ltcai 3.6.0 → 4.0.1

package/latticeai/services/model_runtime.py

@@ -18,7 +18,6 @@ import re
 import shutil
 import subprocess
 import sys
-import tempfile
 import threading
 import time
 import urllib.error
@@ -26,16 +25,14 @@ import urllib.request
 from pathlib import Path
 from typing import AsyncIterator, Dict, List, Optional
 
-import httpx
 from fastapi import HTTPException, Request
 
-from llm_router import (
+from latticeai.models.router import (
     AsyncOpenAI,
     HF_MODELS_ROOT,
     OPENAI_COMPATIBLE_PROVIDERS,
     ensure_mlx_runtime,
     hf_model_dir,
-    normalize_branding,
     parse_model_ref,
 )
 from latticeai.core.model_compat import (
@@ -89,7 +86,7 @@ def configure_model_runtime(**deps) -> None:
 # Catalog data + version-dedup helpers live in ``model_catalog``; re-exported
 # here so existing ``from ...model_runtime import ENGINE_MODEL_CATALOG`` imports
 # keep working.
-from latticeai.services.model_catalog import (  # noqa: F401  (re-export)
+from latticeai.services.model_catalog import (  # noqa: E402, F401 (re-export after the module globals it documents)
     ENGINE_INSTALLERS,
     ENGINE_MODEL_CATALOG,
     MODEL_ENGINE_ALIASES,

package/latticeai/services/platform_runtime.py

@@ -18,8 +18,9 @@ from typing import Any, Callable, Dict, Optional, Set
 from fastapi import HTTPException, Request
 
 from latticeai.core.hooks import dispatch_tool
-from latticeai.core.multi_agent import MultiAgentOrchestrator, default_role_runner
-from latticeai.core.workflow_engine import WorkflowEngine
+from latticeai.core.multi_agent import MultiAgentOrchestrator, default_role_runner, llm_role_runner
+from latticeai.core.workflow_engine import ApprovalRequired, WorkflowEngine
+from tools import execute_tool
 
 
 class PlatformRuntime:
@@ -34,6 +35,9 @@ class PlatformRuntime:
         workspace_scope_from_request: Callable[[Request], Optional[str]],
         get_tool_permission: Callable[..., Dict[str, Any]],
         hooks: Any = None,
+        llm_generate: Optional[Callable[..., str]] = None,
+        llm_available: Optional[Callable[[], bool]] = None,
+        agent_registry: Any = None,
     ):
         self.store = store
         self.svc = workspace_service
@@ -45,6 +49,12 @@ class PlatformRuntime:
         # Lifecycle hooks registry — wires the workflow runtime + workflow tool
         # nodes into the same pre_*/post_* lifecycle as the HTTP + agent paths.
         self.hooks = hooks
+        # v4 (T7b): a synchronous model bridge. When a model is loaded,
+        # build_orchestrator returns the REAL (mode='llm') runner; otherwise
+        # the deterministic runner, honestly labeled mode='simulation'.
+        self.llm_generate = llm_generate
+        self.llm_available = llm_available or (lambda: False)
+        self.agent_registry = agent_registry
 
     # ── request gating ────────────────────────────────────────────────────
 
@@ -77,31 +87,57 @@ class PlatformRuntime:
     # ── shared node runners ───────────────────────────────────────────────
 
     def _tool_node_runner(self):
-        """Workflow tool node: records the invocation + governance decision but
-        never silently executes exec/destructive tools (those need approval)."""
+        """Workflow tool node: EXECUTES the tool under governance (v4).
+
+        Auto-approve tools run immediately through the shared dispatch_tool
+        lifecycle. Tools whose policy requires approval raise
+        :class:`ApprovalRequired` so the engine pauses the run into
+        ``awaiting_approval`` — never a silent ``{recorded: true}`` success,
+        never an unapproved execution. A resumed run carries the approved
+        node id in ``context['__approved_nodes__']``.
+        """
         def runner(*, node, context):
             cfg = node.get("config") or {}
             name = cfg.get("tool") or ""
             args = cfg.get("args") or {}
-
-            def _record():
-                try:
-                    permission = dict(self.get_tool_permission(name))
-                except Exception:
-                    permission = {"tool": name, "risk": "unknown"}
-                return {"tool": name, "args": args, "recorded": True, "permission": permission}
+            if not name:
+                raise ValueError("tool node has no tool configured")
+            try:
+                permission = dict(self.get_tool_permission(name, args))
+            except TypeError:
+                permission = dict(self.get_tool_permission(name))
+            approved_nodes = set(context.get("__approved_nodes__") or [])
+            if permission.get("requires_approval") and node.get("id") not in approved_nodes:
+                raise ApprovalRequired(
+                    f"tool '{name}' requires explicit approval before a workflow may run it",
+                    tool=name, args=args, permission=permission,
+                )
+
+            def _execute():
+                return execute_tool(name, args)
 
             # Same tool lifecycle as the HTTP + agent paths (a pre_tool block
             # raises PermissionError, surfaced as the node error by the engine).
-            return dispatch_tool(self.hooks, name or "tool", args, _record, source="workflow")
+            result = dispatch_tool(self.hooks, name, args, _execute, source="workflow")
+            return {"tool": name, "args": args, "executed": True,
+                    "permission": permission, "result": result}
         return runner
 
     def _skill_node_runner(self):
+        """Skill nodes refuse honestly: a skill is an instruction package for
+        an LLM; without a model-driven executor there is nothing to run, and
+        pretending otherwise (the pre-v4 existence check that reported 'ok')
+        is exactly the fake functionality v4 bans."""
         def runner(*, node, context):
             cfg = node.get("config") or {}
             name = cfg.get("skill") or ""
             entry = self.store.load_state().get("skill_registry", {}).get(name) or {}
-            return {"skill": name, "found": bool(entry), "enabled": bool(entry.get("enabled"))}
+            if not entry:
+                raise ValueError(f"skill '{name}' is not installed")
+            raise RuntimeError(
+                f"skill '{name}' requires LLM-driven execution, which workflow "
+                "skill nodes do not provide in this build — refusing to fake a result"
+            )
         return runner
 
     def _context_provider(self, user, scope):
@@ -116,15 +152,25 @@ class PlatformRuntime:
     def plugin_capability_runners(self, user, scope) -> Dict[str, Callable[..., Any]]:
         """Runners the Plugin SDK boundary dispatches to (one per capability)."""
         def run_skill(*, plugin_id, action, args, manifest):
-            return {"plugin": plugin_id, "ran_skills": manifest.provides.get("skills", [])}
+            raise RuntimeError(
+                f"plugin '{plugin_id}' skill execution requires an LLM-driven "
+                "runner, which this build does not provide — refusing to fake a result"
+            )
 
         def run_tool(*, plugin_id, action, args, manifest):
             tool = args.get("tool") or (manifest.provides.get("tools") or [None])[0]
-            try:
-                permission = dict(self.get_tool_permission(tool)) if tool else {}
-            except Exception:
-                permission = {}
-            return {"plugin": plugin_id, "tool": tool, "permission": permission, "recorded": True}
+            if not tool:
+                raise ValueError(f"plugin '{plugin_id}' run_tool needs a tool name")
+            permission = dict(self.get_tool_permission(tool))
+            if permission.get("requires_approval"):
+                raise ApprovalRequired(
+                    f"plugin tool '{tool}' requires explicit approval",
+                    tool=tool, args=args, permission=permission,
+                )
+            result = dispatch_tool(self.hooks, tool, args, lambda: execute_tool(tool, args),
+                                   source=f"plugin:{plugin_id}")
+            return {"plugin": plugin_id, "tool": tool, "permission": permission,
+                    "executed": True, "result": result}
 
         def run_workflow(*, plugin_id, action, args, manifest):
             wf_id = args.get("workflow_id")
@@ -175,6 +221,9 @@ class PlatformRuntime:
             workflow_id=workflow_id, name=workflow.get("name") or "workflow",
             status=result.status, timeline=result.timeline, outputs=result.outputs,
             user_email=user, graph=self.workspace_graph(), workspace_id=scope,
+            mode="live",
+            pause={"node": result.paused_node, "pending": result.pending_approval,
+                   "context": result.paused_context} if result.status == "awaiting_approval" else None,
         )
         return {"workflow_run_id": run["id"], "status": result.status}
 
@@ -209,8 +258,36 @@ class PlatformRuntime:
         }
 
     def build_orchestrator(self, user, scope) -> MultiAgentOrchestrator:
+        workflow_runner = lambda wf_ref, ctx: self.run_workflow_by_id(wf_ref, user, scope, with_agent=False, inputs=ctx.inputs)  # noqa: E731
+        plugin_runner = lambda pid, ctx: self.registry.execute_action(pid, "run_skill", {}, runners=self.plugin_capability_runners(user, scope), workspace_id=scope).as_dict()  # noqa: E731
+        context_provider = self._context_provider(user, scope)
+        custom_agents = {}
+        if self.agent_registry is not None:
+            try:
+                custom_agents = {
+                    a["id"]: a for a in self.agent_registry.all()
+                    if str(a.get("id", "")).startswith("agent:custom:") and a.get("enabled", True)
+                }
+            except Exception:
+                custom_agents = {}
+        if self.llm_generate is not None and self.llm_available():
+            from latticeai.core.agent_prompts import CRITIC_PROMPT, PLANNER_PROMPT
+
+            return MultiAgentOrchestrator(
+                role_runner=llm_role_runner(
+                    generate=self.llm_generate,
+                    planner_prompt=PLANNER_PROMPT,
+                    critic_prompt=CRITIC_PROMPT,
+                    context_provider=context_provider,
+                    workflow_runner=workflow_runner,
+                    plugin_runner=plugin_runner,
+                    custom_agents=custom_agents,
+                ),
+                mode="llm",
+                custom_agents=custom_agents,
+            )
         return MultiAgentOrchestrator(role_runner=default_role_runner(
-            workflow_runner=lambda wf_ref, ctx: self.run_workflow_by_id(wf_ref, user, scope, with_agent=False, inputs=ctx.inputs),
-            plugin_runner=lambda pid, ctx: self.registry.execute_action(pid, "run_skill", {}, runners=self.plugin_capability_runners(user, scope), workspace_id=scope).as_dict(),
-            context_provider=self._context_provider(user, scope),
-        ))
+            workflow_runner=workflow_runner,
+            plugin_runner=plugin_runner,
+            context_provider=context_provider,
+        ), mode="simulation", custom_agents=custom_agents)

package/latticeai/services/run_executor.py

@@ -0,0 +1,328 @@
+"""Durable asyncio run executor for v4 Act runtimes.
+
+The executor owns server-loop tasks for agent and workflow runs while the
+workspace store remains the durable source of truth. Work is persisted before it
+starts, updated as it moves through queued/running/cancelling/final states, and
+reconciled on startup so orphaned active rows never masquerade as live work.
+"""
+
+from __future__ import annotations
+
+import asyncio
+from dataclasses import dataclass
+from datetime import datetime
+from typing import Any, Callable, Dict, Optional
+
+from latticeai.core.workflow_engine import WorkflowEngine
+
+
+ACTIVE_STATUSES = {"queued", "running", "in_progress", "retrying", "cancelling"}
+TERMINAL_STATUSES = {"ok", "retried_ok", "failed", "rejected", "cancelled", "interrupted", "partial"}
+
+
+def _now() -> str:
+    return datetime.now().isoformat(timespec="seconds")
+
+
+@dataclass
+class _RunHandle:
+    run_id: str
+    kind: str
+    scope: Optional[str]
+    task: Optional[asyncio.Task] = None
+    cancel_requested: bool = False
+    started: bool = False
+
+
+class RunExecutor:
+    """Async task manager for persisted agent/workflow executions."""
+
+    def __init__(
+        self,
+        *,
+        store: Any,
+        agent_runtime: Any,
+        build_workflow_runners: Callable[[Optional[str], Optional[str]], Dict[str, Callable[..., Any]]],
+        workspace_graph: Callable[[], Any],
+        append_audit_event: Callable[..., None],
+        hooks: Any = None,
+    ) -> None:
+        self.store = store
+        self.agent_runtime = agent_runtime
+        self.build_workflow_runners = build_workflow_runners
+        self.workspace_graph = workspace_graph
+        self.append_audit_event = append_audit_event
+        self.hooks = hooks
+        self._handles: Dict[str, _RunHandle] = {}
+        self._results: Dict[str, Dict[str, Any]] = {}
+
+    # ── startup reconciliation ───────────────────────────────────────────
+
+    def reconcile_startup(self) -> Dict[str, Any]:
+        return self.store.reconcile_interrupted_runs(reason="server_startup")
+
+    # ── agent runs ───────────────────────────────────────────────────────
+
+    async def start_agent(
+        self,
+        goal: str,
+        *,
+        user_email: Optional[str],
+        scope: Optional[str],
+        roles: Optional[list[str]] = None,
+        inputs: Optional[Dict[str, Any]] = None,
+        max_retries: int = 2,
+    ) -> Dict[str, Any]:
+        reserved = self.agent_runtime.reserve_run(
+            goal,
+            user_email=user_email,
+            scope=scope,
+            roles=roles,
+            inputs=inputs or {},
+            max_retries=max_retries,
+        )
+        run_id = reserved["run"]["id"]
+        handle = _RunHandle(run_id=run_id, kind="agent", scope=scope)
+        handle.task = asyncio.create_task(
+            self._run_agent(handle, goal, user_email=user_email, roles=roles, inputs=inputs or {}, max_retries=max_retries)
+        )
+        self._handles[run_id] = handle
+        return {
+            **reserved,
+            "execution_mode": "async",
+            "accepted": True,
+            "events_url": f"/agents/api/runs/{run_id}/events",
+            "stop_url": f"/agents/api/runs/{run_id}/stop",
+        }
+
+    async def _run_agent(
+        self,
+        handle: _RunHandle,
+        goal: str,
+        *,
+        user_email: Optional[str],
+        roles: Optional[list[str]],
+        inputs: Dict[str, Any],
+        max_retries: int,
+    ) -> None:
+        run_id = handle.run_id
+        try:
+            if handle.cancel_requested:
+                self._cancel_agent_record(run_id, handle.scope, "cancelled before execution started")
+                return
+            handle.started = True
+            payload = await asyncio.to_thread(
+                self.agent_runtime.complete_reserved_run,
+                run_id,
+                goal,
+                user_email=user_email,
+                scope=handle.scope,
+                roles=roles,
+                inputs=inputs,
+                max_retries=max_retries,
+                cancel_requested=lambda: handle.cancel_requested,
+            )
+            if handle.cancel_requested and (payload.get("run") or {}).get("status") != "cancelled":
+                self._cancel_agent_record(run_id, handle.scope, "cancelled after the final result was persisted")
+            else:
+                self._results[run_id] = payload
+        finally:
+            self._handles.pop(run_id, None)
+
+    def _cancel_agent_record(self, run_id: str, scope: Optional[str], reason: str) -> Dict[str, Any]:
+        run = self.store.get_agent_run(run_id, workspace_id=scope)
+        timeline = list(run.get("timeline") or [])
+        timeline.append({"event": "execution_cancelled", "status": "cancelled", "reason": reason, "timestamp": _now()})
+        cancelled = self.store.update_agent_run(
+            run_id,
+            workspace_id=scope,
+            status="cancelled",
+            current_role=None,
+            cancel_reason=reason,
+            cancelled_at=_now(),
+            output_text=run.get("output_preview") or reason,
+            timeline=timeline,
+            graph=self.workspace_graph(),
+        )
+        payload = {"run": cancelled, "result": {"status": "cancelled", "reason": reason}}
+        self._results[run_id] = payload
+        return cancelled
+
+    # ── workflow runs ────────────────────────────────────────────────────
+
+    async def start_workflow(
+        self,
+        workflow: Dict[str, Any],
+        *,
+        workflow_id: str,
+        user_email: Optional[str],
+        scope: Optional[str],
+        inputs: Optional[Dict[str, Any]] = None,
+    ) -> Dict[str, Any]:
+        run = self.store.record_workflow_run(
+            workflow_id=workflow_id,
+            name=workflow.get("name") or "workflow",
+            status="queued",
+            timeline=[{"event": "workflow_started", "status": "queued", "timestamp": _now()}],
+            outputs={},
+            user_email=user_email,
+            graph=None,
+            workspace_id=scope,
+            mode="live",
+        )
+        run = self.store.update_workflow_run(
+            run["id"],
+            workspace_id=scope,
+            execution_mode="async",
+            inputs=inputs or {},
+        )
+        handle = _RunHandle(run_id=run["id"], kind="workflow", scope=scope)
+        handle.task = asyncio.create_task(
+            self._run_workflow(handle, workflow, user_email=user_email, inputs=inputs or {})
+        )
+        self._handles[run["id"]] = handle
+        return {
+            "run": run,
+            "execution_mode": "async",
+            "accepted": True,
+            "events_url": f"/workflows/api/runs/{run['id']}/replay",
+            "stop_url": f"/workflows/api/runs/{run['id']}/stop",
+        }
+
+    async def _run_workflow(
+        self,
+        handle: _RunHandle,
+        workflow: Dict[str, Any],
+        *,
+        user_email: Optional[str],
+        inputs: Dict[str, Any],
+    ) -> None:
+        run_id = handle.run_id
+        try:
+            if handle.cancel_requested:
+                self._cancel_workflow_record(run_id, handle.scope, "cancelled before execution started")
+                return
+            handle.started = True
+            run = self.store.get_workflow_run(run_id, workspace_id=handle.scope)
+            base_timeline = list(run.get("timeline") or [])
+            self.store.update_workflow_run(
+                run_id,
+                workspace_id=handle.scope,
+                status="running",
+                started_at=run.get("started_at") or _now(),
+            )
+            result = await asyncio.to_thread(self._execute_workflow_sync, workflow, user_email, handle.scope, inputs)
+            if handle.cancel_requested:
+                self._cancel_workflow_record(run_id, handle.scope, "cancelled after the current synchronous step completed")
+                return
+            pause = (
+                {"node": result.paused_node, "pending": result.pending_approval, "context": result.paused_context}
+                if result.status == "awaiting_approval" else None
+            )
+            updated = self.store.update_workflow_run(
+                run_id,
+                workspace_id=handle.scope,
+                graph=self.workspace_graph(),
+                status=result.status,
+                timeline=base_timeline + list(result.timeline or []),
+                outputs=result.outputs,
+                pause=pause,
+            )
+            self.append_audit_event(
+                "workflow_run",
+                user_email=user_email,
+                workflow_id=workflow.get("id"),
+                status=result.status,
+            )
+            self._results[run_id] = {"run": updated, "result": result.as_dict()}
+        except Exception as exc:
+            run = self.store.get_workflow_run(run_id, workspace_id=handle.scope)
+            timeline = list(run.get("timeline") or [])
+            timeline.append({"event": "execution_failed", "status": "failed", "detail": str(exc), "timestamp": _now()})
+            failed = self.store.update_workflow_run(
+                run_id,
+                workspace_id=handle.scope,
+                graph=self.workspace_graph(),
+                status="failed",
+                timeline=timeline,
+                outputs={"error": str(exc)},
+                pause=None,
+            )
+            self._results[run_id] = {"run": failed, "result": {"status": "failed", "error": str(exc)}}
+        finally:
+            self._handles.pop(run_id, None)
+
+    def _execute_workflow_sync(
+        self,
+        workflow: Dict[str, Any],
+        user_email: Optional[str],
+        scope: Optional[str],
+        inputs: Dict[str, Any],
+    ) -> Any:
+        runners = self.build_workflow_runners(user_email, scope)
+        return WorkflowEngine(runners, hooks=self.hooks).run(workflow, inputs=inputs)
+
+    def _cancel_workflow_record(self, run_id: str, scope: Optional[str], reason: str) -> Dict[str, Any]:
+        run = self.store.get_workflow_run(run_id, workspace_id=scope)
+        timeline = list(run.get("timeline") or [])
+        timeline.append({"event": "execution_cancelled", "status": "cancelled", "reason": reason, "timestamp": _now()})
+        cancelled = self.store.update_workflow_run(
+            run_id,
+            workspace_id=scope,
+            status="cancelled",
+            cancel_reason=reason,
+            cancelled_at=_now(),
+            timeline=timeline,
+            pause=None,
+            graph=self.workspace_graph(),
+        )
+        payload = {"run": cancelled, "result": {"status": "cancelled", "reason": reason}}
+        self._results[run_id] = payload
+        return cancelled
+
+    # ── cancellation/status ──────────────────────────────────────────────
+
+    def cancel(self, run_id: str, *, kind: Optional[str] = None, scope: Optional[str] = None) -> Dict[str, Any]:
+        handle = self._handles.get(run_id)
+        try:
+            run = (
+                self.store.get_workflow_run(run_id, workspace_id=scope)
+                if kind == "workflow" or (handle and handle.kind == "workflow")
+                else self.store.get_agent_run(run_id, workspace_id=scope)
+            )
+        except FileNotFoundError:
+            return {"stopped": False, "reason": "run not found", "run_id": run_id}
+
+        status = str(run.get("status") or "")
+        if status not in ACTIVE_STATUSES:
+            return {"stopped": False, "reason": "run already finished", "run_id": run_id, "status": status}
+
+        if handle is not None:
+            handle.cancel_requested = True
+        target_kind = (kind or (handle.kind if handle else "agent"))
+        updater = self.store.update_workflow_run if target_kind == "workflow" else self.store.update_agent_run
+        updater(
+            run_id,
+            workspace_id=scope,
+            status="cancelling",
+            cancel_requested=True,
+            cancel_requested_at=_now(),
+        )
+        if handle is None:
+            if target_kind == "workflow":
+                self._cancel_workflow_record(run_id, scope, "cancelled; no active worker owned this run")
+            else:
+                self._cancel_agent_record(run_id, scope, "cancelled; no active worker owned this run")
+        return {
+            "stopped": True,
+            "run_id": run_id,
+            "status": "cancelling" if handle is not None else "cancelled",
+            "cancellation": "cooperative",
+            "reason": "cancellation requested; synchronous work finishes its current step before the final cancelled status is stored",
+        }
+
+    async def wait(self, run_id: str, *, timeout: Optional[float] = None) -> Optional[Dict[str, Any]]:
+        handle = self._handles.get(run_id)
+        if handle and handle.task:
+            await asyncio.wait_for(handle.task, timeout=timeout)
+        return self._results.get(run_id)

package/latticeai/services/search_service.py

@@ -7,7 +7,7 @@ keyword search into UI-ready contracts without tying routers to store internals.
 from __future__ import annotations
 
 from dataclasses import dataclass
-from typing import Any, Dict, List, Mapping, Optional
+from typing import Any, Dict, Mapping, Optional
 
 
 DEFAULT_HYBRID_WEIGHTS = {
@@ -34,7 +34,15 @@ class SearchService:
             raise ValueError("knowledge graph is disabled")
         return self.graph_store
 
-    def keyword_search(self, query: str, *, limit: int = 30) -> Dict[str, Any]:
+    def _scope(self, matches, allowed_workspaces):
+        """Drop matches scoped to workspaces the caller is not a member of
+        (None = no scoping; legacy-global rows stay visible — documented)."""
+        if allowed_workspaces is None:
+            return matches
+        graph = self._require_graph()
+        return graph.filter_scoped_nodes(matches, allowed_workspaces)
+
+    def keyword_search(self, query: str, *, limit: int = 30, allowed_workspaces=None) -> Dict[str, Any]:
         graph = self._require_graph()
         payload = graph.search(query, limit)
         matches = []
@@ -53,9 +61,9 @@ class SearchService:
                 "metadata": match.get("metadata") or {},
                 "updated_at": match.get("updated_at"),
             })
-        return {"query": query, "mode": "keyword", "matches": matches}
+        return {"query": query, "mode": "keyword", "matches": self._scope(matches, allowed_workspaces)}
 
-    def vector_search(self, query: str, *, limit: int = 30, min_score: float = 0.0) -> Dict[str, Any]:
+    def vector_search(self, query: str, *, limit: int = 30, min_score: float = 0.0, allowed_workspaces=None) -> Dict[str, Any]:
         graph = self._require_graph()
         payload = graph.vector_search(query, limit=limit, min_score=min_score)
         matches = []
@@ -80,10 +88,10 @@ class SearchService:
             "mode": "vector",
             "embedding_model": payload.get("embedding_model"),
             "embedding_dim": payload.get("embedding_dim"),
-            "matches": matches,
+            "matches": self._scope(matches, allowed_workspaces),
         }
 
-    def graph_search(self, query: str, *, limit: int = 30, expand_depth: int = 1) -> Dict[str, Any]:
+    def graph_search(self, query: str, *, limit: int = 30, expand_depth: int = 1, allowed_workspaces=None) -> Dict[str, Any]:
         graph = self._require_graph()
         limit = max(1, min(int(limit or 30), 100))
         expand_depth = max(0, min(int(expand_depth or 1), 3))
@@ -157,7 +165,7 @@ class SearchService:
             match["rank"] = rank
             match["score"] = round(float(match["score"]), 6)
             match["source_scores"]["graph"] = round(float(match["source_scores"]["graph"]), 6)
-        return {"query": query, "mode": "graph", "expand_depth": expand_depth, "matches": matches}
+        return {"query": query, "mode": "graph", "expand_depth": expand_depth, "matches": self._scope(matches, allowed_workspaces)}
 
     def hybrid_search(
         self,
@@ -168,6 +176,7 @@ class SearchService:
         vector_limit: int = 30,
         graph_limit: int = 30,
         weights: Optional[Mapping[str, float]] = None,
+        allowed_workspaces=None,
     ) -> Dict[str, Any]:
         weights = {**DEFAULT_HYBRID_WEIGHTS, **dict(weights or {})}
         channels = {
@@ -202,7 +211,7 @@ class SearchService:
                     current.setdefault("graph_context", [])
                     current["graph_context"].extend(result.get("graph_context") or [])
 
-        matches = sorted(fused.values(), key=lambda item: item["score"], reverse=True)[: max(1, min(limit, 100))]
+        matches = self._scope(sorted(fused.values(), key=lambda item: item["score"], reverse=True), allowed_workspaces)[: max(1, min(limit, 100))]
         for rank, match in enumerate(matches, start=1):
             match["rank"] = rank
             match["score"] = round(float(match["score"]), 6)

package/latticeai/services/tool_dispatch.py

@@ -22,8 +22,16 @@ from latticeai.core.tool_registry import ToolPermission, ToolPolicy
 from tools import AGENT_ROOT, DEFAULT_TOOL_REGISTRY, ToolError, ensure_agent_root
 
 
-_load_users: Callable[[], Dict[str, Any]] = lambda: {}
-_get_user_role: Callable[..., str] = lambda _email, _users=None: "user"
+def _default_load_users() -> Dict[str, Any]:
+    return {}
+
+
+def _default_get_user_role(_email, _users=None) -> str:
+    return "user"
+
+
+_load_users: Callable[[], Dict[str, Any]] = _default_load_users
+_get_user_role: Callable[..., str] = _default_get_user_role
 
 FILE_CREATE_ACTIONS = set(DEFAULT_TOOL_REGISTRY.file_create_actions)
 TOOL_GOVERNANCE: Dict[str, ToolPolicy] = dict(DEFAULT_TOOL_REGISTRY.governance)
@@ -104,6 +112,7 @@ def build_agent_runtime(
     knowledge_save: Callable[..., Dict[str, Any]],
     audit: Callable[..., None],
     hooks: Any = None,
+    brain_memory: Any = None,
 ) -> AgentRuntime:
     ensure_agent_root()
     deps = AgentDeps(
@@ -125,6 +134,7 @@ def build_agent_runtime(
         memory_updater_prompt=MEMORY_UPDATER_PROMPT,
         agent_root=AGENT_ROOT,
         hooks=hooks,
+        brain_memory=brain_memory,
     )
     return AgentRuntime(deps)