Add enforcement layer 4 that verifies file-system paths in tool
parameters against agent type path allowlist glob patterns. Includes
logical path canonicalization to prevent directory traversal attacks.
Uses glob-match crate for pattern matching.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add enforcement layer 3 that verifies agent lineage chains to prevent
privilege escalation through agent spawning. Checks that each parent
in the chain has permission to spawn its child and that spawn depth
limits are respected.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add agent_manifest enforcement layer that verifies the requested tool
is in the calling agent type's allowed tool list from the manifest.
Denies with clear reason if no manifest found or tool not permitted.
7 tests covering allowed/denied tools, cross-type checks, unknown
agents, empty tools list.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add session override enforcement layer that checks OverrideLevel from
SessionContext: ALL bypasses all enforcement, RELAX grants tools but
preserves lineage checks, NONE/UNSPECIFIED applies full manifest
enforcement. Returns typed SessionOverrideResult enum for downstream
layers. 8 tests covering all override levels and edge cases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ManifestStore that loads TOML agent type manifests from a directory.
Each manifest defines allowed tools, path allowlists, network egress
policies, lineage constraints (can_spawn), and max spawn depth.
Includes validation, reload support, and lookup by ID or name.
14 manifest tests + 8 existing = 22 total, clippy clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Create the Tool Broker service skeleton as a Cargo workspace member:
- Tonic gRPC server with DiscoverTools, ExecuteTool, ValidateCall stubs
- TOML config loading (host, port, manifest_dir, audit/secrets addrs)
- Server-streaming support for ExecuteTool via ReceiverStream
- 8 tests (5 config, 3 service stub) passing, clippy clean
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
8 integration tests wiring real service components with mocked external
services (SearXNG via aioresponses, Model Gateway/Audit via mock gRPC
servers). Tests cover: full pipeline with all fields populated, clean
text extraction, summarization, unreachable URL handling, audit logging,
SearXNG unavailability, result ordering, and Model Gateway fallback.
Total: 71 tests passing across the Search Service.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wire the Search RPC handler to orchestrate the full search pipeline:
SearXNG query → content extraction → Model Gateway summarization.
Supports configurable pipeline stages (extraction/summarization can
be disabled), audit logging via Audit Service, and graceful degradation
at each stage. 14 tests covering full pipeline, partial pipelines,
validation, error handling, and audit logging.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Summarizer class that calls Model Gateway Inference gRPC endpoint
to produce query-relevant summaries of web page content. Includes
parallel summarization, configurable max length, and graceful
degradation (falls back to truncated raw content if gateway unavailable).
13 tests covering success, params, truncation, degradation, parallel,
concurrency limits, empty list, and prompt template verification.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- PageExtractor: async HTTP fetcher with timeout, user-agent, redirect handling
- readability-lxml integration for main content extraction
- HTML-to-text conversion preserving headings and list structure
- Content length truncation (configurable max_content_length)
- Parallel fetching via asyncio.gather with semaphore concurrency limit
- Error handling for unreachable/blocked URLs
- 14 unit tests with aioresponses mocking, 36 total tests pass
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- SearXNGClient: async HTTP client wrapping SearXNG JSON API
- Query param construction (categories, engines, language)
- Response parsing: extract title, URL, snippet, engine, score
- URL-based deduplication keeping highest-scoring entry
- HTML tag stripping and entity decoding for clean text
- Configurable max_results with per-call override
- 14 unit tests with aioresponses mocking
- Added aiohttp and aioresponses dependencies
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- 13 integration tests covering all gRPC endpoints:
Inference (success, routing simple/complex, model hint, invalid params, 404)
StreamInference (success with token collection, error midstream)
GenerateEmbedding (success, model override, invalid params)
Audit logging (inference and embedding)
- Uses wiremock to mock Ollama HTTP API
- Uses mock AuditService gRPC server to verify audit log entries
- Full setup helpers for test isolation (random ports, per-test servers)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add ModelRouter with resolve_model() and resolve_embedding_model()
mapping TaskComplexity to configured models with alias expansion
- Add model_hint field to InferenceParams proto for explicit model override
- Add audit_log_inference() helper (best-effort, SHA-256 hash)
- Add with_audit_client() builder on ModelGatewayServiceImpl
- Connect AuditServiceClient in main.rs when audit_addr is configured
- 63 tests passing (12 routing, 3 service integration, 48 existing)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add workspace member services/model-gateway with:
- Config loading (TOML) with model routing, Ollama URL, audit addr
- ModelGatewayServiceImpl with IsModelReady endpoint and 3 unimplemented stubs
- Tonic gRPC server entry point with tracing and graceful shutdown
- 15 unit tests covering config and service
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add 16 integration tests exercising the full gRPC flow through a real
tonic server with mock Model Gateway and mock Audit Service:
- WriteMemory: stores entry, generates embeddings, verifies DB contents
- QueryMemory: returns streamed results, verifies cache hit on repeat
- GetCorrelated: by memory_id, explicit IDs, and session context
- Provenance: external sanitization, clean external, internal trusted
- RevokeMemory: verifies revocation in provenance table
- Audit logging: verifies write (action 4) and read (action 3) entries
- End-to-end lifecycle: write -> query -> correlate -> audit verify
Also fix clippy warnings for redundant ..Default::default() in tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the GetCorrelated stub with a full implementation supporting three
lookup modes: by memory_id (correlation table), by explicit correlating_ids,
and by session context (provenance table). Results are merged and deduplicated.
- Create db/read.rs with correlation, session, memory, tag, and correlation
loading helpers using parameterized queries and build_id_list for safety
- Add audit_log_read helper for best-effort read audit logging (action 3)
- Return MemoryEntry with descriptions only (empty corpus per proto doc),
populated provenance_metadata, tags, and correlating_ids
- Relax validation: accept empty memory_id when correlating_ids is provided
- Add 10 DB-level tests and 12 service-level tests (246 total passing)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
QueryMemory was incrementally implemented across issues #30 (staged
retrieval), #31 (extraction), and #32 (semantic cache). No new code
needed — all acceptance criteria already satisfied.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full write pipeline: validate request, assign/generate memory ID,
determine provenance and trust level, sanitize external content,
generate embeddings via Model Gateway, store all data atomically
in DuckDB (memory + tags + correlations + embeddings + provenance +
derivation links), invalidate semantic cache, and audit-log the
write via Audit Service (best-effort).
- New db/write.rs: transactional write helper with rollback
- Audit client integration following Secrets Service pattern
- Remove #[allow(dead_code)] from provenance_config and sanitizer
- 15 new tests (7 db/write, 8 service-level)
- All 226 tests pass, clippy clean
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
