feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336)
* feat: add security logging and fix framework regressions
This commit implements comprehensive security event logging and resolves critical regressions in the core framework.
Security Logging:
- Enhanced `pkg/log` with a `Security` level and helper.
- Added `log.Username()` to consistently identify the executing user.
- Instrumented GitHub CLI auth, Agentic configuration, filesystem sandbox, MCP handlers, and MCP TCP transport with security logs.
- Added `SecurityStyle` to the CLI for consistent visual representation of security events.
UniFi Security (CodeQL):
- Refactored `pkg/unifi` to remove hardcoded `InsecureSkipVerify`, resolving a high-severity alert.
- Added a `--verify-tls` flag and configuration option to control TLS verification.
- Updated command handlers to support the new verification parameter.
Framework Fixes:
- Restored original signatures for `MustServiceFor`, `Config()`, and `Display()` in `pkg/framework/core`, which had been corrupted during a merge.
- Fixed `pkg/framework/framework.go` and `pkg/framework/core/runtime_pkg.go` to match the restored signatures.
- These fixes resolve project-wide compilation errors caused by the signature mismatches.
I encountered significant blockers due to a corrupted state of the `dev` branch after a merge, which introduced breaking changes in the core framework's DI system. I had to manually reconcile these signatures with the expected usage across the codebase to restore build stability.
* feat(mcp): add RAG tools (query, ingest, collections)
Add vector database tools to the MCP server for RAG operations:
- rag_query: Search for relevant documentation using semantic similarity
- rag_ingest: Ingest files or directories into the vector database
- rag_collections: List available collections
Uses existing internal/cmd/rag exports (QueryDocs, IngestDirectory, IngestFile)
and pkg/rag for Qdrant client access. Default collection is "hostuk-docs"
with topK=5 for queries.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add metrics tools (record, query)
Add MCP tools for recording and querying AI/security metrics events.
The metrics_record tool writes events to daily JSONL files, and the
metrics_query tool provides aggregated statistics by type, repo, and agent.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add 'core mcp serve' command
Add CLI command to start the MCP server for AI tool integration.
- Create internal/cmd/mcpcmd package with serve subcommand
- Support --workspace flag for directory restriction
- Handle SIGINT/SIGTERM for clean shutdown
- Register in full.go build variant
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(ws): add WebSocket hub package for real-time streaming
Add pkg/ws package implementing a hub pattern for WebSocket connections:
- Hub manages client connections, broadcasts, and channel subscriptions
- Client struct represents connected WebSocket clients
- Message types: process_output, process_status, event, error, ping/pong
- Channel-based subscription system (subscribe/unsubscribe)
- SendProcessOutput and SendProcessStatus for process streaming integration
- Full test coverage including concurrency tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add process management and WebSocket MCP tools
Add MCP tools for process management:
- process_start: Start a new external process
- process_stop: Gracefully stop a running process
- process_kill: Force kill a process
- process_list: List all managed processes
- process_output: Get captured process output
- process_input: Send input to process stdin
Add MCP tools for WebSocket:
- ws_start: Start WebSocket server for real-time streaming
- ws_info: Get hub statistics (clients, channels)
Update Service struct with optional process.Service and ws.Hub fields,
new WithProcessService and WithWSHub options, getter methods, and
Shutdown method for cleanup.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(webview): add browser automation package via Chrome DevTools Protocol
Add pkg/webview package for browser automation:
- webview.go: Main interface with Connect, Navigate, Click, Type, QuerySelector, Screenshot, Evaluate
- cdp.go: Chrome DevTools Protocol WebSocket client implementation
- actions.go: DOM action types (Click, Type, Hover, Scroll, etc.) and ActionSequence builder
- console.go: Console message capture and filtering with ConsoleWatcher and ExceptionWatcher
- angular.go: Angular-specific helpers for router navigation, component access, and Zone.js stability
Add MCP tools for webview:
- webview_connect/disconnect: Connection management
- webview_navigate: Page navigation
- webview_click/type/query/wait: DOM interaction
- webview_console: Console output capture
- webview_eval: JavaScript execution
- webview_screenshot: Screenshot capture
Add documentation:
- docs/mcp/angular-testing.md: Guide for Angular application testing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: document new packages and BugSETI application
- Update CLAUDE.md with documentation for:
- pkg/ws (WebSocket hub for real-time streaming)
- pkg/webview (Browser automation via CDP)
- pkg/mcp (MCP server tools: process, ws, webview)
- BugSETI application overview
- Add comprehensive README for BugSETI with:
- Installation and configuration guide
- Usage workflow documentation
- Architecture overview
- Contributing guidelines
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bugseti): add BugSETI system tray app with auto-update
BugSETI - Distributed Bug Fixing like SETI@home but for code
Features:
- System tray app with Wails v3
- GitHub issue fetching with label filters
- Issue queue with priority management
- AI context seeding via seed-agent-developer skill
- Automated PR submission flow
- Stats tracking and leaderboard
- Cross-platform notifications
- Self-updating with stable/beta/nightly channels
Includes:
- cmd/bugseti: Main application with Angular frontend
- internal/bugseti: Core services (fetcher, queue, seeder, submit, config, stats, notify)
- internal/bugseti/updater: Auto-update system (checker, downloader, installer)
- .github/workflows/bugseti-release.yml: CI/CD for all platforms
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: resolve import cycle and code duplication
- Remove pkg/log import from pkg/io/local to break import cycle
(pkg/log/rotation.go imports pkg/io, creating circular dependency)
- Use stderr logging for security events in sandbox escape detection
- Remove unused sync/atomic import from core.go
- Fix duplicate LogSecurity function declarations in cli/log.go
- Update workspace/service.go Crypt() call to match interface
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: update tests for new function signatures and format code
- Update core_test.go: Config(), Display() now panic instead of returning error
- Update runtime_pkg_test.go: sr.Config() now panics instead of returning error
- Update MustServiceFor tests to use assert.Panics
- Format BugSETI, MCP tools, and webview packages with gofmt
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
Co-authored-by: Claude <developers@lethean.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 17:22:05 +00:00
|
|
|
package webview
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"encoding/json"
|
2026-02-24 15:38:38 +00:00
|
|
|
"errors"
|
feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336)
* feat: add security logging and fix framework regressions
This commit implements comprehensive security event logging and resolves critical regressions in the core framework.
Security Logging:
- Enhanced `pkg/log` with a `Security` level and helper.
- Added `log.Username()` to consistently identify the executing user.
- Instrumented GitHub CLI auth, Agentic configuration, filesystem sandbox, MCP handlers, and MCP TCP transport with security logs.
- Added `SecurityStyle` to the CLI for consistent visual representation of security events.
UniFi Security (CodeQL):
- Refactored `pkg/unifi` to remove hardcoded `InsecureSkipVerify`, resolving a high-severity alert.
- Added a `--verify-tls` flag and configuration option to control TLS verification.
- Updated command handlers to support the new verification parameter.
Framework Fixes:
- Restored original signatures for `MustServiceFor`, `Config()`, and `Display()` in `pkg/framework/core`, which had been corrupted during a merge.
- Fixed `pkg/framework/framework.go` and `pkg/framework/core/runtime_pkg.go` to match the restored signatures.
- These fixes resolve project-wide compilation errors caused by the signature mismatches.
I encountered significant blockers due to a corrupted state of the `dev` branch after a merge, which introduced breaking changes in the core framework's DI system. I had to manually reconcile these signatures with the expected usage across the codebase to restore build stability.
* feat(mcp): add RAG tools (query, ingest, collections)
Add vector database tools to the MCP server for RAG operations:
- rag_query: Search for relevant documentation using semantic similarity
- rag_ingest: Ingest files or directories into the vector database
- rag_collections: List available collections
Uses existing internal/cmd/rag exports (QueryDocs, IngestDirectory, IngestFile)
and pkg/rag for Qdrant client access. Default collection is "hostuk-docs"
with topK=5 for queries.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add metrics tools (record, query)
Add MCP tools for recording and querying AI/security metrics events.
The metrics_record tool writes events to daily JSONL files, and the
metrics_query tool provides aggregated statistics by type, repo, and agent.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add 'core mcp serve' command
Add CLI command to start the MCP server for AI tool integration.
- Create internal/cmd/mcpcmd package with serve subcommand
- Support --workspace flag for directory restriction
- Handle SIGINT/SIGTERM for clean shutdown
- Register in full.go build variant
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(ws): add WebSocket hub package for real-time streaming
Add pkg/ws package implementing a hub pattern for WebSocket connections:
- Hub manages client connections, broadcasts, and channel subscriptions
- Client struct represents connected WebSocket clients
- Message types: process_output, process_status, event, error, ping/pong
- Channel-based subscription system (subscribe/unsubscribe)
- SendProcessOutput and SendProcessStatus for process streaming integration
- Full test coverage including concurrency tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add process management and WebSocket MCP tools
Add MCP tools for process management:
- process_start: Start a new external process
- process_stop: Gracefully stop a running process
- process_kill: Force kill a process
- process_list: List all managed processes
- process_output: Get captured process output
- process_input: Send input to process stdin
Add MCP tools for WebSocket:
- ws_start: Start WebSocket server for real-time streaming
- ws_info: Get hub statistics (clients, channels)
Update Service struct with optional process.Service and ws.Hub fields,
new WithProcessService and WithWSHub options, getter methods, and
Shutdown method for cleanup.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(webview): add browser automation package via Chrome DevTools Protocol
Add pkg/webview package for browser automation:
- webview.go: Main interface with Connect, Navigate, Click, Type, QuerySelector, Screenshot, Evaluate
- cdp.go: Chrome DevTools Protocol WebSocket client implementation
- actions.go: DOM action types (Click, Type, Hover, Scroll, etc.) and ActionSequence builder
- console.go: Console message capture and filtering with ConsoleWatcher and ExceptionWatcher
- angular.go: Angular-specific helpers for router navigation, component access, and Zone.js stability
Add MCP tools for webview:
- webview_connect/disconnect: Connection management
- webview_navigate: Page navigation
- webview_click/type/query/wait: DOM interaction
- webview_console: Console output capture
- webview_eval: JavaScript execution
- webview_screenshot: Screenshot capture
Add documentation:
- docs/mcp/angular-testing.md: Guide for Angular application testing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: document new packages and BugSETI application
- Update CLAUDE.md with documentation for:
- pkg/ws (WebSocket hub for real-time streaming)
- pkg/webview (Browser automation via CDP)
- pkg/mcp (MCP server tools: process, ws, webview)
- BugSETI application overview
- Add comprehensive README for BugSETI with:
- Installation and configuration guide
- Usage workflow documentation
- Architecture overview
- Contributing guidelines
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bugseti): add BugSETI system tray app with auto-update
BugSETI - Distributed Bug Fixing like SETI@home but for code
Features:
- System tray app with Wails v3
- GitHub issue fetching with label filters
- Issue queue with priority management
- AI context seeding via seed-agent-developer skill
- Automated PR submission flow
- Stats tracking and leaderboard
- Cross-platform notifications
- Self-updating with stable/beta/nightly channels
Includes:
- cmd/bugseti: Main application with Angular frontend
- internal/bugseti: Core services (fetcher, queue, seeder, submit, config, stats, notify)
- internal/bugseti/updater: Auto-update system (checker, downloader, installer)
- .github/workflows/bugseti-release.yml: CI/CD for all platforms
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: resolve import cycle and code duplication
- Remove pkg/log import from pkg/io/local to break import cycle
(pkg/log/rotation.go imports pkg/io, creating circular dependency)
- Use stderr logging for security events in sandbox escape detection
- Remove unused sync/atomic import from core.go
- Fix duplicate LogSecurity function declarations in cli/log.go
- Update workspace/service.go Crypt() call to match interface
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: update tests for new function signatures and format code
- Update core_test.go: Config(), Display() now panic instead of returning error
- Update runtime_pkg_test.go: sr.Config() now panics instead of returning error
- Update MustServiceFor tests to use assert.Panics
- Format BugSETI, MCP tools, and webview packages with gofmt
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
Co-authored-by: Claude <developers@lethean.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 17:22:05 +00:00
|
|
|
"fmt"
|
|
|
|
|
"io"
|
|
|
|
|
"net/http"
|
|
|
|
|
"sync"
|
|
|
|
|
"sync/atomic"
|
|
|
|
|
|
|
|
|
|
"github.com/gorilla/websocket"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// CDPClient handles communication with Chrome DevTools Protocol via WebSocket.
|
|
|
|
|
type CDPClient struct {
|
|
|
|
|
mu sync.RWMutex
|
|
|
|
|
conn *websocket.Conn
|
|
|
|
|
debugURL string
|
|
|
|
|
wsURL string
|
|
|
|
|
|
|
|
|
|
// Message tracking
|
|
|
|
|
msgID atomic.Int64
|
|
|
|
|
pending map[int64]chan *cdpResponse
|
|
|
|
|
pendMu sync.Mutex
|
|
|
|
|
|
|
|
|
|
// Event handlers
|
|
|
|
|
handlers map[string][]func(map[string]any)
|
|
|
|
|
handMu sync.RWMutex
|
|
|
|
|
|
|
|
|
|
// Lifecycle
|
|
|
|
|
ctx context.Context
|
|
|
|
|
cancel context.CancelFunc
|
|
|
|
|
done chan struct{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// cdpMessage represents a CDP protocol message.
|
|
|
|
|
type cdpMessage struct {
|
|
|
|
|
ID int64 `json:"id,omitempty"`
|
|
|
|
|
Method string `json:"method"`
|
|
|
|
|
Params map[string]any `json:"params,omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// cdpResponse represents a CDP protocol response.
|
|
|
|
|
type cdpResponse struct {
|
|
|
|
|
ID int64 `json:"id"`
|
|
|
|
|
Result map[string]any `json:"result,omitempty"`
|
|
|
|
|
Error *cdpError `json:"error,omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// cdpEvent represents a CDP event.
|
|
|
|
|
type cdpEvent struct {
|
|
|
|
|
Method string `json:"method"`
|
|
|
|
|
Params map[string]any `json:"params,omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// cdpError represents a CDP error.
|
|
|
|
|
type cdpError struct {
|
|
|
|
|
Code int `json:"code"`
|
|
|
|
|
Message string `json:"message"`
|
|
|
|
|
Data string `json:"data,omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// targetInfo represents Chrome DevTools target information.
|
|
|
|
|
type targetInfo struct {
|
|
|
|
|
ID string `json:"id"`
|
|
|
|
|
Type string `json:"type"`
|
|
|
|
|
Title string `json:"title"`
|
|
|
|
|
URL string `json:"url"`
|
|
|
|
|
WebSocketDebuggerURL string `json:"webSocketDebuggerUrl"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewCDPClient creates a new CDP client connected to the given debug URL.
|
|
|
|
|
// The debug URL should be the Chrome DevTools HTTP endpoint (e.g., http://localhost:9222).
|
|
|
|
|
func NewCDPClient(debugURL string) (*CDPClient, error) {
|
|
|
|
|
// Get available targets
|
|
|
|
|
resp, err := http.Get(debugURL + "/json")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to get targets: %w", err)
|
|
|
|
|
}
|
|
|
|
|
defer func() { _ = resp.Body.Close() }()
|
|
|
|
|
|
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to read targets: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var targets []targetInfo
|
|
|
|
|
if err := json.Unmarshal(body, &targets); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to parse targets: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Find a page target
|
|
|
|
|
var wsURL string
|
|
|
|
|
for _, t := range targets {
|
|
|
|
|
if t.Type == "page" && t.WebSocketDebuggerURL != "" {
|
|
|
|
|
wsURL = t.WebSocketDebuggerURL
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if wsURL == "" {
|
|
|
|
|
// Try to create a new target
|
|
|
|
|
resp, err := http.Get(debugURL + "/json/new")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("no page targets found and failed to create new: %w", err)
|
|
|
|
|
}
|
|
|
|
|
defer func() { _ = resp.Body.Close() }()
|
|
|
|
|
|
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to read new target: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var newTarget targetInfo
|
|
|
|
|
if err := json.Unmarshal(body, &newTarget); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to parse new target: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
wsURL = newTarget.WebSocketDebuggerURL
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if wsURL == "" {
|
2026-02-24 15:38:38 +00:00
|
|
|
return nil, errors.New("no WebSocket URL available")
|
feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336)
* feat: add security logging and fix framework regressions
This commit implements comprehensive security event logging and resolves critical regressions in the core framework.
Security Logging:
- Enhanced `pkg/log` with a `Security` level and helper.
- Added `log.Username()` to consistently identify the executing user.
- Instrumented GitHub CLI auth, Agentic configuration, filesystem sandbox, MCP handlers, and MCP TCP transport with security logs.
- Added `SecurityStyle` to the CLI for consistent visual representation of security events.
UniFi Security (CodeQL):
- Refactored `pkg/unifi` to remove hardcoded `InsecureSkipVerify`, resolving a high-severity alert.
- Added a `--verify-tls` flag and configuration option to control TLS verification.
- Updated command handlers to support the new verification parameter.
Framework Fixes:
- Restored original signatures for `MustServiceFor`, `Config()`, and `Display()` in `pkg/framework/core`, which had been corrupted during a merge.
- Fixed `pkg/framework/framework.go` and `pkg/framework/core/runtime_pkg.go` to match the restored signatures.
- These fixes resolve project-wide compilation errors caused by the signature mismatches.
I encountered significant blockers due to a corrupted state of the `dev` branch after a merge, which introduced breaking changes in the core framework's DI system. I had to manually reconcile these signatures with the expected usage across the codebase to restore build stability.
* feat(mcp): add RAG tools (query, ingest, collections)
Add vector database tools to the MCP server for RAG operations:
- rag_query: Search for relevant documentation using semantic similarity
- rag_ingest: Ingest files or directories into the vector database
- rag_collections: List available collections
Uses existing internal/cmd/rag exports (QueryDocs, IngestDirectory, IngestFile)
and pkg/rag for Qdrant client access. Default collection is "hostuk-docs"
with topK=5 for queries.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add metrics tools (record, query)
Add MCP tools for recording and querying AI/security metrics events.
The metrics_record tool writes events to daily JSONL files, and the
metrics_query tool provides aggregated statistics by type, repo, and agent.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add 'core mcp serve' command
Add CLI command to start the MCP server for AI tool integration.
- Create internal/cmd/mcpcmd package with serve subcommand
- Support --workspace flag for directory restriction
- Handle SIGINT/SIGTERM for clean shutdown
- Register in full.go build variant
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(ws): add WebSocket hub package for real-time streaming
Add pkg/ws package implementing a hub pattern for WebSocket connections:
- Hub manages client connections, broadcasts, and channel subscriptions
- Client struct represents connected WebSocket clients
- Message types: process_output, process_status, event, error, ping/pong
- Channel-based subscription system (subscribe/unsubscribe)
- SendProcessOutput and SendProcessStatus for process streaming integration
- Full test coverage including concurrency tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add process management and WebSocket MCP tools
Add MCP tools for process management:
- process_start: Start a new external process
- process_stop: Gracefully stop a running process
- process_kill: Force kill a process
- process_list: List all managed processes
- process_output: Get captured process output
- process_input: Send input to process stdin
Add MCP tools for WebSocket:
- ws_start: Start WebSocket server for real-time streaming
- ws_info: Get hub statistics (clients, channels)
Update Service struct with optional process.Service and ws.Hub fields,
new WithProcessService and WithWSHub options, getter methods, and
Shutdown method for cleanup.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(webview): add browser automation package via Chrome DevTools Protocol
Add pkg/webview package for browser automation:
- webview.go: Main interface with Connect, Navigate, Click, Type, QuerySelector, Screenshot, Evaluate
- cdp.go: Chrome DevTools Protocol WebSocket client implementation
- actions.go: DOM action types (Click, Type, Hover, Scroll, etc.) and ActionSequence builder
- console.go: Console message capture and filtering with ConsoleWatcher and ExceptionWatcher
- angular.go: Angular-specific helpers for router navigation, component access, and Zone.js stability
Add MCP tools for webview:
- webview_connect/disconnect: Connection management
- webview_navigate: Page navigation
- webview_click/type/query/wait: DOM interaction
- webview_console: Console output capture
- webview_eval: JavaScript execution
- webview_screenshot: Screenshot capture
Add documentation:
- docs/mcp/angular-testing.md: Guide for Angular application testing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: document new packages and BugSETI application
- Update CLAUDE.md with documentation for:
- pkg/ws (WebSocket hub for real-time streaming)
- pkg/webview (Browser automation via CDP)
- pkg/mcp (MCP server tools: process, ws, webview)
- BugSETI application overview
- Add comprehensive README for BugSETI with:
- Installation and configuration guide
- Usage workflow documentation
- Architecture overview
- Contributing guidelines
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bugseti): add BugSETI system tray app with auto-update
BugSETI - Distributed Bug Fixing like SETI@home but for code
Features:
- System tray app with Wails v3
- GitHub issue fetching with label filters
- Issue queue with priority management
- AI context seeding via seed-agent-developer skill
- Automated PR submission flow
- Stats tracking and leaderboard
- Cross-platform notifications
- Self-updating with stable/beta/nightly channels
Includes:
- cmd/bugseti: Main application with Angular frontend
- internal/bugseti: Core services (fetcher, queue, seeder, submit, config, stats, notify)
- internal/bugseti/updater: Auto-update system (checker, downloader, installer)
- .github/workflows/bugseti-release.yml: CI/CD for all platforms
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: resolve import cycle and code duplication
- Remove pkg/log import from pkg/io/local to break import cycle
(pkg/log/rotation.go imports pkg/io, creating circular dependency)
- Use stderr logging for security events in sandbox escape detection
- Remove unused sync/atomic import from core.go
- Fix duplicate LogSecurity function declarations in cli/log.go
- Update workspace/service.go Crypt() call to match interface
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: update tests for new function signatures and format code
- Update core_test.go: Config(), Display() now panic instead of returning error
- Update runtime_pkg_test.go: sr.Config() now panics instead of returning error
- Update MustServiceFor tests to use assert.Panics
- Format BugSETI, MCP tools, and webview packages with gofmt
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
Co-authored-by: Claude <developers@lethean.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 17:22:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Connect to WebSocket
|
|
|
|
|
conn, _, err := websocket.DefaultDialer.Dial(wsURL, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to connect to WebSocket: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
|
|
|
|
|
|
client := &CDPClient{
|
|
|
|
|
conn: conn,
|
|
|
|
|
debugURL: debugURL,
|
|
|
|
|
wsURL: wsURL,
|
|
|
|
|
pending: make(map[int64]chan *cdpResponse),
|
|
|
|
|
handlers: make(map[string][]func(map[string]any)),
|
|
|
|
|
ctx: ctx,
|
|
|
|
|
cancel: cancel,
|
|
|
|
|
done: make(chan struct{}),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Start message reader
|
|
|
|
|
go client.readLoop()
|
|
|
|
|
|
|
|
|
|
return client, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Close closes the CDP connection.
|
|
|
|
|
func (c *CDPClient) Close() error {
|
|
|
|
|
c.cancel()
|
|
|
|
|
<-c.done // Wait for read loop to finish
|
|
|
|
|
return c.conn.Close()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Call sends a CDP method call and waits for the response.
|
|
|
|
|
func (c *CDPClient) Call(ctx context.Context, method string, params map[string]any) (map[string]any, error) {
|
|
|
|
|
id := c.msgID.Add(1)
|
|
|
|
|
|
|
|
|
|
msg := cdpMessage{
|
|
|
|
|
ID: id,
|
|
|
|
|
Method: method,
|
|
|
|
|
Params: params,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Register response channel
|
|
|
|
|
respCh := make(chan *cdpResponse, 1)
|
|
|
|
|
c.pendMu.Lock()
|
|
|
|
|
c.pending[id] = respCh
|
|
|
|
|
c.pendMu.Unlock()
|
|
|
|
|
|
|
|
|
|
defer func() {
|
|
|
|
|
c.pendMu.Lock()
|
|
|
|
|
delete(c.pending, id)
|
|
|
|
|
c.pendMu.Unlock()
|
|
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
// Send message
|
|
|
|
|
c.mu.Lock()
|
|
|
|
|
err := c.conn.WriteJSON(msg)
|
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to send message: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait for response
|
|
|
|
|
select {
|
|
|
|
|
case <-ctx.Done():
|
|
|
|
|
return nil, ctx.Err()
|
|
|
|
|
case resp := <-respCh:
|
|
|
|
|
if resp.Error != nil {
|
|
|
|
|
return nil, fmt.Errorf("CDP error %d: %s", resp.Error.Code, resp.Error.Message)
|
|
|
|
|
}
|
|
|
|
|
return resp.Result, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// OnEvent registers a handler for CDP events.
|
|
|
|
|
func (c *CDPClient) OnEvent(method string, handler func(map[string]any)) {
|
|
|
|
|
c.handMu.Lock()
|
|
|
|
|
defer c.handMu.Unlock()
|
|
|
|
|
c.handlers[method] = append(c.handlers[method], handler)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// readLoop reads messages from the WebSocket connection.
|
|
|
|
|
func (c *CDPClient) readLoop() {
|
|
|
|
|
defer close(c.done)
|
|
|
|
|
|
|
|
|
|
for {
|
|
|
|
|
select {
|
|
|
|
|
case <-c.ctx.Done():
|
|
|
|
|
return
|
|
|
|
|
default:
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, data, err := c.conn.ReadMessage()
|
|
|
|
|
if err != nil {
|
|
|
|
|
// Check if context was cancelled
|
|
|
|
|
select {
|
|
|
|
|
case <-c.ctx.Done():
|
|
|
|
|
return
|
|
|
|
|
default:
|
|
|
|
|
// Log error but continue (could be temporary)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Try to parse as response
|
|
|
|
|
var resp cdpResponse
|
|
|
|
|
if err := json.Unmarshal(data, &resp); err == nil && resp.ID > 0 {
|
|
|
|
|
c.pendMu.Lock()
|
|
|
|
|
if ch, ok := c.pending[resp.ID]; ok {
|
|
|
|
|
respCopy := resp
|
|
|
|
|
ch <- &respCopy
|
|
|
|
|
}
|
|
|
|
|
c.pendMu.Unlock()
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Try to parse as event
|
|
|
|
|
var event cdpEvent
|
|
|
|
|
if err := json.Unmarshal(data, &event); err == nil && event.Method != "" {
|
|
|
|
|
c.dispatchEvent(event.Method, event.Params)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// dispatchEvent dispatches an event to registered handlers.
|
|
|
|
|
func (c *CDPClient) dispatchEvent(method string, params map[string]any) {
|
|
|
|
|
c.handMu.RLock()
|
|
|
|
|
handlers := c.handlers[method]
|
|
|
|
|
c.handMu.RUnlock()
|
|
|
|
|
|
|
|
|
|
for _, handler := range handlers {
|
|
|
|
|
// Call handler in goroutine to avoid blocking
|
|
|
|
|
go handler(params)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Send sends a fire-and-forget CDP message (no response expected).
|
|
|
|
|
func (c *CDPClient) Send(method string, params map[string]any) error {
|
|
|
|
|
msg := cdpMessage{
|
|
|
|
|
Method: method,
|
|
|
|
|
Params: params,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.mu.Lock()
|
|
|
|
|
defer c.mu.Unlock()
|
|
|
|
|
return c.conn.WriteJSON(msg)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DebugURL returns the debug HTTP URL.
|
|
|
|
|
func (c *CDPClient) DebugURL() string {
|
|
|
|
|
return c.debugURL
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// WebSocketURL returns the WebSocket URL being used.
|
|
|
|
|
func (c *CDPClient) WebSocketURL() string {
|
|
|
|
|
return c.wsURL
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewTab creates a new browser tab and returns a new CDPClient connected to it.
|
|
|
|
|
func (c *CDPClient) NewTab(url string) (*CDPClient, error) {
|
|
|
|
|
endpoint := c.debugURL + "/json/new"
|
|
|
|
|
if url != "" {
|
|
|
|
|
endpoint += "?" + url
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resp, err := http.Get(endpoint)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to create new tab: %w", err)
|
|
|
|
|
}
|
|
|
|
|
defer func() { _ = resp.Body.Close() }()
|
|
|
|
|
|
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to read response: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var target targetInfo
|
|
|
|
|
if err := json.Unmarshal(body, &target); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to parse target: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if target.WebSocketDebuggerURL == "" {
|
2026-02-24 15:38:38 +00:00
|
|
|
return nil, errors.New("no WebSocket URL for new tab")
|
feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336)
* feat: add security logging and fix framework regressions
This commit implements comprehensive security event logging and resolves critical regressions in the core framework.
Security Logging:
- Enhanced `pkg/log` with a `Security` level and helper.
- Added `log.Username()` to consistently identify the executing user.
- Instrumented GitHub CLI auth, Agentic configuration, filesystem sandbox, MCP handlers, and MCP TCP transport with security logs.
- Added `SecurityStyle` to the CLI for consistent visual representation of security events.
UniFi Security (CodeQL):
- Refactored `pkg/unifi` to remove hardcoded `InsecureSkipVerify`, resolving a high-severity alert.
- Added a `--verify-tls` flag and configuration option to control TLS verification.
- Updated command handlers to support the new verification parameter.
Framework Fixes:
- Restored original signatures for `MustServiceFor`, `Config()`, and `Display()` in `pkg/framework/core`, which had been corrupted during a merge.
- Fixed `pkg/framework/framework.go` and `pkg/framework/core/runtime_pkg.go` to match the restored signatures.
- These fixes resolve project-wide compilation errors caused by the signature mismatches.
I encountered significant blockers due to a corrupted state of the `dev` branch after a merge, which introduced breaking changes in the core framework's DI system. I had to manually reconcile these signatures with the expected usage across the codebase to restore build stability.
* feat(mcp): add RAG tools (query, ingest, collections)
Add vector database tools to the MCP server for RAG operations:
- rag_query: Search for relevant documentation using semantic similarity
- rag_ingest: Ingest files or directories into the vector database
- rag_collections: List available collections
Uses existing internal/cmd/rag exports (QueryDocs, IngestDirectory, IngestFile)
and pkg/rag for Qdrant client access. Default collection is "hostuk-docs"
with topK=5 for queries.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add metrics tools (record, query)
Add MCP tools for recording and querying AI/security metrics events.
The metrics_record tool writes events to daily JSONL files, and the
metrics_query tool provides aggregated statistics by type, repo, and agent.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add 'core mcp serve' command
Add CLI command to start the MCP server for AI tool integration.
- Create internal/cmd/mcpcmd package with serve subcommand
- Support --workspace flag for directory restriction
- Handle SIGINT/SIGTERM for clean shutdown
- Register in full.go build variant
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(ws): add WebSocket hub package for real-time streaming
Add pkg/ws package implementing a hub pattern for WebSocket connections:
- Hub manages client connections, broadcasts, and channel subscriptions
- Client struct represents connected WebSocket clients
- Message types: process_output, process_status, event, error, ping/pong
- Channel-based subscription system (subscribe/unsubscribe)
- SendProcessOutput and SendProcessStatus for process streaming integration
- Full test coverage including concurrency tests
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add process management and WebSocket MCP tools
Add MCP tools for process management:
- process_start: Start a new external process
- process_stop: Gracefully stop a running process
- process_kill: Force kill a process
- process_list: List all managed processes
- process_output: Get captured process output
- process_input: Send input to process stdin
Add MCP tools for WebSocket:
- ws_start: Start WebSocket server for real-time streaming
- ws_info: Get hub statistics (clients, channels)
Update Service struct with optional process.Service and ws.Hub fields,
new WithProcessService and WithWSHub options, getter methods, and
Shutdown method for cleanup.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(webview): add browser automation package via Chrome DevTools Protocol
Add pkg/webview package for browser automation:
- webview.go: Main interface with Connect, Navigate, Click, Type, QuerySelector, Screenshot, Evaluate
- cdp.go: Chrome DevTools Protocol WebSocket client implementation
- actions.go: DOM action types (Click, Type, Hover, Scroll, etc.) and ActionSequence builder
- console.go: Console message capture and filtering with ConsoleWatcher and ExceptionWatcher
- angular.go: Angular-specific helpers for router navigation, component access, and Zone.js stability
Add MCP tools for webview:
- webview_connect/disconnect: Connection management
- webview_navigate: Page navigation
- webview_click/type/query/wait: DOM interaction
- webview_console: Console output capture
- webview_eval: JavaScript execution
- webview_screenshot: Screenshot capture
Add documentation:
- docs/mcp/angular-testing.md: Guide for Angular application testing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: document new packages and BugSETI application
- Update CLAUDE.md with documentation for:
- pkg/ws (WebSocket hub for real-time streaming)
- pkg/webview (Browser automation via CDP)
- pkg/mcp (MCP server tools: process, ws, webview)
- BugSETI application overview
- Add comprehensive README for BugSETI with:
- Installation and configuration guide
- Usage workflow documentation
- Architecture overview
- Contributing guidelines
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(bugseti): add BugSETI system tray app with auto-update
BugSETI - Distributed Bug Fixing like SETI@home but for code
Features:
- System tray app with Wails v3
- GitHub issue fetching with label filters
- Issue queue with priority management
- AI context seeding via seed-agent-developer skill
- Automated PR submission flow
- Stats tracking and leaderboard
- Cross-platform notifications
- Self-updating with stable/beta/nightly channels
Includes:
- cmd/bugseti: Main application with Angular frontend
- internal/bugseti: Core services (fetcher, queue, seeder, submit, config, stats, notify)
- internal/bugseti/updater: Auto-update system (checker, downloader, installer)
- .github/workflows/bugseti-release.yml: CI/CD for all platforms
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: resolve import cycle and code duplication
- Remove pkg/log import from pkg/io/local to break import cycle
(pkg/log/rotation.go imports pkg/io, creating circular dependency)
- Use stderr logging for security events in sandbox escape detection
- Remove unused sync/atomic import from core.go
- Fix duplicate LogSecurity function declarations in cli/log.go
- Update workspace/service.go Crypt() call to match interface
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: update tests for new function signatures and format code
- Update core_test.go: Config(), Display() now panic instead of returning error
- Update runtime_pkg_test.go: sr.Config() now panics instead of returning error
- Update MustServiceFor tests to use assert.Panics
- Format BugSETI, MCP tools, and webview packages with gofmt
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
Co-authored-by: Claude <developers@lethean.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 17:22:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Connect to new tab
|
|
|
|
|
conn, _, err := websocket.DefaultDialer.Dial(target.WebSocketDebuggerURL, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to connect to new tab: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
|
|
|
|
|
|
client := &CDPClient{
|
|
|
|
|
conn: conn,
|
|
|
|
|
debugURL: c.debugURL,
|
|
|
|
|
wsURL: target.WebSocketDebuggerURL,
|
|
|
|
|
pending: make(map[int64]chan *cdpResponse),
|
|
|
|
|
handlers: make(map[string][]func(map[string]any)),
|
|
|
|
|
ctx: ctx,
|
|
|
|
|
cancel: cancel,
|
|
|
|
|
done: make(chan struct{}),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
go client.readLoop()
|
|
|
|
|
|
|
|
|
|
return client, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CloseTab closes the current tab (target).
|
|
|
|
|
func (c *CDPClient) CloseTab() error {
|
|
|
|
|
// Extract target ID from WebSocket URL
|
|
|
|
|
// Format: ws://host:port/devtools/page/TARGET_ID
|
|
|
|
|
// We'll use the Browser.close target API
|
|
|
|
|
|
|
|
|
|
ctx := context.Background()
|
|
|
|
|
_, err := c.Call(ctx, "Browser.close", nil)
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ListTargets returns all available targets.
|
|
|
|
|
func ListTargets(debugURL string) ([]targetInfo, error) {
|
|
|
|
|
resp, err := http.Get(debugURL + "/json")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to get targets: %w", err)
|
|
|
|
|
}
|
|
|
|
|
defer func() { _ = resp.Body.Close() }()
|
|
|
|
|
|
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to read targets: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var targets []targetInfo
|
|
|
|
|
if err := json.Unmarshal(body, &targets); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to parse targets: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return targets, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetVersion returns Chrome version information.
|
|
|
|
|
func GetVersion(debugURL string) (map[string]string, error) {
|
|
|
|
|
resp, err := http.Get(debugURL + "/json/version")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to get version: %w", err)
|
|
|
|
|
}
|
|
|
|
|
defer func() { _ = resp.Body.Close() }()
|
|
|
|
|
|
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to read version: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var version map[string]string
|
|
|
|
|
if err := json.Unmarshal(body, &version); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to parse version: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return version, nil
|
|
|
|
|
}
|