix-like systems using exec.
func (i *Installer) restartUnix(args []string, env []string) error {
// Use syscall.Exec to replace the current process
// This is the cleanest way to restart on Unix
return syscall.Exec(i.executablePath, args, env)
}
// restartWindows restarts the application on Windows.
func (i *Installer) restartWindows(args []string, env []string) error {
// On Windows, we can't use exec to replace the process
// Instead, we start a new process and exit the current one
cmd := exec.Command(i.executablePath, args[1:]...)
cmd.Env = env
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
cmd.Stdin = os.Stdin
if err := cmd.Start(); err != nil {
return fmt.Errorf("failed to start new process: %w", err)
}
// Exit current process
os.Exit(0)
return nil // Never reached
}
// RestartLater schedules a restart for when the app next starts.
// This is useful when the user wants to continue working and restart later.
func (i *Installer) RestartLater() error {
// Create a marker file that indicates a restart is pending
markerPath := filepath.Join(filepath.Dir(i.executablePath), ".bugseti-restart-pending")
return os.WriteFile(markerPath, []byte("restart"), 0644)
}
// CheckPendingRestart checks if a restart was scheduled.
func (i *Installer) CheckPendingRestart() bool {
markerPath := filepath.Join(filepath.Dir(i.executablePath), ".bugseti-restart-pending")
_, err := os.Stat(markerPath)
return err == nil
}
// ClearPendingRestart clears the pending restart marker.
func (i *Installer) ClearPendingRestart() error {
markerPath := filepath.Join(filepath.Dir(i.executablePath), ".bugseti-restart-pending")
return os.Remove(markerPath)
}
// CleanupBackup removes the backup binary after a successful update.
func (i *Installer) CleanupBackup() error {
backupPath := i.executablePath + ".bak"
if _, err := os.Stat(backupPath); err == nil {
return os.Remove(backupPath)
}
return nil
}
// Rollback restores the previous version from backup.
func (i *Installer) Rollback() error {
backupPath := i.executablePath + ".bak"
// Check if backup exists
if _, err := os.Stat(backupPath); err != nil {
return fmt.Errorf("backup not found: %w", err)
}
// Remove current binary
if err := os.Remove(i.executablePath); err != nil {
return fmt.Errorf("failed to remove current binary: %w", err)
}
// Restore backup
if err := os.Rename(backupPath, i.executablePath); err != nil {
return fmt.Errorf("failed to restore backup: %w", err)
}
return nil
}
// GetExecutablePath returns the path to the current executable.
func (i *Installer) GetExecutablePath() string {
return i.executablePath
}
// copyFile copies a file from src to dst.
func copyFile(src, dst string) error {
sourceFile, err := os.Open(src)
if err != nil {
return err
}
defer sourceFile.Close()
// Get source file info for permissions
sourceInfo, err := sourceFile.Stat()
if err != nil {
return err
}
destFile, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, sourceInfo.Mode())
if err != nil {
return err
}
defer destFile.Close()
_, err = destFile.ReadFrom(sourceFile)
return err
}
// CanSelfUpdate checks if the application has permission to update itself.
func CanSelfUpdate() bool {
execPath, err := os.Executable()
if err != nil {
return false
}
execPath, err = filepath.EvalSymlinks(execPath)
if err != nil {
return false
}
// Check if we can write to the executable's directory
dir := filepath.Dir(execPath)
testFile := filepath.Join(dir, ".bugseti-update-test")
f, err := os.Create(testFile)
if err != nil {
return false
}
f.Close()
os.Remove(testFile)
return true
}
// NeedsElevation returns true if the update requires elevated privileges.
func NeedsElevation() bool {
return !CanSelfUpdate()
}
Reference in a new issue View git blame Copy permalink