From 7594e8ebc9c193280eda6906ed814e6734478263 Mon Sep 17 00:00:00 2001 From: "david.delagneau" Date: Fri, 22 May 2026 07:48:05 -0600 Subject: [PATCH] docs: add AI workspace improvements document and link it in the getting started guide --- .../project-knowledge/00-start/start-here.md | 7 +++ .../ai-workspace-improvements.md | 45 +++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 workspaces/fidelity/project-knowledge/ai-workspace-improvements.md diff --git a/workspaces/fidelity/project-knowledge/00-start/start-here.md b/workspaces/fidelity/project-knowledge/00-start/start-here.md index 71247fd..a388b83 100644 --- a/workspaces/fidelity/project-knowledge/00-start/start-here.md +++ b/workspaces/fidelity/project-knowledge/00-start/start-here.md @@ -82,6 +82,12 @@ Use the latest dated note for recent evidence, but promote durable facts into `0 --- +## General Tools & Improvements + +- [AI Workspace Improvements](../ai-workspace-improvements.md) + +--- + ## Evidence Boundary Inbox and generated files are evidence, not durable memory by default. @@ -91,3 +97,4 @@ Inbox and generated files are evidence, not durable memory by default. - `scripts/slack/generated/` Promote only high-confidence, project-relevant facts into this vault. + diff --git a/workspaces/fidelity/project-knowledge/ai-workspace-improvements.md b/workspaces/fidelity/project-knowledge/ai-workspace-improvements.md new file mode 100644 index 0000000..d556c7c --- /dev/null +++ b/workspaces/fidelity/project-knowledge/ai-workspace-improvements.md @@ -0,0 +1,45 @@ +# AI Workspace Improvements + +This note tracks general improvements, integrations, and architectural upgrades for the AI Workspace (AIW) tools and proxies, independent of specific project domains. + +--- + +## 1. Mattermost Integration Enhancements + +### A. Keyless Authentication via Local Cookies (macOS Keychain) +* **Goal:** Eliminate the need to manually configure and rotate `MATTERMOST_TOKEN` in local `.env` files. +* **Mechanism:** + * Read the sandboxed Chrome/Electron cookies database directly: + `~/Library/Containers/Mattermost.Desktop/Data/Library/Application Support/Mattermost/Cookies` + * Extract the `encrypted_value` for the `MMAUTHTOKEN` cookie. + * Retrieve the encryption key from the macOS Keychain under the service `"Mattermost Safe Storage"` and account `"Mattermost"`. + * Decrypt using PBKDF2 (salt: `b"saltysalt"`, iterations: `1003`) and AES-128-CBC. + * **Database Version 24+ Compatibility:** Strip the 32-byte domain SHA-256 prefix from the decrypted block and remove PKCS7 padding to reveal the raw 26-character token. +* **Benefits:** Zero-configuration authentication, inherits SSO/MFA validation from the desktop app, runs in under 50ms, and requires no background proxy daemon. + +### B. Interactive Session Cache (Alternative) +* **Goal:** Dynamically obtain the session token without saving the master password on disk for environments using basic username/password authentication. +* **Mechanism:** + * Request the password interactively in the terminal using Python's `getpass` library or fetch it from the macOS Keychain. + * Call `POST /api/v4/users/login` to authenticate. + * Save **only the returned session token** to a local temporary cache file (e.g., `.mattermost_session`). + * Check the cache validity on startup before prompting the user again. + +--- + +## 2. Desktop Automation & Control (AI Message Drafting) + +### A. Native AppleScript Automation (macOS) +* **Goal:** Allow the AI agent to draft messages directly in the official Mattermost Desktop UI for final user review before sending. +* **Mechanism:** + * Execute AppleScript commands from the terminal to focus the Mattermost Desktop application. + * Copy the AI-generated draft to the clipboard. + * Simulate keyboard shortcuts (`Cmd+V`) to paste the draft into the active chat input field. +* **Benefits:** No API keys required, completely safe (user retains final send control), and works natively on macOS without external dependencies. + +### B. Chromium CDP Attachment (Playwright / Puppeteer) +* **Goal:** Programmatic UI interaction without launching a new headless browser. +* **Mechanism:** + * Launch Mattermost Desktop with the `--remote-debugging-port=9222` flag. + * Attach Playwright to the active session using `connect_over_cdp("http://localhost:9222")`. + * Execute Javascript inside the page context (e.g., `page.evaluate(...)` or `page.eval_on_selector(...)`) to input text or trigger actions even when the window is minimized (bypassing Chromium CPU/timer throttling).