owlen

Owlibou/owlen

Fork 0

Commit Graph

Author	SHA1	Message	Date
vikingowl	0728262a9e	fix(core,mcp,security)!: resolve critical P0/P1 issues BREAKING CHANGES: - owlen-core no longer depends on ratatui/crossterm - RemoteMcpClient constructors are now async - MCP path validation is stricter (security hardening) This commit resolves three critical issues identified in project analysis: ## P0-1: Extract TUI dependencies from owlen-core Create owlen-ui-common crate to hold UI-agnostic color and theme abstractions, removing architectural boundary violation. Changes: - Create new owlen-ui-common crate with abstract Color enum - Move theme.rs from owlen-core to owlen-ui-common - Define Color with Rgb and Named variants (no ratatui dependency) - Create color conversion layer in owlen-tui (color_convert.rs) - Update 35+ color usages with conversion wrappers - Remove ratatui/crossterm from owlen-core dependencies Benefits: - owlen-core usable in headless/CLI contexts - Enables future GUI frontends - Reduces binary size for core library consumers ## P0-2: Fix blocking WebSocket connections Convert RemoteMcpClient constructors to async, eliminating runtime blocking that froze TUI for 30+ seconds on slow connections. Changes: - Make new_with_runtime(), new_with_config(), new() async - Remove block_in_place wrappers for I/O operations - Add 30-second connection timeout with tokio::time::timeout - Update 15+ call sites across 10 files to await constructors - Convert 4 test functions to #[tokio::test] Benefits: - TUI remains responsive during WebSocket connections - Proper async I/O follows Rust best practices - No more indefinite hangs ## P1-1: Secure path traversal vulnerabilities Implement comprehensive path validation with 7 defense layers to prevent file access outside workspace boundaries. Changes: - Create validate_safe_path() with multi-layer security: * URL decoding (prevents %2E%2E bypasses) * Absolute path rejection * Null byte protection * Windows-specific checks (UNC/device paths) * Lexical path cleaning (removes .. components) * Symlink resolution via canonicalization * Boundary verification with starts_with check - Update 4 MCP resource functions (get/list/write/delete) - Add 11 comprehensive security tests Benefits: - Blocks URL-encoded, absolute, UNC path attacks - Prevents null byte injection - Stops symlink escape attempts - Cross-platform security (Windows/Linux/macOS) ## Test Results - owlen-core: 109/109 tests pass (100%) - owlen-tui: 52/53 tests pass (98%, 1 pre-existing failure) - owlen-providers: 2/2 tests pass (100%) - Build: cargo build --all succeeds ## Verification - ✓ cargo tree -p owlen-core shows no TUI dependencies - ✓ No block_in_place calls remain in MCP I/O code - ✓ All 11 security tests pass Fixes: #P0-1, #P0-2, #P1-1 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-29 12:31:20 +01:00
vikingowl	7851af14a9	refactor(core): remove provider module, migrate to LLMProvider, add client mode handling, improve serialization error handling, update workspace edition, and clean up conditionals and imports	2025-10-12 12:38:55 +02:00
vikingowl	9545a4b3ad	feat(phase10): complete MCP-only architecture migration This commit completes Phase 10 of the MCP migration by removing all direct provider usage from CLI/TUI and enforcing MCP-first architecture. ## Changes ### Core Architecture - main.rs: Replaced OllamaProvider with RemoteMcpClient - Uses MCP server configuration from config.toml if available - Falls back to auto-discovery of MCP LLM server binary - agent_main.rs: Unified provider and MCP client to single RemoteMcpClient - Simplifies initialization with Arc::clone pattern - All LLM communication now goes through MCP protocol ### Dependencies - Cargo.toml: Removed owlen-ollama dependency from owlen-cli - CLI no longer knows about Ollama implementation details - Clean separation: only MCP servers use provider crates internally ### Tests - agent_tests.rs: Updated all tests to use RemoteMcpClient - Replaced OllamaProvider::new() with RemoteMcpClient::new() - Updated test documentation to reflect MCP requirements - All tests compile and run successfully ### Examples - Removed: custom_provider.rs, basic_chat.rs (deprecated) - Added: mcp_chat.rs - demonstrates recommended MCP-based usage - Shows how to use RemoteMcpClient for LLM interactions - Includes model listing and chat request examples ### Cleanup - Removed outdated TODO about MCP integration (now complete) - Updated comments to reflect current MCP architecture ## Architecture ``` CLI/TUI → RemoteMcpClient (impl Provider) ↓ MCP Protocol (STDIO/HTTP/WS) MCP LLM Server → OllamaProvider → Ollama ``` ## Benefits - ✅ Clean separation of concerns - ✅ CLI is protocol-agnostic (only knows MCP) - ✅ Easier to add new LLM backends (just implement MCP server) - ✅ All tests passing - ✅ Full workspace builds successfully 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-10 22:29:20 +02:00

Author

SHA1

Message

Date

vikingowl

0728262a9e

fix(core,mcp,security)!: resolve critical P0/P1 issues

BREAKING CHANGES:
- owlen-core no longer depends on ratatui/crossterm
- RemoteMcpClient constructors are now async
- MCP path validation is stricter (security hardening)

This commit resolves three critical issues identified in project analysis:

## P0-1: Extract TUI dependencies from owlen-core

Create owlen-ui-common crate to hold UI-agnostic color and theme
abstractions, removing architectural boundary violation.

Changes:
- Create new owlen-ui-common crate with abstract Color enum
- Move theme.rs from owlen-core to owlen-ui-common
- Define Color with Rgb and Named variants (no ratatui dependency)
- Create color conversion layer in owlen-tui (color_convert.rs)
- Update 35+ color usages with conversion wrappers
- Remove ratatui/crossterm from owlen-core dependencies

Benefits:
- owlen-core usable in headless/CLI contexts
- Enables future GUI frontends
- Reduces binary size for core library consumers

## P0-2: Fix blocking WebSocket connections

Convert RemoteMcpClient constructors to async, eliminating runtime
blocking that froze TUI for 30+ seconds on slow connections.

Changes:
- Make new_with_runtime(), new_with_config(), new() async
- Remove block_in_place wrappers for I/O operations
- Add 30-second connection timeout with tokio::time::timeout
- Update 15+ call sites across 10 files to await constructors
- Convert 4 test functions to #[tokio::test]

Benefits:
- TUI remains responsive during WebSocket connections
- Proper async I/O follows Rust best practices
- No more indefinite hangs

## P1-1: Secure path traversal vulnerabilities

Implement comprehensive path validation with 7 defense layers to
prevent file access outside workspace boundaries.

Changes:
- Create validate_safe_path() with multi-layer security:
  * URL decoding (prevents %2E%2E bypasses)
  * Absolute path rejection
  * Null byte protection
  * Windows-specific checks (UNC/device paths)
  * Lexical path cleaning (removes .. components)
  * Symlink resolution via canonicalization
  * Boundary verification with starts_with check
- Update 4 MCP resource functions (get/list/write/delete)
- Add 11 comprehensive security tests

Benefits:
- Blocks URL-encoded, absolute, UNC path attacks
- Prevents null byte injection
- Stops symlink escape attempts
- Cross-platform security (Windows/Linux/macOS)

## Test Results

- owlen-core: 109/109 tests pass (100%)
- owlen-tui: 52/53 tests pass (98%, 1 pre-existing failure)
- owlen-providers: 2/2 tests pass (100%)
- Build: cargo build --all succeeds

## Verification

- ✓ cargo tree -p owlen-core shows no TUI dependencies
- ✓ No block_in_place calls remain in MCP I/O code
- ✓ All 11 security tests pass

Fixes: #P0-1, #P0-2, #P1-1

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-29 12:31:20 +01:00

vikingowl

7851af14a9

refactor(core): remove provider module, migrate to LLMProvider, add client mode handling, improve serialization error handling, update workspace edition, and clean up conditionals and imports

2025-10-12 12:38:55 +02:00

vikingowl

9545a4b3ad

feat(phase10): complete MCP-only architecture migration

This commit completes Phase 10 of the MCP migration by removing all
direct provider usage from CLI/TUI and enforcing MCP-first architecture.

## Changes

### Core Architecture
- **main.rs**: Replaced OllamaProvider with RemoteMcpClient
  - Uses MCP server configuration from config.toml if available
  - Falls back to auto-discovery of MCP LLM server binary
- **agent_main.rs**: Unified provider and MCP client to single RemoteMcpClient
  - Simplifies initialization with Arc::clone pattern
  - All LLM communication now goes through MCP protocol

### Dependencies
- **Cargo.toml**: Removed owlen-ollama dependency from owlen-cli
  - CLI no longer knows about Ollama implementation details
  - Clean separation: only MCP servers use provider crates internally

### Tests
- **agent_tests.rs**: Updated all tests to use RemoteMcpClient
  - Replaced OllamaProvider::new() with RemoteMcpClient::new()
  - Updated test documentation to reflect MCP requirements
  - All tests compile and run successfully

### Examples
- **Removed**: custom_provider.rs, basic_chat.rs (deprecated)
- **Added**: mcp_chat.rs - demonstrates recommended MCP-based usage
  - Shows how to use RemoteMcpClient for LLM interactions
  - Includes model listing and chat request examples

### Cleanup
- Removed outdated TODO about MCP integration (now complete)
- Updated comments to reflect current MCP architecture

## Architecture

```
CLI/TUI → RemoteMcpClient (impl Provider)
          ↓ MCP Protocol (STDIO/HTTP/WS)
          MCP LLM Server → OllamaProvider → Ollama
```

## Benefits
- ✅ Clean separation of concerns
- ✅ CLI is protocol-agnostic (only knows MCP)
- ✅ Easier to add new LLM backends (just implement MCP server)
- ✅ All tests passing
- ✅ Full workspace builds successfully

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-10 22:29:20 +02:00

3 Commits