fix: resolve clippy warnings in cortex-app-server

- Replace manual string prefix stripping with strip_prefix() in git.rs
- Use struct initialization syntax instead of field reassignment in session_manager.rs and streaming.rs
- Change &PathBuf to &Path in function signatures (filesystem.rs, search.rs, security.rs, shell.rs)

Author: echobt

src/cortex-app-server/src/api/git.rs

@@ -30,11 +30,11 @@ pub async fn git_status(Query(query): Query<GitPathQuery>) -> AppResult<Json<Git
             let mut conflicts = vec![];
 
             for line in stdout.lines() {
-                if line.starts_with("# branch.head ") {
-                    branch = Some(line[14..].to_string());
-                } else if line.starts_with("# branch.ab ") {
+                if let Some(stripped) = line.strip_prefix("# branch.head ") {
+                    branch = Some(stripped.to_string());
+                } else if let Some(stripped) = line.strip_prefix("# branch.ab ") {
                     // Parse ahead/behind: # branch.ab +1 -2
-                    let parts: Vec<&str> = line[12..].split_whitespace().collect();
+                    let parts: Vec<&str> = stripped.split_whitespace().collect();
                     if parts.len() >= 2 {
                         ahead = parts[0].trim_start_matches('+').parse().ok();
                         behind = parts[1].trim_start_matches('-').parse().ok();
@@ -66,9 +66,9 @@ pub async fn git_status(Query(query): Query<GitPathQuery>) -> AppResult<Json<Git
                             });
                         }
                     }
-                } else if line.starts_with("? ") {
+                } else if let Some(stripped) = line.strip_prefix("? ") {
                     // Untracked: ? path
-                    let path = line[2..].to_string();
+                    let path = stripped.to_string();
                     unstaged.push(GitStatusFile {
                         path,
                         status: "untracked".to_string(),
@@ -255,10 +255,10 @@ fn parse_tracking_info(track: &str) -> (Option<u32>, Option<u32>) {
 
     for part in track.split(',') {
         let part = part.trim();
-        if part.starts_with("ahead ") {
-            ahead = part[6..].trim().parse().ok();
-        } else if part.starts_with("behind ") {
-            behind = part[7..].trim().parse().ok();
+        if let Some(stripped) = part.strip_prefix("ahead ") {
+            ahead = stripped.trim().parse().ok();
+        } else if let Some(stripped) = part.strip_prefix("behind ") {
+            behind = stripped.trim().parse().ok();
         }
     }
 
@@ -333,14 +333,14 @@ fn parse_diff_with_stats(diff: &str) -> (Vec<serde_json::Value>, usize, usize) {
                 }
             }
         } else if current_hunk.is_some() {
-            let (line_type, content) = if line.starts_with('+') {
+            let (line_type, content) = if let Some(stripped) = line.strip_prefix('+') {
                 total_additions += 1;
-                ("addition", &line[1..])
-            } else if line.starts_with('-') {
+                ("addition", stripped)
+            } else if let Some(stripped) = line.strip_prefix('-') {
                 total_deletions += 1;
-                ("deletion", &line[1..])
-            } else if line.starts_with(' ') {
-                ("context", &line[1..])
+                ("deletion", stripped)
+            } else if let Some(stripped) = line.strip_prefix(' ') {
+                ("context", stripped)
             } else {
                 ("context", line)
             };
@@ -425,30 +425,30 @@ fn parse_blame(blame: &str) -> Vec<serde_json::Value> {
                 "message": "",
             }));
         } else if let Some(ref mut commit) = current_commit {
-            if line.starts_with("author ") {
-                commit["author"] = serde_json::json!(line[7..].to_string());
-            } else if line.starts_with("author-mail ") {
+            if let Some(stripped) = line.strip_prefix("author ") {
+                commit["author"] = serde_json::json!(stripped.to_string());
+            } else if let Some(stripped) = line.strip_prefix("author-mail ") {
                 commit["email"] = serde_json::json!(
-                    line[12..]
+                    stripped
                         .trim_matches(|c| c == '<' || c == '>')
                         .to_string()
                 );
-            } else if line.starts_with("author-time ") {
-                if let Ok(timestamp) = line[12..].parse::<i64>() {
+            } else if let Some(stripped) = line.strip_prefix("author-time ") {
+                if let Ok(timestamp) = stripped.parse::<i64>() {
                     commit["date"] = serde_json::json!(
                         chrono::DateTime::from_timestamp(timestamp, 0)
                             .map(|dt| dt.to_rfc3339())
                             .unwrap_or_default()
                     );
                 }
-            } else if line.starts_with("summary ") {
-                commit["message"] = serde_json::json!(line[8..].to_string());
-            } else if line.starts_with('\t') {
+            } else if let Some(stripped) = line.strip_prefix("summary ") {
+                commit["message"] = serde_json::json!(stripped.to_string());
+            } else if let Some(stripped) = line.strip_prefix('\t') {
                 // This is the actual code line
                 if let Some(commit) = current_commit.take() {
                     result.push(serde_json::json!({
                         "lineNumber": line_number,
-                        "content": &line[1..],
+                        "content": stripped,
                         "commit": commit,
                     }));
                 }

src/cortex-app-server/src/session_manager.rs

@@ -91,20 +91,14 @@ impl SessionManager {
         let session_id = Uuid::new_v4().to_string();
 
         // Build cortex-core Config
-        let mut config = CoreConfig::default();
-
-        // In cloud/server mode, never ask for approval - auto-approve everything
-        config.approval_policy = AskForApproval::Never;
-
-        if let Some(model) = &options.model {
-            config.model = model.clone();
-        }
-        if let Some(cwd) = &options.cwd {
-            config.cwd = cwd.clone();
-        }
-        if let Some(provider) = &options.provider {
-            config.model_provider_id = provider.clone();
-        }
+        let config = CoreConfig {
+            // In cloud/server mode, never ask for approval - auto-approve everything
+            approval_policy: AskForApproval::Never,
+            model: options.model.clone().unwrap_or_default(),
+            cwd: options.cwd.clone().unwrap_or_default(),
+            model_provider_id: options.provider.clone().unwrap_or_default(),
+            ..Default::default()
+        };
 
         // Create the real CLI session
         let (mut session, handle) =
@@ -520,10 +514,12 @@ impl SessionManager {
         let new_session_id = Uuid::new_v4().to_string();
 
         // Build cortex-core Config from original
-        let mut config = CoreConfig::default();
-        config.model = model;
-        config.cwd = cwd;
-        config.approval_policy = AskForApproval::Never;
+        let config = CoreConfig {
+            model,
+            cwd,
+            approval_policy: AskForApproval::Never,
+            ..Default::default()
+        };
 
         // Create the real CLI session using fork
         let (mut session, handle) = Session::fork(config.clone(), conversation_id, message_index)

src/cortex-app-server/src/streaming.rs

@@ -327,9 +327,11 @@ async fn fork_cli_session(
     let new_session_id = Uuid::new_v4().to_string();
 
     // Build cortex-core Config from original
-    let mut config = CoreConfig::default();
-    config.model = model;
-    config.cwd = cwd;
+    let config = CoreConfig {
+        model,
+        cwd,
+        ..Default::default()
+    };
 
     // Create the real CLI session using fork
     let (mut session, handle) =

src/cortex-app-server/src/tools/filesystem.rs

@@ -1,13 +1,13 @@
 //! Filesystem operations (read, write, edit, list).
 
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 
 use serde_json::{Value, json};
 
 use super::types::ToolResult;
 
 /// Read file contents.
-pub async fn read_file(cwd: &PathBuf, args: Value) -> ToolResult {
+pub async fn read_file(cwd: &Path, args: Value) -> ToolResult {
     let path = match args
         .get("file_path")
         .or_else(|| args.get("path"))
@@ -75,7 +75,7 @@ pub async fn read_file(cwd: &PathBuf, args: Value) -> ToolResult {
 }
 
 /// Write content to a file.
-pub async fn write_file(cwd: &PathBuf, args: Value) -> ToolResult {
+pub async fn write_file(cwd: &Path, args: Value) -> ToolResult {
     let path = match args
         .get("file_path")
         .or_else(|| args.get("path"))
@@ -127,7 +127,7 @@ pub async fn write_file(cwd: &PathBuf, args: Value) -> ToolResult {
 }
 
 /// Edit a file by finding and replacing text.
-pub async fn edit_file(cwd: &PathBuf, args: Value) -> ToolResult {
+pub async fn edit_file(cwd: &Path, args: Value) -> ToolResult {
     let path = match args.get("file_path").and_then(|v| v.as_str()) {
         Some(p) => p,
         None => return ToolResult::error("file_path is required"),
@@ -201,7 +201,7 @@ pub async fn edit_file(cwd: &PathBuf, args: Value) -> ToolResult {
 }
 
 /// List directory contents.
-pub async fn list_dir(cwd: &PathBuf, args: Value) -> ToolResult {
+pub async fn list_dir(cwd: &Path, args: Value) -> ToolResult {
     let path = args
         .get("directory_path")
         .or_else(|| args.get("path"))
@@ -261,7 +261,7 @@ pub async fn list_dir(cwd: &PathBuf, args: Value) -> ToolResult {
 }
 
 /// Apply multiple edits to files in a single operation.
-pub async fn multi_edit(cwd: &PathBuf, args: Value) -> ToolResult {
+pub async fn multi_edit(cwd: &Path, args: Value) -> ToolResult {
     let edits = match args.get("edits").and_then(|v| v.as_array()) {
         Some(arr) => arr,
         None => return ToolResult::error("edits array is required"),
@@ -319,7 +319,7 @@ pub async fn multi_edit(cwd: &PathBuf, args: Value) -> ToolResult {
 }
 
 /// Apply a unified diff patch.
-pub async fn apply_patch(cwd: &PathBuf, args: Value) -> ToolResult {
+pub async fn apply_patch(cwd: &Path, args: Value) -> ToolResult {
     use tokio::process::Command;
 
     let patch = match args.get("patch").and_then(|v| v.as_str()) {

src/cortex-app-server/src/tools/search.rs

@@ -1,14 +1,14 @@
 //! Search operations (grep, glob).
 
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 
 use serde_json::Value;
 use tokio::process::Command;
 
 use super::types::ToolResult;
 
 /// Search file contents for a pattern.
-pub async fn grep(cwd: &PathBuf, args: Value) -> ToolResult {
+pub async fn grep(cwd: &Path, args: Value) -> ToolResult {
     let pattern = match args.get("pattern").and_then(|v| v.as_str()) {
         Some(p) => p,
         None => return ToolResult::error("pattern is required"),
@@ -82,7 +82,7 @@ pub async fn grep(cwd: &PathBuf, args: Value) -> ToolResult {
 }
 
 /// Find files matching glob patterns.
-pub async fn glob(cwd: &PathBuf, args: Value) -> ToolResult {
+pub async fn glob(cwd: &Path, args: Value) -> ToolResult {
     let patterns = match args.get("patterns").and_then(|v| v.as_array()) {
         Some(arr) => arr.iter().filter_map(|v| v.as_str()).collect::<Vec<_>>(),
         None => return ToolResult::error("patterns is required (array of strings)"),

src/cortex-app-server/src/tools/security.rs

@@ -1,6 +1,6 @@
 //! Security helper functions for command execution.
 
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 
 /// Parse a shell command string into program and arguments safely.
 /// Does NOT use sh -c to prevent command injection via shell metacharacters.
@@ -173,15 +173,15 @@ pub fn is_dangerous_command(program: &str) -> bool {
 }
 
 /// Validate and resolve working directory.
-pub fn validate_working_directory(requested: &PathBuf, base: &PathBuf) -> Result<PathBuf, String> {
+pub fn validate_working_directory(requested: &Path, base: &Path) -> Result<PathBuf, String> {
     // Canonicalize paths to resolve symlinks and ..
     let base_canonical = base
         .canonicalize()
         .map_err(|e| format!("Cannot resolve base path: {}", e))?;
 
     // If the requested path is relative, join it with base
     let full_path = if requested.is_absolute() {
-        requested.clone()
+        requested.to_path_buf()
     } else {
         base.join(requested)
     };

src/cortex-app-server/src/tools/shell.rs

@@ -1,6 +1,6 @@
 //! Shell command execution.
 
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 use std::process::Stdio;
 
 use serde_json::{Value, json};
@@ -10,7 +10,7 @@ use super::security::{is_dangerous_command, parse_shell_command, validate_workin
 use super::types::ToolResult;
 
 /// Execute a shell command with proper sandboxing.
-pub async fn execute_shell(cwd: &PathBuf, timeout_secs: u64, args: Value) -> ToolResult {
+pub async fn execute_shell(cwd: &Path, timeout_secs: u64, args: Value) -> ToolResult {
     let command = match args.get("command") {
         Some(Value::String(cmd)) => vec![cmd.clone()],
         Some(Value::Array(arr)) => arr
@@ -29,7 +29,7 @@ pub async fn execute_shell(cwd: &PathBuf, timeout_secs: u64, args: Value) -> Too
         .or_else(|| args.get("cwd"))
         .and_then(|v| v.as_str())
         .map(PathBuf::from)
-        .unwrap_or_else(|| cwd.clone());
+        .unwrap_or_else(|| cwd.to_path_buf());
 
     let timeout = args
         .get("timeout")