Skip to content

Dev #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vsilent wants to merge 78 commits into
base: main
Choose a base branch
from
Open

Dev #62

vsilent wants to merge 78 commits into from

Conversation

@vsilent
Copy link
Collaborator

@vsilent vsilent commented Nov 14, 2024

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 26, 2025
View reviewed changes
.github/workflows/rust.yml
Comment on lines +14 to +79
name: Build binaries (Linux/macOS)
env:
SQLX_OFFLINE: true
strategy:
matrix:
include:
- os: ubuntu-latest
target: x86_64-unknown-linux-gnu
artifact_name: stacker-linux-x86_64
- os: macos-latest
target: x86_64-apple-darwin
artifact_name: stacker-macos-x86_64
- os: macos-latest
target: aarch64-apple-darwin
artifact_name: stacker-macos-aarch64
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- name: Build
run: cargo build --verbose
- name: Run tests
run: cargo test --verbose
- uses: actions/checkout@v4
- name: Verify .sqlx cache exists
run: |
ls -lh .sqlx/ || echo ".sqlx directory not found"
find .sqlx -type f 2>/dev/null | wc -l
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
target: ${{ matrix.target }}
override: true
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-registry-
- name: Cache cargo index
uses: actions/cache@v4
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-index-
- name: Cache target directory
uses: actions/cache@v4
with:
path: target
key: ${{ runner.os }}-target-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-target-${{ matrix.target }}-
- name: Build server (release)
run: cargo build --release --target ${{ matrix.target }} --bin server --verbose

- name: Build console (release with features)
run: cargo build --release --target ${{ matrix.target }} --bin console --features explain --verbose
- name: Prepare binaries
run: |
mkdir -p artifacts
cp target/${{ matrix.target }}/release/server artifacts/server
cp target/${{ matrix.target }}/release/console artifacts/console
tar -czf ${{ matrix.artifact_name }}.tar.gz -C artifacts .
- name: Upload binaries
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.artifact_name }}
path: ${{ matrix.artifact_name }}.tar.gz
retention-days: 7

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 10 days ago

To fix the issue, we should explicitly declare the permissions for the GITHUB_TOKEN used by this workflow and restrict them to the minimum required. This workflow only needs to read repository contents to build and upload artifacts, so contents: read is sufficient. We can set permissions at the workflow root so it applies to all jobs (currently only build), or directly under the build job. Root-level is cleaner and recommended.

Concretely, in .github/workflows/rust.yml, add a permissions: block near the top, after name: Rust and before on:. Set it to:

permissions:
  contents: read

No additional imports or dependencies are required, and this does not alter any existing build behavior. It only constrains what the automatically provided GITHUB_TOKEN can do.

Suggested changeset 1
.github/workflows/rust.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -1,5 +1,8 @@
 name: Rust
 
+permissions:
+  contents: read
+
 on:
   push:
     branches: [ dev, main ]
EOF
@@ -1,5 +1,8 @@
name: Rust

permissions:
contents: read

on:
push:
branches: [ dev, main ]
Copilot is powered by AI and may make mistakes. Always verify output.
vsilent added 17 commits December 26, 2025 15:36
test required db running
dfb44a1
migration fix, check if table casbin_rule table is created
3a4e071
admin access project endpoint
421b69c
feat: Implement MCP server foundation
0b09bfe 
- Add MCP protocol types with JSON-RPC 2.0 support
- Implement WebSocket handler with heartbeat mechanism
- Create tool registry with pluggable handler architecture
- Add session management for conversation context
- Register /mcp WebSocket endpoint with OAuth auth
- Add Casbin rules for group_user and group_admin access
- Include comprehensive unit tests for protocol layer

Components:
- src/mcp/protocol.rs: JSON-RPC 2.0 + MCP types
- src/mcp/websocket.rs: Actix WebSocket actor
- src/mcp/registry.rs: Tool handler infrastructure
- src/mcp/session.rs: Session state management
- migrations/20251227140000: Casbin authorization rules

Dependencies:
- actix 0.13.5 (WebSocket actor framework)
- actix-web-actors 4.3.1 (Actix-web WS integration)
- async-trait 0.1.77 (Tool handler trait)

Supports:
- initialize, tools/list, tools/call methods
- OAuth bearer token authentication
- Casbin role-based authorization
- Structured logging with tracing
- Graceful connection handling
root/admin_group user, MCP registry, tools implementation
40ad075
MCP server updates, websocker + cookie based auth, server connected
aedb8b6
Marketplace API init
3b06fd3
new migrations Marketplace added at Stacker
77d8516
marketplace + product + tests
4f4698f
marketplace + product + tests
e1e0809
root inherits user rights
3817b21
category sync/category_code instead of category_id
6ac2d5c
access categories
010c3a5
categories endpoint
922e814
categories endpoint
86d0ec6
marketplace, categories import from connectors
8786027
add connector example based on 3-d party auth service
7bfbacf
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 2, 2026
View reviewed changes
src/connectors/user_service/mod.rs
"{}/api/1.0/stacks?where={{\"user_id\":\"{}\"}}",
self.base_url, user_id
);
let mut req = self.http_client.get(&url);

Check failure

Code scanning / CodeQL

Cleartext transmission of sensitive information High

This 'get' operation transmits data which may contain unencrypted sensitive data from
user_id
Loading
.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vsilent