From 0b75767a7c9838330364ab821d038c68e545fd96 Mon Sep 17 00:00:00 2001 From: Ziemek Borowski Date: Sat, 31 Jan 2026 04:51:10 +0100 Subject: [PATCH 1/4] Bump version to 2.6.7 --- ChangeLog/2.6.7.md | 5 +++++ internal/common/version/version.go | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 ChangeLog/2.6.7.md diff --git a/ChangeLog/2.6.7.md b/ChangeLog/2.6.7.md new file mode 100644 index 0000000..14105f2 --- /dev/null +++ b/ChangeLog/2.6.7.md @@ -0,0 +1,5 @@ +# Version 2.6.7 + +## Changes + +- Version bump for separate development work diff --git a/internal/common/version/version.go b/internal/common/version/version.go index f187984..839de42 100644 --- a/internal/common/version/version.go +++ b/internal/common/version/version.go @@ -8,7 +8,7 @@ package version // 1. Change the Version constant below // 2. Create a changelog entry in ChangeLog/{version}.md // 3. Commit with message: "Bump version to {version}" -const Version = "2.6.6" +const Version = "2.6.7" // Get returns the current version string. // This is a convenience function for accessing the Version constant. From e3e410207396a04722c1ebdc7cb69f2612c3e5ca Mon Sep 17 00:00:00 2001 From: Ziemek Borowski Date: Sat, 31 Jan 2026 04:51:55 +0100 Subject: [PATCH 2/4] gemit code review --- ...CODE_REVIEW_AND_IMPROVEMENTS_2026_01_31.md | 101 ++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 cr-results/CODE_REVIEW_AND_IMPROVEMENTS_2026_01_31.md diff --git a/cr-results/CODE_REVIEW_AND_IMPROVEMENTS_2026_01_31.md b/cr-results/CODE_REVIEW_AND_IMPROVEMENTS_2026_01_31.md new file mode 100644 index 0000000..ba9d157 --- /dev/null +++ b/cr-results/CODE_REVIEW_AND_IMPROVEMENTS_2026_01_31.md @@ -0,0 +1,101 @@ +# Code Review & Improvement Plan: msgraphtool +**Date:** 2026-01-31 +**Version Reviewed:** 1.25.0+ (Current Codebase) +**Reviewer:** Gemini CLI + +## 1. Executive Summary + +Since the last review on 2026-01-07, `msgraphtool` has evolved significantly. The **Modularization (Phase 1)** is fully complete and stable. The tool has transitioned from a basic testing utility to a feature-rich CLI with advanced capabilities like Availability Checking (`getschedule`), Email Search & Export (`searchandexport`), and detailed JSON output. + +**Highlights:** +* **Architecture:** The file-based modularity (`config.go`, `handlers.go`, `auth.go`) works perfectly. It strikes the right balance between structure and simplicity for a CLI tool. +* **Security:** The implementation of `validateMessageID` to prevent OData injection is exemplary. Path traversal checks are robust. +* **Features:** The addition of `getschedule` and `exportinbox` greatly expands the tool's utility for troubleshooting and data extraction. + +**Primary Concern:** +* **Testing Technical Debt:** While code logic was split, tests were not cleanly refactored. We now have two overlapping test files (`shared_test.go` and `msgraphgolangtestingtool_test.go`) containing duplicate logic and lacking clear ownership. This is the main focus for the next cleanup phase. + +--- + +## 2. Code Quality & Architecture Review + +### 2.1 Modularization Status +The separation of concerns is excellent: +* **`msgraphtool.go`**: Clean entry point, handles signals and high-level flow. +* **`config.go`**: Centralized configuration and validation. +* **`auth.go`**: Isolated authentication logic. +* **`handlers.go`**: Business logic. *Note: This file is growing large (approx. 500 lines) and covers disparate domains (Mail, Calendar, Search).* +* **`utils.go`**: Generic helpers. + +### 2.2 Security Review +* **OData Injection:** The `validateMessageID` function in `utils.go` (or `msgraphgolangtestingtool_test.go` context) is a great defense-in-depth measure. It explicitly blocks quotes and OData operators. +* **Path Traversal:** `validateFilePath` correctly uses `filepath.Clean` and checks for `..` to prevent writing exports outside the temp directory. +* **Secrets:** Secrets are masked in verbose logs. + +### 2.3 New Features Analysis +* **`getschedule`**: Correctly calculates "next working day" logic (`addWorkingDays`). The 12:00-13:00 UTC check is a sensible default for testing availability. +* **`exportinbox` / `searchandexport`**: The manual map construction in `exportMessageToJSON` ensures the output JSON is clean and predictable, avoiding the massive nesting often found in raw Graph SDK serializations. +* **Templates**: `-body-template` implementation is simple and effective. + +--- + +## 3. Testing Technical Debt + +This is the only area requiring immediate attention. + +**Current State:** +* **`src/shared_test.go`**: A legacy file name containing tests for `config.go`, `utils.go`, and `handlers.go`. +* **`src/msgraphgolangtestingtool_test.go`**: A massive (1000+ line) catch-all file that *also* tests `config.go`, `utils.go`, and helpers. + +**Issues:** +1. **Duplication:** Both files test `validateConfiguration` and `validateFilePath`. +2. **Discoverability:** It is unclear where to add a new test. +3. **Maintenance:** `shared_test.go` refers to a file that no longer exists (`shared.go`). + +**Recommendation:** +Split these two files into domain-specific test files matching the source: +* `src/config_test.go`: Move configuration tests here. +* `src/utils_test.go`: Move `validateFilePath`, `maskGUID`, `retryWithBackoff` tests here. +* `src/handlers_test.go`: Move `createFileAttachments` and logic tests here. +* `src/auth_test.go`: Move PFX/Cert tests here. + +--- + +## 4. Improvement Plan + +### 4.1 Phase 1: Test Refactoring (High Priority) +* **Goal:** Eliminate `shared_test.go` and `msgraphgolangtestingtool_test.go`. +* **Action:** Create `config_test.go`, `utils_test.go`, `handlers_test.go`, `auth_test.go` and redistribute existing tests. Remove duplicates. + +### 4.2 Phase 2: Logic Split (Medium Priority) +* **Goal:** Prevent `handlers.go` from becoming the new "god object". +* **Action:** Split `handlers.go` into: + * `handler_mail.go` (SendMail, GetInbox, Export) + * `handler_calendar.go` (GetEvents, SendInvite, GetSchedule) + * `handler_search.go` (SearchAndExport) + +### 4.3 Phase 3: Usability (Low Priority) +* **Interactive Wizard:** If no args are provided, guide the user. +* **Dry Run (`-whatif`):** For `sendmail` and `sendinvite`, print what *would* happen without sending the request. + +--- + +## 5. Actionable Next Steps (Commands) + +1. **Refactor Tests:** Run a series of moves to split the test files. +2. **Verify:** Run `go test ./...` to ensure no coverage is lost. + +```powershell +# Proposed File Structure after Refactoring +src/ +├── msgraphtool.go +├── config.go +├── config_test.go <-- New (from shared_test.go & msgraph...test.go) +├── auth.go +├── auth_test.go <-- New +├── handlers.go +├── handlers_test.go <-- New +├── utils.go +├── utils_test.go <-- New +└── ... +``` From c3f90e2ff3863c7cfe28d0240b831d20b69f359e Mon Sep 17 00:00:00 2001 From: Ziemek Borowski Date: Sat, 31 Jan 2026 12:09:01 +0100 Subject: [PATCH 3/4] remove outdated GEMINI.md --- GEMINI.md | 110 ------------------------------------------------------ 1 file changed, 110 deletions(-) delete mode 100644 GEMINI.md diff --git a/GEMINI.md b/GEMINI.md deleted file mode 100644 index 0fc934a..0000000 --- a/GEMINI.md +++ /dev/null @@ -1,110 +0,0 @@ -# Gemini Context: msgraphtool - -This document provides context for Gemini to effectively assist with the `msgraphtool` project. - -## Project Overview - -**Name:** `msgraphtool` -**Type:** Go CLI Tool (Single Binary) -**Purpose:** Interact with Microsoft Graph API (Exchange Online) for testing and automation. -**Key Functionality:** -- Sending emails (Text body). -- Listing calendar events. -- Creating calendar invites. -- Listing inbox messages. -- **Authentication:** Client Secret, PFX Certificate, Windows Certificate Store (Thumbprint). -- **Logging:** Automatic CSV logging of all operations to `%TEMP%`. -**Platform:** Cross-platform (Windows, Linux, macOS), but optimized for Windows (Certificate Store support). - -## Directory Structure - -* `src/`: Go source code and module definition (`go.mod`). -* `src/msgraphtool.go`: Main entry point and application logic. -* `src/cert_windows.go`: Windows-specific certificate store implementation. -* `src/cert_stub.go`: Stub for non-Windows builds. -* `src/VERSION`: Current version string (e.g., `1.12.6`). -* `.github/workflows/`: GitHub Actions for CI/CD. -* `tests/`: Integration tests. -* `Changelog/`: Directory containing changelog files (e.g., `1.12.6.md`). - -## Development Workflow - -### 1. Build - -The Go code is located in `src/`. You must run build commands from the root pointing to `src` or inside `src`. - -**Command:** -```powershell -go build -C src -o msgraphtool.exe -``` - -**Optimized Build (Smaller Binary):** -```powershell -go build -C src -ldflags="-s -w" -o msgraphtool.exe -``` - -### 2. Versioning - -* **Major Version Locked:** Always `1.x.y`. -* **Single Source of Truth:** `src/VERSION`. -* **Mechanism:** Go code uses `//go:embed VERSION` to compile the version string. **Do not** edit Go source for version updates. -* **Process:** Update `src/VERSION` and create `Changelog/{version}.md`. - -### 3. Release Process - -Releases are automated via GitHub Actions when a tag is pushed. - -1. **Recommended:** Use `.\run-integration-tests.ps1` for interactive release. -2. **Manual:** - * Update `src/VERSION`. - * Create `Changelog/{version}.md`. - * Commit and Tag (`git tag v1.x.y`). - * Push tag (`git push origin v1.x.y`). - -This triggers `.github/workflows/build.yml` which builds the binary and attaches it to a GitHub Release. - -## Usage & Testing - -### Common Commands - -* **Get Events:** - ```powershell - .\msgraphtool.exe -tenantid "..." -clientid "..." -secret "..." -mailbox "user@example.com" -action getevents - ``` -* **Send Mail:** - ```powershell - .\msgraphtool.exe -tenantid "..." -clientid "..." -secret "..." -mailbox "user@example.com" -action sendmail -to "recipient@example.com" - ``` - -### Authentication Methods - -1. **Client Secret:** `-secret "VALUE"` -2. **PFX File:** `-pfx "file.pfx" -pfxpass "PASSWORD"` -3. **Windows Store:** `-thumbprint "HEX_HASH"` (Windows only) - -### Environment Variables - -All flags can be set via `MSGRAPH` prefix (e.g., `MSGRAPHTENANTID`, `MSGRAPHCLIENTID`). Flags take precedence over environment variables. - -### Logging - -CSV logs are written to `%TEMP%\_msgraphtool_{action}_{date}.csv`. - -## Key Conventions - -* **Code Style:** Standard Go fmt. -* **Dependencies:** Minimal. `msgraph-sdk-go`, `azidentity`, `pkcs12`. -* **Safety:** Never commit secrets. The tool masks secrets in verbose output. -* **Architecture:** `main` function dispatches to specific action functions (`performAction...`). - -## Reference Files - -* `AGENTS.md`: Detailed architecture and AI context (primary reference). -* `BUILD.md`: Detailed build instructions. -* `RELEASE.md`: Release process and versioning policy. -* `README.md`: User-facing documentation. -* `SECURITY.md`: Security policy and best practices. - - ..ooOO END OOoo.. - - From ab22836756f90ec36be7139dc736b90f3044a90e Mon Sep 17 00:00:00 2001 From: Ziemek Borowski Date: Sat, 31 Jan 2026 12:15:55 +0100 Subject: [PATCH 4/4] rework on result zips --- .github/workflows/build.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 78f55a9..0185e44 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -129,7 +129,7 @@ jobs: - name: Create ZIP archive (Windows) if: matrix.os == 'windows-latest' run: | - Compress-Archive -Path bin\msgraphtool${{ matrix.ext }},bin\smtptool${{ matrix.ext }},bin\imaptool${{ matrix.ext }},bin\pop3tool${{ matrix.ext }},bin\jmaptool${{ matrix.ext }},README.md,SMTP_TOOL_README.md,BUILD.md,EXAMPLES.md,LICENSE -DestinationPath ${{ matrix.zip_name }} + Compress-Archive -Path bin\msgraphtool${{ matrix.ext }},bin\smtptool${{ matrix.ext }},bin\imaptool${{ matrix.ext }},bin\pop3tool${{ matrix.ext }},bin\jmaptool${{ matrix.ext }},README.md,*_TOOL_README.md,EXAMPLES.md,LICENSE -DestinationPath ${{ matrix.zip_name }} Write-Host "Created ZIP archive: ${{ matrix.zip_name }}" Get-Item ${{ matrix.zip_name }} | Select-Object Name, Length @@ -137,7 +137,7 @@ jobs: if: matrix.os != 'windows-latest' run: | cd bin && zip ../${{ matrix.zip_name }} msgraphtool${{ matrix.ext }} smtptool${{ matrix.ext }} imaptool${{ matrix.ext }} pop3tool${{ matrix.ext }} jmaptool${{ matrix.ext }} && cd .. - zip -u ${{ matrix.zip_name }} README.md SMTP_TOOL_README.md BUILD.md EXAMPLES.md LICENSE + zip -u ${{ matrix.zip_name }} README.md *_TOOL_README.md EXAMPLES.md LICENSE echo "Created ZIP archive: ${{ matrix.zip_name }}" ls -lh ${{ matrix.zip_name }} @@ -167,8 +167,7 @@ jobs: Plus documentation: - **README.md** - Main documentation - - **SMTP_TOOL_README.md** - Complete SMTP tool guide - - **BUILD.md** - Build instructions + - ** *_TOOL_README.md** - specific protocols tool guide - **EXAMPLES.md** - Usage examples - **LICENSE** - MIT License