ltcai 3.4.1 → 3.6.0

package/latticeai/api/auth.py

@@ -1,17 +1,21 @@
 """Authentication API router: register, login, logout, SSO, profile."""
 
-import base64
-import json
 import logging
 import secrets
 import time
-from typing import Any, Callable, Dict, Optional
+from typing import Any, Awaitable, Callable, Dict, Optional, Tuple
 from urllib.parse import urlencode
 
 from fastapi import APIRouter, HTTPException, Request
 from fastapi.responses import JSONResponse, RedirectResponse
 from pydantic import BaseModel
 
+from latticeai.core.oidc import (
+    OIDCValidationError,
+    fetch_jwks as _default_fetch_jwks,
+    verify_id_token as _default_verify_id_token,
+)
+
 
 class UserRegister(BaseModel):
     email: str
@@ -35,7 +39,9 @@ class UpdateProfileRequest(BaseModel):
     nickname: Optional[str] = None
 
 
-_sso_states: Dict[str, float] = {}
+# state → (issued_at, nonce). The nonce binds the eventual ID token to *this*
+# login attempt (replay / token-injection defence); the timestamp expires it.
+_sso_states: Dict[str, Tuple[float, str]] = {}
 
 
 def create_auth_router(
@@ -58,6 +64,8 @@ def create_auth_router(
     open_registration: bool,
     session_ttl: int,
     require_auth: bool = True,
+    verify_id_token: Callable[..., Dict] = _default_verify_id_token,
+    fetch_jwks: Callable[[str], Awaitable[Dict]] = _default_fetch_jwks,
 ) -> APIRouter:
     router = APIRouter()
 
@@ -114,13 +122,15 @@ def create_auth_router(
         if not settings.get("enabled") or not discovery:
             raise HTTPException(status_code=503, detail="SSO가 설정되지 않았습니다.")
         state = secrets.token_urlsafe(16)
-        _sso_states[state] = time.time()
+        nonce = secrets.token_urlsafe(16)
+        _sso_states[state] = (time.time(), nonce)
         params = urlencode({
             "client_id": settings["client_id"],
             "response_type": "code",
             "redirect_uri": settings["redirect_uri"],
             "scope": settings.get("scopes") or "openid email profile",
             "state": state,
+            "nonce": nonce,
         })
         return RedirectResponse(f"{discovery['authorization_endpoint']}?{params}")
 
@@ -128,9 +138,10 @@ def create_auth_router(
     async def sso_callback(code: str = "", state: str = "", error: str = ""):
         if error:
             return RedirectResponse(f"/?sso_error={error}")
-        ts = _sso_states.pop(state, None)
-        if ts is None or time.time() - ts > 300:
+        entry = _sso_states.pop(state, None)
+        if entry is None or time.time() - entry[0] > 300:
             raise HTTPException(status_code=400, detail="유효하지 않은 SSO 상태입니다.")
+        _, nonce = entry
         settings = get_sso_settings()
         discovery = await get_sso_discovery()
         if not settings.get("enabled") or not discovery:
@@ -148,8 +159,25 @@ def create_auth_router(
         id_token = tokens.get("id_token")
         if not id_token:
             raise HTTPException(status_code=400, detail="ID 토큰을 받지 못했습니다.")
-        padded = id_token.split(".")[1] + "=="
-        payload = json.loads(base64.urlsafe_b64decode(padded))
+        # Never trust a decoded JWT payload: verify signature (against the
+        # provider JWKS), issuer, audience, expiry and the login nonce before
+        # using any claim. Any failure is fail-closed (401).
+        issuer = discovery.get("issuer") or ""
+        try:
+            jwks = await fetch_jwks(discovery.get("jwks_uri", ""))
+            payload = verify_id_token(
+                id_token,
+                jwks=jwks,
+                issuer=issuer,
+                audience=settings["client_id"],
+                nonce=nonce,
+            )
+        except OIDCValidationError as exc:
+            logging.warning("SSO ID token rejected: %s", exc)
+            raise HTTPException(status_code=401, detail="SSO 토큰 검증에 실패했습니다.")
+        except Exception as exc:  # discovery/JWKS fetch failure → fail closed
+            logging.warning("SSO token validation error: %s", exc)
+            raise HTTPException(status_code=502, detail="SSO 공급자 검증에 실패했습니다.")
         email = payload.get("email") or payload.get("preferred_username") or payload.get("upn") or ""
         if not email:
             raise HTTPException(status_code=400, detail="이메일을 확인할 수 없습니다.")

package/latticeai/api/browser.py

@@ -0,0 +1,217 @@
+"""Browser & web ingestion — Knowledge Graph inputs, not standalone features.
+
+v3.6.0 Knowledge Graph First: a public URL or an open browser tab is just another
+source that converges into the Knowledge Graph through the unified ingestion
+pipeline. Everything runs on the **local runtime** — the server fetches/reads
+locally, stores into local SQLite, and never uploads to a cloud service.
+
+Two layers, both feeding ``IngestionPipeline.ingest``:
+
+* ``POST /api/browser/read-url`` — the runtime fetches a public URL locally,
+  extracts readable text, stores it as ``source_type=web_url``. Fails gracefully
+  on blocked / login-required pages.
+* ``POST /api/browser/ingest-current-tab`` — accepts a payload from the local
+  browser extension (url/title/text/selected_text/html), sanitizes + size-limits
+  it, stores it as ``source_type=browser_tab``.
+"""
+
+from __future__ import annotations
+
+from html.parser import HTMLParser
+from typing import Any, Callable, Optional, Tuple
+from urllib.parse import urlparse
+
+from fastapi import APIRouter, HTTPException, Request
+from pydantic import BaseModel
+
+from latticeai.services.ingestion import IngestionItem
+
+MAX_TAB_BYTES = 4 * 1024 * 1024          # 4 MB per captured tab payload
+MAX_URL_FETCH_BYTES = 4 * 1024 * 1024    # 4 MB cap on a fetched page
+URL_FETCH_TIMEOUT = 12.0                  # seconds
+
+
+class BrowserFetchError(Exception):
+    """A URL could not be fetched (blocked, login-required, timeout, too big)."""
+
+
+# ── readable-text extraction ─────────────────────────────────────────────────
+_SKIP_TAGS = {"script", "style", "noscript", "template", "svg", "head"}
+
+
+class _TextExtractor(HTMLParser):
+    def __init__(self) -> None:
+        super().__init__(convert_charrefs=True)
+        self._skip_depth = 0
+        self._chunks: list[str] = []
+        self.title: str = ""
+        self._in_title = False
+
+    def handle_starttag(self, tag, attrs):
+        if tag in _SKIP_TAGS:
+            self._skip_depth += 1
+        if tag == "title":
+            self._in_title = True
+
+    def handle_endtag(self, tag):
+        if tag in _SKIP_TAGS and self._skip_depth > 0:
+            self._skip_depth -= 1
+        if tag == "title":
+            self._in_title = False
+        if tag in {"p", "div", "br", "li", "h1", "h2", "h3", "h4", "section", "article"}:
+            self._chunks.append("\n")
+
+    def handle_data(self, data):
+        if self._in_title:
+            self.title += data
+        if self._skip_depth == 0:
+            text = data.strip()
+            if text:
+                self._chunks.append(text)
+
+    def text(self) -> str:
+        raw = " ".join(self._chunks)
+        # collapse runs of whitespace while keeping paragraph breaks
+        lines = [ln.strip() for ln in raw.replace("\r", "").split("\n")]
+        return "\n".join([ln for ln in lines if ln]).strip()
+
+
+def extract_readable_text(html: str) -> Tuple[str, str]:
+    """Return (title, readable_text) from an HTML string. Never raises."""
+    parser = _TextExtractor()
+    try:
+        parser.feed(html or "")
+    except Exception:  # noqa: BLE001 — malformed HTML must still yield best-effort text
+        pass
+    return parser.title.strip(), parser.text()
+
+
+def _default_fetch_url(url: str) -> Tuple[str, str]:
+    """Fetch a public URL on the local runtime and extract readable text.
+
+    Raises :class:`BrowserFetchError` on any non-success (blocked, login wall,
+    timeout, oversized, non-HTML) so the route can fail gracefully.
+    """
+    import httpx
+
+    try:
+        with httpx.Client(
+            follow_redirects=True, timeout=URL_FETCH_TIMEOUT,
+            headers={"User-Agent": "LatticeAI-local/3.6 (+local-first knowledge graph)"},
+        ) as client:
+            resp = client.get(url)
+    except httpx.HTTPError as exc:
+        raise BrowserFetchError(f"Could not reach the page: {exc}") from exc
+
+    if resp.status_code in (401, 403):
+        raise BrowserFetchError("The page is login-required or blocked (HTTP %s)." % resp.status_code)
+    if resp.status_code >= 400:
+        raise BrowserFetchError(f"The page returned HTTP {resp.status_code}.")
+    content_type = resp.headers.get("content-type", "")
+    if content_type and "html" not in content_type and "text" not in content_type:
+        raise BrowserFetchError(f"Unsupported content type: {content_type or 'unknown'}.")
+    body = resp.text or ""
+    if len(body.encode("utf-8", "ignore")) > MAX_URL_FETCH_BYTES:
+        body = body.encode("utf-8", "ignore")[:MAX_URL_FETCH_BYTES].decode("utf-8", "ignore")
+    title, text = extract_readable_text(body)
+    return (title or url, text)
+
+
+def _validate_http_url(url: str) -> str:
+    url = (url or "").strip()
+    if not url:
+        raise HTTPException(status_code=400, detail="url is required.")
+    parsed = urlparse(url)
+    if parsed.scheme not in ("http", "https"):
+        raise HTTPException(status_code=400, detail="Only http(s) URLs are supported.")
+    if not parsed.netloc:
+        raise HTTPException(status_code=400, detail="Malformed URL.")
+    return url
+
+
+# ── request models ───────────────────────────────────────────────────────────
+class ReadUrlRequest(BaseModel):
+    url: str
+    workspace_id: Optional[str] = None
+
+
+class IngestTabRequest(BaseModel):
+    url: str
+    title: Optional[str] = None
+    text: Optional[str] = None
+    selected_text: Optional[str] = None
+    html: Optional[str] = None
+    captured_at: Optional[str] = None
+    workspace_id: Optional[str] = None
+
+
+def create_browser_router(
+    *,
+    pipeline: Any,
+    require_user: Callable[[Request], str],
+    fetch_url: Optional[Callable[[str], Tuple[str, str]]] = None,
+    max_tab_bytes: int = MAX_TAB_BYTES,
+) -> APIRouter:
+    router = APIRouter()
+    _fetch = fetch_url or _default_fetch_url
+
+    def _require_pipeline():
+        if pipeline is None or not pipeline.available():
+            raise HTTPException(status_code=503, detail="Knowledge Graph ingestion is disabled.")
+
+    @router.post("/api/browser/read-url")
+    async def read_url(req: ReadUrlRequest, request: Request):
+        """Fetch a public URL locally and ingest it as a web_url source."""
+        user = require_user(request)
+        _require_pipeline()
+        url = _validate_http_url(req.url)
+        try:
+            title, text = _fetch(url)
+        except BrowserFetchError as exc:
+            # Graceful failure — not a 5xx; the page was simply unreadable.
+            raise HTTPException(status_code=422, detail=str(exc))
+        if not (text or "").strip():
+            return {"status": "empty", "source_type": "web_url", "url": url,
+                    "detail": "No readable text was extracted from the page."}
+        res = pipeline.ingest(
+            IngestionItem(
+                source_type="web_url", title=title, text=text, source_uri=url,
+                owner=user, workspace_id=req.workspace_id,
+            ),
+            user_email=user,
+        )
+        return res.as_dict()
+
+    @router.post("/api/browser/ingest-current-tab")
+    async def ingest_current_tab(req: IngestTabRequest, request: Request):
+        """Ingest a payload captured from the local browser extension."""
+        user = require_user(request)
+        _require_pipeline()
+        url = _validate_http_url(req.url)
+        # Sanitize: reject an oversized payload before doing any work.
+        for value in (req.text, req.html, req.selected_text):
+            if value and len(value.encode("utf-8", "ignore")) > max_tab_bytes:
+                raise HTTPException(status_code=413, detail="Captured payload is too large.")
+        text = (req.text or "").strip()
+        if not text and req.html:
+            _title, text = extract_readable_text(req.html)
+        if not text:
+            text = (req.selected_text or "").strip()
+        if not text:
+            raise HTTPException(status_code=400, detail="No text, html, or selected_text provided.")
+        res = pipeline.ingest(
+            IngestionItem(
+                source_type="browser_tab",
+                title=req.title or url,
+                text=text,
+                source_uri=url,
+                captured_at=req.captured_at,
+                owner=user,
+                workspace_id=req.workspace_id,
+                metadata={"has_selection": bool(req.selected_text)},
+            ),
+            user_email=user,
+        )
+        return res.as_dict()
+
+    return router

package/latticeai/api/chat.py

@@ -24,6 +24,7 @@ from PIL import Image
 from latticeai.core.agent import AgentRunContext, AgentState
 from latticeai.core.context_builder import format_sources_footnote, retrieve_context_for_generation
 from latticeai.core.document_generator import DocumentGenerationSession, detect_document_intent
+from latticeai.core.hooks import dispatch_tool
 from latticeai.services.chat_service import ChatService
 from latticeai.services.tool_dispatch import build_agent_runtime, collect_created_files
 from telegram_bot import broadcast_web_chat
@@ -653,7 +654,9 @@ def create_chat_router(
         for case in eval_cases:
             case_id = case.get("id", "?")
             try:
-                result   = execute_tool(action_name, case.get("input", {}))
+                case_input = case.get("input", {})
+                result   = dispatch_tool(hooks, action_name, case_input,
+                                         lambda: execute_tool(action_name, case_input), source="eval")
                 criteria = case.get("pass_criteria", "")
                 if "success == true" in criteria:
                     passed = result.get("success") is True

package/latticeai/api/computer_use.py

@@ -11,6 +11,7 @@ from fastapi.responses import StreamingResponse
 from pydantic import BaseModel
 
 from latticeai.core.agent import extract_action as _extract_agent_action
+from latticeai.core.hooks import dispatch_tool
 from tools import (
     ToolError,
     computer_click,
@@ -105,9 +106,15 @@ class CuDragRequest(BaseModel):
     y2: int
 
 
-def create_computer_use_router(*, model_router, require_user, tool_response, save_to_history) -> APIRouter:
+def create_computer_use_router(*, model_router, require_user, tool_response, save_to_history, hooks=None) -> APIRouter:
     router = APIRouter()
 
+    def _dispatch(name, args, fn):
+        # Run a computer-use action through the unified pre_tool/post_tool
+        # lifecycle. With hooks=None this is a transparent pass-through, so the
+        # behaviour is unchanged when hooks are absent.
+        return dispatch_tool(hooks, name, dict(args or {}), fn, source="computer_use")
+
     @router.get("/tools/chrome_status")
     async def tools_chrome_status(request: Request):
         require_user(request)
@@ -122,7 +129,9 @@ def create_computer_use_router(*, model_router, require_user, tool_response, sav
     async def cu_status(request: Request):
         require_user(request)
         try:
-            return computer_status()
+            return _dispatch("computer_status", {}, computer_status)
+        except PermissionError as exc:
+            raise HTTPException(status_code=403, detail=str(exc))
         except ToolError as exc:
             raise HTTPException(status_code=400, detail=str(exc))
 
@@ -130,7 +139,9 @@ def create_computer_use_router(*, model_router, require_user, tool_response, sav
     async def cu_screenshot(request: Request):
         require_user(request)
         try:
-            return computer_screenshot()
+            return _dispatch("computer_screenshot", {}, computer_screenshot)
+        except PermissionError as exc:
+            raise HTTPException(status_code=403, detail=str(exc))
         except ToolError as exc:
             raise HTTPException(status_code=400, detail=str(exc))
 
@@ -196,7 +207,8 @@ def create_computer_use_router(*, model_router, require_user, tool_response, sav
                             "action",
                             {"step": 1, "action": "computer_open_url", "args": {"url": url, "app": "Google Chrome"}},
                         )
-                        result = computer_open_url(url, "Google Chrome")
+                        result = _dispatch("computer_open_url", {"url": url, "app": "Google Chrome"},
+                                           lambda: computer_open_url(url, "Google Chrome"))
                         yield _send("result", {"step": 1, "action": "computer_open_url", "result": result})
                         message = f"Google Chrome에서 {url}을 열었습니다."
                         action_name = "computer_open_url"
@@ -205,14 +217,15 @@ def create_computer_use_router(*, model_router, require_user, tool_response, sav
                             "action",
                             {"step": 1, "action": "computer_open_app", "args": {"app": "Google Chrome"}},
                         )
-                        result = computer_open_app("Google Chrome")
+                        result = _dispatch("computer_open_app", {"app": "Google Chrome"},
+                                           lambda: computer_open_app("Google Chrome"))
                         yield _send("result", {"step": 1, "action": "computer_open_app", "result": result})
                         message = "Google Chrome을 열었습니다."
                         action_name = "computer_open_app"
                     save_to_history("user", req.task, source="web", conversation_id=req.conversation_id)
                     save_to_history("assistant", message, source="web", conversation_id=req.conversation_id)
                     yield _send("final", {"message": message, "steps": [{"step": 1, "action": action_name, "result": result}]})
-                except ToolError as exc:
+                except (ToolError, PermissionError) as exc:
                     yield _send("tool_error", {"step": 1, "action": "computer_open_app", "error": str(exc)})
                 return
 
@@ -256,7 +269,7 @@ def create_computer_use_router(*, model_router, require_user, tool_response, sav
 
                 yield _send("action", {"step": step + 1, "action": name, "args": args})
                 try:
-                    result = execute_tool(name, args)
+                    result = _dispatch(name, args, lambda: execute_tool(name, args))
                     if name == "computer_screenshot" and "screenshot_b64" in result:
                         last_screenshot_b64 = result["screenshot_b64"]
                         result_summary = {k: v for k, v in result.items() if k != "screenshot_b64"}
@@ -275,7 +288,7 @@ def create_computer_use_router(*, model_router, require_user, tool_response, sav
                         last_screenshot_b64 = None
                         transcript.append({"step": step + 1, "action": name, "args": args, "result": result})
                         yield _send("result", {"step": step + 1, "action": name, "result": result})
-                except (ToolError, KeyError, TypeError) as exc:
+                except (ToolError, PermissionError, KeyError, TypeError) as exc:
                     error_str = str(exc)
                     transcript.append({"step": step + 1, "action": name, "args": args, "error": error_str})
                     yield _send("tool_error", {"step": step + 1, "action": name, "error": error_str})

package/latticeai/api/portability.py

@@ -0,0 +1,93 @@
+"""Knowledge Graph portability routes — local export / import / backup / restore.
+
+Reads (export, status) require a signed-in user. Mutating operations (import,
+backup, restore, file export) require admin because the graph is machine-global,
+not workspace-scoped. Nothing here touches a cloud service.
+"""
+
+from __future__ import annotations
+
+from typing import Any, Callable, Optional
+
+from fastapi import APIRouter, HTTPException, Request
+from pydantic import BaseModel
+
+
+class ImportRequest(BaseModel):
+    artifact: dict
+    mode: str = "merge"
+    dry_run: bool = False
+
+
+class BackupRequest(BaseModel):
+    path: Optional[str] = None
+
+
+class RestoreRequest(BaseModel):
+    path: str
+    verify: bool = True
+
+
+def create_portability_router(
+    *,
+    service: Any,
+    require_user: Callable[[Request], str],
+    require_admin: Callable[[Request], Any],
+) -> APIRouter:
+    router = APIRouter()
+
+    def _require_service():
+        if service is None or not service.available():
+            raise HTTPException(status_code=503, detail="Knowledge Graph is disabled.")
+
+    @router.get("/api/knowledge-graph/portability")
+    async def portability_status(request: Request):
+        require_user(request)
+        _require_service()
+        return service.snapshot_metadata()
+
+    @router.get("/api/knowledge-graph/provenance")
+    async def recent_provenance(request: Request, limit: int = 50, source_type: Optional[str] = None):
+        """Recent ingestions (provenance trail) for the ingestion-sources UI."""
+        require_user(request)
+        _require_service()
+        return service.recent_ingestions(limit=limit, source_type=source_type)
+
+    @router.post("/api/knowledge-graph/export")
+    async def export_graph(request: Request):
+        """Logical JSON export of the whole graph (read-only)."""
+        require_user(request)
+        _require_service()
+        return service.export()
+
+    @router.post("/api/knowledge-graph/export-file")
+    async def export_graph_file(request: Request):
+        require_admin(request)
+        _require_service()
+        return service.export_to_file()
+
+    @router.post("/api/knowledge-graph/import")
+    async def import_graph(req: ImportRequest, request: Request):
+        require_admin(request)
+        _require_service()
+        try:
+            return service.import_data(req.artifact, mode=req.mode, dry_run=req.dry_run)
+        except ValueError as exc:
+            raise HTTPException(status_code=400, detail=str(exc))
+
+    @router.post("/api/knowledge-graph/backup")
+    async def backup_graph(req: BackupRequest, request: Request):
+        require_admin(request)
+        _require_service()
+        return service.backup(req.path)
+
+    @router.post("/api/knowledge-graph/restore")
+    async def restore_graph(req: RestoreRequest, request: Request):
+        require_admin(request)
+        _require_service()
+        try:
+            return service.restore(req.path, verify=req.verify)
+        except (ValueError, FileNotFoundError) as exc:
+            raise HTTPException(status_code=400, detail=str(exc))
+
+    return router

package/latticeai/api/tools.py

@@ -221,17 +221,30 @@ def create_tools_router(
 
     # ── Direct Tool API ───────────────────────────────────────────────────────────
     
-    def _tool_response(fn, *args):
+    def _tool_response(fn, *args, **kwargs):
         # Shared tool lifecycle (same path as the agent + workflow tool calls):
-        # pre_tool (may block) → execute → post_tool.
+        # pre_tool (may block) → execute → post_tool. Keyword args are forwarded
+        # to the tool and surfaced in the hook payload so read_file / edit_file /
+        # grep (which need kwargs) run through the SAME lifecycle as every other
+        # tool instead of bypassing it.
         tool_name = getattr(fn, "__name__", "tool")
         try:
-            result = dispatch_tool(HOOKS, tool_name, {}, lambda: fn(*args), source="http")
+            result = dispatch_tool(HOOKS, tool_name, dict(kwargs), lambda: fn(*args, **kwargs), source="http")
         except PermissionError as exc:
             raise HTTPException(status_code=403, detail=str(exc))
         except ToolError as exc:
             raise HTTPException(status_code=400, detail=str(exc))
         return {"status": "ok", "workspace": str(AGENT_ROOT), "result": result}
+
+    def _dispatch(tool_name, args, fn):
+        # Lifecycle wrapper for callables that aren't a plain tools.* function
+        # (e.g. the server's clear_history). Same pre_tool/post_tool path.
+        try:
+            return dispatch_tool(HOOKS, tool_name, dict(args or {}), fn, source="http")
+        except PermissionError as exc:
+            raise HTTPException(status_code=403, detail=str(exc))
+        except ToolError as exc:
+            raise HTTPException(status_code=400, detail=str(exc))
     
     
     @api_router.post("/tools/list_dir")
@@ -249,11 +262,7 @@ def create_tools_router(
     @api_router.post("/tools/read_file")
     async def tools_read_file(req: ToolReadFileRequest, request: Request):
         require_user(request)
-        try:
-            return {"status": "ok", "workspace": str(AGENT_ROOT),
-                    "result": read_file(req.path, offset=req.offset, limit=req.limit, line_numbers=req.line_numbers)}
-        except ToolError as exc:
-            raise HTTPException(status_code=400, detail=str(exc))
+        return _tool_response(read_file, req.path, offset=req.offset, limit=req.limit, line_numbers=req.line_numbers)
     
     
     @api_router.post("/tools/write_file")
@@ -265,11 +274,7 @@ def create_tools_router(
     @api_router.post("/tools/edit_file")
     async def tools_edit_file(req: ToolEditFileRequest, request: Request):
         require_user(request)
-        try:
-            return {"status": "ok", "workspace": str(AGENT_ROOT),
-                    "result": edit_file(req.path, req.old_string, req.new_string, replace_all=req.replace_all)}
-        except ToolError as exc:
-            raise HTTPException(status_code=400, detail=str(exc))
+        return _tool_response(edit_file, req.path, req.old_string, req.new_string, replace_all=req.replace_all)
     
     
     @api_router.post("/tools/search_files")
@@ -281,18 +286,15 @@ def create_tools_router(
     @api_router.post("/tools/grep")
     async def tools_grep(req: ToolGrepRequest, request: Request):
         require_user(request)
-        try:
-            return {"status": "ok", "workspace": str(AGENT_ROOT),
-                    "result": grep(
-                        req.pattern,
-                        path=req.path,
-                        glob=req.glob,
-                        max_results=req.max_results,
-                        case_insensitive=req.case_insensitive,
-                        context_lines=req.context_lines,
-                    )}
-        except ToolError as exc:
-            raise HTTPException(status_code=400, detail=str(exc))
+        return _tool_response(
+            grep,
+            req.pattern,
+            path=req.path,
+            glob=req.glob,
+            max_results=req.max_results,
+            case_insensitive=req.case_insensitive,
+            context_lines=req.context_lines,
+        )
     
     
     @api_router.post("/tools/todo_read")
@@ -310,7 +312,7 @@ def create_tools_router(
     @api_router.post("/tools/clear_history")
     async def tools_clear_history(req: ToolClearHistoryRequest, request: Request):
         current_user = require_user(request)
-        result = clear_history(req.keep_last)
+        result = _dispatch("clear_history", {"keep_last": req.keep_last}, lambda: clear_history(req.keep_last))
         append_audit_event(
             "history_delete",
             user_email=current_user,
@@ -461,6 +463,7 @@ def create_tools_router(
         require_user=require_user,
         tool_response=_tool_response,
         save_to_history=save_to_history,
+        hooks=HOOKS,
     ))
 
     @api_router.post("/tools/knowledge_save")

package/latticeai/core/config.py

@@ -86,6 +86,7 @@ class Config:
     invite_code: str
     invite_gate_enabled: bool
     admin_emails: List[str]
+    trusted_proxies: List[str]
 
     # ── models ──────────────────────────────────────────────────────
     public_model: str
@@ -139,6 +140,7 @@ class Config:
 
         cors_extra = [item.strip() for item in _value(env, "LATTICEAI_CORS_ALLOWED_ORIGINS", "").split(",") if item.strip()]
         admin_emails = [item.strip().lower() for item in _value(env, "LATTICEAI_ADMIN_EMAILS", "").split(",") if item.strip()]
+        trusted_proxies = [item.strip() for item in _value(env, "LATTICEAI_TRUSTED_PROXIES", "").split(",") if item.strip()]
 
         public_model = _value(env, "LATTICEAI_PUBLIC_MODEL", _value(env, "LATTICEAI_DEFAULT_MODEL", "openai:gpt-4o-mini"))
         local_model = _value(env, "LATTICEAI_LOCAL_MODEL", "mlx-community/gemma-4-12b-it-4bit")
@@ -170,6 +172,7 @@ class Config:
             invite_code=_value(env, "LATTICEAI_INVITE_CODE", "gemma-lattice-ai"),
             invite_gate_enabled=_bool(env, "LATTICEAI_INVITE_GATE_ENABLED", default=False),
             admin_emails=admin_emails,
+            trusted_proxies=trusted_proxies,
             public_model=public_model,
             local_model=local_model,
             local_draft_model=_value(env, "LATTICEAI_LOCAL_DRAFT_MODEL", ""),

package/latticeai/core/marketplace.py

@@ -11,7 +11,7 @@ from copy import deepcopy
 from typing import Any, Dict, List, Optional
 
 
-MARKETPLACE_VERSION = "3.4.1"
+MARKETPLACE_VERSION = "3.6.0"
 TEMPLATE_KINDS = ("plugin", "workflow", "agent")
 
 

package/latticeai/core/multi_agent.py

@@ -14,7 +14,7 @@ from datetime import datetime
 from typing import Any, Callable, Dict, List, Optional
 
 
-MULTI_AGENT_VERSION = "3.4.1"
+MULTI_AGENT_VERSION = "3.6.0"
 
 AGENT_ROLES = ("researcher", "planner", "executor", "reviewer", "release")
 CORE_PIPELINE = ("planner", "executor", "reviewer")