refactor(provider): slim provider stack from ~11k to ~4k lines#2
Merged
refactor(provider): slim provider stack from ~11k to ~4k lines#2
Conversation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ToolResult carries success/output/error fields, enabling tools to report security denials as business logic rather than program errors. All callsites (dispatcher, loop_, agent_cmd, agentctl) updated. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…e-limiting Ported from zeroclaw's SecurityPolicy with layered defense: - AutonomyLevel (ReadOnly/Supervised/Full) - Path validation (traversal, null bytes, workspace confinement, symlink escape) - Command allowlist (quote-aware lexer, injection blocking, risk classification) - Sliding-window rate limiting (ActionTracker) - 57 tests covering security bypass vectors Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements: shell, file_read, file_write, file_edit, glob_search, content_search. All tools inject Arc<SecurityPolicy> for path ACL, command filtering, and rate-limiting. RuntimeAdapter trait abstracts shell execution for testability. Replaces demo echo/datetime tools in agent_cmd.rs with real tools. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Resolve collapsible_if, dead_code, unused imports/labels/mut, too_many_arguments, and unnecessary_map_or clippy lints. Apply cargo fmt to all files. 488 tests pass, 0 warnings. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- I-1: Deduplicate is_valid_env_var_name (pub(crate) in policy.rs, import in shell.rs) - I-2: Remove record_action() from FileReadTool (reads don't consume rate-limit budget) - I-3: ContentSearchTool builds tokio::process::Command directly (no std→tokio conversion) - S-1: Document env sandboxing intent in ShellTool - S-2: Standardize OnceLock → LazyLock for compiled regexes - S-3: GlobSearchTool uses spawn_blocking to avoid blocking async runtime - S-4: Remove undocumented max_results arg extraction from ContentSearchTool - S-5: Add ToolResult::ok()/denied() convenience constructors, apply in FileReadTool Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tools: shell, file_read, file_write, file_edit, glob_search, content_search SecurityPolicy: 3-layer path ACL, command allowlist, rate-limiting, autonomy levels Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Delete 8 independent provider files (anthropic, openai, gemini, ollama, copilot, glm, openrouter, openai_codex) and replace with: - anthropic_oauth.rs: lean Anthropic Messages API with OAuth/API-key dual auth - openai_oauth.rs: renamed from openai_codex.rs (OpenAI Codex OAuth provider) - compatible.rs: simplified from 2,210 to ~480 lines — pure base_url + Bearer API key, no AuthStyle enum, no special auth modes, no config files All existing compatible-layer providers (openai, moonshot, qwen, minimax, deepseek, groq, mistral, xai, openrouter) now use the 3-arg constructor. GLM (JWT auth) dropped for now. 437 tests pass, clippy/fmt clean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
anthropic.rs,openai.rs,gemini.rs,ollama.rs,copilot.rs,glm.rs,openrouter.rs,openai_codex.rsanthropic_oauth.rs: lean Anthropic Messages API with OAuth/API-key dual auth via AuthServiceopenai_codex.rs→openai_oauth.rs: OpenAI Codex OAuth provider (content unchanged)compatible.rs(2,210 → ~480 lines): purebase_url + Bearer API key, removedAuthStyleenum, special auth modes, config file support, and 7 constructor variants → single 3-argnew()mod.rs: all compatible-layer providers use simplified constructor; GLM (JWT) dropped; OpenRouter now goes through compatible layerNet change: -5,861 lines (1,075 added / 6,936 deleted)
Test plan
cargo buildpassescargo fmt --checkcleancargo clippy --all-targets -- -D warningsclean (0 warnings)cargo test— 437 tests passed, 0 failed🤖 Generated with Claude Code