# AI Workspace Improvements This note tracks general improvements, integrations, and architectural upgrades for the AI Workspace (AIW) tools and proxies, independent of specific project domains. --- ## 1. Mattermost Integration Enhancements ### A. Keyless Authentication via Local Cookies (macOS Keychain) * **Goal:** Eliminate the need to manually configure and rotate `MATTERMOST_TOKEN` in local `.env` files. * **Mechanism:** * Read the sandboxed Chrome/Electron cookies database directly: `~/Library/Containers/Mattermost.Desktop/Data/Library/Application Support/Mattermost/Cookies` * Extract the `encrypted_value` for the `MMAUTHTOKEN` cookie. * Retrieve the encryption key from the macOS Keychain under the service `"Mattermost Safe Storage"` and account `"Mattermost"`. * Decrypt using PBKDF2 (salt: `b"saltysalt"`, iterations: `1003`) and AES-128-CBC. * **Database Version 24+ Compatibility:** Strip the 32-byte domain SHA-256 prefix from the decrypted block and remove PKCS7 padding to reveal the raw 26-character token. * **Benefits:** Zero-configuration authentication, inherits SSO/MFA validation from the desktop app, runs in under 50ms, and requires no background proxy daemon. ### B. Interactive Session Cache (Alternative) * **Goal:** Dynamically obtain the session token without saving the master password on disk for environments using basic username/password authentication. * **Mechanism:** * Request the password interactively in the terminal using Python's `getpass` library or fetch it from the macOS Keychain. * Call `POST /api/v4/users/login` to authenticate. * Save **only the returned session token** to a local temporary cache file (e.g., `.mattermost_session`). * Check the cache validity on startup before prompting the user again. --- ## 2. Desktop Automation & Control (AI Message Drafting) ### A. Native AppleScript Automation (macOS) * **Goal:** Allow the AI agent to draft messages directly in the official Mattermost Desktop UI for final user review before sending. * **Mechanism:** * Execute AppleScript commands from the terminal to focus the Mattermost Desktop application. * Copy the AI-generated draft to the clipboard. * Simulate keyboard shortcuts (`Cmd+V`) to paste the draft into the active chat input field. * **Benefits:** No API keys required, completely safe (user retains final send control), and works natively on macOS without external dependencies. ### B. Chromium CDP Attachment (Playwright / Puppeteer) * **Goal:** Programmatic UI interaction without launching a new headless browser. * **Mechanism:** * Launch Mattermost Desktop with the `--remote-debugging-port=9222` flag. * Attach Playwright to the active session using `connect_over_cdp("http://localhost:9222")`. * Execute Javascript inside the page context (e.g., `page.evaluate(...)` or `page.eval_on_selector(...)`) to input text or trigger actions even when the window is minimized (bypassing Chromium CPU/timer throttling).