fidelity-ai-workspace/workspaces/fidelity/project-knowledge/ai-workspace-improvements.md

AI Workspace Improvements

This note tracks general improvements, integrations, and architectural upgrades for the AI Workspace (AIW) tools and proxies, independent of specific project domains.

---

1. Mattermost Integration Enhancements

A. Keyless Authentication via Local Cookies (macOS Keychain)

• Goal: Eliminate the need to manually configure and rotate MATTERMOST_TOKEN in local .env files.
• Mechanism:
  • Read the sandboxed Chrome/Electron cookies database directly: ~/Library/Containers/Mattermost.Desktop/Data/Library/Application Support/Mattermost/Cookies
  • Extract the encrypted_value for the MMAUTHTOKEN cookie.
  • Retrieve the encryption key from the macOS Keychain under the service "Mattermost Safe Storage" and account "Mattermost".
  • Decrypt using PBKDF2 (salt: b"saltysalt", iterations: 1003) and AES-128-CBC.
  • Database Version 24+ Compatibility: Strip the 32-byte domain SHA-256 prefix from the decrypted block and remove PKCS7 padding to reveal the raw 26-character token.
• Benefits: Zero-configuration authentication, inherits SSO/MFA validation from the desktop app, runs in under 50ms, and requires no background proxy daemon.

B. Interactive Session Cache (Alternative)

• Goal: Dynamically obtain the session token without saving the master password on disk for environments using basic username/password authentication.
• Mechanism:
  • Request the password interactively in the terminal using Python's getpass library or fetch it from the macOS Keychain.
  • Call POST /api/v4/users/login to authenticate.
  • Save only the returned session token to a local temporary cache file (e.g., .mattermost_session).
  • Check the cache validity on startup before prompting the user again.

---

2. Desktop Automation & Control (AI Message Drafting)

A. Native AppleScript Automation (macOS)

• Goal: Allow the AI agent to draft messages directly in the official Mattermost Desktop UI for final user review before sending.
• Mechanism:
  • Execute AppleScript commands from the terminal to focus the Mattermost Desktop application.
  • Copy the AI-generated draft to the clipboard.
  • Simulate keyboard shortcuts (Cmd+V) to paste the draft into the active chat input field.
• Benefits: No API keys required, completely safe (user retains final send control), and works natively on macOS without external dependencies.

B. Chromium CDP Attachment (Playwright / Puppeteer)

• Goal: Programmatic UI interaction without launching a new headless browser.
• Mechanism:
  • Launch Mattermost Desktop with the --remote-debugging-port=9222 flag.
  • Attach Playwright to the active session using connect_over_cdp("http://localhost:9222").
  • Execute Javascript inside the page context (e.g., page.evaluate(...) or page.eval_on_selector(...)) to input text or trigger actions even when the window is minimized (bypassing Chromium CPU/timer throttling).