27f8632867
* feat: add security logging and fix framework regressions This commit implements comprehensive security event logging and resolves critical regressions in the core framework. Security Logging: - Enhanced `pkg/log` with a `Security` level and helper. - Added `log.Username()` to consistently identify the executing user. - Instrumented GitHub CLI auth, Agentic configuration, filesystem sandbox, MCP handlers, and MCP TCP transport with security logs. - Added `SecurityStyle` to the CLI for consistent visual representation of security events. UniFi Security (CodeQL): - Refactored `pkg/unifi` to remove hardcoded `InsecureSkipVerify`, resolving a high-severity alert. - Added a `--verify-tls` flag and configuration option to control TLS verification. - Updated command handlers to support the new verification parameter. Framework Fixes: - Restored original signatures for `MustServiceFor`, `Config()`, and `Display()` in `pkg/framework/core`, which had been corrupted during a merge. - Fixed `pkg/framework/framework.go` and `pkg/framework/core/runtime_pkg.go` to match the restored signatures. - These fixes resolve project-wide compilation errors caused by the signature mismatches. I encountered significant blockers due to a corrupted state of the `dev` branch after a merge, which introduced breaking changes in the core framework's DI system. I had to manually reconcile these signatures with the expected usage across the codebase to restore build stability. * feat(mcp): add RAG tools (query, ingest, collections) Add vector database tools to the MCP server for RAG operations: - rag_query: Search for relevant documentation using semantic similarity - rag_ingest: Ingest files or directories into the vector database - rag_collections: List available collections Uses existing internal/cmd/rag exports (QueryDocs, IngestDirectory, IngestFile) and pkg/rag for Qdrant client access. Default collection is "hostuk-docs" with topK=5 for queries. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(mcp): add metrics tools (record, query) Add MCP tools for recording and querying AI/security metrics events. The metrics_record tool writes events to daily JSONL files, and the metrics_query tool provides aggregated statistics by type, repo, and agent. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: add 'core mcp serve' command Add CLI command to start the MCP server for AI tool integration. - Create internal/cmd/mcpcmd package with serve subcommand - Support --workspace flag for directory restriction - Handle SIGINT/SIGTERM for clean shutdown - Register in full.go build variant Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(ws): add WebSocket hub package for real-time streaming Add pkg/ws package implementing a hub pattern for WebSocket connections: - Hub manages client connections, broadcasts, and channel subscriptions - Client struct represents connected WebSocket clients - Message types: process_output, process_status, event, error, ping/pong - Channel-based subscription system (subscribe/unsubscribe) - SendProcessOutput and SendProcessStatus for process streaming integration - Full test coverage including concurrency tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(mcp): add process management and WebSocket MCP tools Add MCP tools for process management: - process_start: Start a new external process - process_stop: Gracefully stop a running process - process_kill: Force kill a process - process_list: List all managed processes - process_output: Get captured process output - process_input: Send input to process stdin Add MCP tools for WebSocket: - ws_start: Start WebSocket server for real-time streaming - ws_info: Get hub statistics (clients, channels) Update Service struct with optional process.Service and ws.Hub fields, new WithProcessService and WithWSHub options, getter methods, and Shutdown method for cleanup. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(webview): add browser automation package via Chrome DevTools Protocol Add pkg/webview package for browser automation: - webview.go: Main interface with Connect, Navigate, Click, Type, QuerySelector, Screenshot, Evaluate - cdp.go: Chrome DevTools Protocol WebSocket client implementation - actions.go: DOM action types (Click, Type, Hover, Scroll, etc.) and ActionSequence builder - console.go: Console message capture and filtering with ConsoleWatcher and ExceptionWatcher - angular.go: Angular-specific helpers for router navigation, component access, and Zone.js stability Add MCP tools for webview: - webview_connect/disconnect: Connection management - webview_navigate: Page navigation - webview_click/type/query/wait: DOM interaction - webview_console: Console output capture - webview_eval: JavaScript execution - webview_screenshot: Screenshot capture Add documentation: - docs/mcp/angular-testing.md: Guide for Angular application testing Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: document new packages and BugSETI application - Update CLAUDE.md with documentation for: - pkg/ws (WebSocket hub for real-time streaming) - pkg/webview (Browser automation via CDP) - pkg/mcp (MCP server tools: process, ws, webview) - BugSETI application overview - Add comprehensive README for BugSETI with: - Installation and configuration guide - Usage workflow documentation - Architecture overview - Contributing guidelines Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(bugseti): add BugSETI system tray app with auto-update BugSETI - Distributed Bug Fixing like SETI@home but for code Features: - System tray app with Wails v3 - GitHub issue fetching with label filters - Issue queue with priority management - AI context seeding via seed-agent-developer skill - Automated PR submission flow - Stats tracking and leaderboard - Cross-platform notifications - Self-updating with stable/beta/nightly channels Includes: - cmd/bugseti: Main application with Angular frontend - internal/bugseti: Core services (fetcher, queue, seeder, submit, config, stats, notify) - internal/bugseti/updater: Auto-update system (checker, downloader, installer) - .github/workflows/bugseti-release.yml: CI/CD for all platforms Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: resolve import cycle and code duplication - Remove pkg/log import from pkg/io/local to break import cycle (pkg/log/rotation.go imports pkg/io, creating circular dependency) - Use stderr logging for security events in sandbox escape detection - Remove unused sync/atomic import from core.go - Fix duplicate LogSecurity function declarations in cli/log.go - Update workspace/service.go Crypt() call to match interface Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: update tests for new function signatures and format code - Update core_test.go: Config(), Display() now panic instead of returning error - Update runtime_pkg_test.go: sr.Config() now panics instead of returning error - Update MustServiceFor tests to use assert.Panics - Format BugSETI, MCP tools, and webview packages with gofmt Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Snider <631881+Snider@users.noreply.github.com> Co-authored-by: Claude <developers@lethean.io> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
314 lines
7.5 KiB
Go
314 lines
7.5 KiB
Go
// Package log provides structured logging for Core applications.
|
|
//
|
|
// The package works standalone or integrated with the Core framework:
|
|
//
|
|
// // Standalone usage
|
|
// log.SetLevel(log.LevelDebug)
|
|
// log.Info("server started", "port", 8080)
|
|
// log.Error("failed to connect", "err", err)
|
|
//
|
|
// // With Core framework
|
|
// core.New(
|
|
// framework.WithName("log", log.NewService(log.Options{Level: log.LevelInfo})),
|
|
// )
|
|
package log
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"os/user"
|
|
"sync"
|
|
"time"
|
|
)
|
|
|
|
// Level defines logging verbosity.
|
|
type Level int
|
|
|
|
// Logging level constants ordered by increasing verbosity.
|
|
const (
|
|
// LevelQuiet suppresses all log output.
|
|
LevelQuiet Level = iota
|
|
// LevelError shows only error messages.
|
|
LevelError
|
|
// LevelWarn shows warnings and errors.
|
|
LevelWarn
|
|
// LevelInfo shows informational messages, warnings, and errors.
|
|
LevelInfo
|
|
// LevelDebug shows all messages including debug details.
|
|
LevelDebug
|
|
)
|
|
|
|
// String returns the level name.
|
|
func (l Level) String() string {
|
|
switch l {
|
|
case LevelQuiet:
|
|
return "quiet"
|
|
case LevelError:
|
|
return "error"
|
|
case LevelWarn:
|
|
return "warn"
|
|
case LevelInfo:
|
|
return "info"
|
|
case LevelDebug:
|
|
return "debug"
|
|
default:
|
|
return "unknown"
|
|
}
|
|
}
|
|
|
|
// Logger provides structured logging.
|
|
type Logger struct {
|
|
mu sync.RWMutex
|
|
level Level
|
|
output io.Writer
|
|
|
|
// Style functions for formatting (can be overridden)
|
|
StyleTimestamp func(string) string
|
|
StyleDebug func(string) string
|
|
StyleInfo func(string) string
|
|
StyleWarn func(string) string
|
|
StyleError func(string) string
|
|
StyleSecurity func(string) string
|
|
}
|
|
|
|
// RotationOptions defines the log rotation and retention policy.
|
|
type RotationOptions struct {
|
|
// Filename is the log file path. If empty, rotation is disabled.
|
|
Filename string
|
|
|
|
// MaxSize is the maximum size of the log file in megabytes before it gets rotated.
|
|
// It defaults to 100 megabytes.
|
|
MaxSize int
|
|
|
|
// MaxAge is the maximum number of days to retain old log files based on their
|
|
// file modification time. It defaults to 28 days.
|
|
// Note: set to a negative value to disable age-based retention.
|
|
MaxAge int
|
|
|
|
// MaxBackups is the maximum number of old log files to retain.
|
|
// It defaults to 5 backups.
|
|
MaxBackups int
|
|
|
|
// Compress determines if the rotated log files should be compressed using gzip.
|
|
// It defaults to true.
|
|
Compress bool
|
|
}
|
|
|
|
// Options configures a Logger.
|
|
type Options struct {
|
|
Level Level
|
|
// Output is the destination for log messages. If Rotation is provided,
|
|
// Output is ignored and logs are written to the rotating file instead.
|
|
Output io.Writer
|
|
// Rotation enables log rotation to file. If provided, Filename must be set.
|
|
Rotation *RotationOptions
|
|
}
|
|
|
|
// New creates a new Logger with the given options.
|
|
func New(opts Options) *Logger {
|
|
output := opts.Output
|
|
if opts.Rotation != nil && opts.Rotation.Filename != "" {
|
|
output = NewRotatingWriter(*opts.Rotation, nil)
|
|
}
|
|
if output == nil {
|
|
output = os.Stderr
|
|
}
|
|
|
|
return &Logger{
|
|
level: opts.Level,
|
|
output: output,
|
|
StyleTimestamp: identity,
|
|
StyleDebug: identity,
|
|
StyleInfo: identity,
|
|
StyleWarn: identity,
|
|
StyleError: identity,
|
|
StyleSecurity: identity,
|
|
}
|
|
}
|
|
|
|
func identity(s string) string { return s }
|
|
|
|
// SetLevel changes the log level.
|
|
func (l *Logger) SetLevel(level Level) {
|
|
l.mu.Lock()
|
|
l.level = level
|
|
l.mu.Unlock()
|
|
}
|
|
|
|
// Level returns the current log level.
|
|
func (l *Logger) Level() Level {
|
|
l.mu.RLock()
|
|
defer l.mu.RUnlock()
|
|
return l.level
|
|
}
|
|
|
|
// SetOutput changes the output writer.
|
|
func (l *Logger) SetOutput(w io.Writer) {
|
|
l.mu.Lock()
|
|
l.output = w
|
|
l.mu.Unlock()
|
|
}
|
|
|
|
func (l *Logger) shouldLog(level Level) bool {
|
|
l.mu.RLock()
|
|
defer l.mu.RUnlock()
|
|
return level <= l.level
|
|
}
|
|
|
|
func (l *Logger) log(level Level, prefix, msg string, keyvals ...any) {
|
|
l.mu.RLock()
|
|
output := l.output
|
|
styleTimestamp := l.StyleTimestamp
|
|
l.mu.RUnlock()
|
|
|
|
timestamp := styleTimestamp(time.Now().Format("15:04:05"))
|
|
|
|
// Automatically extract context from error if present in keyvals
|
|
origLen := len(keyvals)
|
|
for i := 0; i < origLen; i += 2 {
|
|
if i+1 < origLen {
|
|
if err, ok := keyvals[i+1].(error); ok {
|
|
if op := Op(err); op != "" {
|
|
// Check if op is already in keyvals
|
|
hasOp := false
|
|
for j := 0; j < len(keyvals); j += 2 {
|
|
if keyvals[j] == "op" {
|
|
hasOp = true
|
|
break
|
|
}
|
|
}
|
|
if !hasOp {
|
|
keyvals = append(keyvals, "op", op)
|
|
}
|
|
}
|
|
if stack := FormatStackTrace(err); stack != "" {
|
|
// Check if stack is already in keyvals
|
|
hasStack := false
|
|
for j := 0; j < len(keyvals); j += 2 {
|
|
if keyvals[j] == "stack" {
|
|
hasStack = true
|
|
break
|
|
}
|
|
}
|
|
if !hasStack {
|
|
keyvals = append(keyvals, "stack", stack)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Format key-value pairs
|
|
var kvStr string
|
|
if len(keyvals) > 0 {
|
|
kvStr = " "
|
|
for i := 0; i < len(keyvals); i += 2 {
|
|
if i > 0 {
|
|
kvStr += " "
|
|
}
|
|
key := keyvals[i]
|
|
var val any
|
|
if i+1 < len(keyvals) {
|
|
val = keyvals[i+1]
|
|
}
|
|
kvStr += fmt.Sprintf("%v=%v", key, val)
|
|
}
|
|
}
|
|
|
|
_, _ = fmt.Fprintf(output, "%s %s %s%s\n", timestamp, prefix, msg, kvStr)
|
|
}
|
|
|
|
// Debug logs a debug message with optional key-value pairs.
|
|
func (l *Logger) Debug(msg string, keyvals ...any) {
|
|
if l.shouldLog(LevelDebug) {
|
|
l.log(LevelDebug, l.StyleDebug("[DBG]"), msg, keyvals...)
|
|
}
|
|
}
|
|
|
|
// Info logs an info message with optional key-value pairs.
|
|
func (l *Logger) Info(msg string, keyvals ...any) {
|
|
if l.shouldLog(LevelInfo) {
|
|
l.log(LevelInfo, l.StyleInfo("[INF]"), msg, keyvals...)
|
|
}
|
|
}
|
|
|
|
// Warn logs a warning message with optional key-value pairs.
|
|
func (l *Logger) Warn(msg string, keyvals ...any) {
|
|
if l.shouldLog(LevelWarn) {
|
|
l.log(LevelWarn, l.StyleWarn("[WRN]"), msg, keyvals...)
|
|
}
|
|
}
|
|
|
|
// Error logs an error message with optional key-value pairs.
|
|
func (l *Logger) Error(msg string, keyvals ...any) {
|
|
if l.shouldLog(LevelError) {
|
|
l.log(LevelError, l.StyleError("[ERR]"), msg, keyvals...)
|
|
}
|
|
}
|
|
|
|
// Security logs a security event with optional key-value pairs.
|
|
// It uses LevelError to ensure security events are visible even in restrictive
|
|
// log configurations.
|
|
func (l *Logger) Security(msg string, keyvals ...any) {
|
|
if l.shouldLog(LevelError) {
|
|
l.log(LevelError, l.StyleSecurity("[SEC]"), msg, keyvals...)
|
|
}
|
|
}
|
|
|
|
// Username returns the current system username.
|
|
// It uses os/user for reliability and falls back to environment variables.
|
|
func Username() string {
|
|
if u, err := user.Current(); err == nil {
|
|
return u.Username
|
|
}
|
|
// Fallback for environments where user lookup might fail
|
|
if u := os.Getenv("USER"); u != "" {
|
|
return u
|
|
}
|
|
return os.Getenv("USERNAME")
|
|
}
|
|
|
|
// --- Default logger ---
|
|
|
|
var defaultLogger = New(Options{Level: LevelInfo})
|
|
|
|
// Default returns the default logger.
|
|
func Default() *Logger {
|
|
return defaultLogger
|
|
}
|
|
|
|
// SetDefault sets the default logger.
|
|
func SetDefault(l *Logger) {
|
|
defaultLogger = l
|
|
}
|
|
|
|
// SetLevel sets the default logger's level.
|
|
func SetLevel(level Level) {
|
|
defaultLogger.SetLevel(level)
|
|
}
|
|
|
|
// Debug logs to the default logger.
|
|
func Debug(msg string, keyvals ...any) {
|
|
defaultLogger.Debug(msg, keyvals...)
|
|
}
|
|
|
|
// Info logs to the default logger.
|
|
func Info(msg string, keyvals ...any) {
|
|
defaultLogger.Info(msg, keyvals...)
|
|
}
|
|
|
|
// Warn logs to the default logger.
|
|
func Warn(msg string, keyvals ...any) {
|
|
defaultLogger.Warn(msg, keyvals...)
|
|
}
|
|
|
|
// Error logs to the default logger.
|
|
func Error(msg string, keyvals ...any) {
|
|
defaultLogger.Error(msg, keyvals...)
|
|
}
|
|
|
|
// Security logs to the default logger.
|
|
func Security(msg string, keyvals ...any) {
|
|
defaultLogger.Security(msg, keyvals...)
|
|
}
|