ltcai 0.1.22 → 0.1.24

package/docs/CHANGELOG.md

@@ -1,14 +1,92 @@
 # Changelog
 
+## [0.1.24] - 2026-05-24
+
+### 안정화 및 UX 개선
+
+- **로컬 파일 인증 강화** — `/local/list` · `/local/read` · `/local/write` · `/local/serve`에서 로그인 세션 필수화 (`_require_local_user` 헬퍼 도입)
+- **`GET /local/list` 라우트 추가** — smoke-test 및 브라우저 직접 호출 호환
+- **VS Code 배지 수정** — shields.io `visual-studio-marketplace` 폐기 → `vsmarketplacebadges.dev`로 전환
+- **README 이미지 URL 안정화** — 로고·스크린샷을 `raw.githubusercontent.com` 절대 URL로 전환해 PyPI / npm / Marketplace 페이지에서도 표시
+- **Quick Start 분리** — PyPI / npm / VS Code 사용자의 첫 설치 경로를 각각 명확히 안내
+- **GitHub Actions Node 24** — CI 런타임을 Node 24로 업그레이드
+
+### Release
+- 배포 버전을 `0.1.24`로 상향
+- 대상 채널: `npm` · `PyPI` · `VS Code Marketplace` · `Open VSX`
+
+## [0.1.23] - 2026-05-24
+
+### Discord 권한 알림 시스템
+
+- **`GET /permissions/pending`** — 대기 중인 파일 접근 권한 요청 목록 (관리자)
+- **`POST /permissions/approve/{token}`** — 권한 승인 (관리자 세션 또는 `LATTICEAI_PERMISSION_SECRET`)
+- **`POST /permissions/deny/{token}`** — 권한 거부/취소
+- **`GET /permissions/status/{token}`** — 승인 상태 폴링 (AI 에이전트용)
+- 권한 토큰 기본값 `approved: False` — 명시적 승인 전까지 파일 접근 불가
+- `~/.ltcai/permission_queue.json` — 서버가 기록, Claude Code Discord 플러그인이 읽어 알림 전송
+- `LATTICEAI_PERMISSION_SECRET` 환경변수 — 모니터 스크립트가 세션 없이 approve/deny 호출 가능
+- `perm_monitor.py` — 권한 목록 조회·승인·거부 CLI 도우미 (`list` / `approve TOKEN` / `deny TOKEN` / `discord-msg`)
+- Discord에서 `승인 <토큰앞8자>` / `거부 <토큰앞8자>` 로 파일 접근 제어 가능
+
+### 리포지터리 UX 개선
+
+- **영어 README** 전면 재작성 — 한국어는 접을 수 있는 `<details>` 섹션으로 이동
+- **SVG 로고** 추가 (`docs/images/logo.svg`)
+- **경쟁 제품 비교표** — Lattice AI vs Open WebUI · Continue.dev · GitHub Copilot
+- **Quick Start 분리** — PyPI / npm / VS Code 사용자의 첫 설치 경로를 각각 명확히 안내
+- **비교표 기준 명시** — 공개 제품 동작 기준 시점을 README에 표기
+- **패키지 페이지 이미지 안정화** — README 이미지 URL을 GitHub raw URL로 전환해 PyPI / npm / Marketplace에서도 표시되도록 개선
+- **npm 패키지 정리** — 배포 tarball에서 테스트/캐시 파일 제외
+- **실제 UI 스크린샷 3장** — Chat UI · Admin Dashboard · Data Graph (Playwright 2x 캡처)
+- **VS Code 익스텐션 카테고리** `Other` → `AI, Machine Learning, Chat, Other`
+- **VS Code 익스텐션 키워드** 8개 → 16개 (copilot, apple-silicon, groq, graph-rag 등)
+- **VS Code 익스텐션 README** 전면 재작성 (기능표, 비교표, 모델 목록)
+- 구버전 `.tgz` / `.vsix` 빌드 파일 삭제
+
+### CI / 보안 안정화
+
+- `/local/list` `GET` smoke-test 호환 라우트 추가
+- `/local/list`, `/local/read`, `/local/write`, `/local/serve`는 로컬 개발 모드에서도 로그인 세션을 요구하도록 강화
+- GitHub Actions integration smoke test 실패 원인 수정
+
+### Release
+- 배포 버전을 `0.1.23`으로 상향
+- 대상 채널: `npm` · `PyPI` · `VS Code Marketplace` · `Open VSX`
+
 ## [0.1.22] - 2026-05-24
 
+### 리포지터리 UX 개선 — 다운로드 유입 최적화
+
+#### README 전면 재작성
+- **영어 메인 문서** — 한국어는 접을 수 있는 `<details>` 섹션으로 이동 (국제 유입 대응)
+- **SVG 로고 추가** (`docs/images/logo.svg`) — 인디고→시안 그라디언트 래티스 그리드 아이콘
+- **경쟁 제품 비교표** — Lattice AI vs Open WebUI · Continue.dev · GitHub Copilot 10개 기준 비교
+- **PyPI 월간 다운로드 수 배지** 추가 (신뢰도 지표)
+- 기능 · 보안 · API · 트러블슈팅 섹션을 표(table) 형식으로 정리 (가독성 향상)
+
+#### 실제 UI 스크린샷 자동 캡처
+- `docs/images/screenshot-chat.png` — 웹 채팅 UI (사이드바, 모델/파이프라인/VPC 카드)
+- `docs/images/screenshot-admin.png` — 어드민 대시보드 + Audit & Data Governance 섹션
+- `docs/images/screenshot-graph.png` — Data Graph 시각화 (299 노드, 443 엣지)
+- README 상단에 3단 그리드 스크린샷 테이블 추가
+- `scripts/take_screenshots.js` — Playwright Chromium 헤드리스 캡처 스크립트 (2x 레티나)
+
+#### VS Code 익스텐션 메타데이터 개선
+- **카테고리** `Other` → `AI, Machine Learning, Chat, Other` (Marketplace 검색 노출 증가)
+- **키워드** 8개 → 16개 추가 (`copilot`, `apple-silicon`, `groq`, `graph-rag` 등)
+- **설명 문구** 구체화 — 핵심 차별점(MLX, MCP, Graph RAG, zero telemetry) 명시
+- **익스텐션 README 전면 재작성** — 기능표 · 빠른 시작 · 단축키 · 지원 모델 · 설정 · 비교표 포함
+
+#### 리포지터리 정리
+- 루트 및 `vscode-extension/`의 구버전 `.tgz` / `.vsix` 빌드 파일 삭제
+
 ### Release preparation
 
 - 배포 버전을 `0.1.22`로 상향
   - `package.json`
   - `pyproject.toml`
   - `vscode-extension/package.json`
-- README 현재 배포 버전과 릴리스 체크 섹션을 `0.1.22` 기준으로 갱신
 - npm / PyPI / VS Code Marketplace / Open VSX 배포 전 빌드 산출물 생성
 
 ### Verification

package/docs/images/logo.svg

@@ -0,0 +1,33 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 240 60" width="240" height="60">
+  <defs>
+    <linearGradient id="g" x1="0%" y1="0%" x2="100%" y2="100%">
+      <stop offset="0%" style="stop-color:#6366f1"/>
+      <stop offset="100%" style="stop-color:#06b6d4"/>
+    </linearGradient>
+  </defs>
+  <!-- Lattice grid icon -->
+  <g transform="translate(8,10)">
+    <!-- dots -->
+    <circle cx="0"  cy="0"  r="3" fill="url(#g)" opacity="0.9"/>
+    <circle cx="16" cy="0"  r="3" fill="url(#g)" opacity="0.9"/>
+    <circle cx="32" cy="0"  r="3" fill="url(#g)" opacity="0.9"/>
+    <circle cx="0"  cy="16" r="3" fill="url(#g)" opacity="0.9"/>
+    <circle cx="16" cy="16" r="4" fill="url(#g)"/>
+    <circle cx="32" cy="16" r="3" fill="url(#g)" opacity="0.9"/>
+    <circle cx="0"  cy="32" r="3" fill="url(#g)" opacity="0.9"/>
+    <circle cx="16" cy="32" r="3" fill="url(#g)" opacity="0.9"/>
+    <circle cx="32" cy="32" r="3" fill="url(#g)" opacity="0.9"/>
+    <!-- lines -->
+    <line x1="0" y1="0" x2="32" y2="0"  stroke="url(#g)" stroke-width="1.2" opacity="0.4"/>
+    <line x1="0" y1="16" x2="32" y2="16" stroke="url(#g)" stroke-width="1.2" opacity="0.4"/>
+    <line x1="0" y1="32" x2="32" y2="32" stroke="url(#g)" stroke-width="1.2" opacity="0.4"/>
+    <line x1="0"  y1="0" x2="0"  y2="32" stroke="url(#g)" stroke-width="1.2" opacity="0.4"/>
+    <line x1="16" y1="0" x2="16" y2="32" stroke="url(#g)" stroke-width="1.2" opacity="0.4"/>
+    <line x1="32" y1="0" x2="32" y2="32" stroke="url(#g)" stroke-width="1.2" opacity="0.4"/>
+    <!-- diagonals -->
+    <line x1="0" y1="0" x2="32" y2="32" stroke="url(#g)" stroke-width="1" opacity="0.25"/>
+    <line x1="32" y1="0" x2="0" y2="32" stroke="url(#g)" stroke-width="1" opacity="0.25"/>
+  </g>
+  <!-- Text -->
+  <text x="58" y="34" font-family="'SF Pro Display','Segoe UI',system-ui,sans-serif" font-size="26" font-weight="700" fill="url(#g)" letter-spacing="-0.5">Lattice AI</text>
+</svg>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ltcai",
-  "version": "0.1.22",
+  "version": "0.1.24",
   "description": "Lattice AI local MLX/cloud LLM workspace server",
   "homepage": "https://github.com/TaeSooPark-PTS/LatticeAI#readme",
   "repository": {
@@ -50,7 +50,6 @@
     "tools.py",
     "codex_telegram_bot.py",
     "skills/",
-    "tests/",
     "static/account.html",
     "static/chat.html",
     "static/admin.html",

package/server.py

@@ -5631,6 +5631,13 @@ def _local_permission_response(path: str, action: str, user_email: str, content:
     }
 
 
+def _require_local_user(request: Request) -> str:
+    email = get_current_user(request)
+    if not email:
+        raise HTTPException(status_code=401, detail="로컬 파일 접근은 로그인 세션이 필요합니다.")
+    return email
+
+
 def _require_local_approval(
     *,
     token: Optional[str],
@@ -5773,16 +5780,22 @@ async def permissions_status(token: str, request: Request):
 
 @app.post("/local/list")
 async def local_list_endpoint(req: LocalAccessRequest, request: Request):
-    current_user = require_user(request)
+    current_user = _require_local_user(request)
     if not req.approved:
         return _local_permission_response(req.path, "list", current_user)
     _require_local_approval(token=req.approval_token, path=req.path, action="list", user_email=current_user)
     return _tool_response(local_list, req.path)
 
 
+@app.get("/local/list")
+async def local_list_get_endpoint(path: str, request: Request):
+    current_user = _require_local_user(request)
+    return _local_permission_response(path, "list", current_user)
+
+
 @app.post("/local/read")
 async def local_read_endpoint(req: LocalAccessRequest, request: Request):
-    current_user = require_user(request)
+    current_user = _require_local_user(request)
     if not req.approved:
         return _local_permission_response(req.path, "read", current_user)
     _require_local_approval(token=req.approval_token, path=req.path, action="read", user_email=current_user)
@@ -5792,7 +5805,7 @@ async def local_read_endpoint(req: LocalAccessRequest, request: Request):
 @app.get("/local/serve")
 async def local_serve_file(path: str, request: Request, approval_token: Optional[str] = None):
     """Serve a local file (images etc.) directly for browser preview."""
-    current_user = require_user(request)
+    current_user = _require_local_user(request)
     _require_local_approval(token=approval_token, path=path, action="read", user_email=current_user)
     target = Path(path).expanduser().resolve()
     if not target.exists() or not target.is_file():
@@ -5802,7 +5815,7 @@ async def local_serve_file(path: str, request: Request, approval_token: Optional
 
 @app.post("/local/write")
 async def local_write_endpoint(req: LocalWriteRequest, request: Request):
-    current_user = require_user(request)
+    current_user = _require_local_user(request)
     if not req.approved:
         return _local_permission_response(req.path, "write", current_user, req.content)
     _require_local_approval(

package/tests/integration/test_api.py

@@ -1,94 +0,0 @@
-"""Integration tests for FastAPI endpoints.
-
-Run against a live server:  pytest tests/integration/ --base-url http://localhost:8899
-Default base URL falls back to http://localhost:8899 if flag not provided.
-"""
-import os
-import pytest
-import httpx
-
-BASE_URL = os.environ.get("LTCAI_TEST_BASE_URL", "http://localhost:8899")
-
-
-def _session_cookie() -> dict:
-    """Return session cookie if LTCAI_TEST_SESSION env var is set, else empty dict."""
-    sid = os.environ.get("LTCAI_TEST_SESSION", "")
-    return {"session_id": sid} if sid else {}
-
-
-@pytest.fixture(scope="session")
-def client():
-    with httpx.Client(base_url=BASE_URL, cookies=_session_cookie(), timeout=15) as c:
-        yield c
-
-
-# ---------------------------------------------------------------------------
-# Health / Info
-# ---------------------------------------------------------------------------
-
-def test_health(client):
-    r = client.get("/health")
-    assert r.status_code == 200
-    data = r.json()
-    assert "status" in data
-
-
-def test_mode_endpoint(client):
-    r = client.get("/mode")
-    assert r.status_code == 200
-    data = r.json()
-    assert "model" in data or "mode" in data
-
-
-def test_runtime_features(client):
-    r = client.get("/runtime_features")
-    assert r.status_code == 200
-
-
-# ---------------------------------------------------------------------------
-# Local filesystem endpoints
-# ---------------------------------------------------------------------------
-
-def test_local_list_home(client):
-    r = client.get("/local/list", params={"path": "~"})
-    # 200 if authenticated, 401/403 if no session
-    assert r.status_code in (200, 401, 403)
-
-
-def test_local_list_requires_auth(client):
-    """Without a session cookie the endpoint must reject the request."""
-    r = httpx.get(f"{BASE_URL}/local/list", params={"path": "~"}, timeout=10)
-    assert r.status_code in (401, 403)
-
-
-def test_local_serve_missing_file(client):
-    r = client.get("/local/serve", params={"path": "/nonexistent_lattice_ai_test_xyz.txt"})
-    assert r.status_code in (400, 401, 403, 404)
-
-
-# ---------------------------------------------------------------------------
-# /tools/read_document
-# ---------------------------------------------------------------------------
-
-def test_read_document_missing(client):
-    r = client.post("/tools/read_document", json={"path": "/nonexistent_lattice_ai_doc.txt"})
-    assert r.status_code in (400, 401, 403, 404, 422)
-
-
-# ---------------------------------------------------------------------------
-# /chat — smoke test (no model required)
-# ---------------------------------------------------------------------------
-
-def test_chat_requires_message(client):
-    r = client.post("/chat", json={})
-    # Missing message → 422 validation error or 401 unauth
-    assert r.status_code in (401, 403, 422)
-
-
-# ---------------------------------------------------------------------------
-# /agent — smoke test
-# ---------------------------------------------------------------------------
-
-def test_agent_requires_task(client):
-    r = client.post("/agent", json={})
-    assert r.status_code in (401, 403, 422)

package/tests/unit/test_security.py

@@ -1,193 +0,0 @@
-"""Unit tests for security-sensitive helpers in server.py."""
-import sys
-import time
-import pytest
-from pathlib import Path
-
-sys.path.insert(0, str(Path(__file__).parent.parent.parent))
-
-from server import (
-    _bytes_match_extension,
-    _rate_buckets,
-    enforce_rate_limit,
-    hash_password,
-    verify_password,
-    _agent_risk,
-    _host_is_loopback,
-    _local_permission_response,
-    _require_local_approval,
-    _LOCAL_WRITE_BLOCKED_PREFIXES,
-)
-from fastapi import HTTPException
-
-
-# ---------------------------------------------------------------------------
-# Password hashing
-# ---------------------------------------------------------------------------
-
-def test_password_hash_roundtrip():
-    h = hash_password("hunter2")
-    assert verify_password("hunter2", h)
-    assert not verify_password("wrong", h)
-
-
-def test_password_hash_not_plaintext():
-    h = hash_password("hunter2")
-    assert "hunter2" not in h
-    assert ":" in h  # salt:hash format
-
-
-def test_password_hash_unique_per_call():
-    """Same input must yield different hashes (salted)."""
-    h1 = hash_password("same")
-    h2 = hash_password("same")
-    assert h1 != h2
-    assert verify_password("same", h1)
-    assert verify_password("same", h2)
-
-
-# ---------------------------------------------------------------------------
-# MIME / magic-number sniffing
-# ---------------------------------------------------------------------------
-
-def test_bytes_match_pdf():
-    assert _bytes_match_extension(b"%PDF-1.7\n...", ".pdf")
-
-
-def test_bytes_match_pdf_rejects_zip_bytes():
-    assert not _bytes_match_extension(b"PK\x03\x04...", ".pdf")
-
-
-def test_bytes_match_docx_is_zip():
-    assert _bytes_match_extension(b"PK\x03\x04...", ".docx")
-
-
-def test_bytes_match_png():
-    assert _bytes_match_extension(b"\x89PNG\r\n\x1a\nrest", ".png")
-
-
-def test_bytes_match_txt_skips_check():
-    """Text-like formats have no magic — always accepted."""
-    assert _bytes_match_extension(b"anything goes", ".txt")
-    assert _bytes_match_extension(b"anything goes", ".md")
-    assert _bytes_match_extension(b"anything goes", ".csv")
-
-
-# ---------------------------------------------------------------------------
-# Rate limiting
-# ---------------------------------------------------------------------------
-
-def test_rate_limit_allows_within_capacity():
-    _rate_buckets.clear()
-    for _ in range(10):
-        enforce_rate_limit("test_user@example.com", "agent")  # capacity 10
-
-
-def test_rate_limit_blocks_over_capacity():
-    _rate_buckets.clear()
-    for _ in range(10):
-        enforce_rate_limit("burst_user@example.com", "agent")
-    with pytest.raises(HTTPException) as exc:
-        enforce_rate_limit("burst_user@example.com", "agent")
-    assert exc.value.status_code == 429
-    assert "Retry-After" in exc.value.headers
-
-
-def test_rate_limit_skips_unauth():
-    """Empty email = no rate-limit (anon health-check style)."""
-    _rate_buckets.clear()
-    for _ in range(200):
-        enforce_rate_limit("", "agent")  # never raises
-
-
-# ---------------------------------------------------------------------------
-# Harness risk classification
-# ---------------------------------------------------------------------------
-
-def test_agent_risk_read_only_is_low():
-    assert _agent_risk("local_read", {"path": "/tmp/x"}) == "low"
-    assert _agent_risk("list_dir", {}) == "low"
-
-
-def test_agent_risk_write_is_medium():
-    assert _agent_risk("write_file", {"path": "out.txt"}) == "medium"
-    assert _agent_risk("local_write", {"path": "/tmp/safe.txt"}) == "medium"
-
-
-def test_agent_risk_run_command_is_high():
-    assert _agent_risk("run_command", {"command": "ls"}) == "high"
-
-
-def test_agent_risk_system_path_write_upgraded_to_high():
-    for prefix in _LOCAL_WRITE_BLOCKED_PREFIXES:
-        risk = _agent_risk("local_write", {"path": prefix + "evil.txt"})
-        assert risk == "high", f"prefix {prefix} should upgrade local_write to high"
-
-
-def test_agent_risk_unknown_action_defaults_medium():
-    assert _agent_risk("nonexistent_tool_xyz", {}) == "medium"
-
-
-# ---------------------------------------------------------------------------
-# Network exposure / local file approvals
-# ---------------------------------------------------------------------------
-
-def test_host_loopback_detection():
-    assert _host_is_loopback("127.0.0.1")
-    assert _host_is_loopback("localhost")
-    assert not _host_is_loopback("0.0.0.0")
-    assert not _host_is_loopback("192.168.0.2")
-
-
-def test_local_approval_token_allows_exact_scope(tmp_path):
-    target = tmp_path / "note.txt"
-    target.write_text("hello")
-    user = "alice@example.com"
-    approval = _local_permission_response(str(target), "read", user)
-    from server import _local_approvals
-    _local_approvals[approval["approval_token"]]["approved"] = True
-
-    _require_local_approval(
-        token=approval["approval_token"],
-        path=str(target),
-        action="read",
-        user_email=user,
-    )
-
-
-def test_local_approval_token_rejects_wrong_path(tmp_path):
-    allowed = tmp_path / "allowed.txt"
-    denied = tmp_path / "denied.txt"
-    allowed.write_text("allowed")
-    denied.write_text("denied")
-    user = "alice@example.com"
-    approval = _local_permission_response(str(allowed), "read", user)
-    from server import _local_approvals
-    _local_approvals[approval["approval_token"]]["approved"] = True
-
-    with pytest.raises(HTTPException) as exc:
-        _require_local_approval(
-            token=approval["approval_token"],
-            path=str(denied),
-            action="read",
-            user_email=user,
-        )
-    assert exc.value.status_code == 403
-
-
-def test_local_write_approval_binds_content(tmp_path):
-    target = tmp_path / "out.txt"
-    user = "alice@example.com"
-    approval = _local_permission_response(str(target), "write", user, "first")
-    from server import _local_approvals
-    _local_approvals[approval["approval_token"]]["approved"] = True
-
-    with pytest.raises(HTTPException) as exc:
-        _require_local_approval(
-            token=approval["approval_token"],
-            path=str(target),
-            action="write",
-            user_email=user,
-            content="changed",
-        )
-    assert exc.value.status_code == 403

package/tests/unit/test_setup_wizard.py

@@ -1,35 +0,0 @@
-import os
-import shutil
-
-import setup
-
-
-def test_scan_environment_includes_components_and_paths():
-    env = setup.scan_environment()
-
-    assert "components" in env
-    assert "python" in env["components"]
-    assert "official_url" in env["components"]["python"]
-    assert "path" in env
-    assert "active" in env["path"]
-
-
-def test_recommendations_include_components():
-    env = setup.scan_environment()
-    recs = setup.get_recommendations(env)
-
-    assert "components" in recs
-    assert any(item["id"].startswith("component_") for item in recs["components"])
-
-
-def test_repair_path_can_find_binary_from_common_dir(monkeypatch):
-    python_path = shutil.which("python3") or shutil.which("python")
-    assert python_path
-    python_dir = os.path.dirname(python_path)
-
-    monkeypatch.setattr(setup, "COMMON_PATH_DIRS", [python_dir])
-    monkeypatch.setenv("PATH", "")
-
-    setup.repair_path_for("python3" if python_path.endswith("python3") else "python")
-
-    assert python_dir in os.environ["PATH"].split(os.pathsep)