Fix configuration loading order to ensure environment variables have
highest precedence over config files. Also update env prefix from
CODE_ to OWLEN_ for consistency with project naming.
Changes:
- Move env variable merge to end of chain for proper precedence
- Update environment prefix from CODE_ to OWLEN_
- Add precedence tests to verify correct override behavior
- Clean up unused dependencies (serde_json, toml)
- Add tempfile dev dependency for testing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Set up Cargo workspace with initial crates:
- cli: main application entry point with chat streaming tests
- config: configuration management
- llm/ollama: Ollama client integration with NDJSON support
Includes .gitignore for Rust and JetBrains IDEs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit completes all remaining Sprint 1 tasks from the project analysis:
**MCP RPC Timeout Protection**
- Add configurable `rpc_timeout_secs` field to McpServerConfig
- Implement operation-specific timeouts (10s-120s based on method type)
- Wrap all MCP RPC calls with tokio::time::timeout to prevent indefinite hangs
- Add comprehensive test suite (mcp_timeout.rs) with 5 test cases
- Modified files: config.rs, remote_client.rs, presets.rs, failover.rs, factory.rs, chat_app.rs, mcp.rs
**Async Migration Completion**
- Remove all remaining tokio::task::block_in_place calls
- Replace with try_lock() spin loop pattern for uncontended config access
- Maintains sync API for UI rendering while completing async migration
- Modified files: session.rs (config/config_mut), chat_app.rs (controller_lock)
**Dependency Updates**
- Update tokio 1.47.1 → 1.48.0 for latest performance improvements
- Update reqwest 0.12.23 → 0.12.24 for security patches
- Update 60+ transitive dependencies via cargo update
- Run cargo audit: identified 3 CVEs for Sprint 2 (sqlx, ring, rsa)
**Code Quality**
- Fix clippy deprecation warnings (generic-array 0.x usage in encryption/storage)
- Add temporary #![allow(deprecated)] with TODO comments for future generic-array 1.x upgrade
- All tests passing (except 1 pre-existing failure unrelated to these changes)
Sprint 1 is now complete. Next up: Sprint 2 security fixes and test coverage improvements.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Acceptance Criteria:\n- Declarative keymap sequences replace pending_key/pending_focus_chord logic.\n- :keymap show streams the active binding table and bindings export reflects new schema.\n- Vim/Emacs default keymaps resolve multi-step chords via the registry.
Test Notes:\n- cargo test -p owlen-tui
Acceptance Criteria:\n- Users can toggle high-contrast and reduced-chrome modes via :accessibility commands.\n- Accessibility flags persist in config and update UI header legends without restart.\n- Reduced chrome removes glass shadows while preserving layout readability.
Test Notes:\n- cargo test -p owlen-tui
Acceptance-Criteria:\n- snapshot coverage for idle chat and tool-call streaming states protects header, toast, and transcript rendering.\n- Tests use deterministic settings so reruns pass without manual snapshot acceptance.
Test-Notes:\n- INSTA_UPDATE=always cargo test -p owlen-tui --test chat_snapshots\n- cargo test
Acceptance-Criteria:\n- spec-compliant names are shared via WEB_SEARCH_TOOL_NAME and ModeConfig checks canonical identifiers.\n- workspace depends on once_cell so regex helpers build without local target hacks.
Test-Notes:\n- cargo test
Acceptance-Criteria:\n- cloud WireMock tests pass when providers.ollama_cloud.base_url targets a local endpoint.\n- 429 responses surface ProviderErrorKind::RateLimited and 401 payloads report API key guidance.
Test-Notes:\n- cargo test -p owlen-core --test ollama_wiremock cloud_rate_limit_returns_error_without_usage\n- cargo test -p owlen-core --test ollama_wiremock cloud_tool_call_flows_through_web_search\n- cargo test
Acceptance-Criteria:\n- docs cite the MCP identifier regex and enumerate the combined connector bundle.\n- legacy dotted identifiers are removed from the plan in favour of compliant names.
Test-Notes:\n- docs-only change; no automated tests required.
- Introduce reference MCP presets with installation/audit helpers and remove legacy connector lists.
- Add CLI `owlen tools` commands to install presets or audit configuration, with optional pruning.
- Extend the TUI :tools command to support listing presets, installing them, and auditing current configuration.
- Document the preset workflow and provide regression tests for preset application.
- Reject dotted tool identifiers during registration and remove alias-backed lookups.
- Drop web.search compatibility, normalize all code/tests around the canonical web_search name, and update consent/session logic.
- Harden CLI toggles to manage the spec-compliant identifier and ensure MCP configs shed non-compliant entries automatically.
Acceptance Criteria:
- Tool registry denies invalid identifiers by default and no alias codepaths remain.
Test Notes:
- cargo check -p owlen-core (tests unavailable in sandbox).
- Replace brand-specific guidance with spec-compliant naming rules and connector categories.
- Add docs/mcp-reference.md outlining common MCP connectors and installation workflow.
- Point configuration docs at the new guide and reiterate the naming regex.
Acceptance Criteria:
- Documentation directs users toward a combined reference bundle without citing specific vendors.
Test Notes:
- Docs-only change; link checks not run.
- Document web_search as the canonical MCP tool name and retain the legacy web.search alias across README, changelog, and mode docs.
- Explain how to mirror Codex CLI MCP installs with codex mcp add and note the common server bundle.
- Point the configuration guide at spec-compliant naming and runtime toggles for Codex users.
Acceptance Criteria:
- Documentation stops advertising dotted tool names as canonical and references Codex-compatible installs.
Test Notes:
- docs-only change; no automated tests run.
